Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Failed to Start, System Repair Can't Discover Problem


  • This topic is locked This topic is locked
13 replies to this topic

#1 Sardonicus

Sardonicus

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere and Nowhere
  • Local time:02:25 PM

Posted 31 March 2012 - 07:32 PM

All right, I've been searching all over the Internet and I've found several solutions to this problem which do help some and not others, and they're all different. The thing I did note is that of all the people posting this type of problem, they didn't really know what they were doing most of the time and had no idea what happened prior to the problem.

The Windows Repair Problem Signature
Problem Event Name: Startup Repair Offline
Problem Signature 1: 6.1.7600.16385
Problem Signature 2: 6.1.7600.16385
Problem Signature 3: Unknown
Problem Signature 4: 21200770
Problem Signature 5: AutoFailover
Problem Signature 6: 4
Problem Signature 7: BadDriver
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033

What Happened...
Last weekend, my computer was running and I wasn't exactly using it actively, but was reading something when I got a pop-up saying that "Windows cannot read removable disk K". Disk K is my 1TB external Seagate Expansion drive. When I checked it using the disk manager, it was listed as a 128GB raw removable drive with a 128GB partition size. Well, on Wednesday(ish), I recovered all that I could from the drive, saving the recovery to the main OS drive (drive C). I reformatted the external as an NTFS. Once it formatted, it read as a 128GB NTFS with a partition size of 128GB but needed to restart because the drive type changed (from removable to HDD).

After the restart, I brought up the disk manager again, selected the 128GB K drive which listed a partition size of 1TB, so I reformatted it again and once it finished, it read as a 1TB HDD again. At this point I transferred the recovered files back over to it.

The next thing I did was shut down my antivirus (Avast Free) and ran a Malwarebytes scan on my OS drive, which found 15 infections. I selected for it to fix them and then it needed to restart to get rid of some of them. It shut down and then started back up and made it all the way to the black Windows Loading screen. As soon as it got to its normal length of loading time before it would actually start up the desktop, it restarted itself and came back up and failed to start, so I ran the recovery utility. Of course, the recovery utility couldn't figure out what exactly was the problem and gave me the above code.

I still have the Windows 7 installation disk (full install disk), and I boot from there, go through the recovery process so it can fail and I can select to do advanced options where I can access the command prompt.

What I Have Tried So Far
  • Boot in safe mode
  • Boot with minimal graphics
  • Run chkdsk (no problems found)
All of the above failed to solve the problem.

From the command prompt, I have attempted...
  • Bootrec.exe repair MBR, Boot Sector, BCD
  • Bootrec.exe BCD rebuild
  • chkdsk
  • sfc/scannow
  • switch to partition with OS, "ism /image:c:\ /cleanup-image /revertpendingactions"
The above didn't work either.

I found other suggestions more specifically related to the "bad driver error" that suggest downloading and saving to a removable media, the drivers and then re-installing them. I've also tried "loading the drivers" which I couldn't seem to find the file it was looking for anywhere so.

Current Questions
  • I know where I can get the drivers and what ones I need, but how, from the command prompt/system repair, can I re-install the drivers?
  • Is there anything else that I've missed that can be a possible solution, such as finding the Malwarebytes log to see exactly what it took out as how one of them might be the problem?
  • Is is possible to re-install just the OS to the position it currently exists on without effecting the other "partition" that has the program and other files (which of course would have to be re-registered if they're not portable, but that's no problem)?
  • How can I re-install Windows 7 to a new partition (parallel install) where I can actually get the computer up and running to have more access options and get the least amount of headache possible to get my files and programs back on the re-install?

Kyle Sardonicus Amadeus Stanfield
Writer, Philosopher, Composer/Musician, Artist
Comprehensive Psychology Major, Troy University
www.impetus-aesthetica.com

BC AdBot (Login to Remove)

 


#2 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:05:25 AM

Posted 01 April 2012 - 05:27 AM

Hello and :welcome: to the BC forums.

Please sit tight and be patient.

I have requested that an experienced helper who specialises in malware-related un-bootable computers respond to your topic.

Thank you.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#3 Sardonicus

Sardonicus
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere and Nowhere
  • Local time:02:25 PM

Posted 01 April 2012 - 08:23 AM

Thanks, man I love you guys. In the mean time, I'm also going to post this on the MSFN forums just in case somebody there may know something the rest of us here don't.

Also, nice signature by the way. XD
Kyle Sardonicus Amadeus Stanfield
Writer, Philosopher, Composer/Musician, Artist
Comprehensive Psychology Major, Troy University
www.impetus-aesthetica.com

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 8,285 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:25 PM

Posted 01 April 2012 - 09:14 PM

:welcome:

Lets give it a try. You will need a USB (Flash) drive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

You can use your Install CD as an alternate way to get into the Recovery Options.

No request for help throughout private messaging will be attended.


If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:25 PM

Posted 01 April 2012 - 09:37 PM

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.

Please remember to click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies now that you were moved.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#6 Sardonicus

Sardonicus
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere and Nowhere
  • Local time:02:25 PM

Posted 03 April 2012 - 09:17 AM

I ran the scan last night and these are the results.

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 02-04-2012 21:33:36
Running from K:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11855976 2011-05-31] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto [4592128 2012-01-11] (SoftPerfect)
HKLM-x32\...\Run: [LedKey] CNYHKey.exe [x]
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288080 2009-07-17] (Microsoft Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [650080 2011-03-15] (Sony Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [981680 2012-01-13] (Malwarebytes Corporation)
HKLM-x32\...\Run: [LchDrvKey] LchDrvKey.exe [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-01-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2008-12-03] (Digidesign, A Division of Avid Technology, Inc.)
HKLM-x32\...\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" [x]
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [636032 2012-02-14] (Advanced Micro Devices, Inc.)
HKU\Kyle Stanfield\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [740216 2012-03-01] (BitTorrent, Inc.)
HKU\Kyle Stanfield\...\Run: [Google Update] "C:\Users\Kyle Stanfield\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-19] (Google Inc.)
HKU\Kyle Stanfield\...\Run: [Akamai NetSession Interface] "C:\Users\Kyle Stanfield\AppData\Local\Akamai\netsession_win.exe" [3331872 2012-03-13] (Akamai Technologies, Inc)
HKU\Kyle Stanfield\...\Run: [KeepAliveHD] C:\Program Files (x86)\Megabit\KeepAliveHD\KeepAliveHD.exe Minimize=True [x]
HKU\Kyle Stanfield\...\Run: [] [x]
HKU\Kyle Stanfield\...\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [1083264 2012-01-31] (Nokia)
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus DirectShow Filters\DirectShowDemuxFilter.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus DirectShow Filters\DirectShowDemuxFilter.dll",DllRegisterServer [1581056 2010-12-21] (DivX, Inc.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [460872 2012-01-13] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1081416 2012-01-13] (Malwarebytes Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 64.91.89.6
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [72704 2010-09-07] (Adobe Systems)
2 AppHostSvc; C:\Windows\SysWow64\inetsrv\apphostsvc.dll [61440 2010-11-20] (Microsoft Corporation)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)
3 DAUpdaterSvc; C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -s [77824 2008-12-03] (Digidesign, A Division of Avid Technology, Inc.)
3 digiSPTIService; "C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe" [159744 2008-12-03] (Digidesign, A Division of Avid Technology, Inc.)
2 hasplms; C:\Windows\system32\hasplms.exe -run [3750400 2009-12-16] (SafeNet Inc.)
2 MsDepSvc; "C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe" -runService:MsDepSvc [67400 2011-04-01] (Microsoft Corporation)
2 nlsX86cc; C:\Windows\SysWow64\nlssrv32.exe [64512 2011-01-21] (Nalpeiron Ltd.)
3 ose64; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [174440 2010-01-09] (Microsoft Corporation)
2 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe" [428384 2011-03-15] (Sony Corporation)
3 ServiceLayer; "C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe" [718888 2012-01-04] (Nokia)
2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation)
3 WAS; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation)
2 wwnetdde; C:\Windows\System32\HBtnKey.dll [6656 2009-07-13] (Oak Technology Inc.)
2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x]
4 MSSQLServerADHelper100; "c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [x]
2 SPService; c:\windows\system32\config\systemprofile\appdata\roaming\adobe\sp.dll [x]
4 SQLAgent$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [x]
4 SQLBrowser; "c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]

========================== Drivers (Whitelisted) =============

2 aksdf; C:\Windows\System32\Drivers\aksdf.sys [71040 2009-09-21] (Aladdin Knowledge Systems Ltd.)
2 aksfridge; C:\Windows\System32\Drivers\aksfridge.sys [130816 2009-08-20] (Aladdin Knowledge Systems Ltd.)
3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10856960 2012-02-14] (Advanced Micro Devices, Inc.)
2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2012-01-03] (Advanced Micro Devices)
2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2012-01-03] (Advanced Micro Devices)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-03-06] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [69976 2012-03-06] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-11-28] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-06] (AVAST Software)
3 atikmdag; C:\Windows\System32\Drivers\atikmdag.sys [10856960 2012-02-14] (Advanced Micro Devices, Inc.)
3 CHAILinkOverUSB; C:\Windows\System32\Drivers\CHAILinkOverUSB.sys [31992 2011-07-25] (ICT7 S.A.)
2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2010-11-09] (CPUID)
3 CPVMidi; C:\Windows\System32\Drivers\CPVMidi.sys [25336 2011-07-25] (ICT7 S.A.)
2 DigiNet; C:\Windows\System32\Drivers\DigiNet.sys [21520 2008-12-04] (Digidesign, A Division of Avid Technology, Inc.)
1 ElRawDisk; \??\C:\Windows\system32\drivers\dddskx64.sys [26024 2009-02-12] (EldoS Corporation)
2 hardlock; C:\Windows\System32\Drivers\hardlock.sys [318464 2009-03-13] (Aladdin Knowledge Systems Ltd.)
3 iLokDrvr; C:\Windows\System32\Drivers\iLokDrvr.sys [25720 2012-03-04] ()
3 LoopBeMidi1; C:\Windows\System32\drivers\loopbe1.sys [13824 2011-04-09] (nerds.de)
3 MSHUSBVideo; C:\Windows\System32\Drivers\nx6000.sys [36208 2009-07-24] (Microsoft Corporation)
4 MySQL; "C:\Program Files (x86)\MySQL\MySQL Server 5.1\bin\mysqld" --defaults-file="C:\Program Files (x86)\MySQL\MySQL Server 5.1\my.ini" MySQL [8922 2010-10-25] ()
3 nmwcd; C:\Windows\System32\drivers\ccdcmbx64.sys [19968 2011-11-01] (Nokia)
3 nmwcdc; C:\Windows\System32\drivers\ccdcmbox64.sys [27136 2011-11-01] (Nokia)
3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfdx64.sys [25600 2008-08-28] (Nokia)
4 RsFx0105; C:\Windows\System32\Drivers\RsFx0105.sys [311144 2011-09-22] (Microsoft Corporation)
3 RTL85n64; C:\Windows\System32\Drivers\RTL85n64.sys [2061856 2010-03-22] (Realtek Semiconductor Corporation )
3 ScreamBAudioSvc; C:\Windows\System32\drivers\ScreamingBAudio64.sys [38992 2010-07-01] (Screaming Bee LLC)
3 teVirtualMIDI64; C:\Windows\System32\Drivers\teVirtualMIDI64.sys [28160 2010-11-15] (Tobias Erichsen)
0 Tpkd; C:\Windows\System32\Drivers\Tpkd.sys [105592 2011-06-28] (PACE Anti-Piracy, Inc.)
3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [9216 2011-11-01] (Nokia)
3 usbser; C:\Windows\System32\Drivers\usbser.sys [32768 2010-11-20] (Microsoft Corporation)
3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys [9216 2011-11-01] (Nokia)
3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
3 VSPerfDrv100; \??\C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2011-01-18] (Microsoft Corporation)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 cpuz132; \??\C:\Users\KYLEST~1\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]
3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [x]
3 WPRO_40_1340; C:\Windows\System32\drivers\WPRO_40_1340.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: wwnetdde

============ One Month Created Files and Folders ==============

2012-04-02 21:33 - 2012-04-02 21:34 - 0000000 ____D C:\FRST
2012-03-30 19:10 - 2012-03-30 19:10 - 0127044 ____A C:\Windows\ntbtlog.txt
2012-03-30 04:12 - 2012-03-30 04:12 - 356511600 ____A C:\Users\Kyle Stanfield\Desktop\New Image File.daa
2012-03-29 22:44 - 2009-02-12 12:11 - 0026024 ____A (EldoS Corporation) C:\Windows\System32\Drivers\dddskx64.sys
2012-03-29 22:43 - 2012-03-29 22:44 - 0000000 ____D C:\Program Files (x86)\Disk Doctors Photo Recovery (Win)
2012-03-29 22:43 - 2012-03-29 22:43 - 0001170 ____A C:\Users\Kyle Stanfield\Desktop\Disk Doctors Photo Recovery (Win).lnk
2012-03-29 22:25 - 2012-03-29 22:42 - 0001428 ____A C:\Users\Kyle Stanfield\Desktop\van Canto - I Am Human.mid
2012-03-29 22:05 - 2012-03-29 22:08 - 17943740 ____A C:\Users\Kyle Stanfield\Desktop\Disk_Doctors_Photo_Recovery_2.0.0.26.rar
2012-03-29 19:43 - 2012-03-29 19:43 - 0034427 ____A C:\Users\Kyle Stanfield\Desktop\you are most like pinkie pie.jpg
2012-03-29 19:14 - 2012-03-29 19:15 - 0060061 ____A C:\Users\Kyle Stanfield\Desktop\137c.jpg
2012-03-29 18:27 - 2012-03-29 18:27 - 0001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-03-29 05:16 - 2012-03-29 05:17 - 0000000 ____D C:\Users\Kyle Stanfield\Desktop\Recovered video
2012-03-29 05:14 - 2012-03-29 05:14 - 0291917 ____A C:\Users\Kyle Stanfield\Desktop\Stellar Phoenix Photo Recovery Scan.DAT
2012-03-29 05:12 - 2012-03-29 05:22 - 0000348 ____A C:\Windows\Tasks\At1.job
2012-03-29 05:12 - 2012-03-29 05:13 - 0000500 ____A C:\Windows\Tasks\At2.job
2012-03-29 05:12 - 2012-03-29 05:12 - 0000000 ____D C:\Windows\SysWOW64\1080
2012-03-29 05:08 - 2012-02-23 05:23 - 0000000 ____D C:\Users\Kyle Stanfield\Desktop\Stellar Phoenix Photo Recovery 4.0.0.0
2012-03-29 04:38 - 2012-03-29 05:23 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-29 04:37 - 2012-03-29 04:37 - 0000000 ____D C:\Windows\system64
2012-03-28 14:44 - 2012-03-28 14:44 - 0001195 ____A C:\Users\Kyle Stanfield\Desktop\File Repair.lnk
2012-03-28 14:44 - 2012-03-28 14:44 - 0000000 ____D C:\Program Files (x86)\Repair File
2012-03-28 14:39 - 2012-03-29 05:41 - 0000000 ____D C:\Program Files (x86)\Stellar Phoenix Photo Recovery
2012-03-28 14:39 - 2012-03-29 05:14 - 0001256 ____A C:\Users\Kyle Stanfield\Desktop\Stellar Phoenix Photo Recovery.lnk
2012-03-28 14:15 - 2012-03-28 14:15 - 0000000 ____D C:\Users\Kyle Stanfield\AppData\Roaming\HD Tune Pro
2012-03-28 14:14 - 2012-03-28 14:14 - 0000963 ____A C:\Users\Kyle Stanfield\Desktop\HD Tune Pro.lnk
2012-03-28 14:14 - 2012-03-28 14:14 - 0000000 ____D C:\Program Files (x86)\HD Tune Pro
2012-03-28 14:11 - 2012-03-28 14:11 - 0000000 ____D C:\Users\Kyle Stanfield\AppData\Local\Xenocode
2012-03-28 14:11 - 2012-03-28 14:11 - 0000000 ____D C:\Program Files (x86)\Xenocode
2012-03-28 14:11 - 2012-02-26 13:12 - 0075776 ____A C:\Users\Kyle Stanfield\AppData\Roaming\chrtmp
2012-03-28 06:25 - 2012-03-28 06:25 - 0005108 ____A C:\Users\Kyle Stanfield\Desktop\van Canto - My Voice.mid
2012-03-27 07:30 - 2012-03-29 05:22 - 0000280 ____A C:\Windows\setupact.log
2012-03-27 07:30 - 2012-03-27 07:30 - 0000000 ____A C:\Windows\setuperr.log
2012-03-26 00:10 - 2012-03-26 00:10 - 0002453 ____A C:\Users\Public\Desktop\SeaTools for Windows.lnk
2012-03-26 00:10 - 2012-03-26 00:10 - 0000000 ____D C:\Program Files (x86)\Seagate
2012-03-25 17:56 - 2012-03-25 17:56 - 0000000 ____D C:\Users\Kyle Stanfield\Desktop\Recovery
2012-03-25 13:49 - 2012-03-25 13:49 - 0014486 ____A C:\Users\Kyle Stanfield\Desktop\be your own pet.torrent
2012-03-25 13:44 - 2012-03-25 13:44 - 0001359 ____A C:\Users\Public\Desktop\EASEUS Data Recovery Wizard Professional 5.5.1.lnk
2012-03-25 13:44 - 2012-03-25 13:44 - 0000000 ____D C:\Program Files (x86)\EASEUS
2012-03-25 13:42 - 2012-03-25 13:43 - 4419250 ____A C:\Users\Kyle Stanfield\Desktop\EASEUS.Data.Recovery.Wizard.Professional.v5.5.1.rar
2012-03-25 05:57 - 2012-03-25 11:43 - 0019274 ____A C:\Users\Kyle Stanfield\Documents\response to idiot.docx
2012-03-25 04:47 - 2012-03-25 04:47 - 0002573 ____A C:\Users\Public\Desktop\Aspx Forms Gen 4 Exp.lnk
2012-03-25 04:47 - 2012-03-25 04:47 - 0000000 ____D C:\Users\Kyle Stanfield\Downloads\AspxFormsGen4Exp
2012-03-25 04:47 - 2012-03-25 04:47 - 0000000 ____D C:\Program Files (x86)\Junnark.Com
2012-03-25 04:46 - 2012-03-25 04:46 - 1160756 ____A C:\Users\Kyle Stanfield\Downloads\AspxFormsGen4Exp.zip
2012-03-22 00:18 - 2012-03-22 01:13 - 0000000 ____D C:\Users\Kyle Stanfield\Desktop\Debate Idiot
2012-03-21 23:55 - 2012-03-21 23:55 - 0525444 ____A C:\Users\Kyle Stanfield\Desktop\dumb_ass.pdf
2012-03-21 04:36 - 2012-03-21 05:30 - 0042093 ____A C:\Users\Kyle Stanfield\Documents\dabolical masquerade.nra
2012-03-20 18:13 - 2012-03-20 18:13 - 0000000 ____D C:\Impetus Aesthetica
2012-03-20 17:40 - 2012-03-20 17:41 - 14446900 ____A C:\Users\Kyle Stanfield\Desktop\Beginning ASP.net 4 in C# and VB (2010).pdf
2012-03-20 07:17 - 2012-03-20 07:22 - 0000000 ____D C:\Users\Kyle Stanfield\Desktop\In the Loop
2012-03-19 23:10 - 2012-03-19 23:10 - 0202713 ____A C:\Users\Kyle Stanfield\Desktop\suffering.png
2012-03-19 22:57 - 2012-03-19 23:10 - 1823059 ____A C:\Users\Kyle Stanfield\Documents\from the seat of emotions 2.psd
2012-03-19 18:14 - 2012-03-20 06:43 - 2642546 ____A C:\Users\Kyle Stanfield\Desktop\Sardonic Art - Suffering the Estranged Progenitor.mp3
2012-03-18 22:46 - 2012-03-18 22:46 - 0000000 ____D C:\Users\All Users\ATI
2012-03-18 22:46 - 2012-03-18 22:46 - 0000000 ____D C:\ProgramData\ATI
2012-03-18 22:41 - 2012-03-18 22:41 - 0002047 ____A C:\Users\All Users\Start Menu\Programs\Startup\AML Device Install.lnk
2012-03-18 22:41 - 2012-03-18 22:41 - 0000000 ____D C:\Program Files\AMD
2012-03-18 22:41 - 2012-03-18 22:41 - 0000000 ____D C:\Program Files (x86)\AMD AVT
2012-03-18 22:41 - 2012-03-18 22:41 - 0000000 ____D C:\Program Files (x86)\AMD APP
2012-03-18 22:41 - 2012-03-18 22:41 - 0000000 ____D C:\Program Files (x86)\AMD
2012-03-14 08:22 - 2011-11-19 07:20 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-14 08:22 - 2011-11-19 06:50 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-14 08:22 - 2011-11-19 06:50 - 3913584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-13 20:10 - 2012-02-09 22:36 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-13 20:10 - 2012-02-09 21:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-13 20:10 - 2012-02-02 20:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-13 20:08 - 2012-02-16 22:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-13 20:08 - 2012-02-16 21:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-13 20:08 - 2012-02-16 20:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-13 20:08 - 2012-02-16 20:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-13 20:08 - 2012-01-24 22:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-13 20:08 - 2012-01-24 22:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-13 20:08 - 2012-01-24 22:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-09 23:38 - 2012-03-09 23:38 - 0094463 ____A C:\Users\Kyle Stanfield\Desktop\The Phenomenology of Experience - Preface.pdf
2012-03-09 23:35 - 2012-03-09 23:35 - 0058378 ____A C:\Users\Kyle Stanfield\Documents\The Phenomenology of Experience Preface.pdf
2012-03-09 08:49 - 2012-03-09 08:49 - 0043214 ____A C:\Users\Kyle Stanfield\Desktop\Dystonia.pdf
2012-03-08 07:15 - 2012-03-19 06:33 - 0233294 ____A C:\Users\Kyle Stanfield\Desktop\The Phenomenology of Experience.pdf
2012-03-08 07:15 - 2012-03-19 06:30 - 0077553 ____A C:\Users\Kyle Stanfield\Desktop\The Phenomenology of Experience.docx
2012-03-08 07:13 - 2012-03-08 07:13 - 0130798 ____A C:\Users\Kyle Stanfield\Desktop\impetus aesthetica.pdf
2012-03-08 04:51 - 2012-03-08 05:47 - 0136036 ____A C:\Users\Kyle Stanfield\Documents\Phenomenology and the Pianist.pdf
2012-03-07 22:39 - 2012-03-08 06:14 - 16974606 ____A C:\Users\Kyle Stanfield\Desktop\Local Metal - Alabama.mp4
2012-03-05 00:00 - 2012-03-05 00:11 - 0038980 ____A C:\Users\Kyle Stanfield\Documents\phenom and the pianist chicago.docx
2012-03-04 13:46 - 2012-03-04 13:48 - 22993745 ____A C:\Users\Kyle Stanfield\Desktop\Mozart - Don Giovanni - Commendatore Scene.mp4
2012-03-04 09:05 - 2012-03-04 09:05 - 0025720 ____A C:\Windows\System32\Drivers\iLokDrvr.sys
2012-03-04 09:05 - 2012-03-04 09:05 - 0000000 ____D C:\Program Files (x86)\EastWest
2012-03-03 23:19 - 2012-03-03 23:19 - 0053971 ____A C:\Users\Kyle Stanfield\Desktop\420336_314308098633635_100001633435579_975691_566822948_n.jpg
2012-03-03 21:43 - 2012-03-05 01:28 - 0015660 ____A C:\Users\Kyle Stanfield\Documents\song of the flea.docx
2012-03-03 06:17 - 2012-03-03 21:18 - 0088692 ____A C:\Users\Kyle Stanfield\Desktop\Song of the Flea.mus

============ 3 Months Modified Files and Folders =============

2012-04-02 21:34 - 2012-04-02 21:33 - 0000000 ____D C:\FRST
2012-04-01 22:07 - 2010-09-01 08:41 - 1945509888 __ASH C:\hiberfil.sys
2012-03-30 19:10 - 2012-03-30 19:10 - 0127044 ____A C:\Windows\ntbtlog.txt
2012-03-30 04:15 - 2010-09-01 09:42 - 0221074 ____A C:\Windows\PFRO.log
2012-03-30 04:13 - 2010-09-01 06:49 - 1742349 ____A C:\Windows\WindowsUpdate.log
2012-03-30 04:12 - 2012-03-30 04:12 - 356511600 ____A C:\Users\Kyle Stanfield\Desktop\New Image File.daa
2012-03-30 04:05 - 2011-12-15 13:50 - 0000944 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2748344943-834764238-2588578359-1001UA.job
2012-03-30 03:43 - 2011-10-19 18:28 - 0000914 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-03-30 00:00 - 2011-06-17 19:13 - 0000362 ____A C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2012-03-29 23:52 - 2010-09-04 15:55 - 0000000 ____D C:\Users\Kyle Stanfield\AppData\Roaming\Mp3tag
2012-03-29 22:44 - 2012-03-29 22:43 - 0000000 ____D C:\Program Files (x86)\Disk Doctors Photo Recovery (Win)
2012-03-29 22:43 - 2012-03-29 22:43 - 0001170 ____A C:\Users\Kyle Stanfield\Desktop\Disk Doctors Photo Recovery (Win).lnk
2012-03-29 22:42 - 2012-03-29 22:25 - 0001428 ____A C:\Users\Kyle Stanfield\Desktop\van Canto - I Am Human.mid
2012-03-29 22:08 - 2012-03-29 22:05 - 17943740 ____A C:\Users\Kyle Stanfield\Desktop\Disk_Doctors_Photo_Recovery_2.0.0.26.rar
2012-03-29 22:08 - 2011-06-19 02:43 - 0000112 ____A C:\Windows\SysWOW64\msvcsv60.dll
2012-03-29 22:08 - 2010-09-25 14:44 - 0000112 ____A C:\Windows\SysWOW64\w3data.vss
2012-03-29 22:08 - 2010-09-25 14:44 - 0000112 ____A C:\Windows\msocreg32.dat
2012-03-29 19:43 - 2012-03-29 19:43 - 0034427 ____A C:\Users\Kyle Stanfield\Desktop\you are most like pinkie pie.jpg
2012-03-29 19:15 - 2012-03-29 19:14 - 0060061 ____A C:\Users\Kyle Stanfield\Desktop\137c.jpg
2012-03-29 19:05 - 2011-12-15 13:50 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2748344943-834764238-2588578359-1001Core.job
2012-03-29 18:29 - 2012-01-18 01:53 - 0000078 ____A C:\KeepAliveHD.txt
2012-03-29 18:27 - 2012-03-29 18:27 - 0001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-03-29 18:27 - 2010-09-01 08:00 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-29 17:36 - 2009-07-04 20:27 - 0000000 ____D C:\Guitar Pro Files
2012-03-29 09:43 - 2011-10-19 18:28 - 0000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-29 05:41 - 2012-03-28 14:39 - 0000000 ____D C:\Program Files (x86)\Stellar Phoenix Photo Recovery
2012-03-29 05:36 - 2010-09-05 10:41 - 0000000 ____D C:\Users\Kyle Stanfield\AppData\Roaming\uTorrent
2012-03-29 05:33 - 2011-06-18 08:05 - 0006816 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-29 05:33 - 2011-06-18 08:05 - 0006816 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-29 05:29 - 2009-07-13 21:13 - 0953884 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-29 05:23 - 2012-03-29 04:38 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-29 05:22 - 2012-03-29 05:12 - 0000348 ____A C:\Windows\Tasks\At1.job
2012-03-29 05:22 - 2012-03-27 07:30 - 0000280 ____A C:\Windows\setupact.log
2012-03-29 05:22 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-29 05:17 - 2012-03-29 05:16 - 0000000 ____D C:\Users\Kyle Stanfield\Desktop\Recovered video
2012-03-29 05:14 - 2012-03-29 05:14 - 0291917 ____A C:\Users\Kyle Stanfield\Desktop\Stellar Phoenix Photo Recovery Scan.DAT
2012-03-29 05:14 - 2012-03-28 14:39 - 0001256 ____A C:\Users\Kyle Stanfield\Desktop\Stellar Phoenix Photo Recovery.lnk
2012-03-29 05:13 - 2012-03-29 05:12 - 0000500 ____A C:\Windows\Tasks\At2.job
2012-03-29 05:12 - 2012-03-29 05:12 - 0000000 ____D C:\Windows\SysWOW64\1080
2012-03-29 04:37 - 2012-03-29 04:37 - 0000000 ____D C:\Windows\system64
2012-03-28 19:50 - 2010-09-12 18:03 - 0001456 ____A C:\Users\Kyle Stanfield\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-03-28 16:13 - 2011-06-20 04:16 - 0000000 ____D C:\Users\Kyle Stanfield\Documents\Visual Studio 2010
2012-03-28 14:44 - 2012-03-28 14:44 - 0001195 ____A C:\Users\Kyle Stanfield\Desktop\File Repair.lnk
2012-03-28 14:44 - 2012-03-28 14:44 - 0000000 ____D C:\Program Files (x86)\Repair File
2012-03-28 14:15 - 2012-03-28 14:15 - 0000000 ____D C:\Users\Kyle Stanfield\AppData\Roaming\HD Tune Pro
2012-03-28 14:14 - 2012-03-28 14:14 - 0000963 ____A C:\Users\Kyle Stanfield\Desktop\HD Tune Pro.lnk
2012-03-28 14:14 - 2012-03-28 14:14 - 0000000 ____D C:\Program Files (x86)\HD Tune Pro
2012-03-28 14:11 - 2012-03-28 14:11 - 0000000 ____D C:\Users\Kyle Stanfield\AppData\Local\Xenocode
2012-03-28 14:11 - 2012-03-28 14:11 - 0000000 ____D C:\Program Files (x86)\Xenocode
2012-03-28 06:25 - 2012-03-28 06:25 - 0005108 ____A C:\Users\Kyle Stanfield\Desktop\van Canto - My Voice.mid
2012-03-28 06:07 - 2009-07-13 19:20 - 0000000 ___AD C:\Program Files\Common Files\System
2012-03-27 07:54 - 2010-09-01 08:05 - 0000979 ____A C:\Users\Public\Desktop\REAPER.lnk
2012-03-27 07:54 - 2010-09-01 08:05 - 0000828 ____A C:\Users\Public\Desktop\REAPER (x64).lnk
2012-03-27 07:54 - 2010-09-01 08:05 - 0000000 ____D C:\Program Files\REAPER (x64)
2012-03-27 07:54 - 2010-09-01 08:05 - 0000000 ____D C:\Program Files (x86)\REAPER
2012-03-27 07:46 - 2009-07-05 05:57 - 0000000 ____D C:\Users\Kyle Stanfield\Documents\REAPER Media
2012-03-27 07:30 - 2012-03-27 07:30 - 0000000 ____A C:\Windows\setuperr.log
2012-03-27 07:24 - 2010-09-01 08:06 - 0000000 ____D C:\Users\Kyle Stanfield\AppData\Roaming\REAPER
2012-03-26 00:10 - 2012-03-26 00:10 - 0002453 ____A C:\Users\Public\Desktop\SeaTools for Windows.lnk
2012-03-26 00:10 - 2012-03-26 00:10 - 0000000 ____D C:\Program Files (x86)\Seagate
2012-03-25 17:56 - 2012-03-25 17:56 - 0000000 ____D C:\Users\Kyle Stanfield\Desktop\Recovery
2012-03-25 16:59 - 2010-09-05 10:51 - 0000000 ____D C:\uTorrent Downloads
2012-03-25 13:49 - 2012-03-25 13:49 - 0014486 ____A C:\Users\Kyle Stanfield\Desktop\be your own pet.torrent
2012-03-25 13:44 - 2012-03-25 13:44 - 0001359 ____A C:\Users\Public\Desktop\EASEUS Data Recovery Wizard Professional 5.5.1.lnk
2012-03-25 13:44 - 2012-03-25 13:44 - 0000000 ____D C:\Program Files (x86)\EASEUS
2012-03-25 13:43 - 2012-03-25 13:42 - 4419250 ____A C:\Users\Kyle Stanfield\Desktop\EASEUS.Data.Recovery.Wizard.Professional.v5.5.1.rar
2012-03-25 11:43 - 2012-03-25 05:57 - 0019274 ____A C:\Users\Kyle Stanfield\Documents\response to idiot.docx
2012-03-25 04:47 - 2012-03-25 04:47 - 0002573 ____A C:\Users\Public\Desktop\Aspx Forms Gen 4 Exp.lnk
2012-03-25 04:47 - 2012-03-25 04:47 - 0000000 ____D C:\Users\Kyle Stanfield\Downloads\AspxFormsGen4Exp
2012-03-25 04:47 - 2012-03-25 04:47 - 0000000 ____D C:\Program Files (x86)\Junnark.Com
2012-03-25 04:47 - 2011-09-26 22:08 - 0000000 ____D C:\Users\Kyle Stanfield\AppData\Local\Downloaded Installations
2012-03-25 04:46 - 2012-03-25 04:46 - 1160756 ____A C:\Users\Kyle Stanfield\Downloads\AspxFormsGen4Exp.zip
2012-03-24 09:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-03-24 08:30 - 2010-09-10 05:56 - 0000000 ____D C:\Users\Kyle Stanfield\AppData\Local\ElevatedDiagnostics
2012-03-23 06:33 - 2011-11-24 06:43 - 0000000 ____D C:\Users\Kyle Stanfield\AppData\Local\Thunderbird
2012-03-23 06:33 - 2011-11-24 06:43 - 0000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2012-03-22 06:50 - 2011-09-16 05:36 - 0000000 ____D C:\Users\Kyle Stanfield\Documents\Finale 2011 Music
2012-03-22 06:50 - 2010-09-06 09:53 - 0000509 ____A C:\Windows\demdata.txt
2012-03-22 01:13 - 2012-03-22 00:18 - 0000000 ____D C:\Users\Kyle Stanfield\Desktop\Debate Idiot
2012-03-21 23:55 - 2012-03-21 23:55 - 0525444 ____A C:\Users\Kyle Stanfield\Desktop\dumb_ass.pdf
2012-03-21 10:39 - 2011-11-09 12:20 - 0000000 ____D C:\Users\Kyle Stanfield\AppData\Local\Akamai
2012-03-21 05:30 - 2012-03-21 04:36 - 0042093 ____A C:\Users\Kyle Stanfield\Documents\dabolical masquerade.nra
2012-03-21 04:51 - 2011-06-20 04:08 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2012-03-21 04:28 - 2010-09-15 08:06 - 0000000 ____D C:\Users\All Users\Autodesk
2012-03-21 04:28 - 2010-09-15 08:06 - 0000000 ____D C:\ProgramData\Autodesk
2012-03-21 04:22 - 2010-09-15 08:51 - 0000000 ____D C:\Users\Kyle Stanfield\AppData\Local\Autodesk
2012-03-21 04:19 - 2010-09-01 07:39 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-03-21 04:14 - 2011-03-03 15:07 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12
2012-03-20 23:07 - 2010-09-15 08:41 - 0000000 ____D C:\Program Files\Autodesk
2012-03-20 18:13 - 2012-03-20 18:13 - 0000000 ____D C:\Impetus Aesthetica
2012-03-20 17:41 - 2012-03-20 17:40 - 14446900 ____A C:\Users\Kyle Stanfield\Desktop\Beginning ASP.net 4 in C# and VB (2010).pdf
2012-03-20 07:22 - 2012-03-20 07:17 - 0000000 ____D C:\Users\Kyle Stanfield\Desktop\In the Loop
2012-03-20 06:43 - 2012-03-19 18:14 - 2642546 ____A C:\Users\Kyle Stanfield\Desktop\Sardonic Art - Suffering the Estranged Progenitor.mp3
2012-03-19 23:10 - 2012-03-19 23:10 - 0202713 ____A C:\Users\Kyle Stanfield\Desktop\suffering.png
2012-03-19 23:10 - 2012-03-19 22:57 - 1823059 ____A C:\Users\Kyle Stanfield\Documents\from the seat of emotions 2.psd
2012-03-19 21:31 - 2010-09-01 07:37 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-03-19 06:33 - 2012-03-08 07:15 - 0233294 ____A C:\Users\Kyle Stanfield\Desktop\The Phenomenology of Experience.pdf
2012-03-19 06:30 - 2012-03-08 07:15 - 0077553 ____A C:\Users\Kyle Stanfield\Desktop\The Phenomenology of Experience.docx
2012-03-18 22:46 - 2012-03-18 22:46 - 0000000 ____D C:\Users\All Users\ATI
2012-03-18 22:46 - 2012-03-18 22:46 - 0000000 ____D C:\ProgramData\ATI
2012-03-18 22:41 - 2012-03-18 22:41 - 0002047 ____A C:\Users\All Users\Start Menu\Programs\Startup\AML Device Install.lnk
2012-03-18 22:41 - 2012-03-18 22:41 - 0000000 ____D C:\Program Files\AMD
2012-03-18 22:41 - 2012-03-18 22:41 - 0000000 ____D C:\Program Files (x86)\AMD AVT
2012-03-18 22:41 - 2012-03-18 22:41 - 0000000 ____D C:\Program Files (x86)\AMD APP
2012-03-18 22:41 - 2012-03-18 22:41 - 0000000 ____D C:\Program Files (x86)\AMD
2012-03-18 22:41 - 2011-10-24 21:01 - 0000000 ____D C:\Users\All Users\AMD
2012-03-18 22:41 - 2011-10-24 21:01 - 0000000 ____D C:\ProgramData\AMD
2012-03-18 22:40 - 2011-12-01 23:13 - 0000000 ____D C:\Program Files\ATI Technologies
2012-03-18 21:53 - 2009-07-13 20:45 - 5142032 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-14 08:12 - 2010-09-01 08:57 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-14 08:11 - 2010-10-26 11:10 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-03-14 08:11 - 2010-10-26 11:10 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-03-14 07:27 - 2010-09-01 08:39 - 0000000 ____D C:\Users\Kyle Stanfield\AppData\Local\Last.fm
2012-03-14 01:11 - 2010-09-01 06:50 - 0000000 ____D C:\Users\Kyle Stanfield\AppData\LocalLow
2012-03-13 06:45 - 2010-09-04 15:55 - 0000979 ____A C:\Users\Public\Desktop\Mp3tag.lnk
2012-03-13 06:45 - 2010-09-04 15:55 - 0000000 ____D C:\Program Files (x86)\Mp3tag
2012-03-12 23:35 - 2011-02-06 20:28 - 0000132 ____A C:\Users\Kyle Stanfield\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-03-12 23:18 - 2010-09-01 06:50 - 0000000 ____D C:\users\Kyle Stanfield
2012-03-12 22:51 - 2012-02-29 18:59 - 0002089 ____A C:\Users\Public\Desktop\Nokia Suite.lnk
2012-03-12 22:51 - 2012-02-29 18:57 - 0000000 ____D C:\Users\All Users\NokiaInstallerCache
2012-03-12 22:51 - 2012-02-29 18:57 - 0000000 ____D C:\ProgramData\NokiaInstallerCache
2012-03-09 23:38 - 2012-03-09 23:38 - 0094463 ____A C:\Users\Kyle Stanfield\Desktop\The Phenomenology of Experience - Preface.pdf
2012-03-09 23:35 - 2012-03-09 23:35 - 0058378 ____A C:\Users\Kyle Stanfield\Documents\The Phenomenology of Experience Preface.pdf
2012-03-09 08:49 - 2012-03-09 08:49 - 0043214 ____A C:\Users\Kyle Stanfield\Desktop\Dystonia.pdf
2012-03-09 08:08 - 2012-02-17 20:38 - 2549550 ____A C:\Users\Kyle Stanfield\Desktop\Sardonicus - Dystonia.mp3
2012-03-08 19:24 - 2011-12-08 07:23 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-03-08 07:13 - 2012-03-08 07:13 - 0130798 ____A C:\Users\Kyle Stanfield\Desktop\impetus aesthetica.pdf
2012-03-08 07:13 - 2012-02-22 19:05 - 0040989 ____A C:\Users\Kyle Stanfield\Documents\impetus aesthetica.docx
2012-03-08 07:13 - 2012-02-18 04:09 - 0056903 ____A C:\Users\Kyle Stanfield\Documents\Phenomenology and the Pianist.docx
2012-03-08 06:14 - 2012-03-07 22:39 - 16974606 ____A C:\Users\Kyle Stanfield\Desktop\Local Metal - Alabama.mp4
2012-03-08 05:47 - 2012-03-08 04:51 - 0136036 ____A C:\Users\Kyle Stanfield\Documents\Phenomenology and the Pianist.pdf
2012-03-07 22:35 - 2011-08-18 07:35 - 0000021 ____A C:\Windows\SurCode.INI
2012-03-07 18:42 - 2011-01-28 11:23 - 1948096 ____A C:\Users\Kyle Stanfield\Documents\from the seat of emotions.psd
2012-03-06 16:15 - 2011-12-08 07:23 - 0258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-03-06 16:15 - 2011-12-08 07:22 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-03-06 16:15 - 2011-12-08 07:22 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-03-06 16:04 - 2011-12-08 07:23 - 0819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-03-06 16:04 - 2011-12-08 07:23 - 0337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-03-06 16:02 - 2012-02-24 16:50 - 0053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-03-06 16:01 - 2011-12-08 07:23 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-03-06 16:01 - 2011-12-08 07:23 - 0059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-03-06 16:01 - 2011-12-08 07:23 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-03-05 06:49 - 2010-09-05 10:41 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-03-05 01:28 - 2012-03-03 21:43 - 0015660 ____A C:\Users\Kyle Stanfield\Documents\song of the flea.docx
2012-03-05 00:11 - 2012-03-05 00:00 - 0038980 ____A C:\Users\Kyle Stanfield\Documents\phenom and the pianist chicago.docx
2012-03-04 13:48 - 2012-03-04 13:46 - 22993745 ____A C:\Users\Kyle Stanfield\Desktop\Mozart - Don Giovanni - Commendatore Scene.mp4
2012-03-04 09:05 - 2012-03-04 09:05 - 0025720 ____A C:\Windows\System32\Drivers\iLokDrvr.sys
2012-03-04 09:05 - 2012-03-04 09:05 - 0000000 ____D C:\Program Files (x86)\EastWest
2012-03-04 09:05 - 2010-11-13 13:01 - 0000000 ____D C:\Program Files (x86)\vstplugins
2012-03-04 09:05 - 2010-09-01 09:54 - 0000000 ____D C:\Users\All Users\East West
2012-03-04 09:05 - 2010-09-01 09:54 - 0000000 ____D C:\ProgramData\East West
2012-03-04 09:05 - 2010-09-01 09:54 - 0000000 ____D C:\Program Files\EastWest
2012-03-04 09:05 - 2010-09-01 08:14 - 0000000 ____D C:\Program Files\vstplugins
2012-03-04 09:02 - 2011-12-04 21:52 - 0000000 ____D C:\Users\Kyle Stanfield\Desktop\EWQLSO Updates
2012-03-03 23:19 - 2012-03-03 23:19 - 0053971 ____A C:\Users\Kyle Stanfield\Desktop\420336_314308098633635_100001633435579_975691_566822948_n.jpg
2012-03-03 21:18 - 2012-03-03 06:17 - 0088692 ____A C:\Users\Kyle Stanfield\Desktop\Song of the Flea.mus
2012-03-03 11:45 - 2010-09-01 07:36 - 0162896 ____A C:\Users\Kyle Stanfield\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-03 10:05 - 2012-02-29 05:06 - 0701524 ____A C:\Users\Kyle Stanfield\Desktop\Modest Mussorgsky - Mephistopheless Song in Auerbach's Cellar.pdf
2012-03-01 04:51 - 2012-03-01 04:51 - 0030896 ____A C:\Users\Kyle Stanfield\Desktop\hawkins.jpg
2012-02-29 19:15 - 2012-02-29 19:15 - 0000000 ____D C:\Users\Kyle Stanfield\AppData\Roaming\Nokia Suite
2012-02-29 19:15 - 2012-02-29 19:00 - 0000000 ____D C:\Users\Kyle Stanfield\AppData\Roaming\Nokia
2012-02-29 19:13 - 2012-01-20 08:11 - 0000000 ____D C:\Users\All Users\xml_param
2012-02-29 19:13 - 2012-01-20 08:11 - 0000000 ____D C:\ProgramData\xml_param
2012-02-29 18:59 - 2012-02-29 18:59 - 0000000 ____D C:\Users\All Users\Nokia
2012-02-29 18:59 - 2012-02-29 18:59 - 0000000 ____D C:\ProgramData\Nokia
2012-02-29 18:58 - 2012-02-29 18:58 - 0000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2012-02-29 18:58 - 2011-10-04 13:38 - 0068544 ____A C:\Windows\DPINST.LOG
2012-02-29 18:58 - 2011-10-04 13:35 - 0000000 ____D C:\Program Files (x86)\Nokia
2012-02-29 00:50 - 2012-02-29 00:50 - 2996854 ____A C:\Users\Kyle Stanfield\Desktop\dystonia.mp4
2012-02-28 21:14 - 2009-10-26 05:22 - 0000000 ____D C:\Users\Kyle Stanfield\Documents\Finale 2010 Music
2012-02-27 07:48 - 2012-02-26 13:01 - 0004225 ____A C:\Users\Kyle Stanfield\Desktop\kf.gp4
2012-02-26 18:23 - 2012-02-26 18:16 - 1937451 ____A C:\Users\Kyle Stanfield\Desktop\01 - Practice Test 2 Part Writing 1.mp3
2012-02-26 16:07 - 2012-02-26 16:07 - 0682085 ____A C:\Users\Kyle Stanfield\Desktop\T2 - Part-writing procedures and non-chordtone table.pdf
2012-02-26 13:14 - 2012-02-26 13:14 - 0000000 ____D C:\Users\Kyle Stanfield\AppData\Local\DDMSettings
2012-02-26 13:12 - 2012-03-28 14:11 - 0075776 ____A C:\Users\Kyle Stanfield\AppData\Roaming\chrtmp
2012-02-26 13:06 - 2010-09-01 08:44 - 0000000 ____D C:\Program Files (x86)\DivX
2012-02-26 13:06 - 2010-09-01 08:42 - 0000000 ____D C:\Users\All Users\DivX
2012-02-26 13:06 - 2010-09-01 08:42 - 0000000 ____D C:\ProgramData\DivX
2012-02-26 13:05 - 2010-09-01 08:59 - 0000000 ____D C:\Program Files\DivX
2012-02-24 17:49 - 2011-05-28 08:32 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-02-24 16:39 - 2012-02-24 16:39 - 0000000 ____D C:\Program Files (x86)\Oracle
2012-02-24 16:38 - 2012-02-24 16:01 - 0014251 ____A C:\Users\Kyle Stanfield\Documents\Genteel Gestation of Rage.docx
2012-02-24 16:38 - 2011-10-19 21:07 - 0173960 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-02-24 16:38 - 2011-10-19 21:07 - 0173960 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-02-24 16:38 - 2010-09-06 11:39 - 0000000 ____D C:\Program Files (x86)\Java
2012-02-23 05:23 - 2012-03-29 05:08 - 0000000 ____D C:\Users\Kyle Stanfield\Desktop\Stellar Phoenix Photo Recovery 4.0.0.0
2012-02-20 18:48 - 2012-02-20 18:17 - 0019681 ____A C:\Users\Kyle Stanfield\Documents\aphorisms.docx
2012-02-19 07:31 - 2012-01-07 00:48 - 0061057 ____A C:\Users\Kyle Stanfield\Desktop\ich bin.mus
2012-02-19 07:29 - 2012-01-07 00:48 - 0061057 ____A C:\Users\Kyle Stanfield\Desktop\ich bin.bak
2012-02-19 07:07 - 2012-02-19 07:05 - 8084374 ____A C:\Users\Kyle Stanfield\Desktop\eternal lacrimosa.mp3
2012-02-17 16:34 - 2012-02-17 14:50 - 0016987 ____A C:\Users\Kyle Stanfield\Documents\Response to Perspectives.docx
2012-02-17 14:27 - 2010-09-04 17:20 - 0000000 ___RD C:\Users\Kyle Stanfield\Podcasts
2012-02-17 14:27 - 2010-09-01 06:50 - 0000174 ___SH C:\Users\Kyle Stanfield\Start Menu\Programs\Startup\desktop.ini
2012-02-17 14:27 - 2010-09-01 06:50 - 0000174 ___SH C:\Users\Kyle Stanfield\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-17 07:06 - 2011-06-20 04:03 - 0947608 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-02-16 22:38 - 2012-03-13 20:08 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-13 20:08 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-13 20:08 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-13 20:08 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 07:53 - 2010-09-15 16:36 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-02-16 07:53 - 2010-09-15 16:36 - 0000000 ____D C:\ProgramData\Apple Computer
2012-02-16 07:46 - 2011-07-17 12:20 - 0000000 ____D C:\Users\Kyle Stanfield\AppData\Roaming\Apple Computer
2012-02-16 07:45 - 2012-02-16 07:44 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-02-16 07:45 - 2012-02-16 07:44 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-02-16 07:45 - 2010-09-04 12:22 - 0000000 ____D C:\Users\Kyle Stanfield\AppData\Local\Apple Computer
2012-02-16 07:44 - 2010-09-04 09:21 - 0000000 ____D C:\Users\All Users\Apple
2012-02-16 07:44 - 2010-09-04 09:21 - 0000000 ____D C:\ProgramData\Apple
2012-02-16 07:26 - 2012-02-07 08:19 - 0028308 ____A C:\Users\Kyle Stanfield\Desktop\Application_Form(updated).docx
2012-02-16 07:16 - 2012-02-14 05:21 - 0015501 ____A C:\Users\Kyle Stanfield\Documents\Instruction Sheet for Relaxation Techniques.docx
2012-02-14 19:48 - 2012-02-14 19:48 - 10856960 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-02-14 19:21 - 2012-02-14 19:21 - 25839104 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-02-14 19:19 - 2012-02-14 19:19 - 0235072 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-02-14 19:19 - 2012-02-14 19:19 - 0235072 ____A C:\Windows\System32\atiapfxx.blb
2012-02-14 19:18 - 2012-02-14 19:18 - 0159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-02-14 19:18 - 2011-10-25 18:05 - 0791040 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-02-14 19:17 - 2011-10-25 18:04 - 0957952 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-02-14 19:13 - 2012-02-14 19:13 - 0496128 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-02-14 19:13 - 2012-02-14 19:13 - 0442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-02-14 19:13 - 2012-02-14 19:13 - 0235520 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-02-14 19:11 - 2012-02-14 19:11 - 0120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-02-14 19:10 - 2012-02-14 19:10 - 0059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-02-14 19:10 - 2012-02-14 19:10 - 0043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-02-14 19:10 - 2012-02-14 19:10 - 0021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-02-14 19:07 - 2012-02-14 19:07 - 6200320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-02-14 19:05 - 2012-02-14 19:05 - 16507904 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-02-14 19:05 - 2012-02-14 19:05 - 0069632 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-02-14 19:05 - 2012-02-14 19:05 - 0061952 ____A C:\Windows\System32\OVDecode64.dll
2012-02-14 19:05 - 2012-02-14 19:05 - 0059904 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-02-14 19:05 - 2012-02-14 19:05 - 0054784 ____A C:\Windows\SysWOW64\OVDecode.dll
2012-02-14 19:04 - 2012-02-14 19:04 - 13238272 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-02-14 19:03 - 2012-02-14 19:03 - 0054272 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-02-14 19:03 - 2012-02-14 19:03 - 0048128 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-02-14 18:58 - 2012-02-14 18:58 - 19392000 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-02-14 18:52 - 2011-10-25 17:46 - 7646208 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-02-14 18:41 - 2012-02-14 18:41 - 1113088 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
2012-02-14 18:40 - 2012-02-14 18:40 - 4958208 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-02-14 18:40 - 2012-02-14 18:40 - 1828864 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
2012-02-14 18:36 - 2012-02-14 18:36 - 2425664 ____A C:\Windows\System32\atiumd6a.cap
2012-02-14 18:36 - 2012-02-14 18:36 - 0204952 ____A C:\Windows\SysWOW64\ativvsvl.dat
2012-02-14 18:36 - 2012-02-14 18:36 - 0204952 ____A C:\Windows\System32\ativvsvl.dat
2012-02-14 18:36 - 2012-02-14 18:36 - 0157144 ____A C:\Windows\SysWOW64\ativvsva.dat
2012-02-14 18:36 - 2012-02-14 18:36 - 0157144 ____A C:\Windows\System32\ativvsva.dat
2012-02-14 18:34 - 2012-02-14 18:34 - 13859840 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-02-14 18:34 - 2012-02-14 18:34 - 0051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-02-14 18:34 - 2012-02-14 18:34 - 0046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-02-14 18:34 - 2012-02-14 18:34 - 0044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-02-14 18:34 - 2012-02-14 18:34 - 0044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-02-14 18:34 - 2011-10-25 17:35 - 5954048 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-02-14 18:29 - 2012-02-14 18:29 - 11561984 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-02-14 18:29 - 2011-10-25 17:32 - 5062656 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-02-14 18:28 - 2012-02-14 18:28 - 2427392 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-02-14 18:25 - 2012-02-14 18:25 - 7551488 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-02-14 18:16 - 2011-10-12 11:39 - 0058880 ____A (AMD) C:\Windows\System32\coinst.dll
2012-02-14 18:14 - 2012-02-14 18:14 - 0512000 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-02-14 18:13 - 2012-02-14 18:13 - 0356352 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-02-14 18:13 - 2012-02-14 18:13 - 0327680 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-02-14 18:13 - 2012-02-14 18:13 - 0039936 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-02-14 18:13 - 2012-02-14 18:13 - 0033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-02-14 18:13 - 2012-02-14 18:13 - 0017408 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-02-14 18:13 - 2012-02-14 18:13 - 0014336 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-02-14 18:13 - 2012-02-14 18:13 - 0014336 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-02-14 18:12 - 2012-02-14 18:12 - 0039936 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-02-14 18:12 - 2012-02-14 18:12 - 0033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-02-14 18:12 - 2011-10-25 17:21 - 0043008 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-02-14 18:12 - 2011-10-25 17:20 - 0030208 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-02-14 18:11 - 2012-02-14 18:11 - 0054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-02-14 18:11 - 2012-02-14 18:11 - 0054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-02-14 18:11 - 2012-02-14 18:11 - 0053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-02-14 18:11 - 2012-02-14 18:11 - 0053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-02-14 18:11 - 2012-02-14 18:11 - 0053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-02-14 03:50 - 2012-02-14 03:44 - 0000000 ____D C:\Users\Kyle Stanfield\Desktop\Philosophy Aesthetics papers
2012-02-09 22:36 - 2012-03-13 20:10 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-13 20:10 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-06 07:13 - 2012-02-06 05:58 - 0017611 ____A C:\Users\Kyle Stanfield\Documents\songs.docx
2012-02-02 20:34 - 2012-03-13 20:10 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-02 06:36 - 2012-01-28 17:02 - 0014016 ____A C:\Users\Kyle Stanfield\Documents\Rief sie aus der Nacht.docx
2012-02-02 06:30 - 2012-02-02 06:29 - 5691827 ____A C:\Users\Kyle Stanfield\Desktop\Sardonicus - Wird sie jemals mein sein.mp3
2012-01-31 08:14 - 2012-01-31 07:53 - 0024474 ____A C:\Users\Kyle Stanfield\Documents\poetry.docx
2012-01-31 03:02 - 2012-01-31 03:02 - 0021504 ____A C:\Windows\System32\kdbsdk64.dll
2012-01-31 03:00 - 2012-01-31 03:00 - 0016896 ____A C:\Windows\SysWOW64\kdbsdk32.dll
2012-01-29 14:47 - 2011-05-29 05:28 - 0000000 ____D C:\Program Files (x86)\NCH Software
2012-01-29 14:46 - 2011-12-30 00:22 - 0000000 ____D C:\Program Files\PHP Manager 1.2 for IIS 7
2012-01-29 14:46 - 2011-01-09 17:24 - 0000000 ____D C:\Users\All Users\NexonUS
2012-01-29 14:46 - 2011-01-09 17:24 - 0000000 ____D C:\ProgramData\NexonUS
2012-01-29 14:45 - 2011-12-24 07:27 - 0000000 ____D C:\Users\Kyle Stanfield\.netbeans
2012-01-29 14:45 - 2011-12-23 12:29 - 0000000 ____D C:\Users\Kyle Stanfield\.nbi
2012-01-29 14:43 - 2011-06-12 09:58 - 0000000 ____D C:\Program Files (x86)\u-he
2012-01-29 14:42 - 2011-01-21 01:16 - 0000000 ____D C:\Program Files (x86)\Steam
2012-01-29 14:42 - 2011-01-09 17:24 - 0000000 ____D C:\Nexon
2012-01-29 14:40 - 2011-06-06 13:47 - 0000000 ____D C:\Program Files (x86)\DolphinViewer2
2012-01-29 09:06 - 2011-03-29 12:01 - 0000000 ____D C:\Program Files (x86)\AVS4YOU
2012-01-28 19:45 - 2012-01-28 19:44 - 47203245 ____A C:\Users\Kyle Stanfield\Desktop\Sophie.mp4
2012-01-28 12:32 - 2012-01-28 12:31 - 84828447 ____A C:\Users\Kyle Stanfield\Desktop\OD1.mp4
2012-01-28 10:47 - 2012-01-28 10:06 - 0000000 ____D C:\Users\Kyle Stanfield\Desktop\Operation Dead 1
2012-01-28 10:05 - 2012-01-28 10:02 - 0000000 ____A C:\Users\Kyle Stanfield\Documents\Operation
2012-01-28 07:34 - 2012-01-28 06:13 - 10111049 ____A C:\Users\Kyle Stanfield\Desktop\Mozart Don Giovanni.pdf
2012-01-28 07:24 - 2012-01-28 07:18 - 60366419 ____A C:\Users\Kyle Stanfield\Desktop\Mozart - Don Giovanni (Vocal Score).pdf
2012-01-26 23:19 - 2012-01-26 23:19 - 0000000 ____D C:\AMD
2012-01-26 22:07 - 2012-01-26 22:05 - 3507608 ____A C:\Users\Kyle Stanfield\Desktop\book_tom_waits__anthology.pdf
2012-01-24 22:38 - 2012-03-13 20:08 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:38 - 2012-03-13 20:08 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:33 - 2012-03-13 20:08 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-22 19:43 - 2012-01-22 00:44 - 0018795 ____A C:\Users\Kyle Stanfield\Documents\evil comes in threes.docx
2012-01-21 23:46 - 2011-02-10 12:04 - 0000000 ____D C:\Users\Kyle Stanfield\AppData\Roaming\vghd
2012-01-21 23:40 - 2012-01-21 22:45 - 0000000 ____D C:\Program Files (x86)\Save Flash
2012-01-21 22:45 - 2012-01-21 22:45 - 0000000 ____D C:\Users\Kyle Stanfield\Documents\MY_FLASH
2012-01-21 14:17 - 2012-01-20 19:30 - 1743239 ____A C:\Users\Kyle Stanfield\Desktop\Brutal Jackalope Attack with Unicorn - Evil Comes in Three's.mp3
2012-01-20 22:19 - 2010-09-11 07:25 - 0006025 ____A C:\Windows\yacs.log
2012-01-20 17:55 - 2012-01-20 08:06 - 0000000 ____D C:\Users\Kyle Stanfield\Desktop\New folder (2)
2012-01-20 08:02 - 2012-01-20 07:58 - 0000000 ____D C:\Users\Kyle Stanfield\Documents\Wondershare Video Converter Ultimate
2012-01-20 07:58 - 2012-01-20 07:58 - 0000000 ____D C:\Users\Kyle Stanfield\AppData\Roaming\Wondershare Video Converter Ultimate
2012-01-20 07:57 - 2012-01-20 07:57 - 0000000 ____D C:\Program Files (x86)\Wondershare
2012-01-20 07:56 - 2012-01-20 07:56 - 0000000 ____D C:\Users\Kyle Stanfield\Desktop\Video.Converter.Ultimate.5.7.1.1
2012-01-19 06:13 - 2012-01-19 06:12 - 0000000 ____D C:\Users\Kyle Stanfield\Desktop\Bio Lab bleep
2012-01-18 02:43 - 2012-01-18 02:40 - 32827529 ____A C:\Users\Kyle Stanfield\Desktop\XVCU.6.7.0.0930.by.tano1221.rar
2012-01-18 01:51 - 2012-01-18 01:51 - 0000000 ____D C:\Program Files (x86)\Megabit
2012-01-17 08:14 - 2012-01-17 08:09 - 436115782 ____A C:\Users\Kyle Stanfield\Documents\New Image File.daa
2012-01-17 07:18 - 2011-06-26 23:52 - 0000000 ____D C:\Users\Kyle Stanfield\dwhelper
2012-01-16 19:29 - 2012-01-16 19:29 - 0000000 ____D C:\Users\Kyle Stanfield\AppData\Roaming\Adobe Mini Bridge CS5
2012-01-16 17:37 - 2012-01-16 11:40 - 0000000 ____D C:\Users\All Users\boost_interprocess
2012-01-16 17:37 - 2012-01-16 11:40 - 0000000 ____D C:\ProgramData\boost_interprocess
2012-01-16 15:57 - 2012-01-16 15:57 - 0000000 ____D C:\Program Files\Common Files\Propellerhead Software
2012-01-16 11:40 - 2012-01-16 11:33 - 0000000 ____D C:\Users\Kyle Stanfield\Documents\maya
2012-01-16 11:40 - 2010-09-15 08:06 - 0000000 ____D C:\Users\Kyle Stanfield\AppData\Roaming\Autodesk
2012-01-16 11:12 - 2012-01-16 11:12 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2012-01-16 11:12 - 2010-11-23 19:23 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-01-16 11:09 - 2010-09-15 08:34 - 0000000 ____D C:\Program Files (x86)\Autodesk
2012-01-16 11:04 - 2010-09-05 10:00 - 0668829 ____A C:\Windows\DirectX.log
2012-01-16 10:14 - 2011-09-25 06:40 - 0000000 ____D C:\Program Files (x86)\MIDIOX
2012-01-16 10:14 - 2011-07-12 04:49 - 0000000 ____D C:\Program Files (x86)\Open DVD ripper
2012-01-16 10:13 - 2011-06-15 20:35 - 0011943 ____A C:\Windows\LDPINST.LOG
2012-01-16 10:13 - 2011-05-14 13:44 - 0027624 ____A C:\Windows\System32\lvcoinst.log
2012-01-16 10:13 - 2011-05-14 13:43 - 0000000 ____D C:\Program Files\Common Files\LogiShrd
2012-01-15 14:11 - 2012-01-02 12:39 - 7485989 ____A C:\Users\Kyle Stanfield\Desktop\Sardonic Art - Ich bin den ewigen Tränenreichen.mp3
2012-01-15 13:42 - 2012-01-15 13:36 - 0000000 ____D C:\Users\Kyle Stanfield\Documents\Emicsoft Studio
2012-01-15 13:36 - 2012-01-15 13:36 - 0000000 ____D C:\Users\All Users\Emicsoft Studio
2012-01-15 13:36 - 2012-01-15 13:36 - 0000000 ____D C:\ProgramData\Emicsoft Studio
2012-01-15 13:36 - 2012-01-15 13:36 - 0000000 ____D C:\Program Files (x86)\Emicsoft Studio
2012-01-15 13:13 - 2012-01-15 13:11 - 0000000 ____D C:\Users\Kyle Stanfield\Desktop\divx
2012-01-15 12:49 - 2011-12-31 16:07 - 0017130 ____A C:\Users\Kyle Stanfield\Desktop\I am the Eternal Lacrimosa.docx
2012-01-15 09:49 - 2012-01-18 02:58 - 14412932 ____A C:\Users\Kyle Stanfield\Desktop\beginning APSnet.pdf
2012-01-14 22:46 - 2011-11-11 19:31 - 0000000 ____D C:\Program Files\NetWorx
2012-01-14 22:43 - 2012-01-14 21:54 - 563452415 ____A C:\Users\Kyle Stanfield\Desktop\music comp 2.mp4
2012-01-14 22:00 - 2012-01-14 22:00 - 0002026 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2012-01-14 12:26 - 2009-07-13 23:45 - 0000000 ____D C:\Windows\ShellNew
2012-01-13 01:28 - 2012-01-13 01:28 - 1603105 ____A C:\Users\Kyle Stanfield\Desktop\Untitled-1.png
2012-01-12 22:08 - 2010-09-15 16:36 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-01-12 07:56 - 2012-01-11 20:40 - 0023104 ____A C:\Users\Kyle Stanfield\Documents\Dr.docx
2012-01-12 07:00 - 2012-01-12 06:24 - 0033377 ____A C:\Users\Kyle Stanfield\Documents\poem head.docx
2012-01-12 06:23 - 2012-01-05 14:47 - 0030080 ____A C:\Users\Kyle Stanfield\Documents\poem.docx
2012-01-10 22:11 - 2012-01-10 06:47 - 0025265 ____A C:\Users\Kyle Stanfield\Documents\Importance of Philosophy Follow Up.docx
2012-01-10 13:10 - 2012-01-10 13:10 - 0601728 ____A C:\Windows\System32\atiicdxx.dat
2012-01-10 11:57 - 2012-02-24 16:38 - 0637848 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2012-01-10 11:57 - 2011-10-19 21:07 - 0224136 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-01-10 11:57 - 2010-09-06 11:39 - 0567696 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-01-07 20:22 - 2011-11-19 07:07 - 0000000 ____D C:\Users\Kyle Stanfield\Documents\Impetus Aesthetica
2012-01-07 18:36 - 2010-09-28 12:54 - 0000000 ____D C:\Program Files (x86)\Native Instruments
2012-01-07 08:24 - 2012-01-07 08:24 - 0000000 ____D C:\Users\Kyle Stanfield\Documents\Any Video Converter
2012-01-07 08:24 - 2012-01-07 08:24 - 0000000 ____D C:\Users\Kyle Stanfield\AppData\Roaming\AnvSoft
2012-01-06 12:57 - 2012-01-04 23:46 - 0000000 ____D C:\Users\Kyle Stanfield\Desktop\Cartoon sound bytes
2012-01-06 10:03 - 2012-01-06 10:03 - 0060467 ____A C:\Users\Kyle Stanfield\Desktop\poem.pdf
2012-01-06 10:02 - 2012-01-06 10:00 - 14655989 ____A C:\Users\Kyle Stanfield\Desktop\Sardonicus - Prelude & The Testament of Sardonicus.mp3
2012-01-04 14:22 - 2011-06-05 05:30 - 501691292 ____A C:\Users\Kyle Stanfield\Documents\mili part 2.avi
2012-01-04 14:22 - 2011-06-05 05:30 - 1070879644 ____A C:\Users\Kyle Stanfield\Documents\mili part 1.avi
2012-01-04 09:09 - 2011-08-27 08:10 - 0242752 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-01-04 02:44 - 2012-02-14 12:08 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 02:44 - 2012-02-14 12:08 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-04 00:59 - 2012-02-14 12:08 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-04 00:58 - 2012-02-14 12:08 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 7935.18 MB
Available physical RAM: 7027.3 MB
Total Pagefile: 7933.33 MB
Available Pagefile: 7020.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:75.39 GB) NTFS
8 Drive k: (USB20FD) (Removable) (Total:7.53 GB) (Free:7.53 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
10 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 Online 7728 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 931 GB Healthy

======================================================================================================

Partitions of Disk 6:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7727 MB 16 KB

======================================================================================================

Disk: 6
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K USB20FD FAT32 Removable 7727 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-19 23:50

======================= End Of Log ==========================


Kyle Sardonicus Amadeus Stanfield
Writer, Philosopher, Composer/Musician, Artist
Comprehensive Psychology Major, Troy University
www.impetus-aesthetica.com

#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 8,285 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:25 PM

Posted 03 April 2012 - 12:07 PM

Please open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the quote box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Name the file as fixlist.txt. Change the Save as Type to All Files , and Save it in the Flashdrive next to FRST.

Start
SubSystems: [Windows] ==> ZeroAccess
CMD: Del /q C:\Windows\Tasks\At*.job
C:\Windows\system64
End

Run FRST as you did before, except that this time around click on the Fix button and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Boot in Normal Mode. If able to do so, please run Combofix as follows:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.


If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 Sardonicus

Sardonicus
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere and Nowhere
  • Local time:02:25 PM

Posted 04 April 2012 - 01:33 AM

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-04-03 23:57:47 R:1
Running from D:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.

========= Del /q C:\Windows\Tasks\At*.job =========


========= End of CMD: =========

C:\Windows\system64 moved successfully.

==== End of Fixlog ====


Now, the ComboFix log is really really REALLY long. It's too big to even attach and makes my post too long to post, so I had to upload it off-site...
http://www.mediafire.com/?y8d7hx3e7uybvq6
Kyle Sardonicus Amadeus Stanfield
Writer, Philosopher, Composer/Musician, Artist
Comprehensive Psychology Major, Troy University
www.impetus-aesthetica.com

#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 8,285 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:25 PM

Posted 04 April 2012 - 08:32 AM

Lets check for remnants.

Posted Image Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner.
  • Select the option YES, I accept the Terms of Use then click on Start.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    Scan for potentially unwanted applications
    Scan for potentially unsafe applications
    Enable Anti-Stealth Technology

  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

No request for help throughout private messaging will be attended.


If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 Sardonicus

Sardonicus
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere and Nowhere
  • Local time:02:25 PM

Posted 04 April 2012 - 11:46 PM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.04.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kyle Stanfield :: KYLESTANFIELD [administrator]

Wed 04-04-12 8:40:27 am
mbam-log-2012-04-04 (08-40-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237778
Time elapsed: 5 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


C:\Documents and Settings\Kyle Stanfield\Desktop\Recovery\1 NTFS\LostFiles1\Keygen.exe probably a variant of Win32/Agent.LEUSVGB trojan
C:\Documents and Settings\Kyle Stanfield\Desktop\Recovery\1 NTFS\Raw Files\RAR compression file\FILE047.RAR a variant of Win32/Keygen.AM application
C:\Program Files (x86)\Finale 2011\patch_finale_2011.r2.exe a variant of Win32/HackTool.Patcher.T application
C:\Program Files (x86)\Oxin's Style!\3D SexVilla 2\Binaries\fc3DSexVillaRun.DE.exe a variant of Win32/Inject.NDT trojan
C:\Program Files (x86)\Oxin's Style!\3D SexVilla 2\Binaries\fc3DSexVillaRun.EN.exe a variant of Win32/Inject.NDT trojan
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.G trojan
C:\Users\Kyle Stanfield\Desktop\Recovery\1 NTFS\LostFiles1\Keygen.exe probably a variant of Win32/Agent.LEUSVGB trojan
C:\Users\Kyle Stanfield\Desktop\Recovery\1 NTFS\Raw Files\RAR compression file\FILE047.RAR a variant of Win32/Keygen.AM application
C:\Windows\assembly\temp\U\000000cf.@ Win32/Redirector.A trojan
C:\Windows\assembly\temp\U\80000032.@ a variant of Win32/Sirefef.EU trojan
C:\Windows\System32\defaultlocationncpl.dll Win32/BHO.ODP trojan
C:\Windows\System32\KBDDKOR.DLL a variant of Win32/BHO.OEA trojan
C:\Windows\System32\NlsData00119.dll Win32/BHO.ODP trojan
C:\Windows\SysWOW64\defaultlocationncpl.dll Win32/BHO.ODP trojan
C:\Windows\SysWOW64\KBDDKOR.DLL a variant of Win32/BHO.OEA trojan
C:\Windows\SysWOW64\NlsData00119.dll Win32/BHO.ODP trojan


Kyle Sardonicus Amadeus Stanfield
Writer, Philosopher, Composer/Musician, Artist
Comprehensive Psychology Major, Troy University
www.impetus-aesthetica.com

#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 8,285 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:25 PM

Posted 05 April 2012 - 10:13 AM

Download the enclosed file. Attached File  CFScript.txt   867bytes   54 downloads

Save it next to Combofix.

Posted Image

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

Security check

Download and run Security Check by screen317 and post its report.

How is the computer doing?

No request for help throughout private messaging will be attended.


If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 Sardonicus

Sardonicus
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere and Nowhere
  • Local time:02:25 PM

Posted 06 April 2012 - 10:14 AM

Computer is doing great, thanks. Man that is why I love this place. I'd searched for a solution and the only answer coming up was "you're boned, do a full reinstall". Luckily I know better.

ComboFix log

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
Andy Sneap Metal Foundry Presets
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

HijackThis 2.0.2
JavaFX 2.0.3
Java™ 6 Update 29
Java™ 7 Update 3
Java™ SE Development Kit 7 Update 1
Adobe Reader X (10.1.2)
Mozilla Firefox (11.0.)
Mozilla Thunderbird (8.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````


The "Andy Sneap Metal Foundry Presets" is actually not an antivirus or anything like that - it's just a set of presets for Superior Drummer 2.0 (VST).

Edited by Sardonicus, 06 April 2012 - 10:15 AM.

Kyle Sardonicus Amadeus Stanfield
Writer, Philosopher, Composer/Musician, Artist
Comprehensive Psychology Major, Troy University
www.impetus-aesthetica.com

#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 8,285 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:25 PM

Posted 06 April 2012 - 11:13 AM

Congratulations.

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Follow these steps to uninstall Combofix.

  • Rename Combofix to Uninstall and click on it. That should remove the application.

Delete the C:\FRST folder. Manually remove any tool left.

The following is a list of tools and utilities that I like to suggest to people.

  • Always keep your JAVA updated. Older versions will make your computer vulnerable.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Best wishes! Posted Image

No request for help throughout private messaging will be attended.


If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 8,285 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:25 PM

Posted 20 April 2012 - 03:17 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

No request for help throughout private messaging will be attended.


If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users