Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help laptop freezing think I have malware virus


  • This topic is locked This topic is locked
11 replies to this topic

#1 marccpt

marccpt

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 16 December 2014 - 11:59 PM

Hi there,

 

My laptop starts freezing and cannot access it until I reboot it (around every 10 to 20 minutes).  I have been trying to resolve the problem for a week with Lighthouseparty on your other forum with no luck.

 I had issues with Trend micro - I uninstalled both trend and mcafee and then reinstalled trend micro.

I have run rkill, adwcleaner, junkware removal tool, temporary file cleaner, malwarebytes anti root kit, I ran eset online and the following error came up win32/prcview potentially unsafe application

a variant of win32/installcore.D potentially unwanted application

a variant of win32/installcore.D potentially unwanted application

a variant of win32/installcore.D potentially unwanted application

a variant of win32/installcore.D potentially unwanted application

a variant of win32/installcore.D potentially unwanted application.

 

I started with your step 6 but when I try to run dds it states cannot run in compatibility mode.

 

please help



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:34 AM

Posted 22 December 2014 - 12:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/560107 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 marccpt

marccpt
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 22 December 2014 - 01:18 PM

Hi there

Yes I still need help I now cannot access the pc, it seems to wait for windows to repair then when it gets there it freezes

I dont have the originals as it came with my laptop but if need be I can get the disks - I do have some logs from the first couple of times the other forum tried to resolve this issue also logged against my name please advise if you would like me to attach those logs



#4 polskamachina

polskamachina

  • Malware Response Team
  • 3,911 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 PM

Posted 27 December 2014 - 11:57 AM

Hi marccpt :)

 

My name is polskamachina and I will be assisting you with your malware problems. Please give me some time to review your situation and I will get back to you with further instructions.

 

polskamachina



#5 marccpt

marccpt
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 28 December 2014 - 03:46 AM

Thank you I cannot access laptop as windows 8 feeezes and when it recovers cannit get past password

#6 polskamachina

polskamachina

  • Malware Response Team
  • 3,911 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 PM

Posted 29 December 2014 - 02:18 PM

Hi marccpt :)
 
First, please read these directions all the way through to familiarize yourself with the steps we will be using to perform the next diagnostic scan.
 
You will need the following materials to proceed:

  • A working computer from which you can download diagnostic programs and files.
  • A USB flashdrive to transfer files between your working pc and your nonworking pc

If your statement below means you have the installation disks needed to boot your pc, you should get those disks because they may be required later.

I dont have the originals as it came with my laptop but if need be I can get the disks.

 Next:

  • On your clean, working machine, please download the 64-bit version of Farbar Recovery Scan Tool and save it to your vaccinated flash drive.
  • Plug the flashdrive into the infected PC.
    • Restart the nonworking computer.
    • As soon as the BIOS is loaded, begin tapping the F8 key until the Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • To enter System Recovery Options from the Advanced Boot Options: Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disk, or make a repair disk. Any Windows installation disc or a repair disk made on another computer can be used.

    To enter System Recovery Options by using Windows installation disc:
  • On the System Recovery Options menu you will get the following options:

    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select the Command Prompt option.
  • Once in the Command Prompt:
    • In the command window type in Notepad and press Enter.
    • Notepad will open. Under File menu select Open.
    • Select "Computer" and find your flashdrive letter and close Notepad.
    • In the command window type e:\frst64  and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will create a log FRST.txt on the flash drive. Please copy and paste the log into your next reply to me.

Let me know if you have any questions.
 
polskamachina



#7 marccpt

marccpt
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 29 December 2014 - 04:27 PM

hi plskamachinaScan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2014

 

Ran by SYSTEM on MININT-1C1MQDS on 29-12-2014 23:17:25

 

Running from D:\

 

Platform: Windows 8.1 Pro with Media Center (X86) OS Language: English (United Kingdom)

 

Internet Explorer Version 11

 

Boot Mode: Recovery

 

 

The current controlset is ControlSet001

 

ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

 

 

 

ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.

 

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

 

==================== Registry (Whitelisted) ==================

 

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

 

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)

 

HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)

 

HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()

 

HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246304 2014-07-20] (Trend Micro Inc.)

 

HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1266224 2014-07-20] (Trend Micro Inc.)

 

HKLM\...\Run: [PwmConsole.exe] => C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe [2007592 2014-11-27] (Trend Micro Inc.)

 

HKU\Marc Smith\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3882576 2014-11-07] (Tonec Inc.)

 

HKU\Marc Smith\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)

 

HKU\Marc Smith\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\WINDOWS\system32\eed_ec.dll,SpeedLauncher

 

HKU\Marc Smith\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)

 

Startup: C:\Users\Marc Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

 

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (No File)

 

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

 

 

thank you for your help I got it wrong its 32 not 64 I think I created the wrong repair disk



#8 polskamachina

polskamachina

  • Malware Response Team
  • 3,911 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 PM

Posted 30 December 2014 - 02:23 PM

Hi marccpt :)
 
In order for this next set of instructions to have a chance of working, you will need the following to create an installation disk:

  • A working computer running either Windows 7, Windows 8, or Windows 8.1
  • The product key from your original Windows 8.1 installation.
  • Blank DVD or a USB flash drive with at least 16GB of storage. The USB method will be easier and I would strongly recommend using that. Note you will still need a second USB flash drive with the FRST64 program on it.

When you've gathered the required materials from the list above:

  • Click on this link and you will find directions on how to create an installation disk. After you've read the directions there:
  • Click on the Create media link
  • Download the program to your desktop
  • Run the program
  • Select the following choices:
  • Language: English (United Kingdom)
  • Edition: Windows 8.1 Pro
  • Architecture: 64-bit (x64)
  • Click Next
  • Select USB flash drive or ISO file
  • Click Next and the media will be created

When the procedure has completed, you will have created a bootable USB flash drive or an ISO image that will need to be burned to a DVD.
 
Before we continue, I would like to remind you that the point of booting from the installation disk is not to reinstall the operating system but to get to the command prompt via the recovery environment so we can run FRST64 and analyze the log.

To enter System Recovery Options by using Windows installation disk:

  • Insert the installation USB or DVD boot disk into your nonworking Windows 8.1 computer.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disk. If your computer is not configured to start from a USB flash drive or DVD drive, check your BIOS settings.
  • Click Repair your computer.
  • Select UK as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:

    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt

    Once in the Command Prompt:
    • Insert your flash drive with the FRST64 program on it.
    • In the command window type in, Notepad, and press Enter.
    • Notepad will open. Under File menu select Open.
    • Select Computer, find your flash drive letter, and then close Notepad.
    • In the command window type e:\frst64 and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Click the Scan button.
    • It will generate a log FRST.txt on the flash drive. Please copy and paste it into your next reply to me.

Let me know if you have any questions or experienced any problems along the way.

 

polskamachina



#9 marccpt

marccpt
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 30 December 2014 - 02:48 PM

Hi there, sorry I did post this last night but worked out that I had the wrong repair version of windows I have fixed that please see below

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014

 

Ran by SYSTEM on MININT-HAD4SG7 on 30-12-2014 21:39:34

 

Running from D:\

 

Platform: Windows 8.1 Pro with Media Center (X64) OS Language: English (United Kingdom)

 

Internet Explorer Version 11

 

Boot Mode: Recovery

 

 

The current controlset is ControlSet001

 

ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

 

 

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

 

==================== Registry (Whitelisted) ==================

 

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

 

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)

 

HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)

 

HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()

 

HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246304 2014-07-20] (Trend Micro Inc.)

 

HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1266224 2014-07-20] (Trend Micro Inc.)

 

HKLM\...\Run: [PwmConsole.exe] => C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe [2007592 2014-11-27] (Trend Micro Inc.)

 

HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)

 

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

 

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)

 

HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)

 

HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)

 

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

 

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)

 

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

 

HKU\Marc Smith\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3882576 2014-11-07] (Tonec Inc.)

 

HKU\Marc Smith\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)

 

HKU\Marc Smith\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\WINDOWS\system32\eed_ec.dll,SpeedLauncher

 

HKU\Marc Smith\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)

 

Startup: C:\Users\Marc Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

 

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

 

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

 

 

==================== Services (Whitelisted) =================

 

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

 

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)

 

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)

 

S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-29] (Microsoft Corporation)

 

S2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1187376 2014-07-20] (Trend Micro Inc.)

 

S2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [325656 2014-11-27] (Trend Micro Inc.)

 

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)

 

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

 

S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]

 

 

==================== Drivers (Whitelisted) ====================

 

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

 

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] ()

 

S0 agp440; C:\Windows\System32\drivers\agp440.sys [62304 2013-08-22] ()

 

S3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)

 

S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)

 

S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)

 

S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)

 

S3 kbfilter; C:\Windows\system32\DRIVERS\kbfilter.sys [67408 2014-11-27] (Trend Micro Inc.)

 

S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [96472 2014-12-08] (Malwarebytes Corporation)

 

S1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [121944 2014-07-14] (Trend Micro Inc.)

 

S0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [305832 2014-07-14] (Trend Micro Inc.)

 

S0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2014-07-09] (Trend Micro Inc.)

 

S3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [106296 2014-07-09] (Trend Micro Inc.)

 

S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [37904 2014-07-09] (Trend Micro Inc.)

 

S1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [93664 2014-07-14] (Trend Micro Inc.)

 

S3 tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [407864 2014-07-09] (Trend Micro Inc.)

 

S2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [106296 2014-06-30] (Trend Micro Inc.)

 

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

 

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

 

==================== One Month Created Files and Folders ========

 

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

 

2014-12-30 21:31 - 2014-12-30 21:33 - 00000000 _____ () C:\Recovery.txt

 

2014-12-29 23:09 - 2014-12-29 23:20 - 00000000 ____D () C:\FRST

 

2014-12-17 04:44 - 2014-12-17 04:44 - 00028158 _____ () C:\Users\Marc Smith\Downloads\2.0.html

 

2014-12-16 19:57 - 2014-12-16 19:57 - 00688992 _____ (Swearware) C:\Users\Marc Smith\Downloads\dds (1).com

 

2014-12-16 19:54 - 2014-12-16 19:54 - 00688992 _____ (Swearware) C:\Users\Marc Smith\Downloads\dds.com

 

2014-12-16 12:04 - 2014-12-16 12:04 - 00000165 ____H () C:\Users\Marc Smith\Documents\~$construction require.xlsx

 

2014-12-16 10:34 - 2014-12-16 10:35 - 00276248 _____ () C:\Windows\Minidump\121614-30109-01.dmp

 

2014-12-15 16:14 - 2014-12-15 16:47 - 262479020 _____ () C:\Users\Marc Smith\Downloads\The.Newsroom.2012.S03E06.480p.HDTV.x264-NoGroup.mkv

 

2014-12-15 13:34 - 2014-12-15 13:34 - 00276192 _____ () C:\Windows\Minidump\121514-33296-01.dmp

 

2014-12-15 12:42 - 2014-12-15 12:42 - 00276192 _____ () C:\Windows\Minidump\121514-20125-01.dmp

 

2014-12-15 06:09 - 2014-12-16 10:34 - 468647888 _____ () C:\Windows\MEMORY.DMP

 

2014-12-15 06:09 - 2014-12-15 06:09 - 00276192 _____ () C:\Windows\Minidump\121514-19187-01.dmp

 

2014-12-14 20:17 - 2014-12-14 20:17 - 00000000 ___HD () C:\Windows\AxInstSV

 

2014-12-14 20:17 - 2014-12-14 20:17 - 00000000 ____D () C:\Program Files (x86)\ESET

 

2014-12-14 14:10 - 2014-12-14 14:05 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Marc Smith\Desktop\mbar-1.08.2.1001 (1).exe

 

2014-12-14 14:04 - 2014-12-14 14:05 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Marc Smith\Downloads\mbar-1.08.2.1001 (1).exe

 

2014-12-14 14:04 - 2014-12-14 14:04 - 00448512 _____ (OldTimer Tools) C:\Users\Marc Smith\Downloads\TFC.exe

 

2014-12-14 04:44 - 2014-12-14 04:44 - 00000000 ____D () C:\Users\Marc Smith\AppData\Roaming\Trend Micro

 

2014-12-13 21:56 - 2014-12-14 04:49 - 01943536 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll

 

2014-12-13 20:32 - 2014-12-13 20:32 - 00000000 ____D () C:\Program Files\Speccy

 

2014-12-13 20:32 - 2014-12-13 20:32 - 00000000 _____ () C:\Windows\setuperr.log

 

2014-12-13 20:32 - 2014-12-13 20:32 - 00000000 _____ () C:\Windows\setupact.log

 

2014-12-13 19:02 - 2014-12-14 10:11 - 00004028 _____ () C:\Windows\PFRO.log

 

2014-12-13 18:53 - 2014-11-27 09:58 - 00067408 _____ (Trend Micro Inc.) C:\Windows\System32\Drivers\kbfilter.sys

 

2014-12-13 18:53 - 2014-11-27 09:58 - 00067408 _____ (Trend Micro Inc.) C:\kbfilter.sys

 

2014-12-13 18:53 - 2014-11-27 09:58 - 00007799 _____ () C:\kbfilter.cat

 

2014-12-13 18:53 - 2014-11-27 09:58 - 00000098 _____ () C:\install.bat

 

2014-12-13 18:53 - 2014-11-27 09:58 - 00000081 _____ () C:\uninstall.bat

 

2014-12-13 18:41 - 2014-12-13 18:41 - 00000000 ___HD () C:\TMRescueDisk

 

2014-12-13 18:37 - 2014-12-13 18:37 - 00001465 _____ () C:\Users\Marc Smith\Desktop\Trend Micro Maximum Security.lnk

 

2014-12-13 18:36 - 2014-07-14 07:39 - 00305832 _____ (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys

 

2014-12-13 18:36 - 2014-07-14 07:39 - 00121944 _____ (Trend Micro Inc.) C:\Windows\System32\Drivers\tmactmon.sys

 

2014-12-13 18:36 - 2014-07-14 07:39 - 00093664 _____ (Trend Micro Inc.) C:\Windows\System32\Drivers\tmevtmgr.sys

 

2014-12-13 18:36 - 2014-07-09 16:03 - 00407864 _____ (Trend Micro Inc.) C:\Windows\System32\Drivers\tmnciesc.sys

 

2014-12-13 18:36 - 2014-07-09 16:03 - 00037904 _____ (Trend Micro Inc.) C:\Windows\System32\Drivers\tmel.sys

 

2014-12-13 18:36 - 2014-07-09 16:02 - 00106296 _____ (Trend Micro Inc.) C:\Windows\System32\Drivers\tmeevw.sys

 

2014-12-13 18:36 - 2014-07-09 16:02 - 00050976 _____ (Trend Micro Inc.) C:\Windows\System32\Drivers\TMEBC64.sys

 

2014-12-13 18:36 - 2014-06-30 11:06 - 00106296 _____ (Trend Micro Inc.) C:\Windows\System32\Drivers\tmusa.sys

 

2014-12-13 18:35 - 2014-12-13 18:39 - 00003326 _____ () C:\Windows\System32\Tasks\Trend Micro Inspect of Platinum

 

2014-12-13 18:35 - 2014-12-13 18:35 - 00000059 _____ () C:\Windows\System32\SupportTool.exe.bat

 

2014-12-13 18:34 - 2014-12-13 18:38 - 00000000 ____D () C:\Program Files\Trend Micro

 

2014-12-13 18:24 - 2014-12-13 18:32 - 181793904 _____ (Trend Micro Inc.) C:\Users\Public\Desktop\TTi_HE_Download_64bit.exe

 

2014-12-13 18:24 - 2014-12-13 18:24 - 06631440 _____ (Trend Micro Inc.) C:\Users\Marc Smith\Downloads\TTi8.0_HE_Downloader.exe

 

2014-12-13 18:09 - 2014-12-13 18:09 - 00003790 _____ () C:\Users\Marc Smith\Documents\virus problem.txt

 

2014-12-13 18:08 - 2014-12-13 18:08 - 00003790 _____ () C:\Users\Marc Smith\Documents\startup.txt

 

2014-12-13 18:07 - 2014-12-13 18:07 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

 

2014-12-13 18:07 - 2014-12-13 18:07 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk

 

2014-12-13 18:06 - 2014-12-13 18:07 - 00000000 ____D () C:\Program Files\CCleaner

 

2014-12-13 18:04 - 2014-12-13 18:09 - 85412336 _____ (Trend Micro Inc.) C:\Users\Marc Smith\Downloads\TTi_7.0_HE_32bit.exe

 

2014-12-13 17:58 - 2014-12-13 17:58 - 17562644 _____ (Trend Micro Inc.) C:\Users\Marc Smith\Downloads\Unconfirmed 509917.crdownload

 

2014-12-13 17:38 - 2014-12-13 17:38 - 00025769 _____ () C:\TMPatch.log

 

2014-12-13 17:32 - 2014-12-13 17:37 - 40931424 _____ (Trend Micro Inc. ) C:\Users\Marc Smith\Downloads\Ti_80_win_global_UninstallTool_hfb0001.exe

 

2014-12-13 15:44 - 2014-12-13 15:44 - 00127717 _____ () C:\Users\Marc Smith\AppData\Local\census.cache

 

2014-12-13 15:44 - 2014-12-13 15:44 - 00089407 _____ () C:\Users\Marc Smith\AppData\Local\ars.cache

 

2014-12-13 15:43 - 2014-12-13 15:43 - 00000010 _____ () C:\Users\Marc Smith\AppData\Local\sponge.last.runtime.cache

 

2014-12-13 15:33 - 2014-12-13 15:33 - 02064880 _____ (Trend Micro Inc.) C:\Users\Marc Smith\Downloads\HousecallLauncher.exe

 

2014-12-13 15:27 - 2014-10-30 22:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe

 

2014-12-13 15:27 - 2014-10-30 22:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\poqexec.exe

 

2014-12-13 11:48 - 2014-12-13 11:48 - 00000000 ____D () C:\Windows\System32\appraiser

 

2014-12-12 19:34 - 2014-12-12 19:34 - 00000791 _____ () C:\Users\Marc Smith\Desktop\JRT.txt

 

2014-12-12 18:59 - 2014-12-12 18:59 - 01707646 _____ (Thisisu) C:\Users\Marc Smith\Downloads\JRT (3).exe

 

2014-12-12 18:57 - 2014-12-12 19:20 - 00002048 _____ () C:\Users\Marc Smith\Desktop\Rkill.txt

 

2014-12-12 18:55 - 2014-11-10 02:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\DeviceSetupStatusProvider.dll

 

2014-12-12 18:55 - 2014-11-10 01:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll

 

2014-12-12 18:48 - 2014-12-03 23:37 - 00227328 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll

 

2014-12-12 18:48 - 2014-12-03 23:09 - 00830464 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll

 

2014-12-12 18:48 - 2014-12-02 23:09 - 01083392 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll

 

2014-12-12 18:48 - 2014-12-02 23:09 - 00740864 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll

 

2014-12-12 18:48 - 2014-12-02 23:09 - 00412672 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll

 

2014-12-12 18:48 - 2014-12-02 23:09 - 00396288 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll

 

2014-12-12 18:48 - 2014-12-02 23:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll

 

2014-12-12 18:48 - 2014-10-31 23:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\System32\MrmCoreR.dll

 

2014-12-12 18:48 - 2014-10-31 23:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll

 

2014-12-12 18:48 - 2014-10-13 02:43 - 00238912 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\sdbus.sys

 

2014-12-12 18:48 - 2014-10-13 02:43 - 00153920 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\dumpsd.sys

 

2014-12-12 18:48 - 2014-10-13 02:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pdc.sys

 

2014-12-12 18:48 - 2014-10-13 02:43 - 00039744 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\intelpep.sys

 

2014-12-12 18:47 - 2014-12-12 18:47 - 02166272 _____ () C:\Users\Marc Smith\Downloads\adwcleaner_4.105.exe

 

2014-12-12 18:43 - 2014-12-12 18:43 - 00159578 _____ () C:\Users\Marc Smith\Downloads\JavaRa-2.6.zip

 

2014-12-12 17:28 - 2014-12-12 17:30 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Marc Smith\Downloads\rkill.com

 

2014-12-11 19:34 - 2014-11-22 03:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll

 

2014-12-11 19:34 - 2014-11-22 02:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll

 

2014-12-11 19:34 - 2014-11-22 02:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll

 

2014-12-11 19:34 - 2014-11-22 02:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\System32\html.iec

 

2014-12-11 19:34 - 2014-11-22 02:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll

 

2014-12-11 19:34 - 2014-11-22 02:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll

 

2014-12-11 19:34 - 2014-11-22 02:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll

 

2014-12-11 19:34 - 2014-11-22 02:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

 

2014-12-11 19:34 - 2014-11-22 02:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

 

2014-12-11 19:34 - 2014-11-22 02:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

 

2014-12-11 19:34 - 2014-11-22 02:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

 

2014-12-11 19:34 - 2014-11-22 02:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll

 

2014-12-11 19:34 - 2014-11-22 02:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

 

2014-12-11 19:34 - 2014-11-22 02:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

 

2014-12-11 19:34 - 2014-11-22 02:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

 

2014-12-11 19:34 - 2014-11-22 01:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll

 

2014-12-11 19:34 - 2014-11-22 01:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

 

2014-12-11 19:34 - 2014-11-22 01:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll

 

2014-12-11 19:34 - 2014-11-22 01:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

 

2014-12-11 19:34 - 2014-11-22 01:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

 

2014-12-11 19:34 - 2014-11-22 01:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

 

2014-12-11 19:34 - 2014-11-22 01:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

 

2014-12-11 19:34 - 2014-11-22 01:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll

 

2014-12-11 19:34 - 2014-11-22 01:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

 

2014-12-11 19:34 - 2014-11-22 01:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

 

2014-12-11 19:34 - 2014-11-22 01:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

 

2014-12-11 19:34 - 2014-11-22 01:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

 

2014-12-11 19:34 - 2014-11-22 01:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

 

2014-12-11 19:34 - 2014-11-22 01:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll

 

2014-12-11 19:34 - 2014-11-22 01:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

 

2014-12-11 19:34 - 2014-11-22 01:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

 

2014-12-11 19:34 - 2014-11-22 01:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

 

2014-12-11 19:34 - 2014-11-22 01:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

 

2014-12-11 19:34 - 2014-11-22 01:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll

 

2014-12-11 19:34 - 2014-11-22 01:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

 

2014-12-11 19:34 - 2014-11-22 01:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

 

2014-12-11 19:34 - 2014-11-22 01:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

 

2014-12-11 19:34 - 2014-11-22 00:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

 

2014-12-11 19:34 - 2014-11-22 00:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

 

2014-12-10 23:58 - 2014-11-07 04:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

 

2014-12-10 23:58 - 2014-11-07 03:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

 

2014-12-09 20:05 - 2014-12-09 20:06 - 00852487 _____ () C:\Users\Marc Smith\Downloads\SecurityCheck (1).exe

 

2014-12-09 20:05 - 2014-12-09 20:06 - 00401920 _____ (Farbar) C:\Users\Marc Smith\Downloads\MiniToolBox (1).exe

 

2014-12-09 19:56 - 2014-12-09 19:56 - 00852487 _____ () C:\Users\Marc Smith\Downloads\SecurityCheck.exe

 

2014-12-09 19:54 - 2014-12-13 19:53 - 00012918 _____ () C:\Users\Marc Smith\Downloads\Result.txt

 

2014-12-09 19:52 - 2014-12-09 19:52 - 00401920 _____ (Farbar) C:\Users\Marc Smith\Downloads\MiniToolBox.exe

 

2014-12-08 21:09 - 2014-12-14 17:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

 

2014-12-08 21:09 - 2014-12-14 17:06 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys

 

2014-12-08 21:09 - 2014-12-08 21:09 - 00000000 ____D () C:\ProgramData\Malwarebytes

 

2014-12-08 21:08 - 2014-12-14 17:41 - 00000000 ____D () C:\Users\Marc Smith\Desktop\mbar

 

2014-12-08 21:08 - 2014-12-08 21:08 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys

 

2014-12-08 21:05 - 2014-12-08 21:07 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Marc Smith\Downloads\mbar-1.08.2.1001.exe

 

2014-12-08 20:27 - 2014-12-08 20:33 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Marc Smith\Downloads\Unconfirmed 601685.crdownload

 

2014-12-08 20:25 - 2014-12-08 20:26 - 01707646 _____ (Thisisu) C:\Users\Marc Smith\Downloads\JRT (2).exe

 

2014-12-08 20:20 - 2014-12-08 20:20 - 01707646 _____ (Thisisu) C:\Users\Marc Smith\Downloads\JRT (1).exe

 

2014-12-08 20:20 - 2014-12-08 20:20 - 00000000 ____D () C:\Windows\ERUNT

 

2014-12-08 20:15 - 2014-12-08 20:15 - 01707646 _____ (Thisisu) C:\Users\Marc Smith\Downloads\JRT.exe

 

2014-12-08 20:14 - 2014-12-12 19:24 - 00000000 ____D () C:\AdwCleaner

 

2014-12-08 20:14 - 2014-12-08 20:14 - 00000055 _____ () C:\AdwCleanerDebug.txt

 

2014-12-08 20:08 - 2014-12-08 20:08 - 02153472 _____ () C:\Users\Marc Smith\Downloads\AdwCleaner.exe

 

2014-12-07 19:32 - 2014-12-16 06:26 - 00000508 __RSH () C:\ProgramData\ntuser.pol

 

2014-12-07 17:50 - 2014-12-07 17:58 - 154458112 _____ (Trend Micro Inc.) C:\Users\Marc Smith\Downloads\TTi_7.0_HE_Full.exe

 

2014-12-07 05:46 - 2014-12-07 05:46 - 00000165 ____H () C:\Users\Marc Smith\Desktop\~$House budget vs2.xlsx

 

2014-12-01 04:11 - 2014-12-01 05:38 - 413731719 _____ () C:\Users\Marc Smith\Downloads\The.Newsroom.2012.S03E04.HDTV.x264-KILLERS.[VTV].mp4

 

 

==================== One Month Modified Files and Folders =======

 

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

 

2014-12-30 21:31 - 2012-09-29 16:53 - 00000000 __SHD () C:\Recovery

 

2014-12-23 22:06 - 2013-08-22 14:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

 

2014-12-23 03:11 - 2014-07-17 04:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

 

2014-12-23 02:31 - 2013-02-27 18:13 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

 

2014-12-19 10:54 - 2013-02-27 18:13 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

 

2014-12-17 10:27 - 2013-10-29 19:18 - 01576934 _____ () C:\Windows\WindowsUpdate.log

 

2014-12-17 10:24 - 2013-02-27 20:30 - 00000000 ____D () C:\Users\Marc Smith\AppData\Roaming\DMCache

 

2014-12-17 10:20 - 2014-08-25 20:46 - 00000000 ____D () C:\Users\Marc Smith\Desktop\mom

 

2014-12-17 10:03 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\System32\config\ELAM

 

2014-12-17 08:37 - 2013-02-27 20:30 - 00000000 ____D () C:\Users\Marc Smith\Downloads\Video

 

2014-12-17 08:23 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\System32\NDF

 

2014-12-16 11:20 - 2013-10-29 19:05 - 00000000 ____D () C:\users\Marc Smith

 

2014-12-16 10:34 - 2013-10-30 18:17 - 00000000 ____D () C:\Windows\Minidump

 

2014-12-15 12:56 - 2012-07-26 07:59 - 00000000 ____D () C:\Windows\CbsTemp

 

2014-12-14 23:15 - 2013-02-07 04:05 - 00232960 ___SH () C:\Users\Marc Smith\Desktop\Thumbs.db

 

2014-12-14 19:30 - 2013-04-02 18:32 - 00000000 ____D () C:\Users\Marc Smith\Documents\theRenamer

 

2014-12-14 17:38 - 2013-02-24 16:11 - 00000000 ____D () C:\Users\Marc Smith\Desktop\Kindle Book Collection

 

2014-12-14 12:12 - 2012-12-02 12:46 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1647717128-3663899692-3893833981-1001

 

2014-12-14 11:31 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\AppReadiness

 

2014-12-14 09:58 - 2013-08-22 15:36 - 00000000 ___RD () C:\Windows\ToastData

 

2014-12-14 09:58 - 2013-08-22 15:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel

 

2014-12-14 09:58 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\SysWOW64\setup

 

2014-12-14 09:58 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\System32\setup

 

2014-12-14 09:58 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\System32\en-GB

 

2014-12-14 09:55 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\rescache

 

2014-12-13 19:06 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

 

2014-12-13 18:43 - 2014-05-18 07:36 - 00000000 ____D () C:\ProgramData\Trend Micro

 

2014-12-13 18:39 - 2014-05-18 07:32 - 00000000 ____D () C:\Users\Marc Smith\AppData\Local\Trend Micro

 

2014-12-13 18:27 - 2013-02-27 20:30 - 00000000 ____D () C:\Users\Marc Smith\AppData\Roaming\IDM

 

2014-12-13 15:46 - 2014-05-18 07:34 - 00000036 _____ () C:\Users\Marc Smith\AppData\Local\housecall.guid.cache

 

2014-12-13 11:51 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\System32\config\BBI

 

2014-12-13 11:48 - 2014-07-09 19:30 - 00000000 ___SD () C:\Windows\System32\CompatTel

 

2014-12-13 11:48 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\SysWOW64\en-GB

 

2014-12-13 11:48 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\System32\sr-Latn-RS

 

2014-12-13 11:48 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\System32\sr-Latn-CS

 

2014-12-13 06:46 - 2012-12-02 13:18 - 00000000 ____D () C:\ProgramData\Microsoft Help

 

2014-12-13 06:45 - 2013-07-13 20:59 - 00000000 ____D () C:\Windows\System32\MRT

 

2014-12-13 06:42 - 2012-12-19 15:46 - 112710672 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

 

2014-12-12 18:56 - 2014-06-21 19:02 - 00000000 ____D () C:\Users\Marc Smith\AppData\Local\Adobe

 

2014-12-12 17:29 - 2014-11-11 19:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

 

2014-12-12 17:29 - 2013-02-28 20:33 - 00000000 ____D () C:\Program Files (x86)\Java

 

2014-12-12 17:28 - 2013-09-04 16:48 - 00000000 ____D () C:\Windows\System32\appmgmt

 

2014-12-12 17:27 - 2013-04-16 19:36 - 00000000 ____D () C:\Users\Marc Smith\AppData\Roaming\uTorrent

 

2014-12-12 04:32 - 2013-02-27 18:17 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

 

2014-12-12 04:15 - 2013-09-30 04:20 - 00863592 _____ () C:\Windows\System32\PerfStringBackup.INI

 

2014-12-11 21:53 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\PolicyDefinitions

 

2014-12-09 04:11 - 2013-10-30 18:26 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D31CC511-8E23-44EF-90B1-A6D4B1A92345}

 

2014-12-07 19:32 - 2013-08-22 15:36 - 00000000 ___HD () C:\Windows\System32\GroupPolicy

 

2014-12-05 22:00 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\System32\sru

 

2014-12-03 04:30 - 2014-10-21 17:59 - 00000099 _____ () C:\Users\Public\LMDebug.log

 

2014-12-01 20:19 - 2013-09-16 21:45 - 00000000 ____D () C:\Users\Marc Smith\AppData\Roaming\vlc

 

 

==================== Known DLLs (Whitelisted) ================

 

 

 

==================== Bamital & volsnap Check =================

 

 

(There is no automatic fix for files that do not pass verification.)

 

 

C:\Windows\System32\winlogon.exe => MD5 is legit

 

C:\Windows\System32\wininit.exe => MD5 is legit

 

C:\Windows\explorer.exe

 

[2014-09-14 15:15] - [2014-08-23 07:48] - 2374784 ____A (Microsoft Corporation) ACDBE1ED38167C8B01B8F63161BB2CEA

 

 

C:\Windows\SysWOW64\explorer.exe

 

[2014-09-14 15:15] - [2014-08-23 07:13] - 2084520 ____A (Microsoft Corporation) 195822ACCDAA2B4815DD01BAFC335595

 

 

C:\Windows\System32\svchost.exe => MD5 is legit

 

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

 

C:\Windows\System32\services.exe => MD5 is legit

 

C:\Windows\System32\User32.dll

 

[2014-11-12 17:03] - [2014-09-22 04:38] - 1519488 ____A (Microsoft Corporation) F0A117D19873FCDF801F082F33BFBB6C

 

 

C:\Windows\SysWOW64\User32.dll

 

[2014-11-12 17:03] - [2014-09-19 00:16] - 1346048 ____A (Microsoft Corporation) 5F333FDBF392850373C89BDA31EBEC1B

 

 

C:\Windows\System32\userinit.exe => MD5 is legit

 

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

 

C:\Windows\System32\rpcss.dll => MD5 is legit

 

C:\Windows\System32\Drivers\volsnap.sys

 

[2014-09-14 15:14] - [2014-06-19 02:13] - 0310080 ___AC (Microsoft Corporation) 64CA2B4A49A8EAF495E435623ECCE7DB

 

 

 

==================== Restore Points  =========================

 

 

 

==================== Memory info ===========================

 

 

Percentage of memory in use: 16%

 

Total physical RAM: 4039.86 MB

 

Available physical RAM: 3368.66 MB

 

Total Pagefile: 4039.86 MB

 

Available Pagefile: 3390.7 MB

 

Total Virtual: 131072 MB

 

Available Virtual: 131071.88 MB

 

 

==================== Drives ================================

 

 

Drive c: () (Fixed) (Total:421.81 GB) (Free:41.73 GB) NTFS

 

Drive d: (RECOVERY) (Fixed) (Total:7.44 GB) (Free:7.16 GB) FAT32 ==>[System with boot components (obtained from reading drive)]

 

Drive e: (LENOVO) (Fixed) (Total:29 GB) (Free:26.5 GB) NTFS

 

Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS

 

Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

 

 

==================== MBR & Partition Table ==================

 

 

========================================================

 

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D5BD4D08)

 

Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)

 

Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS)

 

Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)

 

Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

 

 

========================================================

 

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7.5 GB) (Disk ID: 5DD4F4A0)

 

Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)

 

 

 

LastRegBack: 2014-12-17 08:36

 

 

==================== End Of Log ============================



#10 polskamachina

polskamachina

  • Malware Response Team
  • 3,911 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 PM

Posted 01 January 2015 - 02:06 PM

Hi marccpt :)

 

At this point in time, if you are still unable to boot to your desktop, I would suggest the following link. You will find directions there on how to perform an automatic Windows 8 repair.

 

Let me know if you have any questions.

 

polskamachina

 

 



#11 polskamachina

polskamachina

  • Malware Response Team
  • 3,911 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 PM

Posted 18 January 2015 - 01:41 PM

Hi marccpt :)

 

It's been a while since you've checked in. Did you need any more help with this? If not, this topic will be closed in 48 hours.
 
Please let me know if you have any questions.
 
polskamachina



#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,925 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:34 AM

Posted 21 January 2015 - 02:47 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users