Jump to content

Help Fixing FBI virus...logs attached


Recommended Posts

Hey Guys,

I am helping a friend fix his girlfriends computer. The computer is a Sony running on windows 7 64bit operating system. Like other threads I read on this forum I went ahead and did the first couple steps that were to run the Farbar Tool from rescue options. Just like others this computer is completely locked out of safe mode and also the virus infected the router of their home and blocked all internet access until I had them reset the router.

Anyways, I am going to attach the text from "frst.txt" and "search.txt" if any of you could help me with a code and moving forward it would be greatly appreciated. Thanks

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-01-2013 02

Ran by SYSTEM at 21-01-2013 19:24:05

Running from F:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s [10134560 2010-04-06] (Realtek Semiconductor)

HKLM\...\Run: [Apoint] %ProgramFiles%\Apoint\Apoint.exe [221480 2010-05-16] (Alps Electric Co., Ltd.)

HKLM-x32\...\Run: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup [89080 2010-07-15] (Sony Electronics Corporation)

HKLM-x32\...\Run: [PMBVolumeWatcher] "C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [597792 2010-01-21] (Sony Corporation)

HKLM-x32\...\Run: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe" [1392784 2011-01-15] (Webroot Software, Inc. )

HKLM-x32\...\Run: [sHTtray.exe] "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe" [99696 2010-02-24] (Sony Corporation)

HKLM-x32\...\Run: [AppleSyncNotifier] "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [59240 2011-11-02] (Apple Inc.)

HKLM-x32\...\Run: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [29984 2008-07-09] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [46368 2008-07-09] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" [346 2013-01-20] ()

HKLM-x32\...\Run: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun [114688 2008-12-24] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [brStsMon00] "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN [2621440 2010-02-09] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [bingDesktop] "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe" /fromkey [2127896 2012-11-22] (Microsoft Corp.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)

HKU\Michelle\...\Run: [Elbserver] "C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe" /Stay [81328 2010-02-09] (Sony Corporation)

HKU\Michelle\...\Run: [VRLPHelper] "C:\Program Files (x86)\Sony\Media Gallery\VRLPHelper.exe" /Stay [182128 2010-02-09] (Sony Corporation)

HKU\Michelle\...\Run: [HLBackupScheduler] "C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [4950664 2011-06-28] ()

HKU\Michelle\...\Run: [RESTART_STICKY_NOTES] "C:\Windows\System32\StikyNot.exe" [427520 2009-07-13] (Microsoft Corporation)

HKU\Michelle\...\Run: [MobileDocuments] "C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe" [x]

HKU\Michelle\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-18] (Google Inc.)

HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)

HKLM\...\Winlogon: [shell] C:\PROGRA~3\dsgsdgdsgdsgw.bat [x ] ()

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\Users\Michelle\Start Menu\Programs\Startup\runctf.lnk

ShortcutTarget: runctf.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation)

==================== Services (Whitelisted) ===================

3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

2 BingDesktopUpdate; "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" [166424 2012-11-22] (Microsoft Corp.)

2 SampleCollector; "C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=2000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)\Processor Frequency:1" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1" "/expandcounter=\Processor(*)\% C3 Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=inteldata" [252416 2010-05-25] (Sony Corporation)

3 SpfService; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe" [302448 2010-02-08] (Sony Corporation)

3 VAIO Entertainment TV Device Arbitration Service; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe" [69632 2010-04-08] (Sony Corporation)

3 VUAgent; "C:\Program Files\Sony\VAIO Update\VUAgent.exe" [1286784 2012-10-26] (Sony Corporation)

2 WebrootSpySweeperService; "C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe" [3888696 2010-12-07] (Webroot Software, Inc. (www.webroot.com))

2 WRConsumerService; "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe" [3275112 2011-01-15] (Webroot Software, Inc. )

==================== Drivers (Whitelisted) =====================

2 ssfmonm; C:\Windows\System32\Drivers\ssfmonm.sys [55360 2010-10-12] (Webroot Software, Inc. (www.webroot.com))

0 ssidrv; C:\Windows\System32\Drivers\ssidrv.sys [137248 2010-10-12] (Webroot Software, Inc. (www.webroot.com))

2 IAStorDataMgrSvc; [x]

2 MSSQL$DDNI; [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-01-17 07:20 - 2013-01-20 11:13 - 95023320 ___AT C:\Users\All Users\dsgsdgdsgdsgw.pad

2013-01-17 07:20 - 2013-01-17 07:20 - 00178176 ____A (?????????? ??????????) C:\Users\Michelle\wgsdgsdgdsgsd.exe

2013-01-17 07:20 - 2013-01-17 07:20 - 00002964 ____A C:\Users\All Users\dsgsdgdsgdsgw.js

2013-01-17 07:20 - 2013-01-17 07:20 - 00000159 ____A C:\Users\All Users\dsgsdgdsgdsgw.reg

2013-01-17 07:20 - 2013-01-17 07:20 - 00000069 ____A C:\Users\All Users\dsgsdgdsgdsgw.bat

2013-01-11 11:33 - 2013-01-11 11:33 - 00000000 ____D C:\Users\All Users\EA Core

2013-01-09 05:38 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll

2013-01-09 05:38 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll

2013-01-09 05:38 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2013-01-09 05:38 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2013-01-09 05:38 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2013-01-09 05:38 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

2013-01-09 05:38 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2013-01-09 05:38 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2013-01-09 05:38 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2013-01-09 05:38 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2013-01-09 05:37 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll

2013-01-09 05:37 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll

2013-01-09 05:37 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll

2013-01-09 05:37 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll

2013-01-09 05:37 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs

2013-01-09 05:37 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs

2013-01-09 05:37 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs

2013-01-09 05:37 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs

2013-01-09 05:37 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs

2013-01-09 05:37 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs

2013-01-09 05:37 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs

2013-01-09 05:37 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs

2013-01-09 05:37 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs

2013-01-09 05:37 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs

2013-01-09 05:37 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs

2013-01-09 05:37 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs

2013-01-09 05:37 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs

2013-01-09 05:37 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs

2013-01-09 05:37 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs

2013-01-09 05:37 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs

2013-01-09 05:37 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs

2013-01-09 05:37 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs

2013-01-09 05:37 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs

2013-01-09 05:37 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs

2013-01-09 05:37 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs

2013-01-09 05:37 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs

2013-01-09 05:37 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs

2013-01-09 05:37 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs

2013-01-09 05:37 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs

2013-01-09 05:37 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs

2013-01-09 05:37 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs

2013-01-09 05:37 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs

2013-01-09 05:37 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2013-01-09 05:37 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll

2013-01-09 05:37 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2013-01-09 05:37 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2013-01-09 05:37 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2013-01-09 05:37 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2013-01-09 05:37 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2013-01-09 05:37 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-01-09 05:37 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2013-01-09 05:37 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2013-01-09 05:37 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

2013-01-09 05:37 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-01-09 05:37 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-01-09 05:37 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-01-09 05:37 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-01-09 05:37 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2013-01-09 05:37 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls

2013-01-09 05:37 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls

2013-01-09 05:37 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-01-09 05:37 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe

2013-01-08 05:47 - 2013-01-08 05:47 - 00073216 ____A C:\Users\Michelle\Downloads\BOWL_POOL_NUMBERS-FIESTA (2).xls

2013-01-06 13:08 - 2013-01-06 13:08 - 00002587 ____A C:\Users\Michelle\Downloads\this_message_in_html.htm

2013-01-04 13:06 - 2013-01-04 13:06 - 00000000 ____D C:\Users\Michelle\AppData\Local\{348E04C9-02B1-460A-9F61-8EC4E53BE3D4}

2013-01-04 12:15 - 2013-01-04 12:17 - 00082944 ____A C:\Users\Michelle\Downloads\BOWL_POOL_NUMBERS-FIESTA (1).xls

2013-01-04 12:15 - 2013-01-04 12:15 - 00082944 ____A C:\Users\Michelle\Downloads\BOWL_POOL_NUMBERS-FIESTA.xls

2013-01-03 15:14 - 2012-08-23 05:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe

2013-01-03 15:14 - 2012-08-23 05:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll

2013-01-03 15:14 - 2012-08-23 05:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll

2013-01-03 15:13 - 2012-08-23 06:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll

2013-01-03 15:13 - 2012-08-23 06:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys

2013-01-03 15:13 - 2012-08-23 06:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys

2013-01-03 15:13 - 2012-08-23 05:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll

2013-01-03 15:13 - 2012-08-23 05:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll

2013-01-03 15:13 - 2012-08-23 05:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll

2013-01-03 15:13 - 2012-08-23 05:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2013-01-03 15:13 - 2012-08-23 05:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll

2013-01-03 15:13 - 2012-08-23 05:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll

2013-01-03 15:13 - 2012-08-23 04:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll

2013-01-03 15:13 - 2012-08-23 03:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe

2013-01-03 15:13 - 2012-08-23 03:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

2013-01-03 15:13 - 2012-08-23 03:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe

2013-01-03 15:13 - 2012-08-23 03:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll

2013-01-03 15:13 - 2012-08-23 02:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll

2013-01-03 15:13 - 2012-08-23 02:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll

2013-01-03 15:13 - 2012-08-23 02:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2013-01-03 15:13 - 2012-08-23 02:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe

2013-01-03 15:13 - 2012-08-23 01:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll

2013-01-03 15:13 - 2012-08-23 00:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2013-01-03 15:13 - 2012-08-23 00:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll

2013-01-03 15:12 - 2012-08-24 10:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2013-01-03 15:12 - 2012-08-24 10:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2013-01-03 15:12 - 2012-08-24 10:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2013-01-03 15:12 - 2012-08-24 10:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll

2013-01-03 15:12 - 2012-08-24 08:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2013-01-03 15:12 - 2012-08-24 08:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2013-01-03 15:12 - 2012-08-24 08:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-12-26 09:36 - 2012-12-26 09:36 - 00002304 ____A C:\Users\Public\Desktop\The Sims™ 3 Outdoor Living Stuff.lnk

2012-12-24 12:30 - 2012-12-24 12:30 - 00002196 ____A C:\Users\Public\Desktop\The Sims™ 3 Showtime.lnk

2012-12-24 09:35 - 2012-12-24 09:35 - 00002224 ____A C:\Users\Public\Desktop\The Sims™ 3 Generations.lnk

2012-12-22 00:01 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll

2012-12-22 00:01 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll

2012-12-22 00:01 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2012-12-22 00:01 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

==================== One Month Modified Files and Folders =======

2013-01-21 19:23 - 2013-01-21 19:23 - 00000000 ____D C:\FRST

2013-01-20 11:13 - 2013-01-17 07:20 - 95023320 ___AT C:\Users\All Users\dsgsdgdsgdsgw.pad

2013-01-20 08:26 - 2012-08-07 04:13 - 00002240 ____A C:\Windows\setupact.log

2013-01-20 08:26 - 2010-08-18 21:28 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-01-20 08:26 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-01-20 07:53 - 2010-10-09 03:02 - 01769030 ____A C:\Windows\WindowsUpdate.log

2013-01-20 07:53 - 2009-07-13 20:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-01-20 07:53 - 2009-07-13 20:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-01-20 07:34 - 2010-08-18 21:28 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-01-20 05:49 - 2011-01-25 11:48 - 00000000 ____D C:\Users\All Users\Yahoo! Companion

2013-01-20 05:48 - 2010-11-05 13:49 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\SoftGrid Client

2013-01-20 05:47 - 2010-08-18 21:44 - 00000000 ____D C:\Users\All Users\Sony Corporation

2013-01-20 05:47 - 2010-08-18 21:22 - 00000000 ____D C:\Program Files\Sony

2013-01-20 05:47 - 2010-08-18 21:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-01-19 11:22 - 2012-08-12 14:04 - 00000000 ____A C:\Windows\Model.log

2013-01-19 11:22 - 2011-06-20 09:43 - 00000021 ____A C:\Windows\Model.txt

2013-01-18 13:42 - 2010-11-04 18:33 - 00069720 ____A C:\Users\Michelle\AppData\Local\GDIPFONTCACHEV1.DAT

2013-01-17 07:21 - 2010-11-04 18:33 - 00000000 ____D C:\Users\Michelle\AppData\Local\Google

2013-01-17 07:20 - 2013-01-17 07:20 - 00178176 ____A (?????????? ??????????) C:\Users\Michelle\wgsdgsdgdsgsd.exe

2013-01-17 07:20 - 2013-01-17 07:20 - 00002964 ____A C:\Users\All Users\dsgsdgdsgdsgw.js

2013-01-17 07:20 - 2013-01-17 07:20 - 00000159 ____A C:\Users\All Users\dsgsdgdsgdsgw.reg

2013-01-17 07:20 - 2013-01-17 07:20 - 00000069 ____A C:\Users\All Users\dsgsdgdsgdsgw.bat

2013-01-17 07:20 - 2010-11-04 18:29 - 00000000 ____D C:\users\Michelle

2013-01-14 13:02 - 2012-12-12 07:15 - 00000000 ____D C:\Users\Michelle\Documents\Recipes

2013-01-11 11:33 - 2013-01-11 11:33 - 00000000 ____D C:\Users\All Users\EA Core

2013-01-10 01:42 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2013-01-10 00:35 - 2009-07-13 20:45 - 00310368 ____A C:\Windows\System32\FNTCACHE.DAT

2013-01-10 00:34 - 2012-08-07 04:13 - 00009728 ____A C:\Windows\PFRO.log

2013-01-10 00:13 - 2009-07-13 21:13 - 00741704 ____A C:\Windows\System32\PerfStringBackup.INI

2013-01-10 00:05 - 2010-11-11 17:00 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-01-08 05:47 - 2013-01-08 05:47 - 00073216 ____A C:\Users\Michelle\Downloads\BOWL_POOL_NUMBERS-FIESTA (2).xls

2013-01-06 13:08 - 2013-01-06 13:08 - 00002587 ____A C:\Users\Michelle\Downloads\this_message_in_html.htm

2013-01-04 13:06 - 2013-01-04 13:06 - 00000000 ____D C:\Users\Michelle\AppData\Local\{348E04C9-02B1-460A-9F61-8EC4E53BE3D4}

2013-01-04 13:06 - 2010-11-11 17:03 - 00000000 ____D C:\Users\Michelle\AppData\Local\Windows Live

2013-01-04 12:17 - 2013-01-04 12:15 - 00082944 ____A C:\Users\Michelle\Downloads\BOWL_POOL_NUMBERS-FIESTA (1).xls

2013-01-04 12:15 - 2013-01-04 12:15 - 00082944 ____A C:\Users\Michelle\Downloads\BOWL_POOL_NUMBERS-FIESTA.xls

2013-01-03 15:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-01-03 13:47 - 2010-12-05 12:41 - 00001882 ____A C:\test.xml

2012-12-26 09:36 - 2012-12-26 09:36 - 00002304 ____A C:\Users\Public\Desktop\The Sims™ 3 Outdoor Living Stuff.lnk

2012-12-26 09:25 - 2010-11-05 13:06 - 00000000 ____D C:\Program Files (x86)\Electronic Arts

2012-12-24 12:30 - 2012-12-24 12:30 - 00002196 ____A C:\Users\Public\Desktop\The Sims™ 3 Showtime.lnk

2012-12-24 09:35 - 2012-12-24 09:35 - 00002224 ____A C:\Users\Public\Desktop\The Sims™ 3 Generations.lnk

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-08 05:47:52

Restore point made on: 2013-01-10 00:01:01

Restore point made on: 2013-01-11 11:42:23

Restore point made on: 2013-01-15 05:24:54

Restore point made on: 2013-01-19 11:23:47

==================== Memory info ===========================

Percentage of memory in use: 15%

Total physical RAM: 3834.9 MB

Available physical RAM: 3228.04 MB

Total Pagefile: 3833.05 MB

Available Pagefile: 3219.95 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:456.03 GB) (Free:296.05 GB) NTFS

2 Drive e: (Recovery) (Fixed) (Total:9.63 GB) (Free:0.82 GB) NTFS ==>[system with boot components (obtained from reading drive)]

3 Drive f: (Jan 21 2013) (CDROM) (Total:0.69 GB) (Free:0.62 GB) UDF

6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

7 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 1024 KB

Disk 1 No Media 0 B 0 B

Disk 2 No Media 0 B 0 B

Partitions of Disk 0:

===============

Disk ID: B038CB79

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Recovery 9 GB 1024 KB

Partition 2 Primary 100 MB 9 GB

Partition 3 Primary 456 GB 9 GB

==================================================================================

Disk: 0

Partition 1

Type : 27

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E Recovery NTFS Partition 9 GB Healthy Hidden

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 456 GB Healthy

=========================================================

Last Boot: 2013-01-15 06:36

==================== End Of Log =============================

Farbar Recovery Scan Tool (x64) Version: 21-01-2013 02

Ran by SYSTEM at 2013-01-21 19:27:37

Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

Link to post
Share on other sites

OK, here you go......Please carefully carry out this procedure!!!!!!

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots normally now.

MrC

Link to post
Share on other sites

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.