Jump to content

Alureon.J virus help


Drksoul

Recommended Posts

Minion%20Welcome.jpg

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)

warning.gif Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.


51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed.

  • First of all select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

TDSSKiller_Kaspersky.png Scan with TDSSKiller

Please download TDSSKiller by Kaspersky and save it to your desktop.

  • Right-click on TDSSKiller_Kaspersky.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Click on Change parameters and put a checkmark beside Loaded modules. A reboot will be needed to apply the changes, allow it to do so.
  • Your machine may appear very slow and unusable after that - it's normal.
  • TDSSKiller will run automaticaly. Click on Change parameters and click OK.
  • Make sure that Verify driver digital signatures & Detect TDLFS File System are marked and click OK.
  • Click the Start Scan button and wait patiently.

If anything will be found follow this guidelines:

  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    > Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    > If Cure is not available, please choose Skip instead.

  • Do not choose Delete unless instructed!

A report will be created in your root directory, (usually C:\ drive) in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt. Please include the contents of that file in your next post.

FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system. If you don't know which one should it be, download both of them and try each other out. Only one will run - this is the right one. Please leave it and delete the other.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/10/2014
Scan Time: 5:59:57 AM
Logfile: mwb.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.10.04
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Tevin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 389485
Time Elapsed: 25 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

MalwarebytesAntiRootkit.png Scan with Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save the file to your desktop.

Note that the tool is still in its BETA stage, therefore not all functionalities may be added.

  • Right-click on MalwarebytesAntiRootkit.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It will ask you for an extraction place - make sure you will unpack it to your desktop.
  • After the extraction, the tool should start itself (no action required).
  • On the Introduction screen click Next.
  • On the Update screen click Update.
  • When prompted about the succesful update, click Next.
  • On the Scan System screen, make sure that all three options
    • Drivers
    • Sectors
    • System
    are checked for scanning and press Scan.

Wait patiently and don't do anything on your machine while MBAR goes through your system!

  • If no infection is found, just close the tool.
  • If an infection is found, make sure that Create Restore Point is checked, then select Cleanup button to remove threats. The process will start and your machine will prompt you to reboot upon completion.

When finished (either with or without cleanup), please navigate to the MBAR directory.

Search there for these two files:

> mbar-log-date(time).txt

> system-log.txt

Please include the content of both files in your reply.

Link to post
Share on other sites

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.09.10.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17280
Tevin :: TEVIN-PC [administrator]

9/10/2014 7:06:58 AM
mbar-log-2014-09-10 (07-06-58).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 389962
Time elapsed: 22 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17280

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.411000 GHz
Memory total: 8588025856, free: 5838155776

Downloaded database version: v2014.09.10.04
Downloaded database version: v2014.08.21.01
=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A88863EA

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 976564224

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: FD692FC0

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 976766976

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
 

Link to post
Share on other sites

Well after rebooting my computer I have more info: This is what MSE says

 

 

The following error occurred: Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer.

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Items:
boot:\Device\Harddisk0\DR0

Link to post
Share on other sites

Quite strange. Let's take another scanner.



aswMBR.png Scan with aswMBR

Please download aswMBR by Avast! & Gmer and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on the aswMBR.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Allow virtualisation if offered.
  • If you are prompted to download the latest anti-virus definitions from avast!, click Yes.
  • Click the AV Scan: drop down box and select C:\.
  • Select scan.
  • Upon completion, you will see Scan finished successfully. Click Save log.

Do NOT click Fix or FixMBR!
A file (MBR.dat) will be created on your desktop. Do NOT click or delete it!

Copy the contents of the logfile ans paste in into your next reply.
Do not forget to re-enable your previously switched-off protection software!

Link to post
Share on other sites

MbrScan.png Scan with MBRScan

 

Please download MbrScan by Eric_71 and save it to your desktop.

  • Right-click on MbrScan.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • First click Scan at the upper bar.
  • When the table will get filled with data, click Report.
  • A log (MbrScan.txt) will open in notepad.

Please include the contents of that file in your reply. Due to special formatting, post it directly and not attach!
There will be also a file named Dump_Hdd*_DR*.mbr on your desktop. Do not click on it or delete it!

Link to post
Share on other sites

MBRScan v1.1.1OS             : Windows 7 Service Pack 1 (64 bit)PROCESSOR      : AMD64 Family 16 Model 4 Stepping 3, AuthenticAMDBOOT           : Normal BootDATE           : 2014/09/11 (ISO 8601) at 08:29:36________________________________________________________________________________DISK           : Device\Harddisk0\DR0 __WDC WD5000AAKS-00UU3A0 (01.03B01)BUS_TYPE       : (0x03)  P-ATAUSE_PIO        : NOMAX_TRANSFER   : 128 KbALIGNMENT_MASK : word aligned________________________________________________________________________________DISK           : Device\Harddisk1\DR1 __ST3500320AS (SD15)BUS_TYPE       : (0x03)  P-ATAUSE_PIO        : NOMAX_TRANSFER   : 128 KbALIGNMENT_MASK : word aligned________________________________________________________________________________Device\Harddisk0\DR0    465.8 Go  [Fixed] ==> 7 MBR CodeMBR_MD5   : B0C15C3C50A599B260035C3805DE2E03MBR_SHA1  : 004EBF8DD3F6D58BF03EA0CC14D559D2EAA7DC37Device\Harddisk0\Partition1    100.0 Mo      0x07 NTFS / HPFS __ BOOTABLE __Device\Harddisk0\Partition2    465.7 Go      0x07 NTFS / HPFS________________________________________________________________________________Device\Harddisk1\DR1    465.8 Go  [Fixed] ==> 7 MBR CodeMBR_MD5   : 9084C5810A531B4F0121AD93DB8A68F7MBR_SHA1  : 87F7BBF8C90D702EA6E873F5138F52EA527D448FDevice\Harddisk1\Partition1    465.8 Go      0x07 NTFS / HPFS________________________________________________________________________________############################### Additional scan ################################DRIVER  : C:\Windows\system32\hal.dll => Invisible on the diskADDRESS : 0x039E9000SIZE    : 292.0 KoDRIVER  : C:\Windows\system32\kdcom.dll => Invisible on the diskADDRESS : 0x00B9B000SIZE    : 40.0 KoDRIVER  : C:\Windows\system32\mcupdate_AuthenticAMD.dll => Invisible on the diskADDRESS : 0x00CB3000SIZE    : 52.0 KoDRIVER  : C:\Windows\system32\CLFS.SYS => Invisible on the diskADDRESS : 0x00CD4000SIZE    : 376.0 KoDRIVER  : C:\Windows\system32\CI.dll => Invisible on the diskADDRESS : 0x00D32000SIZE    : 768.0 KoDRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the diskADDRESS : 0x00E54000SIZE    : 776.0 KoDRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the diskADDRESS : 0x00F16000SIZE    : 64.0 KoDRIVER  : C:\Windows\system32\drivers\ACPI.sys => Invisible on the diskADDRESS : 0x00F26000SIZE    : 348.0 KoDRIVER  : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the diskADDRESS : 0x00F7D000SIZE    : 36.0 KoDRIVER  : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the diskADDRESS : 0x00F86000SIZE    : 40.0 KoDRIVER  : C:\Windows\system32\drivers\pci.sys => Invisible on the diskADDRESS : 0x00F90000SIZE    : 204.0 KoDRIVER  : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the diskADDRESS : 0x00FC3000SIZE    : 52.0 KoDRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the diskADDRESS : 0x00FD0000SIZE    : 84.0 KoDRIVER  : C:\Windows\system32\DRIVERS\compbatt.sys => Invisible on the diskADDRESS : 0x00FE5000SIZE    : 36.0 KoDRIVER  : C:\Windows\system32\DRIVERS\BATTC.SYS => Invisible on the diskADDRESS : 0x00FEE000SIZE    : 48.0 KoDRIVER  : C:\Windows\system32\drivers\volmgr.sys => Invisible on the diskADDRESS : 0x00E00000SIZE    : 84.0 KoDRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the diskADDRESS : 0x00C00000SIZE    : 368.0 KoDRIVER  : C:\Windows\system32\drivers\pciide.sys => Invisible on the diskADDRESS : 0x00E15000SIZE    : 28.0 KoDRIVER  : C:\Windows\system32\drivers\PCIIDEX.SYS => Invisible on the diskADDRESS : 0x00E1C000SIZE    : 64.0 KoDRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the diskADDRESS : 0x00E2C000SIZE    : 104.0 KoDRIVER  : C:\Windows\system32\drivers\vmbus.sys => Invisible on the diskADDRESS : 0x00C5C000SIZE    : 240.0 KoDRIVER  : C:\Windows\system32\drivers\winhv.sys => Invisible on the diskADDRESS : 0x00C98000SIZE    : 80.0 KoDRIVER  : C:\Windows\system32\drivers\atapi.sys => Invisible on the diskADDRESS : 0x00E46000SIZE    : 36.0 KoDRIVER  : C:\Windows\system32\drivers\ataport.SYS => Invisible on the diskADDRESS : 0x01060000SIZE    : 168.0 KoDRIVER  : C:\Windows\system32\drivers\amdxata.sys => Invisible on the diskADDRESS : 0x0108A000SIZE    : 44.0 KoDRIVER  : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the diskADDRESS : 0x01095000SIZE    : 304.0 KoDRIVER  : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the diskADDRESS : 0x010E1000SIZE    : 80.0 KoDRIVER  : C:\Windows\system32\DRIVERS\MpFilter.sys => Invisible on the diskADDRESS : 0x010F5000SIZE    : 264.0 KoDRIVER  : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the diskADDRESS : 0x0120E000SIZE    : 1.66 MoDRIVER  : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the diskADDRESS : 0x01137000SIZE    : 376.0 KoDRIVER  : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the diskADDRESS : 0x013B7000SIZE    : 108.0 KoDRIVER  : C:\Windows\System32\Drivers\cng.sys => Invisible on the diskADDRESS : 0x014C7000SIZE    : 456.0 KoDRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the diskADDRESS : 0x01539000SIZE    : 68.0 KoDRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the diskADDRESS : 0x0154A000SIZE    : 40.0 KoDRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the diskADDRESS : 0x0167B000SIZE    : 968.0 KoDRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the diskADDRESS : 0x0176D000SIZE    : 384.0 KoDRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the diskADDRESS : 0x017CD000SIZE    : 176.0 KoDRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the diskADDRESS : 0x01800000SIZE    : 2.00 MoDRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the diskADDRESS : 0x01600000SIZE    : 292.0 KoDRIVER  : C:\Windows\system32\drivers\vmstorfl.sys => Invisible on the diskADDRESS : 0x01649000SIZE    : 64.0 KoDRIVER  : C:\Windows\system32\drivers\volsnap.sys => Invisible on the diskADDRESS : 0x01554000SIZE    : 304.0 KoDRIVER  : C:\Windows\System32\Drivers\spldr.sys => Invisible on the diskADDRESS : 0x01659000SIZE    : 32.0 KoDRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the diskADDRESS : 0x015A0000SIZE    : 232.0 KoDRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the diskADDRESS : 0x01661000SIZE    : 72.0 KoDRIVER  : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the diskADDRESS : 0x015DA000SIZE    : 36.0 KoDRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the diskADDRESS : 0x01400000SIZE    : 232.0 KoDRIVER  : C:\Windows\system32\DRIVERS\disk.sys => Invisible on the diskADDRESS : 0x0143A000SIZE    : 88.0 KoDRIVER  : C:\Windows\system32\DRIVERS\CLASSPNP.SYS => Invisible on the diskADDRESS : 0x01450000SIZE    : 192.0 KoDRIVER  : C:\Windows\system32\DRIVERS\dtsoftbus01.sys => Invisible on the diskADDRESS : 0x01195000SIZE    : 288.0 KoDRIVER  : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the diskADDRESS : 0x013D2000SIZE    : 168.0 KoDRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the diskADDRESS : 0x014B6000SIZE    : 36.0 KoDRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the diskADDRESS : 0x01673000SIZE    : 28.0 KoDRIVER  : C:\Windows\System32\drivers\vga.sys => Invisible on the diskADDRESS : 0x015E3000SIZE    : 56.0 KoDRIVER  : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the diskADDRESS : 0x01000000SIZE    : 148.0 KoDRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the diskADDRESS : 0x01025000SIZE    : 64.0 KoDRIVER  : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the diskADDRESS : 0x015F1000SIZE    : 36.0 KoDRIVER  : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the diskADDRESS : 0x01200000SIZE    : 36.0 KoDRIVER  : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the diskADDRESS : 0x01035000SIZE    : 36.0 KoDRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the diskADDRESS : 0x0103E000SIZE    : 44.0 KoDRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the diskADDRESS : 0x01049000SIZE    : 68.0 KoDRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the diskADDRESS : 0x011DD000SIZE    : 136.0 KoDRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the diskADDRESS : 0x00DF2000SIZE    : 52.0 KoDRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the diskADDRESS : 0x06604000SIZE    : 548.0 KoDRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the diskADDRESS : 0x0668D000SIZE    : 276.0 KoDRIVER  : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the diskADDRESS : 0x066D2000SIZE    : 36.0 KoDRIVER  : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the diskADDRESS : 0x066DB000SIZE    : 152.0 KoDRIVER  : C:\Windows\system32\DRIVERS\vwififlt.sys => Invisible on the diskADDRESS : 0x06701000SIZE    : 88.0 KoDRIVER  : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the diskADDRESS : 0x06717000SIZE    : 60.0 KoDRIVER  : C:\Windows\system32\DRIVERS\serial.sys => Invisible on the diskADDRESS : 0x06726000SIZE    : 116.0 KoDRIVER  : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the diskADDRESS : 0x06743000SIZE    : 108.0 KoDRIVER  : C:\Windows\system32\drivers\termdd.sys => Invisible on the diskADDRESS : 0x0675E000SIZE    : 80.0 KoDRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the diskADDRESS : 0x06772000SIZE    : 324.0 KoDRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the diskADDRESS : 0x067C3000SIZE    : 48.0 KoDRIVER  : C:\Windows\system32\drivers\mssmbios.sys => Invisible on the diskADDRESS : 0x067CF000SIZE    : 44.0 KoDRIVER  : C:\Windows\System32\drivers\discache.sys => Invisible on the diskADDRESS : 0x067DA000SIZE    : 60.0 KoDRIVER  : C:\Windows\system32\drivers\csc.sys => Invisible on the diskADDRESS : 0x068E4000SIZE    : 524.0 KoDRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the diskADDRESS : 0x06967000SIZE    : 120.0 KoDRIVER  : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the diskADDRESS : 0x06985000SIZE    : 68.0 KoDRIVER  : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the diskADDRESS : 0x06996000SIZE    : 152.0 KoDRIVER  : C:\Windows\system32\DRIVERS\amdppm.sys => Invisible on the diskADDRESS : 0x069BC000SIZE    : 84.0 KoDRIVER  : C:\Windows\system32\DRIVERS\atikmpag.sys => Invisible on the diskADDRESS : 0x06800000SIZE    : 592.0 KoDRIVER  : C:\Windows\system32\DRIVERS\atikmdag.sys => Invisible on the diskADDRESS : 0x07273000SIZE    : 11.45 MoDRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the diskADDRESS : 0x06A94000SIZE    : 980.0 KoDRIVER  : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the diskADDRESS : 0x06B89000SIZE    : 280.0 KoDRIVER  : C:\Windows\system32\drivers\HDAudBus.sys => Invisible on the diskADDRESS : 0x06BCF000SIZE    : 144.0 KoDRIVER  : C:\Windows\system32\DRIVERS\Rt64win7.sys => Invisible on the diskADDRESS : 0x06A00000SIZE    : 200.0 KoDRIVER  : C:\Windows\system32\drivers\1394ohci.sys => Invisible on the diskADDRESS : 0x06A32000SIZE    : 248.0 KoDRIVER  : C:\Windows\system32\DRIVERS\GEARAspiWDM.sys => Invisible on the diskADDRESS : 0x06A70000SIZE    : 28.0 KoDRIVER  : C:\Windows\system32\DRIVERS\usbohci.sys => Invisible on the diskADDRESS : 0x06A77000SIZE    : 44.0 KoDRIVER  : C:\Windows\system32\DRIVERS\USBPORT.SYS => Invisible on the diskADDRESS : 0x07200000SIZE    : 344.0 KoDRIVER  : C:\Windows\system32\DRIVERS\usbehci.sys => Invisible on the diskADDRESS : 0x06A82000SIZE    : 72.0 KoDRIVER  : C:\Windows\system32\DRIVERS\ASACPI.sys => Invisible on the diskADDRESS : 0x06BF3000SIZE    : 32.0 KoDRIVER  : C:\Windows\system32\DRIVERS\serenum.sys => Invisible on the diskADDRESS : 0x07256000SIZE    : 48.0 KoDRIVER  : C:\Windows\system32\DRIVERS\fdc.sys => Invisible on the diskADDRESS : 0x07262000SIZE    : 52.0 KoDRIVER  : C:\Windows\system32\drivers\wmiacpi.sys => Invisible on the diskADDRESS : 0x07DE6000SIZE    : 36.0 KoDRIVER  : C:\Windows\system32\drivers\CompositeBus.sys => Invisible on the diskADDRESS : 0x07DEF000SIZE    : 64.0 KoDRIVER  : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the diskADDRESS : 0x06894000SIZE    : 88.0 KoDRIVER  : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the diskADDRESS : 0x068AA000SIZE    : 144.0 KoDRIVER  : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the diskADDRESS : 0x068CE000SIZE    : 48.0 KoDRIVER  : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the diskADDRESS : 0x069D1000SIZE    : 188.0 KoDRIVER  : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the diskADDRESS : 0x06E3F000SIZE    : 108.0 KoDRIVER  : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the diskADDRESS : 0x06E5A000SIZE    : 132.0 KoDRIVER  : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the diskADDRESS : 0x06E7B000SIZE    : 104.0 KoDRIVER  : C:\Windows\system32\DRIVERS\tap0901t.sys => Invisible on the diskADDRESS : 0x06E95000SIZE    : 52.0 KoDRIVER  : C:\Windows\system32\DRIVERS\rdpbus.sys => Invisible on the diskADDRESS : 0x06EA2000SIZE    : 44.0 KoDRIVER  : C:\Windows\system32\drivers\kbdclass.sys => Invisible on the diskADDRESS : 0x06EAD000SIZE    : 60.0 KoDRIVER  : C:\Windows\system32\drivers\mouclass.sys => Invisible on the diskADDRESS : 0x06EBC000SIZE    : 60.0 KoDRIVER  : C:\Windows\system32\drivers\swenum.sys => Invisible on the diskADDRESS : 0x06ECB000SIZE    : 8.0 KoDRIVER  : C:\Windows\system32\drivers\ks.sys => Invisible on the diskADDRESS : 0x06ECD000SIZE    : 268.0 KoDRIVER  : C:\Windows\system32\DRIVERS\umbus.sys => Invisible on the diskADDRESS : 0x06F10000SIZE    : 72.0 KoDRIVER  : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the diskADDRESS : 0x06F22000SIZE    : 360.0 KoDRIVER  : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the diskADDRESS : 0x06F7C000SIZE    : 84.0 KoDRIVER  : C:\Windows\system32\drivers\AtihdW76.sys => Invisible on the diskADDRESS : 0x06F91000SIZE    : 112.0 KoDRIVER  : C:\Windows\system32\drivers\portcls.sys => Invisible on the diskADDRESS : 0x06FAD000SIZE    : 244.0 KoDRIVER  : C:\Windows\system32\drivers\drmk.sys => Invisible on the diskADDRESS : 0x06E00000SIZE    : 136.0 KoDRIVER  : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the diskADDRESS : 0x06E22000SIZE    : 24.0 KoDRIVER  : C:\Windows\system32\drivers\HdAudio.sys => Invisible on the diskADDRESS : 0x088EF000SIZE    : 368.0 KoDRIVER  : C:\Windows\system32\DRIVERS\ae1000w7.sys => Invisible on the diskADDRESS : 0x08A82000SIZE    : 1.08 MoDRIVER  : C:\Windows\system32\DRIVERS\vwifibus.sys => Invisible on the diskADDRESS : 0x08B97000SIZE    : 52.0 KoDRIVER  : C:\Windows\system32\DRIVERS\udfs.sys => Invisible on the diskADDRESS : 0x08BA4000SIZE    : 340.0 KoDRIVER  : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the diskADDRESS : 0x08A00000SIZE    : 116.0 KoDRIVER  : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the diskADDRESS : 0x08A1D000SIZE    : 8.0 KoDRIVER  : C:\Windows\System32\win32k.sys => Invisible on the diskADDRESS : 0x000B0000SIZE    : 3.10 MoDRIVER  : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the diskADDRESS : 0x08A1F000SIZE    : 48.0 KoDRIVER  : C:\Windows\system32\drivers\hidusb.sys => Invisible on the diskADDRESS : 0x08A3D000SIZE    : 56.0 KoDRIVER  : C:\Windows\system32\drivers\HIDCLASS.SYS => Invisible on the diskADDRESS : 0x08A4B000SIZE    : 100.0 KoDRIVER  : C:\Windows\system32\drivers\HIDPARSE.SYS => Invisible on the diskADDRESS : 0x08A64000SIZE    : 36.0 KoDRIVER  : C:\Windows\system32\drivers\usbaudio.sys => Invisible on the diskADDRESS : 0x0894B000SIZE    : 108.0 KoDRIVER  : C:\Windows\system32\drivers\kbdhid.sys => Invisible on the diskADDRESS : 0x08A6D000SIZE    : 56.0 KoDRIVER  : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the diskADDRESS : 0x08966000SIZE    : 52.0 KoDRIVER  : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the diskADDRESS : 0x08973000SIZE    : 56.0 KoDRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the diskADDRESS : 0x08981000SIZE    : 56.0 KoDRIVER  : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the diskADDRESS : 0x0898F000SIZE    : 48.0 KoDRIVER  : C:\Windows\System32\Drivers\dump_atapi.sys => Invisible on the diskADDRESS : 0x0899B000SIZE    : 36.0 KoDRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the diskADDRESS : 0x089A4000SIZE    : 76.0 KoDRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the diskADDRESS : 0x00560000SIZE    : 40.0 KoDRIVER  : C:\Windows\System32\cdd.dll => Invisible on the diskADDRESS : 0x00740000SIZE    : 156.0 KoDRIVER  : C:\Windows\system32\drivers\luafv.sys => Invisible on the diskADDRESS : 0x089B7000SIZE    : 140.0 KoDRIVER  : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the diskADDRESS : 0x08836000SIZE    : 84.0 KoDRIVER  : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the diskADDRESS : 0x0884B000SIZE    : 332.0 KoDRIVER  : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the diskADDRESS : 0x0889E000SIZE    : 76.0 KoDRIVER  : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the diskADDRESS : 0x088B1000SIZE    : 96.0 KoDRIVER  : C:\Windows\system32\drivers\HTTP.sys => Invisible on the diskADDRESS : 0x0540B000SIZE    : 804.0 KoDRIVER  : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the diskADDRESS : 0x054D4000SIZE    : 120.0 KoDRIVER  : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the diskADDRESS : 0x054F2000SIZE    : 96.0 KoDRIVER  : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the diskADDRESS : 0x0550A000SIZE    : 180.0 KoDRIVER  : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the diskADDRESS : 0x05537000SIZE    : 312.0 KoDRIVER  : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the diskADDRESS : 0x05585000SIZE    : 144.0 KoDRIVER  : C:\Windows\system32\drivers\acedrv11.sys => Invisible on the diskADDRESS : 0x0A082000SIZE    : 360.0 KoDRIVER  : C:\Windows\system32\drivers\npf.sys => Invisible on the diskADDRESS : 0x0A12D000SIZE    : 48.0 KoDRIVER  : C:\Windows\system32\drivers\peauth.sys => Invisible on the diskADDRESS : 0x0A139000SIZE    : 664.0 KoDRIVER  : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the diskADDRESS : 0x0A1DF000SIZE    : 44.0 KoDRIVER  : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the diskADDRESS : 0x0A000000SIZE    : 196.0 KoDRIVER  : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the diskADDRESS : 0x0A031000SIZE    : 72.0 KoDRIVER  : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the diskADDRESS : 0x0A6C6000SIZE    : 420.0 KoDRIVER  : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the diskADDRESS : 0x0A72F000SIZE    : 608.0 KoDRIVER  : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the diskADDRESS : 0x0A7C7000SIZE    : 100.0 KoDRIVER  : C:\Windows\system32\DRIVERS\cdfs.sys => Invisible on the diskADDRESS : 0x0A6A7000SIZE    : 116.0 KoDRIVER  : C:\Windows\system32\DRIVERS\asyncmac.sys => Invisible on the diskADDRESS : 0x0A7F1000SIZE    : 44.0 KoDRIVER  : C:\Users\Tevin\AppData\Local\Temp\aswMBR.sys => Invisible on the diskADDRESS : 0x0A636000SIZE    : 76.0 KoDRIVER  : C:\Users\Tevin\AppData\Local\Temp\aswVmm.sys => Invisible on the diskADDRESS : 0x0A649000SIZE    : 228.0 KoDRIVER  : C:\Windows\system32\DRIVERS\NisDrvWFP.sys => Invisible on the diskADDRESS : 0x0A682000SIZE    : 124.0 KoDRIVER  : C:\Windows\System32\smss.exe => Invisible on the diskADDRESS : 0x479F0000SIZE    : 128.0 KoBCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)SystemStartOptions :  NOEXECUTE=OPTIN_______________________________________________________________________________________MBR   \Device\Harddisk0\DR0  0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.м.|.À.ؾ.|¿.0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².ë.0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2ä.V.Í.]ë..>þ}U0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°Ñæd0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßæ`è|.°.ædèu0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.ë..¶.ë..µ.2ä0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....ð¬<.t.»..´.Í0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ëòôëý+Éädë.$.àø0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst0x000001B0   65 6D 00 00 00 63 7B 9A EA 63 88 A8 00 00 80 20   em...c{.êc.¨...0x000001C0   21 00 07 DF 13 0C 00 08 00 00 00 20 03 00 00 DF   !..ß....... ...ß0x000001D0   14 0C 07 FE FF FF 00 28 03 00 00 30 35 3A 00 00   ...þ...(...05:..0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª_______MBR   \Device\Harddisk1\DR1  0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.м.|.À.ؾ.|¿.0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².ë.0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2ä.V.Í.]ë..>þ}U0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°Ñæd0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßæ`è|.°.ædèu0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.ë..¶.ë..µ.2ä0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....ð¬<.t.»..´.Í0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ëòôëý+Éädë.$.àø0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst0x000001B0   65 6D 00 00 00 63 7B 9A C0 2F 69 FD 00 00 00 20   em...c{.À/iý...0x000001C0   21 00 07 FE FF FF 00 08 00 00 00 48 38 3A 00 00   !..þ.......H8:..0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª
Link to post
Share on other sites

OK, we need an FRST scan outside of Windows.
 


rufus-128.png_FRST.gif Scan with Farbar Recovery Scan Tool from the Recovery Environment

We will be working outside of Windows, so I think it would be prudent to save it or print down for further reference.
This instruction is a quite complicated one as it contains multiple steps. We will need a clean machine and a USB stick (thumbdrive).

DOWNLOADS

There will be three things to download on your clean machine:

Save them preferably to the desktop, as it would make the rest of instructions easier.
Recovery .iso file will be downloaded from my GoogleDrive. You will be notified that the file is too big for Google to scan it with built-in virus scanners - I assure you that it's perfectly safe.

PREPARATIONS

Prepare the tool on your clean machine.

rufus-128.png Create bootable USB drive with RUFUS

  • Right-click on rufus-128.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Configure it with the settings listed below:
    • Device - make sure that your pendrive is listed;
    • File System - set to NTFS;
    • Make sure that Quick format option is checked;
    • Create a bootable disk using - select ISO Image;
    • Click on the small CD icon next to ISO Image - select the downloaded Recovery Environment .iso file.
  • Press Start ant the process should run.

You will be notified on the lower bar when it will be completed.

After that please copy FRST to the root of your pendrive.
Now unplug your pendrive and move it into your corrupted machine.

ACTION

Insert your USB drive to the corrupted machine and start the computer.
Make sure that booting from USB is set. If you don't know how to do it, instructions HERE.

Getting form one step to another during this part will take some time. Please be patient.

WindowsKey.png Run Recovery Environment

  • When the machine boots-up, you will see the Install now window. Instead choose the Repair my computer option.
  • You will be presented with the list of operating systems (usually there will be only one). Highlight it by clicking on it and select Next.
  • In the Choose Recovery Tool menu select Command Prompt.

You will see a big black window with a blinking cursor (command prompt).

notepad.png Access the notepad and identify your USB drive

In the Command Prompt please type in:

notepad

and press Enter.

  • When the notepad opens, go to File menu.
  • Select Open.
  • Go to Computer and search there for your USB drive letter.

Note down the letter and close the notepad.

FRST.gif Scan with Farbar Recovery Scan Tool

Once back in the command prompt window, please do the following:

  • Type in e:\frst.exe and press Enter.
    You need to replace e with the letter of your USB drive taken from notepad!
  • FRST will start to run. Give him a minute or so to load itself.
  • Click Yes to Disclaimer.
  • In the main console, please click Scan and wait.

When finished it will produce a logfile named FRST.txt in the root of your pendrive and display it. Close that logfile.

Transfer it to your clean machine and include it in your next reply.

Link to post
Share on other sites

Ok, Mr Naathim, I am 100% sure I followed all of your instructions and have produced the FRST.txt you requested, I am typing and uploading this information from a clean computer, and I hope these are the kind of results you are looking for, you and me both. On a side note, I would like to say I hope we can finish this as efficiently and swiftly as possible.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by SYSTEM on MININT-UBRH51Q on 12-09-2014 09:14:31
Running from G:\
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\Tevin\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1939136 2014-08-28] (Valve Corporation)
HKU\Tevin\...\Run: [Akamai NetSession Interface] => C:\Users\Tevin\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\Tevin\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\Tevin\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [476936 2013-09-03] (BitRaider, LLC)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation)
S2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4479400 2013-05-13] (INCA Internet Co., Ltd.)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-12-23] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1101600 2010-06-11] (Ralink Technology Corp.)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-17] (Disc Soft Ltd)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S0 33695323; system32\drivers\32964412.sys [X]
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 slb; \??\C:\AeriaGames\ScarletBlade\avital\scarlb64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 usj; \??\C:\AeriaGames\EdenEternal\avital\ussjcs64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-11 05:29 - 2014-09-11 05:29 - 00052796 _____ () C:\Users\Tevin\Downloads\MbrScan.log
2014-09-11 05:29 - 2014-09-11 05:29 - 00000512 _____ () C:\Users\Tevin\Downloads\Dump_Hdd1_DR1.mbr
2014-09-11 05:29 - 2014-09-11 05:29 - 00000512 _____ () C:\Users\Tevin\Downloads\Dump_Hdd0_DR0.mbr
2014-09-11 05:28 - 2014-09-11 05:28 - 00147456 _____ (Eric_71) C:\Users\Tevin\Downloads\MbrScan.exe
2014-09-11 03:20 - 2014-09-11 04:39 - 00004636 _____ () C:\Users\Tevin\Desktop\aswMBR.txt
2014-09-11 03:20 - 2014-09-11 04:39 - 00000512 _____ () C:\Users\Tevin\Desktop\MBR.dat
2014-09-11 01:13 - 2014-09-11 01:14 - 05185536 _____ (AVAST Software) C:\Users\Tevin\Desktop\aswMBR.exe
2014-09-11 00:33 - 2014-09-11 00:33 - 00000000 __SHD () C:\found.001
2014-09-10 11:36 - 2014-09-10 11:36 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Tevin\Downloads\mbar-1.07.0.1012(1).exe
2014-09-10 10:47 - 2014-09-10 10:47 - 00000000 ____D () C:\Users\Tevin\Desktop\FRST-OlderVersion
2014-09-10 04:06 - 2014-09-10 16:12 - 00000000 ____D () C:\Users\Tevin\Desktop\mbar
2014-09-10 04:06 - 2014-09-10 16:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-10 04:05 - 2014-09-10 04:05 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Tevin\Downloads\mbar-1.07.0.1012.exe
2014-09-10 03:41 - 2014-09-10 10:50 - 00060525 _____ () C:\Users\Tevin\Desktop\Addition.txt
2014-09-10 03:41 - 2014-09-10 10:50 - 00057608 _____ () C:\Users\Tevin\Desktop\FRST.txt
2014-09-10 03:40 - 2014-09-12 09:14 - 00000000 ____D () C:\FRST
2014-09-10 03:36 - 2014-09-10 03:36 - 00001052 _____ () C:\Users\Tevin\Desktop\mwb.txt
2014-09-10 03:03 - 2014-09-10 10:47 - 02105856 _____ (Farbar) C:\Users\Tevin\Desktop\FRST64.exe
2014-09-10 02:11 - 2014-09-10 02:11 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Tevin\Desktop\tdsskiller(1).exe
2014-09-10 00:24 - 2014-08-19 10:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-09-10 00:24 - 2014-08-19 09:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 00:24 - 2014-08-18 15:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-09-10 00:24 - 2014-08-18 14:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-09-10 00:24 - 2014-08-18 14:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-09-10 00:24 - 2014-08-18 14:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-09-10 00:24 - 2014-08-18 14:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-09-10 00:24 - 2014-08-18 14:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-09-10 00:24 - 2014-08-18 14:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-09-10 00:24 - 2014-08-18 14:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-09-10 00:24 - 2014-08-18 14:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-09-10 00:24 - 2014-08-18 14:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-09-10 00:24 - 2014-08-18 14:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-09-10 00:24 - 2014-08-18 14:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-09-10 00:24 - 2014-08-18 13:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 00:24 - 2014-08-18 13:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-09-10 00:24 - 2014-08-18 13:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 00:24 - 2014-08-18 13:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-10 00:24 - 2014-08-18 13:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 00:24 - 2014-08-18 13:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 00:24 - 2014-08-18 13:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 00:24 - 2014-08-18 13:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-09-10 00:24 - 2014-08-18 13:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-09-10 00:24 - 2014-08-18 13:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 00:24 - 2014-08-18 13:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 00:24 - 2014-08-18 13:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-09-10 00:24 - 2014-08-18 13:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 00:24 - 2014-08-18 13:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 00:24 - 2014-08-18 13:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 00:24 - 2014-08-18 13:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 00:24 - 2014-08-18 13:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-09-10 00:24 - 2014-08-18 13:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-09-10 00:24 - 2014-08-18 13:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-09-10 00:24 - 2014-08-18 13:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 00:24 - 2014-08-18 13:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 00:24 - 2014-08-18 13:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 00:24 - 2014-08-18 13:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 00:24 - 2014-08-18 13:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 00:24 - 2014-08-18 12:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-09-10 00:24 - 2014-08-18 12:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 00:23 - 2014-08-18 14:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 00:23 - 2014-08-18 14:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-09-10 00:23 - 2014-08-18 14:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-09-10 00:23 - 2014-08-18 14:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 00:23 - 2014-08-18 14:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-09-10 00:23 - 2014-08-18 13:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-10 00:23 - 2014-08-18 13:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 00:23 - 2014-08-18 13:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-09-10 00:23 - 2014-08-18 13:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-09-10 00:23 - 2014-08-18 13:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 00:23 - 2014-08-18 13:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-09-10 00:23 - 2014-08-18 13:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 00:23 - 2014-08-18 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 00:23 - 2014-08-18 12:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-09-10 00:23 - 2014-08-18 12:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 00:23 - 2014-08-18 12:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 00:01 - 2014-06-26 18:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2014-09-10 00:01 - 2014-06-26 17:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-09 23:23 - 2014-08-01 03:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\System32\TSWorkspace.dll
2014-09-09 23:23 - 2014-08-01 03:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-09 23:22 - 2014-09-04 18:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-09-09 23:22 - 2014-07-06 18:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-09-09 23:22 - 2014-07-06 18:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-09-09 23:22 - 2014-07-06 17:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-09 23:22 - 2014-07-06 17:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-09 23:22 - 2014-07-06 17:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-09 23:22 - 2014-06-23 19:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2014-09-09 23:22 - 2014-06-23 18:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-09 23:21 - 2014-09-04 18:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-09-09 14:56 - 2014-09-09 14:56 - 00000000 ____D () C:\Program Files (x86)\THQ
2014-09-04 00:13 - 2014-09-04 00:19 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2013
2014-09-04 00:13 - 2014-09-04 00:19 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2013
2014-09-04 00:04 - 2014-09-04 00:04 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-04 00:04 - 2014-09-04 00:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-03 06:27 - 2014-09-03 06:27 - 00000000 ____D () C:\Users\Tevin\AppData\Roaming\NuGet
2014-09-03 04:06 - 2014-09-03 04:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 11.0
2014-09-03 04:03 - 2014-09-03 04:03 - 00000000 ____D () C:\Program Files (x86)\Windows Phone Silverlight Kits
2014-09-03 03:59 - 2014-09-11 02:23 - 00000000 ____D () C:\Users\Tevin\Documents\Visual Studio 2013
2014-09-03 03:58 - 2014-09-03 03:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft XDE
2014-09-03 03:52 - 2014-09-03 03:52 - 00000000 ____D () C:\Program Files (x86)\AppInsights
2014-09-03 03:45 - 2014-09-03 03:45 - 00000000 ____D () C:\Program Files (x86)\Windows Phone Kits
2014-09-03 03:25 - 2014-09-03 03:25 - 00000000 ____D () C:\Program Files (x86)\Workflow Manager Tools
2014-09-03 03:25 - 2014-09-03 03:25 - 00000000 ____D () C:\Program Files (x86)\Open XML SDK
2014-09-03 03:24 - 2014-09-03 03:24 - 00000000 ____D () C:\Program Files\Microsoft Identity Extensions
2014-09-03 03:22 - 2014-09-03 03:22 - 00000000 ____D () C:\Program Files\Windows Identity Foundation
2014-09-03 03:22 - 2014-09-03 03:22 - 00000000 ____D () C:\Program Files (x86)\Windows Identity Foundation
2014-09-03 03:11 - 2014-09-03 03:54 - 00000000 ____D () C:\ProgramData\Windows App Certification Kit
2014-09-03 03:11 - 2014-09-03 03:11 - 00000000 ____D () C:\Program Files\Application Verifier
2014-09-03 03:11 - 2014-09-03 03:11 - 00000000 ____D () C:\Program Files (x86)\Application Verifier
2014-09-03 03:04 - 2014-09-03 03:04 - 00000000 ____D () C:\ProgramData\PreEmptive Solutions
2014-09-03 02:59 - 2014-09-03 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-09-03 02:57 - 2014-09-03 02:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Web Tools
2014-09-03 02:56 - 2014-09-03 03:53 - 00000000 ____D () C:\Program Files\IIS Express
2014-09-03 02:56 - 2014-09-03 03:53 - 00000000 ____D () C:\Program Files (x86)\IIS Express
2014-09-03 02:55 - 2014-09-03 02:55 - 00000000 ____D () C:\ProgramData\NuGet
2014-09-03 02:55 - 2014-09-03 02:55 - 00000000 ____D () C:\Program Files (x86)\NuGet
2014-09-03 02:55 - 2014-09-03 02:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft WCF Data Services
2014-09-03 02:54 - 2014-09-03 02:54 - 00000000 ____D () C:\Program Files\IIS
2014-09-03 02:54 - 2014-09-03 02:54 - 00000000 ____D () C:\Program Files (x86)\IIS
2014-09-03 02:45 - 2014-09-03 03:07 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-09-03 02:33 - 2014-09-03 02:33 - 00000000 ____D () C:\Program Files (x86)\HTML Help Workshop
2014-09-03 02:32 - 2014-09-03 02:32 - 00000000 ____D () C:\Windows\symbols
2014-09-03 02:32 - 2014-09-03 02:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft Help Viewer
2014-09-03 02:29 - 2014-09-03 03:16 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-09-03 02:29 - 2014-09-03 02:41 - 00000000 ____D () C:\Windows\SysWOW64\1033
2014-09-03 02:18 - 2014-09-03 03:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 12.0
2014-09-03 02:18 - 2014-09-03 02:31 - 00000000 ____D () C:\Windows\System32\1033
2014-09-03 02:17 - 2014-09-03 02:17 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 12.0
2014-09-02 23:31 - 2014-09-02 23:31 - 00000000 ____D () C:\Users\Tevin\Downloads\Visual Studio Professional 2013 with Update 3 (x86) - DVD (English)
2014-09-01 17:19 - 2014-09-01 17:19 - 00000000 ____D () C:\Users\Tevin\AppData\Roaming\e-academy Inc
2014-09-01 17:19 - 2014-09-01 17:19 - 00000000 ____D () C:\Users\Tevin\AppData\Local\e-academy Inc
2014-08-30 10:56 - 2014-09-04 00:11 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-27 16:30 - 2014-08-22 18:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-08-27 16:30 - 2014-08-22 17:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 16:30 - 2014-08-22 16:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-08-27 06:15 - 2014-08-27 06:15 - 00000000 ____D () C:\Users\Tevin\Documents\Paradox Interactive
2014-08-27 00:04 - 2014-08-27 00:04 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2010
2014-08-27 00:04 - 2014-08-27 00:04 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2010
2014-08-26 12:50 - 2014-08-26 18:42 - 00000000 ____D () C:\Users\Tevin\AppData\Local\Deployment
2014-08-26 12:50 - 2014-08-26 12:50 - 00000000 ____D () C:\Users\Tevin\AppData\Local\Apps\2.0
2014-08-26 12:36 - 2014-09-03 03:16 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-08-26 12:36 - 2014-09-03 03:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-08-26 12:36 - 2014-08-26 12:36 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-08-26 12:36 - 2014-08-26 12:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-08-26 12:33 - 2014-09-01 17:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-08-26 12:31 - 2014-09-03 03:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-08-26 12:31 - 2014-08-26 12:31 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 10.0
2014-08-26 12:31 - 2014-08-26 12:31 - 00000000 ____D () C:\Program Files\Microsoft Help Viewer
2014-08-19 22:38 - 2014-08-19 22:38 - 00000000 ____D () C:\Users\Tevin\AppData\Roaming\MMFApplications
2014-08-17 23:00 - 2014-08-17 23:00 - 00283064 _____ (Disc Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2014-08-17 23:00 - 2014-08-17 23:00 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-08-15 00:06 - 2014-03-09 13:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\System32\icardagt.exe
2014-08-15 00:06 - 2014-03-09 13:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\System32\infocardapi.dll
2014-08-15 00:06 - 2014-03-09 13:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 00:06 - 2014-03-09 13:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 00:05 - 2014-06-30 14:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\System32\icardres.dll
2014-08-15 00:05 - 2014-06-30 14:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 00:03 - 2014-06-05 22:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 00:03 - 2014-06-05 22:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\System32\TsWpfWrp.exe
2014-08-14 21:10 - 2014-08-14 21:12 - 00000000 ____D () C:\Users\Tevin\Documents\LOLReplay
2014-08-14 21:09 - 2014-08-15 01:17 - 00000000 ____D () C:\Program Files (x86)\LOLReplay
2014-08-14 14:58 - 2014-08-14 14:58 - 00000000 ____D () C:\Users\Tevin\AppData\Roaming\GOL_byHasbro
2014-08-14 14:57 - 2014-08-14 14:57 - 00000000 ____D () C:\Windows\The Game Of Life by Hasbro
2014-08-14 00:11 - 2014-07-15 19:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-08-14 00:11 - 2014-07-15 18:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 00:11 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDYAK.DLL
2014-08-14 00:11 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDTAT.DLL
2014-08-14 00:11 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDRU1.DLL
2014-08-14 00:11 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDBASH.DLL
2014-08-14 00:11 - 2014-07-08 18:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\KBDRU.DLL
2014-08-14 00:11 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 00:11 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 00:11 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 00:11 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 00:11 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 00:11 - 2014-07-08 14:38 - 00419992 _____ () C:\Windows\System32\locale.nls
2014-08-14 00:11 - 2014-07-08 14:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 00:11 - 2014-06-24 18:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-08-14 00:11 - 2014-06-24 17:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 00:11 - 2014-06-15 18:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2014-08-14 00:11 - 2014-06-03 02:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-08-14 00:11 - 2014-06-03 02:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2014-08-14 00:11 - 2014-06-03 02:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\System32\msihnd.dll
2014-08-14 00:11 - 2014-06-03 02:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe
2014-08-14 00:11 - 2014-06-03 01:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 00:11 - 2014-06-03 01:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 00:11 - 2014-06-03 01:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 00:10 - 2014-07-13 18:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2014-08-14 00:10 - 2014-07-13 17:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-12 09:14 - 2014-09-10 03:40 - 00000000 ____D () C:\FRST
2014-09-12 05:37 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-12 05:36 - 2014-03-14 20:49 - 00004445 _____ () C:\Windows\setupact.log
2014-09-12 05:26 - 2014-03-14 20:50 - 01999983 _____ () C:\Windows\WindowsUpdate.log
2014-09-12 05:10 - 2013-04-16 12:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-11 05:29 - 2014-09-11 05:29 - 00052796 _____ () C:\Users\Tevin\Downloads\MbrScan.log
2014-09-11 05:29 - 2014-09-11 05:29 - 00000512 _____ () C:\Users\Tevin\Downloads\Dump_Hdd1_DR1.mbr
2014-09-11 05:29 - 2014-09-11 05:29 - 00000512 _____ () C:\Users\Tevin\Downloads\Dump_Hdd0_DR0.mbr
2014-09-11 05:28 - 2014-09-11 05:28 - 00147456 _____ (Eric_71) C:\Users\Tevin\Downloads\MbrScan.exe
2014-09-11 04:39 - 2014-09-11 03:20 - 00004636 _____ () C:\Users\Tevin\Desktop\aswMBR.txt
2014-09-11 04:39 - 2014-09-11 03:20 - 00000512 _____ () C:\Users\Tevin\Desktop\MBR.dat
2014-09-11 02:23 - 2014-09-03 03:59 - 00000000 ____D () C:\Users\Tevin\Documents\Visual Studio 2013
2014-09-11 01:14 - 2014-09-11 01:13 - 05185536 _____ (AVAST Software) C:\Users\Tevin\Desktop\aswMBR.exe
2014-09-11 00:50 - 2009-07-13 20:45 - 00021296 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-11 00:50 - 2009-07-13 20:45 - 00021296 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 00:48 - 2012-09-25 09:23 - 00000000 ____D () C:\Users\Tevin\AppData\Roaming\Skype
2014-09-11 00:33 - 2014-09-11 00:33 - 00000000 __SHD () C:\found.001
2014-09-10 16:18 - 2014-07-03 12:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-09-10 16:12 - 2014-09-10 04:06 - 00000000 ____D () C:\Users\Tevin\Desktop\mbar
2014-09-10 16:12 - 2014-09-10 04:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-10 11:37 - 2014-07-03 12:23 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-09-10 11:36 - 2014-09-10 11:36 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Tevin\Downloads\mbar-1.07.0.1012(1).exe
2014-09-10 10:50 - 2014-09-10 03:41 - 00060525 _____ () C:\Users\Tevin\Desktop\Addition.txt
2014-09-10 10:50 - 2014-09-10 03:41 - 00057608 _____ () C:\Users\Tevin\Desktop\FRST.txt
2014-09-10 10:47 - 2014-09-10 10:47 - 00000000 ____D () C:\Users\Tevin\Desktop\FRST-OlderVersion
2014-09-10 10:47 - 2014-09-10 03:03 - 02105856 _____ (Farbar) C:\Users\Tevin\Desktop\FRST64.exe
2014-09-10 10:25 - 2014-04-03 00:20 - 00164610 _____ () C:\Windows\PFRO.log
2014-09-10 09:48 - 2012-09-26 14:36 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-09-10 04:05 - 2014-09-10 04:05 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Tevin\Downloads\mbar-1.07.0.1012.exe
2014-09-10 03:36 - 2014-09-10 03:36 - 00001052 _____ () C:\Users\Tevin\Desktop\mwb.txt
2014-09-10 02:57 - 2012-09-25 17:53 - 00000000 ____D () C:\Users\Tevin\Desktop\files
2014-09-10 02:39 - 2014-06-18 10:16 - 00000000 ____D () C:\GOG Games
2014-09-10 02:15 - 2013-02-02 17:57 - 00000000 ____D () C:\ProgramData\Origin
2014-09-10 02:15 - 2013-02-02 17:57 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-10 02:11 - 2014-09-10 02:11 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Tevin\Desktop\tdsskiller(1).exe
2014-09-10 00:30 - 2013-04-12 22:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 00:21 - 2012-09-25 09:24 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 00:21 - 2009-07-13 21:13 - 00774592 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-09-10 00:19 - 2012-09-25 09:28 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-09-10 00:18 - 2013-08-03 00:11 - 00000000 ____D () C:\Windows\System32\MRT
2014-09-10 00:18 - 2012-09-25 09:24 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-10 00:18 - 2012-09-25 09:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-10 00:03 - 2012-10-13 02:44 - 101694776 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-09-10 00:00 - 2014-05-06 00:01 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-09-09 23:50 - 2013-07-28 15:57 - 00000000 ____D () C:\Users\Tevin\AppData\Local\Warframe
2014-09-09 23:23 - 2012-09-25 17:22 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-09 22:52 - 2014-03-20 19:09 - 00305009 _____ () C:\Windows\DirectX.log
2014-09-09 19:10 - 2013-04-16 12:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-09 19:10 - 2012-09-25 09:23 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-09 19:10 - 2012-09-25 09:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-09 15:02 - 2012-10-07 18:40 - 00000000 ____D () C:\Users\Tevin\Documents\My Games
2014-09-09 14:56 - 2014-09-09 14:56 - 00000000 ____D () C:\Program Files (x86)\THQ
2014-09-09 14:37 - 2013-02-25 14:11 - 00000000 ____D () C:\Users\Tevin\AppData\Roaming\vlc
2014-09-09 10:23 - 2014-02-16 22:16 - 00000000 ____D () C:\ProgramData\Tunngle
2014-09-09 10:23 - 2012-11-11 16:51 - 00000000 ____D () C:\Users\Tevin\AppData\Roaming\.minecraft
2014-09-08 16:49 - 2012-11-22 21:06 - 00000000 ____D () C:\Users\Tevin\AppData\Roaming\Mumble
2014-09-04 18:10 - 2014-09-09 23:22 - 00578048 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-09-04 18:05 - 2014-09-09 23:21 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-09-04 00:19 - 2014-09-04 00:13 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2013
2014-09-04 00:19 - 2014-09-04 00:13 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2013
2014-09-04 00:11 - 2014-08-30 10:56 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-04 00:10 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-04 00:04 - 2014-09-04 00:04 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-04 00:04 - 2014-09-04 00:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-03 11:53 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-09-03 10:36 - 2012-09-25 11:09 - 00000000 ____D () C:\Riot Games
2014-09-03 06:27 - 2014-09-03 06:27 - 00000000 ____D () C:\Users\Tevin\AppData\Roaming\NuGet
2014-09-03 04:20 - 2009-07-13 20:45 - 05057416 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-09-03 04:11 - 2012-09-25 09:25 - 00114760 _____ () C:\Users\Tevin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-03 04:06 - 2014-09-03 04:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 11.0
2014-09-03 04:03 - 2014-09-03 04:03 - 00000000 ____D () C:\Program Files (x86)\Windows Phone Silverlight Kits
2014-09-03 03:58 - 2014-09-03 03:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft XDE
2014-09-03 03:58 - 2014-08-26 12:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-09-03 03:54 - 2014-09-03 03:11 - 00000000 ____D () C:\ProgramData\Windows App Certification Kit
2014-09-03 03:53 - 2014-09-03 02:56 - 00000000 ____D () C:\Program Files\IIS Express
2014-09-03 03:53 - 2014-09-03 02:56 - 00000000 ____D () C:\Program Files (x86)\IIS Express
2014-09-03 03:52 - 2014-09-03 03:52 - 00000000 ____D () C:\Program Files (x86)\AppInsights
2014-09-03 03:45 - 2014-09-03 03:45 - 00000000 ____D () C:\Program Files (x86)\Windows Phone Kits
2014-09-03 03:31 - 2014-09-03 02:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 12.0
2014-09-03 03:25 - 2014-09-03 03:25 - 00000000 ____D () C:\Program Files (x86)\Workflow Manager Tools
2014-09-03 03:25 - 2014-09-03 03:25 - 00000000 ____D () C:\Program Files (x86)\Open XML SDK
2014-09-03 03:24 - 2014-09-03 03:24 - 00000000 ____D () C:\Program Files\Microsoft Identity Extensions
2014-09-03 03:22 - 2014-09-03 03:22 - 00000000 ____D () C:\Program Files\Windows Identity Foundation
2014-09-03 03:22 - 2014-09-03 03:22 - 00000000 ____D () C:\Program Files (x86)\Windows Identity Foundation
2014-09-03 03:16 - 2014-09-03 02:29 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-09-03 03:16 - 2014-08-26 12:36 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-09-03 03:16 - 2014-08-26 12:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-09-03 03:16 - 2013-10-26 19:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-09-03 03:11 - 2014-09-03 03:11 - 00000000 ____D () C:\Program Files\Application Verifier
2014-09-03 03:11 - 2014-09-03 03:11 - 00000000 ____D () C:\Program Files (x86)\Application Verifier
2014-09-03 03:07 - 2014-09-03 02:45 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-09-03 03:04 - 2014-09-03 03:04 - 00000000 ____D () C:\ProgramData\PreEmptive Solutions
2014-09-03 03:03 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\MSBuild
2014-09-03 03:00 - 2014-09-03 02:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-09-03 02:58 - 2014-09-03 02:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Web Tools
2014-09-03 02:55 - 2014-09-03 02:55 - 00000000 ____D () C:\ProgramData\NuGet
2014-09-03 02:55 - 2014-09-03 02:55 - 00000000 ____D () C:\Program Files (x86)\NuGet
2014-09-03 02:55 - 2014-09-03 02:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft WCF Data Services
2014-09-03 02:54 - 2014-09-03 02:54 - 00000000 ____D () C:\Program Files\IIS
2014-09-03 02:54 - 2014-09-03 02:54 - 00000000 ____D () C:\Program Files (x86)\IIS
2014-09-03 02:41 - 2014-09-03 02:29 - 00000000 ____D () C:\Windows\SysWOW64\1033
2014-09-03 02:33 - 2014-09-03 02:33 - 00000000 ____D () C:\Program Files (x86)\HTML Help Workshop
2014-09-03 02:32 - 2014-09-03 02:32 - 00000000 ____D () C:\Windows\symbols
2014-09-03 02:32 - 2014-09-03 02:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft Help Viewer
2014-09-03 02:31 - 2014-09-03 02:18 - 00000000 ____D () C:\Windows\System32\1033
2014-09-03 02:18 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-09-03 02:17 - 2014-09-03 02:17 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 12.0
2014-09-02 23:31 - 2014-09-02 23:31 - 00000000 ____D () C:\Users\Tevin\Downloads\Visual Studio Professional 2013 with Update 3 (x86) - DVD (English)
2014-09-01 17:35 - 2014-08-26 12:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-09-01 17:19 - 2014-09-01 17:19 - 00000000 ____D () C:\Users\Tevin\AppData\Roaming\e-academy Inc
2014-09-01 17:19 - 2014-09-01 17:19 - 00000000 ____D () C:\Users\Tevin\AppData\Local\e-academy Inc
2014-08-28 00:26 - 2012-09-25 09:22 - 00000000 ____D () C:\ProgramData\Skype
2014-08-27 06:15 - 2014-08-27 06:15 - 00000000 ____D () C:\Users\Tevin\Documents\Paradox Interactive
2014-08-27 00:04 - 2014-08-27 00:04 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2010
2014-08-27 00:04 - 2014-08-27 00:04 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2010
2014-08-26 18:42 - 2014-08-26 12:50 - 00000000 ____D () C:\Users\Tevin\AppData\Local\Deployment
2014-08-26 12:50 - 2014-08-26 12:50 - 00000000 ____D () C:\Users\Tevin\AppData\Local\Apps\2.0
2014-08-26 12:36 - 2014-08-26 12:36 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-08-26 12:36 - 2014-08-26 12:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-08-26 12:31 - 2014-08-26 12:31 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 10.0
2014-08-26 12:31 - 2014-08-26 12:31 - 00000000 ____D () C:\Program Files\Microsoft Help Viewer
2014-08-22 18:07 - 2014-08-27 16:30 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-08-22 17:45 - 2014-08-27 16:30 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 16:59 - 2014-08-27 16:30 - 03163648 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-08-19 22:38 - 2014-08-19 22:38 - 00000000 ____D () C:\Users\Tevin\AppData\Roaming\MMFApplications
2014-08-19 10:05 - 2014-09-10 00:24 - 00374968 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-08-19 09:39 - 2014-09-10 00:24 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-18 15:01 - 2014-09-10 00:24 - 23591424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-08-18 14:29 - 2014-09-10 00:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-08-18 14:29 - 2014-09-10 00:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 14:26 - 2014-09-10 00:23 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-18 14:20 - 2014-09-10 00:23 - 02793984 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-08-18 14:19 - 2014-09-10 00:23 - 05833728 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-08-18 14:15 - 2014-09-10 00:24 - 00547328 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-08-18 14:15 - 2014-09-10 00:24 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-08-18 14:14 - 2014-09-10 00:24 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-08-18 14:14 - 2014-09-10 00:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-08-18 14:08 - 2014-09-10 00:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-08-18 14:08 - 2014-09-10 00:24 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-08-18 14:08 - 2014-09-10 00:23 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-18 14:05 - 2014-09-10 00:24 - 00596480 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-08-18 14:03 - 2014-09-10 00:24 - 00758272 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-08-18 14:03 - 2014-09-10 00:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-08-18 14:03 - 2014-09-10 00:23 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-08-18 13:57 - 2014-09-10 00:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 13:56 - 2014-09-10 00:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 13:51 - 2014-09-10 00:24 - 00446464 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-08-18 13:46 - 2014-09-10 00:24 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 13:45 - 2014-09-10 00:24 - 00072704 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 13:45 - 2014-09-10 00:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 13:44 - 2014-09-10 00:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 13:44 - 2014-09-10 00:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 13:42 - 2014-09-10 00:23 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 13:40 - 2014-09-10 00:24 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-08-18 13:39 - 2014-09-10 00:24 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-08-18 13:39 - 2014-09-10 00:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 13:39 - 2014-09-10 00:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 13:38 - 2014-09-10 00:24 - 00289280 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-08-18 13:37 - 2014-09-10 00:24 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 13:36 - 2014-09-10 00:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 13:35 - 2014-09-10 00:24 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 13:27 - 2014-09-10 00:24 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 13:25 - 2014-09-10 00:24 - 00727040 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-08-18 13:25 - 2014-09-10 00:24 - 00707072 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-08-18 13:23 - 2014-09-10 00:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-08-18 13:23 - 2014-09-10 00:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-08-18 13:22 - 2014-09-10 00:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 13:19 - 2014-09-10 00:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 13:17 - 2014-09-10 00:24 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 13:17 - 2014-09-10 00:24 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 13:16 - 2014-09-10 00:23 - 13588480 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-08-18 13:15 - 2014-09-10 00:23 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 13:15 - 2014-09-10 00:23 - 02310656 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-08-18 13:09 - 2014-09-10 00:24 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 13:08 - 2014-09-10 00:23 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 13:07 - 2014-09-10 00:23 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 12:55 - 2014-09-10 00:23 - 01447424 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-08-18 12:46 - 2014-09-10 00:23 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 12:38 - 2014-09-10 00:24 - 00775168 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-08-18 12:38 - 2014-09-10 00:23 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 12:36 - 2014-09-10 00:24 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-17 23:03 - 2012-10-07 14:30 - 00000000 ____D () C:\Users\Tevin\AppData\Roaming\DAEMON Tools Lite
2014-08-17 23:00 - 2014-08-17 23:00 - 00283064 _____ (Disc Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2014-08-17 23:00 - 2014-08-17 23:00 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-08-15 01:19 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 01:17 - 2014-08-14 21:09 - 00000000 ____D () C:\Program Files (x86)\LOLReplay
2014-08-14 21:12 - 2014-08-14 21:10 - 00000000 ____D () C:\Users\Tevin\Documents\LOLReplay
2014-08-14 14:58 - 2014-08-14 14:58 - 00000000 ____D () C:\Users\Tevin\AppData\Roaming\GOL_byHasbro
2014-08-14 14:57 - 2014-08-14 14:57 - 00000000 ____D () C:\Windows\The Game Of Life by Hasbro
 
Files to move or delete:
====================
C:\Users\Tevin\jagex_cl_oldschool_LIVE.dat
C:\Users\Tevin\jagex_cl_runescape_LIVE.dat
C:\Users\Tevin\jagex_cl_speccollect_LIVE.dat
C:\Users\Tevin\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Tevin\AppData\Local\Temp\comver.dll
C:\Users\Tevin\AppData\Local\Temp\cres.dll
C:\Users\Tevin\AppData\Local\Temp\cshell.dll
C:\Users\Tevin\AppData\Local\Temp\ICReinstall_CR_Downloader_for_mario-kart-64.exe
C:\Users\Tevin\AppData\Local\Temp\NGMDll.dll
C:\Users\Tevin\AppData\Local\Temp\NGMResource.dll
C:\Users\Tevin\AppData\Local\Temp\sres.dll
C:\Users\Tevin\AppData\Local\Temp\ubi3CEE.tmp.exe
C:\Users\Tevin\AppData\Local\Temp\unicows.dll
C:\Users\Tevin\AppData\Local\Temp\Uninstaller-1660.exe
C:\Users\Tevin\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Tevin\AppData\Local\Temp\{71BB1765-9777-4A71-A95A-5CE6008D579E}.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2014-08-17 23:02:03
Restore point made on: 2014-08-18 01:38:06
Restore point made on: 2014-08-21 12:00:11
Restore point made on: 2014-08-25 11:59:17
Restore point made on: 2014-08-27 00:00:44
Restore point made on: 2014-08-28 00:00:35
Restore point made on: 2014-08-30 10:56:47
Restore point made on: 2014-08-30 10:59:46
Restore point made on: 2014-08-31 00:31:22
Restore point made on: 2014-09-01 17:18:50
Restore point made on: 2014-09-02 04:10:29
Restore point made on: 2014-09-03 01:58:46
Restore point made on: 2014-09-03 02:02:29
Restore point made on: 2014-09-03 02:05:43
Restore point made on: 2014-09-03 02:46:27
Restore point made on: 2014-09-03 03:20:24
Restore point made on: 2014-09-04 00:01:20
Restore point made on: 2014-09-07 04:56:03
Restore point made on: 2014-09-09 14:50:39
Restore point made on: 2014-09-09 22:52:15
Restore point made on: 2014-09-10 00:00:21
Restore point made on: 2014-09-10 02:48:54
 
==================== Memory info =========================== 
 
Percentage of memory in use: 11%
Total physical RAM: 8190.18 MB
Available physical RAM: 7252.41 MB
Total Pagefile: 8188.33 MB
Available Pagefile: 7243.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:60.09 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:465.76 GB) (Free:243.66 GB) NTFS
Drive g: (Repair disc Windows 7 64-bit) (Removable) (Total:3.61 GB) (Free:3.43 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A88863EA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FD692FC0)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 3.6 GB) (Disk ID: 463F1678)
Partition 1: (Active) - (Size=3.6 GB) - (Type=07 NTFS)
 
 
LastRegBack: 2014-09-05 21:48
 
==================== End Of Log ============================

FRST.txt

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.