Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32/sirefef.ab, win64/sirefef.p and win64/sirefef.m


  • This topic is locked This topic is locked
8 replies to this topic

#1 grobbs

grobbs

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 16 May 2012 - 10:58 AM

Hi i have done what you asked and i hope this is ok.
Thanks for the help.

this is the dds log
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Gary at 15:57:38 on 2012-05-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.2563 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Gary\AppData\Roaming\googleoez.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.google.co.uk/
mWinlogon: Userinit=userinit.exe
BHO: {0EEDB912-C5FA-486F-8334-57288578C627} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Updater] C:\Users\Gary\AppData\Roaming\Updater\updateloader.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Google] C:\Users\Gary\AppData\Roaming\googleoez.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
Trusted Zone: ashford-group.co.uk\webmail
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: secureserver.net.\email
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B5B722C4-1DAB-48A5-BC25-9B72D6A547E4} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: {0EEDB912-C5FA-486F-8334-57288578C627} - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\kl4h1x1m.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Gary\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-4-6 913752]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-23 2348352]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S1 eybevjlo;eybevjlo;\??\C:\Windows\system32\drivers\eybevjlo.sys --> C:\Windows\system32\drivers\eybevjlo.sys [?]
S1 wkosrjqq;wkosrjqq;\??\C:\Windows\system32\drivers\wkosrjqq.sys --> C:\Windows\system32\drivers\wkosrjqq.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-1 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 257696]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-1 136176]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\DRIVERS\LVUSBS64.sys --> C:\Windows\system32\DRIVERS\LVUSBS64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-16 129976]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\system32\DRIVERS\nvstusb.sys --> C:\Windows\system32\DRIVERS\nvstusb.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
SUnknown dymzpkcm;dymzpkcm; [x]
SUnknown kzhtasyt;kzhtasyt; [x]
.
=============== Created Last 30 ================
.
2012-05-16 14:10:48 50000 ----a-w- C:\Windows\System32\drivers\eybevjlo.sys
2012-05-16 14:09:35 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FDFBBEF4-8C96-4977-90C5-8A481FF18806}\offreg.dll
2012-05-16 14:08:33 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FDFBBEF4-8C96-4977-90C5-8A481FF18806}\mpengine.dll
2012-05-16 13:44:40 50000 ----a-w- C:\Windows\System32\drivers\wkosrjqq.sys
2012-05-16 13:15:22 50000 ----a-w- C:\Windows\System32\drivers\kzhtasyt.sys
2012-05-16 11:33:28 50000 ----a-w- C:\Windows\System32\drivers\dymzpkcm.sys
2012-05-16 00:02:28 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-16 00:02:24 588728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-05-16 00:02:24 43960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-05-16 00:02:24 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-16 00:02:24 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-16 00:02:23 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-05-16 00:02:23 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-05-16 00:02:23 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-05-16 00:00:50 50000 ----a-w- C:\Windows\System32\drivers\gbvksopy.sys
2012-05-15 21:17:08 50000 ----a-w- C:\Windows\System32\drivers\dxpgkiee.sys
2012-05-15 20:40:01 -------- d-----w- C:\ProgramData\Sophos
2012-05-15 20:39:47 73728 ----a-r- C:\Users\Gary\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-05-15 20:39:47 73728 ----a-r- C:\Users\Gary\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-05-15 20:39:47 73728 ----a-r- C:\Users\Gary\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-05-15 20:39:41 -------- d-----w- C:\Program Files (x86)\Sophos
2012-05-15 17:01:33 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{99959E65-45E3-4485-A262-3187DD2C27EB}\gapaengine.dll
2012-05-15 17:01:29 8917360 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-15 16:59:59 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-05-15 16:59:48 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-05-14 20:20:35 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-05-12 12:46:14 -------- d-----w- C:\Users\Gary\AppData\Roaming\Tropico 3
2012-05-10 14:26:47 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-10 14:26:46 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-10 14:26:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-10 14:26:45 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-10 14:26:44 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-10 14:26:44 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-10 14:26:16 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-10 14:26:01 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-10 14:25:59 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 14:25:59 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-10 14:25:59 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 14:25:58 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-10 14:25:58 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-07 21:12:36 -------- d-----w- C:\Users\Gary\AppData\Roaming\Origin
2012-05-07 21:11:44 -------- d-----w- C:\Users\Gary\AppData\Local\Origin
2012-05-07 21:11:40 -------- d-----w- C:\Program Files (x86)\Origin Games
2012-05-07 17:49:00 -------- d-----w- C:\Users\Gary\AppData\Local\SniperV2
2012-05-07 17:36:59 -------- d-----w- C:\Program Files (x86)\Rebellion
2012-05-07 17:34:52 102400 ------w- C:\Users\Gary\AppData\Roaming\googleoez.exe
2012-05-03 19:28:55 -------- d-----w- C:\Program Files (x86)\Steam
2012-05-03 03:23:44 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-05-03 03:23:44 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-02 23:42:03 -------- d-sh--w- C:\Windows\ftpcache
2012-04-27 02:03:40 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-04-24 00:39:49 175616 ----a-w- C:\Windows\SysWow64\unrar.dll
2012-04-24 00:39:43 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
.
==================== Find3M ====================
.
2012-05-04 20:51:13 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 20:51:13 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-04 20:50:15 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-03-20 19:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-20 19:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-11 17:12:17 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-29 21:00:22 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-02-29 21:00:09 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
2012-02-29 20:59:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-02-29 20:59:47 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-02-29 20:59:47 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-02-29 20:59:29 2515790 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-02-29 12:26:56 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-26 16:09:24 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-24 18:53:19 58 ----a-w- C:\Windows\SysWow64\trace.bin
2012-02-23 13:24:50 24408 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
.
============= FINISH: 15:58:32.01 ===============



This is the attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 29/06/2011 12:28:46
System Uptime: 16/05/2012 14:43:35 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A88TD-M EVO
Processor: AMD Phenom™ II X6 1055T Processor | AM3 | 784/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 664.137 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP190: 06/05/2012 16:44:36 - Installed The Movies™
RP191: 07/05/2012 15:49:47 - Windows Update
RP192: 10/05/2012 17:17:30 - Windows Update
RP193: 12/05/2012 13:43:27 - Installed DirectX
RP194: 12/05/2012 21:53:25 - Windows Update
RP195: 15/05/2012 18:38:17 - Removed The Movies™
RP196: 15/05/2012 21:39:21 - Installed Sophos Virus Removal Tool.
RP197: 15/05/2012 22:50:03 - Installed Microsoft Fix it 50123
RP198: 16/05/2012 01:13:13 - Restore Operation
RP199: 16/05/2012 15:07:48 - Windows Update
.
==== Installed Programs ======================
.
AC3File 0.6b
AC3Filter 1.62b
Adobe AIR
Adobe Reader X (10.1.3)
Advanced SystemCare 5
µTorrent
Cities In Motion
DAEMON Tools Lite
DAEMON Tools Toolbar
Dear Esther
DivX Setup
Driver Manager
Dual-Core Optimizer
EVEREST Home Edition v2.20
Fable III
Fraps
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPU Boost Driver
Java Auto Updater
Java™ 6 Update 31
K-Lite Codec Pack 8.6.0 (Basic)
L.A. Noire
Lara Croft and the Guardian of Light
Mass Effect™ 3
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mozilla Firefox 12.0 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
NEC Electronics USB 3.0 Host Controller Driver
NVIDIA 3D Vision Controller Driver
NVIDIA Alien vs. Triangles demo
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
Origin
Pro Evolution Soccer 2011
PunkBuster Services
Rapture3D 2.4.8 Game
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Rockstar Games Social Club
Saints Row The Third
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype Click to Call
Skype™ 5.5
Sniper Elite V2
Sophos Virus Removal Tool
SPORE™
SPORE™ Galactic Adventures
Steam
System Requirements Lab
Test Drive Unlimited 2
The Sims™ 3
Tropico 3 - Steam Special Edition
Tropico 3: Absolute Power
Ubisoft Game Launcher
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VC80CRTRedist - 8.0.50727.6195
VLC
VLC media player 1.1.5
Windows Live Communications Platform
Windows Live Essentials
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
16/05/2012 15:44:42, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
15/05/2012 22:16:16, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
15/05/2012 22:16:13, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
15/05/2012 22:16:13, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
15/05/2012 22:14:40, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
15/05/2012 22:14:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
15/05/2012 22:14:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
15/05/2012 22:14:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
15/05/2012 22:14:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
15/05/2012 22:14:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
15/05/2012 22:14:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
15/05/2012 22:14:16, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
15/05/2012 22:14:16, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
15/05/2012 22:14:16, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
15/05/2012 22:14:16, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
15/05/2012 22:14:16, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
15/05/2012 22:14:16, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
15/05/2012 22:14:16, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
15/05/2012 22:14:16, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
15/05/2012 22:14:16, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
15/05/2012 22:14:16, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
15/05/2012 22:14:16, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
15/05/2012 22:14:16, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
15/05/2012 22:10:42, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
15/05/2012 22:10:42, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
15/05/2012 22:10:42, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
15/05/2012 22:10:42, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
15/05/2012 22:10:42, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
15/05/2012 21:07:53, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
15/05/2012 18:37:39, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {B3EDE298-AE75-4A1C-AB7E-1B9229B77BBE} as /. The error: "740" Happened while starting this command: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\Intel 32\IDriver.exe -Embedding
15/05/2012 17:58:30, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
15/05/2012 17:58:30, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/05/2012 19:18:24, Error: Service Control Manager [7000] - The Lavalys EVEREST Kernel Driver service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
12/05/2012 13:51:03, Error: nvlddmkm [14] -
.
==== End Of File ===========================

Ok i will wait now. thanks

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:32 PM

Posted 16 May 2012 - 12:37 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 grobbs

grobbs
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 16 May 2012 - 01:27 PM

Hi Gringo
Thanks for your help. my firewall is down and i am lost on what to do. i have done what you asked and hope its ok.
what is this sirefef ? seems like it wants to stay.

Scan result of Farbar Recovery Scan Tool Version: 16-05-2012
Ran by SYSTEM at 16-05-2012 19:15:34
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10151968 2010-05-20] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113296 2010-03-29] (NEC Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKU\Gary\...\Run: [Updater] C:\Users\Gary\AppData\Roaming\Updater\updateloader.exe [25088 2011-10-03] ()
HKU\Gary\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17351304 2011-10-13] (Skype Technologies S.A.)
HKU\Gary\...\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [574296 2012-03-06] (IObit)
HKU\Gary\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-05-03] (Valve Corporation)
HKU\Gary\...\Run: [Google] C:\Users\Gary\AppData\Roaming\googleoez.exe [102400 2012-04-02] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ======

2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [913752 2012-03-14] (IObit)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-07-08] ()
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2009-08-03] ()
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-03-11] (DT Soft Ltd)
1 eybevjlo; C:\Windows\System32\Drivers\eybevjlo.sys [50000 2012-05-16] (Microsoft Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
3 nusb3hub; C:\Windows\System32\Drivers\nusb3hub.sys [78336 2010-02-24] (NEC Electronics Corporation)
3 nusb3xhc; C:\Windows\System32\Drivers\nusb3xhc.sys [181248 2010-02-24] (NEC Electronics Corporation)
3 NvStUSB; C:\Windows\System32\Drivers\NvStUSB.sys [291648 2011-10-15] (NVIDIA Corporation)
3 PID_0928; C:\Windows\System32\DRIVERS\LV561V64.SYS [582680 2007-10-11] (Logitech Inc.)
1 wkosrjqq; C:\Windows\System32\Drivers\wkosrjqq.sys [50000 2012-05-16] (Microsoft Corporation)
3 ALSysIO; \??\C:\Users\Gary\AppData\Local\Temp\ALSysIO64.sys [x]
3 cpuz132; \??\C:\Windows\TEMP\cpuz132\cpuz132_x64.sys [x]
1 cwtolurd; \??\C:\Windows\system32\drivers\cwtolurd.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-16 09:55 - 2012-05-16 09:55 - 1392549 ____A C:\Users\Gary\Downloads\FRST64.exe
2012-05-16 07:49 - 2012-05-16 07:49 - 0000059 ____A C:\Users\Gary\Desktop\Bleeping Computer - Computer Help and Discussion.URL
2012-05-16 06:55 - 2012-05-16 06:55 - 0607260 ____R (Swearware) C:\Users\Gary\Downloads\dds.scr
2012-05-16 06:54 - 2012-05-16 06:54 - 0000168 ____A C:\Users\Gary\defogger_reenable
2012-05-16 06:53 - 2012-05-16 06:53 - 0050477 ____A C:\Users\Gary\Downloads\Defogger.exe
2012-05-16 06:10 - 2012-05-16 06:10 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\eybevjlo.sys
2012-05-16 05:44 - 2012-05-16 05:44 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wkosrjqq.sys
2012-05-16 05:15 - 2012-05-16 05:15 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\kzhtasyt.sys
2012-05-16 04:57 - 2012-05-16 04:57 - 0000149 ____A C:\Users\Gary\Downloads\AntiZeroAccess_Log.txt
2012-05-16 04:56 - 2012-05-16 04:56 - 0187464 ____A (Webroot) C:\Users\Gary\Downloads\antizeroaccess.exe
2012-05-16 03:33 - 2012-05-16 03:33 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dymzpkcm.sys
2012-05-15 16:07 - 2012-05-16 07:01 - 0000000 ____D C:\Users\Gary\Desktop\pc fix
2012-05-15 16:02 - 2012-05-16 05:40 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-15 16:02 - 2012-05-15 16:02 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-15 16:02 - 2012-05-15 16:02 - 0000000 ____D C:\ProgramData\Mozilla
2012-05-15 16:00 - 2012-05-15 16:00 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\gbvksopy.sys
2012-05-15 13:51 - 2012-05-15 13:51 - 0347424 ____A (Microsoft Corporation) C:\Users\Gary\Downloads\MicrosoftFixit.WindowsFirewall.RNP.137260549474842069.1.1.Run.exe
2012-05-15 13:49 - 2012-05-15 13:49 - 0662016 ____A C:\Users\Gary\Downloads\MicrosoftFixit50123.msi
2012-05-15 13:34 - 2012-05-15 13:34 - 0137096 ____A (ESET) C:\Users\Gary\Downloads\ESETSirefefRemover.exe
2012-05-15 13:17 - 2012-05-15 13:17 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxpgkiee.sys
2012-05-15 13:11 - 2012-05-15 13:14 - 0282746 ____A C:\Windows\ntbtlog.txt
2012-05-15 12:40 - 2012-05-15 12:40 - 0000000 ____D C:\Users\All Users\Sophos
2012-05-15 12:40 - 2012-05-15 12:40 - 0000000 ____D C:\ProgramData\Sophos
2012-05-15 12:39 - 2012-05-15 12:39 - 0003267 ____A C:\Users\Gary\Desktop\Sophos Virus Removal Tool.lnk
2012-05-15 12:39 - 2012-05-15 12:39 - 0000000 ____D C:\Program Files (x86)\Sophos
2012-05-15 12:37 - 2012-05-15 12:38 - 81817152 ____A (Sophos Limited) C:\Users\Gary\Downloads\Sophos Virus Removal Tool.exe
2012-05-15 12:06 - 2012-05-15 12:06 - 0347424 ____A (Microsoft Corporation) C:\Users\Gary\Downloads\MicrosoftFixit.WindowsFirewall.RNP.134260542991757674.1.1.Run.exe
2012-05-15 11:56 - 2012-05-16 05:43 - 0000672 ____A C:\Windows\setupact.log
2012-05-15 11:56 - 2012-05-15 11:56 - 0000000 ____A C:\Windows\setuperr.log
2012-05-15 09:13 - 2012-05-15 09:14 - 65268728 ____A (Microsoft Corporation) C:\Users\Gary\Downloads\mpam-fe.exe
2012-05-15 08:59 - 2012-05-16 05:40 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-05-15 08:59 - 2012-05-16 05:40 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-05-15 08:55 - 2012-05-15 08:55 - 12621696 ____A (Microsoft Corporation) C:\Users\Gary\Downloads\mseinstall.exe
2012-05-14 12:20 - 2012-05-14 12:20 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-05-14 11:45 - 2012-05-16 05:39 - 0000000 ____D C:\Users\Gary\Downloads\Everything.Must.Go.2010.BRRiP.XviD.AbSurdiTy
2012-05-14 11:43 - 2012-05-14 12:28 - 1693757440 ____A C:\Users\Gary\Downloads\Bridesmaids.2011.BRRip.XviD.Ac3.Feel-Free.avi
2012-05-14 11:43 - 2012-05-14 11:44 - 0000000 ____D C:\Users\Gary\Downloads\The Real Housewives of Orange County 2
2012-05-13 14:29 - 2012-05-16 05:39 - 0000000 ____D C:\Users\Gary\Downloads\The Grey (2012) DVDRip XviD-MAXSPEED
2012-05-12 12:54 - 2012-05-16 05:40 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-12 12:54 - 2012-05-16 05:40 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-12 04:46 - 2012-05-14 12:40 - 0000000 ____D C:\Users\Gary\AppData\Roaming\Tropico 3
2012-05-10 06:26 - 2012-03-30 22:05 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-10 06:26 - 2012-03-30 20:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-10 06:26 - 2012-03-30 20:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-10 06:26 - 2012-03-30 19:10 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 06:26 - 2012-03-30 03:35 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-10 06:26 - 2012-03-16 23:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-10 06:26 - 2012-03-02 22:35 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-10 06:26 - 2012-03-02 21:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-08 16:33 - 2012-05-08 16:38 - 0000000 ____D C:\Users\Gary\Downloads\Chronicle.2012.DC.720p.BluRay.x264-REFiNED [PublicHD]
2012-05-07 14:08 - 2012-05-16 05:39 - 0000000 ____D C:\Users\Gary\Downloads\Animal Kingdom 2010 BRRip 720p H264 AAC-GreatMagician (Kingdom-Release)
2012-05-07 13:12 - 2012-05-07 13:14 - 0000000 ____D C:\Users\Gary\AppData\Roaming\Origin
2012-05-07 13:11 - 2012-05-07 13:11 - 0000000 ____D C:\Users\Gary\AppData\Local\Origin
2012-05-07 13:11 - 2012-05-07 13:11 - 0000000 ____D C:\Program Files (x86)\Origin Games
2012-05-07 09:49 - 2012-05-16 05:39 - 0000000 ____D C:\Users\Gary\AppData\Local\SniperV2
2012-05-07 09:47 - 2012-05-07 09:47 - 0001303 ____A C:\Users\Gary\Desktop\SniperEliteV2 - Shortcut.lnk
2012-05-07 09:36 - 2012-05-07 09:36 - 0000000 ____D C:\Program Files (x86)\Rebellion
2012-05-07 09:34 - 2012-05-07 09:34 - 0000000 ____D C:\Users\Gary\AppData\Roaming\Google
2012-05-07 09:34 - 2012-04-02 12:17 - 0102400 ____N C:\Users\Gary\AppData\Roaming\googleoez.exe
2012-05-06 11:39 - 2012-05-16 05:39 - 0000000 ____D C:\Users\Gary\Desktop\Sniper.Elite.V2-SKIDROW
2012-05-05 15:23 - 2012-05-05 15:23 - 0000000 ____D C:\Users\Gary\Downloads\Fighting.2009.DVDRip.XviD-DASH
2012-05-04 13:15 - 2012-05-16 05:39 - 0000000 ____D C:\Users\Gary\Downloads\Grindhouse-Death.Proof[2007][Unrated.Editon]DvDrip[Eng]-aXXo
2012-05-04 04:00 - 2012-05-04 04:00 - 0019473 ____A C:\Users\Gary\Desktop\letter.docx
2012-05-03 15:21 - 2012-05-16 05:39 - 0000000 ____D C:\Users\Gary\Downloads\Next[2007]DvDrip.AC3[Eng]-aXXo
2012-05-03 11:29 - 2012-05-03 11:29 - 0000917 ____A C:\Users\Public\Desktop\Steam.lnk
2012-05-03 11:28 - 2012-05-16 09:07 - 0000000 ____D C:\Program Files (x86)\Steam
2012-05-03 11:27 - 2012-05-03 11:27 - 1606656 ____A C:\Users\Gary\Downloads\SteamInstall.msi
2012-05-03 10:48 - 2012-05-03 10:51 - 0000000 ____D C:\Users\Gary\Desktop\saves
2012-05-02 19:23 - 2012-05-16 05:40 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-05-02 19:23 - 2012-05-16 05:40 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-05-02 19:23 - 2012-05-16 05:40 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-02 19:21 - 2012-05-02 19:22 - 16409960 ____A (Safer Networking Limited ) C:\Users\Gary\Downloads\spybotsd162.exe
2012-05-02 15:42 - 2012-05-02 15:42 - 0000000 __SHD C:\Windows\ftpcache
2012-05-01 14:33 - 2012-05-16 05:39 - 0000000 ____D C:\Users\Gary\Downloads\The Smurfs {2011} DVDRIP. Jaybob
2012-05-01 14:13 - 2012-05-16 05:39 - 0000000 ____D C:\Users\Gary\Downloads\Mission.Impossible.Ghost.Protocol.2011.720p.BluRay.x264-SPARKS [PublicHD.ORG]
2012-04-30 08:31 - 2012-04-30 08:31 - 0000000 ____D C:\Users\Gary\Desktop\New Folder (4)
2012-04-26 18:04 - 2012-05-16 05:39 - 0000000 ____D C:\Users\Gary\AppData\Roaming\vlc
2012-04-26 18:04 - 2012-04-26 18:04 - 0001066 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-04-26 18:03 - 2012-04-26 18:03 - 0000000 ____D C:\Program Files (x86)\VideoLAN
2012-04-24 15:55 - 2012-04-24 15:55 - 0864188 ____A C:\Users\Gary\Desktop\2012-04-19_00001.jpg
2012-04-24 15:53 - 2012-04-24 15:54 - 0715322 ____A C:\Users\Gary\Desktop\2012-04-16_00001.jpg
2012-04-23 16:39 - 2012-05-16 05:40 - 0000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2012-04-23 16:39 - 2011-03-02 03:43 - 0175616 ____A C:\Windows\SysWOW64\unrar.dll
2012-04-23 16:35 - 2012-04-23 16:35 - 7770320 ____A ( ) C:\Users\Gary\Downloads\K-Lite_Codec_Pack_860_Basic.exe
2012-04-17 12:20 - 2012-02-29 16:02 - 8008000 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-04-17 12:20 - 2012-02-29 16:02 - 7713088 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-04-17 12:20 - 2012-02-29 16:02 - 5892928 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-04-17 12:20 - 2012-02-29 16:02 - 2872640 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-04-17 12:20 - 2012-02-29 16:02 - 2672448 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-04-17 12:20 - 2012-02-29 16:02 - 25543488 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-04-17 12:20 - 2012-02-29 16:02 - 25222976 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-04-17 12:20 - 2012-02-29 16:02 - 2517312 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-04-17 12:20 - 2012-02-29 16:02 - 2437440 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-04-17 12:20 - 2012-02-29 16:02 - 2301248 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-04-17 12:20 - 2012-02-29 16:02 - 19444544 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-04-17 12:20 - 2012-02-29 16:02 - 17642816 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-04-17 12:20 - 2012-02-29 16:02 - 17543488 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-04-17 12:20 - 2012-02-29 16:02 - 15009600 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-04-17 12:20 - 2012-02-29 16:02 - 13626688 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-04-17 12:20 - 2012-02-29 16:02 - 0812352 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-04-17 12:20 - 2012-02-29 16:02 - 0364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
2012-04-17 12:20 - 2012-02-29 16:02 - 0301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
2012-04-17 12:20 - 2012-02-29 16:02 - 0260416 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-04-17 12:20 - 2012-02-29 16:02 - 0215360 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-04-17 12:20 - 2012-02-29 16:02 - 0068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-04-17 12:20 - 2012-02-29 16:02 - 0061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-04-17 12:16 - 2012-04-17 12:18 - 166448312 ____A (NVIDIA Corporation) C:\Users\Gary\Downloads\296.10-desktop-win7-winvista-64bit-english-whql.exe
2012-04-16 13:13 - 2012-04-16 13:13 - 0001824 ____A C:\Users\Gary\Desktop\saintsrowthethird_dx11 - Shortcut.lnk


============ 3 Months Modified Files and Folders =============

2012-05-16 19:15 - 2012-05-16 09:56 - 0000000 ____D C:\FRST
2012-05-16 10:06 - 2011-07-01 10:18 - 0000000 ____D C:\Users\Gary\AppData\Roaming\Skype
2012-05-16 10:06 - 2011-06-29 03:30 - 2069082 ____A C:\Windows\WindowsUpdate.log
2012-05-16 10:02 - 2009-07-13 21:13 - 0006666 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-16 09:55 - 2012-05-16 09:55 - 1392549 ____A C:\Users\Gary\Downloads\FRST64.exe
2012-05-16 09:50 - 2012-04-06 04:32 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-16 09:47 - 2011-07-01 12:39 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-05-16 09:07 - 2012-05-03 11:28 - 0000000 ____D C:\Program Files (x86)\Steam
2012-05-16 07:49 - 2012-05-16 07:49 - 0000059 ____A C:\Users\Gary\Desktop\Bleeping Computer - Computer Help and Discussion.URL
2012-05-16 07:01 - 2012-05-15 16:07 - 0000000 ____D C:\Users\Gary\Desktop\pc fix
2012-05-16 06:55 - 2012-05-16 06:55 - 0607260 ____R (Swearware) C:\Users\Gary\Downloads\dds.scr
2012-05-16 06:54 - 2012-05-16 06:54 - 0000168 ____A C:\Users\Gary\defogger_reenable
2012-05-16 06:54 - 2011-08-16 11:22 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-16 06:54 - 2011-06-29 03:28 - 0000000 ___HD C:\users\Gary
2012-05-16 06:53 - 2012-05-16 06:53 - 0050477 ____A C:\Users\Gary\Downloads\Defogger.exe
2012-05-16 06:10 - 2012-05-16 06:10 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\eybevjlo.sys
2012-05-16 05:51 - 2009-07-13 20:45 - 0022080 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-16 05:51 - 2009-07-13 20:45 - 0022080 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-16 05:44 - 2012-05-16 05:44 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wkosrjqq.sys
2012-05-16 05:44 - 2011-07-01 12:39 - 0000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-05-16 05:43 - 2012-05-15 11:56 - 0000672 ____A C:\Windows\setupact.log
2012-05-16 05:43 - 2011-06-29 04:48 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-05-16 05:43 - 2011-06-29 04:48 - 0000000 ____D C:\ProgramData\NVIDIA
2012-05-16 05:43 - 2011-06-29 03:23 - 3220525056 __ASH C:\hiberfil.sys
2012-05-16 05:43 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-16 05:41 - 2012-03-26 12:36 - 0000000 ____D C:\Program Files\DivX
2012-05-16 05:41 - 2012-03-26 12:35 - 0000000 ____D C:\Users\All Users\DivX
2012-05-16 05:41 - 2012-03-26 12:35 - 0000000 ____D C:\ProgramData\DivX
2012-05-16 05:41 - 2011-10-31 12:40 - 0000000 ____D C:\Users\All Users\IObit
2012-05-16 05:41 - 2011-10-31 12:40 - 0000000 ____D C:\ProgramData\IObit
2012-05-16 05:41 - 2011-10-14 16:11 - 0000000 ____D C:\Users\Gary\AppData\Local\4A Games
2012-05-16 05:41 - 2011-09-10 07:29 - 0000000 ____D C:\Users\Gary\AppData\Roaming\IObit
2012-05-16 05:41 - 2011-07-17 11:20 - 0000000 ____D C:\Users\Gary\AppData\Local\Unity
2012-05-16 05:41 - 2011-07-08 13:46 - 0000000 ____D C:\Users\Gary\AppData\Roaming\PunkBuster
2012-05-16 05:41 - 2011-07-01 10:18 - 0000000 ____D C:\Users\All Users\Skype
2012-05-16 05:41 - 2011-07-01 10:18 - 0000000 ____D C:\ProgramData\Skype
2012-05-16 05:41 - 2011-06-29 04:42 - 0000000 ____D C:\Users\Gary\AppData\Local\Downloaded Installations
2012-05-16 05:41 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Microsoft Games
2012-05-16 05:40 - 2012-05-15 16:02 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-16 05:40 - 2012-05-15 08:59 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-05-16 05:40 - 2012-05-15 08:59 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-05-16 05:40 - 2012-05-12 12:54 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-16 05:40 - 2012-05-12 12:54 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-16 05:40 - 2012-05-02 19:23 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-05-16 05:40 - 2012-05-02 19:23 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-05-16 05:40 - 2012-05-02 19:23 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-16 05:40 - 2012-04-23 16:39 - 0000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2012-05-16 05:40 - 2012-04-05 11:03 - 0000000 ____D C:\Program Files (x86)\Cities In Motion
2012-05-16 05:40 - 2012-03-31 20:52 - 0000000 ____D C:\Program Files (x86)\AC3Filter
2012-05-16 05:40 - 2012-03-31 20:47 - 0000000 ____D C:\Program Files (x86)\AC3File
2012-05-16 05:40 - 2012-03-26 12:36 - 0000000 ____D C:\Program Files (x86)\DivX
2012-05-16 05:40 - 2012-03-11 09:22 - 0000000 ____D C:\Program Files\WinRAR
2012-05-16 05:40 - 2012-03-11 09:12 - 0000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2012-05-16 05:40 - 2012-03-02 12:09 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-05-16 05:40 - 2011-11-06 11:08 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-16 05:40 - 2011-11-06 11:08 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-05-16 05:40 - 2011-07-08 15:28 - 0000000 ____D C:\Program Files (x86)\BRS
2012-05-16 05:40 - 2011-07-08 12:16 - 0000000 ____D C:\Program Files (x86)\DAEMON Tools Toolbar
2012-05-16 05:40 - 2011-07-05 13:15 - 0000000 ____D C:\Users\All Users\Origin
2012-05-16 05:40 - 2011-07-05 13:15 - 0000000 ____D C:\ProgramData\Origin
2012-05-16 05:40 - 2011-07-05 13:15 - 0000000 ____D C:\Program Files (x86)\Origin
2012-05-16 05:40 - 2011-07-01 15:14 - 0000000 ____D C:\Fraps
2012-05-16 05:40 - 2011-07-01 14:40 - 0000000 ____D C:\Program Files\Common Files\logishrd
2012-05-16 05:40 - 2011-07-01 10:18 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-05-16 05:40 - 2011-07-01 09:59 - 0000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2012-05-16 05:40 - 2011-06-30 07:27 - 0000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-05-16 05:40 - 2011-06-29 04:48 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-05-16 05:40 - 2011-06-29 04:46 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2012-05-16 05:40 - 2011-06-29 04:40 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-05-16 05:40 - 2011-03-01 15:04 - 0000000 ____D C:\Program Files (x86)\Windows Live SkyDrive
2012-05-16 05:40 - 2011-03-01 15:04 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-05-16 05:40 - 2010-11-20 23:17 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-16 05:40 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-05-16 05:40 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-05-16 05:40 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-05-16 05:40 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2012-05-16 05:39 - 2012-05-14 11:45 - 0000000 ____D C:\Users\Gary\Downloads\Everything.Must.Go.2010.BRRiP.XviD.AbSurdiTy
2012-05-16 05:39 - 2012-05-13 14:29 - 0000000 ____D C:\Users\Gary\Downloads\The Grey (2012) DVDRip XviD-MAXSPEED
2012-05-16 05:39 - 2012-05-07 14:08 - 0000000 ____D C:\Users\Gary\Downloads\Animal Kingdom 2010 BRRip 720p H264 AAC-GreatMagician (Kingdom-Release)
2012-05-16 05:39 - 2012-05-07 09:49 - 0000000 ____D C:\Users\Gary\AppData\Local\SniperV2
2012-05-16 05:39 - 2012-05-06 11:39 - 0000000 ____D C:\Users\Gary\Desktop\Sniper.Elite.V2-SKIDROW
2012-05-16 05:39 - 2012-05-04 13:15 - 0000000 ____D C:\Users\Gary\Downloads\Grindhouse-Death.Proof[2007][Unrated.Editon]DvDrip[Eng]-aXXo
2012-05-16 05:39 - 2012-05-03 15:21 - 0000000 ____D C:\Users\Gary\Downloads\Next[2007]DvDrip.AC3[Eng]-aXXo
2012-05-16 05:39 - 2012-05-01 14:33 - 0000000 ____D C:\Users\Gary\Downloads\The Smurfs {2011} DVDRIP. Jaybob
2012-05-16 05:39 - 2012-05-01 14:13 - 0000000 ____D C:\Users\Gary\Downloads\Mission.Impossible.Ghost.Protocol.2011.720p.BluRay.x264-SPARKS [PublicHD.ORG]
2012-05-16 05:39 - 2012-04-26 18:04 - 0000000 ____D C:\Users\Gary\AppData\Roaming\vlc
2012-05-16 05:39 - 2012-04-05 11:03 - 0000000 ____D C:\Users\Gary\Documents\Cities In Motion
2012-05-16 05:39 - 2012-04-05 10:46 - 0000000 ____D C:\Users\Gary\Downloads\Cities in Motion (2011) [PC-CD][MULTi4][WwW.ZoNaTorrent.CoM]
2012-05-16 05:39 - 2012-04-03 16:51 - 0000000 ____D C:\Users\Gary\Downloads\Dear Esther-SKIDROW
2012-05-16 05:39 - 2012-03-29 18:26 - 0000000 ____D C:\Users\Gary\Downloads\City.Life.Edition.2008-RELOADED.[SpatorrenT.CoM]
2012-05-16 05:39 - 2012-03-28 09:52 - 0000000 ____D C:\Windows\DEA314C409294250BC9298E4C105F28D.TMP
2012-05-16 05:39 - 2012-03-14 06:12 - 0000000 ____D C:\Users\Gary\Downloads\Mass.Effect.3-RELOADED
2012-05-16 05:39 - 2012-03-11 09:26 - 0000000 ____D C:\Users\Gary\Desktop\tony movie
2012-05-16 05:39 - 2012-03-07 04:55 - 0000000 ____D C:\Users\Gary\Desktop\New folder
2012-05-16 05:39 - 2012-02-23 08:24 - 0000000 ____D C:\users\UpdatusUser
2012-05-16 05:39 - 2012-01-27 03:05 - 0000000 ____D C:\Users\Gary\AppData\Roaming\DarknessIIDemo
2012-05-16 05:39 - 2012-01-26 10:58 - 0000000 ____D C:\Users\Gary\Desktop\realtek
2012-05-16 05:39 - 2012-01-02 08:37 - 0000000 ____D C:\Users\Gary\Desktop\mobile backup
2012-05-16 05:39 - 2011-12-27 11:14 - 0000000 ____D C:\Users\Gary\AppData\Roaming\SystemRequirementsLab
2012-05-16 05:39 - 2011-09-29 10:27 - 0000000 ____D C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-05-16 05:39 - 2011-09-16 12:57 - 0000000 ____D C:\Windows\7104189AC5924A56AC9E7C0CA135DA3C.TMP
2012-05-16 05:39 - 2011-08-27 13:59 - 0000000 ____D C:\Users\Gary\AppData\Roaming\Updater
2012-05-16 05:39 - 2011-08-26 11:49 - 0000000 ____D C:\Users\Gary\Desktop\homefront update
2012-05-16 05:39 - 2011-07-11 10:22 - 0000000 ____D C:\Windows\SysWOW64\directx
2012-05-16 05:39 - 2011-07-11 07:39 - 0000000 ____D C:\Users\Gary\Documents\Settlers7
2012-05-16 05:39 - 2011-07-09 11:58 - 0000000 ____D C:\Windows\SysWOW64\xlive
2012-05-16 05:39 - 2011-07-01 15:47 - 0000000 ____D C:\Users\Gary\AppData\Roaming\NVIDIA
2012-05-16 05:39 - 2011-06-29 04:40 - 0000000 ____D C:\Windows\SysWOW64\RTCOM
2012-05-16 05:39 - 2010-11-20 23:16 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-05-16 05:39 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Offline Web Pages
2012-05-16 05:39 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-05-16 05:39 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\Setup
2012-05-16 05:39 - 2009-07-13 19:20 - 0000000 __RSD C:\Windows\Media
2012-05-16 05:39 - 2009-07-13 19:20 - 0000000 __RHD C:\Users\Public\Libraries
2012-05-16 05:39 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-05-16 05:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\TAPI
2012-05-16 05:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Recovery
2012-05-16 05:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ias
2012-05-16 05:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\security
2012-05-16 05:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-05-16 05:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-05-16 05:20 - 2011-07-03 05:38 - 0000000 ____D C:\Users\Gary\AppData\Roaming\SoftGrid Client
2012-05-16 05:15 - 2012-05-16 05:15 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\kzhtasyt.sys
2012-05-16 04:57 - 2012-05-16 04:57 - 0000149 ____A C:\Users\Gary\Downloads\AntiZeroAccess_Log.txt
2012-05-16 04:56 - 2012-05-16 04:56 - 0187464 ____A (Webroot) C:\Users\Gary\Downloads\antizeroaccess.exe
2012-05-16 03:33 - 2012-05-16 03:33 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dymzpkcm.sys
2012-05-15 16:02 - 2012-05-15 16:02 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-15 16:02 - 2012-05-15 16:02 - 0000000 ____D C:\ProgramData\Mozilla
2012-05-15 16:00 - 2012-05-15 16:00 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\gbvksopy.sys
2012-05-15 13:51 - 2012-05-15 13:51 - 0347424 ____A (Microsoft Corporation) C:\Users\Gary\Downloads\MicrosoftFixit.WindowsFirewall.RNP.137260549474842069.1.1.Run.exe
2012-05-15 13:49 - 2012-05-15 13:49 - 0662016 ____A C:\Users\Gary\Downloads\MicrosoftFixit50123.msi
2012-05-15 13:34 - 2012-05-15 13:34 - 0137096 ____A (ESET) C:\Users\Gary\Downloads\ESETSirefefRemover.exe
2012-05-15 13:17 - 2012-05-15 13:17 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxpgkiee.sys
2012-05-15 13:14 - 2012-05-15 13:11 - 0282746 ____A C:\Windows\ntbtlog.txt
2012-05-15 12:40 - 2012-05-15 12:40 - 0000000 ____D C:\Users\All Users\Sophos
2012-05-15 12:40 - 2012-05-15 12:40 - 0000000 ____D C:\ProgramData\Sophos
2012-05-15 12:39 - 2012-05-15 12:39 - 0003267 ____A C:\Users\Gary\Desktop\Sophos Virus Removal Tool.lnk
2012-05-15 12:39 - 2012-05-15 12:39 - 0000000 ____D C:\Program Files (x86)\Sophos
2012-05-15 12:38 - 2012-05-15 12:37 - 81817152 ____A (Sophos Limited) C:\Users\Gary\Downloads\Sophos Virus Removal Tool.exe
2012-05-15 12:09 - 2011-08-25 06:53 - 0000000 ____D C:\Users\Gary\AppData\Local\ElevatedDiagnostics
2012-05-15 12:06 - 2012-05-15 12:06 - 0347424 ____A (Microsoft Corporation) C:\Users\Gary\Downloads\MicrosoftFixit.WindowsFirewall.RNP.134260542991757674.1.1.Run.exe
2012-05-15 11:56 - 2012-05-15 11:56 - 0000000 ____A C:\Windows\setuperr.log
2012-05-15 09:49 - 2012-03-02 12:08 - 0000000 ____D C:\Users\Gary\AppData\Roaming\uTorrent
2012-05-15 09:49 - 2011-07-08 12:15 - 0000000 ____D C:\Users\Gary\AppData\Roaming\DAEMON Tools Lite
2012-05-15 09:38 - 2011-08-04 06:17 - 0000000 ____D C:\Users\Gary\AppData\Roaming\Lionhead Studios
2012-05-15 09:14 - 2012-05-15 09:13 - 65268728 ____A (Microsoft Corporation) C:\Users\Gary\Downloads\mpam-fe.exe
2012-05-15 09:00 - 2011-07-01 09:08 - 0001945 ____A C:\Windows\epplauncher.mif
2012-05-15 09:00 - 2011-06-30 07:27 - 0006632 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-15 08:55 - 2012-05-15 08:55 - 12621696 ____A (Microsoft Corporation) C:\Users\Gary\Downloads\mseinstall.exe
2012-05-14 12:40 - 2012-05-12 04:46 - 0000000 ____D C:\Users\Gary\AppData\Roaming\Tropico 3
2012-05-14 12:28 - 2012-05-14 11:43 - 1693757440 ____A C:\Users\Gary\Downloads\Bridesmaids.2011.BRRip.XviD.Ac3.Feel-Free.avi
2012-05-14 12:20 - 2012-05-14 12:20 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-05-14 11:44 - 2012-05-14 11:43 - 0000000 ____D C:\Users\Gary\Downloads\The Real Housewives of Orange County 2
2012-05-12 01:29 - 2011-07-11 10:22 - 0000000 ___HD C:\Windows\msdownld.tmp
2012-05-10 09:16 - 2009-07-13 20:45 - 0274320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-10 08:25 - 2011-07-01 09:22 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-08 16:38 - 2012-05-08 16:33 - 0000000 ____D C:\Users\Gary\Downloads\Chronicle.2012.DC.720p.BluRay.x264-REFiNED [PublicHD]
2012-05-07 13:14 - 2012-05-07 13:12 - 0000000 ____D C:\Users\Gary\AppData\Roaming\Origin
2012-05-07 13:11 - 2012-05-07 13:11 - 0000000 ____D C:\Users\Gary\AppData\Local\Origin
2012-05-07 13:11 - 2012-05-07 13:11 - 0000000 ____D C:\Program Files (x86)\Origin Games
2012-05-07 09:47 - 2012-05-07 09:47 - 0001303 ____A C:\Users\Gary\Desktop\SniperEliteV2 - Shortcut.lnk
2012-05-07 09:47 - 2011-07-01 10:53 - 0000000 ____D C:\Users\Gary\AppData\Local\SKIDROW
2012-05-07 09:36 - 2012-05-07 09:36 - 0000000 ____D C:\Program Files (x86)\Rebellion
2012-05-07 09:34 - 2012-05-07 09:34 - 0000000 ____D C:\Users\Gary\AppData\Roaming\Google
2012-05-06 05:20 - 2009-07-13 21:08 - 0032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-05 15:23 - 2012-05-05 15:23 - 0000000 ____D C:\Users\Gary\Downloads\Fighting.2009.DVDRip.XviD-DASH
2012-05-04 12:51 - 2012-04-06 04:32 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-04 12:51 - 2011-07-01 15:01 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-04 12:50 - 2012-04-06 04:50 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 04:00 - 2012-05-04 04:00 - 0019473 ____A C:\Users\Gary\Desktop\letter.docx
2012-05-03 11:29 - 2012-05-03 11:29 - 0000917 ____A C:\Users\Public\Desktop\Steam.lnk
2012-05-03 11:27 - 2012-05-03 11:27 - 1606656 ____A C:\Users\Gary\Downloads\SteamInstall.msi
2012-05-03 10:51 - 2012-05-03 10:48 - 0000000 ____D C:\Users\Gary\Desktop\saves
2012-05-02 19:22 - 2012-05-02 19:21 - 16409960 ____A (Safer Networking Limited ) C:\Users\Gary\Downloads\spybotsd162.exe
2012-05-02 15:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-05-02 15:42 - 2012-05-02 15:42 - 0000000 __SHD C:\Windows\ftpcache
2012-04-30 08:31 - 2012-04-30 08:31 - 0000000 ____D C:\Users\Gary\Desktop\New Folder (4)
2012-04-26 18:04 - 2012-04-26 18:04 - 0001066 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-04-26 18:03 - 2012-04-26 18:03 - 0000000 ____D C:\Program Files (x86)\VideoLAN
2012-04-24 15:55 - 2012-04-24 15:55 - 0864188 ____A C:\Users\Gary\Desktop\2012-04-19_00001.jpg
2012-04-24 15:54 - 2012-04-24 15:53 - 0715322 ____A C:\Users\Gary\Desktop\2012-04-16_00001.jpg
2012-04-23 16:35 - 2012-04-23 16:35 - 7770320 ____A ( ) C:\Users\Gary\Downloads\K-Lite_Codec_Pack_860_Basic.exe
2012-04-17 12:21 - 2011-08-12 12:00 - 0000000 ____D C:\NVIDIA
2012-04-17 12:18 - 2012-04-17 12:16 - 166448312 ____A (NVIDIA Corporation) C:\Users\Gary\Downloads\296.10-desktop-win7-winvista-64bit-english-whql.exe
2012-04-17 12:15 - 2012-03-31 20:34 - 0000000 ____D C:\Users\Gary\AppData\Roaming\DivX
2012-04-16 13:13 - 2012-04-16 13:13 - 0001824 ____A C:\Users\Gary\Desktop\saintsrowthethird_dx11 - Shortcut.lnk
2012-04-14 14:31 - 2011-08-26 14:15 - 0000000 ____D C:\Program Files (x86)\THQ
2012-04-14 14:30 - 2011-08-26 12:17 - 0000000 ____D C:\Users\Gary\Desktop\SKIDROW
2012-04-10 07:58 - 2012-04-10 07:11 - 0013951 ____A C:\Users\Gary\Documents\After working with Ashford for over 6 yrs.docx
2012-04-06 08:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-06 04:34 - 2012-04-06 04:34 - 0001290 ____A C:\Users\Public\Desktop\Uninstaller.lnk
2012-04-06 04:34 - 2012-04-06 04:34 - 0001233 ____A C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
2012-04-06 04:33 - 2011-09-10 07:29 - 0000000 ____D C:\Program Files (x86)\IObit
2012-04-05 11:03 - 2012-04-05 11:03 - 0001039 ____A C:\Users\Gary\Desktop\Cities In Motion.lnk
2012-04-04 05:27 - 2012-04-04 05:27 - 0000162 ___AH C:\Users\Gary\Desktop\~$ry Roberts Cv 28.3.2012.doc
2012-04-03 18:01 - 2012-04-03 17:39 - 0001221 ____A C:\Users\Gary\Desktop\dearesther - Shortcut.lnk
2012-04-03 17:32 - 2012-04-03 17:32 - 0000000 ____D C:\Program Files (x86)\thechineseroom
2012-04-03 09:59 - 2012-04-03 09:59 - 0000162 ___AH C:\Users\Gary\Desktop\~$thony_Gibbons_CV3 (4).doc
2012-04-02 12:17 - 2012-05-07 09:34 - 0102400 ____N C:\Users\Gary\AppData\Roaming\googleoez.exe
2012-04-02 12:17 - 2012-04-02 12:17 - 0040985 ____A C:\Users\Gary\AppData\Roaming\a.7z
2012-03-31 20:54 - 2012-03-31 20:27 - 0000000 ____D C:\Users\Gary\Desktop\New folder (3)
2012-03-31 20:34 - 2012-03-31 20:34 - 0002138 ____A C:\Users\Public\Desktop\DivX Plus Converter.lnk
2012-03-31 20:34 - 2012-03-31 20:34 - 0001128 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
2012-03-30 22:05 - 2012-05-10 06:26 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-10 06:26 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-10 06:26 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-10 06:26 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-10 06:26 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-26 12:38 - 2012-03-26 12:38 - 0000000 ____D C:\Users\Gary\AppData\Local\DDMSettings
2012-03-26 12:38 - 2011-06-29 03:28 - 0000000 ____D C:\Users\Gary\AppData\LocalLow
2012-03-20 11:44 - 2012-03-20 11:44 - 0203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 11:44 - 2012-03-20 11:44 - 0098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-16 23:58 - 2012-05-10 06:26 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-16 06:06 - 2012-03-16 05:11 - 0000000 ____D C:\Users\Gary\Documents\BioWare
2012-03-16 05:54 - 2012-03-16 05:54 - 0001914 ____A C:\Users\Gary\Desktop\MassEffect3 - Shortcut.lnk
2012-03-16 05:14 - 2012-03-16 05:14 - 0000000 ____D C:\Program Files (x86)\me
2012-03-12 12:12 - 2011-12-31 17:17 - 0000000 ____D C:\Users\Gary\Desktop\fraps pics
2012-03-11 09:13 - 2012-03-11 09:13 - 0001958 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2012-03-11 09:12 - 2012-03-11 09:12 - 0283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-03-10 18:11 - 2012-03-10 16:13 - 0000000 ____D C:\Users\Gary\Desktop\New folder (2)
2012-03-07 11:49 - 2011-06-29 03:29 - 0000174 ___SH C:\Users\Gary\Start Menu\Programs\Startup\desktop.ini
2012-03-07 11:49 - 2011-06-29 03:29 - 0000174 ___SH C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-03-07 09:50 - 2009-07-13 20:54 - 0000174 ___SH C:\Program Files (x86)\desktop.ini
2012-03-04 08:25 - 2012-03-04 08:25 - 0000162 ___AH C:\Users\Gary\Desktop\~$ry Roberts.docx
2012-03-04 08:25 - 2012-03-04 08:25 - 0000162 ___AH C:\Users\Gary\Desktop\~$nctional CV.dot
2012-03-02 22:35 - 2012-05-10 06:26 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-02 21:31 - 2012-05-10 06:26 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-02 12:09 - 2012-03-02 12:09 - 0000943 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-03-02 12:08 - 2012-03-02 12:08 - 0000000 ____D C:\Users\Gary\AppData\Local\uTorrent
2012-03-01 11:16 - 2012-03-01 11:16 - 0001114 ____A C:\Users\UpdatusUser\Desktop\EVEREST Home Edition.lnk
2012-03-01 11:16 - 2012-03-01 11:16 - 0001114 ____A C:\Users\Gary\Desktop\EVEREST Home Edition.lnk
2012-03-01 11:15 - 2012-03-01 11:15 - 0000000 ____D C:\Program Files (x86)\Lavalys
2012-02-29 22:46 - 2012-04-10 18:00 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:38 - 2012-04-10 18:00 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:33 - 2012-04-10 18:00 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:28 - 2012-04-10 18:00 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:37 - 2012-04-10 18:00 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:33 - 2012-04-10 18:00 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:29 - 2012-04-10 18:00 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-29 16:02 - 2012-04-17 12:20 - 8008000 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-02-29 16:02 - 2012-04-17 12:20 - 7713088 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-02-29 16:02 - 2012-04-17 12:20 - 5892928 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-02-29 16:02 - 2012-04-17 12:20 - 2872640 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-02-29 16:02 - 2012-04-17 12:20 - 2672448 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-02-29 16:02 - 2012-04-17 12:20 - 25543488 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-02-29 16:02 - 2012-04-17 12:20 - 25222976 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-02-29 16:02 - 2012-04-17 12:20 - 2517312 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-02-29 16:02 - 2012-04-17 12:20 - 2437440 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-02-29 16:02 - 2012-04-17 12:20 - 2301248 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-02-29 16:02 - 2012-04-17 12:20 - 19444544 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-02-29 16:02 - 2012-04-17 12:20 - 17642816 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-02-29 16:02 - 2012-04-17 12:20 - 17543488 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-02-29 16:02 - 2012-04-17 12:20 - 15009600 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-02-29 16:02 - 2012-04-17 12:20 - 13626688 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-02-29 16:02 - 2012-04-17 12:20 - 0812352 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-02-29 16:02 - 2012-04-17 12:20 - 0364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
2012-02-29 16:02 - 2012-04-17 12:20 - 0301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
2012-02-29 16:02 - 2012-04-17 12:20 - 0260416 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-02-29 16:02 - 2012-04-17 12:20 - 0215360 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-02-29 16:02 - 2012-04-17 12:20 - 0068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-02-29 16:02 - 2012-04-17 12:20 - 0061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-02-29 16:02 - 2012-02-23 08:22 - 0962368 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2012-02-29 16:02 - 2011-08-12 12:01 - 1737536 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-02-29 16:02 - 2011-08-12 12:01 - 1466176 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-02-29 16:02 - 2011-06-29 04:47 - 9717568 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-02-29 16:02 - 2011-06-29 04:47 - 2660160 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-02-29 16:02 - 2011-06-29 04:47 - 0011770 ____A C:\Windows\System32\nvinfo.pb
2012-02-29 13:00 - 2011-06-29 04:47 - 6074176 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-02-29 13:00 - 2011-06-29 04:47 - 3089728 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-02-29 12:59 - 2012-02-23 08:24 - 2515790 ____A C:\Windows\System32\nvcoproc.bin
2012-02-29 12:59 - 2011-06-29 04:47 - 0889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-02-29 12:59 - 2011-06-29 04:47 - 0118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-02-29 12:59 - 2011-06-29 04:47 - 0063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-02-29 04:26 - 2012-02-29 04:26 - 0416064 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-02-27 23:34 - 2012-04-10 18:03 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-04-10 18:03 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-04-10 18:03 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-04-10 18:03 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-04-10 18:03 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-04-10 18:03 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-04-10 18:03 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-04-10 18:03 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-04-10 18:03 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-04-10 18:03 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-04-10 18:03 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-04-10 18:03 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-04-10 18:03 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 17:52 - 2012-04-10 18:03 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-04-10 18:03 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-04-10 18:03 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-04-10 18:03 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-04-10 18:03 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-04-10 18:03 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-04-10 18:03 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-04-10 18:03 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-04-10 18:03 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-04-10 18:03 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-04-10 18:03 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-04-10 18:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-04-10 18:03 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-26 08:09 - 2012-02-26 08:09 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-02-26 08:09 - 2012-02-26 08:09 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-02-26 08:09 - 2012-02-26 08:09 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-02-26 08:09 - 2012-02-26 08:09 - 0000000 ____D C:\Program Files (x86)\Java
2012-02-26 08:09 - 2011-07-01 15:45 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-02-24 12:40 - 2012-02-24 12:40 - 0068943 ____A C:\Users\Gary\AppData\Roaming\icarus-dxdiag.xml
2012-02-24 10:53 - 2012-02-24 10:53 - 0000058 ____A C:\Windows\SysWOW64\trace.bin
2012-02-23 08:24 - 2012-02-23 08:24 - 0000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-02-23 08:24 - 2012-02-23 08:24 - 0000000 __SHD C:\Users\UpdatusUser\Templates
2012-02-23 08:24 - 2012-02-23 08:24 - 0000000 __SHD C:\Users\UpdatusUser\Start Menu
2012-02-23 08:24 - 2012-02-23 08:24 - 0000000 __SHD C:\Users\UpdatusUser\PrintHood
2012-02-23 08:24 - 2012-02-23 08:24 - 0000000 __SHD C:\Users\UpdatusUser\NetHood
2012-02-23 08:24 - 2012-02-23 08:24 - 0000000 __SHD C:\Users\UpdatusUser\My Documents
2012-02-23 08:24 - 2012-02-23 08:24 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Videos
2012-02-23 08:24 - 2012-02-23 08:24 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Pictures
2012-02-23 08:24 - 2012-02-23 08:24 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Music
2012-02-23 08:24 - 2012-02-23 08:24 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\Temporary Internet Files
2012-02-23 08:24 - 2012-02-23 08:24 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\History
2012-02-23 08:24 - 2012-02-23 08:24 - 0000000 ____D C:\Users\UpdatusUser\AppData\LocalLow
2012-02-23 05:24 - 2012-04-06 04:39 - 0024408 ____A (IObit) C:\Windows\System32\RegistryDefragBootTime.exe
2012-02-22 16:16 - 2012-02-22 16:16 - 0000000 ____D C:\Users\Gary\AppData\Local\Focus Home Interactive
2012-02-22 12:05 - 2012-02-22 12:05 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2012-02-20 07:42 - 2012-02-20 06:55 - 0001919 ____A C:\Users\Gary\Desktop\SporeApp - Shortcut (2).lnk
2012-02-20 06:56 - 2012-02-17 05:28 - 0000000 ____D C:\Users\Gary\Documents\My Spore Creations
2012-02-20 06:47 - 2011-07-05 09:50 - 0000000 ____D C:\Program Files (x86)\Electronic Arts
2012-02-19 02:44 - 2012-02-17 05:27 - 0000000 ____D C:\Users\Gary\AppData\Roaming\SPORE
2012-02-18 09:45 - 2012-02-18 09:43 - 0001836 ____A C:\Users\Gary\Desktop\SporeApp - Shortcut.lnk
2012-02-17 05:27 - 2012-02-17 05:27 - 0000000 ____D C:\Users\Gary\AppData\Roaming\SecuROM
2012-02-17 02:41 - 2011-07-08 13:47 - 0000000 ____D C:\Users\All Users\Ubisoft
2012-02-17 02:41 - 2011-07-08 13:47 - 0000000 ____D C:\ProgramData\Ubisoft

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4095.11 MB
Available physical RAM: 3458.23 MB
Total Pagefile: 4093.31 MB
Available Pagefile: 3444.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:678.76 GB) NTFS
3 Drive f: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 1924 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 931 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1907 MB 64 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 1907 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-12 01:55

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:32 PM

Posted 16 May 2012 - 01:59 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 grobbs

grobbs
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 16 May 2012 - 03:31 PM

Hi Gringo
Ok so i run the combofix and all it done was remove the windows security essentials icon from the hidden icons box (bottom corner of screen).It come back after restart. And i got no log from combofix.

Problems-
1) Windows security essentials keeps finding the sirefef virus and every minute or so keeps saying restart to completely remove the serious problem. And soon as the computer starts up again it is there again, 2 viruses found and well you guessed it.

2) Also when i surf internet it sometimes brings up random pages and cuts off.

3) My windows firewall is down to. Use recommended settings don’t work.

4) I can't do a system restore.

My computer is running ok but i have got no firewall protection. it was ok a week ago.

Thanks for the help i am at breaking point.

Edited by grobbs, 16 May 2012 - 03:32 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:32 PM

Posted 17 May 2012 - 01:21 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 grobbs

grobbs
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 17 May 2012 - 06:57 AM

hi just to let you know, i am going to do a clean install should sort the problem out. cheers. want me to post the news?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:32 PM

Posted 17 May 2012 - 11:59 AM

YES DO LET ME KNOW AND IF YOU WANT ME TO CHECK THINGS AFTER JUST LET ME KNOW ALSO


gRINGO
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:32 PM

Posted 20 May 2012 - 12:19 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users