Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

STOP: C0000135 The program can't start because %hs is missing


  • This topic is locked This topic is locked
38 replies to this topic

#1 xXHunterXx

xXHunterXx

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 05 March 2014 - 02:07 PM

Hi, this is the BSOD STOP: C0000135 The program can't start because %hs is missing; (w7 ultimate), the problem started 2-3 weeks ago, but i decided to install other OS (w7 professional) because i couldn't resolve it. Now that i have more free time im trying to fix it.

I run the startup repair with the disk (download and copy to a cd with ImgBurn) but the startup repair couldn't fix it.

 

Here i have the FRST file. (some of the files are in spanish). Sorry a lot for my english :(

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014

Ran by SYSTEM on MININT-RJEB4KR on 05-03-2014 19:34:52
Running from G:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: Spanish Modern Sort
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1612504 2013-11-11] (COMODO)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.11.125\AsusWSPanel.exe [3353472 2012-09-17] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PrivDogService] - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe [525480 2013-11-15] (AdTrustMedia)
HKLM-x32\...\Run: [tvncontrol] - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-01-20] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-21] (Microsoft Corporation)
 
==================== Services (Whitelisted) =================
 
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-06-04] ()
S2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] ()
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [951440 2013-06-04] (ASUSTeK Computer Inc.)
S2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.24\AsusFanControlService.exe [1653048 2013-06-11] (ASUSTeK Computer Inc.)
S2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2014-01-20] (Comodo Security Solutions, Inc.)
S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6254152 2013-10-20] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [164056 2013-09-24] (COMODO)
S2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-01-28] ()
S2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-01-20] (Comodo Security Solutions, Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2013-05-07] (Windows ® Win 7 DDK provider)
S1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-09-24] (COMODO)
S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [709144 2013-11-14] (COMODO)
S1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [14888 2013-10-07] ()
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2013-07-02] (ASUSTeK Computer Inc.)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\AsIO.sys 798DE15F187C1F013095BBBEB6FB6197
C:\Windows\SysWow64\drivers\AsUpIO.sys 1392B92179B07B672720763D9B1028A5
C:\Windows\SysWow64\drivers\ASUSFILTER.sys A5E4CDB420540095D1293C874B5F89AA
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CFRMD.sys 7AD735DB1A9CC82D75E8854952EE8052
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cmderd.sys E34DF9613C8D24C5CB6F8DF8D74E5586
C:\Windows\System32\DRIVERS\cmdguard.sys D8E4A9A691BBA24EE242A1FDDF6EBAA1
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hmd.sys D3A6BCD0047EE7923C2C3960C4CDCA4D
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStorA.sys FA4C48E36F0B24E7E33D3E7E1844B9C9
C:\Windows\System32\DRIVERS\iaStorF.sys 05E24E2CA39C0D2FAADE8FC603345A7D
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys E4FD2A81EF844C01E3BA6FBED1644A23
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\IOMap64.sys EBBB161339CC7D5FFC0749EB6BE8A126
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iusb3hcs.sys 78D369F8A81A341109FBA1DB64B4C512
C:\Windows\System32\DRIVERS\iusb3hub.sys 5B632ABA038CE2E2D5D2D1115C6B26D1
C:\Windows\System32\DRIVERS\iusb3xhc.sys EA841584EF59528D11F20355770E427E
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys 2BB3EAE2EA641515D4B205CAB29E1624
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netr28ux.sys 79864B3491B991B71305E015BA1221F0
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda64v.sys 554964B900AE2954B8B589B6287034AC
C:\Windows\System32\DRIVERS\nvlddmkm.sys CE1B54F1ED2080B15DAF9044EC92075A
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\System32\drivers\nvvad64v.sys 09216A70CC364D0974F606F6F2109210
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 61A04C0C084D560BBEF1D09604608262
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\terminpt.sys 2B5BDFF688EC9871D7EC5837833374E9
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-15 12:45 - 2014-02-15 12:45 - 00000000 ____D () C:\Program Files\Adobe
2014-02-13 22:14 - 2014-02-13 22:05 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsrv.dll
2014-02-13 22:14 - 2014-02-13 22:05 - 00293376 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2014-02-13 21:41 - 2014-03-05 19:34 - 00000000 ____D () C:\FRST
2014-02-13 15:46 - 2014-02-13 15:46 - 00000000 __SHD () C:\found.003
2014-02-12 15:48 - 2013-07-02 16:29 - 00024824 _____ (ASUSTeK Computer Inc.) C:\Windows\System32\Drivers\IOMap64.sys
2014-02-08 15:15 - 2014-02-15 15:08 - 00000000 ____D () C:\Users\DANIEL\AppData\Local\TeamSpeak 3 Client
2014-02-08 15:15 - 2014-02-12 16:56 - 00000000 ____D () C:\Users\DANIEL\AppData\Roaming\TS3Client
2014-02-07 09:59 - 2014-02-13 18:51 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-07 09:59 - 2014-02-13 18:51 - 00000000 ____D () C:\Users\DANIEL\AppData\Roaming\Skype
2014-02-07 09:59 - 2014-02-13 18:51 - 00000000 ____D () C:\ProgramData\Skype
2014-02-07 09:59 - 2014-02-07 09:59 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-07 09:59 - 2014-02-07 09:59 - 00000000 ____D () C:\Users\DANIEL\AppData\Local\Skype
2014-02-06 18:41 - 2014-02-06 18:41 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-06 18:41 - 2014-02-06 18:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-06 18:41 - 2014-02-06 18:41 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-06 18:41 - 2014-02-06 18:41 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-06 18:41 - 2014-02-06 18:41 - 00000000 ____D () C:\ProgramData\Sun
2014-02-06 18:41 - 2014-02-06 18:41 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-06 18:41 - 2014-02-06 18:41 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-06 15:51 - 2014-02-06 15:51 - 00000000 __SHD () C:\found.002
2014-02-05 19:25 - 2014-02-05 19:25 - 00000000 ____D () C:\Users\DANIEL\AppData\Local\Blizzard Entertainment
2014-02-05 15:52 - 2014-02-05 20:32 - 00000000 ____D () C:\Users\DANIEL\AppData\Local\Google
2014-02-03 18:41 - 2014-02-03 18:43 - 00000000 ____D () C:\Users\DANIEL\AppData\Roaming\HP
2014-02-03 18:41 - 2014-02-03 18:41 - 00000000 ____D () C:\ProgramData\WEBREG
2014-02-03 18:39 - 2014-02-13 18:51 - 00000000 ____D () C:\ProgramData\HP Product Assistant
2014-02-03 18:39 - 2014-02-13 18:51 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-02-03 18:39 - 2014-02-12 15:53 - 00000000 ____D () C:\Users\DANIEL\AppData\Roaming\HpUpdate
2014-02-03 18:39 - 2014-02-03 18:39 - 00001188 _____ () C:\Users\Public\Desktop\Comprar consumibles HP.lnk
2014-02-03 18:39 - 2014-02-03 18:39 - 00000000 ____D () C:\Users\DANIEL\AppData\Roaming\Yahoo!
2014-02-03 18:39 - 2014-02-03 18:39 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2014-02-03 18:38 - 2014-02-03 18:38 - 00001370 _____ () C:\Users\Public\Desktop\Centro de soluciones HP.lnk
2014-02-03 18:37 - 2014-02-13 18:51 - 00000000 ____D () C:\Program Files (x86)\HP
2014-02-03 18:37 - 2009-04-16 14:08 - 00145408 _____ (Hewlett-Packard Company) C:\Windows\System32\hpfll70v.dll
2014-02-03 18:36 - 2014-02-13 18:51 - 00000000 ____D () C:\ProgramData\HP
2014-02-03 18:36 - 2014-02-03 18:40 - 00177524 _____ () C:\Windows\hphins33.dat
2014-02-03 18:36 - 2014-02-03 18:40 - 00000814 _____ () C:\ProgramData\hpzinstall.log
2014-02-03 18:36 - 2010-01-30 14:30 - 00000512 ____N () C:\Windows\hphmdl33.dat
2014-02-03 18:36 - 2009-04-16 12:53 - 00642360 _____ (Hewlett-Packard) C:\Windows\System32\hpzids40.dll
2014-02-03 18:36 - 2008-10-29 01:27 - 00551424 _____ (Hewlett-Packard) C:\Windows\System32\hppldcoi.dll
2014-02-03 15:44 - 2014-02-13 18:52 - 00000000 __SHD () C:\found.001
 
==================== One Month Modified Files and Folders =======
 
2014-03-05 19:34 - 2014-02-13 21:41 - 00000000 ____D () C:\FRST
2014-03-05 19:29 - 2014-01-17 16:15 - 01087232 _____ () C:\Windows\System32\Drivers\sfi.dat
2014-02-15 15:08 - 2014-02-08 15:15 - 00000000 ____D () C:\Users\DANIEL\AppData\Local\TeamSpeak 3 Client
2014-02-15 12:45 - 2014-02-15 12:45 - 00000000 ____D () C:\Program Files\Adobe
2014-02-13 22:05 - 2014-02-13 22:14 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsrv.dll
2014-02-13 22:05 - 2014-02-13 22:14 - 00293376 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2014-02-13 18:52 - 2014-02-03 15:44 - 00000000 __SHD () C:\found.001
2014-02-13 18:52 - 2014-01-16 13:10 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-02-13 18:52 - 2014-01-15 19:36 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-02-13 18:51 - 2014-02-07 09:59 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-13 18:51 - 2014-02-07 09:59 - 00000000 ____D () C:\Users\DANIEL\AppData\Roaming\Skype
2014-02-13 18:51 - 2014-02-07 09:59 - 00000000 ____D () C:\ProgramData\Skype
2014-02-13 18:51 - 2014-02-03 18:39 - 00000000 ____D () C:\ProgramData\HP Product Assistant
2014-02-13 18:51 - 2014-02-03 18:39 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-02-13 18:51 - 2014-02-03 18:37 - 00000000 ____D () C:\Program Files (x86)\HP
2014-02-13 18:51 - 2014-02-03 18:36 - 00000000 ____D () C:\ProgramData\HP
2014-02-13 18:51 - 2014-01-18 16:48 - 00000000 ___SD () C:\ProgramData\Shared Space
2014-02-13 18:51 - 2014-01-18 16:48 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2014-02-13 18:51 - 2014-01-16 13:16 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-02-13 18:51 - 2014-01-16 13:16 - 00000000 ____D () C:\Windows\System32\Macromed
2014-02-13 18:51 - 2014-01-16 13:12 - 00000000 ____D () C:\Users\DANIEL\AppData\Roaming\vlc
2014-02-13 18:51 - 2014-01-16 13:11 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-02-13 18:51 - 2014-01-16 13:11 - 00000000 ____D () C:\Program Files (x86)\InfraRecorder
2014-02-13 18:51 - 2014-01-16 13:08 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-02-13 18:51 - 2014-01-16 13:07 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-02-13 18:51 - 2014-01-16 13:06 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-02-13 18:51 - 2014-01-16 13:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-02-13 18:51 - 2014-01-15 20:13 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-02-13 18:51 - 2014-01-15 20:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-13 18:51 - 2014-01-15 20:11 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-13 18:51 - 2014-01-15 20:06 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-02-13 18:51 - 2014-01-15 19:55 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS
2014-02-13 18:51 - 2014-01-15 19:26 - 00000000 ____D () C:\users\DANIEL
2014-02-13 18:51 - 2010-11-21 08:20 - 00000000 ____D () C:\Program Files\Windows Journal
2014-02-13 18:51 - 2010-11-21 08:19 - 00000000 ____D () C:\Windows\ShellNew
2014-02-13 18:51 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-02-13 18:51 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-02-13 18:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-02-13 18:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-02-13 18:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\zh-HK
2014-02-13 18:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\tr-TR
2014-02-13 18:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-02-13 18:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-02-13 18:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2014-02-13 18:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-02-13 18:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-13 15:46 - 2014-02-13 15:46 - 00000000 __SHD () C:\found.003
2014-02-12 21:16 - 2014-01-17 17:52 - 00327680 _____ () C:\Windows\System32\Ikeext.etl
2014-02-12 21:16 - 2014-01-15 19:27 - 01683290 _____ () C:\Windows\WindowsUpdate.log
2014-02-12 21:13 - 2014-01-16 13:01 - 00004096 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-12 21:13 - 2014-01-16 13:01 - 00003844 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-12 21:13 - 2014-01-16 13:01 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-12 21:13 - 2014-01-16 13:01 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-12 18:34 - 2009-07-14 05:51 - 00038064 _____ () C:\Windows\setupact.log
2014-02-12 18:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2014-02-12 16:56 - 2014-02-08 15:15 - 00000000 ____D () C:\Users\DANIEL\AppData\Roaming\TS3Client
2014-02-12 15:55 - 2009-07-14 05:45 - 00026544 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-12 15:55 - 2009-07-14 05:45 - 00026544 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-12 15:54 - 2010-11-21 08:09 - 00746486 _____ () C:\Windows\System32\perfh00A.dat
2014-02-12 15:54 - 2010-11-21 08:09 - 00158484 _____ () C:\Windows\System32\perfc00A.dat
2014-02-12 15:54 - 2009-07-14 06:13 - 01674864 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-02-12 15:53 - 2014-02-03 18:39 - 00000000 ____D () C:\Users\DANIEL\AppData\Roaming\HpUpdate
2014-02-12 15:48 - 2014-01-16 13:09 - 00000202 _____ () C:\Windows\Tasks\AutoKMS.job
2014-02-12 15:48 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-09 15:31 - 2014-01-16 13:09 - 00000202 _____ () C:\Windows\Tasks\AutoKMSDaily.job
2014-02-07 09:59 - 2014-02-07 09:59 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-07 09:59 - 2014-02-07 09:59 - 00000000 ____D () C:\Users\DANIEL\AppData\Local\Skype
2014-02-06 18:41 - 2014-02-06 18:41 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-06 18:41 - 2014-02-06 18:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-06 18:41 - 2014-02-06 18:41 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-06 18:41 - 2014-02-06 18:41 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-06 18:41 - 2014-02-06 18:41 - 00000000 ____D () C:\ProgramData\Sun
2014-02-06 18:41 - 2014-02-06 18:41 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-06 18:41 - 2014-02-06 18:41 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-06 15:51 - 2014-02-06 15:51 - 00000000 __SHD () C:\found.002
2014-02-05 20:32 - 2014-02-05 15:52 - 00000000 ____D () C:\Users\DANIEL\AppData\Local\Google
2014-02-05 19:25 - 2014-02-05 19:25 - 00000000 ____D () C:\Users\DANIEL\AppData\Local\Blizzard Entertainment
2014-02-05 16:15 - 2014-01-16 13:02 - 00002188 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-04 16:02 - 2009-07-14 05:45 - 00417640 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-02-03 18:43 - 2014-02-03 18:41 - 00000000 ____D () C:\Users\DANIEL\AppData\Roaming\HP
2014-02-03 18:43 - 2014-01-15 19:29 - 00109664 _____ () C:\Users\DANIEL\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-03 18:41 - 2014-02-03 18:41 - 00000000 ____D () C:\ProgramData\WEBREG
2014-02-03 18:40 - 2014-02-03 18:36 - 00177524 _____ () C:\Windows\hphins33.dat
2014-02-03 18:40 - 2014-02-03 18:36 - 00000814 _____ () C:\ProgramData\hpzinstall.log
2014-02-03 18:39 - 2014-02-03 18:39 - 00001188 _____ () C:\Users\Public\Desktop\Comprar consumibles HP.lnk
2014-02-03 18:39 - 2014-02-03 18:39 - 00000000 ____D () C:\Users\DANIEL\AppData\Roaming\Yahoo!
2014-02-03 18:39 - 2014-02-03 18:39 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2014-02-03 18:38 - 2014-02-03 18:38 - 00001370 _____ () C:\Users\Public\Desktop\Centro de soluciones HP.lnk
 
Some content of TEMP:
====================
C:\Users\DANIEL\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\DANIEL\AppData\Local\Temp\ose00000.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 15%
Total physical RAM: 4001.82 MB
Available physical RAM: 3367.06 MB
Total Pagefile: 4000.02 MB
Available Pagefile: 3356.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: (SISTEMA) (Fixed) (Total:199.9 GB) (Free:169.18 GB) NTFS
Drive e: (DATOS) (Fixed) (Total:731.51 GB) (Free:655.94 GB) NTFS
Drive g: (FLASH DRIVE) (Removable) (Total:3.71 GB) (Free:3.67 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 2B98053D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=732 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0C)
 
 
LastRegBack: 2014-01-30 20:44
 
==================== End Of Log ============================

Thanks.



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 AM

Posted 10 March 2014 - 02:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/526581 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 xXHunterXx

xXHunterXx
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 10 March 2014 - 03:28 PM

I forgot to tell that i tried the'system restore' and restore my pc back to an earlier date that this wasn't happening, but i dont know why, my pc couldn`t done, and now there is no more restore points. Thanks and again sorry for my english.



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:58 PM

Posted 10 March 2014 - 08:04 PM

Greetings xXHunterXx and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided and I will reply as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:58 PM

Posted 11 March 2014 - 08:19 PM

Greetings,

I sincerely apologize for the delay. I thought I posted something yesterday but apparently not! So here it is now. :)

===================================================

Running sfc /scannow in Windows 7/Vista Recovery Environment

-----------------
  • Restart the computer
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears
  • Use the arrow keys to select the Repair your computer menu item
  • Select English as the keyboard language settings, and then click Next
  • Once you are in the System Recovery Options menu you will get the following options

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • Type the following (there is a space before each "/") after the Command Prompt and hit Enter (if you receive an error message replace C:\ with D:\)

SFC /SCANNOW /OFFBOOTDIR=C:\ /OFFWINDIR=C:\WINDOWS

  • Attempt to boot your computer into Normal Mode or, if unsuccessful, Safe Mode and monitor the performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Were you able to boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 xXHunterXx

xXHunterXx
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 12 March 2014 - 10:35 AM

Hi Gary, i couldn´t boot, when i put SFC /SCANNOW /OFFBOOTDIR=C:\ /OFFWINDIR=C:\WINDOWS I have the next message:

the resources protection of windows couldn´t start the repair service (is a traslation)

I have the same message in both C:\ and D:\

It may help the original message in spanish: proteccion de recursos de windows no pudo iniciar el servicio de reparacion.

 

Thanks


Edited by xXHunterXx, 12 March 2014 - 10:35 AM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:58 PM

Posted 12 March 2014 - 10:47 AM

Thanks,

Please run this.

===================================================

ListParts in Recovery Environment

--------------------

For this step you will need a USB flash drive and start on a clean computer.
  • Please download ListParts64.exe (for 64 bit systems) or ListParts.exe (for 32 bit systems) and save it to your desktop
  • Plug the flashdrive into the infected PC and follow the 2 step process below to enter the System Recovery Options using one of the three options listed, then run ListParts
----------

Entering into the System Recovery Options

Option #1
To enter System Recovery Options in Windows 8:--
Option #2
To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
--
Option #3
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next
----------

Running ListParts in System Recovery
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\ListParts64 (for x32 bit version type e:\Listparts) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • When the tool opens place a checkmark in List BCD then press Scan button.
  • Click OK on the Scan completed screen
  • A Result.txt document will be created on the USB device
  • Please copy and paste the contents of Result.txt in your reply.
  • ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
    • ListParts log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 xXHunterXx

xXHunterXx
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 12 March 2014 - 01:36 PM

Hi Gary, this is the result.txt

 

ListParts by Farbar Version: 19-02-2014
Ran by SYSTEM (administrator) on 12-03-2014 at 19:30:34
Windows 7 (X64)
Running From: G:\
Language: 0C0A
************************************************************
 
========================= Memory info ====================== 
 
Percentage of memory in use: 11%
Total physical RAM: 4001.82 MB
Available physical RAM: 3522.94 MB
Total Pagefile: 4000.02 MB
Available Pagefile: 3495.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
 
======================= Partitions =========================
 
1 Drive c: (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (SISTEMA) (Fixed) (Total:199.9 GB) (Free:169.18 GB) NTFS
3 Drive e: (DATOS) (Fixed) (Total:731.51 GB) (Free:656.19 GB) NTFS
5 Drive g: (FLASH DRIVE) (Removable) (Total:3.71 GB) (Free:3.68 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
  N£m Disco  Estado      Tama¤o   Disp     Din  Gpt
  ---------- ----------  -------  -------  ---  ---
  Disco 0    En l¡nea     931 GB      0 B         
  Disco 1    En l¡nea    3812 MB      0 B         
 
Partitions of Disk 0:
===============
 
Identificador de disco: 2B98053D
 
  N£m Partici¢n  Tipo              Tama¤o   Desplazamiento
  -------------  ----------------  -------  ---------------
  Partici¢n 1    Principal          100 MB  1024 KB
  Partici¢n 2    Principal          199 GB   101 MB
  Partici¢n 3    Principal          731 GB   200 GB
 
======================================================================================================
 
Disk: 0
Partici¢n 1
Tipo          : 07
Oculta        : No
Activa        : S¡
 
  N£m Volumen Ltr  Etiqueta     Fs     Tipo        Tama¤o   Estado     Info
  ----------- ---  -----------  -----  ----------  -------  ---------  --------
* Volumen 1     C   Reservado   NTFS   Partici¢n    100 MB  Correcto           
 
======================================================================================================
 
Disk: 0
Partici¢n 2
Tipo          : 07
Oculta        : No
Activa        : No
 
  N£m Volumen Ltr  Etiqueta     Fs     Tipo        Tama¤o   Estado     Info
  ----------- ---  -----------  -----  ----------  -------  ---------  --------
* Volumen 2     D   SISTEMA     NTFS   Partici¢n    199 GB  Correcto           
 
======================================================================================================
 
Disk: 0
Partici¢n 3
Tipo          : 07
Oculta        : No
Activa        : No
 
  N£m Volumen Ltr  Etiqueta     Fs     Tipo        Tama¤o   Estado     Info
  ----------- ---  -----------  -----  ----------  -------  ---------  --------
* Volumen 3     E   DATOS       NTFS   Partici¢n    731 GB  Correcto           
 
======================================================================================================
 
Partitions of Disk 1:
===============
 
Identificador de disco: C3072E18
 
  N£m Partici¢n  Tipo              Tama¤o   Desplazamiento
  -------------  ----------------  -------  ---------------
  Partici¢n 1    Principal         3808 MB  4032 KB
 
======================================================================================================
 
Disk: 1
Partici¢n 1
Tipo          : 0C
Oculta        : No
Activa        : No
 
  N£m Volumen Ltr  Etiqueta     Fs     Tipo        Tama¤o   Estado     Info
  ----------- ---  -----------  -----  ----------  -------  ---------  --------
* Volumen 4     G   FLASH DRIV  FAT32  Extra¡ble   3808 MB  Correcto           
 
======================================================================================================
============================== MBR Partition Table ==================
 
==============================
Partitions of Disk 0:
===============
Disk ID: 2B98053D
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=732 GB) - (Type=07 NTFS)
 
==============================
Partitions of Disk 1:
===============
Disk ID: C3072E18
 
Partition: GPT Partition Type.
 
 
Administrador de arranque de Windows
----------------------------------
Identificador           {bootmgr}
device                  partition=C:
path                    \bootmgr
description             Windows Boot Manager
locale                  es-ES
inherit                 {globalsettings}
default                 {default}
resumeobject            {d1f09f05-7e49-11e3-acf7-a8cd9a74a938}
displayorder            {default}
                        {d1f09f02-7e49-11e3-acf7-a8cd9a74a938}
toolsdisplayorder       {memdiag}
timeout                 30
 
Cargador de arranque de Windows
-----------------------------
Identificador           {d1f09f02-7e49-11e3-acf7-a8cd9a74a938}
device                  partition=D:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  es-ES
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=D:
systemroot              \Windows
resumeobject            {d1f09f01-7e49-11e3-acf7-a8cd9a74a938}
nx                      OptIn
 
Cargador de arranque de Windows
-----------------------------
Identificador           {current}
device                  ramdisk=[D:]\Recovery\d1f09f03-7e49-11e3-acf7-a8cd9a74a938\Winre.wim,{d1f09f04-7e49-11e3-acf7-a8cd9a74a938}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[D:]\Recovery\d1f09f03-7e49-11e3-acf7-a8cd9a74a938\Winre.wim,{d1f09f04-7e49-11e3-acf7-a8cd9a74a938}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Cargador de arranque de Windows
-----------------------------
Identificador           {default}
device                  partition=E:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  es-ES
inherit                 {bootloadersettings}
recoverysequence        {d1f09f07-7e49-11e3-acf7-a8cd9a74a938}
recoveryenabled         Yes
osdevice                partition=E:
systemroot              \Windows
resumeobject            {d1f09f05-7e49-11e3-acf7-a8cd9a74a938}
nx                      OptIn
 
Cargador de arranque de Windows
-----------------------------
Identificador           {d1f09f07-7e49-11e3-acf7-a8cd9a74a938}
device                  ramdisk=[E:]\Recovery\d1f09f07-7e49-11e3-acf7-a8cd9a74a938\Winre.wim,{d1f09f08-7e49-11e3-acf7-a8cd9a74a938}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[E:]\Recovery\d1f09f07-7e49-11e3-acf7-a8cd9a74a938\Winre.wim,{d1f09f08-7e49-11e3-acf7-a8cd9a74a938}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Reanudar tras hibernaci¢n
-------------------------
Identificador           {d1f09f01-7e49-11e3-acf7-a8cd9a74a938}
device                  partition=D:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  es-ES
inherit                 {resumeloadersettings}
filedevice              partition=D:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Reanudar tras hibernaci¢n
-------------------------
Identificador           {d1f09f05-7e49-11e3-acf7-a8cd9a74a938}
device                  partition=E:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  es-ES
inherit                 {resumeloadersettings}
filedevice              partition=E:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Herramienta de comprobaci¢n de memoria de Windows
-------------------------------------------------
Identificador           {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Herramienta de diagn¢stico de memoria de Windows
locale                  es-ES
inherit                 {globalsettings}
badmemoryaccess         Yes
 
Configuraci¢n de EMS
--------------------
Identificador           {emssettings}
bootems                 Yes
 
Configuraci¢n del depurador
---------------------------
Identificador           {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
Defectos de RAM
---------------
Identificador           {badmemory}
 
Configuraci¢n global
--------------------
Identificador           {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Configuraci¢n del cargador de arranque
------------------------------------
Identificador           {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Configuraci¢n de hipervisor
-------------------
Identificador           {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Reanudar la configuraci¢n del cargador
--------------------------------------
Identificador           {resumeloadersettings}
inherit                 {globalsettings}
 
Opciones de dispositivo
-----------------------
Identificador           {d1f09f04-7e49-11e3-acf7-a8cd9a74a938}
description             Ramdisk Options
ramdisksdidevice        partition=D:
ramdisksdipath          \Recovery\d1f09f03-7e49-11e3-acf7-a8cd9a74a938\boot.sdi
 
Opciones de dispositivo
-----------------------
Identificador           {d1f09f08-7e49-11e3-acf7-a8cd9a74a938}
description             Ramdisk Options
ramdisksdidevice        partition=E:
ramdisksdipath          \Recovery\d1f09f07-7e49-11e3-acf7-a8cd9a74a938\boot.sdi
 
 
****** End Of Log ****** 


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:58 PM

Posted 12 March 2014 - 02:48 PM

Greetings,

That looks good, thanks. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
LastRegBack: 2014-01-30 20:44
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up) and select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt). Copy and paste that information in your reply.
  • Please attempt to boot your computer into Normal Mode, or if not, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Does your computer boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 xXHunterXx

xXHunterXx
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 12 March 2014 - 03:57 PM

Hi Gary, im not able to boot, now i have other BSOD:

 

The Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-02-2014
Ran by SYSTEM at 2014-03-12 21:42:39 Run:1
Running from G:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
LastRegBack: 2014-01-30 20:44
*****************
 
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.
 
==== End of Fixlog ====
 
 
Now the new BSOD:
STOP c000007b {bad image}
winsrv is either not designed to run on windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.
 
Thanks


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:58 PM

Posted 12 March 2014 - 04:01 PM

Thanks,

Please run this.

===================================================

Farbar's Recovery Scan Tool Search

--------------------
  • Boot to the System Recovery Options again and run FRST
  • Type the following in the Search Field
winsrv*
  • Click Search File(s) button
  • A Search.txt document will be saved to your USB device
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Search log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 xXHunterXx

xXHunterXx
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 13 March 2014 - 12:20 PM

Hi Gary, this is the search.txt

 

Farbar Recovery Scan Tool (x64) Version: 13-02-2014
Ran by SYSTEM at 2014-03-13 18:17:29
Running from G:\
Boot Mode: Recovery
 
================== Search: "winsrv*" ===================
 
C:\Windows\winsxs\wow64_microsoft-windows-winsrv.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a3de389e52a4b2f3\winsrv.dll.mui
[2010-11-21 08:08] - [2010-11-21 08:08] - 0008704 ____A (Microsoft Corporation) 5CC5450B231A3A32CD799D5B7560C9E8
 
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22436_none_151a7f04cc20e999\winsrv.dll
[2014-01-18 14:49] - [2013-08-29 03:21] - 0215040 ____A (Microsoft Corporation) 516D82106CAFAE156C61C5AB627A6409
 
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22177_none_14f039eccc407b3f\winsrv.dll
[2014-01-18 14:49] - [2012-11-30 06:55] - 0215040 ____A (Microsoft Corporation) C2B1F6196C7FE1EA1BF827312B095D06
 
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22125_none_152448f4cc19bcdc\winsrv.dll
[2014-01-15 20:39] - [2012-10-04 18:43] - 0215040 ____A (Microsoft Corporation) CC44EBC3E04E76AABE19EB4A16663E4A
 
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22091_none_14d49672cc561df0\winsrv.dll
[2014-01-15 21:09] - [2014-01-15 21:09] - 0215040 ____A (Microsoft Corporation) 111AFE35DD2D423EE8E176CA7B2BBDC7
 
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21738_none_151c9c12cc1efa1b\winsrv.dll
[2014-01-15 21:09] - [2014-01-15 21:09] - 0214528 ____A (Microsoft Corporation) 5AA1C7B5F471C4657BE38447BC397665
 
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18043_none_14830bbdb30e2246\winsrv.dll
[2014-01-18 14:49] - [2013-01-04 06:46] - 0215040 ____A (Microsoft Corporation) 0C27239FEA4DB8A2AAC9E502186B7264
 
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18015_none_14a57c15b2f40121\winsrv.dll
[2014-01-18 14:49] - [2012-11-30 06:45] - 0215040 ____A (Microsoft Corporation) 9E479C2B605C25DA4971ABA36250FAEF
 
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17965_none_146f9457b31c5994\winsrv.dll
[2014-01-15 20:39] - [2012-10-04 18:45] - 0215040 ____A (Microsoft Corporation) 72CC564BBC70DE268784BCE91EB8A28F
 
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17932_none_148d033db306b9bc\winsrv.dll
[2014-01-15 21:09] - [2014-01-15 21:09] - 0215040 ____A (Microsoft Corporation) F46BBAAC1C4980F4D0DD463F190A42D3
 
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17625_none_149ace55b2fbf25b\winsrv.dll
[2014-01-15 21:09] - [2014-01-15 21:09] - 0214528 ____A (Microsoft Corporation) 9F761CE1C6C013120B2F0DB27D48C06F
 
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17514_none_14a49c11b2f4bfec\winsrv.dll
[2010-11-21 04:24] - [2010-11-21 04:24] - 0214016 ____A (Microsoft Corporation) E0406AEF04B088D1C49FC78D0546F689
 
C:\Windows\winsxs\amd64_microsoft-windows-winsrv.resources_31bf3856ad364e35_6.1.7600.16385_es-es_99898e4c1e43f0f8\winsrv.dll.mui
[2010-11-21 08:08] - [2010-11-21 08:08] - 0008704 ____A (Microsoft Corporation) 7A51CFC4C46615D0AAB5E7D37156FB03
 
C:\Windows\winsxs\amd64_microsoft-windows-winsrv-adm_31bf3856ad364e35_6.1.7600.16385_none_74fe9f3a6d505307\Winsrv.admx
[2009-06-10 21:42] - [2009-06-10 21:42] - 0001342 ____A () B28573159BDEA736F3BDFF16604A4AD3
 
C:\Windows\winsxs\amd64_microsoft-windows-winsrv-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_bfe9d9876d588393\Winsrv.adml
[2010-11-21 08:08] - [2010-11-21 08:08] - 0001552 ____A () BC606A71B2B05B068432227A70377705
 
C:\Windows\SysWOW64\winsrv.dll
[2014-02-13 22:14] - [2014-02-13 22:05] - 0293376 ____A (Microsoft Corporation) 1618F36D4F7F6CCCEB3EE44BA95BE85C
 
C:\Windows\SysWOW64\es-ES\winsrv.dll.mui
[2010-11-21 08:08] - [2010-11-21 08:08] - 0008704 ____A (Microsoft Corporation) 5CC5450B231A3A32CD799D5B7560C9E8
 
C:\Windows\System32\winsrv.dll
[2014-02-13 22:14] - [2014-02-13 22:05] - 0293376 ____A (Microsoft Corporation) 1618F36D4F7F6CCCEB3EE44BA95BE85C
 
C:\Windows\System32\es-ES\winsrv.dll.mui
[2010-11-21 08:08] - [2010-11-21 08:08] - 0008704 ____A (Microsoft Corporation) 7A51CFC4C46615D0AAB5E7D37156FB03
 
C:\Windows\PolicyDefinitions\Winsrv.admx
[2009-06-10 21:42] - [2009-06-10 21:42] - 0001342 ____A () B28573159BDEA736F3BDFF16604A4AD3
 
C:\Windows\PolicyDefinitions\es-ES\Winsrv.adml
[2010-11-21 08:08] - [2010-11-21 08:08] - 0001552 ____A () BC606A71B2B05B068432227A70377705
 
X:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17514_none_14a49c11b2f4bfec\winsrv.dll
[2010-11-20 10:50] - [2010-11-20 14:27] - 0214016 ____A (Microsoft Corporation) E0406AEF04B088D1C49FC78D0546F689
 
X:\Windows\winsxs\amd64_microsoft-windows-winsrv.resources_31bf3856ad364e35_6.1.7601.17514_es-es_9bbaa2141b327492\winsrv.dll.mui
[2010-11-20 17:03] - [2010-11-20 17:03] - 0008704 ____A (Microsoft Corporation) 7A51CFC4C46615D0AAB5E7D37156FB03
 
X:\Windows\System32\winsrv.dll
[2010-11-20 10:50] - [2010-11-20 14:27] - 0214016 ____A (Microsoft Corporation) E0406AEF04B088D1C49FC78D0546F689
 
X:\Windows\System32\es-ES\winsrv.dll.mui
[2010-11-20 17:03] - [2010-11-20 17:03] - 0008704 ____A (Microsoft Corporation) 7A51CFC4C46615D0AAB5E7D37156FB03
 
====== End Of Search ======


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:58 PM

Posted 13 March 2014 - 03:28 PM

Greetings,

Thanks for the report. Please run this.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
C:\Windows\SysWOW64\winsrv.dll
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up) and select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt). Copy and paste that information in your reply.
  • Please attempt to boot your computer into Normal Mode, or if not, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Did your computer boot properly?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 xXHunterXx

xXHunterXx
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 13 March 2014 - 04:04 PM

Hi Gary, im not able to boot, i have the same BSOD.

Here is the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-02-2014
Ran by SYSTEM at 2014-03-13 21:58:24 Run:2
Running from G:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
C:\Windows\SysWOW64\winsrv.dll
*****************
 
C:\Windows\SysWOW64\winsrv.dll => Moved successfully.
 
==== End of Fixlog ====
Thanks


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:58 PM

Posted 13 March 2014 - 04:41 PM

Greetings,

OK, now run this script.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
Replace: C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18043_none_14830bbdb30e2246\winsrv.dll C:\Windows\System32\winsrv.dll
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up) and select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt). Copy and paste that information in your reply.
  • Type the following in the Search Field
LPK.dll
  • Click Search File(s) button
  • A Search.txt document will be saved to your USB device
  • Copy and paste the contents of that document your reply
  • Please attempt to boot your computer into Normal Mode, or if not, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Search log
  • Did your computer boot properly?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users