Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random BSODs, trying to run roguekiller gives BSOD as well.


  • Please log in to reply
20 replies to this topic

#1 Kuro1n

Kuro1n

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 11 February 2015 - 07:39 PM

General information on the situation: Great amount of BSODs started today (few days ago I ran CCleaner, malwarebytes and hitman pro because I clicked a link that MIGHT have been bad (still very unsure as it seems a lot of other people clicked it without having any issues)), I have no idea why happens that I get maybe one BSOD every month or two. But today in the span of 2 hours I've had 5(!). Now if I wasn't dependant on my computer for work I might have been calmer about this and tried solving it myself but right now I am in half panic. I am not sure if it is malware related or not but I haven't really had a lot of problems with the computer before this (I've had it for almost 6 months now).
It started with me noticing my framerate was rather low after kicking back my chair and trying to relax in ESO this evening, figured it had something to do with my GPU since it wasn't using more than 20% (I was at 50FPS ingame while normally I get 100FPS), I started a video on youtube and suddenly my FPS was up to 100 again, no idea why but I will include it in case it has some importance. I was also in a Skype call with a friend of mine and had put the call on hold, as soon as I noticed the FPS going up again I resumed the call and got a BSOD instantly (could hear the last sound looping in the background while my face was blasted with the blue light from the monitor). First thing I did after boot was to check the event viewer which had given me a few messages, kernel-power (41), 6008 and then 4 lines of the same thing: 
 

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{22279AF5-03AE-4CAF-989D-2530918B2F1C}
 and APPID 
{0773CCD6-59A2-4D26-B235-19247767E645}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

ID: 10016

Few minutes later I get two other BSOD which tells me:
"Unable to produce a minidump file from the full dump file."
and
The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff8800165378e, 0xfffff88005e25b40, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .

After that I started checking around on the net on the issue, got some responses and then another event popped up:

The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

I checked out the CLSID as best I could but not sure if that tells me anything important, either way the file that it lead me to was:
"C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe"

Also found two other errors earlier today:
 

"The ScRegSetValueExW call failed for DeleteFlag with the following error: 
Access is denied."

Someone told me to run Roguekiller and when I did it took 3 red seconds then I had a BSOD, and everytime after that I have a BSOD trying to run it so I was freaking out a bit and decided to post here to get some more professional help with the issue I am facing as the way for me to fix problems in the past have been extensive reading coupled with google-fu which does not seems to be doing much good now.


Tech specs and other things:
Win 7 64bit

Asus Z97-A
i5 4690k - stock clock
16GB ram
Sapphire R9 290 Tri-X bios flashed to R9 290x (been working well so far but figured I'd mention it anyway.



EDIT: The BSOD message I get when running Roguekiller is this: irql_NOT_LESS_OR_EQUAL
Also haven't had any issues while just surfing the web and not doing anything special for the last 30 minutes.
EDIT2: As the CLSID was showing up as something related to realtek I will try to update my audio driver.


Edited by Kuro1n, 11 February 2015 - 07:47 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:40 PM

Posted 11 February 2015 - 09:23 PM

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points

Click Go and post the result.

p22002970.gif Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.



If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


How to get logs:
(Export log to save as txt)


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.



(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.


p22002970.gifDownload 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"


NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 Kuro1n

Kuro1n
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 11 February 2015 - 09:45 PM

 Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 2.0.3.1025  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Adobe Reader XI  
 Google Chrome (40.0.2214.111) 
 Google Chrome (40.0.2214.93) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 26% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 


#4 Kuro1n

Kuro1n
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 11 February 2015 - 09:46 PM

Farbar Service Scanner Version: 17-01-2015
Ran by Kuro3n (administrator) on 12-02-2015 at 03:46:27
Running from "C:\Users\Kuro3n\Desktop\Get bleep checked"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#5 Kuro1n

Kuro1n
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 11 February 2015 - 09:48 PM

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Kuro3n (administrator) on 12-02-2015 at 03:48:08
Running from "C:\Users\Kuro3n\Desktop\Get bleep checked"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
 
162.159.248.50 encyclopediadramatica.es
162.159.248.50 images.encyclopediadramatica.es
162.159.248.50 static.encyclopediadramatica.es
162.159.248.50 forum.encyclopediadramatica.es
 
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex)
Catalog9 02 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex)
Catalog9 03 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex)
Catalog9 04 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\WTFastDrv.dll [79464] (Initex)
x64-Catalog9 02 C:\Windows\System32\WTFastDrv.dll [79464] (Initex)
x64-Catalog9 03 C:\Windows\System32\WTFastDrv.dll [79464] (Initex)
x64-Catalog9 04 C:\Windows\System32\WTFastDrv.dll [79464] (Initex)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 15 C:\Windows\System32\WTFastDrv.dll [79464] (Initex)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (02/12/2015 03:21:14 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/12/2015 02:11:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/12/2015 02:08:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/12/2015 01:11:50 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (02/12/2015 01:02:04 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/12/2015 00:59:29 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/11/2015 11:20:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/11/2015 11:59:35 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/11/2015 04:05:21 AM) (Source: Application Error) (User: )
Description: Faulting application name: googledrivesync.exe, version: 1.19.8406.6504, time stamp: 0x509418e4
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba58
Exception code: 0xc0000005
Fault offset: 0x0002e39e
Faulting process id: 0x1ec8
Faulting application start time: 0xgoogledrivesync.exe0
Faulting application path: googledrivesync.exe1
Faulting module path: googledrivesync.exe2
Report Id: googledrivesync.exe3
 
Error: (02/11/2015 03:24:36 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073418154
 
 
System errors:
=============
Error: (02/12/2015 03:21:02 AM) (Source: BugCheck) (User: )
Description: 0x0000000a (0xfffff88000961008, 0x0000000000000002, 0x0000000000000001, 0xfffff80003248421)C:\Windows\MEMORY.DMP
 
Error: (02/12/2015 03:21:02 AM) (Source: BugCheck) (User: )
Description: 
 
Error: (02/12/2015 03:21:02 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (02/12/2015 03:21:02 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (02/12/2015 03:21:01 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:20:13 AM on ‎2/‎12/‎2015 was unexpected.
 
Error: (02/12/2015 02:07:52 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (02/12/2015 01:01:49 AM) (Source: BugCheck) (User: )
Description: 0x0000000a (0xfffff88000961008, 0x0000000000000002, 0x0000000000000001, 0xfffff8000322e421)C:\Windows\MEMORY.DMP
 
Error: (02/12/2015 01:01:49 AM) (Source: BugCheck) (User: )
Description: 
 
Error: (02/12/2015 01:01:48 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (02/12/2015 01:01:48 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (02/12/2015 03:21:14 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/12/2015 02:11:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/12/2015 02:08:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/12/2015 01:11:50 AM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (02/12/2015 01:02:04 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/12/2015 00:59:29 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/11/2015 11:20:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/11/2015 11:59:35 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/11/2015 04:05:21 AM) (Source: Application Error)(User: )
Description: googledrivesync.exe1.19.8406.6504509418e4ntdll.dll6.1.7601.175144ce7ba58c00000050002e39e1ec801d03fc463548492C:\Program Files (x86)\Google\Drive\googledrivesync.exeC:\Windows\SysWOW64\ntdll.dlld0472d1b-b19a-11e4-aba0-10c37b6af10b
 
Error: (02/11/2015 03:24:36 AM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073418154
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-02-12 03:33:07.204
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-12 03:21:09.058
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-12 02:11:17.708
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-12 02:10:18.831
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-12 01:42:58.550
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-12 01:37:37.148
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-12 01:09:57.898
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-12 01:01:54.452
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-12 00:59:19.262
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-12 00:50:29.293
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
 
 
=========================== Installed Programs ============================
3DMark Vantage (HKLM-x32\...\{C40C3C3D-97CF-44B5-836C-766E374464B3}) (Version: 1.1.3 - Futuremark)
ACP Application (Version: 2.15.10.0003 - Advanced Micro Devices, Inc.) Hidden
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.0.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Refresh Manager (x32 Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Accelerated Video Transcoding (Version: 13.30.100.41120 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.1120.2123.38423 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
AMDProductVerification (HKCU\...\4ecb547ba21a923a) (Version: 1.0.25.99 - AMDProductVerification)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 1.0.59.0 - Autodesk)
Autodesk DirectConnect 2015 64-bit (HKLM\...\Autodesk DirectConnect 2015 64-bit) (Version: 9.0.56.4 - Autodesk)
Autodesk DirectConnect 2015 64-bit (Version: 9.0.56.4 - Autodesk) Hidden
Autodesk Maya 2015 (HKLM\...\Autodesk Maya 2015) (Version: 15.0.1335.0 - Autodesk)
Autodesk Maya 2015 (Version: 15.0.1335.0 - Autodesk) Hidden
BankID Security Application (HKLM-x32\...\{4B2557F9-8C03-4BE7-9984-4DE525076580}) (Version: 6.0.1.5 - Finansiell ID-Teknik BID AB)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.1120.2123.38423 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.1120.2123.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Combined Community Codec Pack 2014-04-20 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.04.20.0 - CCCP Project)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID ASUS CPU-Z 1.69 (HKLM\...\CPUID ASUS CPU-Z_is1) (Version: 1.69 - CPUID, Inc.)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DaumGame Starter (HKLM\...\DaumGame Starter_is1) (Version: 1.0.0.1 - DaumGame)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version:  - Stunlock Studios)
Deluge 1.3.6 (HKLM-x32\...\Deluge) (Version:  - )
Dizzel (HKLM-x32\...\Steam App 315640) (Version:  - NSStudio)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dxtory version 2.0.127 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.127 - ExKode Co. Ltd.)
E.Y.E: Divine Cybermancy (HKLM-x32\...\Steam App 91700) (Version:  - Streum On Studio)
EVE Online (remove only) (HKLM-x32\...\EVE) (Version:  - CCP Games Ltd.)
EVEMon (HKLM-x32\...\EVEMon) (Version: 1.8.9 - battleclinic.com)
Evolve (HKLM-x32\...\Steam App 273350) (Version:  - Turtle Rock Studios)
File Type Advisor 1.6 (HKLM-x32\...\File Type Advisor_is1) (Version:  - )
foobar2000 v1.3.7 (HKLM-x32\...\foobar2000) (Version: 1.3.7 - Peter Pawlowski)
Free M4a to MP3 Converter 8.3 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Futuremark SystemInfo (HKLM-x32\...\{032DC00A-51D1-4D28-BFB7-1D0E85291E11}) (Version: 4.25.366 - Futuremark)
Gear Up (HKLM-x32\...\Steam App 214420) (Version:  - Doctor Entertainment AB)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hammerwatch (HKLM-x32\...\Steam App 239070) (Version:  - Crackshell)
Handplane v1.4.1 64-bit (HKLM\...\{E366987B-81BB-4611-8BA1-4223E88469C1}) (Version: 1.4.1 - Handplane3D LLC)
headus UVLayout v2 Professional (HKLM-x32\...\{A1086DA0-903E-4DEA-A83F-6317923CC63D}) (Version: 2.08.00 - headus)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)
HexChat (HKLM\...\HexChat_is1) (Version: 2.10.1 - HexChat)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel® Chipset Device Software (Version: 10.0.14 - Intel Corporation) Hidden
Intel® Chipset Device Software (x32 Version: 10.0.14 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Management Engine Components (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (Version: 10.0.0.1204 - Intel Corporation) Hidden
Intel® Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel® Network Connections 19.1.51.0 (Version: 19.1.51.0 - Intel) Hidden
Intel® Trusted Connect Service Client (Version: 1.35.127.1 - Intel Corporation) Hidden
iSpy (64 bit) (HKLM\...\{1976D6D8-6534-4742-97BE-D1D79A4FFF6D}) (Version: 6.2.4 - iSpy)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.25.18 - Oracle Corporation) Hidden
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Lineage II (HKLM-x32\...\{21040472-F8DF-48A9-A093-2986C1495670}) (Version: 170.0.0 - NCsoft)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.154 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Marmoset Toolbag 2 (HKLM-x32\...\MSET_Toolbag) (Version:  - Marmoset LLC)
mental ray renderer for Autodesk Maya 2015 (HKLM\...\{BDF821F0-D64C-421D-0052-A9B995B20873}) (Version: 15.0.1335.0 - mental ray)
MeshLab_64b 1.3.3 (HKLM-x32\...\MeshLab_64b) (Version: 1.3.3 - Paolo Cignoni - Guido Ranzuglia VCG - ISTI - CNR)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Minimum (HKLM-x32\...\Steam App 214190) (Version:  - Human Head Studios)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
MP3 Skype recorder (HKLM-x32\...\{D869DEBB-62C7-4227-9B7D-ACDBB02CC51A}) (Version: 4.5.1.0 - Alexander Nikiforov)
Nosgoth (HKLM-x32\...\Steam App 200110) (Version: 141106.96623 - Square Enix Ltd)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
Oculus Display Driver (Install Only) (HKLM\...\{A1AF4F46-D551-48F3-BD23-133E6DE29383}) (Version: 1.0.24.0 - Oculus Inc.)
Oculus Positional Tracker Driver (Install Only) (HKLM\...\{9A7E8F81-C292-4587-9D53-52782BABB510}) (Version: 0.0.1.6 - Oculus Inc.)
Oculus Runtime (HKLM-x32\...\Oculus Runtime 0.4.1 Rev 1) (Version: 0.4.1 Rev 1 - Oculus Inc.)
Oculus VR SDK version 0.3 (HKLM-x32\...\2760A729-91CC-4B1B-B7F6-451DA90C5FC6_is1) (Version: 0.3 - Oculus VR)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenRL Runtime 1.3.1000.14 x64 (HKLM\...\{250C8D22-1757-11E3-818E-1803734DBB4F}) (Version: 1.3.1000.14 - Caustic Graphics, Inc.)
ORION: Prelude (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Quake Live (HKLM-x32\...\Steam App 282440) (Version:  - id Software)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7344 - Realtek Semiconductor Corp.)
Reflex (HKLM-x32\...\Steam App 328070) (Version:  - Turbo Pixel Studios)
RescueTime 2.9.5.1165 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version:  - RescueTime.com)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
Sapphire TRIXX (HKLM-x32\...\Sapphire TRIXX) (Version:  - )
SharpKeys (HKLM-x32\...\{636E94DA-99C0-448F-A931-3DAD83B4975F}) (Version: 3.5.0000 - RandyRants.com)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SlimDX SDK (January 2012) (HKLM-x32\...\{8472BE38-4100-44EB-96D5-6B0D936EE1C6}) (Version: 2.0.13.43 - SlimDX Group)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2298.3 - Hi-Rez Studios)
SpeedTree for Unreal Engine 4 Subscription version 7.0.7 (HKLM\...\{20F180DA-2BAF-4D84-BE0C-70F0DB1DABB7}_is1) (Version: 7.0.7 - )
Spotify (HKCU\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Sublime Text Build 3059 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
Toastify (HKLM-x32\...\Toastify) (Version: 1.6 - Jesper Palm)
TopoGun 2 W64 (HKLM-x32\...\TopoGun2 W64) (Version: 2 W64 - SC PIXELMACHINE SRL)
Trine 2 (HKLM-x32\...\Steam App 35720) (Version:  - Frozenbyte)
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Unreal Engine (HKLM\...\{5484E0B8-7450-47B3-849F-C95FB6D38303}) (Version: 1.1.7.0 - Epic Games, Inc.)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.8-4 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WTFast 3.2 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 3.2.12.259 - Initex & AAA Internet Publishing)
x264vfw - H.264/MPEG-4 AVC codec for x64 (remove only) (HKLM-x32\...\x264vfw64) (Version:  - )
xNormal 3.18.10 (HKLM\...\xNormal 3.18.10) (Version:  - Santiago Orgaz)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
ZBrush 4R6 (HKLM-x32\...\ZBrush 4R6 4R6) (Version: 4R6 - Pixologic)
???? ????? (HKLM-x32\...\???? Final Test_is1) (Version:  - Daum Games)
 
========================= Devices: ================================
 
Name: 
Description: 
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 21%
Total physical RAM: 16327.09 MB
Available physical RAM: 12865.08 MB
Total Pagefile: 20421.29 MB
Available Pagefile: 16409.84 MB
Total Virtual: 4095.88 MB
Available Virtual: 3977.63 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:111.69 GB) (Free:48.56 GB) NTFS
2 Drive d: (Deg) (Fixed) (Total:1862.89 GB) (Free:330.18 GB) NTFS
3 Drive e: () (Fixed) (Total:465.76 GB) (Free:133.37 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\ZANS
 
Administrator            Guest                    Kuro3n                   
 
========================= Restore Points ==================================
 
30-01-2015 02:15:35 Scheduled Checkpoint
06-02-2015 03:50:47 Scheduled Checkpoint
10-02-2015 23:44:06 Checkpoint by HitmanPro
10-02-2015 23:44:28 Checkpoint by HitmanPro
11-02-2015 22:23:43 Installed Microsoft Fix it 50688
11-02-2015 23:58:21 Restore Operation
 
**** End of log ****


#6 Kuro1n

Kuro1n
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 11 February 2015 - 09:54 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/12/2015
Scan Time: 3:49:56 AM
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.12.01
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kuro3n
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 367279
Time Elapsed: 2 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#7 Kuro1n

Kuro1n
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 11 February 2015 - 09:59 PM

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org
 
Database version:
  main:    v2015.02.12.01
  rootkit: v2015.02.03.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Kuro3n :: ZANS [administrator]
 
2/12/2015 3:55:30 AM
mbar-log-2015-02-12 (03-55-30).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 370575
Time elapsed: 3 minute(s), 2 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 8.0.7601.17514
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.500000 GHz
Memory total: 17120190464, free: 13311291392
 
Downloaded database version: v2015.02.12.01
Downloaded database version: v2015.02.03.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
     02/12/2015 03:55:26
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\RiftEnabler.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\SysWow64\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\TeeDriverx64.sys
\SystemRoot\system32\DRIVERS\e1d62x64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\DRIVERS\ScpVBus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\wachidrouter.sys
\SystemRoot\system32\DRIVERS\hidkmdf.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\wacomrouterfilter.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\LGSHidFilt.Sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\amdacpksd.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\LGVirHid.sys
\??\D:\Programs\PeerBlock\pbfilter.sys
\??\C:\Users\Kuro3n\AppData\Local\Temp\TRIXX.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2015.02.12.01
  rootkit: v2015.02.03.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800d296060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d296b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d296060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cffd060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800d295060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d295b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d295060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800d027060, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 1854724878
    GPT Header CurrentLba = 1 BackupLba 3907029167
    GPT Header FirstUsableLba 34  LastUsableLba 3907029134
    GPT Header Guid e49a13cd-c6b8-43c0-843b-db5f2f966983
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 1854724878
    Backup GPT header CurrentLba = 3907029167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 3907029134
    Backup GPT header Guid e49a13cd-c6b8-43c0-843b-db5f2f966983
    Backup GPT header Contains 128 partition entries starting at LBA 3907029135
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID a437a5cc-da29-4daa-977e-fa792d9a7a65
    FirstLBA 34  Last LBA 262177
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 399599a0-cdeb-4a39-a819-609eed925843
    FirstLBA 264192  Last LBA 3907028991
    Attributes 0
    Partition Name                 Basic data partition
 
Disk Size: 2000398934016 bytes
Sector size: 512 bytes
 
Done!
Drive 1
This is a System drive
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: FAC4954A
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 234231808
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 120034123776 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa800d297060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d297ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d297060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800d002060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 920BEAD4
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 976766976
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removal finished
 


#8 Kuro1n

Kuro1n
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 11 February 2015 - 10:01 PM

Rkill 2.7.0 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 02/12/2015 04:00:17 AM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  162.159.248.50 encyclopediadramatica.es
  162.159.248.50 images.encyclopediadramatica.es
  162.159.248.50 static.encyclopediadramatica.es
  162.159.248.50 forum.encyclopediadramatica.es
 
Program finished at: 02/12/2015 04:00:22 AM
Execution time: 0 hours(s), 0 minute(s), and 5 seconds(s)


#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:40 PM

Posted 11 February 2015 - 10:11 PM

Clean so far...

 

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

p22002970.gif Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


p22002970.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


p22002970.gif Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#10 Kuro1n

Kuro1n
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 11 February 2015 - 10:28 PM

# AdwCleaner v4.110 - Logfile created 12/02/2015 at 04:26:42
# Updated 05/02/2015 by Xplode
# Database : 2015-02-09.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Kuro3n - ZANS
# Running from : C:\Users\Kuro3n\Desktop\Get bleep checked\adwcleaner_4.110.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Kuro3n\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Kuro3n\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm
File Deleted : C:\Users\Kuro3n\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\Kuro3n\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Deleted : C:\Users\Kuro3n\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\Kuro3n\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
File Deleted : C:\Users\Kuro3n\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.7601.17514
 
 
-\\ Google Chrome v40.0.2214.111
 
 
*************************
 
AdwCleaner[R0].txt - [1635 bytes] - [12/02/2015 04:25:46]
AdwCleaner[S0].txt - [1576 bytes] - [12/02/2015 04:26:42]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1635  bytes] ##########


#11 Kuro1n

Kuro1n
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 11 February 2015 - 10:30 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Ultimate x64
Ran by Kuro3n on Thu 02/12/2015 at  4:28:52.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/12/2015 at  4:30:22.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#12 Kuro1n

Kuro1n
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 11 February 2015 - 10:47 PM

Running the last test right now but as it's not going especially fast and time is 4:46am I am going to bed, will post the results tomorrow. Thanks for the help so far. :)



#13 Kuro1n

Kuro1n
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 12 February 2015 - 06:35 AM

2015-02-12 03:31:57.548 Sophos Virus Removal Tool version 2.5.4
2015-02-12 03:31:57.548 Copyright © 2009-2014 Sophos Limited. All rights reserved.
 
2015-02-12 03:31:57.548 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
 
2015-02-12 03:31:57.548 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2015-02-12 03:31:57.548 Checking for updates...
2015-02-12 03:32:00.118 Update progress: proxy server not available
2015-02-12 03:32:02.316 Option all = no
2015-02-12 03:32:02.316 Option recurse = yes
2015-02-12 03:32:02.316 Option archive = no
2015-02-12 03:32:02.316 Option service = yes
2015-02-12 03:32:02.316 Option confirm = yes
2015-02-12 03:32:02.316 Option sxl = yes
2015-02-12 03:32:02.317 Option max-data-age = 35
2015-02-12 03:32:02.317 Option EnableSafeClean = yes
2015-02-12 03:32:03.373 Option vdl-logging = yes
2015-02-12 03:32:03.374 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-02-12 03:32:03.374 Machine ID: f1e9a695968b40dabceba612232ed40d
2015-02-12 03:32:03.374 Component SVRTcli.exe version 2.5.4
2015-02-12 03:32:03.374 Component control.dll version 2.5.4
2015-02-12 03:32:03.374 Component SVRTservice.exe version 2.5.4
2015-02-12 03:32:03.374 Component engine\osdp.dll version 1.44.1.2183
2015-02-12 03:32:03.374 Component engine\veex.dll version 3.58.3.2183
2015-02-12 03:32:03.374 Component engine\savi.dll version 8.1.5.2183
2015-02-12 03:32:03.374 Component rkdisk.dll version 1.5.30.0
2015-02-12 03:32:03.374 Version info: Product version 2.5.4
2015-02-12 03:32:03.375 Version info: Detection engine 3.58.3
2015-02-12 03:32:03.375 Version info: Detection data 5.11
2015-02-12 03:32:03.375 Version info: Build date 2/3/2015
2015-02-12 03:32:03.375 Version info: Data files added 214
2015-02-12 03:32:03.375 Version info: Last successful update (not yet updated)
2015-02-12 03:32:13.317 Downloading updates...
2015-02-12 03:32:13.319 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2015-02-12 03:32:13.319 Update progress: [I49502] Found supplement SAVIW32 LATEST 
2015-02-12 03:32:13.319 Update progress: [I49502] Found supplement IDE512 LATEST 
2015-02-12 03:32:13.319 Update progress: [I49502] Found supplement IDE513 LATEST 
2015-02-12 03:32:13.319 Update progress: [I49502] Found supplement IDE514 LATEST 
2015-02-12 03:32:13.319 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-02-12 03:32:13.319 Update progress: [I19463] Syncing product SAVIW32 51
2015-02-12 03:32:13.817 Update progress: [I19463] Syncing product IDE512 166
2015-02-12 03:32:13.867 Installing updates...
2015-02-12 03:32:14.468 Error level 1
2015-02-12 03:32:14.476 Update progress: [I19463] Syncing product IDE513 52
2015-02-12 03:32:14.476 Update progress: [I19463] Syncing product IDE514 1
2015-02-12 03:32:16.183 Update successful
2015-02-12 03:32:20.354 Option all = no
2015-02-12 03:32:20.354 Option recurse = yes
2015-02-12 03:32:20.354 Option archive = no
2015-02-12 03:32:20.354 Option service = yes
2015-02-12 03:32:20.354 Option confirm = yes
2015-02-12 03:32:20.354 Option sxl = yes
2015-02-12 03:32:20.355 Option max-data-age = 35
2015-02-12 03:32:20.355 Option EnableSafeClean = yes
2015-02-12 03:32:20.384 Option vdl-logging = yes
2015-02-12 03:32:20.385 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-02-12 03:32:20.385 Machine ID: f1e9a695968b40dabceba612232ed40d
2015-02-12 03:32:20.385 Component SVRTcli.exe version 2.5.4
2015-02-12 03:32:20.385 Component control.dll version 2.5.4
2015-02-12 03:32:20.386 Component SVRTservice.exe version 2.5.4
2015-02-12 03:32:20.386 Component engine\osdp.dll version 1.44.1.2183
2015-02-12 03:32:20.386 Component engine\veex.dll version 3.58.3.2183
2015-02-12 03:32:20.386 Component engine\savi.dll version 8.1.5.2183
2015-02-12 03:32:20.386 Component rkdisk.dll version 1.5.30.0
2015-02-12 03:32:20.386 Version info: Product version 2.5.4
2015-02-12 03:32:20.386 Version info: Detection engine 3.58.3
2015-02-12 03:32:20.386 Version info: Detection data 5.11G
2015-02-12 03:32:20.386 Version info: Build date 2/3/2015
2015-02-12 03:32:20.386 Version info: Data files added 214
2015-02-12 03:32:20.386 Version info: Last successful update 2/12/2015 4:32:16 AM
 
2015-02-12 03:46:19.880 Could not open C:\hiberfil.sys
2015-02-12 03:47:57.668 Could not open C:\ProgramData\Autodesk\SDS\SecureDataStorage.sds\LOCK
2015-02-12 03:47:59.001 Could not open C:\System Volume Information\{05eca58a-b267-11e4-97fd-10c37b6af10b}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-02-12 03:47:59.001 Could not open C:\System Volume Information\{2650d969-b23c-11e4-b0ec-10c37b6af10b}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-02-12 03:47:59.001 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-02-12 03:47:59.001 Could not open C:\System Volume Information\{5ceef900-ab27-11e4-aba0-10c37b6af10b}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-02-12 03:47:59.001 Could not open C:\System Volume Information\{5ceefdfd-ab27-11e4-aba0-10c37b6af10b}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-02-12 03:47:59.001 Could not open C:\System Volume Information\{5ceefe01-ab27-11e4-aba0-10c37b6af10b}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-02-12 03:47:59.002 Could not open C:\System Volume Information\{9e16df30-a16e-11e4-b6ad-10c37b6af10b}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-02-12 03:47:59.002 Could not open C:\System Volume Information\{bac13925-b248-11e4-b187-10c37b6af10b}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-02-12 03:48:03.665 Could not open C:\Users\Kuro3n\AppData\Local\Google\Chrome\User Data\Default\Current Session
2015-02-12 03:48:03.665 Could not open C:\Users\Kuro3n\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2015-02-12 03:48:03.676 Could not check C:\Users\Kuro3n\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK (virus scan failed)
2015-02-12 03:48:03.679 Could not check C:\Users\Kuro3n\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
2015-02-12 03:48:05.544 Could not check C:\Users\Kuro3n\AppData\Local\Google\Chrome\User Data\Default\GCM Store\LOCK (virus scan failed)
2015-02-12 03:48:05.656 Could not check C:\Users\Kuro3n\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\LOCK (virus scan failed)
2015-02-12 03:48:05.703 Could not check C:\Users\Kuro3n\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dhdgffkkebhmkfjojejmpbldmpobfkfo\LOCK (virus scan failed)
2015-02-12 03:48:05.705 Could not check C:\Users\Kuro3n\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
2015-02-12 03:48:06.394 Could not check C:\Users\Kuro3n\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
2015-02-12 03:48:06.399 Could not check C:\Users\Kuro3n\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\laankejkbhbdhmipfmgcngdelahlfoji\LOCK (virus scan failed)
2015-02-12 03:48:07.398 Could not check C:\Users\Kuro3n\AppData\Local\Google\Drive\lockfile (virus scan failed)
2015-02-12 03:48:07.400 Could not check C:\Users\Kuro3n\AppData\Local\Google\Drive\user_default\lockfile (virus scan failed)
2015-02-12 03:49:56.109 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-02-12 03:49:56.110 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-02-12 03:49:56.570 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-02-12 03:49:56.570 Could not open C:\Windows\System32\config\RegBack\SAM
2015-02-12 03:49:56.570 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-02-12 03:49:56.571 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-02-12 03:49:56.571 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-02-12 03:58:57.529 >>> Virus 'Troj/Agent-AEEN' found in file D:\Downloads\=== Apps and executables ===\Adobe Flash Pro CC 13.1.0.226 (64 bit) Multilanguage [ChingLiu]\crack\Adobe.CC.Anticloud.exe
2015-02-12 03:58:57.530 >>> Virus 'Troj/Agent-AEEN' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2015-02-12 03:58:57.530 >>> Virus 'Troj/Agent-AEEN' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2015-02-12 03:58:57.530 >>> Virus 'Troj/Agent-AEEN' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-02-12 03:58:57.530 >>> Virus 'Troj/Agent-AEEN' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-02-12 03:59:24.193 >>> Virus 'Mal/Generic-L' found in file D:\Downloads\=== Apps and executables ===\AUTODESK.MAYA.V2015.WIN64-ISO[rarbg]\Crack\xf-adsk2015_x64.exe
2015-02-12 03:59:24.194 >>> Virus 'Mal/Generic-L' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2015-02-12 03:59:24.194 >>> Virus 'Mal/Generic-L' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2015-02-12 03:59:24.194 >>> Virus 'Mal/Generic-L' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-02-12 03:59:24.194 >>> Virus 'Mal/Generic-L' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-02-12 04:26:50.063 Could not open E:\Desktop moved\Kuro2n\Desktop stuff\nova colt ping\0pingnova.dll
2015-02-12 04:26:50.064 Could not open E:\Desktop moved\Kuro2n\Desktop stuff\nova colt ping\ACDontop.exe
2015-02-12 04:26:50.069 Could not open E:\Desktop moved\Kuro2n\Desktop stuff\nova colt ping\BlueVersion.dll
2015-02-12 04:26:50.087 Could not open E:\Desktop moved\Kuro2n\Desktop stuff\nova colt ping\magic chain\ACDontop.exe
2015-02-12 04:26:50.088 Could not open E:\Desktop moved\Kuro2n\Desktop stuff\nova colt ping\magic chain\BlueVersion.dll
2015-02-12 04:26:50.099 Could not open E:\Desktop moved\Kuro2n\Desktop stuff\nova colt ping\RedVersion1.1.dll
2015-02-12 04:38:59.159 The following items will be cleaned up:
2015-02-12 04:38:59.159 Troj/Agent-AEEN
2015-02-12 04:38:59.159 Mal/Generic-L


#14 Kuro1n

Kuro1n
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 12 February 2015 - 07:30 AM

Still getting that same BSOD when trying to run Roguekiller.



#15 Kuro1n

Kuro1n
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 12 February 2015 - 07:53 AM

Okay I managed to run Roguekiller without having a BSOD! It was related to the Realtek drivers actually, I had my audiomanager set up to running stereo, as soon as I swapped speakers to 5.1 and enabled DTS Connect it worked. I really do not understand this but at least that is one less BSOD, still would be great to have you help me figure out if there is something infecting my computer as something actually did pop up on that last scan. :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users