Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win7 Gateway laptop wont boot after removing DOS/Alureon


  • This topic is locked This topic is locked
21 replies to this topic

#1 Sever101

Sever101

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 19 February 2014 - 10:49 PM

A few days ago I got a Windows 7 x64 laptop from a friend. I removed Steam, Avira and installed Microsoft security essentials (MSE). MSE Detected and removed Win32/Alureon and then prompted me to get windows defender offline. I downloaded defender offline, mounted it to a USB and booted the laptop off of the same USB. It detected, removed DOS/Alureon and restarted the laptop booting off the hard drive. During the boot up process I was prompted to either run windows start-up repair (recommended) or start windows normally. I did the start up repair where after a couple of minutes I received a message stating "Start-up Repair cannot repair this computer automatically."So, I restarted the computer and tried starting windows normally but it would fail, restart and bring me back to the screen asking to either run windows start-up repair or windows normally. I did some reading on Microsoft's website and was recommended to open a Command Prompt and use Bootrec Fixmbr and bootrec fixboot. These did nothing to fix my problem as far as I can tell. I did some Googling and found this web site. After reading I downloaded and ran Farbar recovery scan tool (FRST64). I have the results but want to make sure I am posting all of this in the right place before I Attach FRST.


Edited by Sever101, 19 February 2014 - 10:58 PM.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 AM

Posted 20 February 2014 - 08:42 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Post up the logs by FRST.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Sever101

Sever101
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 20 February 2014 - 02:08 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2014
Ran by SYSTEM on MININT-9UJ8DF7 on 19-02-2014 20:50:53
Running from G:\
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
 
==================== Services (Whitelisted) =================
 
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-03] (Advanced Micro Devices, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-19 20:49 - 2014-02-19 20:50 - 00000000 ____D () C:\FRST
2014-02-19 17:48 - 2014-02-19 18:55 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-02-19 14:53 - 2014-02-19 14:53 - 00860176 _____ (Microsoft Corporation) C:\Users\Tommy\Downloads\mssstool64.exe
2014-02-19 10:02 - 2014-02-19 10:02 - 00002154 _____ () C:\Windows\epplauncher.mif
2014-02-19 10:00 - 2014-02-19 10:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-02-19 09:59 - 2010-04-09 03:06 - 00374664 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2014-02-19 04:23 - 2014-02-19 04:23 - 00000000 ____D () C:\Windows\System32\appmgmt
2014-02-18 03:41 - 2014-02-18 03:41 - 00007605 _____ () C:\Users\Tommy\AppData\Local\Resmon.ResmonCfg
2014-02-11 03:01 - 2014-02-19 10:00 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-02-11 03:00 - 2014-02-18 06:03 - 00000000 ____D () C:\1bc45d90688f2779960292bb
2014-02-11 03:00 - 2014-02-11 03:00 - 13670584 _____ (Microsoft Corporation) C:\Users\Tommy\Downloads\mseinstall.exe
2014-02-11 01:06 - 2014-02-11 01:06 - 00274672 _____ () C:\Windows\Minidump\021114-58734-01.dmp
2014-02-11 00:36 - 2014-02-11 00:36 - 00274672 _____ () C:\Windows\Minidump\021114-30357-01.dmp
2014-02-11 00:31 - 2014-02-11 00:31 - 00274672 _____ () C:\Windows\Minidump\021114-32838-01.dmp
2014-02-11 00:05 - 2013-02-21 22:27 - 02312704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-11 00:05 - 2013-02-21 22:21 - 01346560 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-11 00:05 - 2013-02-21 22:20 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-11 00:05 - 2013-02-21 22:19 - 01494528 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-11 00:05 - 2013-02-21 22:18 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-02-11 00:05 - 2013-02-21 22:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-11 00:05 - 2013-02-21 22:15 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-02-11 00:05 - 2013-02-21 22:15 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-02-11 00:05 - 2013-02-21 22:15 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-02-11 00:05 - 2013-02-21 22:14 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-11 00:05 - 2013-02-21 22:13 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-02-11 00:05 - 2013-02-21 22:12 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-11 00:05 - 2013-02-21 22:09 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-02-11 00:05 - 2013-02-21 19:46 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-11 00:05 - 2013-02-21 19:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-11 00:05 - 2013-02-21 19:38 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-11 00:05 - 2013-02-21 19:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-11 00:05 - 2013-02-21 19:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-11 00:05 - 2013-02-21 19:34 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-11 00:05 - 2013-02-21 19:34 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-11 00:05 - 2013-02-21 19:34 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-11 00:05 - 2013-02-21 19:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-11 00:05 - 2013-02-21 19:31 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-11 00:05 - 2013-02-21 19:31 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-11 00:05 - 2013-02-21 19:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-11 00:04 - 2013-02-21 22:57 - 17817088 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-11 00:04 - 2013-02-21 22:29 - 10925568 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-11 00:04 - 2013-02-21 22:13 - 02147840 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-11 00:04 - 2013-02-21 20:05 - 12324352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-11 00:04 - 2013-02-21 19:47 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-11 00:04 - 2013-02-21 19:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-11 00:04 - 2013-02-21 19:32 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-10 23:30 - 2013-04-12 06:36 - 01653096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2014-02-10 23:30 - 2013-02-28 19:32 - 03150848 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-02-10 23:30 - 2013-02-12 07:42 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2014-02-10 23:30 - 2013-02-12 07:37 - 03138048 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2014-02-10 23:30 - 2013-02-12 07:31 - 00158208 _____ (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2014-02-10 23:30 - 2013-02-12 07:13 - 02691072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-10 23:30 - 2013-02-12 07:07 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-02-10 23:30 - 2013-02-12 06:02 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2014-02-10 23:30 - 2013-02-12 05:59 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-10 23:30 - 2013-01-03 21:37 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2014-02-10 23:30 - 2013-01-03 21:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2014-02-10 23:30 - 2013-01-03 21:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2014-02-10 23:30 - 2013-01-03 21:36 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2014-02-10 23:30 - 2013-01-03 21:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2014-02-10 23:30 - 2013-01-03 21:30 - 01161216 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2014-02-10 23:30 - 2013-01-03 21:30 - 00424960 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2014-02-10 23:30 - 2013-01-03 21:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 21:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 21:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 21:27 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 21:27 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 21:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 21:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 21:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 21:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 21:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 21:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 21:26 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 21:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 21:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 21:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 21:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 21:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 21:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 21:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 21:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 21:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 21:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 21:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 21:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 21:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 21:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 21:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 21:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 20:51 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-02-10 23:30 - 2013-01-03 20:51 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-02-10 23:30 - 2013-01-03 20:51 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-02-10 23:30 - 2013-01-03 20:43 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 20:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 20:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 20:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 20:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 20:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 19:19 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2014-02-10 23:30 - 2013-01-03 18:48 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-02-10 23:30 - 2013-01-03 18:48 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-02-10 23:30 - 2013-01-03 18:48 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-02-10 23:30 - 2013-01-03 18:48 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-02-10 23:30 - 2013-01-03 18:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 18:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 18:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-02-10 23:30 - 2013-01-03 18:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-02-10 23:30 - 2012-11-22 02:32 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll
2014-02-10 23:30 - 2012-11-22 01:33 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-02-10 23:30 - 2012-11-19 21:55 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2014-02-10 23:30 - 2012-11-19 21:10 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-02-10 23:30 - 2012-11-08 21:34 - 00751104 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2014-02-10 23:30 - 2012-11-08 20:49 - 00492032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2014-02-10 23:30 - 2012-11-01 21:30 - 02001408 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2014-02-10 23:30 - 2012-11-01 21:30 - 01880064 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-02-10 23:30 - 2012-11-01 20:50 - 01388544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-02-10 23:30 - 2012-11-01 20:50 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-10 23:29 - 2013-01-03 21:41 - 01893224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2014-02-10 23:29 - 2013-01-03 21:40 - 00287576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2014-02-10 23:29 - 2012-12-06 21:41 - 00441856 _____ (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2014-02-10 23:29 - 2012-12-06 21:35 - 02745856 _____ (Microsoft Corporation) C:\Windows\System32\gameux.dll
2014-02-10 23:29 - 2012-12-06 21:04 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-02-10 23:29 - 2012-12-06 20:57 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2014-02-10 23:29 - 2012-12-06 19:45 - 00055296 _____ (Microsoft) C:\Windows\System32\cero.rs
2014-02-10 23:29 - 2012-12-06 19:45 - 00051712 _____ (Microsoft) C:\Windows\System32\esrb.rs
2014-02-10 23:29 - 2012-12-06 19:45 - 00046592 _____ (Microsoft) C:\Windows\System32\fpb.rs
2014-02-10 23:29 - 2012-12-06 19:45 - 00045568 _____ (Microsoft) C:\Windows\System32\oflc-nz.rs
2014-02-10 23:29 - 2012-12-06 19:45 - 00044544 _____ (Microsoft) C:\Windows\System32\pegibbfc.rs
2014-02-10 23:29 - 2012-12-06 19:45 - 00043520 _____ (Microsoft) C:\Windows\System32\csrr.rs
2014-02-10 23:29 - 2012-12-06 19:45 - 00040960 _____ (Microsoft) C:\Windows\System32\cob-au.rs
2014-02-10 23:29 - 2012-12-06 19:45 - 00030720 _____ (Microsoft) C:\Windows\System32\usk.rs
2014-02-10 23:29 - 2012-12-06 19:45 - 00023552 _____ (Microsoft) C:\Windows\System32\oflc.rs
2014-02-10 23:29 - 2012-12-06 19:45 - 00021504 _____ (Microsoft) C:\Windows\System32\grb.rs
2014-02-10 23:29 - 2012-12-06 19:45 - 00020480 _____ (Microsoft) C:\Windows\System32\pegi-pt.rs
2014-02-10 23:29 - 2012-12-06 19:45 - 00020480 _____ (Microsoft) C:\Windows\System32\pegi-fi.rs
2014-02-10 23:29 - 2012-12-06 19:45 - 00020480 _____ (Microsoft) C:\Windows\System32\pegi.rs
2014-02-10 23:29 - 2012-12-06 19:45 - 00015360 _____ (Microsoft) C:\Windows\System32\djctq.rs
2014-02-10 23:29 - 2012-12-06 19:21 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2014-02-10 23:29 - 2012-12-06 19:21 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2014-02-10 23:29 - 2012-12-06 19:21 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2014-02-10 23:29 - 2012-12-06 19:21 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2014-02-10 23:29 - 2012-12-06 19:21 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2014-02-10 23:29 - 2012-12-06 19:21 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2014-02-10 23:29 - 2012-12-06 19:21 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2014-02-10 23:29 - 2012-12-06 19:21 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2014-02-10 23:29 - 2012-12-06 19:21 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2014-02-10 23:29 - 2012-12-06 19:21 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2014-02-10 23:29 - 2012-12-06 19:21 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2014-02-10 23:29 - 2012-12-06 19:21 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2014-02-10 23:29 - 2012-12-06 19:21 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2014-02-10 23:29 - 2012-12-06 19:21 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2014-02-10 22:52 - 2013-01-23 21:41 - 00223752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2014-02-10 22:52 - 2012-11-29 15:21 - 00420032 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-10 22:52 - 2012-11-29 15:19 - 00420032 _____ () C:\Windows\System32\locale.nls
2014-02-10 22:00 - 2014-02-19 09:49 - 00000000 ____D () C:\Windows\System32\MRT
2014-02-09 18:35 - 2014-02-09 18:36 - 00000000 ____D () C:\Users\Tommy\AppData\Local\Adobe
2014-02-09 16:20 - 2014-02-09 16:26 - 00000000 ____D () C:\Users\Tommy\AppData\Roaming\Nidhogg
2014-02-09 15:58 - 2014-02-09 15:59 - 00000000 ____D () C:\Users\Tommy\Documents\SpellForce2
2014-02-09 15:35 - 2014-02-09 15:35 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-09 15:20 - 2014-02-10 22:38 - 00000000 ____D () C:\Program Files\Microsoft Xbox 360 Accessories
2014-02-09 13:04 - 2014-02-09 13:05 - 00317808 _____ () C:\Windows\Minidump\020914-38079-01.dmp
2014-02-09 12:48 - 2014-02-09 12:48 - 00000000 ____D () C:\Users\Tommy\AppData\Roaming\WinRAR
2014-02-09 12:47 - 2014-02-09 12:48 - 00000000 ____D () C:\Program Files\WinRAR
2014-02-09 12:25 - 2014-02-09 12:25 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-02-09 12:12 - 2014-02-09 12:12 - 49940480 _____ () C:\Program Files (x86)\GUT32A4.tmp
2014-02-09 12:12 - 2014-02-09 12:12 - 00000000 ____D () C:\Program Files (x86)\GUM32A3.tmp
2014-02-09 12:10 - 2014-02-09 12:11 - 00262144 _____ () C:\Windows\Minidump\020914-39593-01.dmp
 
==================== One Month Modified Files and Folders =======
 
2014-02-19 20:50 - 2014-02-19 20:49 - 00000000 ____D () C:\FRST
2014-02-19 18:55 - 2014-02-19 17:48 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-02-19 15:03 - 2009-07-13 20:45 - 00014224 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-19 15:03 - 2009-07-13 20:45 - 00014224 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-19 15:02 - 2012-11-23 09:58 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-19 15:02 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-19 15:02 - 2009-07-13 20:51 - 00021364 _____ () C:\Windows\setupact.log
2014-02-19 15:01 - 2012-11-23 12:27 - 02058753 _____ () C:\Windows\WindowsUpdate.log
2014-02-19 14:55 - 2009-07-13 21:13 - 00726316 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-02-19 14:53 - 2014-02-19 14:53 - 00860176 _____ (Microsoft Corporation) C:\Users\Tommy\Downloads\mssstool64.exe
2014-02-19 14:26 - 2012-11-23 09:58 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-19 10:02 - 2014-02-19 10:02 - 00002154 _____ () C:\Windows\epplauncher.mif
2014-02-19 10:00 - 2014-02-19 10:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-02-19 10:00 - 2014-02-11 03:01 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-02-19 09:49 - 2014-02-10 22:00 - 00000000 ____D () C:\Windows\System32\MRT
2014-02-19 04:23 - 2014-02-19 04:23 - 00000000 ____D () C:\Windows\System32\appmgmt
2014-02-19 00:00 - 2012-11-23 11:07 - 88567024 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-02-18 13:21 - 2012-11-23 09:58 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-18 13:21 - 2012-11-23 09:58 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-18 06:03 - 2014-02-11 03:00 - 00000000 ____D () C:\1bc45d90688f2779960292bb
2014-02-18 06:03 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-02-18 06:03 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-02-18 03:41 - 2014-02-18 03:41 - 00007605 _____ () C:\Users\Tommy\AppData\Local\Resmon.ResmonCfg
2014-02-18 03:09 - 2012-11-23 11:55 - 00000000 ____D () C:\Users\Tommy\AppData\Roaming\uTorrent
2014-02-18 03:05 - 2012-11-23 09:37 - 00000000 ____D () C:\users\Tommy
2014-02-11 03:00 - 2014-02-11 03:00 - 13670584 _____ (Microsoft Corporation) C:\Users\Tommy\Downloads\mseinstall.exe
2014-02-11 02:15 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-02-11 01:06 - 2014-02-11 01:06 - 00274672 _____ () C:\Windows\Minidump\021114-58734-01.dmp
2014-02-11 01:06 - 2012-11-23 13:13 - 00000000 ____D () C:\Windows\Minidump
2014-02-11 01:05 - 2012-11-23 13:13 - 378637017 _____ () C:\Windows\MEMORY.DMP
2014-02-11 01:01 - 2009-07-13 20:45 - 00275712 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-02-11 00:36 - 2014-02-11 00:36 - 00274672 _____ () C:\Windows\Minidump\021114-30357-01.dmp
2014-02-11 00:31 - 2014-02-11 00:31 - 00274672 _____ () C:\Windows\Minidump\021114-32838-01.dmp
2014-02-10 22:38 - 2014-02-09 15:20 - 00000000 ____D () C:\Program Files\Microsoft Xbox 360 Accessories
2014-02-10 22:38 - 2009-07-13 19:20 - 00000000 __RSD () C:\Windows\Media
2014-02-10 22:38 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-09 18:36 - 2014-02-09 18:35 - 00000000 ____D () C:\Users\Tommy\AppData\Local\Adobe
2014-02-09 16:26 - 2014-02-09 16:20 - 00000000 ____D () C:\Users\Tommy\AppData\Roaming\Nidhogg
2014-02-09 15:59 - 2014-02-09 15:58 - 00000000 ____D () C:\Users\Tommy\Documents\SpellForce2
2014-02-09 15:35 - 2014-02-09 15:35 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-09 13:05 - 2014-02-09 13:04 - 00317808 _____ () C:\Windows\Minidump\020914-38079-01.dmp
2014-02-09 12:48 - 2014-02-09 12:48 - 00000000 ____D () C:\Users\Tommy\AppData\Roaming\WinRAR
2014-02-09 12:48 - 2014-02-09 12:47 - 00000000 ____D () C:\Program Files\WinRAR
2014-02-09 12:25 - 2014-02-09 12:25 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-02-09 12:12 - 2014-02-09 12:12 - 49940480 _____ () C:\Program Files (x86)\GUT32A4.tmp
2014-02-09 12:12 - 2014-02-09 12:12 - 00000000 ____D () C:\Program Files (x86)\GUM32A3.tmp
2014-02-09 12:11 - 2014-02-09 12:10 - 00262144 _____ () C:\Windows\Minidump\020914-39593-01.dmp
C:\Windows\svchost.exe
ATTENTION ====> Check for partition/boot infection.
 
Some content of TEMP:
====================
C:\Users\Tommy\AppData\Local\Temp\12-6-legacy_vista_win7_64_dd_ccc_whql.exe
C:\Users\Tommy\AppData\Local\Temp\AskSLib.dll
C:\Users\Tommy\AppData\Local\Temp\UNINSTALL.EXE
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
TDL4: custom:26000022 <===== ATTENTION!
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2014-02-13 00:00:21
Restore point made on: 2014-02-14 00:00:20
Restore point made on: 2014-02-15 00:00:21
Restore point made on: 2014-02-16 00:00:22
Restore point made on: 2014-02-18 03:10:26
Restore point made on: 2014-02-19 00:00:19
Restore point made on: 2014-02-19 03:35:17
Restore point made on: 2014-02-19 04:20:28
Restore point made on: 2014-02-19 09:59:42
 
==================== Memory info =========================== 
 
Percentage of memory in use: 15%
Total physical RAM: 3838.36 MB
Available physical RAM: 3248.89 MB
Total Pagefile: 3836.51 MB
Available Pagefile: 3229.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:453.94 GB) (Free:419.82 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:11.72 GB) (Free:4.23 GB) NTFS
Drive g: () (Removable) (Total:1.95 GB) (Free:1.94 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive y: detected.
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: CE5CCE5C)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 73696D20)
No partition Table on disk 1.
 
 
LastRegBack: 2014-02-18 15:32
 
==================== End Of Log ============================


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 AM

Posted 24 February 2014 - 04:16 AM

ListParts
  • For x32 (x86) bit systems download ListParts to a USB flash drive.
  • For x64 bit systems download ListParts64 to a USB flash drive.
  • Plug the USB drive into the infected machine.

    After rebooting into Recovery Environment...

  • ...single click My computer and navigate to the ListParts\ListParts64 you saved to your flash drive.
  • Double click on it to begin running the tool.
  • ListParts will start to run.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on the flash drive.
  • Post the log in your next reply.

Edited by TB-Psychotic, 24 February 2014 - 04:17 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Sever101

Sever101
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 24 February 2014 - 03:49 PM

When I'm in the system recovery options I don't see My computer. Is it okay if I just run it from the command Prompt in the system recovery options? That is how I ran Farbar recovery scan tool.



#6 Sever101

Sever101
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 24 February 2014 - 07:06 PM

ListParts by Farbar Version: 19-02-2014
Ran by SYSTEM (administrator) on 24-02-2014 at 15:43:59
Windows 7 (X64)
Running From: G:\
Language: 0409
************************************************************
 
========================= Memory info ====================== 
 
Percentage of memory in use: 11%
Total physical RAM: 3838.36 MB
Available physical RAM: 3397.43 MB
Total Pagefile: 3836.51 MB
Available Pagefile: 3373.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.92 MB
 
======================= Partitions =========================
 
1 Drive c: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Fixed) (Total:453.94 GB) (Free:419.82 GB) NTFS
3 Drive e: (PQSERVICE) (Fixed) (Total:11.72 GB) (Free:4.23 GB) NTFS
5 Drive g: () (Removable) (Total:1.95 GB) (Free:1.94 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          465 GB      0 B         
  Disk 1    Online         1996 MB      0 B         
 
Partitions of Disk 0:
===============
 
Disk ID: CE5CCE5C
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Recovery            11 GB  1024 KB
  Partition 2    Primary            100 MB    11 GB
  Partition 3    Primary            453 GB    11 GB
 
======================================================================================================
 
Disk: 0
Partition 1
Type  : 27
Hidden: Yes
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     E   PQSERVICE    NTFS   Partition     11 GB  Healthy    Hidden  
 
======================================================================================================
 
Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: Yes
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   SYSTEM RESE  NTFS   Partition    100 MB  Healthy            
 
======================================================================================================
 
Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     D                NTFS   Partition    453 GB  Healthy            
 
======================================================================================================
 
Partitions of Disk 1:
===============
 
Disk ID: 00000001
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
* Partition 1    Primary           1996 MB      0 B
 
======================================================================================================
 
Disk: 1
There is no partition selected.
 
There is no partition selected.
Please select a partition and try again.
 
======================================================================================================
============================== MBR Partition Table ==================
 
==============================
Partitions of Disk 0:
===============
Disk ID: CE5CCE5C
 
Partition: GPT Partition Type.
 
Partition: GPT Partition Type.
 
Partition: GPT Partition Type.
 
==============================
Partitions of Disk 1:
===============
Disk ID: 73696D20
Partition 1: (Not Active) - (Size=-4750121984) - (Type=0A)
Partition 2: (Not Active) - (Size=260 GB) - (Type=65)
Partition 3: (Not Active) - (Size=0) - (Type=65)
Partition 4: (Not Active) - (Size=26 MB) - (Type=00)
 
==========================================================
TDL4: custom:26000022
 
 
****** End Of Log ****** 


#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 AM

Posted 25 February 2014 - 05:35 AM

I need further advice - please stand by.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 AM

Posted 25 February 2014 - 07:12 AM

Fix with FRST (Recovery Environment)


  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    TDL4: custom:26000022 <===== ATTENTION!
    
    C:\Windows\svchost.exe

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.

  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

Boot into windows now!

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 Sever101

Sever101
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 25 February 2014 - 02:40 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2014
Ran by SYSTEM at 2014-02-25 14:38:45 Run:1
Running from G:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
TDL4: custom:26000022 <===== ATTENTION!
 
C:\Windows\svchost.exe
*****************
 
 
The operation completed successfully.
The operation completed successfully.
C:\Windows\svchost.exe => Moved successfully.
 
==== End of Fixlog ====


#10 Sever101

Sever101
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 25 February 2014 - 02:48 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-02-2014 01
Ran by Tommy (administrator) on TOMMY-PC on 25-02-2014 14:42:41
Running from C:\Users\Tommy\Downloads
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
 
==================== Internet (Whitelisted) ====================
 
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "sync": {
      "acknowledged_types": [ "Bookmarks", "Preferences", "Passwords", "Autofill Profiles", "Autofill", "Themes", "Typed URLs", "Extensions", "Search Engines", "Sessions", "Apps", "App settings", "Extension settings", "App Notifications", "Encryption keys" ],
      "app_notifications": false,
      "app_settings": false,
      "apps": false,
      "autofill": false,
      "autofill_profile": false,
      "bookmarks": false,
      "encryption_bootstrap_token": "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA7EUWZi7c3UGQJIm9grUUcAAAAAACAAAAAAAQZgAAAAEAACAAAAA5panQps2LgrnGnvLiCQgB49Io6bfO75xunGMGCKAyIQAAAAAOgAAAAAIAACAAAAAWNohe/SRDteyEBxACx5gS9Ksi5b0ygblSivRGoYAFJkAAAABCtP6MNpCj7zcts8622zixYJTUqplKFUBnryV0Hb7t3kIpYtYGlF814lwvEbjujm6Vjhg0peiuZZ+EV0uYkGC3QAAAAPqVi4Kozes0+nsTj24+33nWh2CuQTIsXg4LX4qAhG5zM4helKQRwC1J2jTyCB5F8s2XeFhKF6xqVVTsiUByCHE=",
      "extension_settings": false,
      "extensions": false,
      "has_setup_completed": true,
      "keep_everything_synced": true,
      "last_synced_time": "13036461494938057",
      "passwords": false,
      "preferences": false,
      "search_engines": false,
      "session_sync_guid": "session_syncI9mcOoSpPEYOy5PV08Q7tg==",
      "sessions": false,
      "suppress_start": false,
      "themes": false,
      "typed_urls"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Extension: (Adblock Plus) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-11]
CHR Extension: (Google Wallet) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-18]
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-04] (Advanced Micro Devices, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-25 14:42 - 2014-02-25 14:43 - 00005898 _____ () C:\Users\Tommy\Downloads\FRST.txt
2014-02-25 14:41 - 2014-02-25 14:41 - 02156032 _____ (Farbar) C:\Users\Tommy\Downloads\FRST64.exe
2014-02-19 23:49 - 2014-02-25 14:42 - 00000000 ____D () C:\FRST
2014-02-19 20:48 - 2014-02-19 21:55 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-02-19 17:53 - 2014-02-19 17:53 - 00860176 _____ (Microsoft Corporation) C:\Users\Tommy\Downloads\mssstool64.exe
2014-02-19 13:02 - 2014-02-19 13:02 - 00002154 _____ () C:\Windows\epplauncher.mif
2014-02-19 13:00 - 2014-02-19 13:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-02-19 12:59 - 2010-04-09 06:06 - 00374664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-02-19 07:23 - 2014-02-19 07:23 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-02-18 06:41 - 2014-02-18 06:41 - 00007605 _____ () C:\Users\Tommy\AppData\Local\Resmon.ResmonCfg
2014-02-11 06:01 - 2014-02-19 13:00 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-02-11 06:00 - 2014-02-18 09:03 - 00000000 ____D () C:\1bc45d90688f2779960292bb
2014-02-11 06:00 - 2014-02-11 06:00 - 13670584 _____ (Microsoft Corporation) C:\Users\Tommy\Downloads\mseinstall.exe
2014-02-11 04:06 - 2014-02-11 04:06 - 00274672 _____ () C:\Windows\Minidump\021114-58734-01.dmp
2014-02-11 03:36 - 2014-02-11 03:36 - 00274672 _____ () C:\Windows\Minidump\021114-30357-01.dmp
2014-02-11 03:31 - 2014-02-11 03:31 - 00274672 _____ () C:\Windows\Minidump\021114-32838-01.dmp
2014-02-11 03:05 - 2013-02-22 01:27 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-11 03:05 - 2013-02-22 01:21 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-11 03:05 - 2013-02-22 01:20 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-11 03:05 - 2013-02-22 01:19 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-11 03:05 - 2013-02-22 01:18 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-11 03:05 - 2013-02-22 01:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-11 03:05 - 2013-02-22 01:15 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-11 03:05 - 2013-02-22 01:15 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-11 03:05 - 2013-02-22 01:15 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-11 03:05 - 2013-02-22 01:14 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-11 03:05 - 2013-02-22 01:13 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-11 03:05 - 2013-02-22 01:12 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-11 03:05 - 2013-02-22 01:09 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-11 03:05 - 2013-02-21 22:46 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-11 03:05 - 2013-02-21 22:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-11 03:05 - 2013-02-21 22:38 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-11 03:05 - 2013-02-21 22:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-11 03:05 - 2013-02-21 22:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-11 03:05 - 2013-02-21 22:34 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-11 03:05 - 2013-02-21 22:34 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-11 03:05 - 2013-02-21 22:34 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-11 03:05 - 2013-02-21 22:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-11 03:05 - 2013-02-21 22:31 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-11 03:05 - 2013-02-21 22:31 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-11 03:05 - 2013-02-21 22:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-11 03:04 - 2013-02-22 01:57 - 17817088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-11 03:04 - 2013-02-22 01:29 - 10925568 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-11 03:04 - 2013-02-22 01:13 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-11 03:04 - 2013-02-21 23:05 - 12324352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-11 03:04 - 2013-02-21 22:47 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-11 03:04 - 2013-02-21 22:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-11 03:04 - 2013-02-21 22:32 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-11 02:30 - 2013-04-12 09:36 - 01653096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-02-11 02:30 - 2013-02-28 22:32 - 03150848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-11 02:30 - 2013-02-12 10:42 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-11 02:30 - 2013-02-12 10:37 - 03138048 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-11 02:30 - 2013-02-12 10:31 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-02-11 02:30 - 2013-02-12 10:13 - 02691072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-11 02:30 - 2013-02-12 10:07 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-02-11 02:30 - 2013-02-12 09:02 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-02-11 02:30 - 2013-02-12 08:59 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-11 02:30 - 2013-01-04 00:37 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-02-11 02:30 - 2013-01-04 00:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-02-11 02:30 - 2013-01-04 00:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-02-11 02:30 - 2013-01-04 00:36 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-02-11 02:30 - 2013-01-04 00:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-02-11 02:30 - 2013-01-04 00:30 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-02-11 02:30 - 2013-01-04 00:30 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-02-11 02:30 - 2013-01-04 00:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-02-11 02:30 - 2013-01-04 00:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-02-11 02:30 - 2013-01-04 00:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-02-11 02:30 - 2013-01-04 00:27 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-02-11 02:30 - 2013-01-04 00:27 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-02-11 02:30 - 2013-01-04 00:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-02-11 02:30 - 2013-01-04 00:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-02-11 02:30 - 2013-01-04 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-02-11 02:30 - 2013-01-04 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-02-11 02:30 - 2013-01-04 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-02-11 02:30 - 2013-01-04 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-02-11 02:30 - 2013-01-04 00:26 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-02-11 02:30 - 2013-01-04 00:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-02-11 02:30 - 2013-01-04 00:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-02-11 02:30 - 2013-01-04 00:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-02-11 02:30 - 2013-01-04 00:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-02-11 02:30 - 2013-01-04 00:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-02-11 02:30 - 2013-01-04 00:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-02-11 02:30 - 2013-01-04 00:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-02-11 02:30 - 2013-01-04 00:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-02-11 02:30 - 2013-01-04 00:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-02-11 02:30 - 2013-01-04 00:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-02-11 02:30 - 2013-01-04 00:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-02-11 02:30 - 2013-01-04 00:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-02-11 02:30 - 2013-01-04 00:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-02-11 02:30 - 2013-01-04 00:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-02-11 02:30 - 2013-01-04 00:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-02-11 02:30 - 2013-01-04 00:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-02-11 02:30 - 2013-01-03 23:51 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-02-11 02:30 - 2013-01-03 23:51 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-02-11 02:30 - 2013-01-03 23:51 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-02-11 02:30 - 2013-01-03 23:43 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-02-11 02:30 - 2013-01-03 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-02-11 02:30 - 2013-01-03 23:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-02-11 02:30 - 2013-01-03 23:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-02-11 02:30 - 2013-01-03 23:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-02-11 02:30 - 2013-01-03 23:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-02-11 02:30 - 2013-01-03 23:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-02-11 02:30 - 2013-01-03 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-02-11 02:30 - 2013-01-03 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-02-11 02:30 - 2013-01-03 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-02-11 02:30 - 2013-01-03 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-02-11 02:30 - 2013-01-03 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-02-11 02:30 - 2013-01-03 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-02-11 02:30 - 2013-01-03 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-02-11 02:30 - 2013-01-03 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-02-11 02:30 - 2013-01-03 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-02-11 02:30 - 2013-01-03 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-02-11 02:30 - 2013-01-03 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-02-11 02:30 - 2013-01-03 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-02-11 02:30 - 2013-01-03 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-02-11 02:30 - 2013-01-03 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-02-11 02:30 - 2013-01-03 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-02-11 02:30 - 2013-01-03 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-02-11 02:30 - 2013-01-03 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-02-11 02:30 - 2013-01-03 22:19 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-02-11 02:30 - 2013-01-03 21:48 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-02-11 02:30 - 2013-01-03 21:48 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-02-11 02:30 - 2013-01-03 21:48 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-02-11 02:30 - 2013-01-03 21:48 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-02-11 02:30 - 2013-01-03 21:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-02-11 02:30 - 2013-01-03 21:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-02-11 02:30 - 2013-01-03 21:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-02-11 02:30 - 2013-01-03 21:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-02-11 02:30 - 2012-11-22 05:32 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-02-11 02:30 - 2012-11-22 04:33 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-02-11 02:30 - 2012-11-20 00:55 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-02-11 02:30 - 2012-11-20 00:10 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-02-11 02:30 - 2012-11-09 00:34 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-02-11 02:30 - 2012-11-08 23:49 - 00492032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2014-02-11 02:30 - 2012-11-02 00:30 - 02001408 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-02-11 02:30 - 2012-11-02 00:30 - 01880064 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 02:30 - 2012-11-01 23:50 - 01388544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-02-11 02:30 - 2012-11-01 23:50 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-11 02:29 - 2013-01-04 00:41 - 01893224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-02-11 02:29 - 2013-01-04 00:40 - 00287576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-02-11 02:29 - 2012-12-07 00:41 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-02-11 02:29 - 2012-12-07 00:35 - 02745856 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-02-11 02:29 - 2012-12-07 00:04 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-02-11 02:29 - 2012-12-06 23:57 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2014-02-11 02:29 - 2012-12-06 22:45 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2014-02-11 02:29 - 2012-12-06 22:45 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2014-02-11 02:29 - 2012-12-06 22:45 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2014-02-11 02:29 - 2012-12-06 22:45 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2014-02-11 02:29 - 2012-12-06 22:45 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2014-02-11 02:29 - 2012-12-06 22:45 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2014-02-11 02:29 - 2012-12-06 22:45 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2014-02-11 02:29 - 2012-12-06 22:45 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2014-02-11 02:29 - 2012-12-06 22:45 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2014-02-11 02:29 - 2012-12-06 22:45 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2014-02-11 02:29 - 2012-12-06 22:45 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2014-02-11 02:29 - 2012-12-06 22:45 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2014-02-11 02:29 - 2012-12-06 22:45 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2014-02-11 02:29 - 2012-12-06 22:45 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2014-02-11 02:29 - 2012-12-06 22:21 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2014-02-11 02:29 - 2012-12-06 22:21 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2014-02-11 02:29 - 2012-12-06 22:21 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2014-02-11 02:29 - 2012-12-06 22:21 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2014-02-11 02:29 - 2012-12-06 22:21 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2014-02-11 02:29 - 2012-12-06 22:21 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2014-02-11 02:29 - 2012-12-06 22:21 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2014-02-11 02:29 - 2012-12-06 22:21 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2014-02-11 02:29 - 2012-12-06 22:21 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2014-02-11 02:29 - 2012-12-06 22:21 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2014-02-11 02:29 - 2012-12-06 22:21 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2014-02-11 02:29 - 2012-12-06 22:21 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2014-02-11 02:29 - 2012-12-06 22:21 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2014-02-11 02:29 - 2012-12-06 22:21 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2014-02-11 01:52 - 2013-01-24 00:41 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-02-11 01:52 - 2012-11-29 18:21 - 00420032 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-11 01:52 - 2012-11-29 18:19 - 00420032 _____ () C:\Windows\system32\locale.nls
2014-02-11 01:00 - 2014-02-19 12:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-09 21:35 - 2014-02-09 21:36 - 00000000 ____D () C:\Users\Tommy\AppData\Local\Adobe
2014-02-09 19:20 - 2014-02-09 19:26 - 00000000 ____D () C:\Users\Tommy\AppData\Roaming\Nidhogg
2014-02-09 18:58 - 2014-02-09 18:59 - 00000000 ____D () C:\Users\Tommy\Documents\SpellForce2
2014-02-09 18:35 - 2014-02-09 18:35 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-09 18:20 - 2014-02-11 01:38 - 00000000 ____D () C:\Program Files\Microsoft Xbox 360 Accessories
2014-02-09 16:04 - 2014-02-09 16:05 - 00317808 _____ () C:\Windows\Minidump\020914-38079-01.dmp
2014-02-09 15:48 - 2014-02-09 15:48 - 00000000 ____D () C:\Users\Tommy\AppData\Roaming\WinRAR
2014-02-09 15:48 - 2014-02-09 15:48 - 00000000 ____D () C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-02-09 15:47 - 2014-02-09 15:48 - 00000000 ____D () C:\Program Files\WinRAR
2014-02-09 15:25 - 2014-02-09 15:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-02-09 15:12 - 2014-02-09 15:12 - 49940480 _____ () C:\Program Files (x86)\GUT32A4.tmp
2014-02-09 15:12 - 2014-02-09 15:12 - 00000000 ____D () C:\Program Files (x86)\GUM32A3.tmp
2014-02-09 15:10 - 2014-02-09 15:11 - 00262144 _____ () C:\Windows\Minidump\020914-39593-01.dmp
 
==================== One Month Modified Files and Folders =======
 
2014-02-25 14:43 - 2014-02-25 14:42 - 00005898 _____ () C:\Users\Tommy\Downloads\FRST.txt
2014-02-25 14:43 - 2012-11-23 15:27 - 02073638 _____ () C:\Windows\WindowsUpdate.log
2014-02-25 14:42 - 2014-02-19 23:49 - 00000000 ____D () C:\FRST
2014-02-25 14:41 - 2014-02-25 14:41 - 02156032 _____ (Farbar) C:\Users\Tommy\Downloads\FRST64.exe
2014-02-25 14:40 - 2012-11-23 12:58 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-25 14:39 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-25 14:39 - 2009-07-13 23:51 - 00021420 _____ () C:\Windows\setupact.log
2014-02-19 21:55 - 2014-02-19 20:48 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-02-19 18:03 - 2009-07-13 23:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-19 18:03 - 2009-07-13 23:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-19 17:55 - 2009-07-14 00:13 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-19 17:53 - 2014-02-19 17:53 - 00860176 _____ (Microsoft Corporation) C:\Users\Tommy\Downloads\mssstool64.exe
2014-02-19 17:26 - 2012-11-23 12:58 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-19 13:02 - 2014-02-19 13:02 - 00002154 _____ () C:\Windows\epplauncher.mif
2014-02-19 13:00 - 2014-02-19 13:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-02-19 13:00 - 2014-02-11 06:01 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-02-19 12:49 - 2014-02-11 01:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-19 07:23 - 2014-02-19 07:23 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-02-19 03:00 - 2012-11-23 14:07 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-18 16:21 - 2012-11-23 12:58 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-18 16:21 - 2012-11-23 12:58 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-18 09:03 - 2014-02-11 06:00 - 00000000 ____D () C:\1bc45d90688f2779960292bb
2014-02-18 09:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-02-18 09:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-02-18 06:41 - 2014-02-18 06:41 - 00007605 _____ () C:\Users\Tommy\AppData\Local\Resmon.ResmonCfg
2014-02-18 06:09 - 2012-11-23 14:55 - 00000000 ____D () C:\Users\Tommy\AppData\Roaming\uTorrent
2014-02-18 06:05 - 2012-11-23 12:37 - 00000000 ____D () C:\Users\Tommy
2014-02-11 06:00 - 2014-02-11 06:00 - 13670584 _____ (Microsoft Corporation) C:\Users\Tommy\Downloads\mseinstall.exe
2014-02-11 05:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-02-11 04:06 - 2014-02-11 04:06 - 00274672 _____ () C:\Windows\Minidump\021114-58734-01.dmp
2014-02-11 04:06 - 2012-11-23 16:13 - 00000000 ____D () C:\Windows\Minidump
2014-02-11 04:05 - 2012-11-23 16:13 - 378637017 _____ () C:\Windows\MEMORY.DMP
2014-02-11 04:01 - 2009-07-13 23:45 - 00275712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-11 03:36 - 2014-02-11 03:36 - 00274672 _____ () C:\Windows\Minidump\021114-30357-01.dmp
2014-02-11 03:31 - 2014-02-11 03:31 - 00274672 _____ () C:\Windows\Minidump\021114-32838-01.dmp
2014-02-11 01:38 - 2014-02-09 18:20 - 00000000 ____D () C:\Program Files\Microsoft Xbox 360 Accessories
2014-02-11 01:38 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
2014-02-11 01:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-09 21:36 - 2014-02-09 21:35 - 00000000 ____D () C:\Users\Tommy\AppData\Local\Adobe
2014-02-09 19:26 - 2014-02-09 19:20 - 00000000 ____D () C:\Users\Tommy\AppData\Roaming\Nidhogg
2014-02-09 18:59 - 2014-02-09 18:58 - 00000000 ____D () C:\Users\Tommy\Documents\SpellForce2
2014-02-09 18:35 - 2014-02-09 18:35 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-09 16:05 - 2014-02-09 16:04 - 00317808 _____ () C:\Windows\Minidump\020914-38079-01.dmp
2014-02-09 15:48 - 2014-02-09 15:48 - 00000000 ____D () C:\Users\Tommy\AppData\Roaming\WinRAR
2014-02-09 15:48 - 2014-02-09 15:48 - 00000000 ____D () C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-02-09 15:48 - 2014-02-09 15:47 - 00000000 ____D () C:\Program Files\WinRAR
2014-02-09 15:25 - 2014-02-09 15:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-02-09 15:12 - 2014-02-09 15:12 - 49940480 _____ () C:\Program Files (x86)\GUT32A4.tmp
2014-02-09 15:12 - 2014-02-09 15:12 - 00000000 ____D () C:\Program Files (x86)\GUM32A3.tmp
2014-02-09 15:11 - 2014-02-09 15:10 - 00262144 _____ () C:\Windows\Minidump\020914-39593-01.dmp
 
Some content of TEMP:
====================
C:\Users\Tommy\AppData\Local\Temp\12-6-legacy_vista_win7_64_dd_ccc_whql.exe
C:\Users\Tommy\AppData\Local\Temp\AskSLib.dll
C:\Users\Tommy\AppData\Local\Temp\UNINSTALL.EXE
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-18 18:32
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-02-2014 01
Ran by Tommy at 2014-02-25 14:45:04
Running from C:\Users\Tommy\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.2.28595 - BitTorrent Inc.)
AMD Accelerated Video Transcoding (Version: 12.5.100.20704 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{914F7627-B645-9895-F723-BAEAAC865E75}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.70704.0230 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version:  - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Restore Points  =========================
 
13-02-2014 08:00:13 Windows Update
14-02-2014 08:00:11 Windows Update
15-02-2014 08:00:11 Windows Update
16-02-2014 08:00:12 Windows Update
18-02-2014 11:09:45 Windows Update
19-02-2014 08:00:12 Windows Update
19-02-2014 11:35:07 Windows Update
19-02-2014 12:20:10 Removed Steam
19-02-2014 17:59:33 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {30C7C082-38AD-48E0-B78A-D8833F8CF9FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-23] (Google Inc.)
Task: {5F74A0FF-4705-4327-9DEB-A0A2136E0CBE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-23] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-07-04 01:36 - 2012-07-04 01:36 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-07-04 01:36 - 2012-07-04 01:36 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-07-04 01:16 - 2012-07-04 01:16 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-02-11 02:26 - 2014-02-01 18:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-11 02:26 - 2014-02-01 18:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-11 02:26 - 2014-02-01 18:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-11 02:26 - 2014-02-01 18:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-11 02:26 - 2014-02-01 18:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
2014-02-11 02:26 - 2014-02-01 18:42 - 13616456 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/09/2014 06:05:08 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: BDATunePIA, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64 . Error code = 0x80070005
 
Error: (02/09/2014 06:05:05 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: Microsoft.VisualC, Version=8.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070005
 
Error: (02/09/2014 06:05:03 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070005
 
Error: (02/09/2014 06:04:36 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070005
 
Error: (02/09/2014 06:04:16 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Xml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070005
 
Error: (02/09/2014 06:03:35 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Data.SqlXml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070005
 
Error: (02/09/2014 06:03:23 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Security, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070005
 
Error: (02/09/2014 06:03:20 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070005
 
Error: (02/09/2014 06:02:33 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: AuditPolicyGPManagedStubs.Interop, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64 . Error code = 0x80070005
 
Error: (02/09/2014 06:02:26 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070005
 
 
System errors:
=============
Error: (02/19/2014 01:07:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.167.191.0).
 
Error: (02/19/2014 01:07:08 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.167.188.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.4.0304.00
 
Source Path: 4.4.0304.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (02/19/2014 01:02:38 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 0.0.0.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.4.0304.00
 
Source Path: 4.4.0304.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (02/19/2014 01:02:38 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 0.0.0.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.4.0304.00
 
Source Path: 4.4.0304.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (02/19/2014 06:35:27 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows 7 Service Pack 1 for x64-based Systems (KB976932).
 
Error: (02/19/2014 06:35:27 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2813170).
 
Error: (02/19/2014 03:00:30 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows 7 Service Pack 1 for x64-based Systems (KB976932).
 
Error: (02/19/2014 03:00:30 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2813170).
 
Error: (02/18/2014 06:38:58 AM) (Source: Service Control Manager) (User: )
Description: The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (02/18/2014 06:38:58 AM) (Source: Service Control Manager) (User: )
Description: The Diagnostic System Host service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (02/09/2014 06:05:08 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: BDATunePIA, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64 . Error code = 0x80070005 
BDATunePIA, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64
 
Error: (02/09/2014 06:05:05 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: Microsoft.VisualC, Version=8.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070005 
Microsoft.VisualC, Version=8.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
 
Error: (02/09/2014 06:05:03 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070005 
System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
 
Error: (02/09/2014 06:04:36 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070005 
System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
 
Error: (02/09/2014 06:04:16 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Xml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070005 
System.Xml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
 
Error: (02/09/2014 06:03:35 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Data.SqlXml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070005 
System.Data.SqlXml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
 
Error: (02/09/2014 06:03:23 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Security, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070005 
System.Security, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
 
Error: (02/09/2014 06:03:20 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070005 
mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
 
Error: (02/09/2014 06:02:33 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: AuditPolicyGPManagedStubs.Interop, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64 . Error code = 0x80070005 
AuditPolicyGPManagedStubs.Interop, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64
 
Error: (02/09/2014 06:02:26 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070005 
mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 45%
Total physical RAM: 3838.36 MB
Available physical RAM: 2107.67 MB
Total Pagefile: 7674.86 MB
Available Pagefile: 5574.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:453.94 GB) (Free:419.99 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: CE5CCE5C)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 AM

Posted 26 February 2014 - 05:35 AM

System File Check

For Windows XP:

  • Press the Windows- and the R-key simultanously.
  • Within the text box that jus opened, write cmd and hit Enter.


For Windows Vista/7:

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"



Within the opening window, write the following:

sfc /scannow
(See the blank within).


  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 Sever101

Sever101
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 26 February 2014 - 06:04 AM

I used the system file checker and it said "windows Resource protection did not find any integrity violations."



#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 AM

Posted 26 February 2014 - 07:05 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 Sever101

Sever101
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 26 February 2014 - 08:06 AM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.26.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Tommy :: TOMMY-PC [administrator]

2/26/2014 7:13:17 AM
mbam-log-2014-02-26 (07-13-17).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 370239
Time elapsed: 46 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 AM

Posted 26 February 2014 - 09:29 AM

Please post the ESET log as well.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users