Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD Consrv not found


  • This topic is locked This topic is locked
2 replies to this topic

#1 ones!xty

ones!xty

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 16 November 2011 - 08:08 PM

Hi,
Got a few redirects on the web yesterday so I ran my checks, MBAM and MSE, needing a reboot after completion I then recieved BSOD consrv not found.
STOP: c0000135 {Unable To Locate Component} consrv not found

All instances of safemode etc recieve the same message. Recovery console startup repair hasnt helped either.
I suspect its Zero Access as my frst log says
SubSystems: [Windows] ==> ZeroAccess
**** EDIT I managed to get it through the boot back to Windows****
****Ran FRST64 and then I a used a Fixlst.txt found in this thread http://www.bleepingcomputer.com/forums/topic426802.html/page__st__15 ****

Just thought Id update for future readers




FRST log
Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.8
Ran by SYSTEM at 2011-11-17 11:40:21
Running from E:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [RtHDVCpl] RAVCpl64.exe [x]
HKLM\...\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [415816 2010-02-17] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE [4271688 2010-02-17] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2093128 2010-02-17] (Logitech Inc.)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [x]
HKLM\...\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL [x]
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-14] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [449608 2011-08-30] (Malwarebytes Corporation)
HKLM-x32\...\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL [x]
HKLM-x32\...\Run: [CTHelper] CTHELPER.EXE [x]
HKLM-x32\...\Run: [CTxfiHlp] CTXFIHLP.EXE [x]
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-11] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKU\John\...\Run: [] [x]
HKU\John\...\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent [x]
HKU\John\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [x]
HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-11] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-05] ()
3 BITCOMET_HELPER_SERVICE; C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service [1296728 2010-12-28] (www.BitComet.com)
3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [151296 2007-04-11] (Creative Technology Ltd)
3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [252712 2007-04-09] (Creative Technology Ltd.)
3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [700200 2007-04-09] (Creative Technology Ltd)
3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [219432 2007-04-09] (Creative Technology Ltd)
3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [321832 2007-04-09] (Creative Technology Ltd)
3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [190248 2007-04-09] (Creative Technology Ltd)
3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [363304 2007-04-09] (Creative Technology Ltd)
3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [142120 2007-04-09] (Creative Technology Ltd)
3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1571112 2007-04-09] (Creative Technology Ltd.)
3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [123688 2007-04-09] (Creative Technology Ltd.)
3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [681256 2007-04-09] (Creative Technology Ltd)
3 DFSR; C:\Windows\System32\DFSR.exe [3433472 2009-04-11] (Microsoft Corporation)
2 dgdersvc; C:\Windows\system32\dgdersvc.exe [119632 2011-01-19] (Devguru Co., Ltd.)
2 Dhcp; C:\Windows\System32\dhcpcsvc.dll [268288 2009-04-11] (Microsoft Corporation)
2 ehstart; C:\Windows\ehome\ehstart.dll [15360 2006-11-02] (Microsoft Corporation)
2 EMDMgmt; C:\Windows\System32\emdmgmt.dll [399360 2009-04-11] (Microsoft Corporation)
3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [366152 2011-08-30] (Malwarebytes Corporation)
3 p2pimsvc; C:\Windows\System32\p2psvc.dll [836608 2009-04-11] (Microsoft Corporation)
2 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe" [360224 2009-10-23] (Sony Corporation)
3 PNRPAutoReg; C:\Windows\System32\p2psvc.dll [836608 2009-04-11] (Microsoft Corporation)
3 PNRPsvc; C:\Windows\System32\p2psvc.dll [836608 2009-04-11] (Microsoft Corporation)
2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-30] (Microsoft Corporation)
4 ServiceLayer; "C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe" [615936 2010-06-13] (Nokia)
2 slsvc; C:\Windows\System32\SLsvc.exe [2582016 2009-04-11] (Microsoft Corporation)
3 SLUINotify; C:\Windows\System32\SLUINotify.dll [73216 2009-04-11] (Microsoft Corporation)
2 Themes; C:\Windows\System32\shsvcs.dll [302080 2009-07-10] (Microsoft Corporation)
2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-30] (Microsoft Corporation)
2 WiselinkPro; C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [4708864 2009-10-19] ()
3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [1020768 2010-03-17] (Microsoft Corporation)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]
2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [x]
2 PSI_SVC_2; "c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" [x]
3 xrdidvrvg; C:\Program Files (x86)\ophcrack\pwdump\servpw.exe [x]

========================== Drivers (Whitelisted) =============

4 adpu160m; C:\Windows\System32\drivers\adpu160m.sys [126520 2008-01-20] (Adaptec, Inc.)
1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-09] ()
2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-08-04] ()
2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2010-11-08] (CPUID)
3 ctac32k; C:\Windows\System32\drivers\ctac32k.sys [580904 2007-04-09] (Creative Technology Ltd)
3 ctaud2k; C:\Windows\System32\drivers\ctaud2k.sys [863016 2007-04-09] (Creative Technology Ltd)
3 ctprxy2k; C:\Windows\System32\drivers\ctprxy2k.sys [17192 2007-04-09] (Creative Technology Ltd)
3 ctsfm2k; C:\Windows\System32\drivers\ctsfm2k.sys [290600 2007-04-09] (Creative Technology Ltd)
3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20552 2011-01-19] (Devguru Co., Ltd)
3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [82112 2010-12-30] (DEVGURU Co., LTD.(www.devguru.co.kr))
0 Ecache; C:\Windows\System32\drivers\ecache.sys [155112 2009-04-11] (Microsoft Corporation)
3 emupia; C:\Windows\System32\drivers\emupia2k.sys [147752 2007-04-09] (Creative Technology Ltd)
3 etdrv; \??\C:\Windows\etdrv.sys [25640 2011-04-17] (Windows ® Server 2003 DDK provider)
3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [40832 2011-03-07] (Etron Technology Inc)
3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [65280 2011-03-07] (Etron Technology Inc)
3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [69320 2009-10-21] (FTDI Ltd.)
3 GVTDrv64; \??\C:\Windows\GVTDrv64.sys [30528 2011-04-17] ()
3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [1359144 2007-04-09] (Creative Technology Ltd)
3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [259880 2007-04-09] (Creative Technology Ltd)
3 hap17v2k; C:\Windows\System32\drivers\hap17v2k.sys [295208 2007-04-09] (Creative Technology Ltd)
4 HpCISSs; C:\Windows\System32\drivers\hpcisss.sys [81896 2009-04-11] (Hewlett-Packard Company)
4 i2omp; C:\Windows\System32\drivers\i2omp.sys [35896 2008-01-20] (Microsoft Corporation)
4 iteatapi; C:\Windows\System32\drivers\iteatapi.sys [37480 2006-11-02] (Integrated Technology Express, Inc.)
4 iteraid; C:\Windows\System32\drivers\iteraid.sys [37480 2006-11-02] (Integrated Technology Express, Inc.)
3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [22408 2009-11-22] (Logitech Inc.)
3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [16008 2009-11-22] (Logitech Inc.)
2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-08-04] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25416 2011-08-30] (Malwarebytes Corporation)
4 Mraid35x; C:\Windows\System32\drivers\mraid35x.sys [39016 2006-11-02] (LSI Logic Corporation)
3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2010-02-25] (Nokia)
3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [19456 2010-02-25] (Nokia)
3 NvStUSB; C:\Windows\System32\DRIVERS\nvstusb.sys [291648 2011-10-15] (NVIDIA Corporation)
3 ossrv; C:\Windows\System32\drivers\ctoss2k.sys [218408 2007-04-09] (Creative Technology Ltd.)
3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfdx64.sys [25600 2008-08-27] (Nokia)
3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh64.sys [392296 2010-12-29] (Realtek )
4 SiSRaid2; C:\Windows\System32\drivers\sisraid2.sys [45624 2008-01-20] (Microsoft Corporation)
0 speedfan; C:\Windows\SysWow64\speedfan.sys [25280 2010-12-18] (Almico Software)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2010-10-28] (Duplex Secure Ltd.)
3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [202560 2010-12-30] (DEVGURU Co., LTD.(www.devguru.co.kr))
4 Symc8xx; C:\Windows\System32\drivers\symc8xx.sys [49256 2006-11-02] (LSI Logic)
4 Sym_hi; C:\Windows\System32\drivers\sym_hi.sys [44648 2006-11-02] (LSI Logic)
4 Sym_u3; C:\Windows\System32\drivers\sym_u3.sys [48232 2006-11-02] (LSI Logic)
3 TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [16392 2011-01-19] (Teruten Inc)
3 tunmp; C:\Windows\System32\DRIVERS\tunmp.sys [18432 2008-01-20] (Microsoft Corporation)
4 uliahci; C:\Windows\System32\drivers\uliahci.sys [284728 2008-01-20] (ULi Electronics Inc.)
4 UlSata; C:\Windows\System32\drivers\ulsata.sys [148072 2006-11-02] (Promise Technology, Inc.)
4 ulsata2; C:\Windows\System32\drivers\ulsata2.sys [174696 2008-01-20] (Promise Technology, Inc.)
3 WpdUsb; C:\Windows\System32\DRIVERS\wpdusb.sys [46592 2009-09-30] (Microsoft Corporation)
1 dqlxtaoo; \??\C:\Windows\system32\drivers\dqlxtaoo.sys [x]
3 gdrv; \??\C:\Windows\gdrv.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 msiserver; C:\Windows\System32\msiexec /V [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP1x\WNt500x64\Sandra.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-11-17 11:39 - 2011-11-17 11:39 - 0000000 ____D C:\FRST
2011-11-15 21:24 - 2011-11-15 21:24 - 0212734 ____A C:\Windows\ntbtlog.txt
2011-11-15 13:47 - 2011-11-15 13:50 - 0000000 ____D C:\Users\John\Desktop\New Folder (2)
2011-11-15 13:24 - 2011-11-15 13:24 - 0000000 ____D C:\Program Files\Microsoft Security Client
2011-11-15 13:24 - 2011-11-15 13:24 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2011-11-14 19:28 - 2011-11-15 02:47 - 0000000 ____D C:\Users\John\AppData\Roaming\Hyoge
2011-11-14 19:28 - 2011-11-14 19:29 - 0000000 ____D C:\Users\John\AppData\Roaming\Imbueg
2011-11-14 19:28 - 2011-11-14 19:28 - 0000174 __ASH C:\Users\Default\Start Menu\Programs\Startup\desktop.ini
2011-11-14 19:28 - 2011-11-14 19:28 - 0000174 __ASH C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-11-14 19:28 - 2011-11-14 19:28 - 0000174 __ASH C:\Users\Default User\Start Menu\Programs\Startup\desktop.ini
2011-11-14 19:28 - 2011-11-14 19:28 - 0000174 __ASH C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-11-14 19:17 - 2011-11-14 19:17 - 0000000 ____D C:\Windows\system64
2011-11-13 12:51 - 2011-11-13 12:51 - 0000000 ____D C:\Windows\System32\Macromed
2011-11-11 18:50 - 2011-11-11 18:50 - 0000221 ____A C:\Users\John\Desktop\The Elder Scrolls V Skyrim.url
2011-11-11 16:05 - 2011-11-11 16:05 - 2318910 ____A C:\Users\John\AppData\Local\dd_NET_Framework35_x64_MSI21AE.txt
2011-11-11 16:05 - 2011-11-11 16:05 - 0000000 ____D C:\Users\John\AppData\Local\Skyrim
2011-11-10 13:12 - 2011-11-15 21:18 - 4958588 ____A C:\Windows\{00000004-00000000-00000000-00001102-00000004-00511102}.BAK
2011-11-10 04:11 - 2011-11-16 16:08 - 0033208 ____A C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000000-00001102-00000004-00511102}.rfx
2011-11-10 04:11 - 2011-11-16 16:08 - 0033208 ____A C:\Windows\System32\BMXState-{00000004-00000000-00000000-00001102-00000004-00511102}.rfx
2011-11-10 04:11 - 2011-11-16 16:08 - 0027408 ____A C:\Windows\System32\BMXCtrlState-{00000004-00000000-00000000-00001102-00000004-00511102}.rfx
2011-11-10 04:11 - 2011-11-16 16:08 - 0027408 ____A C:\Windows\System32\BMXBkpCtrlState-{00000004-00000000-00000000-00001102-00000004-00511102}.rfx
2011-11-10 04:11 - 2011-11-16 16:08 - 0011564 ____A C:\Windows\System32\DVCState-{00000004-00000000-00000000-00001102-00000004-00511102}.rfx
2011-11-10 04:11 - 2011-11-14 04:28 - 0001080 ____A C:\Windows\System32\settingsbkup.sfm
2011-11-10 04:11 - 2011-11-14 04:28 - 0001080 ____A C:\Windows\System32\settings.sfm
2011-11-09 20:15 - 2011-11-15 21:18 - 4958588 ____A C:\Windows\{00000004-00000000-00000000-00001102-00000004-00511102}.CDF
2011-11-09 02:05 - 2011-11-10 00:56 - 0000000 ____D C:\Users\John\Desktop\G backup
2011-11-08 20:04 - 2011-09-20 13:06 - 1423744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-11-08 20:04 - 2011-09-20 06:04 - 0040448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2011-11-06 21:57 - 2011-11-06 21:57 - 0000000 ____D C:\pwrcmdr
2011-10-27 14:40 - 2011-10-15 02:48 - 1454400 ____A (NVIDIA Corporation) C:\Windows\System32\nvir3dgenco6420130.dll
2011-10-27 14:40 - 2011-10-15 02:48 - 0291648 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstusb.sys
2011-10-27 14:40 - 2011-10-15 00:53 - 8791360 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2011-10-27 14:40 - 2011-10-15 00:53 - 7581504 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2011-10-27 14:40 - 2011-10-15 00:53 - 7041856 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2011-10-27 14:40 - 2011-10-15 00:53 - 5578560 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2011-10-27 14:40 - 2011-10-15 00:53 - 2542912 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2011-10-27 14:40 - 2011-10-15 00:53 - 24796992 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2011-10-27 14:40 - 2011-10-15 00:53 - 24742720 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2011-10-27 14:40 - 2011-10-15 00:53 - 2458432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2011-10-27 14:40 - 2011-10-15 00:53 - 2401088 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2011-10-27 14:40 - 2011-10-15 00:53 - 2232128 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2011-10-27 14:40 - 2011-10-15 00:53 - 2099520 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2011-10-27 14:40 - 2011-10-15 00:53 - 18871616 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2011-10-27 14:40 - 2011-10-15 00:53 - 17248576 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2011-10-27 14:40 - 2011-10-15 00:53 - 15693120 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2011-10-27 14:40 - 2011-10-15 00:53 - 12971840 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2011-10-27 14:40 - 2011-10-15 00:53 - 0068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2011-10-27 14:40 - 2011-10-15 00:53 - 0061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2011-10-27 09:24 - 2011-10-27 09:27 - 0000056 ____A C:\Users\John\Desktop\New Text Document.txt
2011-10-27 08:56 - 2011-10-27 08:56 - 0001908 ____A C:\Windows\PFRO.log
2011-10-26 10:01 - 2011-10-26 10:01 - 0000000 ____D C:\Users\John\AppData\Local\PackageAware
2011-10-26 09:33 - 2011-10-26 09:33 - 0000000 ____D C:\Users\John\Documents\Battlefield 3
2011-10-25 17:38 - 2011-10-25 17:38 - 0000000 ____D C:\Users\John\AppData\Local\PAYDAY
2011-10-25 04:37 - 2011-10-25 04:37 - 0000221 ____A C:\Users\John\Desktop\PAYDAY The Heist.url
2011-10-24 22:39 - 2011-10-24 22:39 - 0434446 ____A C:\Users\John\Downloads\PropertyRelease (1).pdf
2011-10-24 22:39 - 2011-10-24 22:39 - 0412785 ____A C:\Users\John\Downloads\ModelRelease (1).pdf
2011-10-24 17:42 - 2011-10-24 17:42 - 0001005 ____A C:\Users\Public\Desktop\Battlefield 3.lnk
2011-10-24 17:41 - 2011-11-11 16:03 - 0055267 ____A C:\Windows\DirectX.log
2011-10-23 16:07 - 2011-10-23 16:07 - 0000541 ____A C:\Windows\KB893803v2.log
2011-10-21 21:56 - 2011-10-21 21:56 - 0434446 ____A C:\Users\John\Downloads\PropertyRelease.pdf
2011-10-21 21:56 - 2011-10-21 21:56 - 0412785 ____A C:\Users\John\Downloads\ModelRelease.pdf
2011-10-21 12:04 - 2011-10-21 12:04 - 0427722 ____A C:\Users\John\AppData\Local\dd_vcredistMSI0079.txt
2011-10-21 12:04 - 2011-10-21 12:04 - 0012224 ____A C:\Users\John\AppData\Local\dd_vcredistUI0079.txt
2011-10-21 12:04 - 2011-10-21 12:04 - 0000180 ____A C:\csb.log
2011-10-21 12:04 - 2011-10-21 12:04 - 0000000 ____D C:\Users\John\AppData\Roaming\InstallShield
2011-10-21 12:04 - 2011-10-21 12:04 - 0000000 ____D C:\Program Files\GIGABYTE
2011-10-21 12:04 - 2011-10-21 12:04 - 0000000 ____D C:\Program Files (x86)\Etron Technology
2011-10-21 12:04 - 2011-01-09 23:16 - 0021104 ____A C:\Windows\System32\Drivers\AppleCharger.sys
2011-10-21 12:04 - 2010-10-05 01:50 - 0008192 ____A C:\Windows\SysWOW64\Drivers\IntelMEFWVer.dll
2011-10-21 12:04 - 2010-10-05 01:50 - 0008192 ____A C:\Windows\System32\Drivers\IntelMEFWVer.dll
2011-10-21 12:04 - 2010-09-20 14:59 - 0056344 ____A (Intel Corporation) C:\Windows\System32\Drivers\HECIx64.sys
2011-10-21 12:04 - 2010-04-05 21:30 - 0031272 ____A C:\Windows\System32\AppleChargerSrv.exe
2011-10-21 12:01 - 2011-10-21 12:03 - 0000189 ____A C:\Install.log
2011-10-21 12:01 - 2010-12-29 23:01 - 0392296 ____A (Realtek ) C:\Windows\System32\Drivers\Rtlh64.sys
2011-10-21 12:01 - 2010-12-29 23:01 - 0107552 ____A (Realtek Semiconductor Corporation) C:\Windows\System32\RTNUninst64.dll
2011-10-21 12:01 - 2010-12-29 23:01 - 0074272 ____A C:\Windows\System32\RtNicProp64.dll
2011-10-21 11:57 - 2011-10-21 11:57 - 0000000 ____D C:\Windows\B9DB4C7601A446D58910F7AA6376DBAF.TMP
2011-10-18 05:12 - 2011-10-21 13:52 - 4958588 ____A C:\Windows\{00000005-00000000-00000000-00001102-00000004-00511102}.BAK
2011-10-18 03:54 - 2011-11-09 14:14 - 0000272 ____A C:\Windows\setupact.log
2011-10-18 03:54 - 2011-10-18 03:54 - 0000000 ____A C:\Windows\setuperr.log

============ 3 Months Modified Files and Folders =============

2011-11-17 11:39 - 2011-11-17 11:39 - 0000000 ____D C:\FRST
2011-11-17 10:48 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\PolicyDefinitions
2011-11-16 16:08 - 2011-11-10 04:11 - 0033208 ____A C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000000-00001102-00000004-00511102}.rfx
2011-11-16 16:08 - 2011-11-10 04:11 - 0033208 ____A C:\Windows\System32\BMXState-{00000004-00000000-00000000-00001102-00000004-00511102}.rfx
2011-11-16 16:08 - 2011-11-10 04:11 - 0027408 ____A C:\Windows\System32\BMXCtrlState-{00000004-00000000-00000000-00001102-00000004-00511102}.rfx
2011-11-16 16:08 - 2011-11-10 04:11 - 0027408 ____A C:\Windows\System32\BMXBkpCtrlState-{00000004-00000000-00000000-00001102-00000004-00511102}.rfx
2011-11-16 16:08 - 2011-11-10 04:11 - 0011564 ____A C:\Windows\System32\DVCState-{00000004-00000000-00000000-00001102-00000004-00511102}.rfx
2011-11-15 21:24 - 2011-11-15 21:24 - 0212734 ____A C:\Windows\ntbtlog.txt
2011-11-15 21:18 - 2011-11-10 13:12 - 4958588 ____A C:\Windows\{00000004-00000000-00000000-00001102-00000004-00511102}.BAK
2011-11-15 21:18 - 2011-11-09 20:15 - 4958588 ____A C:\Windows\{00000004-00000000-00000000-00001102-00000004-00511102}.CDF
2011-11-15 21:18 - 2011-09-10 05:47 - 0000012 ____A C:\Windows\bthservsdp.dat
2011-11-15 21:18 - 2009-04-11 07:41 - 1380227 ____A C:\Windows\WindowsUpdate.log
2011-11-15 21:18 - 2006-11-02 07:42 - 0032588 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-11-15 21:18 - 2006-11-02 07:42 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-11-15 21:18 - 2006-11-02 07:22 - 0003888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2011-11-15 21:18 - 2006-11-02 07:22 - 0003888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2011-11-15 13:58 - 2011-06-20 21:53 - 0000000 ____D C:\Program Files (x86)\Steam
2011-11-15 13:50 - 2011-11-15 13:47 - 0000000 ____D C:\Users\John\Desktop\New Folder (2)
2011-11-15 13:24 - 2011-11-15 13:24 - 0000000 ____D C:\Program Files\Microsoft Security Client
2011-11-15 13:24 - 2011-11-15 13:24 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2011-11-15 13:24 - 2011-04-23 17:37 - 0006754 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2011-11-15 13:24 - 2011-04-23 17:37 - 0001945 ____A C:\Windows\epplauncher.mif
2011-11-15 13:05 - 2006-11-02 04:46 - 0006564 ____A C:\Windows\System32\PerfStringBackup.INI
2011-11-15 13:00 - 2011-08-04 22:14 - 0000907 ____A C:\Users\John\Start Menu\Programs\Startup\LCD Smartie.lnk
2011-11-15 13:00 - 2011-08-04 22:14 - 0000907 ____A C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LCD Smartie.lnk
2011-11-15 12:59 - 2011-04-01 01:38 - 0000000 ____D C:\Users\All Users\NVIDIA
2011-11-15 12:59 - 2011-04-01 01:38 - 0000000 ____D C:\ProgramData\NVIDIA
2011-11-15 02:47 - 2011-11-14 19:28 - 0000000 ____D C:\Users\John\AppData\Roaming\Hyoge
2011-11-14 23:00 - 2011-09-06 16:12 - 0000464 ____A C:\Windows\Tasks\ParetoLogic Registration.job
2011-11-14 19:29 - 2011-11-14 19:28 - 0000000 ____D C:\Users\John\AppData\Roaming\Imbueg
2011-11-14 19:28 - 2011-11-14 19:28 - 0000174 __ASH C:\Users\Default\Start Menu\Programs\Startup\desktop.ini
2011-11-14 19:28 - 2011-11-14 19:28 - 0000174 __ASH C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-11-14 19:28 - 2011-11-14 19:28 - 0000174 __ASH C:\Users\Default User\Start Menu\Programs\Startup\desktop.ini
2011-11-14 19:28 - 2011-11-14 19:28 - 0000174 __ASH C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-11-14 19:17 - 2011-11-14 19:17 - 0000000 ____D C:\Windows\system64
2011-11-14 04:28 - 2011-11-10 04:11 - 0001080 ____A C:\Windows\System32\settingsbkup.sfm
2011-11-14 04:28 - 2011-11-10 04:11 - 0001080 ____A C:\Windows\System32\settings.sfm
2011-11-13 12:51 - 2011-11-13 12:51 - 0000000 ____D C:\Windows\System32\Macromed
2011-11-13 12:51 - 2011-06-02 14:58 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-11-13 03:23 - 2011-04-21 19:13 - 0000000 ____D C:\Users\John\AppData\Roaming\BitComet
2011-11-13 00:18 - 2009-10-29 04:51 - 0086528 ____A C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-12 14:47 - 2011-05-21 14:52 - 0000000 ____D C:\Program Files (x86)\SpeedFan
2011-11-11 18:50 - 2011-11-11 18:50 - 0000221 ____A C:\Users\John\Desktop\The Elder Scrolls V Skyrim.url
2011-11-11 16:05 - 2011-11-11 16:05 - 2318910 ____A C:\Users\John\AppData\Local\dd_NET_Framework35_x64_MSI21AE.txt
2011-11-11 16:05 - 2011-11-11 16:05 - 0000000 ____D C:\Users\John\AppData\Local\Skyrim
2011-11-11 16:05 - 2011-02-15 13:32 - 0368744 ____A C:\Users\John\AppData\Local\dd_dotnetfx35install.txt
2011-11-11 16:05 - 2011-02-15 13:32 - 0003912 ____A C:\Users\John\AppData\Local\uxeventlog.txt
2011-11-11 16:04 - 2011-02-15 13:32 - 0372135 ____A C:\Users\John\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2011-11-11 16:03 - 2011-10-24 17:41 - 0055267 ____A C:\Windows\DirectX.log
2011-11-11 16:03 - 2009-12-14 19:06 - 0000000 ____D C:\Users\John\Documents\My Games
2011-11-11 00:59 - 2009-10-30 02:09 - 0000010 ____A C:\Windows\GSetup.ini
2011-11-10 00:56 - 2011-11-09 02:05 - 0000000 ____D C:\Users\John\Desktop\G backup
2011-11-09 14:14 - 2011-10-18 03:54 - 0000272 ____A C:\Windows\setupact.log
2011-11-09 04:11 - 2006-11-02 05:33 - 0000000 ____D C:\Program Files\Common Files\System
2011-11-09 04:09 - 2006-11-02 04:35 - 52174280 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2011-11-06 21:57 - 2011-11-06 21:57 - 0000000 ____D C:\pwrcmdr
2011-11-01 04:06 - 2011-10-02 03:08 - 0069240 ____A C:\shared.log
2011-11-01 03:51 - 2011-10-01 06:09 - 0280904 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2011-11-01 03:51 - 2011-09-29 23:22 - 0280904 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2011-11-01 03:44 - 2011-09-29 23:22 - 0280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2011-10-31 06:43 - 2011-09-06 16:12 - 0000438 ____A C:\Windows\Tasks\ParetoLogic Update Version2.job
2011-10-27 14:41 - 2010-06-06 18:33 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2011-10-27 14:41 - 2009-10-28 19:01 - 0000000 ____D C:\users\John
2011-10-27 09:27 - 2011-10-27 09:24 - 0000056 ____A C:\Users\John\Desktop\New Text Document.txt
2011-10-27 08:56 - 2011-10-27 08:56 - 0001908 ____A C:\Windows\PFRO.log
2011-10-27 08:56 - 2011-10-01 06:05 - 0000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2011-10-26 10:01 - 2011-10-26 10:01 - 0000000 ____D C:\Users\John\AppData\Local\PackageAware
2011-10-26 09:33 - 2011-10-26 09:33 - 0000000 ____D C:\Users\John\Documents\Battlefield 3
2011-10-26 00:49 - 2011-06-14 01:18 - 0000000 ____D C:\Users\John\AppData\Local\Origin
2011-10-25 17:38 - 2011-10-25 17:38 - 0000000 ____D C:\Users\John\AppData\Local\PAYDAY
2011-10-25 04:37 - 2011-10-25 04:37 - 0000221 ____A C:\Users\John\Desktop\PAYDAY The Heist.url
2011-10-24 22:39 - 2011-10-24 22:39 - 0434446 ____A C:\Users\John\Downloads\PropertyRelease (1).pdf
2011-10-24 22:39 - 2011-10-24 22:39 - 0412785 ____A C:\Users\John\Downloads\ModelRelease (1).pdf
2011-10-24 17:42 - 2011-10-24 17:42 - 0001005 ____A C:\Users\Public\Desktop\Battlefield 3.lnk
2011-10-24 17:42 - 2011-09-29 23:22 - 0075136 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2011-10-24 12:20 - 2011-06-13 20:02 - 0000000 ____D C:\Program Files (x86)\Origin Games
2011-10-23 19:24 - 2011-10-12 20:26 - 0000000 ____D C:\Users\John\Desktop\New Folder
2011-10-23 16:11 - 2011-03-26 14:15 - 0000000 ____D C:\Users\All Users\Solidshield
2011-10-23 16:11 - 2011-03-26 14:15 - 0000000 ____D C:\ProgramData\Solidshield
2011-10-23 16:07 - 2011-10-23 16:07 - 0000541 ____A C:\Windows\KB893803v2.log
2011-10-23 16:07 - 2011-08-08 06:00 - 0000000 ____D C:\Users\John\AppData\Roaming\Origin
2011-10-23 16:07 - 2011-06-28 13:31 - 0000818 ____A C:\Users\Public\Desktop\Origin.lnk
2011-10-23 16:07 - 2011-06-13 20:02 - 0000000 ____D C:\Program Files (x86)\Origin
2011-10-21 21:56 - 2011-10-21 21:56 - 0434446 ____A C:\Users\John\Downloads\PropertyRelease.pdf
2011-10-21 21:56 - 2011-10-21 21:56 - 0412785 ____A C:\Users\John\Downloads\ModelRelease.pdf
2011-10-21 19:02 - 2009-10-28 19:01 - 0009500 ____A C:\Users\John\AppData\Local\d3d9caps64.dat
2011-10-21 13:52 - 2011-10-18 05:12 - 4958588 ____A C:\Windows\{00000005-00000000-00000000-00001102-00000004-00511102}.BAK
2011-10-21 13:52 - 2011-05-07 06:34 - 0033208 ____A C:\Windows\System32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000004-00511102}.rfx
2011-10-21 13:52 - 2011-05-07 06:34 - 0033208 ____A C:\Windows\System32\BMXState-{00000005-00000000-00000000-00001102-00000004-00511102}.rfx
2011-10-21 13:52 - 2011-05-07 06:34 - 0027408 ____A C:\Windows\System32\BMXCtrlState-{00000005-00000000-00000000-00001102-00000004-00511102}.rfx
2011-10-21 13:52 - 2011-05-07 06:34 - 0027408 ____A C:\Windows\System32\BMXBkpCtrlState-{00000005-00000000-00000000-00001102-00000004-00511102}.rfx
2011-10-21 13:52 - 2011-05-07 06:34 - 0011564 ____A C:\Windows\System32\DVCState-{00000005-00000000-00000000-00001102-00000004-00511102}.rfx
2011-10-21 13:52 - 2011-05-06 18:01 - 4958588 ____A C:\Windows\{00000005-00000000-00000000-00001102-00000004-00511102}.CDF
2011-10-21 12:04 - 2011-10-21 12:04 - 0427722 ____A C:\Users\John\AppData\Local\dd_vcredistMSI0079.txt
2011-10-21 12:04 - 2011-10-21 12:04 - 0012224 ____A C:\Users\John\AppData\Local\dd_vcredistUI0079.txt
2011-10-21 12:04 - 2011-10-21 12:04 - 0000180 ____A C:\csb.log
2011-10-21 12:04 - 2011-10-21 12:04 - 0000000 ____D C:\Users\John\AppData\Roaming\InstallShield
2011-10-21 12:04 - 2011-10-21 12:04 - 0000000 ____D C:\Program Files\GIGABYTE
2011-10-21 12:04 - 2011-10-21 12:04 - 0000000 ____D C:\Program Files (x86)\Etron Technology
2011-10-21 12:04 - 2011-08-06 11:36 - 0000000 ____D C:\Users\All Users\InstallShield
2011-10-21 12:04 - 2011-08-06 11:36 - 0000000 ____D C:\ProgramData\InstallShield
2011-10-21 12:04 - 2011-04-16 03:07 - 0000000 ____D C:\Program Files (x86)\GIGABYTE
2011-10-21 12:04 - 2011-02-17 02:33 - 0000000 ____D C:\Program Files (x86)\Intel
2011-10-21 12:04 - 2009-10-30 02:09 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2011-10-21 12:03 - 2011-10-21 12:01 - 0000189 ____A C:\Install.log
2011-10-21 12:01 - 2009-10-30 02:09 - 0000000 ____D C:\Program Files (x86)\Realtek
2011-10-21 11:57 - 2011-10-21 11:57 - 0000000 ____D C:\Windows\B9DB4C7601A446D58910F7AA6376DBAF.TMP
2011-10-21 11:57 - 2009-10-30 02:10 - 0000000 ____D C:\Windows\SysWOW64\RTCOM
2011-10-18 03:54 - 2011-10-18 03:54 - 0000000 ____A C:\Windows\setuperr.log
2011-10-17 13:32 - 2011-10-17 13:32 - 0039842 ____A C:\Users\John\Downloads\JohnsSALESRECEIPT.docx.pdf
2011-10-15 02:48 - 2011-10-27 14:40 - 1454400 ____A (NVIDIA Corporation) C:\Windows\System32\nvir3dgenco6420130.dll
2011-10-15 02:48 - 2011-10-27 14:40 - 0291648 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstusb.sys
2011-10-15 00:53 - 2011-10-27 14:40 - 8791360 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2011-10-15 00:53 - 2011-10-27 14:40 - 7581504 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2011-10-15 00:53 - 2011-10-27 14:40 - 7041856 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2011-10-15 00:53 - 2011-10-27 14:40 - 5578560 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2011-10-15 00:53 - 2011-10-27 14:40 - 2542912 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2011-10-15 00:53 - 2011-10-27 14:40 - 24796992 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2011-10-15 00:53 - 2011-10-27 14:40 - 24742720 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2011-10-15 00:53 - 2011-10-27 14:40 - 2458432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2011-10-15 00:53 - 2011-10-27 14:40 - 2401088 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2011-10-15 00:53 - 2011-10-27 14:40 - 2232128 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2011-10-15 00:53 - 2011-10-27 14:40 - 2099520 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2011-10-15 00:53 - 2011-10-27 14:40 - 18871616 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2011-10-15 00:53 - 2011-10-27 14:40 - 17248576 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2011-10-15 00:53 - 2011-10-27 14:40 - 15693120 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2011-10-15 00:53 - 2011-10-27 14:40 - 12971840 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2011-10-15 00:53 - 2011-10-27 14:40 - 0068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2011-10-15 00:53 - 2011-10-27 14:40 - 0061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2011-10-15 00:53 - 2011-10-01 06:17 - 1533248 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2011-10-15 00:53 - 2011-10-01 06:17 - 1454400 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2011-10-15 00:53 - 2011-07-05 17:57 - 5067584 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2011-10-15 00:53 - 2011-07-05 17:57 - 2808128 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2011-10-15 00:53 - 2011-07-05 17:57 - 1640768 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2011-10-15 00:53 - 2011-07-05 17:57 - 13205312 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2011-10-15 00:53 - 2011-07-05 17:57 - 10406208 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2011-10-15 00:53 - 2011-07-05 17:57 - 0837952 ____A (NVIDIA Corporation) C:\Windows\System32\easyupdatusapiu64.dll
2011-10-15 00:53 - 2011-07-05 17:57 - 0222528 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2011-10-15 00:53 - 2011-07-05 17:57 - 0137536 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2011-10-15 00:53 - 2011-07-05 17:57 - 0007384 ____A C:\Windows\System32\nvinfo.pb
2011-10-14 05:54 - 2011-10-14 05:54 - 0321856 ____A C:\Windows\SysWOW64\nvStreaming.exe
2011-10-13 00:39 - 2011-10-13 00:38 - 0320085 ____A C:\Users\John\Downloads\Scan.jpg
2011-10-11 14:02 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\rescache
2011-10-11 13:46 - 2006-11-02 07:21 - 0265264 ____A C:\Windows\System32\FNTCACHE.DAT
2011-10-11 13:44 - 2011-04-01 04:05 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-10-06 17:25 - 2011-10-06 17:25 - 0060212 ____A C:\Users\John\Downloads\h4x0r-SeriousSamHD1.0+4trn (1).7z
2011-10-06 17:23 - 2011-10-06 17:23 - 0060212 ____A C:\Users\John\Downloads\h4x0r-SeriousSamHD1.0+4trn.7z
2011-10-06 17:22 - 2011-10-06 17:22 - 0000000 ____D C:\Program Files (x86)\ModPlug
2011-10-06 17:21 - 2011-10-06 17:21 - 0635203 ____A C:\Users\John\Downloads\mpp.exe
2011-10-06 14:58 - 2011-09-28 06:38 - 0000000 ____D C:\Users\John\Desktop\44
2011-10-01 13:09 - 2010-12-26 16:45 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-01 06:50 - 2011-10-01 06:49 - 0020744 ____A C:\Users\John\AppData\Local\dd_vcredistUI750D.txt
2011-10-01 06:09 - 2011-10-01 06:09 - 0000000 ____D C:\Users\John\AppData\Local\PunkBuster
2011-09-30 23:30 - 2011-09-30 23:30 - 0187089 ____A C:\Users\John\Downloads\The_Witcher_2_Tweaker-181-1-1-4-60.7z
2011-09-30 04:57 - 2010-10-03 12:21 - 0000000 ____D C:\Windows\Minidump
2011-09-29 19:48 - 2006-11-02 05:33 - 0000000 ___SD C:\Windows\Downloaded Program Files
2011-09-28 15:38 - 2011-09-28 15:28 - 97328344 ____A C:\Users\John\Downloads\Reason_Refill_-_C64_sounds.rfl
2011-09-27 05:58 - 2011-09-27 05:58 - 0000000 ____D C:\Users\John\Downloads\sfiii3
2011-09-27 05:58 - 2011-09-27 05:50 - 81351111 ____A C:\Users\John\Downloads\sfiii3.7z
2011-09-27 05:56 - 2011-09-27 05:51 - 43499639 ____A C:\Users\John\Downloads\sfiii2.7z
2011-09-26 18:50 - 2011-09-26 18:50 - 0945120 ____A (techPowerUp (www.techpowerup.com)) C:\Users\John\Desktop\GPU-Z.0.5.5.exe
2011-09-26 17:18 - 2009-12-14 16:27 - 0000000 ____D C:\Windows\SysWOW64\directx
2011-09-25 18:55 - 2011-09-25 18:55 - 0040144 ____A C:\Users\John\Downloads\Johns SALES RECEIPT.docx
2011-09-20 13:06 - 2011-11-08 20:04 - 1423744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-09-20 06:04 - 2011-11-08 20:04 - 0040448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2011-09-12 16:39 - 2011-08-31 18:16 - 0000000 ____D C:\Users\John\AppData\Local\dxhr
2011-09-12 05:13 - 2011-08-24 17:18 - 0000000 ____D C:\Users\John\Documents\Dust
2011-09-10 17:07 - 2011-09-10 17:07 - 0619889 ____A C:\Users\John\Downloads\Leisure Suit Larry 1 Remake (1991)(Sierra)[cr SKR](Disk 1 of 4)[a].zip
2011-09-10 06:52 - 2011-09-09 20:00 - 0000000 ____D C:\Users\John\AppData\Roaming\Samsung
2011-09-10 06:52 - 2011-09-09 06:09 - 0000000 ____D C:\Users\All Users\Samsung
2011-09-10 06:52 - 2011-09-09 06:09 - 0000000 ____D C:\ProgramData\Samsung
2011-09-10 06:30 - 2011-09-09 19:59 - 0002006 ____A C:\aqua_bitmap.cpp
2011-09-10 06:30 - 2010-08-13 23:18 - 0000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2011-09-10 06:10 - 2011-06-20 17:29 - 0000848 ____A C:\Users\John\Desktop\WinUAE.lnk
2011-09-10 06:10 - 2009-12-08 21:03 - 0000000 ____D C:\Users\John\AppData\Local\Downloaded Installations
2011-09-10 05:47 - 2006-11-02 07:15 - 0000000 ____D C:\Windows\WindowsMobile
2011-09-09 20:45 - 2011-09-09 20:45 - 0000000 ____D C:\Program Files (x86)\MyFree Codec
2011-09-09 20:01 - 2011-09-09 20:01 - 0000000 ____D C:\Users\John\Documents\Samsung
2011-09-09 20:00 - 2011-09-09 20:00 - 0000000 ____D C:\Program Files (x86)\MarkAny
2011-09-09 20:00 - 2009-10-31 00:49 - 0000000 ____D C:\Program Files (x86)\Samsung
2011-09-09 17:06 - 2011-09-09 17:06 - 0019160 ____A C:\Users\John\Downloads\Amiga_ADF_Games_Pack__for_WinUAE_E_UAE_UAE4All_.torrent
2011-09-09 16:15 - 2011-09-09 16:15 - 1699142 ____A C:\Users\John\Downloads\SuperOneClickv2.1.1-ShortFuse.zip
2011-09-09 16:11 - 2011-09-09 16:11 - 6287360 ____A C:\Users\John\Downloads\XWKDD_insecure.tar
2011-09-09 06:10 - 2011-09-09 06:10 - 0000000 ____D C:\Program Files\SAMSUNG
2011-09-08 22:27 - 2011-09-08 22:27 - 0006516 ____A C:\Users\John\.TransferManager.db
2011-09-08 04:38 - 2011-09-06 16:18 - 0000224 ____A C:\Windows\SysWOW64\9B13A86D.plf
2011-09-06 22:11 - 2011-09-06 22:11 - 0000000 ____D C:\Users\John\AppData\Local\THQ
2011-09-06 16:12 - 2011-09-06 16:12 - 0000000 ____D C:\Users\All Users\ParetoLogic
2011-09-06 16:12 - 2011-09-06 16:12 - 0000000 ____D C:\ProgramData\ParetoLogic
2011-09-06 16:12 - 2011-09-06 16:12 - 0000000 ____D C:\Program Files (x86)\ParetoLogic
2011-09-06 16:11 - 2011-09-06 16:11 - 0000000 ____D C:\Users\All Users\Cached Installations
2011-09-06 16:11 - 2011-09-06 16:11 - 0000000 ____D C:\ProgramData\Cached Installations
2011-09-06 05:56 - 2011-10-11 11:48 - 2764288 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-08-31 21:34 - 2011-10-11 12:52 - 17781760 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-08-31 21:24 - 2011-10-11 12:52 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-08-31 21:24 - 2011-10-11 12:52 - 10886144 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-08-31 21:18 - 2011-10-11 12:52 - 1344512 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-08-31 21:17 - 2011-10-11 12:52 - 1389056 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-08-31 21:16 - 2011-10-11 12:52 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-08-31 21:15 - 2011-10-11 12:52 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-08-31 21:14 - 2011-10-11 12:52 - 0818176 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-08-31 21:12 - 2011-10-11 12:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-08-31 21:12 - 2011-10-11 12:52 - 2143744 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-08-31 21:12 - 2011-10-11 12:52 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-08-31 21:08 - 2011-10-11 12:52 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-08-31 18:36 - 2011-10-11 12:52 - 12275200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-08-31 18:35 - 2011-10-11 12:52 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-08-31 18:33 - 2011-10-11 12:52 - 9704960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-08-31 18:28 - 2011-10-11 12:52 - 1126912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-08-31 18:28 - 2011-10-11 12:52 - 1102848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-08-31 18:27 - 2011-10-11 12:52 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-08-31 18:26 - 2011-10-11 12:52 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-08-31 18:24 - 2011-10-11 12:52 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-08-31 18:23 - 2011-10-11 12:52 - 1791488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-08-31 18:23 - 2011-10-11 12:52 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-08-31 18:22 - 2011-10-11 12:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-08-31 18:21 - 2011-10-11 12:52 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-08-31 18:14 - 2011-08-31 18:14 - 0000000 ____D C:\Users\John\AppData\Local\28050
2011-08-31 18:13 - 2011-08-31 18:13 - 0414886 ____A C:\Users\John\AppData\Local\dd_vcredistMSI0A37.txt
2011-08-31 18:13 - 2011-08-31 18:13 - 0011184 ____A C:\Users\John\AppData\Local\dd_vcredistUI0A37.txt
2011-08-30 23:00 - 2010-12-26 16:45 - 0025416 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-08-25 08:20 - 2011-10-11 11:47 - 0735744 ____A (Microsoft Corporation) C:\Windows\System32\UIAutomationCore.dll
2011-08-25 08:19 - 2011-10-11 11:47 - 0847360 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2011-08-25 08:19 - 2011-10-11 11:47 - 0332288 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2011-08-25 08:15 - 2011-10-11 11:47 - 0555520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2011-08-25 08:14 - 2011-10-11 11:47 - 0563712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2011-08-25 08:14 - 2011-10-11 11:47 - 0238080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2011-08-25 05:54 - 2011-10-11 11:47 - 0004096 ____A (Microsoft Corporation) C:\Windows\System32\oleaccrc.dll
2011-08-25 05:31 - 2011-10-11 11:47 - 0004096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaccrc.dll
2011-08-24 17:16 - 2011-08-24 17:14 - 0000000 ____D C:\Users\John\AppData\Local\Ubisoft Game Launcher
2011-08-24 17:13 - 2011-08-24 17:13 - 0360820 ____A C:\Users\John\AppData\Local\dd_vcredistMSI39A1.txt
2011-08-24 17:13 - 2011-08-24 17:13 - 0011186 ____A C:\Users\John\AppData\Local\dd_vcredistUI39A1.txt
2011-08-24 06:13 - 2011-08-24 06:13 - 15659751 ____A C:\Users\John\Downloads\offroadc.zip
2011-08-24 06:13 - 2011-08-24 06:13 - 0479859 ____A C:\Users\John\Downloads\offroad.zip
2011-08-24 06:11 - 2011-08-24 06:11 - 0279223 ____A C:\Users\John\Downloads\paperboy.zip
2011-08-21 21:47 - 2011-08-21 21:47 - 0401576 ____A C:\Users\John\AppData\Local\dd_vcredistMSI204E.txt
2011-08-21 21:47 - 2011-08-21 21:47 - 0011120 ____A C:\Users\John\AppData\Local\dd_vcredistUI204E.txt
2011-08-21 21:47 - 2011-08-21 21:47 - 0000000 ____D C:\Program Files (x86)\OpenAL
2011-08-21 21:47 - 2011-05-06 18:01 - 0466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2011-08-21 21:47 - 2011-05-06 18:01 - 0444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2011-08-21 21:47 - 2011-05-06 18:01 - 0122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2011-08-21 21:47 - 2011-05-06 18:01 - 0109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2011-08-21 20:19 - 2011-08-21 20:19 - 0000221 ____A C:\Users\John\Desktop\Jamestown.url
2011-08-21 20:19 - 2011-08-21 20:19 - 0000221 ____A C:\Users\John\Desktop\From Dust.url
2011-08-21 03:17 - 2011-08-21 03:17 - 0000000 ____D C:\Users\John\Downloads\xmen
2011-08-21 03:16 - 2011-08-21 03:16 - 4243475 ____A C:\Users\John\Downloads\xmen.zip
2011-08-20 18:33 - 2011-08-20 18:33 - 0000000 ____D C:\Users\John\Downloads\raiden2

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8174.2 MB
Available physical RAM: 7375.79 MB
Total Pagefile: 7776.38 MB
Available Pagefile: 7338.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.76 GB) (Free:181.94 GB) NTFS ==>[Boot] ==>[OS]
2 Drive d: (FRMCXFRE_EN_DVD) (CDROM) (Total:3.66 GB) (Free:0 GB) UDF ==>[Boot]
3 Drive e: (PATRIOT) (Removable) (Total:7.45 GB) (Free:7.36 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==>[OS]

==========================================================

Last Boot: 2011-11-15 13:05

======================= End Of Log ==========================

Attached Files

  • Attached File  FRST.txt   44.33KB   2 downloads

Edited by ones!xty, 16 November 2011 - 10:54 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:07 PM

Posted 20 November 2011 - 02:26 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

BackupYour Registry with ERUNT
  • Please go here, scroll down to ERUNT, and download.
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your Registry to the folder of your choice.

Note: To restore your Registry, go to the folder and start ERDNT.exe

p.s.
On a Vista or Windows 7 operating system, right click the Erunt.exe and run as Administrator.
===

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    consrv.dll
    winsrv.dll
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt
===

Please do the following:
Download Registry Search (see the link titled RegSearch Download Link), and save it to your Desktop.
  • Extract the files from Regsearch.zip to your Desktop.
  • Double click regsearch.exe to start the program.
  • Enter consrv in the top area of the form and then click "OK".
  • Notepad will be opened with text in it (the file named RegSearch.txt will be saved in the program's folder as well). Copy/paste this file in your next reply.

Please post the logs.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:07 PM

Posted 25 November 2011 - 10:12 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users