Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue screen C0000135 The program can't start because %hs is missing.


  • This topic is locked This topic is locked
2 replies to this topic

#1 greg14a

greg14a

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 11 November 2014 - 10:57 AM

Hi all,

problem with win 7 64. Blue screen Stop C0000135 The program can't start because %hs is missing.

 

Raport:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by SYSTEM on MININT-490EN4L on 11-11-2014 10:30:47
Running from F:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [635784 2010-01-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [EeeStorageBackup] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1732608 2009-11-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-18] ()
HKLM\...\Run: [ACPW06EN] => C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe [1231992 2012-11-14] (ACD Systems)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-26] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-11] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2534400 2014-05-14] (MyHeritage)
HKU\Gregor\...\Run: [AdobeBridge] => [X]
HKU\Gregor\...\Run: [Urenqaagny] => C:\Users\Gregor\AppData\Roaming\Ucef\doyhz.exe
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
Startup: C:\Users\Gregor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Gregor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-09-09] (Adobe Systems)
S2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-26] (SafeNet Inc.)
S2 MSSQL$OPTIMA; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.OPTIMA\MSSQL\Binn\sqlservr.exe [43129288 2012-06-28] (Microsoft Corporation)
S3 MSSQL$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
S2 OberonGameConsoleService; C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [44312 2009-09-14] ()
S4 SQLAgent$OPTIMA; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.OPTIMA\MSSQL\Binn\SQLAGENT.EXE [379848 2012-06-28] (Microsoft Corporation)
S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-12] (AVG Secure Search)
S2 avgfws; "C:\Program Files (x86)\AVG\AVG2013\avgfws.exe" [X]
S2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [X]
S2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 adiusbaw; C:\Windows\System32\DRIVERS\adiusbawx64.sys [169496 2007-02-07] (Analog Devices Inc.)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-19] ()
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S1 Avgfwfd; system32\DRIVERS\avgfwd6a.sys [X]
S1 AVGIDSDriver; system32\DRIVERS\avgidsdrivera.sys [X]
S0 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
S1 Avgldx64; system32\DRIVERS\avgldx64.sys [X]
S0 Avgloga; system32\DRIVERS\avgloga.sys [X]
S0 Avgmfx64; system32\DRIVERS\avgmfx64.sys [X]
S0 Avgrkx64; system32\DRIVERS\avgrkx64.sys [X]
S1 Avgtdia; system32\DRIVERS\avgtdia.sys [X]
S1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [X]
S2 TMAgent; No ImagePath
S3 tmlwf; No ImagePath
S3 tmwfp; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 10:29 - 2014-11-11 10:30 - 00000000 ____D () C:\FRST
2014-11-09 12:55 - 2014-11-09 12:55 - 00003878 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1415566538
2014-11-09 12:55 - 2014-11-09 12:55 - 00001141 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-11-09 12:55 - 2014-11-09 12:55 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\Opera Software
2014-11-09 12:55 - 2014-11-09 12:55 - 00000000 ____D () C:\Users\Gregor\AppData\Local\Opera Software
2014-11-09 12:55 - 2014-11-09 12:55 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-11-09 12:54 - 2014-11-09 12:54 - 06825694 _____ () C:\Users\Gregor\Downloads\SopCast.zip
2014-11-09 12:54 - 2014-11-09 12:54 - 00003090 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-11-09 12:54 - 2014-11-09 12:54 - 00003026 _____ () C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2014-11-09 12:54 - 2014-11-09 12:54 - 00002870 _____ () C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2014-11-09 12:54 - 2014-11-09 12:54 - 00000987 _____ () C:\Users\Public\Desktop\RegClean Pro.lnk
2014-11-09 12:54 - 2014-11-09 12:54 - 00000268 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-11-09 12:54 - 2014-11-09 12:54 - 00000260 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-11-09 12:54 - 2014-11-09 12:54 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\Systweak
2014-11-09 12:54 - 2014-11-09 12:54 - 00000000 ____D () C:\Program Files (x86)\RCP
2014-11-09 12:54 - 2014-10-06 07:36 - 00020296 _____ () C:\Windows\System32\roboot64.exe
2014-11-09 12:53 - 2014-11-09 12:53 - 00777088 _____ ( ) C:\Users\Gregor\Downloads\SopCast(12954)-dp.exe
2014-11-07 08:37 - 2014-11-07 09:38 - 367013895 _____ () C:\Users\Gregor\Downloads\tp103-medieval.avi
2014-11-07 08:03 - 2014-11-07 08:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-06 12:56 - 2014-11-06 13:12 - 367017991 _____ () C:\Users\Gregor\Downloads\tp102-medieval.avi
2014-11-04 22:50 - 2014-11-04 22:50 - 00179712 _____ () C:\Users\Gregor\Downloads\archiwum_tab_a_2014(3).xls
2014-11-04 22:49 - 2014-11-04 22:49 - 00073018 _____ () C:\Users\Gregor\Downloads\pliki_darex.zip
2014-11-03 08:58 - 2014-11-03 10:11 - 366592000 _____ () C:\Users\Gregor\Downloads\Czas.Honoru.S07E10.PL.WEB-DL.XviD-CAMBiO.avi
2014-10-31 10:52 - 2014-10-31 11:13 - 366995463 _____ () C:\Users\Gregor\Downloads\tp101-medieval.avi
2014-10-29 11:15 - 2014-10-29 12:17 - 366757888 _____ () C:\Users\Gregor\Downloads\Czas.Honoru.S07E09.PL.WEB-DL.XviD-CAMBiO(1).avi
2014-10-28 12:48 - 2014-10-28 12:48 - 00000000 ____D () C:\Users\Public\Desktop\Radio Koszalin - www.radio.koszalin.pl
2014-10-28 12:48 - 2014-10-28 12:48 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\streamripper
2014-10-28 12:48 - 2014-10-28 12:48 - 00000000 ____D () C:\Program Files (x86)\Streamripper
2014-10-28 12:47 - 2014-10-28 12:47 - 02633439 _____ () C:\Users\Gregor\Downloads\streamripper-windows-installer-1.64.6.exe
2014-10-28 12:08 - 2014-10-28 12:08 - 20578448 _____ () C:\Users\Gregor\Documents\ff.wma.sfap0
2014-10-28 12:08 - 2014-10-28 12:08 - 00160832 _____ () C:\Users\Gregor\Documents\ff.wma.sfk
2014-10-28 11:49 - 2014-10-28 11:49 - 00485403 _____ () C:\Users\Gregor\Documents\Bez_nazwyxx.wma
2014-10-28 11:01 - 2014-10-28 11:03 - 01419323 _____ () C:\Users\Gregor\Documents\ff.wma
2014-10-27 09:01 - 2014-10-27 09:01 - 00000000 _____ () C:\Users\Gregor\Downloads\Czas.Honoru.S07E09.PL.WEB-DL.XviD-CAMBiO.avi
2014-10-27 09:00 - 2014-10-27 09:25 - 312063008 _____ () C:\Users\Gregor\Downloads\Czas.Honoru.S07E09.PL.WEB-DL.XviD-CAMBiO.avi.part
2014-10-27 08:23 - 2014-10-27 09:25 - 366999826 _____ () C:\Users\Gregor\Downloads\The.Walking.Dead.S05E03.HDTV.XviD-AFG.rar.part
2014-10-27 08:23 - 2014-10-27 08:23 - 00000000 _____ () C:\Users\Gregor\Downloads\The.Walking.Dead.S05E03.HDTV.XviD-AFG.rar
2014-10-25 08:31 - 2014-10-25 08:31 - 00011052 _____ () C:\Users\Gregor\Downloads\Samsung-Avila_4_.jpeg
2014-10-22 12:03 - 2014-10-25 14:30 - 00000488 _____ () C:\Windows\Viewer.INI
2014-10-21 07:41 - 2014-10-21 09:21 - 367130126 _____ () C:\Users\Gregor\Downloads\Czas.Honoru.S07E08.PL.WEB-DL.XviD-CAMBiO.avi
2014-10-16 14:25 - 2014-10-16 14:25 - 00611536 _____ () C:\Users\Gregor\Desktop\022.djvu
2014-10-13 07:21 - 2014-10-13 07:46 - 366843904 _____ () C:\Users\Gregor\Downloads\Czas.Honoru.S07E07.PL.WEB-DL.XviD-CAMBiO.avi

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2060-08-18 09:02 - 2012-09-24 09:32 - 02023424 ____N (Inprise Corporation) C:\Windows\SysWOW64\VCL50.BPL
2060-08-18 09:02 - 2012-09-24 09:32 - 01496064 ____N (Inprise Corporation) C:\Windows\SysWOW64\CC3250MT.DLL
2060-08-18 09:02 - 2012-09-24 09:32 - 00248832 ____N (Inprise Corporation) C:\Windows\SysWOW64\VCLX50.BPL
2060-08-18 08:40 - 2012-09-24 09:32 - 00909824 ____N (Inprise Corporation) C:\Windows\SysWOW64\CP3245MT.DLL
2060-08-18 08:40 - 2012-09-24 09:32 - 00024064 ____N (Inprise Corporation) C:\Windows\SysWOW64\BORLNDMM.DLL
2014-11-10 14:01 - 2013-04-20 05:48 - 00000000 ____D () C:\Program Files (x86)\garbage
2014-11-09 14:03 - 2010-02-24 23:54 - 01542379 _____ () C:\Windows\WindowsUpdate.log
2014-11-09 13:27 - 2010-06-25 06:27 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-09 12:52 - 2011-05-17 09:57 - 00000173 _____ () C:\Windows\YdpDict.INI
2014-11-09 12:26 - 2010-06-25 06:27 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-09 07:44 - 2009-07-13 20:45 - 00010240 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-09 07:44 - 2009-07-13 20:45 - 00010240 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-09 07:36 - 2013-06-07 10:45 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2014-11-09 07:36 - 2013-06-03 12:23 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-11-09 07:35 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-09 07:35 - 2009-07-13 20:51 - 00292564 _____ () C:\Windows\setupact.log
2014-11-09 02:49 - 2013-04-20 05:30 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-08 02:50 - 2012-02-21 10:14 - 00045056 _____ () C:\Windows\System32\acovcnt.exe
2014-11-08 02:49 - 2012-04-30 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-05 12:32 - 2009-08-03 11:55 - 00832034 _____ () C:\Windows\System32\perfh015.dat
2014-11-05 12:32 - 2009-08-03 11:55 - 00189654 _____ () C:\Windows\System32\perfc015.dat
2014-11-05 12:32 - 2009-07-13 21:13 - 01926950 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-11-04 22:45 - 2010-05-09 08:14 - 00117888 _____ () C:\Users\Gregor\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-04 22:43 - 2009-07-13 20:45 - 03043440 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-11-04 14:50 - 2010-02-25 00:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-01 11:36 - 2011-11-11 08:29 - 00000000 ____D () C:\Users\Gregor\Desktop\11.11
2014-11-01 00:16 - 2009-07-13 21:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-26 12:42 - 2012-10-28 12:20 - 00000000 ____D () C:\Users\Gregor\Desktop\ipn
2014-10-22 11:21 - 2010-06-25 06:27 - 00004044 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-22 11:21 - 2010-06-25 06:27 - 00003792 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-20 10:49 - 2010-09-10 04:16 - 00002891 ____H () C:\Users\Gregor\Downloads\.picasa.ini
2014-10-13 15:45 - 2014-07-01 14:17 - 00000000 ____D () C:\Users\Gregor\Downloads\druk

ZeroAccess:
C:\Windows\assembly\temp
C:\Windows\assembly\temp\@
C:\Windows\assembly\temp\cfg.ini

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Files to move or delete:
====================
C:\Users\Gregor\AppData\Roaming\skype.ini


Some content of TEMP:
====================
C:\Users\Gregor\AppData\Local\Temp\atl80.dll
C:\Users\Gregor\AppData\Local\Temp\AVG.exe
C:\Users\Gregor\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Gregor\AppData\Local\Temp\DSETUP.dll
C:\Users\Gregor\AppData\Local\Temp\dsetup32.dll
C:\Users\Gregor\AppData\Local\Temp\DXSETUP.exe
C:\Users\Gregor\AppData\Local\Temp\gg10.upgr.exe
C:\Users\Gregor\AppData\Local\Temp\gg10_upgr_to_11790_from_11119.exe
C:\Users\Gregor\AppData\Local\Temp\gg10_upgr_to_12096_from_11119.exe
C:\Users\Gregor\AppData\Local\Temp\install_flashplayer11x32au_mssd_aaa_aih.exe
C:\Users\Gregor\AppData\Local\Temp\install_flashplayer11x32_mssa_aaa_aih.exe
C:\Users\Gregor\AppData\Local\Temp\install_flashplayer11x32_mssa_aaa_aih_1.exe
C:\Users\Gregor\AppData\Local\Temp\install_flashplayer11x32_mssa_aaa_aih_2.exe
C:\Users\Gregor\AppData\Local\Temp\install_flashplayer11x32_mssd_aih.exe
C:\Users\Gregor\AppData\Local\Temp\install_flashplayer11x64_mssd_aih.exe
C:\Users\Gregor\AppData\Local\Temp\install_flashplayer11x64_mssd_aih_1.exe
C:\Users\Gregor\AppData\Local\Temp\install_flashplayer11x64_mssd_aih_2.exe
C:\Users\Gregor\AppData\Local\Temp\install_flashplayer13x32au_mssa_aaa_aih.exe
C:\Users\Gregor\AppData\Local\Temp\install_flashplayer13x32au_mssa_aaa_aih_1.exe
C:\Users\Gregor\AppData\Local\Temp\install_flashplayer13x32_mssa_aaa_aih.exe
C:\Users\Gregor\AppData\Local\Temp\install_reader11_en_mssa_aih.exe
C:\Users\Gregor\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Gregor\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Gregor\AppData\Local\Temp\mfc80.dll
C:\Users\Gregor\AppData\Local\Temp\mfc80u.dll
C:\Users\Gregor\AppData\Local\Temp\mfcm80.dll
C:\Users\Gregor\AppData\Local\Temp\mfcm80u.dll
C:\Users\Gregor\AppData\Local\Temp\msvcm80.dll
C:\Users\Gregor\AppData\Local\Temp\msvcp80.dll
C:\Users\Gregor\AppData\Local\Temp\msvcr80.dll
C:\Users\Gregor\AppData\Local\Temp\ose00001.exe
C:\Users\Gregor\AppData\Local\Temp\ResetDevice.exe
C:\Users\Gregor\AppData\Local\Temp\SIntf16.dll
C:\Users\Gregor\AppData\Local\Temp\SIntf32.dll
C:\Users\Gregor\AppData\Local\Temp\SIntfNT.dll
C:\Users\Gregor\AppData\Local\Temp\TmDbg32.dll
C:\Users\Gregor\AppData\Local\Temp\TmDbg64.dll
C:\Users\Gregor\AppData\Local\Temp\_is2CCA.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3948.54 MB
Available physical RAM: 3327.61 MB
Total Pagefile: 3946.69 MB
Available Pagefile: 3318.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:1.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:334.67 GB) (Free:141.37 GB) NTFS
Drive f: (KINGSTON) (Removable) (Total:14.64 GB) (Free:0.06 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=334.7 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14.6 GB) (Disk ID: B3968423)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)


LastRegBack: 2014-11-05 13:12

==================== End Of Log ============================

BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:10 PM

Posted 16 November 2014 - 11:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555704 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:10 PM

Posted 21 November 2014 - 11:05 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users