Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible boot sector virus, requesting help.-sent here from malware forum


  • This topic is locked This topic is locked
17 replies to this topic

#1 jackmeat

jackmeat

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 05 March 2015 - 03:44 PM


First off, I will say I am a long time lurker of this site, and a Technical Specialist that will admit to often finding answers here to things I just could not figure out. So at this point, for the first time, I am going to ask for your help.
 
Here is my situation. I have a 500gb seagate 2.5 inch drive that I was using for movie storage, that is it, no OS or executables ever on it. It was loaded in a USB dock via 3.0 without issue. Well, 2 days ago, one partition went to RAW data which I have dealt with (users pulling drives out while they are in use) so I figured I may have done just that. I let it be until next reboot and then it was gone. Under disk management it shows up, but asks to be initialized. Attempting that does not work, as it gives the error "requested operation could not be performed due to an I/O error" Well, now I am slightly stuck until I figured out this little bit, going into diskpart and listing volumes, the computer believes the HD to be a DVDRom drive, which is most likely why I can't scan it, initialize it, and Minitool Partition Wizard shows it as 0kb and status bad disk. The only thing I can think is a boot sector virus, but I can't really scan it, and don't have another drive exactly the same to swap controllers with as well. which do you think would work, a different 500gb drive that is not seagate, or a different seagate drive that isn't 500gb? LOL those are my options for a controller swap. It shows the same on multiple computers and also in the fun of this, the dock itself no longer works (hardware failure) so it is currently in a desktop.
 
Any help or thoughts would be much appreciated. If more info is required please let me know.


Here are the requested logs

 

Attached Files


Edited by hamluis, 05 March 2015 - 04:05 PM.
Moved from Internal Hardware to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 AM

Posted 10 March 2015 - 03:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/569191 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:46 AM

Posted 18 March 2015 - 09:11 AM

Greetings jackmeat and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

I apologize for the extended delay. Do you still need assistance?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 jackmeat

jackmeat
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 18 March 2015 - 05:12 PM

Yes I would still need assistance. And you can feel free to call me Justin, since it is my birthname.



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:46 AM

Posted 18 March 2015 - 05:18 PM

Thanks Justin. Could you post a fresh FRST.txt and Addition.txt report.

I will be away from my computer for a couple hours or so but will check back in upon my return.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 jackmeat

jackmeat
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 18 March 2015 - 07:23 PM

Here are the requested scans and a sceenshot of what windows management has to say.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015 (ATTENTION: ====> FRST version is 15 days old and could be outdated)
Ran by Bec (administrator) on BEC-PC on 19-03-2015 11:10:59
Running from C:\Users\Public\Downloads
Loaded Profiles: Bec (Available profiles: Bec)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Codebox Software) C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe
(Codebox Software) C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Black Oak Computers, Inc.) C:\Program Files\StrongVPN\StrongService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-08] (Elaborate Bytes AG)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKU\S-1-5-21-4117453120-3678163071-2760984869-1000\...\Run: [BitTorrent] => C:\Users\Bec\AppData\Roaming\BitTorrent\BitTorrent.exe [1376600 2015-01-22] (BitTorrent Inc.)
HKU\S-1-5-21-4117453120-3678163071-2760984869-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [878592 2010-11-21] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4117453120-3678163071-2760984869-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4117453120-3678163071-2760984869-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4117453120-3678163071-2760984869-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Bec\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)

Chrome:
=======
CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "hxxp://facebook.com/"
CHR Profile: C:\Users\Bec\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Bec\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-22]
CHR Extension: (YouTube) - C:\Users\Bec\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-22]
CHR Extension: (Google Search) - C:\Users\Bec\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Bec\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Bec\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-22]
CHR Extension: (Gmail) - C:\Users\Bec\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-22]
CHR HKU\S-1-5-21-4117453120-3678163071-2760984869-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - http://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BitMeterCaptureService; C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe [99037 2012-03-04] (Codebox Software) [File not signed]
R2 BitMeterWebService; C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe [148484 2012-03-04] (Codebox Software) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [762192 2013-07-18] (Nero AG)
R2 StrongVPN Service; C:\Program Files\StrongVPN\StrongService.exe [101560 2015-01-23] (Black Oak Computers, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-26] (CACE Technologies, Inc.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
R3 tapstrong; C:\Windows\System32\DRIVERS\tapstrong.sys [32872 2014-07-14] (The OpenVPN Project)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [26824 2014-08-04] (CyberLink Corp.)
S3 catchme; \??\C:\Users\Bec\AppData\Local\Temp\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-19 11:10 - 2015-03-19 11:11 - 00010734 _____ () C:\Users\Public\Downloads\FRST.txt
2015-03-19 11:08 - 2015-03-19 11:11 - 00000000 ____D () C:\FRST
2015-03-19 09:27 - 2015-03-06 07:51 - 01132544 _____ (Farbar) C:\Users\Public\Downloads\FRST.exe
2015-03-14 13:33 - 2015-03-14 13:33 - 00000000 ____D () C:\Users\Bec\Documents\Ashampoo Burning Studio 12
2015-03-13 13:41 - 2015-03-13 13:41 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Bec\Downloads\tdsskiller.exe
2015-03-13 12:57 - 2015-03-13 12:59 - 00000082 _____ () C:\Windows\system32\winsevr.dat
2015-03-13 12:47 - 2015-03-13 12:48 - 20084288 _____ (AOMEI Technology Co., Ltd. ) C:\Users\Bec\Downloads\Backupper.exe
2015-03-13 12:34 - 2015-03-13 12:58 - 00001024 ____H () C:\SYSTAG.BIN
2015-03-13 12:34 - 2015-03-13 12:58 - 00000000 ____D () C:\ProgramData\AomeiBR
2015-03-13 12:33 - 2013-07-31 18:01 - 00129720 _____ () C:\Windows\system32\ammntdrv.sys
2015-03-13 12:33 - 2013-07-31 18:01 - 00026424 _____ () C:\Windows\system32\ambakdrv.sys
2015-03-13 12:33 - 2013-07-31 18:01 - 00014392 _____ () C:\Windows\system32\amwrtdrv.sys
2015-03-13 11:14 - 2015-03-13 11:14 - 00027561 _____ () C:\ComboFix.txt
2015-03-13 10:58 - 2015-03-13 11:14 - 00000000 ____D () C:\Qoobox
2015-03-13 10:58 - 2015-03-13 11:13 - 00000000 ____D () C:\Windows\erdnt
2015-03-13 10:58 - 2011-06-26 17:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-13 10:58 - 2010-11-08 04:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-13 10:58 - 2009-04-20 15:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-13 10:58 - 2000-08-31 11:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-13 10:58 - 2000-08-31 11:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-13 10:58 - 2000-08-31 11:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-13 10:58 - 2000-08-31 11:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-13 10:58 - 2000-08-31 11:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-12 13:04 - 2015-03-12 13:04 - 00000000 ____D () C:\Users\Bec\AppData\Roaming\WinRAR
2015-03-12 13:03 - 2015-03-12 13:03 - 00000000 ____D () C:\Users\Bec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-12 13:03 - 2015-03-12 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-12 13:03 - 2015-03-12 13:03 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-12 13:02 - 2015-03-12 13:02 - 00000000 ____D () C:\Users\Public\Downloads\WinRAR 5.10 Final (32 - 64 Bit) Incl Key - SceneDL
2015-03-11 11:50 - 2015-02-26 14:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 11:50 - 2015-02-24 13:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 11:50 - 2015-02-21 11:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 11:50 - 2015-02-21 11:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 11:50 - 2015-02-21 11:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 11:50 - 2015-02-21 11:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 11:50 - 2015-02-21 10:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 11:50 - 2015-02-20 13:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 11:50 - 2015-02-20 13:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 11:50 - 2015-02-20 13:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 11:50 - 2015-02-20 13:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 11:50 - 2015-02-20 13:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 11:50 - 2015-02-20 13:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 11:50 - 2015-02-20 13:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 11:50 - 2015-02-20 13:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 11:50 - 2015-02-20 13:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 11:50 - 2015-02-20 12:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 11:50 - 2015-02-20 12:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 11:50 - 2015-02-20 12:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 11:50 - 2015-02-20 12:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 11:50 - 2015-02-20 12:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 11:50 - 2015-02-20 12:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 11:50 - 2015-02-20 12:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 11:50 - 2015-02-20 12:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 11:50 - 2015-02-20 12:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 11:50 - 2015-02-20 12:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 11:50 - 2015-02-20 12:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 11:50 - 2015-02-20 12:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 11:50 - 2015-02-20 12:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 11:50 - 2015-02-20 11:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 11:50 - 2015-02-20 11:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 11:50 - 2015-02-13 16:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 11:50 - 2015-02-03 14:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 11:50 - 2015-01-31 14:32 - 00919552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 11:50 - 2015-01-31 13:52 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 11:50 - 2015-01-31 13:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-11 11:50 - 2015-01-17 13:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 11:49 - 2015-03-06 16:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 11:49 - 2015-03-06 16:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 11:49 - 2015-03-06 16:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 11:49 - 2015-03-06 16:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 11:49 - 2015-03-06 16:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 11:49 - 2015-03-06 16:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 11:49 - 2015-03-06 16:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 11:49 - 2015-03-06 16:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 11:49 - 2015-03-06 16:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 11:49 - 2015-03-06 16:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 11:49 - 2015-03-06 16:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 11:49 - 2015-03-06 16:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 11:49 - 2015-03-06 16:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 11:49 - 2015-03-06 16:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 11:49 - 2015-03-06 16:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 11:49 - 2015-03-06 16:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 11:49 - 2015-03-06 16:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 11:49 - 2015-03-06 16:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 11:49 - 2015-02-20 15:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 11:49 - 2015-02-20 15:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 11:49 - 2015-02-20 15:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 11:49 - 2015-02-20 15:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 11:49 - 2015-02-20 14:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 11:49 - 2015-02-04 13:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 11:49 - 2015-02-03 14:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 11:48 - 2015-02-03 14:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-11 11:48 - 2015-02-03 14:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 11:48 - 2015-02-03 14:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 11:48 - 2015-02-03 14:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 11:48 - 2015-02-03 14:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 11:48 - 2015-02-03 14:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 11:48 - 2015-02-03 14:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 11:48 - 2015-02-03 14:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 11:48 - 2015-02-03 14:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 11:48 - 2015-02-03 14:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 11:48 - 2015-02-03 14:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 11:48 - 2015-02-03 14:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 11:48 - 2015-02-03 14:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 11:48 - 2015-02-03 14:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 11:48 - 2015-02-03 14:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 11:48 - 2015-02-03 14:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 11:48 - 2015-02-03 14:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 11:48 - 2015-02-03 14:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 11:48 - 2015-02-03 14:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 11:48 - 2015-02-03 13:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 11:48 - 2015-01-31 10:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 11:48 - 2014-11-01 09:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 11:48 - 2014-06-28 11:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 11:48 - 2014-06-28 11:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-09 21:16 - 2015-03-09 21:16 - 00000000 ____D () C:\Users\Bec\Documents\Any Video Converter
2015-03-09 21:15 - 2015-03-09 21:15 - 00001161 _____ () C:\Users\Bec\Desktop\Any Video Converter.lnk
2015-03-09 21:15 - 2015-03-09 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvsoft
2015-03-09 21:14 - 2015-03-09 21:16 - 00000000 ____D () C:\Users\Bec\AppData\Roaming\Anvsoft
2015-03-09 21:14 - 2015-03-09 21:14 - 00000000 ____D () C:\Program Files\Anvsoft
2015-03-09 21:13 - 2015-03-03 00:55 - 34592048 _____ (Any-Video-Converter.com ) C:\Users\Bec\Downloads\avc-free.exe
2015-02-26 12:47 - 2014-12-30 13:18 - 24743106 _____ () C:\Users\Public\Downloads\vlc-2.1.5-win32.exe
2015-02-26 03:00 - 2015-01-09 10:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 11:49 - 2015-02-25 11:49 - 00001219 _____ () C:\Users\Bec\Desktop\TreeSize Professional.lnk
2015-02-25 11:49 - 2015-02-25 11:49 - 00000000 ____D () C:\Users\Bec\AppData\Roaming\JAM Software
2015-02-25 11:49 - 2015-02-25 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Professional
2015-02-25 11:49 - 2015-02-25 11:49 - 00000000 ____D () C:\Program Files\JAM Software
2015-02-24 19:35 - 2015-02-24 19:35 - 00000000 ____D () C:\Users\Public\CyberLink
2015-02-24 19:15 - 2015-02-24 19:33 - 00000000 ____D () C:\Users\Bec\AppData\Roaming\CyberLink
2015-02-24 19:15 - 2015-02-24 19:15 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2015-02-24 19:15 - 2015-02-24 19:15 - 00000000 ____D () C:\Users\Bec\Documents\CyberLink
2015-02-24 19:05 - 2015-02-24 19:05 - 00002139 _____ () C:\Users\Public\Desktop\CyberLink PowerDVD 14.lnk
2015-02-24 19:05 - 2015-02-24 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 14
2015-02-24 19:02 - 2015-02-24 19:02 - 00000000 ____D () C:\Program Files\CyberLink
2015-02-23 09:11 - 2015-03-19 08:01 - 00000000 ____D () C:\ProgramData\BitMeterOS
2015-02-23 09:11 - 2015-02-23 09:11 - 00000112 _____ () C:\Users\Public\Desktop\BitMeter OS.url
2015-02-23 09:11 - 2015-02-23 09:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-02-23 09:11 - 2015-02-23 09:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitMeter OS
2015-02-23 09:11 - 2015-02-23 09:11 - 00000000 ____D () C:\Program Files\WinPcap
2015-02-23 09:11 - 2015-02-23 09:11 - 00000000 ____D () C:\Program Files\Codebox
2015-02-21 20:27 - 2015-02-21 20:27 - 00001077 _____ () C:\Users\Public\Desktop\MiniTool Power Data Recovery 6.8.lnk
2015-02-21 20:27 - 2015-02-21 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Power Data Recovery 6.8
2015-02-21 20:27 - 2015-02-21 20:27 - 00000000 ____D () C:\Program Files\PowerDataRecovery
2015-02-21 20:16 - 2015-02-21 20:16 - 00000000 ____D () C:\Users\Public\Downloads\testdisk-6.14.win
2015-02-21 20:15 - 2015-01-14 11:27 - 02894848 _____ () C:\Windows\system32\pwNative.exe
2015-02-21 20:15 - 2013-09-30 16:26 - 00015688 ____N () C:\Windows\system32\pwdrvio.sys
2015-02-21 20:15 - 2013-09-30 16:26 - 00010320 ____N () C:\Windows\system32\pwdspio.sys
2015-02-21 20:14 - 2015-02-21 20:15 - 00000000 ____D () C:\Program Files\MiniTool Partition Wizard Free 9.0
2015-02-21 20:14 - 2015-02-21 20:14 - 00001141 _____ () C:\Users\Public\Desktop\MiniTool Partition Wizard Free.lnk
2015-02-21 20:14 - 2015-02-21 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Free 9.0
2015-02-21 20:08 - 2015-02-21 20:08 - 00000000 ___RD () C:\Users\Public\Downloads\File Scavenger 3.2.22.20100719 Incl Keygen [vokeon]
2015-02-18 16:46 - 2015-02-18 16:46 - 00231760 _____ () C:\Users\Bec\Downloads\CrucialScan.exe
2015-02-18 03:33 - 2015-01-09 13:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-18 03:33 - 2015-01-09 13:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-18 03:33 - 2015-01-09 13:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-17 15:29 - 2015-02-17 15:29 - 01247912 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-19 11:09 - 2014-06-22 19:21 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-19 11:00 - 2010-11-21 08:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-19 10:57 - 2014-07-02 19:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-19 10:38 - 2014-11-13 07:13 - 00000000 ____D () C:\Users\Bec\Documents\ConvertXtoDVD
2015-03-19 09:44 - 2014-08-11 16:39 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4117453120-3678163071-2760984869-1000UA.job
2015-03-19 09:17 - 2014-07-20 17:01 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-19 08:50 - 2014-06-23 12:03 - 01743460 _____ () C:\Windows\WindowsUpdate.log
2015-03-19 08:09 - 2014-06-22 19:21 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-18 17:14 - 2009-07-14 15:34 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-18 17:14 - 2009-07-14 15:34 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-18 15:44 - 2014-08-11 16:39 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4117453120-3678163071-2760984869-1000Core.job
2015-03-18 13:55 - 2009-07-14 15:39 - 00329815 _____ () C:\Windows\setupact.log
2015-03-17 17:05 - 2014-06-28 17:12 - 00000000 ____D () C:\Users\Bec\AppData\Roaming\BitTorrent
2015-03-17 17:04 - 2009-07-14 15:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-14 14:47 - 2015-02-04 21:26 - 00000000 ____D () C:\Temp
2015-03-13 20:32 - 2014-07-20 18:18 - 00000000 ____D () C:\Users\Bec\Downloads\BitTorrents
2015-03-13 11:22 - 2010-11-21 08:48 - 00120876 _____ () C:\Windows\PFRO.log
2015-03-13 11:14 - 2009-07-14 13:37 - 00000000 ___RD () C:\Users\Public
2015-03-13 11:12 - 2009-07-14 13:04 - 00000215 _____ () C:\Windows\system.ini
2015-03-13 05:17 - 2014-06-22 19:21 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-11 19:31 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\rescache
2015-03-11 18:51 - 2009-07-14 15:33 - 00362072 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 18:42 - 2014-09-08 19:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 18:39 - 2014-06-23 09:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 18:29 - 2014-06-23 09:18 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 18:23 - 2014-09-08 19:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-11 18:20 - 2009-07-14 13:04 - 00000478 _____ () C:\Windows\win.ini
2015-03-07 23:15 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-07 21:22 - 2015-02-02 09:06 - 00000000 ____D () C:\Users\Bec\Documents\NeroVideo
2015-03-04 14:01 - 2015-02-05 13:51 - 00000000 ____D () C:\ProgramData\CyberLink
2015-03-01 17:47 - 2014-07-10 21:29 - 00000000 ____D () C:\Users\Bec\Documents\BECS DOCS
2015-02-24 19:13 - 2015-02-05 13:51 - 00000000 ____D () C:\ProgramData\SUPPORTDIR
2015-02-24 19:05 - 2015-02-05 13:55 - 00000000 ____D () C:\Users\Bec\AppData\Local\CyberLink
2015-02-24 19:05 - 2015-02-05 13:55 - 00000000 ____D () C:\Program Files\InstallShield Installation Information
2015-02-24 19:04 - 2015-02-05 13:53 - 00000000 ____D () C:\ProgramData\Temp
2015-02-24 03:23 - 2014-06-22 19:35 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-21 12:10 - 2009-07-14 15:53 - 00032648 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-19 07:41 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\tracing
2015-02-18 19:07 - 2015-01-01 03:47 - 00000000 ____D () C:\Users\Bec\AppData\Roaming\Skype

==================== Files in the root of some directories =======

2014-11-13 07:02 - 2014-11-13 07:02 - 0007887 _____ () C:\Users\Bec\AppData\Roaming\pcouffin.cat
2014-11-13 07:02 - 2014-11-13 07:02 - 0001144 _____ () C:\Users\Bec\AppData\Roaming\pcouffin.inf
2014-11-13 07:02 - 2014-11-13 07:02 - 0000055 _____ () C:\Users\Bec\AppData\Roaming\pcouffin.log
2014-11-13 07:02 - 2014-11-13 07:02 - 0047360 _____ (VSO Software) C:\Users\Bec\AppData\Roaming\pcouffin.sys
2015-01-03 20:25 - 2015-01-03 20:25 - 0000094 _____ () C:\Users\Bec\AppData\Roaming\settings.xml

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-15 18:06

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2015
Ran by Bec at 2015-03-19 11:11:46
Running from C:\Users\Public\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Any Video Converter 5.7.8 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Ashampoo Burning Studio 12 v.12.0.5 (HKLM\...\{91B33C97-93EB-244C-F687-71D85E45A206}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG)
BitMeter OS (HKLM\...\BitMeterOS) (Version: - )
BitTorrent (HKU\S-1-5-21-4117453120-3678163071-2760984869-1000\...\BitTorrent) (Version: 7.9.2.37755 - BitTorrent Inc.)
CyberLink PowerDVD 14 (HKLM\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4401.58 - CyberLink Corp.)
e-tax 2014 (HKLM\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version: 2.7.707 - Australian Taxation Office)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.0 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
MiniTool Power Data Recovery (HKLM\...\MiniTool Power Data Recovery_is1) (Version: - MiniTool Solution Ltd.)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 2014 (HKLM\...\{F384C1E1-3A16-4073-95C3-7271FE0ED4C2}) (Version: 15.0.02200 - Nero AG)
Nero 2014 Content Pack (HKLM\...\{204A26F0-01B8-4656-8607-5CCEDE820BC2}) (Version: 15.0.00200 - Nero AG)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Prerequisite installer (Version: 15.0.0005 - Nero AG) Hidden
Royal Vegas (HKLM\...\royalvegas) (Version: 16.10.2.1587 - )
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
StrongVPN Client (HKLM\...\{6EB6293C-9286-4981-8672-956E1A92F33B}_is1) (Version: 1.4.0.6 - Black Oak Computers, Inc)
TreeSize Professional 5.3.1 (HKLM\...\TreeSize Professional_is1) (Version: 5.3.1 - JAM Software)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VSO ConvertXToDVD (HKLM\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.45 - VSO-Software SARL)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4117453120-3678163071-2760984869-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Bec\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-4117453120-3678163071-2760984869-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Bec\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-4117453120-3678163071-2760984869-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Bec\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-4117453120-3678163071-2760984869-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Bec\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

==================== Restore Points =========================

11-03-2015 11:46:16 Windows Update
11-03-2015 18:02:03 Windows Update
13-03-2015 10:59:07 ComboFix created restore point
18-03-2015 08:59:31 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:04 - 2015-03-13 11:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {26BD9125-9B29-44F6-8BEF-719D631A79F6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5032CA3E-29DD-4A75-A797-908A576AAC23} - System32\Tasks\Nero\Nero Info => C:\Program Files\Common Files\Nero\Nero Info\NeroInfo.exe [2013-08-20] (Nero AG)
Task: {53D3A998-1975-42A1-98F8-296CA9AA60FD} - System32\Tasks\{857DD393-9365-4391-AC7B-A15F35BA17C9} => C:\Users\Bec\Desktop\BackupperFull (1).exe
Task: {813009CC-E219-4F72-824F-80579AD4A200} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {B229250B-9AFE-4438-8421-BB5B82EAD354} - System32\Tasks\{22563321-6F9B-42A8-8534-441F6D02C1CD} => C:\Users\Bec\Desktop\BackupperFull (1).exe
Task: {B347CF19-3B6F-4788-BEEE-BBA73839F54D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4117453120-3678163071-2760984869-1000UA => C:\Users\Bec\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-11] (Facebook Inc.)
Task: {B78A1853-2665-4C78-A624-759092E23E3A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4117453120-3678163071-2760984869-1000Core => C:\Users\Bec\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-11] (Facebook Inc.)
Task: {BBFA9107-C7BE-416A-BB46-5F0EAB301158} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-31] (Google Inc.)
Task: {BFF65327-7CDB-42F9-9DE2-2448B7A7DE91} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D4A5EFA6-FD2D-40BB-AAE5-9D122AE63156} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {DDA3470D-7E8F-4B9C-BB70-0203E183A571} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {FAC6672C-6835-46F8-B508-80D201F406D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-31] (Google Inc.)
Task: {FD8C3F71-E49F-43C5-9A20-CA25D1FC6DD5} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-06-22] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4117453120-3678163071-2760984869-1000Core.job => C:\Users\Bec\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4117453120-3678163071-2760984869-1000UA.job => C:\Users\Bec\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2011-11-01 23:32 - 2011-11-01 23:32 - 00573100 _____ () C:\Windows\system32\sqlite3.dll
2015-01-21 14:58 - 2015-01-21 14:58 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-03-13 11:37 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Bec\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-03-13 11:37 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Bec\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2015-03-13 05:17 - 2015-03-07 17:13 - 09279304 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.89\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4117453120-3678163071-2760984869-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bec\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Fax => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\startupreg: BitTorrent => "C:\Users\Bec\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: PowerDVD14Agent => "C:\Program Files\CyberLink\PowerDVD14\PowerDVD14Agent.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StrongVPN Client => "C:\Program Files\StrongVPN\StrongDial.exe" --silent

==================== Accounts: =============================

Administrator (S-1-5-21-4117453120-3678163071-2760984869-500 - Administrator - Disabled)
Bec (S-1-5-21-4117453120-3678163071-2760984869-1000 - Administrator - Enabled) => C:\Users\Bec
Guest (S-1-5-21-4117453120-3678163071-2760984869-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4117453120-3678163071-2760984869-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/19/2015 08:32:41 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/19/2015 08:31:40 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".Error in manifest or policy file "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" on line Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition is Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.6161".
Please use sxstrace.exe for detailed diagnosis.

Error: (03/18/2015 00:17:00 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/18/2015 00:16:06 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".Error in manifest or policy file "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" on line Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition is Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.6161".
Please use sxstrace.exe for detailed diagnosis.

Error: (03/17/2015 11:50:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/17/2015 11:49:29 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".Error in manifest or policy file "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" on line Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition is Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.6161".
Please use sxstrace.exe for detailed diagnosis.

Error: (03/17/2015 11:20:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: casinogame.exe, version: 25.0.0.12127, time stamp: 0x509b9a1d
Faulting module name: libcef.dll_unloaded, version: 0.0.0.0, time stamp: 0x547f86e7
Exception code: 0xc0000005
Fault offset: 0x55ef2136
Faulting process id: 0xcb4
Faulting application start time: 0xcasinogame.exe0
Faulting application path: casinogame.exe1
Faulting module path: casinogame.exe2
Report Id: casinogame.exe3

Error: (03/17/2015 10:21:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: casinogame.exe, version: 25.0.0.12127, time stamp: 0x509b9a1d
Faulting module name: WININET.dll, version: 11.0.9600.17689, time stamp: 0x54e68757
Exception code: 0xc0000005
Fault offset: 0x00142ac2
Faulting process id: 0x30dc
Faulting application start time: 0xcasinogame.exe0
Faulting application path: casinogame.exe1
Faulting module path: casinogame.exe2
Report Id: casinogame.exe3

Error: (03/17/2015 05:06:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2015 05:02:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.1.711 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9c0

Start Time: 01d05dfd194cfabf

Termination Time: 499

Application Path: C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

Report Id: 3d9f51f7-cc6b-11e4-8e8f-001aa0c112c1


System errors:
=============
Error: (03/19/2015 11:07:39 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR3, has a bad block.

Error: (03/19/2015 11:07:39 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR3, has a bad block.

Error: (03/19/2015 11:07:39 AM) (Source: Virtual Disk Service) (EventID: 10) (User: )
Description: VDS fails to write boot code on a disk during clean operation. Error code: 80070017@02070008

Error: (03/19/2015 11:03:27 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR3, has a bad block.

Error: (03/19/2015 11:03:27 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (03/19/2015 10:59:33 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR3, has a bad block.

Error: (03/19/2015 10:59:33 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR3, has a bad block.

Error: (03/19/2015 10:59:33 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR3, has a bad block.

Error: (03/19/2015 10:59:33 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR3, has a bad block.

Error: (03/19/2015 10:59:33 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR3, has a bad block.


Microsoft Office Sessions:
=========================
Error: (03/19/2015 08:32:41 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\cyberlink\powerdvd14\Movie\powerdvd cinema\mcepacifier\x64\MCEPacifier.exe

Error: (03/19/2015 08:31:40 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.6161"c:\program files\minitool partition wizard free 9.0\x64\PartitionWizard.exec:\program files\minitool partition wizard free 9.0\x64\Microsoft.VC90.CRT.MANIFEST4

Error: (03/18/2015 00:17:00 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\cyberlink\powerdvd14\Movie\powerdvd cinema\mcepacifier\x64\MCEPacifier.exe

Error: (03/18/2015 00:16:06 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.6161"c:\program files\minitool partition wizard free 9.0\x64\PartitionWizard.exec:\program files\minitool partition wizard free 9.0\x64\Microsoft.VC90.CRT.MANIFEST4

Error: (03/17/2015 11:50:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\cyberlink\powerdvd14\Movie\powerdvd cinema\mcepacifier\x64\MCEPacifier.exe

Error: (03/17/2015 11:49:29 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.6161"c:\program files\minitool partition wizard free 9.0\x64\PartitionWizard.exec:\program files\minitool partition wizard free 9.0\x64\Microsoft.VC90.CRT.MANIFEST4

Error: (03/17/2015 11:20:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: casinogame.exe25.0.0.12127509b9a1dlibcef.dll_unloaded0.0.0.0547f86e7c000000555ef2136cb401d060787a7373acC:\Microgaming\Casino\royalvegas\casinogame.exelibcef.dll05bb5510-cca0-11e4-86c1-001aa0c112c1

Error: (03/17/2015 10:21:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: casinogame.exe25.0.0.12127509b9a1dWININET.dll11.0.9600.1768954e68757c000000500142ac230dc01d060a46ddf95d7C:\Microgaming\Casino\royalvegas\casinogame.exeC:\Windows\system32\WININET.dllc453978a-cc97-11e4-86c1-001aa0c112c1

Error: (03/17/2015 05:06:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2015 05:02:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.1.7119c001d05dfd194cfabf499C:\Program Files\Malwarebytes Anti-Malware\mbam.exe3d9f51f7-cc6b-11e4-8e8f-001aa0c112c1


==================== Memory info ===========================

Processor: Intel® Core™2 CPU 6300 @ 1.86GHz
Percentage of memory in use: 52%
Total physical RAM: 2037.61 MB
Available physical RAM: 967.04 MB
Total Pagefile: 4075.23 MB
Available Pagefile: 2356.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.04 GB) (Free:56.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: CD7CCD7C)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.

==================== End Of Log ============================

Attached Files


Edited by Oh My!, 18 March 2015 - 08:01 PM.
Posted logs


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:46 AM

Posted 18 March 2015 - 08:04 PM

Hi Justin,

Could you download a fresh FRST and run it? We ran an older version. Please copy/paste unless I request an attachment.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 jackmeat

jackmeat
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 18 March 2015 - 08:22 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Bec (administrator) on BEC-PC on 19-03-2015 12:19:14
Running from C:\Users\Public\Downloads
Loaded Profiles: Bec (Available profiles: Bec)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Codebox Software) C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe
(Codebox Software) C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Black Oak Computers, Inc.) C:\Program Files\StrongVPN\StrongService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Public\Downloads\FRST (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-08] (Elaborate Bytes AG)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKU\S-1-5-21-4117453120-3678163071-2760984869-1000\...\Run: [BitTorrent] => C:\Users\Bec\AppData\Roaming\BitTorrent\BitTorrent.exe [1376600 2015-01-22] (BitTorrent Inc.)
HKU\S-1-5-21-4117453120-3678163071-2760984869-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [878592 2010-11-21] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4117453120-3678163071-2760984869-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4117453120-3678163071-2760984869-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-06] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-06] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-07-27] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-4117453120-3678163071-2760984869-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Bec\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-07-27] (Microsoft Corporation)
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "hxxp://facebook.com/"
CHR Profile: C:\Users\Bec\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Bec\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-22]
CHR Extension: (YouTube) - C:\Users\Bec\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-22]
CHR Extension: (Google Search) - C:\Users\Bec\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Bec\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Bec\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-22]
CHR Extension: (Gmail) - C:\Users\Bec\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-22]
CHR HKU\S-1-5-21-4117453120-3678163071-2760984869-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - http://clients2.google.com/service/update2/crx
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BitMeterCaptureService; C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe [99037 2012-03-04] (Codebox Software) [File not signed]
R2 BitMeterWebService; C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe [148484 2012-03-04] (Codebox Software) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [762192 2013-07-18] (Nero AG)
R2 StrongVPN Service; C:\Program Files\StrongVPN\StrongService.exe [101560 2015-01-23] (Black Oak Computers, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-26] (CACE Technologies, Inc.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
R3 tapstrong; C:\Windows\System32\DRIVERS\tapstrong.sys [32872 2014-07-14] (The OpenVPN Project)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [26824 2014-08-04] (CyberLink Corp.)
S3 catchme; \??\C:\Users\Bec\AppData\Local\Temp\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-19 12:19 - 2015-03-19 12:19 - 00010902 _____ () C:\Users\Public\Downloads\FRST.txt
2015-03-19 12:15 - 2015-03-19 12:14 - 01135104 _____ (Farbar) C:\Users\Public\Downloads\FRST (1).exe
2015-03-19 11:08 - 2015-03-19 12:19 - 00000000 ____D () C:\FRST
2015-03-14 13:33 - 2015-03-14 13:33 - 00000000 ____D () C:\Users\Bec\Documents\Ashampoo Burning Studio 12
2015-03-13 13:41 - 2015-03-13 13:41 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Bec\Downloads\tdsskiller.exe
2015-03-13 12:57 - 2015-03-13 12:59 - 00000082 _____ () C:\Windows\system32\winsevr.dat
2015-03-13 12:47 - 2015-03-13 12:48 - 20084288 _____ (AOMEI Technology Co., Ltd. ) C:\Users\Bec\Downloads\Backupper.exe
2015-03-13 12:34 - 2015-03-13 12:58 - 00001024 ____H () C:\SYSTAG.BIN
2015-03-13 12:34 - 2015-03-13 12:58 - 00000000 ____D () C:\ProgramData\AomeiBR
2015-03-13 12:33 - 2013-07-31 18:01 - 00129720 _____ () C:\Windows\system32\ammntdrv.sys
2015-03-13 12:33 - 2013-07-31 18:01 - 00026424 _____ () C:\Windows\system32\ambakdrv.sys
2015-03-13 12:33 - 2013-07-31 18:01 - 00014392 _____ () C:\Windows\system32\amwrtdrv.sys
2015-03-13 11:14 - 2015-03-13 11:14 - 00027561 _____ () C:\ComboFix.txt
2015-03-13 10:58 - 2015-03-13 11:14 - 00000000 ____D () C:\Qoobox
2015-03-13 10:58 - 2015-03-13 11:13 - 00000000 ____D () C:\Windows\erdnt
2015-03-13 10:58 - 2011-06-26 17:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-13 10:58 - 2010-11-08 04:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-13 10:58 - 2009-04-20 15:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-13 10:58 - 2000-08-31 11:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-13 10:58 - 2000-08-31 11:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-13 10:58 - 2000-08-31 11:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-13 10:58 - 2000-08-31 11:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-13 10:58 - 2000-08-31 11:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-12 13:04 - 2015-03-12 13:04 - 00000000 ____D () C:\Users\Bec\AppData\Roaming\WinRAR
2015-03-12 13:03 - 2015-03-12 13:03 - 00000000 ____D () C:\Users\Bec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-12 13:03 - 2015-03-12 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-12 13:03 - 2015-03-12 13:03 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-12 13:02 - 2015-03-12 13:02 - 00000000 ____D () C:\Users\Public\Downloads\WinRAR 5.10 Final (32 - 64 Bit) Incl Key - SceneDL
2015-03-11 11:50 - 2015-02-26 14:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 11:50 - 2015-02-24 13:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 11:50 - 2015-02-21 11:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 11:50 - 2015-02-21 11:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 11:50 - 2015-02-21 11:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 11:50 - 2015-02-21 11:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 11:50 - 2015-02-21 10:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 11:50 - 2015-02-20 13:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 11:50 - 2015-02-20 13:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 11:50 - 2015-02-20 13:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 11:50 - 2015-02-20 13:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 11:50 - 2015-02-20 13:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 11:50 - 2015-02-20 13:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 11:50 - 2015-02-20 13:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 11:50 - 2015-02-20 13:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 11:50 - 2015-02-20 13:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 11:50 - 2015-02-20 12:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 11:50 - 2015-02-20 12:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 11:50 - 2015-02-20 12:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 11:50 - 2015-02-20 12:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 11:50 - 2015-02-20 12:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 11:50 - 2015-02-20 12:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 11:50 - 2015-02-20 12:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 11:50 - 2015-02-20 12:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 11:50 - 2015-02-20 12:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 11:50 - 2015-02-20 12:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 11:50 - 2015-02-20 12:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 11:50 - 2015-02-20 12:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 11:50 - 2015-02-20 12:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 11:50 - 2015-02-20 11:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 11:50 - 2015-02-20 11:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 11:50 - 2015-02-13 16:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 11:50 - 2015-02-03 14:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 11:50 - 2015-01-31 14:32 - 00919552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 11:50 - 2015-01-31 13:52 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 11:50 - 2015-01-31 13:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-11 11:50 - 2015-01-17 13:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 11:49 - 2015-03-06 16:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 11:49 - 2015-03-06 16:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 11:49 - 2015-03-06 16:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 11:49 - 2015-03-06 16:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 11:49 - 2015-03-06 16:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 11:49 - 2015-03-06 16:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 11:49 - 2015-03-06 16:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 11:49 - 2015-03-06 16:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 11:49 - 2015-03-06 16:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 11:49 - 2015-03-06 16:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 11:49 - 2015-03-06 16:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 11:49 - 2015-03-06 16:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 11:49 - 2015-03-06 16:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 11:49 - 2015-03-06 16:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 11:49 - 2015-03-06 16:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 11:49 - 2015-03-06 16:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 11:49 - 2015-03-06 16:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 11:49 - 2015-03-06 16:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 11:49 - 2015-02-20 15:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 11:49 - 2015-02-20 15:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 11:49 - 2015-02-20 15:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 11:49 - 2015-02-20 15:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 11:49 - 2015-02-20 14:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 11:49 - 2015-02-04 13:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 11:49 - 2015-02-03 14:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 11:48 - 2015-02-03 14:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-11 11:48 - 2015-02-03 14:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 11:48 - 2015-02-03 14:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 11:48 - 2015-02-03 14:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 11:48 - 2015-02-03 14:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 11:48 - 2015-02-03 14:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 11:48 - 2015-02-03 14:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 11:48 - 2015-02-03 14:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 11:48 - 2015-02-03 14:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 11:48 - 2015-02-03 14:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 11:48 - 2015-02-03 14:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 11:48 - 2015-02-03 14:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 11:48 - 2015-02-03 14:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 11:48 - 2015-02-03 14:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 11:48 - 2015-02-03 14:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 11:48 - 2015-02-03 14:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 11:48 - 2015-02-03 14:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 11:48 - 2015-02-03 14:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 11:48 - 2015-02-03 14:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 11:48 - 2015-02-03 14:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 11:48 - 2015-02-03 13:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 11:48 - 2015-01-31 10:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 11:48 - 2014-11-01 09:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 11:48 - 2014-06-28 11:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 11:48 - 2014-06-28 11:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-09 21:16 - 2015-03-09 21:16 - 00000000 ____D () C:\Users\Bec\Documents\Any Video Converter
2015-03-09 21:15 - 2015-03-09 21:15 - 00001161 _____ () C:\Users\Bec\Desktop\Any Video Converter.lnk
2015-03-09 21:15 - 2015-03-09 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvsoft
2015-03-09 21:14 - 2015-03-09 21:16 - 00000000 ____D () C:\Users\Bec\AppData\Roaming\Anvsoft
2015-03-09 21:14 - 2015-03-09 21:14 - 00000000 ____D () C:\Program Files\Anvsoft
2015-03-09 21:13 - 2015-03-03 00:55 - 34592048 _____ (Any-Video-Converter.com ) C:\Users\Bec\Downloads\avc-free.exe
2015-02-26 12:47 - 2014-12-30 13:18 - 24743106 _____ () C:\Users\Public\Downloads\vlc-2.1.5-win32.exe
2015-02-26 03:00 - 2015-01-09 10:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 11:49 - 2015-02-25 11:49 - 00001219 _____ () C:\Users\Bec\Desktop\TreeSize Professional.lnk
2015-02-25 11:49 - 2015-02-25 11:49 - 00000000 ____D () C:\Users\Bec\AppData\Roaming\JAM Software
2015-02-25 11:49 - 2015-02-25 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Professional
2015-02-25 11:49 - 2015-02-25 11:49 - 00000000 ____D () C:\Program Files\JAM Software
2015-02-24 19:35 - 2015-02-24 19:35 - 00000000 ____D () C:\Users\Public\CyberLink
2015-02-24 19:15 - 2015-02-24 19:33 - 00000000 ____D () C:\Users\Bec\AppData\Roaming\CyberLink
2015-02-24 19:15 - 2015-02-24 19:15 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2015-02-24 19:15 - 2015-02-24 19:15 - 00000000 ____D () C:\Users\Bec\Documents\CyberLink
2015-02-24 19:05 - 2015-02-24 19:05 - 00002139 _____ () C:\Users\Public\Desktop\CyberLink PowerDVD 14.lnk
2015-02-24 19:05 - 2015-02-24 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 14
2015-02-24 19:02 - 2015-02-24 19:02 - 00000000 ____D () C:\Program Files\CyberLink
2015-02-23 09:11 - 2015-03-19 08:01 - 00000000 ____D () C:\ProgramData\BitMeterOS
2015-02-23 09:11 - 2015-02-23 09:11 - 00000112 _____ () C:\Users\Public\Desktop\BitMeter OS.url
2015-02-23 09:11 - 2015-02-23 09:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-02-23 09:11 - 2015-02-23 09:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitMeter OS
2015-02-23 09:11 - 2015-02-23 09:11 - 00000000 ____D () C:\Program Files\WinPcap
2015-02-23 09:11 - 2015-02-23 09:11 - 00000000 ____D () C:\Program Files\Codebox
2015-02-21 20:27 - 2015-02-21 20:27 - 00001077 _____ () C:\Users\Public\Desktop\MiniTool Power Data Recovery 6.8.lnk
2015-02-21 20:27 - 2015-02-21 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Power Data Recovery 6.8
2015-02-21 20:27 - 2015-02-21 20:27 - 00000000 ____D () C:\Program Files\PowerDataRecovery
2015-02-21 20:16 - 2015-02-21 20:16 - 00000000 ____D () C:\Users\Public\Downloads\testdisk-6.14.win
2015-02-21 20:15 - 2015-01-14 11:27 - 02894848 _____ () C:\Windows\system32\pwNative.exe
2015-02-21 20:15 - 2013-09-30 16:26 - 00015688 ____N () C:\Windows\system32\pwdrvio.sys
2015-02-21 20:15 - 2013-09-30 16:26 - 00010320 ____N () C:\Windows\system32\pwdspio.sys
2015-02-21 20:14 - 2015-02-21 20:15 - 00000000 ____D () C:\Program Files\MiniTool Partition Wizard Free 9.0
2015-02-21 20:14 - 2015-02-21 20:14 - 00001141 _____ () C:\Users\Public\Desktop\MiniTool Partition Wizard Free.lnk
2015-02-21 20:14 - 2015-02-21 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Free 9.0
2015-02-21 20:08 - 2015-02-21 20:08 - 00000000 ___RD () C:\Users\Public\Downloads\File Scavenger 3.2.22.20100719 Incl Keygen [vokeon]
2015-02-18 16:46 - 2015-02-18 16:46 - 00231760 _____ () C:\Users\Bec\Downloads\CrucialScan.exe
2015-02-18 03:33 - 2015-01-09 13:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-18 03:33 - 2015-01-09 13:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-18 03:33 - 2015-01-09 13:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-17 15:29 - 2015-02-17 15:29 - 01247912 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-19 12:09 - 2014-06-22 19:21 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-19 11:57 - 2014-07-02 19:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-19 11:38 - 2014-06-23 12:03 - 01743556 _____ () C:\Windows\WindowsUpdate.log
2015-03-19 11:00 - 2010-11-21 08:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-19 10:38 - 2014-11-13 07:13 - 00000000 ____D () C:\Users\Bec\Documents\ConvertXtoDVD
2015-03-19 09:44 - 2014-08-11 16:39 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4117453120-3678163071-2760984869-1000UA.job
2015-03-19 09:17 - 2014-07-20 17:01 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-19 08:09 - 2014-06-22 19:21 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-18 17:14 - 2009-07-14 15:34 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-18 17:14 - 2009-07-14 15:34 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-18 15:44 - 2014-08-11 16:39 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4117453120-3678163071-2760984869-1000Core.job
2015-03-18 13:55 - 2009-07-14 15:39 - 00329815 _____ () C:\Windows\setupact.log
2015-03-17 17:05 - 2014-06-28 17:12 - 00000000 ____D () C:\Users\Bec\AppData\Roaming\BitTorrent
2015-03-17 17:04 - 2009-07-14 15:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-14 14:47 - 2015-02-04 21:26 - 00000000 ____D () C:\Temp
2015-03-13 20:32 - 2014-07-20 18:18 - 00000000 ____D () C:\Users\Bec\Downloads\BitTorrents
2015-03-13 11:22 - 2010-11-21 08:48 - 00120876 _____ () C:\Windows\PFRO.log
2015-03-13 11:14 - 2009-07-14 13:37 - 00000000 ___RD () C:\Users\Public
2015-03-13 11:12 - 2009-07-14 13:04 - 00000215 _____ () C:\Windows\system.ini
2015-03-13 05:17 - 2014-06-22 19:21 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-11 19:31 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\rescache
2015-03-11 18:51 - 2009-07-14 15:33 - 00362072 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 18:42 - 2014-09-08 19:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 18:39 - 2014-06-23 09:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 18:29 - 2014-06-23 09:18 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 18:23 - 2014-09-08 19:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-11 18:20 - 2009-07-14 13:04 - 00000478 _____ () C:\Windows\win.ini
2015-03-07 23:15 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-07 21:22 - 2015-02-02 09:06 - 00000000 ____D () C:\Users\Bec\Documents\NeroVideo
2015-03-04 14:01 - 2015-02-05 13:51 - 00000000 ____D () C:\ProgramData\CyberLink
2015-03-01 17:47 - 2014-07-10 21:29 - 00000000 ____D () C:\Users\Bec\Documents\BECS DOCS
2015-02-24 19:13 - 2015-02-05 13:51 - 00000000 ____D () C:\ProgramData\SUPPORTDIR
2015-02-24 19:05 - 2015-02-05 13:55 - 00000000 ____D () C:\Users\Bec\AppData\Local\CyberLink
2015-02-24 19:05 - 2015-02-05 13:55 - 00000000 ____D () C:\Program Files\InstallShield Installation Information
2015-02-24 19:04 - 2015-02-05 13:53 - 00000000 ____D () C:\ProgramData\Temp
2015-02-24 03:23 - 2014-06-22 19:35 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-21 12:10 - 2009-07-14 15:53 - 00032648 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-19 07:41 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\tracing
2015-02-18 19:07 - 2015-01-01 03:47 - 00000000 ____D () C:\Users\Bec\AppData\Roaming\Skype
 
==================== Files in the root of some directories =======
 
2014-11-13 07:02 - 2014-11-13 07:02 - 0007887 _____ () C:\Users\Bec\AppData\Roaming\pcouffin.cat
2014-11-13 07:02 - 2014-11-13 07:02 - 0001144 _____ () C:\Users\Bec\AppData\Roaming\pcouffin.inf
2014-11-13 07:02 - 2014-11-13 07:02 - 0000055 _____ () C:\Users\Bec\AppData\Roaming\pcouffin.log
2014-11-13 07:02 - 2014-11-13 07:02 - 0047360 _____ (VSO Software) C:\Users\Bec\AppData\Roaming\pcouffin.sys
2015-01-03 20:25 - 2015-01-03 20:25 - 0000094 _____ () C:\Users\Bec\AppData\Roaming\settings.xml
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-15 18:06
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Bec at 2015-03-19 12:19:50
Running from C:\Users\Public\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Any Video Converter 5.7.8 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Ashampoo Burning Studio 12 v.12.0.5 (HKLM\...\{91B33C97-93EB-244C-F687-71D85E45A206}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG)
BitMeter OS (HKLM\...\BitMeterOS) (Version:  - )
BitTorrent (HKU\S-1-5-21-4117453120-3678163071-2760984869-1000\...\BitTorrent) (Version: 7.9.2.37755 - BitTorrent Inc.)
CyberLink PowerDVD 14 (HKLM\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4401.58 - CyberLink Corp.)
e-tax 2014 (HKLM\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version: 2.7.707 - Australian Taxation Office)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.0 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MiniTool Power Data Recovery (HKLM\...\MiniTool Power Data Recovery_is1) (Version:  - MiniTool Solution Ltd.)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 2014 (HKLM\...\{F384C1E1-3A16-4073-95C3-7271FE0ED4C2}) (Version: 15.0.02200 - Nero AG)
Nero 2014 Content Pack (HKLM\...\{204A26F0-01B8-4656-8607-5CCEDE820BC2}) (Version: 15.0.00200 - Nero AG)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Prerequisite installer (Version: 15.0.0005 - Nero AG) Hidden
Royal Vegas (HKLM\...\royalvegas) (Version: 16.10.2.1587 - )
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
StrongVPN Client (HKLM\...\{6EB6293C-9286-4981-8672-956E1A92F33B}_is1) (Version: 1.4.0.6 - Black Oak Computers, Inc)
TreeSize Professional 5.3.1 (HKLM\...\TreeSize Professional_is1) (Version: 5.3.1 - JAM Software)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VSO ConvertXToDVD (HKLM\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.45 - VSO-Software SARL)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4117453120-3678163071-2760984869-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Bec\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-4117453120-3678163071-2760984869-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Bec\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-4117453120-3678163071-2760984869-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Bec\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-4117453120-3678163071-2760984869-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Bec\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
==================== Restore Points  =========================
 
11-03-2015 11:46:16 Windows Update
11-03-2015 18:02:03 Windows Update
13-03-2015 10:59:07 ComboFix created restore point
18-03-2015 08:59:31 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 13:04 - 2015-03-13 11:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {26BD9125-9B29-44F6-8BEF-719D631A79F6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5032CA3E-29DD-4A75-A797-908A576AAC23} - System32\Tasks\Nero\Nero Info => C:\Program Files\Common Files\Nero\Nero Info\NeroInfo.exe [2013-08-20] (Nero AG)
Task: {53D3A998-1975-42A1-98F8-296CA9AA60FD} - System32\Tasks\{857DD393-9365-4391-AC7B-A15F35BA17C9} => C:\Users\Bec\Desktop\BackupperFull (1).exe
Task: {813009CC-E219-4F72-824F-80579AD4A200} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {B229250B-9AFE-4438-8421-BB5B82EAD354} - System32\Tasks\{22563321-6F9B-42A8-8534-441F6D02C1CD} => C:\Users\Bec\Desktop\BackupperFull (1).exe
Task: {B347CF19-3B6F-4788-BEEE-BBA73839F54D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4117453120-3678163071-2760984869-1000UA => C:\Users\Bec\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-11] (Facebook Inc.)
Task: {B78A1853-2665-4C78-A624-759092E23E3A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4117453120-3678163071-2760984869-1000Core => C:\Users\Bec\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-11] (Facebook Inc.)
Task: {BBFA9107-C7BE-416A-BB46-5F0EAB301158} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-31] (Google Inc.)
Task: {BFF65327-7CDB-42F9-9DE2-2448B7A7DE91} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D4A5EFA6-FD2D-40BB-AAE5-9D122AE63156} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {DDA3470D-7E8F-4B9C-BB70-0203E183A571} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {FAC6672C-6835-46F8-B508-80D201F406D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-31] (Google Inc.)
Task: {FD8C3F71-E49F-43C5-9A20-CA25D1FC6DD5} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-06-22] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4117453120-3678163071-2760984869-1000Core.job => C:\Users\Bec\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4117453120-3678163071-2760984869-1000UA.job => C:\Users\Bec\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2011-11-01 23:32 - 2011-11-01 23:32 - 00573100 _____ () C:\Windows\system32\sqlite3.dll
2015-01-21 14:58 - 2015-01-21 14:58 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-03-13 11:37 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Bec\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-03-13 11:37 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Bec\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2015-03-13 05:17 - 2015-03-07 17:13 - 09279304 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.89\pdf.dll
2015-03-13 05:17 - 2015-03-07 17:13 - 14974280 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4117453120-3678163071-2760984869-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bec\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\startupreg: BitTorrent => "C:\Users\Bec\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: PowerDVD14Agent => "C:\Program Files\CyberLink\PowerDVD14\PowerDVD14Agent.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StrongVPN Client => "C:\Program Files\StrongVPN\StrongDial.exe" --silent
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4117453120-3678163071-2760984869-500 - Administrator - Disabled)
Bec (S-1-5-21-4117453120-3678163071-2760984869-1000 - Administrator - Enabled) => C:\Users\Bec
Guest (S-1-5-21-4117453120-3678163071-2760984869-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4117453120-3678163071-2760984869-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/19/2015 08:32:41 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/19/2015 08:31:40 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".Error in manifest or policy file "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" on line Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition is Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.6161".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/18/2015 00:17:00 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/18/2015 00:16:06 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".Error in manifest or policy file "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" on line Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition is Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.6161".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/17/2015 11:50:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/17/2015 11:49:29 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".Error in manifest or policy file "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" on line Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition is Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.6161".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/17/2015 11:20:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: casinogame.exe, version: 25.0.0.12127, time stamp: 0x509b9a1d
Faulting module name: libcef.dll_unloaded, version: 0.0.0.0, time stamp: 0x547f86e7
Exception code: 0xc0000005
Fault offset: 0x55ef2136
Faulting process id: 0xcb4
Faulting application start time: 0xcasinogame.exe0
Faulting application path: casinogame.exe1
Faulting module path: casinogame.exe2
Report Id: casinogame.exe3
 
Error: (03/17/2015 10:21:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: casinogame.exe, version: 25.0.0.12127, time stamp: 0x509b9a1d
Faulting module name: WININET.dll, version: 11.0.9600.17689, time stamp: 0x54e68757
Exception code: 0xc0000005
Fault offset: 0x00142ac2
Faulting process id: 0x30dc
Faulting application start time: 0xcasinogame.exe0
Faulting application path: casinogame.exe1
Faulting module path: casinogame.exe2
Report Id: casinogame.exe3
 
Error: (03/17/2015 05:06:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/17/2015 05:02:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.1.711 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 9c0
 
Start Time: 01d05dfd194cfabf
 
Termination Time: 499
 
Application Path: C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
 
Report Id: 3d9f51f7-cc6b-11e4-8e8f-001aa0c112c1
 
 
System errors:
=============
Error: (03/19/2015 11:12:08 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR3, has a bad block.
 
Error: (03/19/2015 11:07:39 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR3, has a bad block.
 
Error: (03/19/2015 11:07:39 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR3, has a bad block.
 
Error: (03/19/2015 11:07:39 AM) (Source: Virtual Disk Service) (EventID: 10) (User: )
Description: VDS fails to write boot code on a disk during clean operation. Error code: 80070017@02070008
 
Error: (03/19/2015 11:03:27 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR3, has a bad block.
 
Error: (03/19/2015 11:03:27 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004
 
Error: (03/19/2015 10:59:33 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR3, has a bad block.
 
Error: (03/19/2015 10:59:33 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR3, has a bad block.
 
Error: (03/19/2015 10:59:33 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR3, has a bad block.
 
Error: (03/19/2015 10:59:33 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR3, has a bad block.
 
 
Microsoft Office Sessions:
=========================
Error: (03/19/2015 08:32:41 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\cyberlink\powerdvd14\Movie\powerdvd cinema\mcepacifier\x64\MCEPacifier.exe
 
Error: (03/19/2015 08:31:40 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.6161"c:\program files\minitool partition wizard free 9.0\x64\PartitionWizard.exec:\program files\minitool partition wizard free 9.0\x64\Microsoft.VC90.CRT.MANIFEST4
 
Error: (03/18/2015 00:17:00 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\cyberlink\powerdvd14\Movie\powerdvd cinema\mcepacifier\x64\MCEPacifier.exe
 
Error: (03/18/2015 00:16:06 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.6161"c:\program files\minitool partition wizard free 9.0\x64\PartitionWizard.exec:\program files\minitool partition wizard free 9.0\x64\Microsoft.VC90.CRT.MANIFEST4
 
Error: (03/17/2015 11:50:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\cyberlink\powerdvd14\Movie\powerdvd cinema\mcepacifier\x64\MCEPacifier.exe
 
Error: (03/17/2015 11:49:29 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.6161"c:\program files\minitool partition wizard free 9.0\x64\PartitionWizard.exec:\program files\minitool partition wizard free 9.0\x64\Microsoft.VC90.CRT.MANIFEST4
 
Error: (03/17/2015 11:20:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: casinogame.exe25.0.0.12127509b9a1dlibcef.dll_unloaded0.0.0.0547f86e7c000000555ef2136cb401d060787a7373acC:\Microgaming\Casino\royalvegas\casinogame.exelibcef.dll05bb5510-cca0-11e4-86c1-001aa0c112c1
 
Error: (03/17/2015 10:21:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: casinogame.exe25.0.0.12127509b9a1dWININET.dll11.0.9600.1768954e68757c000000500142ac230dc01d060a46ddf95d7C:\Microgaming\Casino\royalvegas\casinogame.exeC:\Windows\system32\WININET.dllc453978a-cc97-11e4-86c1-001aa0c112c1
 
Error: (03/17/2015 05:06:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/17/2015 05:02:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.1.7119c001d05dfd194cfabf499C:\Program Files\Malwarebytes Anti-Malware\mbam.exe3d9f51f7-cc6b-11e4-8e8f-001aa0c112c1
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 CPU 6300 @ 1.86GHz
Percentage of memory in use: 52%
Total physical RAM: 2037.61 MB
Available physical RAM: 964.54 MB
Total Pagefile: 4075.23 MB
Available Pagefile: 2332.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.38 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:149.04 GB) (Free:56.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: CD7CCD7C)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.
 
==================== End Of Log ============================

 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:46 AM

Posted 18 March 2015 - 08:28 PM

Thank you for the updated reports. Please attempt this.

===================================================

Seagate Seatools for DOS

----------
  • Please download SeaTools for DOS and create a bootable CD as instructed here and save it to your desktop
  • NOTE: If you have any difficulty booting up with this version, please use one of the legacy versions of SeaTools for DOS
  • If you do not have ISO burning software on your computer download and install Active@ ISO Burner then create a bootable disk with the downloaded file
  • Boot your computer using the CD you just created. If necessary see here for instructions about how to boot to CD
  • After the program loads click I Accept
  • Left Click on your secondary hard drive listed under Drive List (if you have a Seagate hard drive take special note of the caution below)
  • Click Basic Tests, then select Long Generic
  • Allow the process to run, which may take up to 3 hours, and report the findings in your reply
  • If the results indicate your hard drive failed the test and you have a Seagate hard drive installed DO NOT follow up on the suggestion to allow the program to attempt to resolve the issue. Doing so may cause permanent loss of data
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Hard drive report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 jackmeat

jackmeat
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 18 March 2015 - 11:28 PM

Seatools unfortunately does not recognize the drive, I had tried this before, and did so again to no avail.



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:46 AM

Posted 19 March 2015 - 08:37 AM

Unfortunately there isn't anything I can do to help out. I think you would be better served in the Internal Hardware Forum.

If you decide to post there please let me know. They typically will not assist if there is an open Malware Forum Topic.

Sorry I couldn't be of more assistance.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 jackmeat

jackmeat
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 20 March 2015 - 08:26 PM

I posted this here initially, then by request moved it to the internal hardware forum, and never heard anything and you responded to me after the post (i thought) had been removed from here. I appreciate your trying, but I more or less just keep getting run around. i basically assume the drive is history and i really don't care aboutthe data on it, i would just like it to be functional if possible. I am attempting to get another drive and swap the controller to see if the (believed) infection lies on the controller itself. About the last thing I could think of

 

Oh in answer about the seagate tools for dos, not that it matters but the windows version says the drive failed, so i kinda assume that is why the dos version doesn't even recognize it.

 

Still find the reported drive size quite odd though (if you looked at the screenshot i sent along with the logs.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:46 AM

Posted 20 March 2015 - 09:46 PM

After I referred you to the Internal Hardware Forum my colleague Aaflac sent me this:

 

Don't know if the User tried this, but, somebody suggested assigning a drive letter to the partition, and then running chkdsk X: /f

(X = the new drive letter)

It might restore the NTFS partition.

Worth a shot.
 


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 jackmeat

jackmeat
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 20 March 2015 - 11:03 PM

Interesting idea, but unfortunately the drive shows as "unallocated" and hasn't been initialized. Upon attempting to initialize the disk, I get a "cyclic redundancy" error and that is it. I did at one point get a I/O input error which I haven't seen in many years and never pertaining to HDDs. Thanks for keeping the dreams alive (in other words, thank you for asking around, I do appreciate it) Any and all other suggestions I will be more than happy to try (you can tel your coworker thefreezer trick didn't work at all either LOL)



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:46 AM

Posted 21 March 2015 - 07:16 AM

I think we are stuck. Unless there is anything else we can do for you I will close the Topic.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users