Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Top: C0000135 The program Can't Start because %hs is missing form your comptuer


  • This topic is locked This topic is locked
2 replies to this topic

#1 jasonwhite58

jasonwhite58

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 22 April 2015 - 01:29 PM

Hey Thanks for everyone's help in advance. I have done a ton of searching on this and haven't found a fix yet. Below is the Faber Recovery Scan and the suggested Faber search. Any help is greatly appreciated.

THANKS!!

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2015
Ran by SYSTEM on MININT-9O1JGIP on 22-04-2015 12:40:47
Running from F:\
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [EDFcsn] => C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe [177720 2014-09-14] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-03] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2015-02-02] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\PCANotify-x32: PCANotify.dll [X]
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\A001706\...\Run: [AdobeBridge] => [X]
HKU\A001706\Control Panel\Desktop\\SCRNSAVE.EXE -> HCScreenSaver.scr
HKU\a013502\Control Panel\Desktop\\SCRNSAVE.EXE -> HCScreenSaver.scr
HKU\A016266\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\A016266\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_277_ActiveX.exe [854704 2015-03-28] (Adobe Systems Incorporated)
HKU\A016266\Control Panel\Desktop\\SCRNSAVE.EXE -> HCScreenSaver.scr
HKU\a016346\Control Panel\Desktop\\SCRNSAVE.EXE -> HCScreenSaver.scr
HKU\a017162\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_241_ActiveX.exe -update activex
HKU\a038298\Control Panel\Desktop\\SCRNSAVE.EXE -> HCScreenSaver.scr
AppInit_DLLs: AMINIT64.DLL => C:\Windows\system32\AMINIT64.DLL [74576 2013-06-28] (Altiris Inc)
AppInit_DLLs-x32: AMINIT32.DLL => "AMINIT32.DLL" File Not Found

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AeXAgentSrvHost; C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe [324920 2013-07-04] (Symantec Corporation)
S2 AeXNSClient; C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [2134328 2013-07-04] (Symantec Corporation)
S3 AltirisAgentProvider; C:\Program Files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe [408888 2013-07-04] (Symantec Corporation)
S2 awhost32; C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe [798320 2013-03-04] (Symantec Corporation)
S4 ConfigService; C:\Program Files\Altiris\Altiris Agent\Agents\Deployment\Agent\ConfigService.exe [262144 2013-04-24] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-15] (Intel Corporation)
S2 LNSUSvc; C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe [189832 2011-09-16] (IBM Corp)
S2 Lotus Notes Diagnostics; C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe [4453768 2011-09-16] (IBM)
S2 prgnDiscAgent; C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe [775736 2014-09-14] ()
S2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [143928 2012-11-03] (Symantec Corporation)
S3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe [2294112 2012-11-03] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\snac64.exe [334288 2012-11-03] (Symantec Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 awecho; C:\Windows\SysWow64\drivers\awechomd.sys [16432 2013-03-04] (Symantec Corporation)
S1 AW_HOST; C:\Windows\SysWow64\drivers\aw_host5.sys [23864 2013-03-04] (Symantec Corporation)
S1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20150309.013\BHDrvx64.sys [1622744 2015-02-10] (Symantec Corporation)
S1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553}; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [168096 2012-11-03] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20150403.011\IDSvia64.sys [637656 2015-03-05] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20150404.001\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20150404.001\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSP64.SYS [776352 2012-11-03] (Symantec Corporation)
S1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSPX64.SYS [37496 2012-11-03] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SyDvCtrl64.sys [34352 2012-11-03] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS [493216 2012-11-03] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS [1133216 2012-11-03] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-10-26] (Symantec Corporation)
S1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS [224416 2012-11-03] (Symantec Corporation)
S1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS [432800 2012-11-03] (Symantec Corporation)
S1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [154904 2014-10-26] (Symantec Corporation)
S1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [95616 2012-11-03] (Symantec Corporation)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys BDF76C3CE993FFB6214287272708364F
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 02D4DE040DA056068F5D275445CE336A
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\awechomd.sys F7D109AFB1DF146E2CA2304C7E1DCB16
C:\Windows\SysWow64\drivers\aw_host5.sys 9808626EC988C6B7C773589B3B5993A0
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20150309.013\BHDrvx64.sys 99EE5EB9FCBAD85F1992C47C5BB68649
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys 248C952C82DF1E23775432774CBB20F1
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 4566E7FEA8C966648DFC34FE9953653E
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys 5B0D28D7072499817A56527670F5C4B3
C:\Windows\System32\Drivers\dfsc.sys A8D09796996D21BD2865049C41AC3511
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 47A68B3DBBB34D4FE61DE221A8536627
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20150403.011\IDSvia64.sys B463A82741E67093B7DBAE8D460159D0
C:\Windows\System32\DRIVERS\igdkmd64.sys 0AECABC08F9AB4E504935B7662123B6E
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 5A401E4618CDD2C695493A0A5EC074DC
C:\Windows\System32\Drivers\ksecpkg.sys 243366640578F2199F1BA23C08B75FE3
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\system32\drivers\HECIx64.sys 6B01B7414A105B9E51652089A03027CF
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 87BCD1034CBF33537D4D4C251D39BA26
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 0AE0AB07EB9166EA6030153830148C02
C:\Windows\System32\DRIVERS\mrxsmb.sys 7B28DE209FC73E9F1BACE8518C4C62E0
C:\Windows\System32\DRIVERS\mrxsmb10.sys 504FC0FB4DB1D7A346882D1EA63884D3
C:\Windows\System32\DRIVERS\mrxsmb20.sys 871FF5988B66464B827EEDA2180FFC80
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys AA0C2BA3782E92BD85E2264BE418E67C
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20150404.001\ENG64.SYS 54F4B358F41C664CBDE4507D67EED1CD
C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20150404.001\EX64.SYS A74D67EEEB3938FD2FA3B65B24C32C44
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys 662CBFAA835FFF1A935DD01890AAFC62
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 48B6047F82D5A8D0AEC71593F4ACD79B
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys E20873BC2F3E993E1BE5F2A3253A67A3
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys 9500266AFA2548D2812DC59D8C1D7BD3
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 6CF9DB101A75360E98659F823852E540
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSP64.SYS BFF91C4FF4A2FEDDB0B285EAD0AC1B7B
C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSPX64.SYS 1B884D876E87EABF5A3356BBD7321412
C:\Windows\System32\DRIVERS\srv.sys 20735E269DF367C76EF02DDE9C3FA477
C:\Windows\System32\DRIVERS\srv2.sys 6D1173EDC0D5C02ACE4BEA18F48E0746
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SyDvCtrl64.sys 40E32C65A672CFD24C48A2FE78D239C7
C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS 688BBE78970E639BC1D66AE733394DCF
C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS 64D1AF3D04E70A681154FFF1893848F6
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS F19E5E37ED8134B9E5F6287F2D3A75D7
C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS ADF37F1A715D6C56C8E065FD8569A9A4
C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS 1605EBD8CB86AFC4430116065995279A
C:\Windows\System32\Drivers\SysPlant.sys 34ABD119A14E85322EAA69DBE159F5FA
C:\Windows\System32\drivers\tcpip.sys 4F80944B03112F486212DC20BE166079
C:\Windows\System32\DRIVERS\tcpip.sys 4F80944B03112F486212DC20BE166079
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\System32\DRIVERS\Teefer.sys 3978C680024C11071363933FC4CD4D54
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\terminpt.sys EF4469AB69EB15E5D3754E6AEAFBCD3D
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys D34789988234DCC8FA55FA9A485AF0EC
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS ED08C252A0041F8FC0237BAB585BABDC
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF83AA1C4278E2C0E36C0479C1555A9C
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-22 12:40 - 2015-04-22 12:40 - 00000000 ____D () C:\FRST
2015-04-22 02:26 - 2015-04-22 02:26 - 00003424 ____N () C:\bootsqm.dat
2015-04-21 07:47 - 2015-04-21 07:47 - 00205898 _____ () C:\Users\A016266\Desktop\Farmers State Bank of Jetmore.eps
2015-04-21 07:47 - 2015-04-21 07:47 - 00205898 _____ () C:\Users\A001706\Desktop\Farmers State Bank of Jetmore.eps
2015-04-20 22:14 - 2015-04-20 22:14 - 25138986 _____ () C:\Users\a038298\Desktop\HARL75564.eps
2015-04-15 15:44 - 2015-04-22 11:11 - 00000000 ____D () C:\users\A039279-lsa
2015-04-15 15:44 - 2015-04-15 15:44 - 00000000 ____D () C:\Users\A039279-lsa\AppData\Local\Symantec
2015-04-15 15:44 - 2015-04-15 15:44 - 00000000 ____D () C:\Users\A039279-lsa\AppData\Local\Lotus
2015-04-15 15:44 - 2014-05-19 12:50 - 00000000 ____D () C:\Users\A039279-lsa\AppData\Roaming\Macromedia
2015-04-15 15:44 - 2014-04-01 05:01 - 00000000 ____D () C:\Users\A039279-lsa\AppData\Local\Microsoft Help
2015-04-15 14:18 - 2015-04-15 14:18 - 06415638 _____ () C:\Users\A016266\Desktop\0YA78027.eps
2015-04-15 09:34 - 2015-04-15 09:34 - 01611981 _____ () C:\Users\a041689\Desktop\HARL88448.eps
2015-04-15 09:31 - 2015-04-15 09:31 - 01647068 _____ () C:\Users\a041689\Desktop\HARL88448 - SCREEN.eps
2015-04-15 05:56 - 2015-04-15 05:56 - 00000000 ____D () C:\Users\a041689\AppData\Roaming\Xerox
2015-04-15 05:36 - 2015-04-22 11:11 - 00000000 ____D () C:\Users\a041689\AppData\Roaming\Adobe
2015-04-15 05:36 - 2015-04-15 09:23 - 00000000 ____D () C:\Users\a041689\AppData\Local\Adobe
2015-04-15 05:36 - 2015-04-15 05:36 - 01085616 _____ () C:\Users\a041689\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-15 05:36 - 2015-04-15 05:36 - 00000000 ____D () C:\Users\a041689\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2015-04-15 05:34 - 2015-04-22 11:11 - 00000000 ____D () C:\users\a041689
2015-04-15 05:34 - 2015-04-15 05:34 - 00000000 ____D () C:\Users\a041689\AppData\Local\Symantec
2015-04-15 05:34 - 2015-04-15 05:34 - 00000000 ____D () C:\Users\a041689\AppData\Local\Lotus
2015-04-15 05:34 - 2014-05-19 12:50 - 00000000 ____D () C:\Users\a041689\AppData\Roaming\Macromedia
2015-04-15 05:34 - 2014-04-01 05:01 - 00000000 ____D () C:\Users\a041689\AppData\Local\Microsoft Help
2015-04-07 17:40 - 2015-04-07 17:40 - 00000000 ____D () C:\ProgramData\SymEFASI
2015-04-07 13:23 - 2015-04-07 13:23 - 00708311 _____ () C:\Users\A016266\Desktop\Loc. 083 Cochrane Elem.psd
2015-04-07 13:22 - 2015-04-07 13:22 - 01420962 _____ () C:\Users\A016266\Desktop\Loc.eps
2015-04-01 17:35 - 2014-07-30 09:32 - 02241870 _____ () C:\Users\A016266\Desktop\L987243.eps

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-22 11:38 - 2014-10-01 20:26 - 00000000 ____D () C:\users\a013502
2015-04-22 11:38 - 2014-10-01 20:24 - 00000000 ____D () C:\users\a038298
2015-04-22 11:38 - 2014-10-01 20:22 - 00000000 ____D () C:\users\a016346
2015-04-22 11:38 - 2014-07-13 17:46 - 00000000 ____D () C:\users\a041248
2015-04-22 11:38 - 2014-06-17 01:38 - 00000000 ____D () C:\users\a000403
2015-04-22 11:38 - 2014-06-02 20:18 - 00000000 ____D () C:\users\a017162
2015-04-22 11:38 - 2014-05-30 12:17 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-04-22 11:38 - 2014-05-30 11:40 - 00000000 ____D () C:\users\A016901-lsa
2015-04-22 11:38 - 2014-05-22 20:56 - 00000000 ____D () C:\users\a016561-lsa
2015-04-22 11:38 - 2014-05-19 12:50 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-04-22 11:38 - 2014-05-19 12:34 - 00000000 ____D () C:\users\A016266
2015-04-22 11:38 - 2014-05-19 12:29 - 00000000 ____D () C:\users\A001706
2015-04-22 11:38 - 2014-03-31 13:19 - 00000000 ____D () C:\Windows\wlansvc
2015-04-22 11:38 - 2014-03-31 11:54 - 00000000 ____D () C:\users\A033222-lsa
2015-04-22 11:38 - 2014-03-31 07:22 - 00000000 ____D () C:\users\SAE
2015-04-22 11:38 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\security
2015-04-22 11:38 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2015-04-22 11:38 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2015-04-22 11:38 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-22 11:38 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-22 11:38 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-22 11:36 - 2014-05-19 13:06 - 00000000 ____D () C:\Users\A001706\AppData\Local\Adobe
2015-04-21 18:47 - 2014-03-31 11:40 - 00001096 _____ () C:\Windows\System32\config\netlogon.ftl
2015-04-21 00:11 - 2014-03-31 12:18 - 00078338 _____ () C:\SUService.log
2015-04-16 12:12 - 2014-05-20 13:18 - 00000132 _____ () C:\Users\A016266\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-04-12 22:00 - 2014-05-19 12:45 - 00000000 ____D () C:\Users\A016266\AppData\Local\Adobe
2015-04-10 08:13 - 2014-05-30 09:37 - 00000132 _____ () C:\Users\A001706\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-04-07 20:26 - 2014-10-01 20:28 - 00000000 ____D () C:\Users\a016346\Desktop\Output Heath
2015-04-07 17:37 - 2014-10-26 21:30 - 00000000 ____D () C:\ProgramData\regid.1992-12.com.symantec
2015-04-06 20:29 - 2014-05-23 00:51 - 00021842 _____ () C:\Users\Public\Desktop\HC Session4.edp
2015-04-05 19:47 - 2014-07-09 14:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-05 04:58 - 2014-05-19 11:34 - 01615105 _____ () C:\Windows\WindowsUpdate.log
2015-04-03 03:41 - 2009-07-13 20:45 - 00019344 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-03 03:41 - 2009-07-13 20:45 - 00019344 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-03 03:33 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-03 03:33 - 2009-07-13 20:51 - 00043968 _____ () C:\Windows\setupact.log
2015-04-01 10:15 - 2014-05-23 00:51 - 00035684 _____ () C:\Users\Public\Desktop\HC Session1.edp
2015-03-31 10:04 - 2014-05-19 12:34 - 00001914 __RSH () C:\Users\A016266\ntuser.pol
2015-03-31 08:37 - 2014-05-19 12:29 - 00001914 __RSH () C:\Users\A001706\ntuser.pol
2015-03-28 14:01 - 2014-07-09 14:01 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-28 14:01 - 2014-05-19 14:20 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-28 14:01 - 2014-05-19 14:20 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-26 03:07 - 2009-07-13 21:13 - 00713888 _____ () C:\Windows\System32\PerfStringBackup.INI

Some content of TEMP:
====================
C:\Users\A001706\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\A016266\AppData\Local\Temp\AdobeApplicationManager.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2015-04-05 20:00:21
Restore point made on: 2015-04-13 20:28:26
Restore point made on: 2015-04-17 17:01:39
Restore point made on: 2015-04-17 17:06:36
Restore point made on: 2015-04-21 11:01:42
Restore point made on: 2015-04-21 11:07:06
Restore point made on: 2015-04-21 11:10:06
Restore point made on: 2015-04-21 11:13:22
Restore point made on: 2015-04-21 11:16:49
Restore point made on: 2015-04-21 11:20:04
Restore point made on: 2015-04-21 17:01:47

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3917.79 MB
Available physical RAM: 3274.06 MB
Total Pagefile: 3915.98 MB
Available Pagefile: 3267.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:307.34 GB) NTFS
Drive f: () (Removable) (Total:14.9 GB) (Free:14.9 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DEF11971)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

LastRegBack: 2015-04-13 20:42

==================== End Of Log ============================

 

 

 

 

FABER SEARCH

 

Farbar Recovery Scan Tool (x64) Version: 22-04-2015
Ran by SYSTEM at 2015-04-22 12:42:13
Running from F:\
Boot Mode: Recovery

================== Search Files: "services.exe;winsrv.*" =============

C:\Windows\winsxs\wow64_microsoft-windows-winsrv.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a412dbba527dc14e\winsrv.dll.mui
[2010-11-20 22:13][2010-11-20 22:13] 0008192 ____A (Microsoft Corporation) 9848765E88322400BDC710A76ADEA841

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22843_none_150cb5d2cc2bae21\winsrv.dll
[2015-02-11 03:01][2014-10-13 18:16] 0215552 ____A (Microsoft Corporation) A4CC8A00F3B6321D2653AD97E66B5101

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22653_none_1501e21acc33cfc4\winsrv.dll
[2014-05-27 23:01][2014-04-11 18:32] 0215552 ____A (Microsoft Corporation) BDADDE9AD8DD2BF67426C23A8874D776

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22616_none_153022a8cc10ac05\winsrv.dll
[2014-05-19 14:03][2014-03-04 03:08] 0215552 ____A (Microsoft Corporation) 9A1BEE89214174AC2862344670C42B5A

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22436_none_151a7f04cc20e999\winsrv.dll
[2014-03-31 13:38][2013-08-28 18:21] 0215040 ____A (Microsoft Corporation) 516D82106CAFAE156C61C5AB627A6409

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22411_none_152b1d6acc153304\winsrv.dll
[2014-03-31 13:55][2013-08-01 22:23] 0215040 ____A (Microsoft Corporation) 99AACC82C6B8A8E976CA59CFD3C322EF

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22177_none_14f039eccc407b3f\winsrv.dll
[2014-03-31 13:37][2012-11-29 21:55] 0215040 ____A (Microsoft Corporation) C2B1F6196C7FE1EA1BF827312B095D06

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18229_none_149eb11db2f87cbc\winsrv.dll
[2014-03-31 13:55][2013-08-01 18:14] 0215040 ____A (Microsoft Corporation) 88EDD0B34EED542745931E581AD21A32

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18043_none_14830bbdb30e2246\winsrv.dll
[2014-03-31 13:38][2013-01-03 21:46] 0215040 ____A (Microsoft Corporation) 0C27239FEA4DB8A2AAC9E502186B7264

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18015_none_14a57c15b2f40121\winsrv.dll
[2014-03-31 13:37][2012-11-29 21:45] 0215040 ____A (Microsoft Corporation) 9E479C2B605C25DA4971ABA36250FAEF

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17514_none_14a49c11b2f4bfec\winsrv.dll
[2010-11-20 19:24][2010-11-20 19:24] 0214016 ____A (Microsoft Corporation) E0406AEF04B088D1C49FC78D0546F689

C:\Windows\winsxs\amd64_microsoft-windows-winsrv.resources_31bf3856ad364e35_6.1.7600.16385_en-us_99be31681e1cff53\winsrv.dll.mui
[2010-11-20 22:13][2010-11-20 22:13] 0008192 ____A (Microsoft Corporation) 0E4E26AF593AC5023E55333096DDD9EA

C:\Windows\winsxs\amd64_microsoft-windows-winsrv-adm_31bf3856ad364e35_6.1.7600.16385_none_74fe9f3a6d505307\Winsrv.admx
[2009-06-10 12:42][2009-06-10 12:42] 0001342 ____A () B28573159BDEA736F3BDFF16604A4AD3

C:\Windows\winsxs\amd64_microsoft-windows-winsrv-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c01e7ca36d3191ee\Winsrv.adml
[2010-11-20 22:13][2010-11-20 22:13] 0001453 ____A () 76D4B8899387BCD0C081D4301E1B18DE

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19][2009-07-13 17:39] 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\SysWOW64\en-US\winsrv.dll.mui
[2010-11-20 22:13][2010-11-20 22:13] 0008192 ____A (Microsoft Corporation) 9848765E88322400BDC710A76ADEA841

C:\Windows\System32\services.exe
[2009-07-13 15:19][2009-07-13 17:39] 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\winsrv.dll
[2015-02-11 03:01][2014-10-13 18:16] 0215552 ____A (Microsoft Corporation) A4CC8A00F3B6321D2653AD97E66B5101

C:\Windows\System32\en-US\winsrv.dll.mui
[2010-11-20 22:13][2010-11-20 22:13] 0008192 ____A (Microsoft Corporation) 0E4E26AF593AC5023E55333096DDD9EA

C:\Windows\PolicyDefinitions\Winsrv.admx
[2009-06-10 12:42][2009-06-10 12:42] 0001342 ____A () B28573159BDEA736F3BDFF16604A4AD3

C:\Windows\PolicyDefinitions\en-US\Winsrv.adml
[2010-11-20 22:13][2010-11-20 22:13] 0001453 ____A () 76D4B8899387BCD0C081D4301E1B18DE

X:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17514_none_14a49c11b2f4bfec\winsrv.dll
[2010-11-20 01:50][2010-11-20 05:27] 0214016 ____A (Microsoft Corporation) E0406AEF04B088D1C49FC78D0546F689

X:\Windows\winsxs\amd64_microsoft-windows-winsrv.resources_31bf3856ad364e35_6.1.7601.17514_en-us_9bef45301b0b82ed\winsrv.dll.mui
[2010-11-20 08:03][2010-11-20 08:03] 0008192 ____A (Microsoft Corporation) 0E4E26AF593AC5023E55333096DDD9EA

X:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.17514_none_2d85c5d6e3e88b4b\services.exe
[2010-11-20 01:19][2009-07-13 17:39] 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

X:\Windows\System32\services.exe
[2010-11-20 01:19][2009-07-13 17:39] 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

X:\Windows\System32\winsrv.dll
[2010-11-20 01:50][2010-11-20 05:27] 0214016 ____A (Microsoft Corporation) E0406AEF04B088D1C49FC78D0546F689

X:\Windows\System32\en-US\winsrv.dll.mui
[2010-11-20 08:03][2010-11-20 08:03] 0008192 ____A (Microsoft Corporation) 0E4E26AF593AC5023E55333096DDD9EA

====== End Of Search ======


Edited by hamluis, 22 April 2015 - 02:02 PM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,184 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:04 AM

Posted 27 April 2015 - 08:48 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2015-02-02] (Microsoft Corporation)
Winlogon\Notify\PCANotify-x32: PCANotify.dll [X]
HKU\A001706\...\Run: [AdobeBridge] => [X]
AppInit_DLLs-x32: AMINIT32.DLL => "AMINIT32.DLL" File Not Found
C:\Users\A001706\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\A016266\AppData\Local\Temp\AdobeApplicationManager.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,184 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:04 AM

Posted 02 May 2015 - 07:17 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users