Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Reinstalled windows virus came back


  • Please log in to reply
17 replies to this topic

#1 21xasd

21xasd

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 26 July 2015 - 08:46 AM

So I am not completely sure what virus it was hitman pro on the previous install of windows detected something in the windows kernal hidden driver or somthing like that. When i looked it up it said it was some kind of root kit virus  I then proceeded to download as many anti root kit fix tools i could find and understand; however they didn't fix the problem some of the programs also included rouge killer, avast, malwarebytes spybot ect. Unfortunatly, I didnt record the information because I thought at the time a reformat which i did on primary disk 100 gig and deleted 100 megabyte reserved partiton would fix the problem. But during my new installing things like malwarebytes avast ect..... the pc was sort of acting weird just like before. I then reinstalled hit man pro and was devastated to find more tracking cookies infecting my pc and a message that said Your computer is vulnerable to attacks exploiting a vulnerability in windows shell (Microsoft security advisory 2286198). Hitmanpro can install a fix which protects you against this vulnerability. This fix is invisible and has no effect on system performance. Enable LNK protection. I enabled LNK protection and the virus or whatever it is stopped putting tracking cookies in. Now only 4 things appear in hitman FRST.64, TBRIVIERATRAY, STEAM, and doubleclick.net. I have never seen a virus this bad that a reinstall could not fix please help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
Ran by jake (administrator) on JAKE-PC (26-07-2015 06:09:17)
Running from C:\Users\jake\Desktop
Loaded Profiles: jake (Available Profiles: jake)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Voyetra Turtle Beach, Inc.) C:\Program Files (x86)\Turtle Beach\Riviera\TBRivieraTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-17] (NVIDIA Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2009-09-30] ()
HKLM-x32\...\Run: [Turtle Beach Riviera] => C:\Program Files (x86)\Turtle Beach\Riviera\TBRivieraTray.exe [1613824 2009-08-15] (Voyetra Turtle Beach, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-26] (AVAST Software)
HKU\S-1-5-21-323439288-386606197-1586470363-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2895552 2015-07-23] (Valve Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-26] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-323439288-386606197-1586470363-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-26] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-26] (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{7E8D5BC9-EF18-4511-99F6-E1084E7CE4E7}: [DhcpNameServer] 192.168.15.1
 
FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-26] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-26]
 
Chrome: 
=======
CHR Profile: C:\Users\jake\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-26]
CHR Extension: (Google Docs) - C:\Users\jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-26]
CHR Extension: (Google Drive) - C:\Users\jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-26]
CHR Extension: (YouTube) - C:\Users\jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-26]
CHR Extension: (Google Search) - C:\Users\jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-26]
CHR Extension: (Google Sheets) - C:\Users\jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-26]
CHR Extension: (Avast Online Security) - C:\Users\jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-26]
CHR Extension: (Gmail) - C:\Users\jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-26]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-26]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-26] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-26] (Avast Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-17] (NVIDIA Corporation)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-07-26] (SurfRight B.V.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-17] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S3 Steam Client Service; "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-26] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-26] (AVAST Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 NAL; C:\Windows\system32\Drivers\iqvw64e.sys [32224 2009-09-21] (Intel Corporation ) [File not signed]
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-26] (AVAST Software)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-06-17] (NVIDIA Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-26] (Avast Software)
R3 cmuda3; system32\drivers\cmudax3.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-26 06:09 - 2015-07-26 06:09 - 00011053 _____ C:\Users\jake\Desktop\FRST.txt
2015-07-26 06:08 - 2015-07-26 06:09 - 00000000 ____D C:\FRST
2015-07-26 06:01 - 2015-07-26 06:01 - 02146816 _____ (Farbar) C:\Users\jake\Desktop\FRST64.exe
2015-07-26 04:57 - 2015-07-26 04:57 - 00014534 _____ C:\Users\jake\Desktop\Protection against LNK vulnerability (kb 2286198) - SurfRight.html
2015-07-26 04:57 - 2015-07-26 04:57 - 00000000 ____D C:\Users\jake\Desktop\Protection against LNK vulnerability (kb 2286198) - SurfRight_files
2015-07-26 04:51 - 2015-07-26 04:51 - 01064960 _____ C:\Users\jake\Downloads\MicrosoftFixit50486.msi
2015-07-26 04:48 - 2015-07-26 04:52 - 00000159 _____ C:\Users\jake\Desktop\sites to stop virus then find security update to fix.txt
2015-07-26 04:30 - 2015-07-26 04:30 - 00000000 _____ C:\Users\jake\Desktop\hit man info.txt
2015-07-26 04:11 - 2015-07-26 04:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-07-26 04:10 - 2015-07-26 04:55 - 00187144 _____ (SurfRight B.V.) C:\Windows\system32\LnkProtect.dll
2015-07-26 04:10 - 2015-07-26 04:11 - 00000000 ____D C:\Program Files\HitmanPro
2015-07-26 04:08 - 2015-07-26 04:09 - 11032736 _____ (SurfRight B.V.) C:\Users\jake\Downloads\HitmanPro_x64.exe
2015-07-26 04:07 - 2015-07-26 04:19 - 00000000 ____D C:\ProgramData\HitmanPro
2015-07-26 04:06 - 2015-07-26 04:06 - 00000000 ____D C:\Users\jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-07-26 04:06 - 2015-07-26 04:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-07-26 04:04 - 2015-07-26 04:06 - 00000000 ____D C:\Program Files\WinRAR
2015-07-26 04:03 - 2015-07-26 04:06 - 10113976 _____ (SurfRight B.V.) C:\Users\jake\Downloads\HitmanPro.exe
2015-07-26 03:55 - 2015-07-26 03:56 - 01941744 _____ C:\Users\jake\Downloads\winrar-x64-521.exe
2015-07-26 03:38 - 2015-07-26 03:38 - 00000000 ____D C:\Users\jake\AppData\Local\NVIDIA
2015-07-26 03:37 - 2015-07-26 03:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-07-26 03:37 - 2015-06-16 23:03 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-07-26 03:36 - 2015-06-02 07:11 - 04421614 _____ C:\Windows\system32\nvcoproc.bin
2015-07-26 03:35 - 2015-07-26 03:35 - 00773370 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-07-26 03:31 - 2009-11-25 12:47 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-07-26 03:31 - 2009-11-25 12:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-07-26 03:31 - 2009-11-25 12:47 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2015-07-26 03:31 - 2009-11-25 12:47 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2015-07-26 03:31 - 2009-11-25 12:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2015-07-26 03:31 - 2009-11-25 12:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2015-07-26 03:31 - 2009-11-25 12:47 - 00109912 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2015-07-26 03:31 - 2009-11-25 12:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2015-07-26 03:31 - 2009-11-25 12:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2015-07-26 03:31 - 2009-11-25 12:47 - 00048960 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2015-07-26 03:30 - 2015-07-26 03:30 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-07-26 03:30 - 2015-06-17 02:10 - 42729104 _____ C:\Windows\system32\nvcompiler.dll
2015-07-26 03:30 - 2015-06-17 02:10 - 37748880 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-07-26 03:30 - 2015-06-17 02:10 - 30481552 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-07-26 03:30 - 2015-06-17 02:10 - 22947144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-07-26 03:30 - 2015-06-17 02:10 - 16145200 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-07-26 03:30 - 2015-06-17 02:10 - 15866992 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-07-26 03:30 - 2015-06-17 02:10 - 15224784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-07-26 03:30 - 2015-06-17 02:10 - 14497520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-07-26 03:30 - 2015-06-17 02:10 - 13263056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-07-26 03:30 - 2015-06-17 02:10 - 11831856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-07-26 03:30 - 2015-06-17 02:10 - 11011216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-07-26 03:30 - 2015-06-17 02:10 - 03395648 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-07-26 03:30 - 2015-06-17 02:10 - 02997544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-07-26 03:30 - 2015-06-17 02:10 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-07-26 03:30 - 2015-06-17 02:10 - 02599752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-07-26 03:30 - 2015-06-17 02:10 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435330.dll
2015-07-26 03:30 - 2015-06-17 02:10 - 01567576 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-07-26 03:30 - 2015-06-17 02:10 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435330.dll
2015-07-26 03:30 - 2015-06-17 02:10 - 01099992 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-07-26 03:30 - 2015-06-17 02:10 - 01060168 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-07-26 03:30 - 2015-06-17 02:10 - 01050768 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-07-26 03:30 - 2015-06-17 02:10 - 00982672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-07-26 03:30 - 2015-06-17 02:10 - 00975176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-07-26 03:30 - 2015-06-17 02:10 - 00938752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-07-26 03:30 - 2015-06-17 02:10 - 00204648 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-07-26 03:30 - 2015-06-17 02:10 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-07-26 03:30 - 2015-06-17 02:10 - 00155280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-07-26 03:30 - 2015-06-17 02:10 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-07-26 03:30 - 2015-06-17 02:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-07-26 03:30 - 2015-06-17 02:10 - 00061616 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-07-26 03:30 - 2015-06-17 02:10 - 00057520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-07-26 03:30 - 2015-06-17 02:10 - 00046768 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-07-26 03:30 - 2015-06-17 02:10 - 00040280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-07-26 03:28 - 2015-07-26 03:30 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-26 03:16 - 2015-07-26 03:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-26 03:13 - 2015-07-26 05:24 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-26 03:13 - 2015-07-26 04:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-26 03:13 - 2015-07-26 03:19 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-26 03:13 - 2015-07-26 03:19 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-26 03:13 - 2015-07-26 03:16 - 00000000 ____D C:\Users\jake\AppData\Local\Google
2015-07-26 03:13 - 2015-07-26 03:15 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-26 03:13 - 2015-07-26 03:13 - 00000000 ____D C:\Users\jake\AppData\Local\Deployment
2015-07-26 03:13 - 2015-07-26 03:13 - 00000000 ____D C:\Users\jake\AppData\Local\Apps\2.0
2015-07-26 02:58 - 2015-07-26 02:58 - 02261124 _____ C:\Users\jake\Downloads\steambackup.exe
2015-07-26 02:52 - 2015-07-26 02:52 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-26 02:52 - 2015-07-26 02:52 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-07-26 02:52 - 2015-07-26 02:52 - 00000000 ____D C:\Windows\system32\vbox
2015-07-26 02:52 - 2015-07-26 02:52 - 00000000 ____D C:\Users\jake\AppData\Roaming\AVAST Software
2015-07-26 02:52 - 2015-07-26 02:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-26 02:52 - 2015-07-26 02:51 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-26 02:52 - 2015-07-26 02:51 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-07-26 02:52 - 2015-07-26 02:51 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-07-26 02:52 - 2015-07-26 02:51 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-07-26 02:52 - 2015-07-26 02:51 - 00150160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-07-26 02:52 - 2015-07-26 02:51 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-07-26 02:52 - 2015-07-26 02:51 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-07-26 02:52 - 2015-07-26 02:51 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-26 02:52 - 2015-07-26 02:51 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-26 02:52 - 2015-07-26 02:51 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-07-26 02:51 - 2015-07-26 02:51 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-07-26 02:50 - 2015-07-26 02:50 - 00293580 _____ C:\Windows\msxml4-KB973688-enu.LOG
2015-07-26 02:49 - 2015-07-26 02:49 - 00295048 _____ C:\Windows\msxml4-KB954430-enu.LOG
2015-07-26 02:48 - 2015-07-26 02:49 - 00000000 ____D C:\Windows\system32\MRT
2015-07-26 02:48 - 2015-07-03 08:43 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-26 02:47 - 2015-07-26 06:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-26 02:47 - 2015-07-26 02:47 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-26 02:47 - 2015-07-26 02:47 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-26 02:47 - 2015-07-26 02:47 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-26 02:47 - 2015-07-26 02:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-07-26 02:47 - 2015-07-26 02:47 - 00000000 ____D C:\Windows\system32\Macromed
2015-07-26 02:47 - 2015-07-26 02:47 - 00000000 ____D C:\Users\jake\AppData\Roaming\Macromedia
2015-07-26 02:47 - 2015-07-26 02:47 - 00000000 ____D C:\Users\jake\AppData\Roaming\Adobe
2015-07-26 02:41 - 2015-07-26 02:41 - 00000000 ____D C:\Program Files\AVAST Software
2015-07-26 02:41 - 2015-06-23 13:30 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-26 02:38 - 2011-04-08 23:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-07-26 02:38 - 2011-04-08 23:45 - 05509504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-07-26 02:38 - 2011-04-08 23:13 - 03957632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-07-26 02:38 - 2011-04-08 23:13 - 03901824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-07-26 02:38 - 2011-04-08 22:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-07-26 02:33 - 2015-07-26 02:33 - 00000000 ____D C:\Users\jake\AppData\Local\Steam
2015-07-26 02:33 - 2015-07-26 02:33 - 00000000 ____D C:\Users\jake\AppData\Local\CEF
2015-07-26 02:32 - 2015-07-26 02:35 - 00000000 ____D C:\Users\jake\Desktop\BRINK
2015-07-26 02:22 - 2012-06-02 15:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-26 02:22 - 2012-06-02 15:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-26 02:22 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-26 02:22 - 2012-06-02 15:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-26 02:22 - 2012-06-02 15:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-26 02:22 - 2012-06-02 15:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-26 02:22 - 2012-06-02 15:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-26 02:22 - 2012-06-02 15:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-26 02:22 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-26 02:07 - 2015-07-26 02:07 - 00004286 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{348E3AAF-DA88-47A5-9069-DDF29536CAB3}
2015-07-26 02:02 - 2015-07-26 02:02 - 00000000 ____D C:\Windows\{26F3D17D-4FF9-46D5-9255-A1F9FF6BD7E4}
2015-07-26 02:02 - 2015-07-26 02:02 - 00000000 ____D C:\Program Files (x86)\Belkin
2015-07-26 01:56 - 2015-07-26 04:56 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-26 01:56 - 2015-07-26 03:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-26 01:56 - 2015-07-26 03:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-26 01:56 - 2015-07-26 01:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-07-26 01:56 - 2015-07-26 01:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-26 01:56 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-26 01:56 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-26 01:56 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-26 01:50 - 2015-07-26 01:50 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-26 01:44 - 2015-07-26 01:50 - 00000032 _____ C:\Users\jake\Desktop\what to do.txt
2015-07-26 01:43 - 2015-07-26 01:43 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-07-26 01:23 - 2015-07-26 01:23 - 00000000 ____D C:\Users\jake\AppData\Roaming\MotionDSP
2015-07-26 01:23 - 2015-07-26 01:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\vReveal
2015-07-26 01:23 - 2015-07-26 01:23 - 00000000 ____D C:\Program Files (x86)\vReveal
2015-07-26 01:19 - 2015-07-26 03:39 - 00002602 _____ C:\Windows\PFRO.log
2015-07-26 01:18 - 2015-07-26 04:54 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-26 01:18 - 2015-07-26 03:37 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-07-26 01:18 - 2015-07-26 01:55 - 00000000 ____D C:\NVIDIA
2015-07-26 01:18 - 2010-06-21 15:07 - 00255592 _____ (NVIDIA Corporation) C:\Windows\system32\nvcohda6.dll
2015-07-26 01:17 - 2015-07-26 03:37 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-07-26 01:17 - 2015-07-26 03:37 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-07-26 01:17 - 2015-06-17 02:10 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-07-26 01:05 - 2015-07-26 01:05 - 00000225 _____ C:\Windows\Cmicnfg3.ini.cfl
2015-07-26 01:05 - 2015-07-26 01:05 - 00000138 _____ C:\Windows\system\Dlap.pfx
2015-07-26 01:05 - 2009-10-14 01:23 - 00788992 _____ C:\Windows\system32\Cmrmdrv3.exe
2015-07-26 01:05 - 2009-10-14 01:23 - 00788992 _____ C:\Windows\system32\Cmeaupci.exe
2015-07-26 01:05 - 2009-04-02 16:59 - 00143360 _____ C:\Windows\SysWOW64\VmixP6.dll
2015-07-26 01:05 - 2007-11-05 01:30 - 01144983 _____ C:\Windows\SysWOW64\KB936225x64.msu
2015-07-26 01:05 - 2007-09-04 10:56 - 00233472 _____ (Voyetra Turtle Beach, Inc.) C:\Windows\SysWOW64\TBRiviera.cpl
2015-07-26 01:05 - 2006-09-14 02:21 - 00200704 _____ (C-Media) C:\Windows\SysWOW64\CMPaOxy.dll
2015-07-26 01:05 - 2003-04-09 19:10 - 00032768 _____ (C-Media Corporation) C:\Windows\SysWOW64\CMUdaProp3.dll
2015-07-26 01:04 - 2015-07-26 01:05 - 00000174 _____ C:\Windows\Cmicnfg3.ini.imi
2015-07-26 01:04 - 2015-07-26 01:04 - 00008192 __RSH C:\BOOTSECT.BAK
2015-07-26 01:04 - 2015-07-26 01:04 - 00000113 _____ C:\Windows\system\Cmicnfg3.ini
2015-07-26 01:04 - 2015-07-26 01:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turtle Beach
2015-07-26 01:04 - 2015-07-26 01:04 - 00000000 ____D C:\Program Files (x86)\Turtle Beach
2015-07-26 01:04 - 2015-07-26 00:16 - 00000000 ____D C:\Windows\Panther
2015-07-26 01:04 - 2009-10-21 20:45 - 00323584 _____ (Turtle Beach Inc.) C:\Windows\CmiPCIUninstallRiviera.exe
2015-07-26 01:04 - 2009-10-14 00:17 - 00001304 _____ C:\Windows\Cmicnfg3.ini.cfg
2015-07-26 01:04 - 2009-09-22 09:47 - 00002678 _____ C:\Windows\cmudax3.ini
2015-07-26 01:04 - 2009-08-19 16:00 - 00359424 _____ C:\Windows\system32\CmiInstallResAll64.dll
2015-07-26 01:04 - 2009-07-13 18:38 - 00383562 __RSH C:\bootmgr
2015-07-26 01:04 - 2007-02-26 21:30 - 00036864 _____ (C-Media Electronics Ins.) C:\Windows\system32\cmudax3.dll
2015-07-26 01:04 - 2006-10-06 05:45 - 00524768 _____ (Microsoft Corporation) C:\Windows\difxapi.dll
2015-07-26 00:57 - 2015-07-26 00:57 - 00057560 _____ C:\Users\jake\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-26 00:57 - 2015-07-26 00:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-07-26 00:55 - 2015-07-26 01:02 - 00000000 ____D C:\Users\jake\Desktop\utilities exes
2015-07-26 00:55 - 2015-07-26 00:55 - 00000000 ____D C:\Users\jake\Desktop\antivirus stuff
2015-07-26 00:53 - 2015-07-26 02:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-26 00:53 - 2015-07-26 00:53 - 00002146 _____ C:\RHDSetup.log
2015-07-26 00:53 - 2015-07-26 00:53 - 00000206 _____ C:\realtek.log
2015-07-26 00:53 - 2015-07-26 00:53 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-07-26 00:53 - 2015-07-26 00:53 - 00000000 ____D C:\Program Files\Realtek
2015-07-26 00:53 - 2015-07-26 00:53 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-07-26 00:53 - 2009-08-18 02:16 - 00831488 ____R (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-07-26 00:52 - 2015-07-26 00:52 - 00000000 ____D C:\Program Files\Intel
2015-07-26 00:52 - 2009-09-23 02:11 - 00283824 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1k62x64.sys
2015-07-26 00:52 - 2009-09-16 03:06 - 00003148 _____ C:\Windows\system32\e1k62x64.din
2015-07-26 00:52 - 2009-08-03 21:39 - 00078528 _____ (Intel Corporation) C:\Windows\system32\NicInstK.dll
2015-07-26 00:52 - 2009-08-03 18:35 - 00345800 ____R (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2015-07-26 00:52 - 2009-05-25 19:05 - 00036472 _____ (Intel Corporation) C:\Windows\system32\NicCo36.dll
2015-07-26 00:52 - 2009-04-21 02:39 - 00072288 _____ (Intel Corporation) C:\Windows\system32\e1kmsg.dll
2015-07-26 00:52 - 2006-01-11 23:52 - 00001904 ____N C:\Windows\system32\SetupBD.din
2015-07-26 00:49 - 2015-07-26 00:57 - 00000000 ____D C:\Program Files (x86)\Intel
2015-07-26 00:49 - 2015-07-26 00:49 - 00000000 ____D C:\Intel
2015-07-26 00:49 - 2009-08-26 15:04 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2015-07-26 00:47 - 2015-07-26 01:00 - 00000000 ____D C:\TempEI4
2015-07-26 00:47 - 2015-07-26 00:47 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2015-07-26 00:17 - 2015-07-26 00:17 - 00001443 _____ C:\Users\jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-26 00:17 - 2015-07-26 00:17 - 00001409 _____ C:\Users\jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-07-26 00:16 - 2015-07-26 01:07 - 00000000 ____D C:\Users\jake\AppData\Local\VirtualStore
2015-07-26 00:16 - 2015-07-26 00:17 - 00000000 ____D C:\Users\jake
2015-07-26 00:16 - 2015-07-26 00:16 - 00000020 ___SH C:\Users\jake\ntuser.ini
2015-07-26 00:16 - 2015-07-26 00:16 - 00000000 __SHD C:\Recovery
2015-07-26 00:16 - 2009-07-13 21:54 - 00000000 ___RD C:\Users\jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-26 00:16 - 2009-07-13 21:49 - 00000000 ___RD C:\Users\jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-26 00:12 - 2015-07-26 04:57 - 00323729 _____ C:\Windows\WindowsUpdate.log
2015-07-26 00:08 - 2015-07-26 00:08 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-07-26 00:08 - 2015-07-26 00:08 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-07-26 00:08 - 2015-07-26 00:08 - 00001313 _____ C:\Windows\TSSysprep.log
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-26 04:58 - 2009-07-13 22:13 - 00780070 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-26 04:54 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-26 04:54 - 2009-07-13 21:51 - 00018538 _____ C:\Windows\setupact.log
2015-07-26 04:53 - 2009-07-13 21:45 - 00013776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-26 04:53 - 2009-07-13 21:45 - 00013776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-26 02:57 - 2009-07-14 00:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-07-26 02:57 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\SysWOW64\winrm
2015-07-26 02:57 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\SysWOW64\WCN
2015-07-26 02:57 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2015-07-26 02:57 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2015-07-26 02:57 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2015-07-26 02:57 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\winrm
2015-07-26 02:57 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\WCN
2015-07-26 02:57 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\slmgr
2015-07-26 02:57 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2015-07-26 02:57 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2015-07-26 02:57 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-07-26 02:57 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Defender
2015-07-26 02:57 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2015-07-26 02:57 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-07-26 02:57 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-07-26 02:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2015-07-26 02:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2015-07-26 02:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2015-07-26 02:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2015-07-26 02:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-07-26 02:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\com
2015-07-26 02:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\sysprep
2015-07-26 02:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Setup
2015-07-26 02:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\oobe
2015-07-26 02:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\MUI
2015-07-26 02:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\migwiz
2015-07-26 02:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism
2015-07-26 02:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\com
2015-07-26 02:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\servicing
2015-07-26 02:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-07-26 02:57 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-07-26 02:56 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-26 02:56 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\IME
2015-07-26 02:08 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-26 01:17 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Help
2015-07-26 01:05 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system
2015-07-26 01:04 - 2009-07-13 22:38 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2015-07-26 01:04 - 2009-07-13 22:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2015-07-26 00:47 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\restore
2015-07-26 00:16 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Recovery
2015-07-26 00:08 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-26 00:08 - 2009-07-13 21:46 - 00001774 _____ C:\Windows\DtcInstall.log
2015-07-26 00:08 - 2009-07-13 21:45 - 00274320 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-26 00:08 - 2009-07-13 20:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
 
==================== Files in the root of some directories =======
 
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\jake\AppData\Local\setup.txt
 
Some files in TEMP:
====================
C:\Users\jake\AppData\Local\Temp\nvStInst.exe
C:\Users\jake\AppData\Local\Temp\vcredist_x86_80.exe
C:\Users\jake\AppData\Local\Temp\vcredist_x86_90.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-26 02:49
 
==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,745 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:47 AM

Posted 28 July 2015 - 07:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Now only 4 things appear in hitman FRST.64, TBRIVIERATRAY, STEAM, and doubleclick.net.

FRST.64 is the Farbar tool. It's a false positive. It's good.

TBRIVIERATRAY This is also safe.
http://www.systemlookup.com/search.php?type=filename&client=malwaresearch-chrome&search=TBRivieraTray.exe

STEAM is listed in your Installed programs list.
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

It looks like this is the programs you have installed. Looks good.
http://www.systemlookup.com/Startup/11877-steam_exe.html

===

doubleclick.net is very active in creating cookies when you visit sites.
These cookies can be stopped when you install this HOSTS file.

Read the instruction on this page and install the hosts for for your Windows 7.
http://winhelp2002.mvps.org/hosts.htm

===

Any other issues?

#3 21xasd

21xasd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 30 July 2015 - 09:09 PM

Hello nasdaq

 

 

Antivirus just started popping up alot then my email page at aol.com sign in changed completely i later found out it should not have i cleaned that up. Then i could not connect on the internet at which point i just reinstalled again otherwise I could not connect i deleted and reformatted the primary and mbr disk 0. So just in case I have lent a laptop from a friend. Currently another error has occured where the win sxs folder keeps expanding by itself. Just after a couple days it is now 12 gigs and growing after the reinstall and the computer shut down it said there was a blue screen. Not sure what to post I can rescan farbar again i ran mbrcheck it had a non standard mbr. During a previous windows install avast brought up something about a decompression bomb maybe thats something. Maybe its just in my head but I get the feeling something is wrong again. 

 

THANK YOU FOR YOUR HELP AND SUPPORT



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,745 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:47 AM

Posted 31 July 2015 - 07:02 AM

Go to this page: http://www.miniservernation.com/2011/11/windows-7-winsxs-folder-what-is-it-why-is-it-growing-how-to-reduce-the-size/

Follow the instructions under this section only.

How to reduce winsxs size without screwing up my Windows?



Select the following keys simultaneously on the keyboard.
(Windows key + R)
This will open the Run but.
In the field enter CMD click OK.

This will open the DOS screen.

The first command you should type is

DIR /w

next type or paste the following.

DISM /online /Cleanup-Image /SpSuperseded

Close the DOS prompt ty typing Exit at the prompt and click the Enter key.


Restart the computer normally.
===

During a previous windows install avast brought up something about a decompression bomb maybe thats something.
Read about it.
https://forum.avast.com/index.php?topic=8943.0

I wound not do anything to disturb this.

===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

If you have a Blue screen make a note of the error message and post it.

#5 21xasd

21xasd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 31 July 2015 - 02:17 PM

Hey Nasdaq 
 
Thanks for fast response I have read the article about win sxs to me its kind of weird because on my original install I used to have a lot of things installed and it reported less space taken then now; however, I have installed many different anti virus, anti malware, ect... and just one 5 gig game. Very interesting article I will keep in mind. I have been following your instructions and typed the commands in the command line this is what came back after DISM /cleanup-image /spsuperseded 
 
Image Version: 6.1.7600.16385 
 
Service Pack Cleanup can't proceed: An operation is pending on this computer. restart your computer, and then run service pack cleanup. The operation completed successfully. Just in case I will retry again don't know why it said completed successfully. Oh it now says configuring windows updates must be ok. 
 
Heres something strange on previous install I looked at internet explorer parental control and it had three different users ie default, guest, solitude and me. On this install I took a picture of it and it only said me now guest has been added its kind of odd. Another weird thing event viewer administrative events has hundreds of errors 10s of warnings from a source called CAPI2. So I was in the middle of updating the virus definitions for avast aswmbr when another blue screen appeared i looked for win mini dump file, it said access denied I am admin but not hidden admin. Had another blue screen with a text that can't be displayed on internet explorer .Anyhow ill try avast mbr program and definitions again. Ok another blue screen maybe its connected with avast update. I am not using avast anymore as a result of the previous issues. Do you think Installing the actual antivirus will correct the problem. I will try in safe mode if thats ok. Ill attach the blue screen mini dump. Alright I tried it in safe mode it actually worked although im not sure that everything got scanned the way it needed too. Heres the two files thanks again for help. 
 
Here is aswMBR txt
 
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-07-30 21:42:58
-----------------------------
21:42:58.889    OS Version: Windows x64 6.1.7601 Service Pack 1
21:42:58.889    Number of processors: 4 586 0x2502
21:42:58.889    ComputerName: JAMES-PC  UserName: James
21:42:59.014    Initialize success
23:02:55.757    AVAST engine defs: 15072900
23:29:11.001    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
23:29:11.001    Disk 0 Vendor: M4-CT128M4SSD2 070H Size: 122104MB BusType: 11
23:29:11.017    Disk 0 MBR read successfully
23:29:11.017    Disk 0 MBR scan
23:29:11.017    Disk 0 Windows 7 default MBR code
23:29:11.017    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 206848
23:29:11.017    Disk 0 default boot code
23:29:11.032    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       121902 MB offset 411648
23:29:11.032    Disk 0 scanning C:\Windows\system32\drivers
23:29:13.778    Service scanning
23:29:20.096    Modules scanning
23:29:20.096    Disk 0 trace - called modules:
23:29:20.096    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
23:29:20.096    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80076b8060]
23:29:20.096    3 CLASSPNP.SYS[fffff880013c443f] -> nt!IofCallDriver -> [0xfffffa800701a3f0]
23:29:20.111    5 ACPI.sys[fffff88000ee77a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0xfffffa800701f060]
23:29:20.236    AVAST engine scan C:\Windows
23:29:20.689    AVAST engine scan C:\Windows\system32
23:30:19.329    AVAST engine scan C:\Windows\system32\drivers
23:30:22.480    AVAST engine scan C:\Users\James
23:30:26.957    AVAST engine scan C:\ProgramData
23:30:27.956    Disk 0 statistics 2989853/0/0 @ 92.21 MB/s
23:30:27.956    Scan finished successfully
01:58:47.148    Disk 0 MBR has been saved successfully to "C:\Users\James\Desktop\MBR.dat"
01:58:47.163    The log file has been saved successfully to "C:\Users\James\Desktop\aswMBR.txt"

 

Attached Files

  • Attached File  MBR.zip   561bytes   0 downloads


#6 21xasd

21xasd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 31 July 2015 - 04:43 PM

Sorry the mini dump file is too big maybe there is another way to send.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,745 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:47 AM

Posted 01 August 2015 - 08:15 AM

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
  • List Devices (problems only)
  • List Minidump Files
  • List Restore Points
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Picture of the tool.
http://i.imgur.com/wNeKMCX.png

#8 21xasd

21xasd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 02 August 2015 - 06:45 AM

Hello 

 

Its nice of you to work on the weekend I am greatfull. Ok I have scanned with minitool box tool pretty cool tool. Here is the results.

 

 

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by James (administrator) on 01-08-2015 at 18:24:06
Running from "C:\Users\James\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: DH55HC__ Manufacturer: INTEL_
Boot Mode: Normal
***************************************************************************
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (08/01/2015 03:15:53 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc000000d
Fault offset: 0x000000000006ec12
Faulting process id: 0x6dc
Faulting application start time: 0xsvchost.exe_DiagTrack0
Faulting application path: svchost.exe_DiagTrack1
Faulting module path: svchost.exe_DiagTrack2
Report Id: svchost.exe_DiagTrack3
 
Error: (07/31/2015 05:09:34 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Web.Mobile, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil . Error code = 0x80070020
 
Error: (07/31/2015 05:09:26 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: sysglobl, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020
 
Error: (07/30/2015 08:32:22 PM) (Source: Application Error) (User: )
Description: Faulting application name: UNS.exe, version: 6.0.0.1184, time stamp: 0x4ac4152b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x74a4728c
Faulting process id: 0xb54
Faulting application start time: 0xUNS.exe0
Faulting application path: UNS.exe1
Faulting module path: UNS.exe2
Report Id: UNS.exe3
 
Error: (07/30/2015 08:32:22 PM) (Source: Application Error) (User: )
Description: Faulting application name: nvSCPAPISvr.exe, version: 7.17.12.5922, time stamp: 0x4c5423c0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x74a4728c
Faulting process id: 0x7c8
Faulting application start time: 0xnvSCPAPISvr.exe0
Faulting application path: nvSCPAPISvr.exe1
Faulting module path: nvSCPAPISvr.exe2
Report Id: nvSCPAPISvr.exe3
 
Error: (07/30/2015 08:32:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: LMS.exe, version: 6.0.0.1184, time stamp: 0x4ac414e3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x74a4728c
Faulting process id: 0x72c
Faulting application start time: 0xLMS.exe0
Faulting application path: LMS.exe1
Faulting module path: LMS.exe2
Report Id: LMS.exe3
 
Error: (07/30/2015 06:14:05 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
 
Error: (07/30/2015 06:14:05 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
 
Error: (07/30/2015 06:14:05 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
 
Error: (07/30/2015 06:14:05 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
 
 
System errors:
=============
Error: (08/01/2015 05:43:16 PM) (Source: Ntfs) (User: )
Description: The default transaction resource manager on volume E: encountered a non-retryable error and could not start.  The data contains the error code.
 
Error: (08/01/2015 03:15:54 AM) (Source: Service Control Manager) (User: )
Description: The Diagnostics Tracking Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (07/30/2015 09:37:09 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (07/30/2015 09:37:08 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (07/30/2015 09:37:07 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (07/30/2015 09:37:02 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (07/30/2015 09:36:51 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
avc3
discache
gzflt
SASDIFSV
SASKUTIL
spldr
trufos
Wanarpv6
 
Error: (07/30/2015 09:36:51 PM) (Source: BugCheck) (User: )
Description: 0x00000101 (0x0000000000000031, 0x0000000000000000, 0xfffff88002f64180, 0x0000000000000002)C:\Windows\MEMORY.DMP073015-14523-01
 
Error: (07/30/2015 09:36:51 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:34:56 PM on ‎7/‎30/‎2015 was unexpected.
 
Error: (07/30/2015 08:50:56 PM) (Source: BugCheck) (User: )
Description: 0x00000101 (0x0000000000000031, 0x0000000000000000, 0xfffff88002f64180, 0x0000000000000002)C:\Windows\MEMORY.DMP073015-20498-01
 
 
Microsoft Office Sessions:
=========================
Error: (08/01/2015 03:15:53 AM) (Source: Application Error)(User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18869556366f2c000000d000000000006ec126dc01d0cba00b6fabfbC:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dlle87bdedc-382d-11e5-9261-00270e088a71
 
Error: (07/31/2015 05:09:34 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Web.Mobile, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil . Error code = 0x80070020 
System.Web.Mobile, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil
 
Error: (07/31/2015 05:09:26 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: sysglobl, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020 
sysglobl, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
 
Error: (07/30/2015 08:32:22 PM) (Source: Application Error)(User: )
Description: UNS.exe6.0.0.11844ac4152bunknown0.0.0.000000000c000000574a4728cb5401d0cabe233b490eC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeunknown5ecbcfb3-372c-11e5-9674-00270e088a71
 
Error: (07/30/2015 08:32:22 PM) (Source: Application Error)(User: )
Description: nvSCPAPISvr.exe7.17.12.59224c5423c0unknown0.0.0.000000000c000000574a4728c7c801d0cabddae8aedfC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeunknown5eaad04e-372c-11e5-9674-00270e088a71
 
Error: (07/30/2015 08:32:21 PM) (Source: Application Error)(User: )
Description: LMS.exe6.0.0.11844ac414e3unknown0.0.0.000000000c000000574a4728c72c01d0cabddab0870cC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeunknown5e8448df-372c-11e5-9674-00270e088a71
 
Error: (07/30/2015 06:14:05 PM) (Source: Microsoft-Windows-CAPI2)(User: )
 
Error: (07/30/2015 06:14:05 PM) (Source: Microsoft-Windows-CAPI2)(User: )
 
Error: (07/30/2015 06:14:05 PM) (Source: Microsoft-Windows-CAPI2)(User: )
 
Error: (07/30/2015 06:14:05 PM) (Source: Microsoft-Windows-CAPI2)(User: )
 
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 21%
Total physical RAM: 8053.39 MB
Available physical RAM: 6328.16 MB
Total Virtual: 16104.99 MB
Available Virtual: 14326.79 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:119.04 GB) (Free:70.92 GB) NTFS
2 Drive d: (Brink) (CDROM) (Total:5.61 GB) (Free:0 GB) CDFS
3 Drive g: (SANDISKFLAS) (Removable) (Total:7.45 GB) (Free:7.2 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\JAMES-PC
 
Administrator            Guest                    James                    
 
========================= Minidump Files ==================================
 
C:\Windows\Minidump\073015-14523-01.dmp
C:\Windows\Minidump\073015-20498-01.dmp
C:\Windows\Minidump\073015-32167-01.dmp
========================= Restore Points ==================================
 
29-07-2015 22:25:56 Installed Turtle Beach Riviera
29-07-2015 22:26:04 Device Driver Package Install: C-Media Electronics Inc. Sound, video and game controllers
29-07-2015 22:45:26 Installed DirectX
30-07-2015 07:09:09 Checkpoint by HitmanPro
31-07-2015 10:09:25 Windows Update
01-08-2015 09:00:10 Windows Update
 
**** End of log ****


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,745 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:47 AM

Posted 02 August 2015 - 07:17 AM

Error: (07/30/2015 09:36:51 PM) (Source: BugCheck) (User: )
Description: 0x00000101 (0x0000000000000031, 0x0000000000000000, 0xfffff88002f64180, 0x0000000000000002)C:\Windows\MEMORY.DMP073015-14523-01


Google this string Description: 0x00000101 I did and it looks like you problem may be related to an incompatible driver.
Since you have re-install windows.

I would check for new drivers for you Video Card.

If this is not the solution the I suggest you start a new topic in the Internal Hardware Forum
http://www.bleepingcomputer.com/forums/f/7/internal-hardware/

An expert may be able to identify the culprit.

This is not caused by malware and not my forte.

I will leave this topic open and if you need to return please do.

#10 21xasd

21xasd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 04 August 2015 - 04:51 AM

Thanks Nasdaq 

 

So clean bill of health. The last question I had was if maybe there was a tool that could scan hard drives for virusus without having to connect them just in case the previous virus somehow tagged along in one of them. Currently I have about 4 or 5 hds so you could see my concern. I have done some research but have not found the best advice. What could happen if i connect one will a virus get into the system. Anyhow your help is greatly appreciated.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,745 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:47 AM

Posted 04 August 2015 - 08:10 AM

Download and Run FlashDisinfector

You may have a flash drive infection. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

#12 21xasd

21xasd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 04 August 2015 - 10:06 PM

Hi 

 

I tried the flash utility but it did not start. It asked me for uac then nothing happens. I tried it without my antivirus but it did not help. Wonder if i am doing something wrong any ideas.

 

thanks 



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,745 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:47 AM

Posted 05 August 2015 - 07:35 AM

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.


Is the .exe file on the Desktop.

Right click on it and select run as an Administrator.

#14 21xasd

21xasd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 10 August 2015 - 05:41 AM

sorry nasdaq

 

I was away and would understand if it takes a while to respond. I did try flash disinfector on desktop as admin with no success. I also tired it in compatability mode that did not help. Maybe something else is happening. Now for some reason it will not even tell me that it did not install correctly weird. I will attach a picture .I will also look up information about event viewer in another forumn. The only other thing that has happened is the win 10 ad in the lower right corner of the picture which was on a previous install of win 7. Another thing that has happened recently internet explorer wants to crash every so often. I appreciate your input.

Attached Files



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,745 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:47 AM

Posted 10 August 2015 - 08:35 AM

I think it's being blocked by Windows Defender.

Run the program again and when prompted select
Click reinstall using recommended settings.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users