TechSpot

Wow64.dll error message on all programs and startup

Inactive
By NickPap
Nov 9, 2012
  1. I am receiving an error message on startup into my user account and any programs I try to open, except into Windows Explorer and the Control Panel. The error message is that C:\Windows\System32\wow64.dll is either not designed to run on Windows or it contains an error. Try installing the program again....

    I have tried to start the malware recommended in your 5 step, but I get the above error message.

    I have done the Farbar Recovery scans. The results are below:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-11-2012
    Ran by SYSTEM at 09-11-2012 20:05:39
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet002
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10081312 2010-03-05] (Realtek Semiconductor)
    HKLM\...\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\pcTrayApp.exe" [2727936 2012-06-07] (Alcatel-Lucent)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
    HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2010-10-01] (CyberLink Corp.)
    HKLM-x32\...\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-09-17] (CyberLink Corp.)
    HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2010-10-26] (cyberlink)
    HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
    HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-10-26] (Nullsoft, Inc.)
    HKLM-x32\...\Run: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" [x]
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
    HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [358336 2011-08-11] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
    HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3116152 2012-10-10] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [947808 2012-09-27] ()
    HKLM-x32\...\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT [856160 2012-09-27] ()
    HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296096 2012-10-05] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKU\Ellen\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-06-06] (Google Inc.)
    HKU\Ellen\...\Policies\system: [LogonHoursAction] 2
    HKU\Ellen\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Study\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17418928 2012-07-13] (Skype Technologies S.A.)
    HKU\Study\...\Policies\system: [LogonHoursAction] 2
    HKU\Study\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\William\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-06-06] (Google Inc.)
    HKU\William\...\Policies\system: [LogonHoursAction] 2
    HKU\William\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\TwonkyServer.lnk
    ShortcutTarget: TwonkyServer.lnk -> C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
    ==================== Services (Whitelisted) ===================
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5783672 2012-10-01] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [193568 2012-10-01] (AVG Technologies CZ, s.r.o.)
    2 pcCMService64; "C:\Program Files\Common Files\Motive\pcCMService.exe" [441344 2012-06-18] (Alcatel-Lucent)
    2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe -start [545608 2012-03-29] ()
    2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe -serviceversion 0 [537416 2012-03-29] (PacketVideo)
    2 TwonkyWebDav; C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe -start [267080 2012-03-29] ()
    2 Updater Service for StartNow Toolbar; C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [267488 2011-07-27] ()
    2 vToolbarUpdater12.2.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [722528 2012-09-27] ()
    ==================== Drivers (Whitelisted) =====================
    1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [151904 2012-09-12] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [61792 2012-09-20] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-01] (AVG Technologies CZ, s.r.o.)
    0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-20] (AVG Technologies CZ, s.r.o.)
    0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-04] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-13] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-20] (AVG Technologies CZ, s.r.o.)
    1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-09-27] (AVG Technologies)
    3 Ctxusbr; C:\Windows\System32\Drivers\Ctxusbr.sys [66096 2010-07-14] (Citrix Systems, Inc.)
    3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
    3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
    3 BCORETH5; \??\E:\BCORETH5.SYS [x]
    3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
    3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
    3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0; \??\c:\gencotst\pcdsrvc_x64.pkms [x]
    3 ZZZMPR5; \??\E:\ZZZMPR5.SYS [x]
    ==================== NetSvcs (Whitelisted) ====================

    ==================== One Month Created Files and Folders ========
    2012-11-08 05:00 - 2012-11-08 05:00 - 00000000 __SHD C:\found.002
    2012-10-31 12:53 - 2012-10-31 12:53 - 00035018 ____A C:\Users\Ellen\Documents\viewreport.aspx
    2012-10-31 11:02 - 2012-10-31 11:02 - 00035018 ____A C:\Users\Ellen\Desktop\viewreport.aspx
    2012-10-13 05:47 - 2012-10-13 05:47 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
    2012-10-13 05:47 - 2012-10-13 05:47 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
    2012-10-13 04:17 - 2012-10-13 04:17 - 00087171 ____A C:\Users\Ellen\Documents\Gluten drug could allow normal diet - Health - NZ Herald News.htm
    2012-10-13 04:17 - 2012-10-13 04:17 - 00000000 ____D C:\Users\Ellen\Documents\Gluten drug could allow normal diet - Health - NZ Herald News_files
    2012-10-10 11:36 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-10-10 11:36 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-10-10 11:36 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-10-10 11:36 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-10-10 11:36 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-10-10 11:36 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-10-10 11:36 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-10-10 11:36 - 2012-08-20 10:48 - 00243200 ____A C:\Windows\System32\wow64.dll
    2012-10-10 11:36 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-10-10 11:36 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-10-10 11:36 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-10-10 11:36 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-10-10 11:36 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-10-10 11:36 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-10-10 11:36 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-10-10 11:36 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-10-10 11:36 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-10-10 11:36 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-10-10 11:36 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-10-10 11:36 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-10 11:36 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-10-10 11:35 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-10-10 11:35 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-10-10 11:35 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-10-10 11:35 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-10-10 11:35 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-10-10 11:35 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-10-10 11:35 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-10-10 11:35 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-10-10 11:35 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-10-10 11:35 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-10-10 11:35 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-10-10 11:35 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

    ==================== One Month Modified Files and Folders =======
    2012-11-09 16:59 - 2011-04-22 00:37 - 01532812 ____A C:\Windows\WindowsUpdate.log
    2012-11-09 16:59 - 2009-07-13 20:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-11-09 16:59 - 2009-07-13 20:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-11-09 16:57 - 2011-06-06 14:28 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-11-09 16:56 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-11-09 16:56 - 2009-07-13 20:51 - 00055546 ____A C:\Windows\setupact.log
    2012-11-09 16:42 - 2012-04-04 16:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-11-09 16:29 - 2009-07-13 21:13 - 00727310 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-11-09 16:22 - 2011-06-06 14:28 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-11-09 16:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2012-11-09 15:57 - 2009-07-13 21:08 - 00032622 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-11-09 15:56 - 2011-05-08 15:50 - 00000000 ____D C:\users\William
    2012-11-09 15:56 - 2011-05-02 15:02 - 00000000 ____D C:\users\Ellen
    2012-11-09 15:56 - 2011-05-02 14:10 - 00000000 ____D C:\users\Study
    2012-11-09 15:55 - 2012-09-27 13:03 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
    2012-11-09 15:55 - 2011-06-07 23:11 - 00000000 ____D C:\Users\All Users\MFAData
    2012-11-09 15:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
    2012-11-09 15:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
    2012-11-09 15:54 - 2011-11-10 16:45 - 00000000 ____D C:\Users\All Users\Real
    2012-11-08 05:00 - 2012-11-08 05:00 - 00000000 __SHD C:\found.002
    2012-11-04 04:51 - 2012-07-06 13:56 - 00000000 ____D C:\Users\All Users\TwonkyServer
    2012-10-31 12:53 - 2012-10-31 12:53 - 00035018 ____A C:\Users\Ellen\Documents\viewreport.aspx
    2012-10-31 11:02 - 2012-10-31 11:02 - 00035018 ____A C:\Users\Ellen\Desktop\viewreport.aspx
    2012-10-26 04:51 - 2012-09-27 13:03 - 00000971 ____A C:\Users\Public\Desktop\AVG 2013.lnk
    2012-10-13 05:47 - 2012-10-13 05:47 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
    2012-10-13 05:47 - 2012-10-13 05:47 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
    2012-10-13 05:47 - 2012-06-11 05:38 - 00000000 ___HD C:\$AVG
    2012-10-13 04:17 - 2012-10-13 04:17 - 00087171 ____A C:\Users\Ellen\Documents\Gluten drug could allow normal diet - Health - NZ Herald News.htm
    2012-10-13 04:17 - 2012-10-13 04:17 - 00000000 ____D C:\Users\Ellen\Documents\Gluten drug could allow normal diet - Health - NZ Herald News_files
    2012-10-11 13:30 - 2012-06-29 11:45 - 00002169 ____A C:\Users\Public\Desktop\AT&T Troubleshoot & Resolve Tool.lnk
    2012-10-11 13:29 - 2012-06-29 11:44 - 00000000 ____D C:\Program Files (x86)\ATT-SST
    2012-10-11 00:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2012-10-10 23:05 - 2012-08-13 16:59 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-10-10 23:05 - 2011-05-05 02:03 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-10-10 23:02 - 2011-10-17 16:55 - 00002380 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2012-10-10 03:57 - 2011-05-02 15:02 - 00111384 ____A C:\Users\Ellen\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-10-10 03:56 - 2009-07-13 20:45 - 00415800 ____A C:\Windows\System32\FNTCACHE.DAT

    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2012-08-24 04:03:19
    Restore point made on: 2012-09-03 19:05:26
    Restore point made on: 2012-09-04 23:00:30
    Restore point made on: 2012-09-12 05:14:28
    Restore point made on: 2012-09-12 17:47:00
    Restore point made on: 2012-09-22 14:24:39
    Restore point made on: 2012-09-22 23:00:32
    Restore point made on: 2012-09-25 23:00:42
    Restore point made on: 2012-09-27 13:01:41
    Restore point made on: 2012-09-27 13:02:11
    Restore point made on: 2012-10-01 17:39:32
    Restore point made on: 2012-10-08 02:32:46
    Restore point made on: 2012-10-10 23:00:47
    Restore point made on: 2012-10-18 15:52:49
    Restore point made on: 2012-10-25 17:08:35
    Restore point made on: 2012-11-04 05:40:48
    Restore point made on: 2012-11-09 15:14:51
    Restore point made on: 2012-11-09 15:52:37
    Restore point made on: 2012-11-09 16:05:30
    ==================== Memory info ===========================
    Percentage of memory in use: 10%
    Total physical RAM: 9206.93 MB
    Available physical RAM: 8216.71 MB
    Total Pagefile: 9205.07 MB
    Available Pagefile: 8201.91 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ==================== Partitions =============================
    1 Drive c: (OSDisk) (Fixed) (Total:452.09 GB) (Free:296.81 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (DATAPART1) (Fixed) (Total:1397.26 GB) (Free:1391.18 GB) NTFS
    3 Drive e: (Recovery) (Fixed) (Total:13.67 GB) (Free:7.71 GB) NTFS
    5 Drive g: () (Removable) (Total:15.04 GB) (Free:13.48 GB) FAT32
    10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 1397 GB 0 B
    Disk 2 Online 15 GB 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B
    Disk 6 No Media 0 B 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 452 GB 1024 KB
    Partition 2 Primary 13 GB 452 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C OSDisk NTFS Partition 452 GB Healthy
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 E Recovery NTFS Partition 13 GB Healthy
    =========================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1397 GB 1024 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D DATAPART1 NTFS Partition 1397 GB Healthy
    =========================================================
    Partitions of Disk 2:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 15 GB 31 KB
    ==================================================================================
    Disk: 2
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G FAT32 Removable 15 GB Healthy
    =========================================================
    Last Boot: 2012-11-05 04:20
    ==================== End Of Log =============================
    The Search Log is below


    Farbar Recovery Scan Tool (x64) Version: 09-11-2012
    Ran by SYSTEM at 2012-11-09 20:12:57
    Running from G:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    ====== End Of Search ======
     
  2. Broni

    Broni Malware Annihilator Posts: 47,654   +267

    I don't see anything malicious.
    I suggest you start new topic in Windows forum.
     
  3. Broni

    Broni Malware Annihilator Posts: 47,654   +267

    Actually my friend turned my attention to the fact that your wow64.dll file doesn't seem to be digitally signed so let's see if we can do something about it.

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    wow64.dll

    Click Search button and post the log (Search.txt) it makes in your reply.
     
  4. NickPap

    NickPap TS Rookie Topic Starter

    I ran the search, and the results are below. By the way, all of the search boxes were checked (Whitelist, etc)
    Farbar Recovery Scan Tool (x64) Version: 09-11-2012
    Ran by SYSTEM at 2012-11-11 05:59:14
    Running from G:\
    ================== Search: "wow64.dll" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.21772_none_c6928c0e073ecdf3\wow64.dll
    [2011-08-21 18:29] - [2011-07-15 21:33] - 0243200 ____A (Microsoft Corporation) 8EFEBA01F6FBB699F34D72F64A0081AE
    C:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.21738_none_c6c3cd7a0718f639\wow64.dll
    [2011-07-13 16:08] - [2011-06-02 23:02] - 0243200 ____A (Microsoft Corporation) 304CF7D8999926CBBA1D4EB291AB6BDD
    C:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.21728_none_c6ce9d660710da48\wow64.dll
    [2011-07-13 16:08] - [2011-05-13 23:11] - 0243200 ____A (Microsoft Corporation) CB8B394BA610705E3062A9639B8DE083
    C:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.17651_none_c61d8ed0ee11dcf0\wow64.dll
    [2011-08-21 18:29] - [2011-07-15 21:41] - 0243200 ____A (Microsoft Corporation) B1E3772FFA96AC5AEE89BF202AF8E348
    C:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.17625_none_c641ffbcedf5ee79\wow64.dll
    [2011-07-13 16:08] - [2011-06-02 22:57] - 0243200 ____A (Microsoft Corporation) 5FB5E69E9A79D3A7457F1136796BF9D5
    C:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.17617_none_c64ed03cedec0536\wow64.dll
    [2011-07-13 16:08] - [2011-05-13 23:25] - 0243200 ____A (Microsoft Corporation) F05389465AF6540DBC2AC75CDC48A5E4
    C:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.17514_none_c64bcd78edeebc0a\wow64.dll
    [2011-05-05 02:00] - [2010-11-20 05:27] - 0243200 ____A (Microsoft Corporation) 098EF40B77F88148349AAEBFE38E87C7
    C:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7600.21010_none_c4eae61e09e9baf5\wow64.dll
    [2011-08-21 18:29] - [2011-07-15 21:26] - 0243200 ____A (Microsoft Corporation) 34B79E4EE4C818335C8BEF249DDD0018
    C:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7600.20978_none_c4b230c40a12fa11\wow64.dll
    [2011-07-13 16:08] - [2011-06-02 23:00] - 0243200 ____A (Microsoft Corporation) BD52DED5D6DFE64AA64517EDD0921EC8
    C:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7600.20602_none_c4f7d8ca09dfa6fb\wow64.dll
    [2011-04-22 00:40] - [2009-12-22 00:45] - 0243200 ____A (Microsoft Corporation) 4F10398517F0B05BFB7C6506A04AD815
    C:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7600.16850_none_c4363180f0ec57ad\wow64.dll
    [2011-08-21 18:29] - [2011-07-15 21:26] - 0243200 ____A (Microsoft Corporation) ADFDF57DC62AE66FE47D5AD1C838131B
    C:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7600.16823_none_c459a222f0d14fdf\wow64.dll
    [2011-07-13 16:08] - [2011-06-01 22:45] - 0243200 ____A (Microsoft Corporation) F8097CB8791D6D0AACD46C19A5B45F82
    C:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7600.16816_none_c46772ecf0c67ff3\wow64.dll
    [2011-07-13 16:08] - [2011-05-13 23:41] - 0243200 ____A (Microsoft Corporation) 333297F5E91A6C799B6D3049E77B94C8
    C:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7600.16491_none_c40bea82f10bec2c\wow64.dll
    [2011-04-22 00:40] - [2009-12-22 00:36] - 0243200 ____A (Microsoft Corporation) E083B12FDC1D00E57E70C397ADFB3F0C
    C:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7600.16385_none_c41ab9b0f1003870\wow64.dll
    [2009-07-13 15:26] - [2009-07-13 17:41] - 0243200 ____A (Microsoft Corporation) F99A7E8B9DD9E511769C550E2174E4ED
    C:\Windows\System32\wow64.dll
    [2011-08-21 18:29] - [2011-07-15 21:41] - 0243200 ____A (Microsoft Corporation) B1E3772FFA96AC5AEE89BF202AF8E348
    ====== End Of Search ======
     
  5. Broni

    Broni Malware Annihilator Posts: 47,654   +267

    This is interesting because the search shows wow64.dll as digitally signed.
    Let me consult my friend on it.
     
  6. Broni

    Broni Malware Annihilator Posts: 47,654   +267

    Did you make any changes to your computer in order to fix the issue?
    Is the issue still present?
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.