This topic is locked
Hi
i've got infected by a rootkit, and my pc was running slowly, and before Windows starts the screen turns blue, and after that starts normally, so i follow another malware fórums removal guides, but when i enter in safe mode, the antiviruses they scaned very fast, so i think something were blocking to scan normally, so in normal mode, i run TDSS Killer, and they found a rootkit (sorry, i dont write the name of the rootkit), so, i delete, and then restart, and scan again, and again found a rootkit, i do the same thing that ido before, and again scan, and they found nothing, but my computer was the same.
i scan with emsisoft emergency kit, and found some malicious registry entries, but my computer was still slow, so i format my computer, (i have Windows 8.1), and everything was normally till i notice that i have some adwares in my browser, i run JRT and ADW cleaner, but found nothing, next, i notice tan my computer didnt install any updates, y try over and over again, but still i cant, so i reset my computer and notice that, before starting, the screen have a color light blue, and were slow to start, so i format my computer again, but when i was configurating my computer for begin to use it, it freeze and reboot, so i had to do it all again, and now my computer starts normally.
so the situation right now is: my computer is not slow (only the start up, and is son cases, but less than before), and still i can't update Windows, so i think im still infected.
Thanks
I really apreciate the help
i attach de FRST log
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by al123_000 (administrator) on SAMUEL on 23-07-2015 09:32:35
Running from C:\Users\al123_000\Desktop
Loaded Profiles: al123_000 (Available Profiles: al123_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(ASUS) C:\Program Files\ASUS\ASUS FlipLock\TransformService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(STMicroelectronics) C:\Program Files (x86)\ST Microelectronics\ST_ACCEL\FFP_Manager.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_fa50b3979b1bcb4a\TiWorker.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ASUS HDD Protection Tray Application] => C:\Program Files (x86)\ST Microelectronics\ST_ACCEL\FFP_Manager.exe [54272 2013-12-03] (STMicroelectronics)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [114048 2013-10-17] (Intel Corporation)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-05-14] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-24] ()
HKLM-x32\...\RunOnce: [{09092FC0-909C-4845-B39B-597989454A63}] => cmd.exe /C start /D "C:\Users\AL123_~1\AppData\Local\Temp" /B {09092FC0-909C-4845-B39B-597989454A63}.exe -accepteula -accepteulaksn -postboot
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-401314101-946683506-2006832327-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://espanol.yahoo.com?fr=fp-comodo
HKU\S-1-5-21-401314101-946683506-2006832327-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-401314101-946683506-2006832327-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-401314101-946683506-2006832327-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2012-06-01] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 200.94.160.248
Tcpip\..\Interfaces\{EEF98F8E-5F9D-4000-8E8A-75D19401AA9D}: [DhcpNameServer] 200.94.160.248
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-24] (ASUS Cloud Corporation) [File not signed]
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [432528 2013-05-02] (Nuance Communications, Inc.)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-10-17] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116680 2013-10-17] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [126952 2013-10-17] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-03-17] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel® Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 TransformService; C:\Program Files\ASUS\ASUS FlipLock\TransformService.exe [69776 2014-04-30] (ASUS)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2014-05-14] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-05-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U0 20840607; C:\Windows\System32\drivers\66315839.sys [248728 2015-07-23] (Kaspersky Lab, Yury Parshin)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [289744 2013-10-17] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494296 2013-10-17] (Intel Corporation)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-08-08] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-08-08] (Intel Corporation)
R3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R3 m76usb; C:\Windows\System32\drivers\m76usb.sys [539336 2014-04-28] (Ralink Technology Corp.)
R3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-23] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 ST_ACCEL; C:\Windows\system32\DRIVERS\ST_Accel.sys [83456 2013-09-14] (STMicroelectronics)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2014-05-14] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-23 10:17 - 2015-07-23 10:17 - 00028672 ___SH C:\WINDOWS\system32\config\BCD-Template.LOG
2015-07-23 09:32 - 2015-07-23 09:33 - 00011494 _____ C:\Users\al123_000\Desktop\FRST.txt
2015-07-23 09:32 - 2015-07-23 09:32 - 00000000 ____D C:\FRST
2015-07-23 09:31 - 2015-07-23 09:31 - 02135552 _____ (Farbar) C:\Users\al123_000\Desktop\FRST64.exe
2015-07-23 09:11 - 2015-07-23 09:11 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-23 09:11 - 2015-07-23 09:11 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-23 09:11 - 2015-07-23 09:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-23 09:11 - 2015-07-23 09:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-23 09:11 - 2015-07-23 09:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-23 09:11 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-07-23 09:11 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-23 09:10 - 2015-07-23 09:10 - 00248728 _____ (Kaspersky Lab, Yury Parshin) C:\WINDOWS\system32\Drivers\66315839.sys
2015-07-23 09:10 - 2015-07-23 09:10 - 00000000 ____D C:\Users\al123_000\Desktop\mbam-chameleon-3.1.25.0
2015-07-23 09:10 - 2015-07-23 09:10 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-07-23 09:10 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-23 09:09 - 2015-07-23 09:09 - 06383209 _____ C:\Users\al123_000\Desktop\mbam-chameleon-3.1.25.0.zip
2015-07-23 09:08 - 2015-07-23 09:08 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\al123_000\Desktop\tdsskiller.exe
2015-07-23 09:06 - 2011-03-02 19:56 - 37943240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MRT.exe
2015-07-23 09:02 - 2015-07-23 09:02 - 00000000 ____D C:\Users\al123_000\AppData\Roaming\Macromedia
2015-07-23 08:49 - 2015-07-05 03:08 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-07-23 08:43 - 2015-07-23 08:51 - 00007591 _____ C:\Users\al123_000\AppData\Local\Resmon.ResmonCfg
2015-07-23 08:42 - 2015-07-23 08:42 - 00003934 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5B64FCD7-1E4D-4174-BAC6-20AD17F1427E}
2015-07-23 08:42 - 2015-07-23 08:42 - 00000000 __SHD C:\Users\al123_000\AppData\Local\EmieUserList
2015-07-23 08:42 - 2015-07-23 08:42 - 00000000 __SHD C:\Users\al123_000\AppData\Local\EmieSiteList
2015-07-23 08:38 - 2015-07-23 09:17 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-401314101-946683506-2006832327-1001
2015-07-23 08:37 - 2015-07-23 08:37 - 00000000 ____D C:\Users\al123_000\AppData\Roaming\WebStorage
2015-07-23 08:36 - 2015-07-23 08:36 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-07-23 08:36 - 2015-07-23 08:36 - 00000000 ____D C:\Users\al123_000\AppData\Local\GWX
2015-07-23 08:35 - 2015-07-23 08:35 - 00000000 __RDO C:\Users\al123_000\OneDrive
2015-07-23 08:32 - 2015-07-23 08:33 - 00000000 ____D C:\Users\al123_000\AppData\Local\PackageStaging
2015-07-23 08:32 - 2015-07-23 08:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2015-07-23 08:31 - 2015-07-23 08:31 - 00001444 _____ C:\Users\al123_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-23 08:31 - 2015-07-23 08:31 - 00000188 _____ C:\WINDOWS\FixPatch.log
2015-07-23 08:31 - 2015-07-23 08:31 - 00000093 _____ C:\Users\al123_000\AppData\Roaming\sp_data.sys
2015-07-23 08:31 - 2015-07-23 08:31 - 00000000 ____D C:\Users\al123_000\AppData\Roaming\Adobe
2015-07-23 08:31 - 2015-07-23 08:31 - 00000000 ____D C:\Users\al123_000\AppData\Local\VirtualStore
2015-07-23 08:31 - 2015-07-23 08:31 - 00000000 ____D C:\ProgramData\USBChargerPlus
2015-07-23 08:30 - 2015-07-23 08:33 - 00000000 ____D C:\Users\al123_000\AppData\Local\Packages
2015-07-23 08:30 - 2015-07-23 08:30 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-07-23 08:29 - 2015-07-23 08:31 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-23 08:29 - 2015-07-23 08:29 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-23 08:27 - 2015-07-09 12:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-23 08:27 - 2015-07-09 11:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-23 08:27 - 2015-07-09 09:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-23 08:27 - 2015-07-09 08:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-23 08:27 - 2015-07-09 08:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-23 08:27 - 2015-07-09 08:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-23 08:27 - 2015-07-09 08:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-23 08:27 - 2015-07-09 08:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-23 08:27 - 2015-07-09 08:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-23 08:27 - 2015-07-09 08:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-23 08:27 - 2015-07-09 08:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-23 08:27 - 2015-07-09 08:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-23 08:27 - 2015-07-09 08:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-23 08:27 - 2015-06-26 20:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-23 08:27 - 2015-06-26 20:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-23 08:27 - 2015-06-26 19:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-23 08:27 - 2015-06-02 10:47 - 02502928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-07-23 08:27 - 2015-06-02 10:47 - 02209080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-07-23 08:27 - 2015-06-02 10:47 - 00129120 _____ (Microsoft Corporation) C:\WINDOWS\system32\RestoreOptIn.exe
2015-07-23 08:27 - 2015-06-02 10:47 - 00110576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RestoreOptIn.exe
2015-07-23 08:27 - 2015-03-13 18:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-07-23 08:27 - 2015-03-13 17:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-07-23 08:27 - 2014-10-17 23:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-07-23 08:26 - 2015-07-23 08:35 - 00000000 ____D C:\Users\al123_000
2015-07-23 08:26 - 2015-07-23 08:26 - 00000020 ___SH C:\Users\al123_000\ntuser.ini
2015-07-23 08:26 - 2014-05-14 22:36 - 00000000 ___RD C:\Users\al123_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-23 08:26 - 2014-03-18 03:33 - 00000000 ___RD C:\Users\al123_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-07-23 08:26 - 2014-03-18 03:13 - 00000369 _____ C:\Users\al123_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-07-23 08:26 - 2014-03-18 03:13 - 00000369 _____ C:\Users\al123_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-07-23 08:26 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\al123_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-23 08:26 - 2013-08-22 08:36 - 00000000 ____D C:\Users\al123_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-23 10:17 - 2013-08-22 08:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2015-07-23 09:32 - 2014-10-25 08:36 - 02078432 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-23 09:26 - 2013-08-22 08:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-23 09:02 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-23 08:49 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-23 08:40 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-23 08:36 - 2013-08-22 07:46 - 00021635 _____ C:\WINDOWS\setupact.log
2015-07-23 08:35 - 2014-10-25 08:57 - 00003400 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2015-07-23 08:35 - 2014-10-25 08:57 - 00003390 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2015-07-23 08:35 - 2014-03-18 03:03 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-23 08:31 - 2014-05-14 22:37 - 00000000 ____D C:\WINDOWS\Panther
2015-07-23 08:31 - 2014-05-14 21:58 - 00000000 ____D C:\WINDOWS\Log
2015-07-23 08:30 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-23 08:29 - 2013-08-22 07:44 - 00336632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-23 08:29 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-07-23 08:29 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-23 08:27 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\restore
2015-07-23 08:25 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache
==================== Files in the root of some directories =======
2015-07-23 08:31 - 2015-07-23 08:31 - 0000093 _____ () C:\Users\al123_000\AppData\Roaming\sp_data.sys
2015-07-23 08:43 - 2015-07-23 08:51 - 0007591 _____ () C:\Users\al123_000\AppData\Local\Resmon.ResmonCfg
2014-10-25 08:48 - 2014-10-25 08:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-25 09:00 - 2014-03-25 18:11 - 0000137 _____ () C:\ProgramData\RefreshReg.vbs
2014-05-14 21:43 - 2014-03-26 13:50 - 0000124 _____ () C:\ProgramData\SetStretch.cmd
2014-05-14 21:43 - 2009-07-22 03:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-05-14 21:43 - 2012-09-07 04:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
Files to move or delete:
====================
C:\ProgramData\RefreshReg.vbs
C:\ProgramData\SetStretch.VBS
Some files in TEMP:
====================
C:\Users\al123_000\AppData\Local\Temp\{09092FC0-909C-4845-B39B-597989454A63}.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-23 09:18
==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by al123_000 at 2015-07-23 09:33:40
Running from C:\Users\al123_000\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-401314101-946683506-2006832327-500 - Administrator - Disabled)
al123_000 (S-1-5-21-401314101-946683506-2006832327-1001 - Administrator - Enabled) => C:\Users\al123_000
Guest (S-1-5-21-401314101-946683506-2006832327-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{5CA55DFC-2008-460F-B7A7-FB92100C4494}) (Version: 20.4.10117.43857 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.4.10117.43857 - Alcor Micro Corp.) Hidden
ASUS FlipLock (HKLM\...\{9BF8EF7C-4AA1-4CA7-93DB-8F543EB35F4E}) (Version: 1.0.3 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.8 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS)
Dragon Assistant Application en-US version 1.5.7 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.7 - Nuance Communications, Inc.)
Dragon Assistant Core Recognition Service version 1.1.10 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.10 - Nuance Communications, Inc.)
Dragon Assistant Language Data en-US version 1.1.3 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.3 - Nuance Communications, Inc.)
Dragon Assistant version 1.5.7 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.7 - Nuance Communications, Inc.)
Game Explorer Categories - casual (HKLM-x32\...\WildTangentGameProvider-asus-casual) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - enthusiast (HKLM-x32\...\WildTangentGameProvider-asus-enthusiast) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - family (HKLM-x32\...\WildTangentGameProvider-asus-family) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - kids (HKLM-x32\...\WildTangentGameProvider-asus-kids) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - touch (HKLM-x32\...\WildTangentGameProvider-asus-touch) (Version: 3.2.0.6 - WildTangent, Inc.)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2105 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.0 - Intel Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mediatek Bluetooth (HKLM\...\{878D7C14-18BD-7A70-9292-C0B3CE374125}) (Version: 11.0.754.0 - Mediatek)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 5.0.47.0 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7266 - Realtek Semiconductor Corp.)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.07.0054 - ST Microelectronics)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent)
Windows Driver Package - ASUS (ATP) Mouse (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-401314101-946683506-2006832327-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Restore Points =========================
23-07-2015 08:27:48 Windows Modules Installer
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {001BB766-6DA0-41A3-99E4-1664D2817727} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2014-03-11] ()
Task: {0FFDDC0C-549B-4CC4-9721-EBBBCF6A3DF5} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek)
Task: {3ABD43C8-56AB-403D-9B8D-DA59FC6679A7} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-05-26] (Realtek Semiconductor)
Task: {4595F95B-A9E5-4060-A7F4-E491554E0916} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-02] (ASUS)
Task: {516B07E3-96D7-45E5-98EB-966B8F5295D2} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-06-04] (Realtek Semiconductor)
Task: {70FDE9A1-0F80-41CC-9E5C-AE34F502A7C1} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
Task: {7279527C-EC73-4C08-A802-47284E8354A2} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {876C85D5-B8AA-4D01-BFD1-ACC54599764A} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [2015-07-23] ()
Task: {A7DB30D1-E065-4F88-AF93-6B80914BEA7E} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [2015-07-23] ()
Task: {BC2169AB-DF8F-47BE-B3B3-DE2BFF08D0B5} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Loaded Modules (Whitelisted) ==============
2014-10-25 08:57 - 2012-03-09 21:51 - 00243200 _____ () C:\Program Files (x86)\ST Microelectronics\ST_ACCEL\FFP_DT.dll
2014-10-25 09:00 - 2013-05-02 11:26 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll
2014-10-25 09:00 - 2013-05-02 11:26 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll
2014-10-25 09:00 - 2013-05-02 11:26 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll
2014-10-25 09:00 - 2013-05-02 11:26 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll
2014-10-25 09:00 - 2013-05-02 11:26 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll
2014-10-25 09:00 - 2013-05-02 11:26 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll
2014-10-25 09:00 - 2013-05-02 11:25 - 00027648 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll
2014-04-30 14:33 - 2014-04-30 14:33 - 00009216 _____ () C:\Program Files\ASUS\ASUS FlipLock\WMIProc.dll
2014-04-02 14:46 - 2014-04-02 14:46 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-04-02 14:46 - 2014-04-02 14:46 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-04-02 14:46 - 2014-04-02 14:46 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
2014-04-02 14:46 - 2014-04-02 14:46 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
2014-10-25 08:45 - 2013-10-23 13:44 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\al123_000\OneDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20840607.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\20840607.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-401314101-946683506-2006832327-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\al123_000\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg
DNS Servers: 200.94.160.248
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/23/2015 08:23:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program msoobe.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 39c
Start Time: 01d0c5633b1b115a
Termination Time: 16
Application Path: C:\WINDOWS\system32\oobe\msoobe.exe
Report Id: ac4f348c-314e-11e5-825e-ec0ec4292244
Faulting package full name:
Faulting package-relative application ID:
Error: (07/23/2015 09:22:05 AM) (Source: Windows Search Service Profile Notification) (EventID: 2) (User: )
Description: Unable to remove Windows Search Service indexed data for user '<Event xmlns='http://schemas.micro...ystem><ProviderName='Microsoft-Windows-Search-ProfileNotify' Guid='{FC6F77DD-769A-470E-BCF9-1B6555A118BE}' EventSourceName='Windows Search Service Profile Notification'/><EventID Qualifiers='49152'>2</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2015-07-23T16:22:05.000000000Z'/><EventRecordID>9</EventRecordID><Correlation/><Execution ProcessID='0' ThreadID='0'/><Channel>Application</Channel><Computer>Samuel</Computer><Security/></System><ProcessingErrorData><ErrorCode>15005</ErrorCode><DataItemName>__binLength</DataItemName><EventPayload>530061006D00750065006C005C00410064006D0069006E006900730074007200610074006F00720000003000780038003000300034003200310030003300000000000000</EventPayload></ProcessingErrorData></Event>' in response to user profile deletion. Error code %2.
%3.
System errors:
=============
Error: (07/23/2015 09:17:57 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
Microsoft Office:
=========================
Error: (07/23/2015 08:23:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: msoobe.exe6.3.9600.1638439c01d0c5633b1b115a16C:\WINDOWS\system32\oobe\msoobe.exeac4f348c-314e-11e5-825e-ec0ec4292244
Error: (07/23/2015 09:22:05 AM) (Source: Windows Search Service Profile Notification) (EventID: 2) (User: )
Description: <Event xmlns='http://schemas.micro...ystem><ProviderName='Microsoft-Windows-Search-ProfileNotify' Guid='{FC6F77DD-769A-470E-BCF9-1B6555A118BE}' EventSourceName='Windows Search Service Profile Notification'/><EventID Qualifiers='49152'>2</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2015-07-23T16:22:05.000000000Z'/><EventRecordID>9</EventRecordID><Correlation/><Execution ProcessID='0' ThreadID='0'/><Channel>Application</Channel><Computer>Samuel</Computer><Security/></System><ProcessingErrorData><ErrorCode>15005</ErrorCode><DataItemName>__binLength</DataItemName><EventPayload>530061006D00750065006C005C00410064006D0069006E006900730074007200610074006F00720000003000780038003000300034003200310030003300000000000000</EventPayload></ProcessingErrorData></Event>
==================== Memory info ===========================
Processor: Intel® Core™ i3-4030U CPU @ 1.90GHz
Percentage of memory in use: 41%
Total physical RAM: 5579.43 MB
Available physical RAM: 3257.22 MB
Total Virtual: 7179.43 MB
Available Virtual: 4683.08 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:444.65 GB) (Free:416.5 GB) NTFS ==>[system with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B4FA98D2)
Partition: GPT Partition Type.
==================== End of log ============================
Attached Files
-
Addition.txt 15.88KB
276 downloads
-
FRST.txt 22.55KB
217 downloads
, and now the two computers have the same symptoms: 
Sign In
Create Account
