Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

c0000135 the program can't start because %hs is missing

Started by aasir42 , Aug 15 2015 07:19 AM
windows malware bsod farbar frst

  • Please log in to reply

#1
aasir42
Posted 15 August 2015 - 07:19 AM

aasir42

    New Member

  • Member
  • Pip
  • 1 posts

hi i really need help because i need my files and computer urgently

 

so ive used the farbar program thing. excuse me im not a tech geek so excuse my lingo 

 

Any help on what to do next would be appreciated

 

this is the log after scanning>>>:

 

 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-08-2015 01
Ran by SYSTEM on MININT-K8CE52K (14-08-2015 21:43:41)
Running from g:\
Platform: Windows 7 Home Basic (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
 
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-08] (Conexant Systems, Inc.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [790688 2011-04-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2011-04-29] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2284328 2011-02-14] (Synaptics Incorporated)
HKLM\...\Run: [btbb_McciTrayApp] => C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe [3457424 2011-05-26] (Alcatel-Lucent)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-12] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [312376 2012-02-08] (Power Software Ltd)
HKLM-x32\...\Run: [BabylonToolbar] => C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe [286720 2010-11-07] (Babylon Ltd.)
HKLM-x32\...\Run: [UnlockerAssistant] => "C:\Program Files (x86)\Unlocker\unlockerassistant.exe"
HKLM-x32\...\Run: [SweetIM] => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [114992 2012-02-16] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [Sweetpacks Communicator] => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [295728 2012-02-26] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-12] (Apple Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2014-01-01] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5212072 2015-07-29] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] authuitu.dll <==== ATTENTION
HKU\Aasir\...\Run: [Elbserver] => C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe [83344 2011-04-02] (Sony Corporation)
HKU\Aasir\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)
HKU\Aasir\...\Run: [Advanced SystemCare 5] => C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe [620376 2011-12-29] (IObit)
HKU\Aasir\...\Run: [DAEMON Tools Lite] => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\Aasir\...\Run: [VRLPHelper] => C:\Program Files (x86)\Sony\Media Gallery\VRLPHelper.exe [186768 2011-04-02] (Sony Corporation)
HKU\Aasir\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\Aasir\...\Run: [Spotify Web Helper] => C:\Users\Aasir\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-20] (Spotify Ltd)
HKU\Aasir\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [81952 2012-10-30] (PC Utilities Pro)
HKU\Aasir\...\Run: [Facebook Update] => C:\Users\Aasir\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-13] (Facebook Inc.)
HKU\Aasir\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2895552 2015-07-23] (Valve Corporation)
HKU\Aasir\...\Run: [Spotify] => C:\Users\Aasir\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-20] (Spotify Ltd)
HKU\Aasir\...\Run: [SurfEasy] => C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyVPN.exe [5295800 2013-09-24] ()
HKU\Aasir\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Aasir\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\Aasir\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-13] (Apple Inc.)
HKU\Aasir\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\Aasir\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22012688 2015-06-20] (Google)
HKU\Aasir\...\Run: [GoogleChromeAutoLaunch_8E8FED5B853279EF7181421BDCB092A9] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-30] (Google Inc.)
HKU\Aasir\...\Run: [uTorrent] => C:\Users\Aasir\AppData\Roaming\uTorrent\uTorrent.exe [1693024 2015-08-03] (BitTorrent Inc.)
HKU\Aasir\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\Aasir\...\RunOnce: [Application Restart #1] => C:\Users\Aasir\AppData\Roaming\uTorrent\uTorrent.exe [1693024 2015-08-03] (BitTorrent Inc.)
HKU\Aasir\...\RunOnce: [Application Restart #2] => C:\Windows\SysWOW64\ctfmon.exe ctfmon.exe
HKU\Aasir\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-30] (Google Inc.)
HKU\Aasir\...\RunOnce: [Application Restart #4] => C:\Program Files\Windows Media Player\wmpnscfg.exe [70656 2009-07-13] (Microsoft Corporation)
HKU\Aasir\...\RunOnce: [Application Restart #5] => C:\Program Files\Windows Media Player\wmpnscfg.exe [70656 2009-07-13] (Microsoft Corporation)
HKU\Aasir\...\RunOnce: [Application Restart #6] => C:\Program Files\Windows Media Player\wmpnscfg.exe [70656 2009-07-13] (Microsoft Corporation)
HKU\Aasir\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-07-12] (Microsoft Corporation) <==== ATTENTION
HKU\Aasir\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\TeeSupport\...\Run: [Spotify] => C:\Users\TeeSupport\AppData\Roaming\Spotify\Spotify.exe [4503448 2013-04-05] (Spotify Ltd)
HKU\TeeSupport\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-13] (Apple Inc.)
HKU\TeeSupport\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
Startup: C:\Users\Aasir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2013-05-02]
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [497496 2011-12-29] (IObit)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-04-29] (Atheros)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3259304 2015-07-29] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301896 2015-07-29] (AVG Technologies CZ, s.r.o.)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2014-01-01] (Kaspersky Lab ZAO)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2011-03-23] (Alcatel-Lucent)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 persdwmsrv; C:\Program Files (x86)\Winreview.ru\Personalization Panel DWM Controller\persdwmsrv.exe [7680 2011-05-28] (winreview.ru)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
S2 SurfEasyVPN; C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyService.exe [3186360 2013-09-24] ()
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2589496 2014-10-17] (AVG Technologies)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1021112 2011-03-30] (Sony Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 FontCache; %SystemRoot%\system32\FntCache.dll [X]
S2 Update lucky leap; "C:\Program Files (x86)\lucky leap\updateluckyleap.exe" [X]
S2 Util lucky leap; "C:\Program Files (x86)\lucky leap\bin\utilluckyleap.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S2 Aspi32; C:\Windows\SysWOW64\drivers\aspi32.sys [16877 2002-07-16] (Adaptec)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [237536 2015-05-26] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [369120 2015-05-26] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [211936 2015-05-26] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [276960 2015-05-18] (AVG Technologies CZ, s.r.o.)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-03-19] (DT Soft Ltd)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-29] (Symantec Corporation)
S3 HP8107Fltr; C:\Windows\System32\DRIVERS\HP8107.sys [13824 2010-02-04] (Windows ® Win 7 DDK provider)
S0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
S1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2014-01-02] (Kaspersky Lab)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
S3 tapse01; C:\Windows\System32\DRIVERS\tapse01.sys [39608 2013-09-24] (The OpenVPN Project)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-09-08] (TuneUp Software)
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-14 21:43 - 2015-08-14 21:43 - 00000000 ____D C:\FRST
2015-08-12 10:19 - 2015-07-30 09:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 10:19 - 2015-07-30 09:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-12 10:19 - 2015-07-30 09:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-12 10:19 - 2015-07-30 09:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-12 10:19 - 2015-07-30 08:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-12 10:19 - 2015-07-16 11:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-12 10:19 - 2015-07-16 11:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-12 10:19 - 2015-07-16 11:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-12 10:19 - 2015-07-16 11:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-12 10:19 - 2015-07-16 11:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-12 10:19 - 2015-07-16 11:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-12 10:19 - 2015-07-16 11:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 10:19 - 2015-07-16 11:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-12 10:19 - 2015-07-16 11:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-12 10:19 - 2015-07-16 11:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-12 10:19 - 2015-07-16 11:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-12 10:19 - 2015-07-16 11:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 10:19 - 2015-07-16 11:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-12 10:19 - 2015-07-16 10:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-12 10:19 - 2015-07-14 18:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 10:19 - 2015-07-14 18:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 10:19 - 2015-07-14 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-12 10:19 - 2015-07-14 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-12 10:19 - 2015-07-09 09:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 10:18 - 2015-07-20 09:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-12 10:18 - 2015-07-20 09:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-12 10:18 - 2015-07-20 09:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-12 10:18 - 2015-07-20 09:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-12 10:18 - 2015-07-20 09:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-12 10:18 - 2015-07-10 09:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-11 10:31 - 2015-08-11 10:31 - 00000000 ____D C:\Users\Aasir\AppData\Local\{AB947A12-A90C-4FC8-893B-B7BA98E711DE}
2015-08-08 06:33 - 2015-08-08 06:33 - 00065514 _____ C:\Users\Aasir\Documents\Carrefour Survey Results.xlsx
2015-08-06 08:37 - 2015-08-06 08:37 - 00000000 ____D C:\Users\Aasir\AppData\Local\{661CB921-7F36-4F83-A116-40634188DB12}
2015-08-06 06:18 - 2015-08-06 06:18 - 00000000 ____D C:\Users\Aasir\AppData\Local\{7712FC7E-C632-4C9E-A17E-506283EFDEE1}
2015-08-03 10:59 - 2015-08-03 10:59 - 00000000 ____D C:\Users\Aasir\AppData\Local\CEF
2015-08-03 10:58 - 2015-08-03 10:58 - 00000000 ____D C:\Users\Aasir\AppData\Local\{155CA2C3-BF4E-439F-9C41-C6422C180E37}
2015-08-03 09:58 - 2015-08-03 09:58 - 00000000 __SHD C:\found.009
2015-07-28 07:29 - 2015-07-25 10:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2015-07-28 07:29 - 2015-07-25 10:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2015-07-28 07:29 - 2015-07-25 10:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2015-07-28 07:29 - 2015-07-25 10:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2015-07-28 07:29 - 2015-07-25 10:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2015-07-28 07:29 - 2015-07-25 10:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2015-07-28 07:29 - 2015-07-25 10:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2015-07-28 07:29 - 2015-07-25 09:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2015-07-22 12:48 - 2015-07-22 12:48 - 00000000 ____D C:\Users\Aasir\AppData\Local\{404AD427-0543-46F5-96AB-81C24D53C686}
2015-07-22 11:14 - 2015-07-22 12:28 - 00000000 ____D C:\Users\Aasir\Desktop\New folder
2015-07-20 13:44 - 2015-07-14 19:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2015-07-20 13:44 - 2015-07-14 19:19 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2015-07-20 13:44 - 2015-07-14 19:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2015-07-20 13:44 - 2015-07-14 18:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-20 13:44 - 2015-07-14 17:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2015-07-18 17:17 - 2015-07-18 17:17 - 00000000 ____D C:\Users\Aasir\AppData\Local\{4B295D45-A343-4618-94D0-A103DEEB210D}
2015-07-18 16:29 - 2015-07-18 16:52 - 00000000 ____D C:\Users\Aasir\Downloads\Mad Max Fury Road 1080p WEBRiP - BLiTZCRiEG
2015-07-17 18:26 - 2015-07-18 17:44 - 00000000 ____D C:\Users\Aasir\Downloads\The Maze Runner (2014) [1080p]
2015-07-17 18:26 - 2015-07-17 18:38 - 00000000 ____D C:\Users\Aasir\Downloads\Meek Mill - Dreams Worth More Than Money (Explicit) 2015 {MP3 Album}~{VBUc}
2015-07-17 18:12 - 2015-07-18 17:45 - 00000000 ____D C:\Users\Aasir\Downloads\Ted 2 2015 UNCENSORED 1080p HC HDRip x264 AAC-JYK
2015-07-17 18:07 - 2015-07-17 18:10 - 00000000 ____D C:\Users\Aasir\Downloads\Hacking Wireless Networks For Dummies
2015-07-17 17:59 - 2015-07-17 18:03 - 00000000 ____D C:\Users\Aasir\AppData\Local\ERW
2015-07-17 17:59 - 2015-07-17 17:59 - 00001210 _____ C:\Users\Public\Desktop\ePub Reader for Windows.lnk
2015-07-17 17:59 - 2015-07-17 17:59 - 00000000 ____D C:\Program Files (x86)\ePub Reader for Windows
2015-07-17 17:57 - 2015-07-17 17:57 - 01115709 _____ (HANSoft, Inc. ) C:\Users\Aasir\Downloads\ERWsetup.exe
2015-07-17 17:55 - 2015-07-17 18:01 - 00000000 ____D C:\Users\Aasir\Downloads\Great Gatsby, The
2015-07-17 13:57 - 2015-07-17 13:57 - 00001476 _____ C:\Users\Public\Desktop\Norton Security Scan.LNK
2015-07-17 13:57 - 2015-07-17 13:57 - 00000000 ____D C:\Windows\System32\Drivers\NSSx64
2015-07-17 13:57 - 2015-07-17 13:57 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan
2015-07-16 10:17 - 2015-07-16 10:18 - 00000000 ____D C:\Users\Aasir\AppData\Local\{B413B079-6336-4F20-885B-8F0B2FF6406E}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-14 20:44 - 2015-04-20 07:10 - 00000000 ___SD C:\Windows\System32\GWX
2015-08-14 20:44 - 2014-12-12 17:23 - 00000000 ____D C:\Windows\System32\appraiser
2015-08-14 20:44 - 2014-11-27 07:04 - 00000000 ___RD C:\Users\Aasir\Google Drive
2015-08-14 20:44 - 2014-09-05 11:21 - 00000000 ____D C:\ProgramData\MFAData
2015-08-14 20:44 - 2014-09-05 10:06 - 00000000 ___SD C:\Windows\System32\CompatTel
2015-08-14 20:44 - 2013-08-16 07:10 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-14 20:44 - 2013-03-28 16:13 - 00000000 ____D C:\Users\Aasir\AppData\Roaming\uTorrent
2015-08-14 20:44 - 2013-03-14 14:10 - 00000000 ____D C:\Windows\System32\Macromed
2015-08-14 20:44 - 2012-05-22 03:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-14 20:44 - 2012-05-22 03:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-14 20:44 - 2012-03-17 05:57 - 00000000 ____D C:\ProgramData\Norton
2015-08-14 20:44 - 2011-12-04 19:26 - 00000000 ____D C:\users\Aasir
2015-08-14 20:44 - 2011-08-13 07:00 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-08-14 20:44 - 2011-08-13 06:58 - 00000000 ____D C:\ProgramData\Sony Corporation
2015-08-14 20:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2015-08-14 20:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-08-14 05:15 - 2011-08-13 06:35 - 01718191 _____ C:\Windows\WindowsUpdate.log
2015-08-14 05:13 - 2013-02-08 05:33 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-14 05:12 - 2013-03-14 14:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-14 05:11 - 2014-09-07 05:28 - 00118959 _____ C:\Windows\setupact.log
2015-08-14 05:11 - 2012-08-19 07:43 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3875845209-2866507240-2612726953-1000Core.job
2015-08-14 05:10 - 2012-08-19 07:43 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3875845209-2866507240-2612726953-1000UA.job
2015-08-14 05:10 - 2011-12-05 08:27 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3875845209-2866507240-2612726953-1000UA.job
2015-08-14 05:10 - 2011-12-05 08:27 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3875845209-2866507240-2612726953-1000Core.job
2015-08-13 18:40 - 2009-07-13 20:45 - 00022816 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-13 18:40 - 2009-07-13 20:45 - 00022816 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-13 16:35 - 2013-02-08 05:33 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-13 09:10 - 2011-12-05 08:27 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0A6A98C4-FF93-4DD8-82C9-58DC4163C356}
2015-08-13 09:05 - 2013-12-08 09:50 - 00000366 _____ C:\Windows\Tasks\AmiUpdXp.job
2015-08-13 05:16 - 2011-12-09 01:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-13 04:46 - 2009-07-13 18:34 - 00000478 _____ C:\Windows\win.ini
2015-08-13 04:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2015-08-12 17:00 - 2013-04-06 19:16 - 00000452 ____H C:\Windows\Tasks\Norton Security Scan for TeeSupport.job
2015-08-12 16:59 - 2012-04-15 08:30 - 00000452 ____H C:\Windows\Tasks\Norton Security Scan for Aasir.job
2015-08-12 16:56 - 2013-02-11 09:29 - 00000000 ____D C:\Users\Aasir\Documents\Bluetooth Folder
2015-08-12 11:44 - 2013-03-14 14:10 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 11:44 - 2013-03-14 14:10 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 11:44 - 2013-03-14 14:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-12 09:43 - 2013-02-08 05:34 - 00002202 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-12 04:47 - 2012-03-24 14:44 - 00000292 _____ C:\Windows\Tasks\DLL-files.com Fixer_UPDATES.job
2015-08-11 10:35 - 2012-08-29 10:55 - 00000000 ____D C:\Users\Aasir\AppData\Roaming\Spotify
2015-08-11 10:32 - 2013-04-05 11:25 - 00000000 ____D C:\users\TeeSupport
2015-08-11 10:32 - 2009-07-13 21:13 - 00816250 _____ C:\Windows\System32\PerfStringBackup.INI
2015-08-11 10:31 - 2013-01-20 09:43 - 00000000 ____D C:\Users\Aasir\Tracing
2015-08-11 10:30 - 2014-01-01 10:04 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-08-11 10:27 - 2013-03-24 17:19 - 00000320 _____ C:\Windows\Tasks\iuwtrew.job
2015-08-11 10:27 - 2012-08-07 14:15 - 00065536 _____ C:\Windows\System32\Ikeext.etl
2015-08-11 10:27 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-11 10:17 - 2012-06-14 01:57 - 00000000 ____D C:\Users\Aasir\AppData\Roaming\Skype
2015-08-09 06:57 - 2013-03-06 14:40 - 00000000 ____D C:\Users\Aasir\AppData\Local\CrashDumps
2015-08-08 05:05 - 2014-11-21 09:53 - 00000984 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2015-08-06 08:33 - 2014-09-07 05:28 - 00094972 _____ C:\Windows\PFRO.log
2015-08-06 06:15 - 2015-04-08 14:07 - 00001329 _____ C:\Users\Aasir\Desktop\Norton Installation Files.lnk
2015-08-03 10:56 - 2011-12-05 08:39 - 00000000 ____D C:\temp
2015-07-22 14:11 - 2012-01-10 07:07 - 00000023 _____ C:\test.xml
2015-07-22 12:41 - 2009-07-13 20:45 - 00440128 _____ C:\Windows\System32\FNTCACHE.DAT
2015-07-19 16:17 - 2014-09-05 10:44 - 00000000 ____D C:\Users\Aasir\AppData\Local\Windows Live
2015-07-19 16:14 - 2013-04-18 07:56 - 00000000 ____D C:\Users\Aasir\AppData\Roaming\vlc
2015-07-17 14:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-07-17 13:57 - 2012-04-15 08:30 - 00003614 _____ C:\Windows\System32\Tasks\Norton Security Scan for Aasir
2015-07-16 15:06 - 2014-11-26 09:55 - 00002061 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-07-16 15:06 - 2014-11-26 09:55 - 00002059 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-07-16 15:06 - 2014-11-26 09:55 - 00002049 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-07-15 16:31 - 2013-02-08 05:33 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 16:31 - 2013-02-08 05:33 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
Some files in TEMP:
====================
C:\Users\Aasir\AppData\Local\Temp\htmlayout.dll
C:\Users\Aasir\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Aasir\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Aasir\AppData\Local\Temp\uninstall6923230.exe
C:\Users\Aasir\AppData\Local\Temp\uninstall6941748.exe
C:\Users\Aasir\AppData\Local\Temp\utt5DD9.tmp.exe
C:\Users\Aasir\AppData\Local\Temp\utt8670.tmp.exe
 
==================== Known DLLs (Whitelisted) =========================
 
C:\Windows\System32\IERTUTIL.dll IS MISSING <==== ATTENTION
C:\Windows\System32\LPK.dll IS MISSING <==== ATTENTION
C:\Windows\System32\SHELL32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\URLMON.dll IS MISSING <==== ATTENTION
C:\Windows\System32\WININET.dll IS MISSING <==== ATTENTION
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points =========================
 
Restore point made on: 2015-07-28 17:01:18
Restore point made on: 2015-08-08 14:10:10
Restore point made on: 2015-08-13 04:36:26
Restore point made on: 2015-08-13 17:05:32
 
==================== Memory info =========================== 
 
Percentage of memory in use: 18%
Total physical RAM: 4043.86 MB
Available physical RAM: 3286.17 MB
Total Virtual: 4042.01 MB
Available Virtual: 3285.07 MB
 
==================== Drives ================================
 
Drive c: (AASIRS LOCAL DISK!!) (Fixed) (Total:286.04 GB) (Free:127.39 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:11.95 GB) (Free:0.82 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (Oxford IB Economics) (CDROM) (Total:0.2 GB) (Free:0 GB) UDF
Drive g: (AHMED OSMAN) (Removable) (Total:3.92 GB) (Free:3.92 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D5F9D4F6)
Partition 1: (Not Active) - (Size=11.9 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=286 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 3.9 GB) (Disk ID: 2476153F)
Partition 1: (Not Active) - (Size=3.9 GB) - (Type=0B)
 
 
LastRegBack: 2015-08-07 11:47
 
==================== End of log ============================
 

  • 0

Advertisements

#2
JSntgRvr
Posted 15 August 2015 - 02:52 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

:welcome:
 
Lets give it a try.
 
Download the attached file [attachment=78003:fixlist.txt] and save it in the same directory FRST64 is saved.

  • Start FRST64 with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 
Restart and Enter the System Recovery Options once again from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforu...isc-create.html


    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
  • Type in the following and press Enter.
    .

    bcdedit | find "osdevice"

  • Note the osdevice partition letter, then type.

    CHKDSK X: /R

  • Where X is the osdevice letter, and press Enter
  • The tool will start to run.
  • Upon finished, type exit and press Enter. Restart the computer

    Let us know if that helps.

  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: windows, malware, bsod, farbar, frst

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP