Hello,
I can't seem to solve this problem alone so I would really appreciate if someone helped me with it. Working on W7 ultimate OEM preinstalled without any CDs.
I have had my system running for 2 years without any problems or need to format it but today I stumbled upon a little bug that turned all my web browser homepages to ads.ads-ki.com so II tried to remove it with multiple removal programms - Malwarebyte, adwcleaner and HitmanPro just in case. I noticed this ads thing for a few days before but didn't bother even thought it crashed my browser twice in a few days. I have done such removal for other computers and I had no problems while removing all the viruses. It didn't really find any viruses, a couple tracers, a suspicios(not infected) program and a keygen so I didn't check what else would it remove and went with it.
After restarting the computer I saw hitman pro in the boot screen and it took way more time to boot as usual. When it finally got to the point to open explorer.exe it didn't. There was just a dark grey screen and nothing was loading so I opened explorer.exe with task manager.
It took a while to load the explorer.exe but it did and I got the following messages:
Failed to connect to windows service. Runtime error 216 at 010055DB6
There is no network connection (says that can't automatically detect the proxy), windows firewall is set disabled and can't enable it (says Action Center can't turn on Windows Firewall).
I removed all the programs I installed before(malwarebyte, adwcleaner and hitmanpro) but haven't touched registry yet.
Here is the Farbar tool log:
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4391072 2012-11-09] (Dell Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-05] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [682904 2012-09-19] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-16] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [290688 2012-10-23] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-24] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [EsternTimesMouseExRun] => C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe [3353600 2014-01-10] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Admin\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-04] (Autodesk, Inc.)
HKU\Admin\...\Run: [Spotify Web Helper] => C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-18] (Spotify Ltd)
HKU\Admin\...\Run: [AdobeBridge] => [X]
HKU\Admin\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKU\Admin\...\Run: [reg_svr] => "C:\Windows\SysWoW64\regsvr32.exe" /s "C:\Users\Admin\AppData\Roaming\gleam\nvm.dll"
HKU\Admin\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\Admin\...\Policies\Explorer: []
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-10-29] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-10-29] (NVIDIA Corporation)
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-11] (Microsoft Corporation)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2014-09-29] (Duplex Secure Ltd.)
S1 TRLNDISMON; C:\Windows\System32\DRIVERS\TRLNDISMON.sys [29856 2014-08-17] (Tarlogic)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-21 10:16 - 2015-01-21 10:16 - 00000000 ____D () C:\FRST
2015-01-20 23:13 - 2015-01-20 23:13 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-20 23:01 - 2015-01-20 23:01 - 00000000 ____D () C:\Windows\System32\appmgmt
2015-01-20 22:55 - 2015-01-20 22:55 - 00012872 _____ (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2015-01-20 22:49 - 2015-01-20 22:55 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-20 22:39 - 2015-01-20 22:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-20 22:38 - 2015-01-20 22:39 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-20 22:36 - 2015-01-20 22:36 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieBrowserModeList
2015-01-20 04:15 - 2009-07-21 06:03 - 00000306 _____ () C:\Users\Admin\Desktop\READ ME.txt
2015-01-20 04:15 - 2009-07-21 06:01 - 00053248 _____ () C:\Users\Admin\Desktop\PASSWORD FORM4.xls
2015-01-20 04:13 - 2015-01-20 04:13 - 00018601 _____ () C:\Users\Admin\Downloads\PASSWORD FORM4.zip
2015-01-20 01:59 - 2015-01-20 01:59 - 00018432 _____ () C:\Users\Admin\Desktop\tests.xlsx
2015-01-20 01:31 - 2015-01-20 01:31 - 00000000 ____D () C:\Users\Admin\Documents\Kutools for Excel
2015-01-20 01:31 - 2015-01-20 01:31 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Kutools for Excel
2015-01-20 01:30 - 2015-01-20 01:30 - 00000000 ____D () C:\Users\Public\Documents\Kutools for Excel
2015-01-20 01:30 - 2015-01-20 01:30 - 00000000 ____D () C:\ProgramData\Licenses
2015-01-20 01:27 - 2015-01-20 01:28 - 19845048 _____ (Detong ) C:\Users\Admin\Downloads\KutoolsforExcelSetup.exe
2015-01-20 01:11 - 2015-01-20 01:21 - 00129230 _____ () C:\Users\Admin\Desktop\ENCRIPTION TESTS.xlsm
2015-01-20 00:47 - 2015-01-20 00:47 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DataRecommendations
2015-01-20 00:47 - 2015-01-20 00:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft_Corporation
2015-01-20 00:45 - 2015-01-20 00:45 - 00010057 _____ () C:\Users\Admin\Desktop\ENCRIPTION TESTS.xlsx
2015-01-19 05:54 - 2015-01-19 05:55 - 13356544 _____ () C:\Users\Admin\Desktop\APJ_CESIS_1KARTA_2014.09.15_2Re&Re.xls
2015-01-15 01:02 - 2015-01-15 01:02 - 00017121 _____ () C:\Users\Admin\Desktop\RemoveStyles.xlam
2015-01-15 01:01 - 2015-01-15 01:01 - 00036352 _____ () C:\Users\Admin\Desktop\RemoveStyles03.xla
2015-01-13 22:46 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2015-01-13 22:46 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2015-01-13 22:46 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-01-13 22:46 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2015-01-13 22:46 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2015-01-13 22:46 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2015-01-13 22:46 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 22:46 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 22:46 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 22:46 - 2014-12-11 09:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2015-01-13 22:46 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2015-01-13 22:46 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 22:46 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 01:54 - 2015-01-12 01:54 - 00061146 _____ () C:\Users\Admin\Desktop\Izmaiņas kopā + izmaksas.xlsx
2015-01-12 01:04 - 2015-01-12 01:04 - 00205399 _____ () C:\Users\Admin\Desktop\nolikums.zip
2015-01-07 00:01 - 2015-01-07 00:01 - 00305152 _____ () C:\Users\Admin\Desktop\Darbu daudzumu saraksts_A2 km 71,170-77,911.xls
2015-01-06 23:04 - 2015-01-06 23:04 - 01284608 _____ () C:\Users\Admin\Desktop\TBuvniecibas_tame.xls
2015-01-06 06:21 - 2015-01-06 06:21 - 00001349 _____ () C:\Users\Admin\Desktop\Apliecinājums.rtfd.zip
2015-01-02 11:32 - 2015-01-02 11:32 - 00000354 _____ () C:\Users\Admin\Desktop\nhl_715147_hd_3000.m3u8
2014-12-26 14:13 - 2014-12-26 14:13 - 00000354 _____ () C:\Users\Admin\Desktop\nhl_707919_hd_3000.m3u8
2014-12-24 01:04 - 2014-12-24 01:04 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-23 00:19 - 2014-12-23 00:19 - 00016145 _____ () C:\Users\Admin\Desktop\Silupu 3 apjomu sert decembris.xlsx
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-20 23:40 - 2014-10-06 10:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\gleam
2015-01-20 23:39 - 2009-07-13 20:45 - 00026576 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-20 23:39 - 2009-07-13 20:45 - 00026576 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-20 23:38 - 2009-07-13 21:13 - 00797278 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-01-20 23:37 - 2014-07-31 03:52 - 00000000 ____D () C:\Users\Admin\Desktop\Darbam
2015-01-20 23:34 - 2013-11-12 06:30 - 01334715 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 23:30 - 2013-11-12 23:28 - 00000000 ____D () C:\ProgramData\Sonic
2015-01-20 23:27 - 2009-07-13 20:51 - 00204126 _____ () C:\Windows\setupact.log
2015-01-20 23:19 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2015-01-20 23:17 - 2014-03-07 21:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\VMware
2015-01-20 23:17 - 2014-03-07 21:22 - 00000000 ____D () C:\ProgramData\VMware
2015-01-20 23:17 - 2013-11-12 23:32 - 00000000 ____D () C:\Program Files (x86)\Creative
2015-01-20 23:10 - 2014-03-07 21:25 - 00000000 ____D () C:\Users\Admin\AppData\Local\VMware
2015-01-20 23:09 - 2014-11-27 05:23 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Acrylic Wi-Fi Free
2015-01-20 23:01 - 2014-11-02 08:31 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\PortForward.com
2015-01-20 23:00 - 2013-11-12 23:25 - 00000000 ____D () C:\ProgramData\Temp
2015-01-20 22:57 - 2010-11-20 19:47 - 00311742 _____ () C:\Windows\PFRO.log
2015-01-20 22:48 - 2013-11-13 07:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-20 22:40 - 2013-11-16 08:12 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2015-01-20 22:36 - 2013-11-16 01:27 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2015-01-20 22:36 - 2013-11-16 01:27 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-20 22:23 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-18 12:41 - 2013-11-16 01:31 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\uTorrent
2015-01-18 12:38 - 2014-03-16 12:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2015-01-16 04:01 - 2013-11-16 01:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Spotify
2015-01-14 22:31 - 2013-11-16 01:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\Spotify
2015-01-14 05:48 - 2013-11-13 07:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 05:48 - 2013-11-13 07:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 05:48 - 2013-11-13 07:14 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 22:49 - 2013-11-12 06:48 - 00000000 ____D () C:\Windows\System32\MRT
2015-01-13 22:46 - 2013-11-12 06:48 - 113365784 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-01-13 07:00 - 2013-11-18 09:47 - 04796798 _____ () C:\Windows\System32\webservice4.log
2015-01-13 04:05 - 2014-07-31 03:52 - 00000000 ____D () C:\Users\Admin\Desktop\Privātās lietas
2015-01-11 05:30 - 2014-11-02 07:51 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ACEStream
2015-01-11 05:30 - 2014-11-02 07:51 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\.ACEStream
2015-01-06 09:32 - 2014-10-09 21:33 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-06 09:32 - 2013-11-16 08:12 - 00000000 ____D () C:\ProgramData\Skype
2015-01-05 18:36 - 2010-11-20 19:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-12-29 01:19 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\System32\FxsTmp
2014-12-29 00:32 - 2013-11-18 09:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\cache
2014-12-24 01:21 - 2013-11-17 12:19 - 00000000 ____D () C:\Program Files\Microsoft Office 15
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\AcDeltree.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Admin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Admin\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Admin\AppData\Local\Temp\vlc-2.1.2-win64.exe
C:\Users\Admin\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\Admin\AppData\Local\Temp\xmlUpdater.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
Restore point made on: 2015-01-13 22:46:36
Restore point made on: 2015-01-15 02:06:39
Restore point made on: 2015-01-20 00:20:28
Restore point made on: 2015-01-20 22:54:50
Restore point made on: 2015-01-20 22:55:22
Restore point made on: 2015-01-20 23:17:06
==================== Memory info ===========================
Percentage of memory in use: 8%
Total physical RAM: 16244.14 MB
Available physical RAM: 14926.23 MB
Total Pagefile: 16242.34 MB
Available Pagefile: 14944.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:476.94 GB) (Free:58.07 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:931.41 GB) (Free:740.79 GB) NTFS
Drive g: (ADATA UFD) (Removable) (Total:7.32 GB) (Free:7.32 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 9628EE43)
Partition 1: (Not Active) - (Size=476.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4673F7EC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 7.3 GB) (Disk ID: 04DD5721)
Partition 1: (Active) - (Size=7.3 GB) - (Type=0C)
LastRegBack: 2015-01-14 02:20
==================== End Of Log ============================