Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus that caused Windows 7 64bit Startup Repair loop


  • This topic is locked This topic is locked
10 replies to this topic

#1 billy gates son

billy gates son

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 06 December 2012 - 02:14 PM

THANK YOU IN ADVANCE
got rid of the virus when I connected the drive to a different computer as a non-os drive, but I can't seem to fix the registry issue.


Problem signature:
Problem Event Name: StartupRepairOffline
Problem Signature 01: 6.1.7600.16385
Problem Signature 02: 6.1.7600.16385
Problem Signature 03: unknown
Problem Signature 04: 21200856
Problem Signature 05: ExternalMedia
Problem Signature 06: 60
Problem Signature 07: CorruptRegistry
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1033

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-12-2012
Ran by SYSTEM at 06-12-2012 07:59:38
Running from E:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" [1464984 2012-10-12] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2075288 2012-10-12] (Microsoft Corporation)
HKLM\...\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [1212560 2012-06-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2844608 2012-10-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE [3182080 2012-10-08] (Eastman Kodak Company)
HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [x]
HKU\billy gates son\...\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [393216 2012-01-31] (AMD)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.238.64.12

==================== Services (Whitelisted) ===================

4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2009-06-02] ()
2 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [1132856 2012-06-28] (Acronis)
4 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3459024 2012-07-23] (Acronis)
2 avast! Antivirus; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [44808 2012-10-30] (AVAST Software)
4 BOT4Service; "C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe" [39408 2010-09-13] ()
4 dnWhoDisp; C:\Program Files (x86)\Rockwell Software\RSLINX\dnwhodisp.exe [99728 2008-06-04] (Rockwell Automation, Inc.)
4 EventClientMultiplexer; "C:\Program Files (x86)\Common Files\Rockwell\EventClientMultiplexer.exe" [334696 2010-08-20] (Rockwell Automation, Inc.)
4 EventServer; "C:\Program Files (x86)\Common Files\Rockwell\EventServer.exe" [250728 2010-08-20] (Rockwell Automation, Inc.)
4 Harmony; "C:\Program Files (x86)\Rockwell Software\RSCommon\RSOBSERV.EXE" [202016 2010-03-03] (Rockwell Automation, Inc.)
3 ICCS; "C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe" [160256 2011-08-30] (Intel Corporation)
2 Kodak AiO Status Monitor Service; "C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe" [779200 2012-10-15] (Eastman Kodak Company)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
4 NmspHost; "C:\Program Files (x86)\Common Files\Rockwell\NmspHost.exe" [224104 2010-08-20] (Rockwell Automation, Inc.)
4 OpcEnum; C:\Windows\SysWOW64\OpcEnum.exe [98304 2005-11-25] (OPC Foundation)
4 RdcyHost; "C:\Program Files (x86)\Common Files\Rockwell\RdcyHost.exe" [224104 2010-08-20] (Rockwell Automation, Inc.)
4 RNADiagnosticsService; "C:\Program Files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe" [30056 2010-08-20] (Rockwell Automation Inc.)
4 RNADiagReceiver; "C:\Program Files (x86)\Common Files\Rockwell\RNADiagReceiver.exe" [245096 2010-08-20] (Rockwell Automation, Inc.)
4 RNADirectory; "C:\Program Files (x86)\Common Files\Rockwell\RnaDirServer.exe" [922984 2010-08-20] (Rockwell Automation, Inc.)
4 RNADirMultiplexor; "C:\Program Files (x86)\Common Files\Rockwell\RNADirMultiplexor.exe" [1049448 2010-08-20] (Rockwell Automation, Inc.)
4 RoxMediaDB13; "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe" [1099248 2010-07-16] (Sonic Solutions)
4 RSLinx; C:\PROGRA~2\ROCKWE~1\RSLinx\RSLINX.EXE /SERVICE [1996408 2010-09-24] (Rockwell Automation, Inc.)
4 RsvcHost; "C:\Program Files (x86)\Common Files\Rockwell\RsvcHost.exe" [224104 2010-08-20] (Rockwell Automation, Inc.)
4 syncagentsrv; "C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe" [5915352 2012-06-28] (Acronis)
3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x]
2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [x]
3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) =====================

0 ahcix64; C:\Windows\System32\Drivers\ahcix64.sys [233776 2010-11-07] (Advanced Micro Devices, Inc)
2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
2 AODDriver4.2; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2011-01-24] ()
1 AsUpIO; C:\Windows\SysWow64\Drivers\AsUpIO.sys [13368 2009-07-05] ()
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-11-28] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)
3 atillk64; \??\C:\Program Files (x86)\GIGABYTE\atBIOS\AtiTool\atillk64.sys [14608 2006-07-19] (ATI Technologies Inc.)
3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
3 etdrv; \??\C:\Windows\etdrv.sys [25640 2012-11-06] (Windows ® Server 2003 DDK provider)
0 fltsrv; C:\Windows\System32\Drivers\fltsrv.sys [137312 2012-07-23] (Acronis)
3 gdrv; \??\C:\Windows\gdrv.sys [25640 2012-11-06] (Windows ® Server 2003 DDK provider)
3 GPCIDrv; \??\C:\Program Files (x86)\GIGABYTE\atBIOS\GPCIDrv64.sys [14376 2010-02-04] ()
3 gttap1; C:\Windows\System32\Drivers\gttap1.sys [66104 2010-11-02] (The OpenVPN Project)
3 GVTDrv64; \??\C:\Windows\GVTDrv64.sys [30528 2012-11-06] ()
1 hwinterface; C:\Windows\SysWow64\Drivers\hwinterface.sys [3026 2011-04-18] (Logix4u)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
3 Ndisrd; C:\Windows\System32\Drivers\Ndisrd.sys [27648 2012-01-03] (NT Kernel Resources)
3 NdisrdMP; C:\Windows\System32\DRIVERS\ndisrd.sys [27648 2012-01-03] (NT Kernel Resources)
2 NPF; C:\Windows\System32\Drivers\NPF.sys [47632 2009-10-20] (CACE Technologies, Inc.)
3 RTCore64; \??\C:\Program Files (x86)\RMClock\RTCore64.sys [7168 2005-05-25] ()
3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan620.sys [32360 2011-09-15] (Realtek Corporation)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-09-05] (Duplex Secure Ltd.)
3 StMp3Recx64; C:\Windows\System32\Drivers\StMp3Recx64.sys [26112 2007-01-12] (Generic)
0 vididr; C:\Windows\System32\Drivers\vididr.sys [211552 2012-07-23] (Acronis)
0 vidsflt67; C:\Windows\System32\DRIVERS\vsflt67.sys [146528 2012-07-23] (Acronis)
1 VirtDiskBus; C:\Windows\System32\DRIVERS\VirtDiskBus64.sys [66160 2011-02-08] (Giga-Byte Technology CO., LTD.)
3 VX3000; C:\Windows\System32\Drivers\VX3000.sys [2060144 2010-05-20] (Microsoft Corporation)
3 AODDriver; \??\C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [x]
3 AODDriver2; \??\C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x]
3 ASFLTDrv.sys; \??\C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys [x]
3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [x]
3 btwavdt; C:\Windows\System32\drivers\btwavdt.sys [x]
3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [x]
3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [x]
3 motccgp; C:\Windows\System32\DRIVERS\motccgp.sys [x]
3 motccgpfl; C:\Windows\System32\DRIVERS\motccgpfl.sys [x]
3 motmodem; C:\Windows\System32\DRIVERS\motmodem.sys [x]
3 motport; C:\Windows\System32\DRIVERS\motport.sys [x]
3 pcidnt; C:\Windows\System32\Drivers\pcidnt.sys [x]
1 VDiskBus; C:\Windows\System32\DRIVERS\VDiskBus64.sys [x]
1 VirtualBackplane; C:\Windows\System32\Drivers\VirtualBackplane.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-05 13:35 - 2012-12-05 13:35 - 00000000 ____A C:\Windows\System32\config\SOFTWARE21c80541
2012-12-05 01:07 - 2012-12-05 01:07 - 00000000 __ADC C:\regback
2012-12-04 21:34 - 2012-12-05 12:30 - 00000000 ____D C:\Windows\Microsoft Antimalware
2012-12-04 15:40 - 2012-12-04 15:41 - 00000000 ____D C:\Windows\System32\config\mybackup
2012-12-04 11:01 - 2012-12-04 11:01 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{3184B5E4-B5E8-43B6-B354-D9A90F519897}
2012-12-03 18:21 - 2012-12-03 18:21 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{9EE5C88B-7BD2-4ACC-9931-CF7FC5AB9BF7}
2012-12-03 13:44 - 2012-12-03 13:44 - 00001757 ____A C:\Users\billy gates son\Desktop\exit.through.the.gift.shop.2010.720p-titans - Shortcut.lnk
2012-12-03 02:15 - 2012-12-03 02:16 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{818A3E59-3EEB-4F00-A154-C90B22ADC498}
2012-12-02 09:00 - 2012-12-02 09:00 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{1F9CBD01-7AF0-4C65-A8AE-AA2257FF846D}
2012-12-01 16:07 - 2012-12-01 16:07 - 00000000 ____D C:\Program Files (x86)\GPU-Z
2012-12-01 16:06 - 2012-12-01 16:06 - 01299424 ____A (techPowerUp (www.techpowerup.com)) C:\Users\billy gates son\Desktop\GPU-Z.0.6.6.exe
2012-12-01 15:20 - 2012-12-01 15:20 - 00000000 ____D C:\Users\billy gates son\Desktop\MSIAfterburnerSetup230
2012-12-01 11:39 - 2012-12-01 11:39 - 00000000 ____D C:\Users\billy gates son\Desktop\CPU_burn-in
2012-12-01 08:44 - 2012-12-01 08:45 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{DBBA1EB2-287A-4939-AC58-384C66E99621}
2012-11-30 11:21 - 2012-11-30 11:21 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{C6BDD03A-7DD7-4C34-B1A2-3A75A4D0E852}
2012-11-29 23:20 - 2012-11-29 23:20 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{4FCEA5FA-2880-4828-BF7E-BB6B00D5E487}
2012-11-29 11:19 - 2012-11-29 11:20 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{651F7E26-0C43-4439-8C3D-D90E70D4AFDA}
2012-11-28 21:28 - 2012-11-28 21:29 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{F778770D-B7B1-41EA-94CD-CD59BC606F80}
2012-11-28 08:15 - 2012-11-28 08:15 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{6A007CD7-87EE-473C-8E12-978F5443119F}
2012-11-26 09:07 - 2012-11-26 09:08 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{1B48CAC2-1BF9-4240-A852-77EC58D5E20D}
2012-11-25 09:18 - 2012-11-25 09:18 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{209A5F67-B943-4DEB-9151-A925239B5AC5}
2012-11-24 08:59 - 2012-11-24 09:00 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{40C29DBD-C94D-45D3-B5C6-7F85C050A8C9}
2012-11-23 22:31 - 2012-11-23 22:37 - 131072000 ____A C:\Users\billy gates son\Desktop\clonezilla-live-20120620-precise.iso
2012-11-23 21:26 - 2012-11-23 21:52 - 366823424 ____A C:\Users\billy gates son\Desktop\systemrescuecd-x86-3.1.1.iso
2012-11-23 14:05 - 2012-11-23 14:05 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{556B8FA6-5B89-4B2D-AF55-D8D59E717438}
2012-11-22 23:58 - 2012-11-22 23:58 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{AF911C94-2363-41A3-8C1F-2C92794A2E6D}
2012-11-22 08:58 - 2012-11-22 08:58 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{7072606F-2AF7-423C-B76B-AF03D187E472}
2012-11-21 17:55 - 2012-11-21 17:55 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-11-21 17:46 - 2012-11-21 17:46 - 00000000 ____D C:\Program Files\7-Zip
2012-11-21 13:25 - 2012-11-21 14:59 - 00000000 ____D C:\Users\billy gates son\AppData\Roaming\ImgBurn
2012-11-21 13:25 - 2012-11-21 13:25 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2012-11-21 13:24 - 2012-11-21 13:24 - 06118990 ____A (LIGHTNING UK!) C:\Users\billy gates son\Downloads\SetupImgBurn_2.5.7.0.exe
2012-11-21 13:24 - 2012-11-21 13:24 - 00000000 ____D C:\Users\billy gates son\AppData\Local\Coupon Companion
2012-11-21 13:24 - 2012-11-21 13:24 - 00000000 ____D C:\Program Files (x86)\Coupon Companion
2012-11-21 09:27 - 2012-11-21 09:28 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{3721A793-14C2-42A4-8310-34DB2817B4BF}
2012-11-20 09:27 - 2012-11-20 09:28 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{C83C7981-EBE1-4D22-83BE-A9472EC221C5}
2012-11-19 15:03 - 2012-11-19 15:03 - 00000000 ____D C:\Program Files\PerformanceTest
2012-11-19 10:16 - 2012-11-19 10:16 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{FDA5BAA6-F5CB-465B-95C5-BD93EF2502E2}
2012-11-18 16:46 - 2012-11-18 16:47 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{D1E2FE81-2C19-4532-A835-4964FF5DD0A5}
2012-11-18 09:35 - 2012-11-18 09:35 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{0DAF4C9D-A7B8-47B4-A32B-81A085B8CCA9}
2012-11-17 14:10 - 2012-11-17 14:11 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{C0C94F9A-59A7-4C6F-AA37-5671AB491A62}
2012-11-16 09:28 - 2012-11-16 09:29 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{941BF903-66FB-4695-A36D-C031FB4717B6}
2012-11-15 15:55 - 2012-11-15 15:55 - 00000000 ____D C:\Users\billy gates son\Documents\opto22 PAC Systems Training
2012-11-15 14:00 - 2012-11-15 14:00 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{0BF8919F-31CA-4F4F-91B4-C74C991F1AF2}
2012-11-14 06:38 - 2012-08-23 06:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2012-11-14 06:38 - 2012-08-23 06:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2012-11-14 06:38 - 2012-08-23 06:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2012-11-14 06:38 - 2012-08-23 05:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2012-11-14 06:38 - 2012-08-23 05:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2012-11-14 06:38 - 2012-08-23 05:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2012-11-14 06:38 - 2012-08-23 05:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2012-11-14 06:38 - 2012-08-23 05:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2012-11-14 06:38 - 2012-08-23 05:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2012-11-14 06:38 - 2012-08-23 05:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2012-11-14 06:38 - 2012-08-23 05:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2012-11-14 06:38 - 2012-08-23 05:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2012-11-14 06:38 - 2012-08-23 04:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2012-11-14 06:38 - 2012-08-23 03:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2012-11-14 06:38 - 2012-08-23 03:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2012-11-14 06:38 - 2012-08-23 03:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2012-11-14 06:38 - 2012-08-23 03:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2012-11-14 06:38 - 2012-08-23 02:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2012-11-14 06:38 - 2012-08-23 02:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2012-11-14 06:38 - 2012-08-23 02:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2012-11-14 06:38 - 2012-08-23 02:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2012-11-14 06:38 - 2012-08-23 01:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-11-14 06:38 - 2012-08-23 00:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2012-11-14 06:38 - 2012-08-23 00:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2012-11-14 06:36 - 2012-08-24 10:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-11-14 06:36 - 2012-08-24 10:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-11-14 06:36 - 2012-08-24 10:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-11-14 06:36 - 2012-08-24 10:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-11-14 06:36 - 2012-08-24 10:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-11-14 06:36 - 2012-08-24 08:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-11-14 06:36 - 2012-08-24 08:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-11-14 06:36 - 2012-08-24 08:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-11-14 06:36 - 2012-08-24 08:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-11-14 06:18 - 2012-11-14 06:19 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{C69E04E8-65B9-4323-9CC7-E3A12FF1D44C}
2012-11-14 03:00 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-14 03:00 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-14 03:00 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-14 03:00 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-14 03:00 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-14 03:00 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-14 03:00 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-14 03:00 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-14 03:00 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-14 03:00 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-14 03:00 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-14 03:00 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-14 03:00 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-14 03:00 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-14 03:00 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-14 03:00 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-14 03:00 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-14 03:00 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-14 03:00 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-14 03:00 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-14 03:00 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-14 03:00 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-14 03:00 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-14 03:00 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-14 03:00 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-14 03:00 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-14 03:00 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-14 03:00 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-14 03:00 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-14 03:00 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-14 03:00 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-14 03:00 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-14 03:00 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-14 03:00 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-14 03:00 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-14 03:00 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-14 03:00 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-14 03:00 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-14 03:00 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-14 03:00 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-14 02:12 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-14 02:12 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-14 02:12 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-14 02:12 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-14 02:12 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-14 02:12 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-14 02:12 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-14 02:12 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-14 02:12 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-14 02:12 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-14 02:12 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-14 02:12 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-14 02:12 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-14 02:12 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-14 02:12 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-14 02:12 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-14 02:12 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-14 02:12 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-14 02:12 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2012-11-13 17:33 - 2012-11-13 17:34 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{DFF53140-3FB1-4982-BEC6-3D7CD35F2C7E}
2012-11-12 22:10 - 2012-11-12 22:10 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{5B70BD1D-E02C-4088-8F3E-A86F3701E155}
2012-11-12 08:37 - 2012-11-12 08:38 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{227A598D-07EE-42F5-814F-5668F7828EE8}
2012-11-11 14:06 - 2012-11-11 14:06 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{FD5D923B-1289-4BB3-BC09-7D5165A03D58}
2012-11-10 11:56 - 2012-11-10 11:56 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{A96C60DF-E240-4E84-B70A-8C5630E04FFA}
2012-11-09 08:13 - 2012-11-09 08:13 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{1A182361-C71F-40FE-9901-B0195C3AEC59}
2012-11-08 18:16 - 2012-11-08 18:16 - 00000000 ____D C:\Users\All Users\Apple Computer
2012-11-08 18:16 - 2012-11-08 18:16 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-11-08 08:52 - 2012-11-08 08:53 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{E4CA18F0-34DA-4560-8AF3-0EEE29640FEE}
2012-11-07 14:52 - 2012-11-07 14:52 - 00000000 ____D C:\Users\billy gates son\Desktop\h2testw_1.4
2012-11-07 09:10 - 2012-11-07 09:11 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{1A55868C-6CB5-459A-BDEA-867EBA0EB161}


==================== One Month Modified Files and Folders =======

2012-12-05 13:35 - 2012-12-05 13:35 - 00000000 ____A C:\Windows\System32\config\SOFTWARE21c80541
2012-12-05 12:30 - 2012-12-04 21:34 - 00000000 ____D C:\Windows\Microsoft Antimalware
2012-12-05 01:07 - 2012-12-05 01:07 - 00000000 __ADC C:\regback
2012-12-04 15:41 - 2012-12-04 15:40 - 00000000 ____D C:\Windows\System32\config\mybackup
2012-12-04 11:47 - 2010-06-12 09:33 - 00135128 ____A C:\Windows\PFRO.log
2012-12-04 11:11 - 2010-06-07 19:29 - 01237911 ____A C:\Windows\WindowsUpdate.log
2012-12-04 11:01 - 2012-12-04 11:01 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{3184B5E4-B5E8-43B6-B354-D9A90F519897}
2012-12-04 10:56 - 2010-09-27 20:24 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-12-04 10:56 - 2010-06-14 16:59 - 00000344 ____A C:\Windows\Tasks\GlaryInitialize.job
2012-12-04 10:55 - 2012-04-01 12:23 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-04 10:24 - 2010-09-27 20:24 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-12-04 00:46 - 2010-06-19 01:39 - 00000000 ____D C:\Users\billy gates son\AppData\Roaming\Skype
2012-12-03 21:39 - 2010-06-11 19:42 - 00000000 ____D C:\Users\All Users\Kodak
2012-12-03 18:21 - 2012-12-03 18:21 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{9EE5C88B-7BD2-4ACC-9931-CF7FC5AB9BF7}
2012-12-03 13:44 - 2012-12-03 13:44 - 00001757 ____A C:\Users\billy gates son\Desktop\exit.through.the.gift.shop.2010.720p-titans - Shortcut.lnk
2012-12-03 13:44 - 2010-12-14 14:50 - 00000000 ____D C:\Users\billy gates son\AppData\Roaming\vlc
2012-12-03 13:42 - 2011-08-18 12:38 - 00000000 ____D C:\Program Files (x86)\FrostWire 5
2012-12-03 12:40 - 2009-07-13 21:13 - 00006250 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-03 11:37 - 2011-08-18 12:38 - 00000000 ____D C:\Users\billy gates son\.frostwire5
2012-12-03 10:12 - 2012-01-28 13:05 - 00000000 ____D C:\Program Files (x86)\FlvGrabber
2012-12-03 10:12 - 2011-06-15 23:09 - 00000000 ____D C:\Users\billy gates son\Documents\FlvGrabber
2012-12-03 09:53 - 2010-06-14 15:26 - 00000000 ____D C:\Users\billy gates son\Documents\work
2012-12-03 02:16 - 2012-12-03 02:15 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{818A3E59-3EEB-4F00-A154-C90B22ADC498}
2012-12-03 02:11 - 2009-07-13 20:45 - 00015008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-03 02:11 - 2009-07-13 20:45 - 00015008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-03 00:41 - 2012-01-02 15:10 - 00000000 ____D C:\Users\billy gates son\AppData\Roaming\Applian FLV and Media Player
2012-12-02 19:56 - 2010-10-18 13:50 - 00000000 ____D C:\Users\billy gates son\AppData\Roaming\GlarySoft
2012-12-02 19:56 - 2010-06-14 16:59 - 00000000 ____D C:\Program Files (x86)\Glary Utilities
2012-12-02 09:00 - 2012-12-02 09:00 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{1F9CBD01-7AF0-4C65-A8AE-AA2257FF846D}
2012-12-02 02:00 - 2010-06-18 22:35 - 00000000 ____D C:\Users\billy gates son\AppData\Local\Adobe
2012-12-01 19:42 - 2011-11-14 10:15 - 00032728 ____A C:\Windows\setupact.log
2012-12-01 19:42 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-01 16:07 - 2012-12-01 16:07 - 00000000 ____D C:\Program Files (x86)\GPU-Z
2012-12-01 16:06 - 2012-12-01 16:06 - 01299424 ____A (techPowerUp (www.techpowerup.com)) C:\Users\billy gates son\Desktop\GPU-Z.0.6.6.exe
2012-12-01 15:20 - 2012-12-01 15:20 - 00000000 ____D C:\Users\billy gates son\Desktop\MSIAfterburnerSetup230
2012-12-01 11:39 - 2012-12-01 11:39 - 00000000 ____D C:\Users\billy gates son\Desktop\CPU_burn-in
2012-12-01 08:45 - 2012-12-01 08:44 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{DBBA1EB2-287A-4939-AC58-384C66E99621}
2012-11-30 11:21 - 2012-11-30 11:21 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{C6BDD03A-7DD7-4C34-B1A2-3A75A4D0E852}
2012-11-29 23:20 - 2012-11-29 23:20 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{4FCEA5FA-2880-4828-BF7E-BB6B00D5E487}
2012-11-29 11:20 - 2012-11-29 11:19 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{651F7E26-0C43-4439-8C3D-D90E70D4AFDA}
2012-11-28 21:29 - 2012-11-28 21:28 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{F778770D-B7B1-41EA-94CD-CD59BC606F80}
2012-11-28 08:15 - 2012-11-28 08:15 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{6A007CD7-87EE-473C-8E12-978F5443119F}
2012-11-28 04:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-11-26 09:08 - 2012-11-26 09:07 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{1B48CAC2-1BF9-4240-A852-77EC58D5E20D}
2012-11-25 09:18 - 2012-11-25 09:18 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{209A5F67-B943-4DEB-9151-A925239B5AC5}
2012-11-24 09:00 - 2012-11-24 08:59 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{40C29DBD-C94D-45D3-B5C6-7F85C050A8C9}
2012-11-23 22:37 - 2012-11-23 22:31 - 131072000 ____A C:\Users\billy gates son\Desktop\clonezilla-live-20120620-precise.iso
2012-11-23 21:52 - 2012-11-23 21:26 - 366823424 ____A C:\Users\billy gates son\Desktop\systemrescuecd-x86-3.1.1.iso
2012-11-23 14:05 - 2012-11-23 14:05 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{556B8FA6-5B89-4B2D-AF55-D8D59E717438}
2012-11-22 23:58 - 2012-11-22 23:58 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{AF911C94-2363-41A3-8C1F-2C92794A2E6D}
2012-11-22 08:58 - 2012-11-22 08:58 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{7072606F-2AF7-423C-B76B-AF03D187E472}
2012-11-21 17:55 - 2012-11-21 17:55 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-11-21 17:55 - 2010-06-19 01:39 - 00000000 ____D C:\Users\All Users\Skype
2012-11-21 17:46 - 2012-11-21 17:46 - 00000000 ____D C:\Program Files\7-Zip
2012-11-21 17:40 - 2012-01-06 15:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-21 14:59 - 2012-11-21 13:25 - 00000000 ____D C:\Users\billy gates son\AppData\Roaming\ImgBurn
2012-11-21 14:02 - 2012-01-15 00:19 - 00000000 ____D C:\Users\billy gates son\AppData\Roaming\dvdcss
2012-11-21 13:25 - 2012-11-21 13:25 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2012-11-21 13:24 - 2012-11-21 13:24 - 06118990 ____A (LIGHTNING UK!) C:\Users\billy gates son\Downloads\SetupImgBurn_2.5.7.0.exe
2012-11-21 13:24 - 2012-11-21 13:24 - 00000000 ____D C:\Users\billy gates son\AppData\Local\Coupon Companion
2012-11-21 13:24 - 2012-11-21 13:24 - 00000000 ____D C:\Program Files (x86)\Coupon Companion
2012-11-21 09:28 - 2012-11-21 09:27 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{3721A793-14C2-42A4-8310-34DB2817B4BF}
2012-11-20 09:28 - 2012-11-20 09:27 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{C83C7981-EBE1-4D22-83BE-A9472EC221C5}
2012-11-19 15:03 - 2012-11-19 15:03 - 00000000 ____D C:\Program Files\PerformanceTest
2012-11-19 14:59 - 2010-06-12 18:43 - 00042959 ____A C:\Windows\DirectX.log
2012-11-19 14:04 - 2009-07-13 21:08 - 00032580 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-11-19 10:16 - 2012-11-19 10:16 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{FDA5BAA6-F5CB-465B-95C5-BD93EF2502E2}
2012-11-18 23:13 - 2012-08-23 14:29 - 00000000 ____D C:\Program Files (x86)\GIGABYTE
2012-11-18 23:13 - 2010-06-07 20:21 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-11-18 16:47 - 2012-11-18 16:46 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{D1E2FE81-2C19-4532-A835-4964FF5DD0A5}
2012-11-18 09:35 - 2012-11-18 09:35 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{0DAF4C9D-A7B8-47B4-A32B-81A085B8CCA9}
2012-11-17 14:11 - 2012-11-17 14:10 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{C0C94F9A-59A7-4C6F-AA37-5671AB491A62}
2012-11-16 12:41 - 2011-03-05 15:38 - 00000000 ____D C:\Program Files (x86)\FlashGet
2012-11-16 09:29 - 2012-11-16 09:28 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{941BF903-66FB-4695-A36D-C031FB4717B6}
2012-11-15 15:55 - 2012-11-15 15:55 - 00000000 ____D C:\Users\billy gates son\Documents\opto22 PAC Systems Training
2012-11-15 14:00 - 2012-11-15 14:00 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{0BF8919F-31CA-4F4F-91B4-C74C991F1AF2}
2012-11-15 13:39 - 2011-12-04 11:23 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-11-14 06:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-11-14 06:36 - 2010-06-12 10:03 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-14 06:19 - 2012-11-14 06:18 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{C69E04E8-65B9-4323-9CC7-E3A12FF1D44C}
2012-11-14 03:25 - 2010-06-07 20:19 - 00079992 ____A C:\Users\billy gates son\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-14 03:24 - 2009-07-13 20:45 - 04962032 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-13 17:34 - 2012-11-13 17:33 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{DFF53140-3FB1-4982-BEC6-3D7CD35F2C7E}
2012-11-12 22:10 - 2012-11-12 22:10 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{5B70BD1D-E02C-4088-8F3E-A86F3701E155}
2012-11-12 14:55 - 2010-06-18 22:33 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-12 14:54 - 2012-04-01 12:23 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-12 14:54 - 2011-12-02 14:15 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-11-12 08:38 - 2012-11-12 08:37 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{227A598D-07EE-42F5-814F-5668F7828EE8}
2012-11-11 14:06 - 2012-11-11 14:06 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{FD5D923B-1289-4BB3-BC09-7D5165A03D58}
2012-11-10 11:56 - 2012-11-10 11:56 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{A96C60DF-E240-4E84-B70A-8C5630E04FFA}
2012-11-09 08:13 - 2012-11-09 08:13 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{1A182361-C71F-40FE-9901-B0195C3AEC59}
2012-11-08 18:16 - 2012-11-08 18:16 - 00000000 ____D C:\Users\All Users\Apple Computer
2012-11-08 18:16 - 2012-11-08 18:16 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-11-08 08:53 - 2012-11-08 08:52 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{E4CA18F0-34DA-4560-8AF3-0EEE29640FEE}
2012-11-07 14:52 - 2012-11-07 14:52 - 00000000 ____D C:\Users\billy gates son\Desktop\h2testw_1.4
2012-11-07 09:11 - 2012-11-07 09:10 - 00000000 ____D C:\Users\billy gates son\AppData\Local\{1A55868C-6CB5-459A-BDEA-867EBA0EB161}
2012-11-06 12:27 - 2012-09-27 06:44 - 00025640 ____A (Windows ® Server 2003 DDK provider) C:\Windows\etdrv.sys
2012-11-06 12:27 - 2012-09-27 06:03 - 00030528 ____A C:\Windows\GVTDrv64.sys
2012-11-06 12:27 - 2012-09-27 05:46 - 00025640 ____A (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 6%
Total physical RAM: 32765.24 MB
Available physical RAM: 30798.84 MB
Total Pagefile: 32763.44 MB
Available Pagefile: 30811.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:279.37 GB) (Free:60.84 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (WDO_Media64) (Removable) (Total:7.45 GB) (Free:7.38 GB) NTFS
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 279 GB 85 MB
Disk 1 Online 7633 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 279 GB 86 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 279 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E WDO_Media64 NTFS Removable 7633 MB Healthy

=========================================================

Last Boot: 2012-12-04 11:53

==================== End Of Log =============================

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:44 AM

Posted 09 December 2012 - 02:25 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Posted Image

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

Please post the logs for my review.
You can use more than one post if you need to.

#3 billy gates son

billy gates son
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 10 December 2012 - 10:40 AM

I guess I should've been more clear, I still can't boot into windows because it still goes through the Startup Repair loop because of the corrupt registry that I was unable to fix. Should I do the steps with the affected drive in a different computer as a non-os drive?
my computer is like this situation www.bleepingcomputer.com/forums/topic435453.html

Edited by billy gates son, 10 December 2012 - 10:45 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:44 AM

Posted 10 December 2012 - 11:29 AM

Your problem is not quite the same as the previous link your found.


You are dealing with a damaged registry.

Can you boot in Safe Mode and try the fix on this page.

http://support.microsoft.com/kb/927392
Use the Bootrec.exe tool in the Windows Recovery Environment to troubleshoot and repair startup issues in Windows

The idea is to run Bootrec.exe and see if this will correct the boot sector.

Keep me posted.

#5 billy gates son

billy gates son
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 10 December 2012 - 01:05 PM

I had tried the bootrec.exe before with no luck BUT THIS FIXED IT:

•bcdedit /export C:\BCD_Backup
•c:
•cd boot
•attrib bcd -s -h -r
•ren c:\boot\bcd bcd.old
•bootrec /RebuildBcd

The virus on my computer was from http://www.eeegr.com/UYTBWCUXDP.php?php=receipt
here is a picture of the offender http://urlquery.net/screenshot.php?id=339658
any idea what virus this was?

THANK YOU FOR TEACHING ME SOMETHING :clapping:

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:44 AM

Posted 10 December 2012 - 02:05 PM

I'm sure the message you opened was a fake, a ransom ware of somthing. eeegr.com is a reputable site.
http://www.eeegr.com/


The first list site is down.
===

Do you want to continue?

#7 billy gates son

billy gates son
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 10 December 2012 - 02:39 PM

I know its a reputable site, but the virus originated from there.
THANK YOU AGAIN FOR TEACHING ME SOMETHING :thumbsup:
should I delete any of these files?

Attached Files


Edited by billy gates son, 11 December 2012 - 02:35 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:44 AM

Posted 11 December 2012 - 08:37 AM

This is the best solution I found.


look for any BCD that is 0 in size and delete it. eg...
del BCD.backup.0001

Source: http://www.networksteve.com/windows/topic.php?TopicId=30001

#9 billy gates son

billy gates son
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 11 December 2012 - 02:26 PM

thanks
the BCD & BCD.log & BOOTSTAT.dat are the ones that need to be kept
the BCD.Backup.0001 was outdated
the BCD.gbck was from glary utilities and outdated
the BCD.LOG1 & BCD.LOG2 were empty files and outdated
the BCD.OLD was the corrupt version that was wasn't allowing windows to boot

Attached Files



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:44 AM

Posted 11 December 2012 - 02:29 PM

I think you can live with this.

#11 billy gates son

billy gates son
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 11 December 2012 - 02:38 PM

yes I can, I've rebooted numerous times just to be sure!
just trying to explain as much as possible so when somebody stumbles upon this topic, they can fix it without having to contact somebody from the Malware Response Team.
THANK YOU AGAIN FOR ALL OF YOUR HELP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users