Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Attempting Repairs Loops after running HitmanPro


  • This topic is locked This topic is locked
3 replies to this topic

#1 ttcole1254

ttcole1254

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 06 August 2015 - 02:02 PM

So I got a tablet infected with loads of viruses from Minecraft mods. Ran Malwarebytes and Avast which removed a majority of the infections, but decided to run Hitman Pro and some others to make sure everything was clean. HitmanPro found some fairly large infections, so I removed the infections and went to reboot. Now, when rebooting, it goes directly to "Preparing Automatic Repair." It attempts repairs, and then says it cannot solve the problem. Strangely, when opening the log for Startup Repair, it mentions it found hitmanpro37.sys as corrupt and lists it as a possible boot problem. Not sure how I would fix that. Below are both the startup repair log and the log from FRST.

 

Startup Repair Log

Startup Repair diagnosis and repair log
---------------------------
Last successful boot time: ‎7/‎27/‎2015 11:58:11 PM (GMT)
Number of repair attempts: 13
 
Session details
---------------------------
System Disk = \Device\Harddisk0
Windows directory = C:\Windows
AutoChk Run = 0
Number of root causes = 1
 
Test Performed: 
---------------------------
Name: Check for updates
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: System disk test
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: Disk failure diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: Target OS test
Result: Completed successfully. Error code =  0x0
Time taken = 110 ms
 
Test Performed: 
---------------------------
Name: Volume content check
Result: Completed successfully. Error code =  0x0
Time taken = 140 ms
 
Test Performed: 
---------------------------
Name: Boot manager diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 16 ms
 
Test Performed: 
---------------------------
Name: System boot log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: Event log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 47 ms
 
Test Performed: 
---------------------------
Name: Internal state check
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: Boot status test
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: Setup state check
Result: Completed successfully. Error code =  0x0
Time taken = 187 ms
 
Test Performed: 
---------------------------
Name: Registry hives test
Result: Completed successfully. Error code =  0x0
Time taken = 1953 ms
 
Test Performed: 
---------------------------
Name: Windows boot log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Root cause found: 
---------------------------
Boot critical file c:\windows\system32\drivers\hitmanpro37.sys is corrupt.
 
Repair action: File repair
Result: Failed. Error code =  0x2
Time taken = 3657 ms
 
Repair action: System files integrity check and repair
Result: Failed. Error code =  0x490
Time taken = 988437 ms
 
---------------------------
---------------------------
Session details
---------------------------
System Disk = \Device\Harddisk0
Windows directory = C:\Windows
AutoChk Run = 0
Number of root causes = 1
 
Test Performed: 
---------------------------
Name: Check for updates
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: System disk test
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: Disk failure diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code =  0x0
Time taken = 16 ms
 
Test Performed: 
---------------------------
Name: Target OS test
Result: Completed successfully. Error code =  0x0
Time taken = 109 ms
 
Test Performed: 
---------------------------
Name: Volume content check
Result: Completed successfully. Error code =  0x0
Time taken = 125 ms
 
Test Performed: 
---------------------------
Name: Boot manager diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: System boot log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: Event log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 47 ms
 
Test Performed: 
---------------------------
Name: Internal state check
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Root cause found: 
---------------------------
Startup Repair has tried several times but still cannot determine the cause of the problem.
 
---------------------------
---------------------------
Session details
---------------------------
System Disk = \Device\Harddisk0
Windows directory = C:\Windows
AutoChk Run = 0
Number of root causes = 1
 
Test Performed: 
---------------------------
Name: Check for updates
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: System disk test
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: Disk failure diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code =  0x0
Time taken = 16 ms
 
Test Performed: 
---------------------------
Name: Target OS test
Result: Completed successfully. Error code =  0x0
Time taken = 109 ms
 
Test Performed: 
---------------------------
Name: Volume content check
Result: Completed successfully. Error code =  0x0
Time taken = 125 ms
 
Test Performed: 
---------------------------
Name: Boot manager diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: System boot log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: Event log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 47 ms
 
Test Performed: 
---------------------------
Name: Internal state check
Result: Completed successfully. Error code =  0x0
Time taken = 15 ms
 
Root cause found: 
---------------------------
Startup Repair has tried several times but still cannot determine the cause of the problem.
 
---------------------------
---------------------------
 
 
FRST Log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-08-2015
Ran by SYSTEM on MININT-25OIP3C (06-08-2015 14:45:37)
Running from F:\
Platform: Windows 8.1 (X86) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2904064 2013-10-29] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM\...\Run: [YTDownloader] => C:\Program Files\YTDownloader\YTDownloader.exe [1988528 2015-07-17] (YTDownloader)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [81336 2014-12-22] (Intel Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\sydney\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6715160 2015-07-26] (SUPERAntiSpyware)
HKU\sydney\...\Run: [YTDownloader] => C:\Program Files\YTDownloader\YTDownloader.exe [1988528 2015-07-17] (YTDownloader)
BootExecute: autocheck autochk * bootdelete
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
S2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2013-09-09] (ASUSTek Computer Inc.)
S2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [111416 2013-09-09] (ASUSTek Computer Inc.)
S2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-06] (Avast Software s.r.o.)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-04-06] (Avast Software s.r.o.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1677016 2014-04-19] (Broadcom Corporation.)
S2 BrsHelper; C:\Program Files\YTDownloader\BrowserHelperSrv.exe [112560 2015-07-17] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [250880 2014-10-28] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [278344 2015-05-11] (Intel Corporation)
S2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83384 2014-12-22] (Intel Corporation)
S2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [97208 2014-12-22] (Intel Corporation)
S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [90552 2014-12-22] (Intel Corporation)
S2 HitmanPro37CrusaderBoot; C:\Users\sydney\Downloads\HitmanPro.exe [10113976 2015-07-27] (SurfRight B.V.)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [277320 2015-05-11] (Intel Corporation)
S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel® Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel® Corporation)
S2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [103936 2014-10-28] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [284488 2015-02-03] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2014-10-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22200 2015-02-03] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1269248 2014-10-28] (Microsoft Corporation)
S4 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
S3 AsusHID; C:\Windows\System32\drivers\AsusHID.sys [68376 2014-02-13] (ASUS Corporation)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-06] ()
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2015-04-06] (Avast Software s.r.o.)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-06] (Avast Software s.r.o.)
S0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [271248 2015-04-06] (Avast Software s.r.o.)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-04-06] (Avast Software s.r.o.)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49904 2015-04-06] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-06] (Avast Software s.r.o.)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-07-26] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-04-06] (Avast Software s.r.o.)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [209048 2015-04-06] ()
S1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-02] (ASUSTek Computer Inc.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.)
S1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2014-02-22] (Microsoft Corporation)
S3 BCMSDH43XX; C:\Windows\system32\DRIVERS\bcmdhd63.sys [304344 2014-04-19] (Broadcom Corp)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [186880 2013-12-04] (Microsoft Corporation)
S3 BthMini; C:\Windows\System32\Drivers\BTHMINI.sys [23552 2015-06-09] (Microsoft Corporation)
S3 btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [144600 2014-04-19] (Broadcom Corporation.)
S3 BtwSerialBus; C:\Windows\system32\DRIVERS\BtwSerialBus.sys [130776 2014-04-19] (Broadcom Corporation.)
S3 camera; C:\Windows\system32\DRIVERS\camera.sys [345088 2013-12-02] (Intel Corporation)
S3 CM3218x; C:\Windows\system32\DRIVERS\WUDFRd.sys [190976 2014-10-28] (Microsoft Corporation)
S3 CPLMACPI; C:\Windows\system32\DRIVERS\CPLMACPI.sys [16488 2013-09-06] (Capella Microsystems, Inc.)
S3 DptfDevDBPT; C:\Windows\system32\DRIVERS\DptfDevPower.sys [25528 2014-12-22] (Intel Corporation)
S3 DptfDevDisplay; C:\Windows\system32\DRIVERS\DptfDevDisplay.sys [28088 2014-12-22] (Intel Corporation)
S3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [36280 2014-12-22] (Intel Corporation)
S3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [80824 2014-12-22] (Intel Corporation)
S3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [181688 2014-12-22] (Intel Corporation)
S3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [23552 2013-12-30] (Intel Corporation)
S3 GpioVirtual; C:\Windows\System32\drivers\iaiogpiovirtual.sys [16896 2013-12-30] (Intel Corporation)
S3 HIDSwitch; C:\Windows\System32\drivers\AsHIDSwitch.sys [17720 2013-10-07] (ASUS)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2015-07-27] ()
S0 hitmanpro37duringboot; C:\Windows\System32\drivers\hitmanpro37.sys [35992 2015-07-27] ()
S3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [58368 2013-11-14] (Intel Corporation)
S3 iaiouart; C:\Windows\System32\drivers\iaiouart.sys [87552 2013-12-30] (Intel Corporation)
S0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [505192 2013-08-08] (Intel Corporation)
S3 intaud_WaveExtensible; C:\Windows\system32\drivers\intelaud.sys [32152 2014-05-06] (Intel Corporation)
S3 IntelSST; C:\Windows\system32\drivers\isstrtc.sys [259584 2015-05-11] (Intel® Corporation)
S3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [190976 2014-10-28] (Microsoft Corporation)
S3 iwdbus; C:\Windows\System32\drivers\iwdbus.sys [23448 2014-05-06] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S0 MBI; C:\Windows\System32\drivers\MBI.sys [21456 2013-12-30] (Intel Corporation)
S3 MT9M114; C:\Windows\System32\drivers\MT9M114.sys [38912 2013-12-02] (Intel Corporation)
S1 netfilter; C:\Windows\System32\drivers\netfilter.sys [31744 2015-04-02] (NetFilterSDK.com)
S3 NETwNs32; C:\Windows\system32\DRIVERS\Netwsn00.sys [10372096 2013-06-18] (Intel Corporation)
S3 PMIC; C:\Windows\System32\drivers\PMIC.sys [48128 2013-12-30] (Intel Corporation)
S3 rtii2sac; C:\Windows\system32\DRIVERS\rtii2sac.sys [149720 2013-12-04] (Realtek Semiconductor Corp.)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [190976 2014-10-28] (Microsoft Corporation)
S3 TXEI; C:\Windows\System32\drivers\TXEI.sys [75792 2014-02-26] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [84800 2015-02-03] (Microsoft Corporation)
S0 Wof; C:\Windows\System32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
S3 WUDFSensorLP; C:\Windows\System32\drivers\WUDFRd.sys [190976 2014-10-28] (Microsoft Corporation)
S0 msahci; No ImagePath
S4 sbmntr; \??\C:\PROGRA~1\YTDOWN~1\sbmntr.sys [X]
S4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-06 14:45 - 2015-08-06 14:45 - 00000000 ____D C:\FRST
2015-08-05 19:27 - 2015-08-06 14:05 - 00196608 _____ C:\BitLockerWinRELog.etl
2015-07-27 16:33 - 2015-07-27 16:33 - 00013572 _____ C:\Windows\System32\.crusader
2015-07-27 16:33 - 2015-07-27 16:33 - 00012872 _____ (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2015-07-27 16:33 - 2015-07-27 16:33 - 00000424 _____ C:\Windows\System32\bootdelete.lst
2015-07-27 16:31 - 2015-07-27 16:33 - 00035992 _____ C:\Windows\System32\Drivers\hitmanpro37.sys
2015-07-27 16:31 - 2015-07-27 16:31 - 00000000 ____D C:\Users\sydney\AppData\Local\GWX
2015-07-27 16:08 - 2015-07-27 16:08 - 00000000 ____D C:\Users\sydney\AppData\Local\BrowserHelper
2015-07-27 16:05 - 2015-07-27 16:05 - 00000000 ____D C:\Program Files\HitmanPro
2015-07-27 16:03 - 2015-07-27 16:33 - 00000000 ____D C:\ProgramData\HitmanPro
2015-07-27 16:01 - 2015-07-27 16:02 - 00002190 _____ C:\Users\sydney\Desktop\Rkill.txt
2015-07-27 15:11 - 2015-07-27 16:06 - 10113976 _____ (SurfRight B.V.) C:\Users\sydney\Downloads\HitmanPro.exe
2015-07-27 15:11 - 2015-07-27 15:11 - 02248704 _____ C:\Users\sydney\Downloads\AdwCleaner.exe
2015-07-27 15:03 - 2015-07-27 15:03 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\sydney\Downloads\tdsskiller.exe
2015-07-27 15:03 - 2015-07-27 15:03 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\sydney\Downloads\rkill.exe
2015-07-27 15:00 - 2015-07-27 15:01 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\sydney\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-26 16:59 - 2015-06-12 08:36 - 15159296 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2015-07-26 16:59 - 2015-06-11 11:26 - 01853272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2015-07-26 16:59 - 2015-06-09 14:03 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\BthMini.SYS
2015-07-26 16:59 - 2015-06-09 14:02 - 01014784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2015-07-26 16:59 - 2015-06-09 14:02 - 00060928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\BTHUSB.SYS
2015-07-26 16:59 - 2015-06-09 14:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthenum.sys
2015-07-26 16:59 - 2015-06-09 10:17 - 00411133 _____ C:\Windows\System32\ApnDatabase.xml
2015-07-26 16:59 - 2015-05-11 16:32 - 00554328 _____ (Microsoft Corporation) C:\Windows\System32\mcupdate_GenuineIntel.dll
2015-07-26 16:59 - 2015-04-30 16:14 - 05468136 _____ (Microsoft Corporation) C:\Windows\System32\sppsvc.exe
2015-07-26 16:59 - 2015-04-30 16:14 - 01192576 _____ (Microsoft Corporation) C:\Windows\System32\sppobjs.dll
2015-07-26 16:59 - 2015-04-30 16:14 - 00227736 _____ (Microsoft Corporation) C:\Windows\System32\sppwinob.dll
2015-07-26 16:54 - 2015-07-26 16:55 - 00000000 ____D C:\Users\sydney\Downloads\gfx_win8_8.1_32_15.33.19.3540
2015-07-26 16:33 - 2015-07-09 07:39 - 03062784 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2015-07-26 16:33 - 2015-07-01 13:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-07-26 16:33 - 2015-06-29 14:48 - 00024240 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2015-07-26 16:33 - 2015-06-29 07:05 - 00058880 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2015-07-26 16:33 - 2015-06-26 05:37 - 00587264 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2015-07-26 16:33 - 2015-06-26 05:37 - 00202752 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2015-07-26 16:33 - 2015-06-26 05:36 - 00932864 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2015-07-26 16:33 - 2015-06-26 05:36 - 00923648 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2015-07-26 16:33 - 2015-06-26 05:36 - 00628224 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2015-07-26 16:33 - 2015-06-26 05:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2015-07-26 16:33 - 2015-06-24 18:29 - 03531776 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-07-26 16:33 - 2015-05-25 05:22 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\UtcResources.dll
2015-07-26 16:33 - 2015-05-25 05:07 - 00977920 _____ (Microsoft Corporation) C:\Windows\System32\diagtrack.dll
2015-07-26 16:33 - 2015-05-21 05:07 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2015-07-26 16:33 - 2015-05-11 08:27 - 00308736 _____ (Microsoft Corporation) C:\Windows\System32\fhcpl.dll
2015-07-26 16:33 - 2015-05-03 06:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-26 16:33 - 2015-05-03 06:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\System32\WSShared.dll
2015-07-26 16:33 - 2015-04-29 15:21 - 00107008 _____ (Microsoft Corporation) C:\Windows\System32\WiFiDisplay.dll
2015-07-26 16:33 - 2015-04-28 05:13 - 00513480 _____ C:\Windows\System32\locale.nls
2015-07-26 16:33 - 2015-04-15 22:22 - 00259928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBXHCI.SYS
2015-07-26 16:33 - 2015-04-13 14:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\System32\authz.dll
2015-07-26 16:33 - 2015-04-09 16:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\System32\UIAutomationCore.dll
2015-07-26 16:33 - 2015-04-08 14:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\System32\rgb9rast.dll
2015-07-26 16:33 - 2015-03-31 18:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\System32\mssph.dll
2015-07-26 16:33 - 2015-03-31 18:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2015-07-26 16:33 - 2015-03-31 18:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\System32\tquery.dll
2015-07-26 16:33 - 2015-03-31 18:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2015-07-26 16:33 - 2015-03-31 18:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2015-07-26 16:33 - 2015-03-31 18:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2015-07-26 16:33 - 2015-03-19 18:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\System32\puiobj.dll
2015-07-26 16:33 - 2015-03-19 17:57 - 00873984 _____ (Microsoft Corporation) C:\Windows\System32\localspl.dll
2015-07-26 16:33 - 2015-03-01 17:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\System32\rastapi.dll
2015-07-26 16:32 - 2015-07-09 10:05 - 00128568 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2015-07-26 16:32 - 2015-07-09 07:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2015-07-26 16:32 - 2015-07-09 07:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2015-07-26 16:32 - 2015-07-09 07:35 - 00334336 _____ (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll
2015-07-26 16:32 - 2015-07-09 07:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2015-07-26 16:32 - 2015-07-09 07:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2015-07-26 16:32 - 2015-07-09 07:31 - 02163200 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2015-07-26 16:32 - 2015-07-02 13:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-07-26 16:32 - 2015-06-26 19:08 - 00239104 _____ (Microsoft Corporation) C:\Windows\System32\WinSetupUI.dll
2015-07-26 16:32 - 2015-06-26 18:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2015-07-26 16:32 - 2015-06-26 18:14 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2015-07-26 16:31 - 2015-07-26 16:31 - 00000000 ____D C:\Users\sydney\AppData\Local\Intel
2015-07-26 16:31 - 2015-07-02 12:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-07-26 16:31 - 2015-07-02 12:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-07-26 16:31 - 2015-07-02 11:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-07-26 16:31 - 2015-06-15 21:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\System32\ole32.dll
2015-07-26 16:31 - 2015-06-15 13:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-07-26 16:31 - 2015-06-15 13:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2015-07-26 16:31 - 2015-06-15 13:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-07-26 16:31 - 2015-06-15 13:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2015-07-26 16:31 - 2015-06-15 12:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2015-07-26 16:31 - 2015-06-15 12:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2015-07-26 16:31 - 2015-06-15 12:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-07-26 16:31 - 2015-06-15 12:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2015-07-26 16:31 - 2015-06-15 12:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-07-26 16:31 - 2015-06-15 12:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2015-07-26 16:31 - 2015-06-15 12:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2015-07-26 16:31 - 2015-06-15 12:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-07-26 16:31 - 2015-06-15 12:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-07-26 16:31 - 2015-06-15 12:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2015-07-26 16:31 - 2015-06-15 12:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\System32\actxprxy.dll
2015-07-26 16:31 - 2015-06-15 12:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-07-26 16:31 - 2015-06-15 12:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2015-07-26 16:30 - 2015-07-27 15:17 - 00000000 ____D C:\Users\sydney\AppData\Local\PCMATICPLUS_fixed
2015-07-26 16:30 - 2015-07-26 16:30 - 00001147 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.1.lnk
2015-07-26 16:30 - 2015-07-26 16:30 - 00000000 ____D C:\Program Files\Intel Driver Update Utility
2015-07-26 16:30 - 2015-07-14 06:14 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2015-07-26 16:30 - 2015-07-14 06:14 - 00035840 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2015-07-26 16:30 - 2015-06-27 21:12 - 00851704 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2015-07-26 16:30 - 2015-06-27 21:12 - 00147800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2015-07-26 16:30 - 2015-06-27 21:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2015-07-26 16:30 - 2015-06-26 18:18 - 00154112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2015-07-26 16:30 - 2015-06-26 18:17 - 00328704 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2015-07-26 16:30 - 2015-06-26 18:17 - 00229376 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2015-07-26 16:30 - 2015-06-26 17:27 - 01117696 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2015-07-26 16:30 - 2015-06-26 17:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2015-07-26 16:30 - 2015-06-15 13:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\System32\msiexec.exe
2015-07-26 16:30 - 2015-06-15 13:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2015-07-26 16:30 - 2015-06-15 11:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2015-07-26 16:30 - 2015-06-10 19:54 - 01132640 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2015-07-26 16:30 - 2015-05-30 11:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2015-07-26 16:30 - 2015-05-30 11:24 - 00193536 _____ (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2015-07-26 16:30 - 2015-05-12 05:18 - 00207360 _____ (Microsoft Corporation) C:\Windows\System32\SystemEventsBrokerServer.dll
2015-07-26 16:30 - 2015-05-07 08:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2015-07-26 16:30 - 2015-05-07 08:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2015-07-26 16:30 - 2015-05-07 07:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\System32\GeofenceMonitorService.dll
2015-07-26 16:30 - 2015-05-03 06:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Data.Pdf.dll
2015-07-26 16:30 - 2015-05-02 15:21 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2015-07-26 16:30 - 2015-04-24 18:25 - 00015360 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2015-07-26 16:30 - 2015-04-23 07:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\System32\msftedit.dll
2015-07-19 07:26 - 2015-07-26 05:42 - 00083501 _____ C:\ProgramData\75bCzUv4.dat
2015-07-18 07:54 - 2015-07-18 07:54 - 00000000 ____D C:\Program Files\ffd73335-1ef1-425b-820d-f610becd4dd5
2015-07-18 07:54 - 2015-07-18 07:54 - 00000000 ____D C:\Program Files\41e0180b-5ad4-460b-b221-c86643805fcc
2015-07-18 07:53 - 2015-07-27 16:33 - 00000000 ____D C:\Program Files\YTDownloader
2015-07-18 07:53 - 2015-07-18 07:53 - 00000000 ____D C:\Users\sydney\AppData\Local\CrashRpt
2015-07-18 03:13 - 2015-07-18 03:13 - 00573076 _____ C:\Users\sydney\Downloads\Gravity Gun Mod Installer 1.8.zip
2015-07-18 03:13 - 2015-07-18 03:13 - 00000000 ____D C:\Users\sydney\Downloads\Gravity Gun Mod Installer 1.8
2015-07-09 12:20 - 2015-07-09 12:20 - 00595265 _____ C:\Users\sydney\Downloads\MCA Mod Installer 1.8.zip
2015-07-09 12:20 - 2015-07-09 12:20 - 00000000 ____D C:\Users\sydney\Downloads\MCA Mod Installer 1.8
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-27 20:50 - 2013-08-22 00:17 - 00000000 ____D C:\Windows\System32\LogFiles
2015-07-27 16:49 - 2013-08-21 22:13 - 00262144 ___SH C:\Windows\System32\config\BBI
2015-07-27 16:25 - 2014-04-19 03:17 - 01943569 _____ C:\Windows\WindowsUpdate.log
2015-07-27 16:14 - 2013-08-22 00:17 - 00000000 ____D C:\Windows\AppReadiness
2015-07-27 16:07 - 2014-12-30 08:36 - 00000000 ___DO C:\Users\sydney\OneDrive
2015-07-27 16:02 - 2013-12-13 16:57 - 00338232 _____ C:\Windows\System32\PerfStringBackup.INI
2015-07-27 16:00 - 2013-08-22 00:17 - 00000000 ____D C:\Windows\System32\sru
2015-07-27 15:58 - 2015-05-11 17:01 - 00003800 _____ C:\Windows\setupact.log
2015-07-27 15:57 - 2013-12-13 16:45 - 00205400 _____ C:\Windows\PFRO.log
2015-07-27 15:24 - 2013-08-22 00:17 - 00000000 ____D C:\Windows\tracing
2015-07-27 15:05 - 2015-05-11 08:02 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-07-27 15:02 - 2015-05-11 08:00 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-27 00:03 - 2013-08-22 00:17 - 00000000 ____D C:\Windows\Microsoft.NET
2015-07-26 18:28 - 2013-08-22 00:17 - 00000000 ____D C:\Windows\LiveKernelReports
2015-07-26 17:56 - 2013-08-22 00:17 - 00000000 ____D C:\Windows\rescache
2015-07-26 17:26 - 2015-05-11 08:33 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-26 17:26 - 2013-08-21 23:22 - 00335400 _____ C:\Windows\System32\FNTCACHE.DAT
2015-07-26 17:25 - 2015-05-11 12:39 - 00000000 ____D C:\Windows\System32\appraiser
2015-07-26 17:25 - 2015-05-11 11:57 - 00000000 ___SD C:\Windows\System32\CompatTel
2015-07-26 17:25 - 2013-08-22 00:17 - 00000000 ___RD C:\Windows\ToastData
2015-07-26 17:25 - 2013-08-22 00:17 - 00000000 ____D C:\Windows\WinStore
2015-07-26 17:21 - 2014-12-25 08:31 - 00000000 ____D C:\users\sydney
2015-07-26 17:16 - 2013-08-22 00:05 - 00000000 ____D C:\Windows\CbsTemp
2015-07-26 17:08 - 2015-05-11 12:37 - 00000000 ___SD C:\Windows\System32\GWX
2015-07-26 17:07 - 2014-12-27 13:01 - 00000000 ____D C:\Windows\System32\MRT
2015-07-26 16:42 - 2015-03-02 16:22 - 00002156 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-26 16:30 - 2014-04-19 03:27 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-26 16:20 - 2014-04-19 03:31 - 00000000 ____D C:\Program Files\ASUS
2015-07-26 16:19 - 2015-01-07 15:16 - 00428120 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswsp.sys
2015-07-26 05:16 - 2015-05-21 15:31 - 00000000 ____D C:\Program Files\Minecraft
2015-07-18 07:54 - 2013-08-22 00:17 - 00000000 ____D C:\Program Files\Common Files\System
2015-07-18 03:18 - 2015-05-21 16:18 - 00000000 ____D C:\Users\sydney\AppData\Roaming\.minecraft
2015-07-13 13:10 - 2015-05-11 12:20 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2015-07-13 13:10 - 2015-05-11 12:20 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
 
Some files in TEMP:
====================
C:\Users\sydney\AppData\Local\Temp\VLX_Player.exe
C:\Users\sydney\AppData\Local\Temp\{D9CE27CC-C9C3-48E7-A5B3-35B8CFCDDADB}-GoogleUpdateSetup.exe
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe
[2015-05-11 12:29] - [2015-01-27 15:41] - 2207488 ____A (Microsoft Corporation) 91E24273FCA076EA9E65DAFA98901225
 
C:\Windows\System32\winlogon.exe
[2015-05-11 07:58] - [2014-10-28 17:01] - 0465408 ____A (Microsoft Corporation) E36FB29A2158B7D5DCA0F4E08DE75442
 
C:\Windows\System32\wininit.exe
[2015-05-11 07:55] - [2014-10-28 17:02] - 0115712 ____A (Microsoft Corporation) DC02677945BDABD6B0C6A29914AA21EF
 
C:\Windows\System32\svchost.exe
[2015-05-11 07:54] - [2014-10-28 19:17] - 0033088 ____A (Microsoft Corporation) D0ABC231C0B3E88C6B612B28ABBF734D
 
C:\Windows\System32\services.exe
[2015-05-12 20:56] - [2015-04-08 14:59] - 0333624 ____A (Microsoft Corporation) 9E597749A44C4A39948917B5F30DE1CC
 
C:\Windows\System32\User32.dll
[2015-05-11 08:00] - [2014-10-28 19:12] - 1403280 ____A (Microsoft Corporation) 274A5FEE7293699C189317CE75666097
 
C:\Windows\System32\userinit.exe
[2015-05-11 07:53] - [2014-10-28 17:05] - 0022528 ____A (Microsoft Corporation) D10643FC0095434C819316CA6CD748C0
 
C:\Windows\System32\rpcss.dll
[2015-05-11 08:00] - [2014-10-28 16:59] - 0643072 ____A (Microsoft Corporation) E5D48E15A7D92BD0411A66ABD39E0D4E
 
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\dnsapi.dll
[2015-05-11 12:45] - [2014-11-04 17:20] - 0498688 ____A (Microsoft Corporation) 205BDB00F4C032AF45A6BFD18EA7886C
 
C:\Windows\System32\Drivers\volsnap.sys
[2014-12-30 09:27] - [2014-06-18 16:56] - 0264512 ___AC (Microsoft Corporation) 31A2AA48C1ECD390E2707E5C21B75DCE
 
 
==================== Restore Points  =========================
 
Restore point made on: 2015-06-24 16:32:42
Restore point made on: 2015-07-26 16:20:03
Restore point made on: 2015-07-27 16:33:05
 
==================== Memory info =========================== 
 
Percentage of memory in use: 32%
Total physical RAM: 1933.15 MB
Available physical RAM: 1297.13 MB
Total Virtual: 1933.15 MB
Available Virtual: 1354.37 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:49.14 GB) (Free:19.4 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Removable) (Total:29.53 GB) (Free:29.53 GB) FAT32
Drive e: (Recovery) (Fixed) (Total:0.88 GB) (Free:0.64 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (GSP1RMCULXFRER_EN_DVD) (Removable) (Total:14.45 GB) (Free:11.25 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 58.2 GB) (Disk ID: AA5DC01F)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 29.5 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 2 (Size: 14.5 GB) (Disk ID: 1B574EFF)
Partition 1: (Active) - (Size=14.5 GB) - (Type=07 NTFS)
 
 
LastRegBack: 2015-07-26 17:09
 
==================== End of log ============================

 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:25 PM

Posted 09 August 2015 - 08:13 PM

Greetings ttcole1254 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run the following for me.

===================================================

Farbar Recovery Scan Tool (FRST) Registry Fix in Recovery Environment

--------------------

Note: This fix will only work if your USB Device is still considered the F: Drive.

Running from F:\

-----
  • Insert a USB device into a clean computer
  • Download [attachment=168643:BootExecute.reg] and save it to your USB device.
  • Download [attachment=168644:Fixlist.txt] and save it to your USB drive
  • Insert your USB device into the compromised computer
  • Boot back into the System Recovery Options and select Command Prompt
  • Type Notepad and select Enter
  • Click File, then Open
  • Select Computer and verify the correct Drive letter is indicated above. If your Drive letter is different stop and let me know
  • Run FRST and press the Fix button
  • The tool will create a Fixlog.txt report on your USB device
  • Copy and paste that information in your reply
  • Attempt to boot your computer successfully
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Does your computer boot properly?

Edited by Oh My!, 10 August 2015 - 07:20 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:25 PM

Posted 12 August 2015 - 09:26 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:25 PM

Posted 14 August 2015 - 11:23 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users