Jump to content


Photo
- - - - -

BC.Miner virus assistance, please.

BC.Miner virus

  • This topic is locked This topic is locked
31 replies to this topic

#1 charade539

charade539

    New Member

  • Members
  • Pip
  • 17 posts

Posted 26 June 2012 - 07:21 PM

Malwarebytes keeps popping up with this virus, but when I tell it to remove it, it shows up again anyway. Also, I'm not sure if it is directly related to this virus or if another might be causing the problem, but I am continuously getting redirects and popups on my Firefox browser. It usually takes 5-10 tries of clicking a link to get to the site I wanted in the first place. Per your instructions, the information is below:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Kyle at 19:18:59 on 2012-06-26
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8191.6115 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Edimax\Common\RaUI.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Edimax\Common\RaRegistry.exe
C:\Program Files (x86)\Edimax\Common\RaRegistry64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253
uInternet Settings,ProxyOverride = *.local;<local>
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\5.1\iobitToolbarIE.dll
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\5.1\iobitToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll
BHO: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\5.1\iobitToolbarIE.dll
TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [<NO NAME>]
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files (x86)\Edimax\Common\RaUI.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4B151ABF-B89E-41C3-AEC3-A607F2CC3AD9} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.1\iobitToolbarIE.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll
BHO-X64: Updater For Spam Free Search Bar - No File
BHO-X64: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll
BHO-X64: Spam Free Search Bar - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB-X64: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll
TB-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.1\iobitToolbarIE.dll
TB-X64: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [(Default)]
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\tq9u0624.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Kyle\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\tq9u0624.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 SBRE;SBRE;\??\C:\Windows\system32\drivers\SBREdrv.sys --> C:\Windows\system32\drivers\SBREdrv.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-3-12 913792]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-6-22 821592]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-10 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-22 1262400]
R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Edimax\Common\RaRegistry.exe [2012-5-8 185632]
R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Edimax\Common\RaRegistry64.exe [2012-5-8 212256]
R2 Sentinel64;Sentinel64;C:\Windows\system32\Drivers\Sentinel64.sys --> C:\Windows\system32\Drivers\Sentinel64.sys [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-6-22 21384]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2012-6-22 33184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-6-2 1019328]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-2 250056]
S3 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-3-4 748440]
S3 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-9-26 375176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-11 113120]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2009-9-17 369952]
S3 SentinelSecurityRuntime;Sentinel Security Runtime;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2009-9-17 292128]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2012-6-22 21872]
.
=============== Created Last 30 ================
.
2012-06-26 22:50:53 57976 ----a-r- C:\Windows\System32\drivers\SBREDrv.sys
2012-06-26 22:50:46 -------- d-----w- C:\Program Files (x86)\STOPzilla!
2012-06-26 22:50:45 -------- d-----w- C:\ProgramData\STOPzilla!
2012-06-26 22:50:45 -------- d-----w- C:\Program Files (x86)\Common Files\iS3
2012-06-26 22:42:56 110080 ----a-r- C:\Users\Kyle\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconF7A21AF7.exe
2012-06-26 22:42:56 110080 ----a-r- C:\Users\Kyle\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconD7F16134.exe
2012-06-26 22:42:56 110080 ----a-r- C:\Users\Kyle\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\Icon1226A4C5.exe
2012-06-26 22:42:56 -------- d-----w- C:\sh4ldr
2012-06-26 22:42:56 -------- d-----w- C:\Program Files\Enigma Software Group
2012-06-26 22:42:20 -------- d-----w- C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-23 21:25:31 -------- d-----w- C:\Users\Kyle\AppData\Local\Macromedia
2012-06-23 21:03:09 9815752 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-06-23 18:27:49 -------- d-----w- C:\Program Files (x86)\MCSkin3D
2012-06-21 05:56:21 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-19 18:16:25 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4D8DADC4-F81E-4476-A9F1-A093EF46F036}\mpengine.dll
2012-06-18 03:44:46 14604 ----a-w- C:\Windows\SysWow64\drivers\pfc.sys
2012-06-18 03:44:43 344064 ----a-r- C:\Windows\SysWow64\msvcr70.dll
2012-06-09 00:40:11 -------- d-----w- C:\Users\Kyle\AppData\Roaming\Braid
2012-06-09 00:39:59 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2012-06-06 19:18:50 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-06 19:18:50 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-06 19:18:50 136672 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-06-06 02:23:24 4227704 ----a-w- C:\Windows\SysWow64\GameMon.des
2012-06-06 02:23:10 5174 ----a-w- C:\Windows\SysWow64\nppt9x.vxd
2012-06-06 02:23:10 4682 ----a-w- C:\Windows\SysWow64\npptNT2.sys
2012-06-06 02:23:00 -------- d-----w- C:\Program Files\Common Files\INCA Shared
2012-06-05 08:15:47 -------- d-----w- C:\Program Files (x86)\BandiMPEG1
2012-06-05 08:15:46 -------- d-----w- C:\gPotato
2012-06-03 21:02:48 -------- d-----w- C:\Python27
2012-06-03 20:56:13 -------- d-----w- C:\Program Files (x86)\OpenRPG
2012-06-02 18:10:13 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-30 02:07:21 -------- d-----w- C:\Users\Kyle\AppData\Local\CRE
2012-05-30 02:07:20 -------- d-----w- C:\Program Files (x86)\Conduit
2012-05-30 02:07:19 -------- d-----w- C:\Users\Kyle\AppData\Local\Conduit
.
==================== Find3M ====================
.
2012-06-23 21:03:12 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-26 17:49:43 955848 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-05-26 17:49:43 839112 ----a-w- C:\Windows\System32\deployJava1.dll
2012-05-24 15:47:56 24448 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-15 07:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-04-25 16:35:32 23376 ----a-r- C:\Windows\SysWow64\SZIO5.dll
2012-04-25 16:35:22 546640 ----a-r- C:\Windows\SysWow64\SZComp5.dll
2012-04-25 16:35:16 481104 ----a-r- C:\Windows\SysWow64\SZBase5.dll
2012-04-19 22:39:44 29008 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll
2012-04-19 22:39:44 231248 ----a-r- C:\Windows\SysWow64\IS3Win325.dll
2012-04-19 22:39:42 390992 ----a-r- C:\Windows\SysWow64\IS3UI5.dll
2012-04-19 22:39:42 100176 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll
2012-04-19 22:39:36 104272 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll
2012-04-19 22:39:34 67408 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll
2012-04-19 22:39:34 132944 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll
2012-04-19 22:39:32 456528 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll
2012-04-19 22:39:30 808784 ----a-r- C:\Windows\SysWow64\IS3Base5.dll
2012-04-11 04:31:54 2303488 ----a-w- C:\Windows\SysWow64\python27.dll
2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 19:19:23.51 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/2/2011 8:25:26 AM
System Uptime: 6/26/2012 6:51:51 PM (1 hours ago)
.
Motherboard: MSI | | G41M-P33 (MS-7592)
Processor: Intel® Core™2 Quad CPU Q8400 @ 2.66GHz | CPU 1 | 2670/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1863 GiB total, 1248.091 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP243: 6/17/2012 2:11:57 PM - Windows Update
RP244: 6/17/2012 10:44:29 PM - Installed Adobe Premiere Pro
RP245: 6/18/2012 3:00:12 AM - Windows Update
RP246: 6/18/2012 11:42:55 PM - Windows Update
RP247: 6/19/2012 1:13:15 PM - Windows Update
RP248: 6/19/2012 1:15:24 PM - Windows Update
RP249: 6/20/2012 11:57:23 AM - Windows Update
RP250: 6/21/2012 3:00:13 AM - Windows Update
RP251: 6/22/2012 3:00:11 AM - Windows Update
RP252: 6/22/2012 5:27:10 AM - Removed Java™ 6 Update 31
RP253: 6/22/2012 5:36:44 AM - Windows Update
RP254: 6/23/2012 12:34:53 AM - Windows Update
RP255: 6/23/2012 1:15:26 PM - Windows Update
RP256: 6/23/2012 11:24:57 PM - Windows Update
RP257: 6/24/2012 2:44:31 PM - Windows Update
RP258: 6/25/2012 3:00:16 AM - Windows Update
RP259: 6/26/2012 2:00:43 AM - Windows Update
RP260: 6/26/2012 3:05:09 PM - Windows Update
RP261: 6/26/2012 5:36:49 PM - Restore Operation
RP262: 6/26/2012 5:42:23 PM - Installed SpyHunter
RP263: 6/26/2012 5:50:10 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP264: 6/26/2012 6:16:56 PM - StopZILLA! Restore Point.
RP265: 6/26/2012 6:56:01 PM - StopZILLA! Restore Point.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Premiere Pro
Adobe Premiere Pro CS6 Functional Content
Adobe Reader X (10.1.3)
ADRIFT 5.0
Advanced SystemCare 5
Aeria Ignite
Age of Mythology
Anti-phishing Domain Advisor
Apple Application Support
Apple Software Update
Armed and Dangerous
Artisteer 3
AVG PC Tuneup 2011
Azada In Libro Collectors Edition
Bandisoft MPEG-1 Decoder
Black & White® 2
Black & White® 2 Battle of the Gods
Black and White
Champions Online: Free For All
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Creatures Albian Years
DAEMON Tools Lite
DAEMON Tools Toolbar
Docking Station
Drawn 2 Dark Flight
Dream of Mirror Online
Dungeon Siege Legends of Aranna
Edimax RT2860 Wireless LAN Card
EverQuest II
EverQuest II Extended
eyeon Fusion 5.2
Fallout: New Vegas
Freedom Force vs the 3rd Reich
Freelancer
Gemini Lost .
Google Chrome
Green Moon
horseExpress
IBM ViaVoice Command and Control Runtime 5.3 - UK English
IBM ViaVoice Outloud Runtime - UK English
IObit Malware Fighter
IObit Toolbar v5.1
Legend of Grimrock
LightWave 10.0 64-bit
LogMeIn
Malwarebytes Anti-Malware version 1.61.0.1400
MCSkin3D version 1.4
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
Microsoft XNA Framework Redistributable 4.0
Microsoft Zoo Tycoon
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Minecraft Beta Cracked
Morrowind
Mozilla Firefox 14.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Oblivion
OpenRPG (Remove Only)
Otherworld - Spring of Shadows CE
PDF Settings CS5
Pet Workshop
Petz 4 (remove only)
PetzA 2.2.5
Pidgin
Portal
Portal 2
Portal 2 Authoring Tools - Beta
Python 2.7.3
QuickTime
Requiem
Rockets and Robots Clipart
Sci-Fi Clipart Series
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Sentinel Protection Installer 7.6.1
Skype™ 5.9
Spam Free Search Bar
SpeedFan (remove only)
Spiral Knights
SPORE™
SPORE™ Creepy & Cute Parts Pack
Star Wars®: Knights of the Old Republic ™
StarTopia
Steam
STOPzilla
TES Construction Set
The Elder Scrolls V: Skyrim
Total Video Converter 3.71 100812
Ubisoft Game Launcher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Winamp
Winamp Detector Plug-in
WinArchiver
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
6/26/2012 6:54:38 PM, Error: Service Control Manager [7000] - The UrlFilter service failed to start due to the following error: There are no more endpoints available from the endpoint mapper.
6/26/2012 6:53:18 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
6/26/2012 6:53:18 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
6/26/2012 6:53:18 PM, Error: Service Control Manager [7000] - The Hardlock service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
6/26/2012 6:52:48 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
6/26/2012 6:52:07 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
6/26/2012 6:13:40 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
6/25/2012 4:52:48 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
6/25/2012 4:45:44 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
6/23/2012 1:12:40 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
6/22/2012 4:38:07 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
6/22/2012 4:38:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/22/2012 4:38:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/22/2012 4:38:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/22/2012 4:38:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/22/2012 4:38:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/22/2012 4:37:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/22/2012 4:37:47 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf
6/22/2012 4:37:46 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/22/2012 4:37:46 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/22/2012 4:37:46 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/22/2012 4:37:46 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/22/2012 4:37:46 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/22/2012 4:37:46 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
6/22/2012 4:37:46 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/22/2012 4:37:46 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/22/2012 4:37:46 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/22/2012 4:37:46 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/19/2012 6:01:23 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
.
==== End Of File ===========================

#2 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,601 posts
  • Gender:Male

Posted 27 June 2012 - 03:32 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 charade539

charade539

    New Member

  • Members
  • Pip
  • 17 posts

Posted 27 June 2012 - 04:18 AM

Hello Gringo, nice to meet you. Here's the Security Check report:

Results of screen317's Security Check version 0.99.42
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
AVG PC Tuneup 2011
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
IObit IObit Malware Fighter IMFsrv.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


I will run combofix as soon as I post this so I can close the browser.

#4 charade539

charade539

    New Member

  • Members
  • Pip
  • 17 posts

Posted 27 June 2012 - 04:27 AM

Posted Image

This is what happened when I ran Combofix.

#5 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,601 posts
  • Gender:Male

Posted 27 June 2012 - 07:21 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#6 charade539

charade539

    New Member

  • Members
  • Pip
  • 17 posts

Posted 27 June 2012 - 02:57 PM

I downloaded the file, put it on a thumb drive, and followed your instructions, but the option to "Repair your computer" did not appear. I removed all other files from the flash drive and tried again, but it still did not show up.

#7 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,601 posts
  • Gender:Male

Posted 27 June 2012 - 03:00 PM

Greetings


go here to see how to make a repair disk - http://windows.micro...tem-repair-disc
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#8 charade539

charade539

    New Member

  • Members
  • Pip
  • 17 posts

Posted 27 June 2012 - 03:49 PM

I attempted to follow your instructions and am now stuck on a boot loop. It continously returns the the 'start windows normally/safe mode/etc' screen. No matter what I choose it just restarts.

#9 charade539

charade539

    New Member

  • Members
  • Pip
  • 17 posts

Posted 27 June 2012 - 03:50 PM

Also, I need to add that there was no option to choose my account, it automatically ran a diagnostic and rebooted, and then this began.

#10 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,601 posts
  • Gender:Male

Posted 27 June 2012 - 05:08 PM

have you removed the CD


gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#11 charade539

charade539

    New Member

  • Members
  • Pip
  • 17 posts

Posted 27 June 2012 - 06:40 PM

Yes, we removed the CD.

#12 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,601 posts
  • Gender:Male

Posted 27 June 2012 - 08:07 PM

have you tried the last known config that worked?


gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#13 charade539

charade539

    New Member

  • Members
  • Pip
  • 17 posts

Posted 28 June 2012 - 06:34 PM

I did, and I am now able to get back into Windows. Will retry your instructions.

#14 charade539

charade539

    New Member

  • Members
  • Pip
  • 17 posts

Posted 29 June 2012 - 02:27 PM

Here you go.

Scan result of Farbar Recovery Scan Tool Version: 25-06-2012
Ran by SYSTEM at 29-06-2012 14:17:28
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart [4464472 2012-05-09] (IObit)
HKU\Kyle\...\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [288128 2012-05-28] (IObit)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Wireless Utility.lnk
ShortcutTarget: Wireless Utility.lnk -> C:\Program Files (x86)\Edimax\Common\RaUI.exe (Edimax Technology Co.)

==================== Services (Whitelisted) ======

2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [913792 2012-05-26] (IObit)
3 Application Updater; "C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe" [748440 2012-03-04] (Spigot, Inc.)
2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [821592 2012-01-09] (IObit)
3 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375176 2011-09-26] (LogMeIn, Inc.)
4 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147336 2011-09-26] (LogMeIn, Inc.)
4 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2011-09-16] (LogMeIn, Inc.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 RalinkRegistryWriter; C:\Program Files (x86)\Edimax\Common\RaRegistry.exe [185632 2009-10-06] (Ralink Technology, Corp.)
2 RalinkRegistryWriter64; C:\Program Files (x86)\Edimax\Common\RaRegistry64.exe [212256 2009-10-06] (Ralink Technology, Corp.)
3 SentinelKeysServer; "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" [369952 2009-09-16] (SafeNet, Inc.)
3 SentinelProtectionServer; "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" [1246496 2009-09-17] (SafeNet, Inc)
3 SentinelSecurityRuntime; "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe" [292128 2009-09-16] (SafeNet, Inc.)
2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1019328 2012-06-02] (Enigma Software Group USA, LLC.)
2 szserver; "C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe" [67408 2012-04-25] (iS3, Inc.)

========================== Drivers (Whitelisted) =============

1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [279616 2011-12-27] (DT Soft Ltd)
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
3 FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [21384 2012-01-05] (IObit)
0 is3srv; C:\Windows\SysWow64\drivers\is3srv64.sys [74768 2011-09-26] (iS3 Inc.)
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-09-16] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2011-09-16] (LogMeIn, Inc.)
2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2011-09-16] (LogMeIn, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 pfc; C:\Windows\SysWow64\Drivers\pfc.sys [14604 2003-08-11] (Padus, Inc.)
3 RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [33184 2012-04-28] (IObit.com)
1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [57976 2012-01-12] (GFI Software)
2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
0 speedfan; C:\Windows\SysWow64\speedfan.sys [29592 2011-03-18] (Almico Software)
0 szkg5; C:\Windows\SysWow64\DRIVERS\szkg64.sys [74768 2011-09-26] (iS3 Inc.)
3 UrlFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [21872 2012-04-28] (IObit.com)
3 dump_wmimmc; \??\C:\gPotato\IrisOnline\GameGuard\dump_wmimmc.sys [x]
4 LMIRfsClientNP; [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
3 X6va005; \??\C:\Users\Kyle\AppData\Local\Temp\005510C.tmp [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-28 10:37 - 2012-06-28 10:37 - 00000240 ____A C:\Windows\System32\Drivers\kgpcpy.cfg
2012-06-27 01:24 - 2012-06-27 01:24 - 00020299 ____A C:\Users\Kyle\Desktop\Combofix Error.PNG
2012-06-27 01:21 - 2012-06-27 16:22 - 00000000 ___SD C:\32788R22FWJFW
2012-06-27 01:21 - 2012-06-27 16:22 - 00000000 ____D C:\Windows\erdnt
2012-06-27 01:21 - 2012-06-27 01:21 - 00000000 ____D C:\Qoobox
2012-06-27 01:17 - 2012-06-27 01:17 - 04569121 ___RA (Swearware) C:\Users\Kyle\Downloads\ComboFix.exe
2012-06-27 01:15 - 2012-06-27 01:15 - 00000184 ____A C:\Windows\SysWOW64\Drivers\kgpfr2.cfg
2012-06-27 01:14 - 2012-06-27 01:14 - 00881475 ____A C:\Users\Kyle\Downloads\SecurityCheck.exe
2012-06-26 16:34 - 2012-06-27 16:21 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\.minecraft
2012-06-26 16:33 - 2012-06-26 16:35 - 00000000 ____D C:\Users\Kyle\Desktop\New folder
2012-06-26 16:07 - 2012-06-26 16:07 - 00607260 ____R (Swearware) C:\Users\Kyle\Downloads\dds.com
2012-06-26 14:50 - 2012-06-28 22:59 - 00000000 ____D C:\Users\All Users\STOPzilla!
2012-06-26 14:50 - 2012-06-27 16:22 - 00000000 ____D C:\Program Files (x86)\STOPzilla!
2012-06-26 14:50 - 2012-01-12 06:28 - 00057976 ___RA (GFI Software) C:\Windows\System32\Drivers\SBREDrv.sys
2012-06-26 14:48 - 2012-06-26 14:48 - 00509440 ____A (iS3, Inc.) C:\Users\Kyle\Downloads\SZSetupAV.exe
2012-06-26 14:42 - 2012-06-27 16:22 - 00000000 ____D C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-26 14:42 - 2012-06-27 16:21 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-06-26 14:42 - 2012-06-26 14:43 - 00000000 ____D C:\sh4ldr
2012-06-26 14:42 - 2012-06-26 14:42 - 00002256 ____A C:\Users\Kyle\Desktop\SpyHunter.lnk
2012-06-26 14:40 - 2012-06-26 14:41 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Kyle\Downloads\SpyHunter-Installer(1).exe
2012-06-26 14:40 - 2012-06-26 14:40 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Kyle\Downloads\SpyHunter-Installer.exe
2012-06-25 14:33 - 2012-06-25 14:33 - 00000000 ____D C:\Users\Kyle\Downloads\attachments
2012-06-25 14:05 - 2012-06-25 14:06 - 04402056 ____A C:\Users\Kyle\Downloads\attachments.zip
2012-06-23 13:53 - 2012-06-23 13:53 - 65994752 ____A C:\Windows\System32\config\SOFTWARE.iobit
2012-06-23 13:53 - 2012-06-23 13:53 - 18915328 ____A C:\Windows\System32\config\SYSTEM.iobit
2012-06-23 13:53 - 2012-06-23 13:53 - 00167936 ____A C:\Windows\System32\config\DEFAULT.iobit
2012-06-23 13:53 - 2012-06-23 13:53 - 00057344 ____A C:\Windows\System32\config\SAM.iobit
2012-06-23 13:53 - 2012-06-23 13:53 - 00028672 ____A C:\Windows\System32\config\SECURITY.iobit
2012-06-23 13:25 - 2012-06-23 13:25 - 00000000 ____D C:\Users\Kyle\AppData\Local\Macromedia
2012-06-23 13:03 - 2012-06-23 13:03 - 09815752 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-06-23 10:27 - 2012-06-28 11:15 - 00000000 ____D C:\Program Files (x86)\MCSkin3D
2012-06-23 10:27 - 2012-06-23 10:27 - 01965549 ____A (Altered Softworks ) C:\Users\Kyle\Downloads\mcskin3d_1_4_0_235.exe
2012-06-23 10:27 - 2012-06-23 10:27 - 00001011 ____A C:\Users\Public\Desktop\MCSkin3D.lnk
2012-06-22 17:46 - 2012-06-25 13:39 - 00001070 ____A C:\Windows\PFRO.log
2012-06-22 13:23 - 2012-06-22 13:23 - 00001177 ____A C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2012-06-22 13:20 - 2012-06-22 13:21 - 19551736 ____A (IObit ) C:\Users\Kyle\Downloads\imf-setup.exe
2012-06-22 12:35 - 2012-06-29 11:03 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-22 11:50 - 2012-06-28 10:33 - 00000672 ____A C:\Windows\setupact.log
2012-06-22 11:50 - 2012-06-22 11:50 - 00000000 ____A C:\Windows\setuperr.log
2012-06-22 02:18 - 2012-06-22 02:19 - 01012656 ____A C:\Users\Kyle\Downloads\rkill.exe
2012-06-22 02:16 - 2012-06-22 02:16 - 00000618 ____A C:\Users\Kyle\Documents\cc_20120622_051608.reg
2012-06-22 00:55 - 2012-06-22 17:42 - 00000361 ____A C:\rkill.log
2012-06-22 00:54 - 2012-06-22 00:54 - 01012656 ____A C:\Users\Kyle\Downloads\rkill.com
2012-06-22 00:39 - 2012-06-22 00:39 - 00045664 ____A C:\Users\Kyle\Desktop\GMer.log
2012-06-22 00:00 - 2012-06-22 00:00 - 00302592 ____A C:\Users\Kyle\Downloads\odp539no.exe
2012-06-21 19:23 - 2012-06-27 16:22 - 00000000 ____D C:\Users\Kyle\Downloads\tdsskiller
2012-06-21 19:23 - 2012-06-21 19:23 - 02109806 ____A C:\Users\Kyle\Downloads\tdsskiller.zip
2012-06-20 22:03 - 2012-06-20 22:03 - 00278561 ____A C:\Users\Kyle\Downloads\Minecraft.exe
2012-06-20 22:02 - 2012-06-20 22:02 - 01589718 ____A C:\Users\Kyle\Downloads\Minecraft_Server.exe
2012-06-20 21:56 - 2012-06-27 16:21 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-20 21:44 - 2012-06-20 21:45 - 00000000 ____D C:\Users\Kyle\Downloads\Minecraft_key_code_generator
2012-06-20 21:35 - 2012-06-20 21:35 - 00000000 ____D C:\Users\Kyle\Downloads\Minecraft Gift Code Generator v1.9.1
2012-06-20 09:04 - 2012-06-22 02:01 - 00001584 ____A C:\Users\Kyle\Desktop\F-list.lnk
2012-06-20 09:02 - 2012-06-27 16:21 - 00000000 ____D C:\Users\Kyle\Downloads\F-list Messenger 0-8-3 beta
2012-06-19 11:54 - 2012-06-19 11:54 - 00951853 ____A C:\Users\Kyle\Downloads\RK_00262_HD25.mp4
2012-06-19 11:49 - 2012-06-19 11:49 - 00001822 ____A C:\Users\Kyle\Downloads\backfill.mov
2012-06-19 11:49 - 2012-06-19 11:49 - 00001817 ____A C:\Users\Kyle\Downloads\welding.mov
2012-06-19 11:48 - 2012-06-19 11:48 - 00997888 ____A C:\Users\Kyle\Downloads\sparks.avi
2012-06-18 16:29 - 2012-06-27 16:22 - 00000000 ____D C:\Users\Kyle\Downloads\The Secret World of Arrietty 2012 DVDRip XViD-sC0rp
2012-06-18 12:25 - 2012-06-18 12:25 - 00001196 ____A C:\Users\Kyle\Desktop\FileZilla.lnk
2012-06-17 19:44 - 2003-08-11 07:13 - 00344064 ___RA (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll
2012-06-17 19:44 - 2003-08-11 07:07 - 00014604 ____A (Padus, Inc.) C:\Windows\SysWOW64\Drivers\pfc.sys
2012-06-17 18:57 - 2012-06-17 18:58 - 00000000 ____D C:\Users\Kyle\Downloads\PremierePro_6_Content_LS7
2012-06-17 18:45 - 2012-06-17 18:56 - 768928646 ____A C:\Users\Kyle\Downloads\PremierePro_6_Content_LS7.7z
2012-06-17 18:29 - 2012-06-17 18:29 - 00000000 ____D C:\Users\Kyle\Downloads\Encore Working
2012-06-16 22:25 - 2012-06-17 12:38 - 00000000 ____D C:\Users\Kyle\Desktop\Flea Market
2012-06-14 18:21 - 2012-06-14 18:21 - 02446584 ____A (pepsoft.org) C:\Users\Kyle\Documents\worldpainter_64_0.8.9.exe
2012-06-13 15:08 - 2012-06-13 15:10 - 09813457 ____A C:\Users\Kyle\Downloads\F-list Messenger 0-8-3 beta.zip
2012-06-13 12:05 - 2012-06-23 12:32 - 00002119 ____A C:\Users\Public\Desktop\Legend of Grimrock.lnk
2012-06-13 12:05 - 2012-06-13 12:07 - 00000000 ____D C:\Users\Kyle\Downloads\The Legend of Korra
2012-06-13 12:05 - 2012-06-13 12:05 - 00000000 ____D C:\Users\Kyle\Documents\Almost Human
2012-06-11 23:31 - 2012-06-11 23:31 - 00036210 ____A C:\Users\Kyle\Documents\Loki_009.htm
2012-06-11 08:58 - 2012-06-11 08:58 - 00024032 ____A C:\Users\Kyle\Documents\cc_20120611_115807.reg
2012-06-10 23:07 - 2012-06-10 23:07 - 00107753 ____A C:\Users\Kyle\Documents\Loki_008.htm
2012-06-10 18:46 - 2012-06-10 18:46 - 00323997 ____A C:\Users\Kyle\Downloads\Remaster Patch.zip
2012-06-10 18:46 - 2012-06-10 18:46 - 00000000 ____D C:\Users\Kyle\Downloads\Remaster Patch
2012-06-08 22:01 - 2012-06-08 22:01 - 00070272 ____A C:\Users\Kyle\Documents\Loki_007.htm
2012-06-08 17:37 - 2012-06-08 17:37 - 00000000 ____D C:\Users\Kyle\Downloads\StarForge_V0.1
2012-06-08 17:30 - 2012-06-08 17:36 - 315470531 ____A C:\Users\Kyle\Downloads\StarForge_V0.1.zip
2012-06-08 16:40 - 2012-06-08 16:42 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Braid
2012-06-08 16:39 - 2008-07-12 05:18 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2012-06-07 21:19 - 2012-06-07 21:58 - 00017140 ____A C:\Users\Kyle\Documents\Loki_006.htm
2012-06-07 20:45 - 2012-06-07 20:51 - 00000028 ____A C:\Windows\encore_launcher.ini
2012-06-07 18:55 - 2012-06-07 18:55 - 00000000 ____D C:\Users\Kyle\Downloads\grendel_cage
2012-06-07 14:14 - 2012-06-07 14:14 - 01114119 ____A C:\Users\Kyle\Downloads\Creatures_Update_2.exe
2012-06-07 14:09 - 2012-06-07 14:09 - 00002395 ____A C:\Users\Kyle\Downloads\tomato_soup.zip
2012-06-07 14:06 - 2012-06-07 14:06 - 00014335 ____A C:\Users\Kyle\Downloads\peartree.zip
2012-06-07 14:04 - 2012-06-07 14:04 - 00023323 ____A C:\Users\Kyle\Downloads\grapevine.zip
2012-06-07 14:04 - 2012-06-07 14:04 - 00013553 ____A C:\Users\Kyle\Downloads\grendel_cage.zip
2012-06-07 14:03 - 2012-06-07 14:03 - 00049380 ____A C:\Users\Kyle\Downloads\de_theme.zip
2012-06-07 12:53 - 2012-06-07 12:53 - 00000000 ____D C:\Users\Kyle\Downloads\c_albian_years_manuals
2012-06-07 12:24 - 2012-06-10 18:57 - 00002340 ____A C:\Users\Public\Desktop\Creatures 2.lnk
2012-06-07 12:24 - 2012-06-10 18:57 - 00002331 ____A C:\Users\Public\Desktop\Creatures 1.lnk
2012-06-07 12:23 - 2012-06-07 12:24 - 00000000 ____D C:\Users\Kyle\Documents\Creatures
2012-06-07 12:16 - 2012-06-07 12:19 - 116171848 ____A (GOG.com ) C:\Users\Kyle\Downloads\setup_creatures_albian_years.exe
2012-06-07 12:16 - 2012-06-07 12:16 - 01207334 ____A C:\Users\Kyle\Downloads\c_albian_years_manuals.zip
2012-06-07 00:33 - 2012-06-07 00:34 - 00025288 ____A C:\Users\Kyle\Documents\LokiThor3some_001.htm
2012-06-06 18:15 - 2012-06-14 12:20 - 00000000 ____D C:\Users\Kyle\Documents\Island Stuff
2012-06-06 11:06 - 2012-06-06 11:06 - 17151152 ____A (Mozilla) C:\Users\Kyle\Downloads\Firefox Setup 13.0b7.exe
2012-06-06 01:41 - 2012-06-06 01:41 - 00094869 ____A C:\Users\Kyle\Documents\Loki_005.htm
2012-06-05 19:47 - 2012-06-05 19:49 - 31733248 ____A C:\Users\Kyle\Downloads\dockingstation_195.exe
2012-06-05 18:23 - 2012-06-05 18:23 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
2012-06-05 18:23 - 2011-11-08 13:00 - 04227704 ____A (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
2012-06-05 18:23 - 2005-01-03 16:43 - 00004682 ____A (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys
2012-06-05 18:23 - 2003-07-20 01:17 - 00005174 ____A C:\Windows\SysWOW64\nppt9x.vxd
2012-06-05 00:52 - 2012-06-05 00:52 - 00077900 ____A C:\Users\Kyle\Documents\Loki_004.htm
2012-06-05 00:15 - 2012-06-05 00:15 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2012-06-05 00:15 - 2012-06-05 00:15 - 00000000 ____D C:\gPotato
2012-06-04 23:46 - 2012-06-05 00:15 - 1764105178 ____A (Acresso Software Inc. ) C:\Users\Kyle\Downloads\Iris_US_v1.20.31086.exe
2012-06-04 23:45 - 2012-06-04 23:45 - 00773400 ____A C:\Users\Kyle\Downloads\IRIS_US_Downloader.exe
2012-06-03 13:02 - 2012-06-03 13:03 - 00000000 ____D C:\Python27
2012-06-03 13:00 - 2012-06-03 13:02 - 15867904 ____A C:\Users\Kyle\Downloads\python-2.7.3.msi
2012-06-03 12:56 - 2012-06-03 13:03 - 00000000 ____D C:\Program Files (x86)\OpenRPG
2012-06-03 12:55 - 2012-06-03 12:56 - 00829561 ____A C:\Users\Kyle\Downloads\openrpg-1.7.1.exe
2012-06-03 00:38 - 2012-06-03 00:38 - 00105831 ____A C:\Users\Kyle\Documents\Loki_003.htm
2012-06-02 10:36 - 2012-06-03 20:50 - 00000000 ____D C:\Users\Kyle\Downloads\Doctor Who
2012-06-02 10:28 - 2012-06-02 10:30 - 00000000 ____D C:\Users\Kyle\Downloads\Doctor Who 2005 Season 1-5
2012-06-02 10:10 - 2012-06-23 13:03 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-31 17:56 - 2012-05-31 18:05 - 00000000 ____D C:\Users\Kyle\Documents\Recipes
2012-05-31 10:33 - 2012-05-31 10:34 - 27070144 ____A (IObit ) C:\Users\Kyle\Downloads\asc-setup.exe
2012-05-31 00:34 - 2012-05-31 00:34 - 00047292 ____A C:\Users\Kyle\Documents\Loki_002.htm


============ 3 Months Modified Files and Folders =============

2012-06-29 14:17 - 2012-06-29 14:17 - 00000000 ____D C:\FRST
2012-06-29 11:10 - 2011-12-20 10:46 - 01872412 ____A C:\Windows\WindowsUpdate.log
2012-06-29 11:10 - 2011-10-02 19:40 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4045259866-2150992624-2669054454-1000Core.job
2012-06-29 11:09 - 2011-06-04 13:24 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\.purple
2012-06-29 11:03 - 2012-06-22 12:35 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-29 11:03 - 2011-10-02 19:40 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4045259866-2150992624-2669054454-1000UA.job
2012-06-28 23:55 - 2011-06-26 16:01 - 00000132 ____A C:\Users\Kyle\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-06-28 22:59 - 2012-06-26 14:50 - 00000000 ____D C:\Users\All Users\STOPzilla!
2012-06-28 16:02 - 2011-06-04 13:20 - 00000000 ____D C:\Program Files (x86)\Steam
2012-06-28 11:27 - 2011-06-04 13:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-28 11:15 - 2012-06-23 10:27 - 00000000 ____D C:\Program Files (x86)\MCSkin3D
2012-06-28 10:43 - 2009-07-13 20:45 - 00019312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-28 10:43 - 2009-07-13 20:45 - 00019312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-28 10:37 - 2012-06-28 10:37 - 00000240 ____A C:\Windows\System32\Drivers\kgpcpy.cfg
2012-06-28 10:33 - 2012-06-22 11:50 - 00000672 ____A C:\Windows\setupact.log
2012-06-28 10:33 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-28 10:32 - 2011-06-02 06:22 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-06-27 16:22 - 2012-06-27 01:21 - 00000000 ___SD C:\32788R22FWJFW
2012-06-27 16:22 - 2012-06-27 01:21 - 00000000 ____D C:\Windows\erdnt
2012-06-27 16:22 - 2012-06-26 14:50 - 00000000 ____D C:\Program Files (x86)\STOPzilla!
2012-06-27 16:22 - 2012-06-26 14:42 - 00000000 ____D C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-27 16:22 - 2012-06-21 19:23 - 00000000 ____D C:\Users\Kyle\Downloads\tdsskiller
2012-06-27 16:22 - 2012-06-18 16:29 - 00000000 ____D C:\Users\Kyle\Downloads\The Secret World of Arrietty 2012 DVDRip XViD-sC0rp
2012-06-27 16:22 - 2012-05-11 11:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-27 16:22 - 2012-03-12 17:57 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\IObit
2012-06-27 16:22 - 2011-11-15 19:21 - 00000000 ____D C:\Windows\System32\Macromed
2012-06-27 16:22 - 2011-06-02 06:13 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2012-06-27 16:22 - 2011-06-02 05:25 - 00000000 ____D C:\users\Kyle
2012-06-27 16:22 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-06-27 16:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-06-27 16:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-06-27 16:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2012-06-27 16:21 - 2012-06-26 16:34 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\.minecraft
2012-06-27 16:21 - 2012-06-26 14:42 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-06-27 16:21 - 2012-06-20 21:56 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-27 16:21 - 2012-06-20 09:02 - 00000000 ____D C:\Users\Kyle\Downloads\F-list Messenger 0-8-3 beta
2012-06-27 16:21 - 2011-08-26 20:31 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Skype
2012-06-27 16:21 - 2011-06-19 11:45 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Winamp
2012-06-27 16:21 - 2011-06-02 10:20 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Malwarebytes
2012-06-27 16:20 - 2012-03-12 17:57 - 00000000 ____D C:\Program Files (x86)\IObit
2012-06-27 15:34 - 2012-05-29 18:07 - 00000000 ____D C:\Users\Kyle\AppData\Local\Conduit
2012-06-27 01:24 - 2012-06-27 01:24 - 00020299 ____A C:\Users\Kyle\Desktop\Combofix Error.PNG
2012-06-27 01:21 - 2012-06-27 01:21 - 00000000 ____D C:\Qoobox
2012-06-27 01:17 - 2012-06-27 01:17 - 04569121 ___RA (Swearware) C:\Users\Kyle\Downloads\ComboFix.exe
2012-06-27 01:15 - 2012-06-27 01:15 - 00000184 ____A C:\Windows\SysWOW64\Drivers\kgpfr2.cfg
2012-06-27 01:14 - 2012-06-27 01:14 - 00881475 ____A C:\Users\Kyle\Downloads\SecurityCheck.exe
2012-06-26 16:35 - 2012-06-26 16:33 - 00000000 ____D C:\Users\Kyle\Desktop\New folder
2012-06-26 16:22 - 2012-05-26 09:48 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2012-06-26 16:07 - 2012-06-26 16:07 - 00607260 ____R (Swearware) C:\Users\Kyle\Downloads\dds.com
2012-06-26 14:52 - 2012-03-11 10:57 - 00000000 ____D C:\Users\Kyle\Desktop\Stories
2012-06-26 14:48 - 2012-06-26 14:48 - 00509440 ____A (iS3, Inc.) C:\Users\Kyle\Downloads\SZSetupAV.exe
2012-06-26 14:43 - 2012-06-26 14:42 - 00000000 ____D C:\sh4ldr
2012-06-26 14:42 - 2012-06-26 14:42 - 00002256 ____A C:\Users\Kyle\Desktop\SpyHunter.lnk
2012-06-26 14:41 - 2012-06-26 14:40 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Kyle\Downloads\SpyHunter-Installer(1).exe
2012-06-26 14:40 - 2012-06-26 14:40 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Kyle\Downloads\SpyHunter-Installer.exe
2012-06-26 13:33 - 2012-05-11 11:56 - 00000000 ____D C:\Users\Kyle\Desktop\TGWTG
2012-06-25 14:33 - 2012-06-25 14:33 - 00000000 ____D C:\Users\Kyle\Downloads\attachments
2012-06-25 14:06 - 2012-06-25 14:05 - 04402056 ____A C:\Users\Kyle\Downloads\attachments.zip
2012-06-25 13:55 - 2009-07-13 21:13 - 00006346 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-25 13:39 - 2012-06-22 17:46 - 00001070 ____A C:\Windows\PFRO.log
2012-06-23 13:53 - 2012-06-23 13:53 - 65994752 ____A C:\Windows\System32\config\SOFTWARE.iobit
2012-06-23 13:53 - 2012-06-23 13:53 - 18915328 ____A C:\Windows\System32\config\SYSTEM.iobit
2012-06-23 13:53 - 2012-06-23 13:53 - 00167936 ____A C:\Windows\System32\config\DEFAULT.iobit
2012-06-23 13:53 - 2012-06-23 13:53 - 00057344 ____A C:\Windows\System32\config\SAM.iobit
2012-06-23 13:53 - 2012-06-23 13:53 - 00028672 ____A C:\Windows\System32\config\SECURITY.iobit
2012-06-23 13:25 - 2012-06-23 13:25 - 00000000 ____D C:\Users\Kyle\AppData\Local\Macromedia
2012-06-23 13:03 - 2012-06-23 13:03 - 09815752 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-06-23 13:03 - 2012-06-02 10:10 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-23 13:03 - 2011-06-02 06:13 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-23 12:32 - 2012-06-13 12:05 - 00002119 ____A C:\Users\Public\Desktop\Legend of Grimrock.lnk
2012-06-23 10:27 - 2012-06-23 10:27 - 01965549 ____A (Altered Softworks ) C:\Users\Kyle\Downloads\mcskin3d_1_4_0_235.exe
2012-06-23 10:27 - 2012-06-23 10:27 - 00001011 ____A C:\Users\Public\Desktop\MCSkin3D.lnk
2012-06-22 17:42 - 2012-06-22 00:55 - 00000361 ____A C:\rkill.log
2012-06-22 13:23 - 2012-06-22 13:23 - 00001177 ____A C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2012-06-22 13:21 - 2012-06-22 13:20 - 19551736 ____A (IObit ) C:\Users\Kyle\Downloads\imf-setup.exe
2012-06-22 11:50 - 2012-06-22 11:50 - 00000000 ____A C:\Windows\setuperr.log
2012-06-22 02:19 - 2012-06-22 02:18 - 01012656 ____A C:\Users\Kyle\Downloads\rkill.exe
2012-06-22 02:16 - 2012-06-22 02:16 - 00000618 ____A C:\Users\Kyle\Documents\cc_20120622_051608.reg
2012-06-22 02:01 - 2012-06-20 09:04 - 00001584 ____A C:\Users\Kyle\Desktop\F-list.lnk
2012-06-22 00:54 - 2012-06-22 00:54 - 01012656 ____A C:\Users\Kyle\Downloads\rkill.com
2012-06-22 00:39 - 2012-06-22 00:39 - 00045664 ____A C:\Users\Kyle\Desktop\GMer.log
2012-06-22 00:00 - 2012-06-22 00:00 - 00302592 ____A C:\Users\Kyle\Downloads\odp539no.exe
2012-06-21 19:23 - 2012-06-21 19:23 - 02109806 ____A C:\Users\Kyle\Downloads\tdsskiller.zip
2012-06-21 11:33 - 2011-12-09 23:31 - 00000000 ____D C:\Users\Kyle\Documents\Morrowind Mods
2012-06-20 22:26 - 2012-03-03 13:37 - 00000693 ____A C:\Users\Kyle\Desktop\Minecraft.lnk
2012-06-20 22:03 - 2012-06-20 22:03 - 00278561 ____A C:\Users\Kyle\Downloads\Minecraft.exe
2012-06-20 22:02 - 2012-06-20 22:02 - 01589718 ____A C:\Users\Kyle\Downloads\Minecraft_Server.exe
2012-06-20 21:45 - 2012-06-20 21:44 - 00000000 ____D C:\Users\Kyle\Downloads\Minecraft_key_code_generator
2012-06-20 21:35 - 2012-06-20 21:35 - 00000000 ____D C:\Users\Kyle\Downloads\Minecraft Gift Code Generator v1.9.1
2012-06-19 11:54 - 2012-06-19 11:54 - 00951853 ____A C:\Users\Kyle\Downloads\RK_00262_HD25.mp4
2012-06-19 11:49 - 2012-06-19 11:49 - 00001822 ____A C:\Users\Kyle\Downloads\backfill.mov
2012-06-19 11:49 - 2012-06-19 11:49 - 00001817 ____A C:\Users\Kyle\Downloads\welding.mov
2012-06-19 11:48 - 2012-06-19 11:48 - 00997888 ____A C:\Users\Kyle\Downloads\sparks.avi
2012-06-18 12:25 - 2012-06-18 12:25 - 00001196 ____A C:\Users\Kyle\Desktop\FileZilla.lnk
2012-06-17 19:44 - 2011-08-07 13:44 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-17 19:44 - 2011-06-02 06:14 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-06-17 18:59 - 2011-06-26 15:07 - 00000000 ____D C:\Program Files\Adobe
2012-06-17 18:59 - 2011-06-26 15:06 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-06-17 18:58 - 2012-06-17 18:57 - 00000000 ____D C:\Users\Kyle\Downloads\PremierePro_6_Content_LS7
2012-06-17 18:58 - 2011-06-02 06:14 - 00000000 ____D C:\Users\Kyle\AppData\Local\Adobe
2012-06-17 18:56 - 2012-06-17 18:45 - 768928646 ____A C:\Users\Kyle\Downloads\PremierePro_6_Content_LS7.7z
2012-06-17 18:29 - 2012-06-17 18:29 - 00000000 ____D C:\Users\Kyle\Downloads\Encore Working
2012-06-17 12:38 - 2012-06-16 22:25 - 00000000 ____D C:\Users\Kyle\Desktop\Flea Market
2012-06-17 11:58 - 2011-08-26 20:31 - 00000000 ____D C:\Users\All Users\Skype
2012-06-14 19:43 - 2012-05-26 09:50 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\WorldPainter
2012-06-14 18:46 - 2012-05-26 09:50 - 00000000 ____D C:\Program Files\WorldPainter
2012-06-14 18:21 - 2012-06-14 18:21 - 02446584 ____A (pepsoft.org) C:\Users\Kyle\Documents\worldpainter_64_0.8.9.exe
2012-06-14 12:20 - 2012-06-06 18:15 - 00000000 ____D C:\Users\Kyle\Documents\Island Stuff
2012-06-13 15:10 - 2012-06-13 15:08 - 09813457 ____A C:\Users\Kyle\Downloads\F-list Messenger 0-8-3 beta.zip
2012-06-13 15:01 - 2012-05-11 11:56 - 00001107 ____A C:\Users\Kyle\Desktop\Modeler.lnk
2012-06-13 15:01 - 2012-05-11 11:56 - 00001100 ____A C:\Users\Kyle\Desktop\Layout.lnk
2012-06-13 14:26 - 2011-11-27 11:40 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2012-06-13 12:07 - 2012-06-13 12:05 - 00000000 ____D C:\Users\Kyle\Downloads\The Legend of Korra
2012-06-13 12:05 - 2012-06-13 12:05 - 00000000 ____D C:\Users\Kyle\Documents\Almost Human
2012-06-13 12:04 - 2012-01-30 17:47 - 00000000 ____D C:\Program Files (x86)\GOG.com
2012-06-13 00:09 - 2011-06-02 11:33 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-13 00:04 - 2012-03-12 18:45 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-11 23:31 - 2012-06-11 23:31 - 00036210 ____A C:\Users\Kyle\Documents\Loki_009.htm
2012-06-11 19:04 - 2011-10-02 19:43 - 00002358 ____A C:\Users\Kyle\Desktop\Google Chrome.lnk
2012-06-11 08:58 - 2012-06-11 08:58 - 00024032 ____A C:\Users\Kyle\Documents\cc_20120611_115807.reg
2012-06-11 08:55 - 2011-07-22 17:14 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\DAEMON Tools Lite
2012-06-10 23:07 - 2012-06-10 23:07 - 00107753 ____A C:\Users\Kyle\Documents\Loki_008.htm
2012-06-10 18:57 - 2012-06-07 12:24 - 00002340 ____A C:\Users\Public\Desktop\Creatures 2.lnk
2012-06-10 18:57 - 2012-06-07 12:24 - 00002331 ____A C:\Users\Public\Desktop\Creatures 1.lnk
2012-06-10 18:46 - 2012-06-10 18:46 - 00323997 ____A C:\Users\Kyle\Downloads\Remaster Patch.zip
2012-06-10 18:46 - 2012-06-10 18:46 - 00000000 ____D C:\Users\Kyle\Downloads\Remaster Patch
2012-06-08 22:01 - 2012-06-08 22:01 - 00070272 ____A C:\Users\Kyle\Documents\Loki_007.htm
2012-06-08 17:37 - 2012-06-08 17:37 - 00000000 ____D C:\Users\Kyle\Downloads\StarForge_V0.1
2012-06-08 17:36 - 2012-06-08 17:30 - 315470531 ____A C:\Users\Kyle\Downloads\StarForge_V0.1.zip
2012-06-08 16:42 - 2012-06-08 16:40 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Braid
2012-06-07 21:58 - 2012-06-07 21:19 - 00017140 ____A C:\Users\Kyle\Documents\Loki_006.htm
2012-06-07 20:51 - 2012-06-07 20:45 - 00000028 ____A C:\Windows\encore_launcher.ini
2012-06-07 18:55 - 2012-06-07 18:55 - 00000000 ____D C:\Users\Kyle\Downloads\grendel_cage
2012-06-07 14:14 - 2012-06-07 14:14 - 01114119 ____A C:\Users\Kyle\Downloads\Creatures_Update_2.exe
2012-06-07 14:09 - 2012-06-07 14:09 - 00002395 ____A C:\Users\Kyle\Downloads\tomato_soup.zip
2012-06-07 14:06 - 2012-06-07 14:06 - 00014335 ____A C:\Users\Kyle\Downloads\peartree.zip
2012-06-07 14:04 - 2012-06-07 14:04 - 00023323 ____A C:\Users\Kyle\Downloads\grapevine.zip
2012-06-07 14:04 - 2012-06-07 14:04 - 00013553 ____A C:\Users\Kyle\Downloads\grendel_cage.zip
2012-06-07 14:03 - 2012-06-07 14:03 - 00049380 ____A C:\Users\Kyle\Downloads\de_theme.zip
2012-06-07 12:53 - 2012-06-07 12:53 - 00000000 ____D C:\Users\Kyle\Downloads\c_albian_years_manuals
2012-06-07 12:24 - 2012-06-07 12:23 - 00000000 ____D C:\Users\Kyle\Documents\Creatures
2012-06-07 12:19 - 2012-06-07 12:16 - 116171848 ____A (GOG.com ) C:\Users\Kyle\Downloads\setup_creatures_albian_years.exe
2012-06-07 12:16 - 2012-06-07 12:16 - 01207334 ____A C:\Users\Kyle\Downloads\c_albian_years_manuals.zip
2012-06-07 00:34 - 2012-06-07 00:33 - 00025288 ____A C:\Users\Kyle\Documents\LokiThor3some_001.htm
2012-06-06 18:32 - 2011-08-30 18:31 - 00000000 ____D C:\Users\Kyle\Desktop\Lizzie's Couch
2012-06-06 11:18 - 2011-06-04 13:18 - 00001053 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-06-06 11:06 - 2012-06-06 11:06 - 17151152 ____A (Mozilla) C:\Users\Kyle\Downloads\Firefox Setup 13.0b7.exe
2012-06-06 01:41 - 2012-06-06 01:41 - 00094869 ____A C:\Users\Kyle\Documents\Loki_005.htm
2012-06-05 19:54 - 2012-03-13 15:51 - 00000000 ____D C:\Program Files (x86)\Docking Station
2012-06-05 19:49 - 2012-06-05 19:47 - 31733248 ____A C:\Users\Kyle\Downloads\dockingstation_195.exe
2012-06-05 18:23 - 2012-06-05 18:23 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
2012-06-05 01:32 - 2011-07-18 18:54 - 00000000 ____D C:\Program Files\PeerBlock
2012-06-05 00:52 - 2012-06-05 00:52 - 00077900 ____A C:\Users\Kyle\Documents\Loki_004.htm
2012-06-05 00:15 - 2012-06-05 00:15 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2012-06-05 00:15 - 2012-06-05 00:15 - 00000000 ____D C:\gPotato
2012-06-05 00:15 - 2012-06-04 23:46 - 1764105178 ____A (Acresso Software Inc. ) C:\Users\Kyle\Downloads\Iris_US_v1.20.31086.exe
2012-06-04 23:45 - 2012-06-04 23:45 - 00773400 ____A C:\Users\Kyle\Downloads\IRIS_US_Downloader.exe
2012-06-03 20:50 - 2012-06-02 10:36 - 00000000 ____D C:\Users\Kyle\Downloads\Doctor Who
2012-06-03 13:03 - 2012-06-03 13:02 - 00000000 ____D C:\Python27
2012-06-03 13:03 - 2012-06-03 12:56 - 00000000 ____D C:\Program Files (x86)\OpenRPG
2012-06-03 13:02 - 2012-06-03 13:00 - 15867904 ____A C:\Users\Kyle\Downloads\python-2.7.3.msi
2012-06-03 12:56 - 2012-06-03 12:55 - 00829561 ____A C:\Users\Kyle\Downloads\openrpg-1.7.1.exe
2012-06-03 00:38 - 2012-06-03 00:38 - 00105831 ____A C:\Users\Kyle\Documents\Loki_003.htm
2012-06-02 10:30 - 2012-06-02 10:28 - 00000000 ____D C:\Users\Kyle\Downloads\Doctor Who 2005 Season 1-5
2012-06-01 17:22 - 2012-05-22 16:59 - 00000000 ____D C:\Users\Kyle\Downloads\Hentai
2012-05-31 18:05 - 2012-05-31 17:56 - 00000000 ____D C:\Users\Kyle\Documents\Recipes
2012-05-31 13:28 - 2011-06-30 19:02 - 00000000 ____D C:\LiberKey
2012-05-31 10:34 - 2012-05-31 10:33 - 27070144 ____A (IObit ) C:\Users\Kyle\Downloads\asc-setup.exe
2012-05-31 10:34 - 2012-03-12 17:57 - 00001276 ____A C:\Users\Public\Desktop\Uninstaller.lnk
2012-05-31 10:34 - 2012-03-12 17:57 - 00001225 ____A C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
2012-05-31 00:34 - 2012-05-31 00:34 - 00047292 ____A C:\Users\Kyle\Documents\Loki_002.htm
2012-05-29 18:13 - 2012-05-29 18:10 - 00000000 ____D C:\Users\Kyle\Downloads\Captain America The First Avenger (2011) DVDRip XviD-MAXSPEED
2012-05-29 18:07 - 2012-05-29 18:07 - 00000000 ____D C:\Users\Kyle\AppData\Local\CRE
2012-05-29 18:07 - 2012-05-29 18:07 - 00000000 ____D C:\Program Files (x86)\Conduit
2012-05-28 22:27 - 2012-05-28 22:27 - 00810743 ____A C:\Users\Kyle\Downloads\BTWMod3-64.zip
2012-05-28 19:03 - 2012-05-28 19:03 - 00001911 ____A C:\Users\Kyle\Desktop\WorldPainter.lnk
2012-05-28 18:57 - 2012-05-28 18:56 - 06766449 ____A (Sytexis Software ) C:\Users\Kyle\Downloads\playclaw3.1969.exe
2012-05-28 17:16 - 2012-05-28 17:16 - 00999771 ____A C:\Users\Kyle\Downloads\SinglePlayerCommands-MC1.2.5_V3.2.2.jar
2012-05-28 14:50 - 2012-05-28 14:50 - 00000029 ____A C:\Windows\Index.ini
2012-05-28 14:45 - 2012-05-28 14:45 - 00189894 ____A C:\Users\Kyle\Documents\cc_20120528_174523.reg
2012-05-26 16:58 - 2012-05-26 16:29 - 00000000 ____D C:\Users\Kyle\Downloads\Legend.of.Grimrock-RELOADED
2012-05-26 16:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system
2012-05-26 16:31 - 2012-05-26 16:27 - 00000000 ____D C:\Users\Kyle\Downloads\Creatures Trilogy
2012-05-26 14:54 - 2012-05-26 14:52 - 00000000 ___HD C:\Windows\msdownld.tmp
2012-05-26 14:53 - 2012-05-26 14:53 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Hi-Rez Studios
2012-05-26 14:52 - 2012-05-26 14:52 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-05-26 14:52 - 2012-05-26 14:52 - 00000000 ____D C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2012-05-26 14:52 - 2012-05-26 14:52 - 00000000 ____D C:\Users\Kyle\AppData\Local\Aeria Games
2012-05-26 14:51 - 2012-05-26 14:51 - 00000000 ____D C:\Users\All Users\Aeria Games
2012-05-26 11:34 - 2012-05-26 11:34 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2012-05-26 10:38 - 2012-05-26 10:38 - 00000000 ____D C:\Users\Kyle\Documents\WorldPainterSaves
2012-05-26 10:05 - 2012-05-26 10:04 - 00000000 ____D C:\Users\Kyle\.minecraft
2012-05-26 09:51 - 2012-05-26 09:51 - 00001615 ____A C:\Users\Kyle\Desktop\Dream of Mirror Online.lnk
2012-05-26 09:49 - 2012-05-26 09:50 - 00955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-05-26 09:49 - 2012-05-26 09:50 - 00839112 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-05-26 09:49 - 2012-05-26 09:50 - 00268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-05-26 09:49 - 2012-05-26 09:49 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-05-26 09:49 - 2012-05-26 09:49 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-05-26 09:49 - 2012-05-26 09:49 - 00000000 ____D C:\Program Files\Java
2012-05-26 09:48 - 2012-05-26 08:36 - 00000000 ____D C:\AeriaGames
2012-05-26 08:28 - 2012-01-28 22:48 - 00000000 ____D C:\Program Files (x86)\horse6.6
2012-05-26 08:27 - 2011-08-28 21:00 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2012-05-26 08:26 - 2011-07-23 12:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2012-05-25 13:51 - 2012-05-22 00:01 - 00003211 ____A C:\Users\Kyle\Documents\Lokisms.txt
2012-05-24 07:47 - 2012-03-13 04:02 - 00024448 ____A (IObit) C:\Windows\System32\RegistryDefragBootTime.exe
2012-05-23 19:36 - 2012-05-23 19:16 - 732221440 ____A C:\Users\Kyle\Downloads\Ralph Bakshi's Wizards.avi
2012-05-23 12:29 - 2012-05-23 12:29 - 00000000 ____D C:\Users\Kyle\Downloads\Adobe Premier Pro 2 Keygen & Activation
2012-05-22 12:36 - 2011-09-24 15:11 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\NVIDIA
2012-05-22 12:20 - 2011-08-08 18:13 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-05-22 12:20 - 2011-06-02 06:21 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-05-21 17:24 - 2012-05-21 17:24 - 00000258 ____A C:\Users\Kyle\Documents\cc_20120521_202457.reg
2012-05-21 14:05 - 2012-05-21 14:05 - 00002467 ____A C:\Users\Kyle\Documents\Spelling Song Lyrics.txt
2012-05-21 00:02 - 2012-05-21 00:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-21 00:02 - 2012-05-21 00:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-19 02:52 - 2012-05-19 02:52 - 00072954 ____A C:\Users\Kyle\Documents\NoisyBoy_002.htm
2012-05-18 16:20 - 2011-12-21 22:21 - 00001920 ____A C:\Users\Kyle\Documents\Ad.txt
2012-05-18 07:55 - 2012-05-18 07:55 - 00069905 ____A C:\Users\Kyle\Documents\NoisyBoy_001.htm
2012-05-17 16:31 - 2012-05-17 16:28 - 00000000 ____D C:\Users\Kyle\Downloads\Thor (2011) DVDRip XviD-MAXSPEED
2012-05-17 00:35 - 2012-05-17 00:35 - 00043817 ____A C:\Users\Kyle\Documents\IronMan_001.htm
2012-05-15 02:48 - 2012-05-22 12:19 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-15 02:48 - 2012-05-22 12:19 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-15 02:48 - 2012-05-22 12:19 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-15 02:48 - 2012-05-22 12:19 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-05-15 02:48 - 2012-05-22 12:19 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-15 02:48 - 2012-05-22 12:19 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-05-15 02:48 - 2012-05-22 12:19 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-15 02:48 - 2012-05-22 12:19 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-05-15 02:48 - 2012-05-22 12:19 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-15 02:48 - 2012-05-22 12:19 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-15 02:48 - 2012-05-22 12:19 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-15 02:48 - 2012-05-22 12:19 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-15 02:48 - 2012-05-22 12:19 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-15 02:48 - 2012-05-22 12:19 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-15 02:48 - 2012-05-22 12:19 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-05-15 02:48 - 2012-05-22 12:19 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-05-15 02:48 - 2011-06-02 06:21 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-05-15 02:48 - 2011-06-02 06:21 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-05-15 02:48 - 2011-06-02 06:21 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-05-15 02:48 - 2011-06-02 06:21 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-05-15 02:48 - 2011-06-02 06:21 - 00014324 ____A C:\Windows\System32\nvinfo.pb
2012-05-15 02:48 - 2009-07-13 13:59 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-05-15 01:29 - 2011-06-02 06:22 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-05-15 01:29 - 2011-06-02 06:22 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-05-15 01:29 - 2011-06-02 06:22 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-05-15 01:29 - 2011-06-02 06:22 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-05-15 01:28 - 2011-06-02 06:22 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-05-14 23:56 - 2012-05-14 23:56 - 00030278 ____A C:\Users\Kyle\Documents\Loki_001.htm
2012-05-14 23:21 - 2012-05-14 23:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-05-11 11:55 - 2012-05-11 11:55 - 00002231 ____A C:\Users\Kyle\Desktop\Fusion 5.2.lnk
2012-05-11 11:54 - 2012-05-11 11:54 - 00000000 ____D C:\Program Files (x86)\eyeon
2012-05-11 11:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Setup
2012-05-11 11:49 - 2012-05-11 11:49 - 00000000 ____D C:\Users\Kyle\Downloads\eyeon fusion 5.2
2012-05-11 11:46 - 2012-05-11 11:42 - 52374122 ____A C:\Users\Kyle\Downloads\eyeon fusion 5.2.rar
2012-05-11 11:34 - 2012-05-11 11:34 - 00000000 ____D C:\Users\All Users\Mozilla
2012-05-10 00:26 - 2011-06-02 10:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-09 21:51 - 2012-02-15 05:08 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-09 15:49 - 2011-12-25 09:16 - 00000000 ____D C:\Users\Kyle\AppData\Local\Skyrim
2012-05-09 13:45 - 2011-11-27 16:58 - 00000000 ___RD C:\Users\Kyle\Virtual Machines
2012-05-09 13:39 - 2012-03-09 17:40 - 00002120 ____A C:\Users\Kyle\Desktop\VisualBoyAdvance - Shortcut.lnk
2012-05-09 13:39 - 2011-08-07 14:17 - 00001869 ____A C:\Users\Kyle\Desktop\Star Wars Knights of the Old Republic.lnk
2012-05-09 13:39 - 2011-07-18 18:54 - 00001780 ____A C:\Users\Kyle\Desktop\PeerBlock.lnk
2012-05-09 13:39 - 2011-06-19 18:17 - 00002058 ____A C:\Users\Public\Desktop\Media Player Classic - Home Cinema x64.lnk
2012-05-08 18:23 - 2012-05-08 18:18 - 00000000 ____D C:\Users\All Users\Ralink
2012-05-08 17:56 - 2012-05-08 17:56 - 00000000 ____D C:\Program Files (x86)\Edimax
2012-05-08 17:56 - 2012-05-08 16:35 - 00000000 ____D C:\Users\All Users\Edimax Driver
2012-05-08 17:56 - 2009-07-13 18:34 - 00000512 ____A C:\Windows\win.ini
2012-05-08 16:40 - 2012-05-08 16:40 - 00000000 ____D C:\Program Files (x86)\Cisco
2012-05-08 16:35 - 2012-05-08 16:35 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\InstallShield
2012-05-08 16:35 - 2012-05-08 16:35 - 00000000 ____D C:\Users\All Users\InstallShield
2012-04-28 19:27 - 2012-04-13 15:46 - 00000000 ____D C:\Windows\Minidump
2012-04-28 19:13 - 2012-04-28 19:13 - 00000000 ____D C:\Program Files (x86)\LucasArts
2012-04-25 08:35 - 2012-04-25 08:35 - 00546640 ___RA (iS3, Inc.) C:\Windows\SysWOW64\SZComp5.dll
2012-04-25 08:35 - 2012-04-25 08:35 - 00481104 ___RA (iS3, Inc.) C:\Windows\SysWOW64\SZBase5.dll
2012-04-25 08:35 - 2012-04-25 08:35 - 00023376 ___RA (iS3, Inc.) C:\Windows\SysWOW64\SZIO5.dll
2012-04-19 14:39 - 2012-04-19 14:39 - 00808784 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3Base5.dll
2012-04-19 14:39 - 2012-04-19 14:39 - 00456528 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3DBA5.dll
2012-04-19 14:39 - 2012-04-19 14:39 - 00390992 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3UI5.dll
2012-04-19 14:39 - 2012-04-19 14:39 - 00231248 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3Win325.dll
2012-04-19 14:39 - 2012-04-19 14:39 - 00132944 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3HTUI5.dll
2012-04-19 14:39 - 2012-04-19 14:39 - 00104272 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3Inet5.dll
2012-04-19 14:39 - 2012-04-19 14:39 - 00100176 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3Svc5.dll
2012-04-19 14:39 - 2012-04-19 14:39 - 00067408 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3Hks5.dll
2012-04-19 14:39 - 2012-04-19 14:39 - 00029008 ___RA (iS3, Inc.) C:\Windows\SysWOW64\IS3XDat5.dll
2012-04-18 14:56 - 2011-08-27 15:55 - 00000000 ____D C:\Users\Kyle\Desktop\Lightwave
2012-04-10 20:31 - 2012-04-10 20:31 - 02303488 ____A (Python Software Foundation) C:\Windows\SysWOW64\python27.dll
2012-04-05 20:46 - 2012-04-05 20:46 - 00000000 ____D C:\Users\Kyle\AppData\Local\Freelancer
2012-04-05 20:46 - 2011-06-04 14:26 - 00000000 ____D C:\Users\Kyle\Documents\My Games
2012-04-05 20:42 - 2012-04-05 20:42 - 00002231 ____A C:\Users\Public\Desktop\Freelancer.lnk
2012-04-04 12:56 - 2011-06-02 10:20 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 00:10 - 2012-04-03 16:58 - 00000000 ____D C:\Users\All Users\FarmFrenzy_Rome
2012-04-03 16:58 - 2012-04-03 16:58 - 00000000 ____D C:\Users\Public\Documents\AlawarWrapper
2012-04-03 16:58 - 2012-04-03 16:58 - 00000000 ____D C:\Users\All Users\AlawarWrapper
2012-04-03 16:57 - 2012-04-03 16:57 - 00000000 ____D C:\Windows\Farm Frenzy Ancient Rome

ZeroAccess:
C:\Windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}
C:\Windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\L
C:\Windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\U
C:\Windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\L\00000004.@
C:\Windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\L\201d3dde
C:\Windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\U\00000004.@
C:\Windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\U\00000008.@
C:\Windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\U\000000cb.@
C:\Windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\U\80000000.@
C:\Windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\U\80000032.@
C:\Windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\U\80000064.@

ZeroAccess:
C:\Users\Kyle\AppData\Local\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}
C:\Users\Kyle\AppData\Local\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\@
C:\Users\Kyle\AppData\Local\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\L
C:\Users\Kyle\AppData\Local\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\n
C:\Users\Kyle\AppData\Local\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8191.24 MB
Available physical RAM: 7392.3 MB
Total Pagefile: 8189.39 MB
Available Pagefile: 7371.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:1862.92 GB) (Free:1242.71 GB) NTFS
2 Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
3 Drive f: () (Removable) (Total:1.9 GB) (Free:1.9 GB) FAT32
4 Drive g: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 1863 GB 0 B
Disk 1 Online 1952 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 1862 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 1862 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1952 MB 0 B

======================================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================

==========================================================

Last Boot: 2012-06-28 13:04

======================= End Of Log ==========================

#15 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,601 posts
  • Gender:Male

Posted 29 June 2012 - 08:27 PM

Greetings

Ok lets see if we can find a replacement for the infected file

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#16 charade539

charade539

    New Member

  • Members
  • Pip
  • 17 posts

Posted 30 June 2012 - 05:12 PM

Here you go.

Farbar Recovery Scan Tool Version: 25-06-2012
Ran by SYSTEM at 2012-06-30 17:04:55
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

#17 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,601 posts
  • Gender:Male

Posted 30 June 2012 - 08:42 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}
C:\Users\Kyle\AppData\Local\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#18 charade539

charade539

    New Member

  • Members
  • Pip
  • 17 posts

Posted 01 July 2012 - 02:41 PM

Here it is.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-06-2012
Ran by SYSTEM at 2012-07-01 14:37:53 Run:1
Running from G:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16} moved successfully.
C:\Users\Kyle\AppData\Local\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16} moved successfully.

==== End of Fixlog ====

#19 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,601 posts
  • Gender:Male

Posted 01 July 2012 - 05:29 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#20 charade539

charade539

    New Member

  • Members
  • Pip
  • 17 posts

Posted 03 July 2012 - 04:57 PM

ComboFix 12-07-02.01 - Kyle 07/03/2012 16:18:01.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8191.6724 [GMT -5:00]
Running from: c:\users\Kyle\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\@
c:\windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\L\00000004.@
c:\windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\L\1afb2d56
c:\windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\L\201d3dde
c:\windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\L\55490ac4
c:\windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\n
c:\windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\U\00000004.@
c:\windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\U\00000008.@
c:\windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\U\000000cb.@
c:\windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\U\80000000.@
c:\windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\U\80000032.@
c:\windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\U\80000064.@
.
.
((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 )))))))))))))))))))))))))))))))
.
.
2012-07-03 21:25 . 2012-07-03 21:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-03 21:25 . 2012-07-03 21:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-02 08:11 . 2012-07-02 08:11 -------- d-----w- c:\programdata\Nexon
2012-06-29 22:17 . 2012-06-29 22:18 -------- d-----w- C:\FRST
2012-06-27 00:34 . 2012-06-28 00:21 -------- d-----w- c:\users\Kyle\AppData\Roaming\.minecraft
2012-06-26 22:50 . 2012-01-12 14:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-06-26 22:42 . 2012-06-29 19:28 -------- d-----w- C:\sh4ldr
2012-06-26 22:42 . 2012-06-28 00:21 -------- d-----w- c:\program files\Enigma Software Group
2012-06-26 22:42 . 2012-06-29 19:28 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-23 21:25 . 2012-06-23 21:25 -------- d-----w- c:\users\Kyle\AppData\Local\Macromedia
2012-06-23 21:03 . 2012-06-23 21:03 9815752 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-06-23 18:27 . 2012-06-28 19:15 -------- d-----w- c:\program files (x86)\MCSkin3D
2012-06-21 05:56 . 2012-06-28 00:21 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-19 18:16 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D8DADC4-F81E-4476-A9F1-A093EF46F036}\mpengine.dll
2012-06-18 03:44 . 2003-08-11 15:07 14604 ----a-w- c:\windows\SysWow64\drivers\pfc.sys
2012-06-18 03:44 . 2003-08-11 15:13 344064 ----a-r- c:\windows\SysWow64\msvcr70.dll
2012-06-09 00:40 . 2012-06-09 00:42 -------- d-----w- c:\users\Kyle\AppData\Roaming\Braid
2012-06-09 00:39 . 2008-07-12 13:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-06-06 19:18 . 2012-07-01 07:44 136672 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-06-06 19:18 . 2012-06-29 19:25 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-06 19:18 . 2012-06-29 19:25 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-06 02:23 . 2011-11-08 21:00 4227704 ----a-w- c:\windows\SysWow64\GameMon.des
2012-06-06 02:23 . 2005-01-04 00:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2012-06-06 02:23 . 2003-07-20 09:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2012-06-06 02:23 . 2012-06-06 02:23 -------- d-----w- c:\program files\Common Files\INCA Shared
2012-06-05 08:15 . 2012-06-05 08:15 -------- d-----w- c:\program files (x86)\BandiMPEG1
2012-06-05 08:15 . 2012-06-05 08:15 -------- d-----w- C:\gPotato
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 21:03 . 2012-06-02 18:10 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 21:03 . 2011-06-02 14:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-22 21:50 . 2012-05-11 19:54 61440 ----a-r- c:\users\Kyle\AppData\Roaming\Microsoft\Installer\{5808DEC3-FD32-42AD-8640-67CF82210D11}\NewShortcut4_5CAB993EDD3D46CC9A9960173F42D18C.exe
2012-05-26 17:49 . 2012-05-26 17:50 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-26 17:49 . 2012-05-26 17:50 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-24 15:47 . 2012-03-13 12:02 24448 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-15 10:48 . 2012-05-22 20:19 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-05-22 20:19 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-05-22 20:19 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-22 20:19 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-05-22 20:19 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-05-22 20:19 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-05-22 20:19 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-05-22 20:19 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-22 20:19 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-05-22 20:19 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-05-22 20:19 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-05-22 20:19 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-05-22 20:19 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2012-05-22 20:19 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-05-22 20:19 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-05-22 20:19 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2011-06-02 14:21 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2011-06-02 14:21 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2011-06-02 14:21 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-06-02 14:21 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2009-07-13 21:59 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 09:29 . 2011-06-02 14:22 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-06-02 14:22 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-06-02 14:22 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2011-06-02 14:22 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-06-02 14:22 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 07:21 . 2012-05-15 07:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-04-11 04:31 . 2012-04-11 04:31 2303488 ----a-w- c:\windows\SysWow64\python27.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}]
2011-12-22 21:17 262312 ----a-w- c:\program files (x86)\blekkotb\auxi\blekkoAu.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
2011-12-22 21:16 86696 ----a-w- c:\program files (x86)\blekkotb\blekkoDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{26c9e18c-3717-4be1-a225-04e4471f5b6e}"= "c:\program files (x86)\blekkotb\blekkoDx.dll" [2011-12-22 86696]
.
[HKEY_CLASSES_ROOT\clsid\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Utility.lnk - c:\program files (x86)\Edimax\Common\RaUI.exe [2012-5-8 1638400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-03-05 748440]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato\IrisOnline\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
R3 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-09-26 375176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-01 113120]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-04-28 33184]
R3 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2009-09-17 369952]
R3 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2009-09-17 292128]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-04-28 21872]
R3 X6va005;X6va005;c:\users\Kyle\AppData\Local\Temp\005510C.tmp [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-28 279616]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-12 57976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Edimax\Common\RaRegistry64.exe [2009-10-06 212256]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2009-09-17 145448]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-10-06 737792]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-02 21:03]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4045259866-2150992624-2669054454-1000Core.job
- c:\users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-03 03:40]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4045259866-2150992624-2669054454-1000UA.job
- c:\users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-03 03:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\tq9u0624.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Kyle\AppData\Local\Temp\005510C.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a,
36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03
"{26C9E18C-3717-4BE1-A225-04E4471F5B6E}"=hex:51,66,7a,6c,4c,1d,38,12,e2,e2,da,
22,25,79,8f,0e,dd,33,47,a4,42,41,1f,7a
"{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}"=hex:51,66,7a,6c,4c,1d,38,12,07,04,c9,
0f,40,b3,9a,0c,ed,70,a2,bb,05,11,09,9b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6}"=hex:51,66,7a,6c,4c,1d,38,12,06,bd,b3,
24,eb,c1,57,00,f8,04,8d,7d,19,41,9b,d2
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:17,7d,6f,95,5e,06,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ac,43,92,d0,f1,01,66,40,b0,14,4b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ac,43,92,d0,f1,01,66,40,b0,14,4b,\
.
[HKEY_USERS\S-1-5-21-4045259866-2150992624-2669054454-1000\Software\SecuROM\License information*]
"datasecu"=hex:ef,15,8b,66,6a,c4,01,15,05,ad,d2,56,74,f9,9f,4d,ff,a5,ac,2c,52,
64,e8,1d,d0,87,52,aa,e8,26,60,ab,02,33,95,6c,98,77,92,97,8b,17,88,6c,20,66,\
"rkeysecu"=hex:32,18,43,1f,a8,21,27,b7,4e,25,7d,cc,0b,3c,91,c9
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Edimax\Common\RaRegistry.exe
.
**************************************************************************
.
Completion time: 2012-07-03 16:32:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-03 21:32
.
Pre-Run: 1,338,163,392,512 bytes free
Post-Run: 1,337,793,167,360 bytes free
.
- - End Of File - - 153353FEF6CEE3BF3E69966D6A586F96





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users