Jump to content

Malway

Members
  • Posts

    18
  • Joined

  • Last visited

Everything posted by Malway

  1. You too, thanks a lot for your help and the headache you saved me. I promise to donate after my next paycheck, and to tell everyone I know who has a problem to come here.
  2. yeah, I set security center and windows update to automatic. They were both set to automatic (delayed start) beforehand. Windows is installing updates right now, seems to be working fine.
  3. Sorry, forgot to reboot first ^ Farbar Service Scanner Version: 26-07-2012 Ran by Ryan (administrator) on 01-08-2012 at 14:47:37 Running from "C:\Users\Ryan\Desktop" Microsoft Windows 7 Ultimate (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== sharedaccess Service is not running. Checking service configuration: The start type of sharedaccess service is set to Auto The ImagePath of sharedaccess service is OK. The ServiceDll of sharedaccess service is OK. File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys [2012-03-30 06:49] - [2011-12-27 20:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll [2009-07-13 17:09] - [2009-07-13 18:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3 C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll [2009-07-13 16:36] - [2009-07-13 18:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5 C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
  4. Farbar Service Scanner Version: 26-07-2012 Ran by Ryan (administrator) on 01-08-2012 at 14:37:57 Running from "C:\Users\Ryan\Desktop" Microsoft Windows 7 Ultimate (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ BITS Service is not running. Checking service configuration: The start type of BITS service is OK. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== sharedaccess Service is not running. Checking service configuration: The start type of sharedaccess service is set to Auto The ImagePath of sharedaccess service is OK. The ServiceDll of sharedaccess service is OK. File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys [2012-03-30 06:49] - [2011-12-27 20:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll [2009-07-13 17:09] - [2009-07-13 18:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3 C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll [2009-07-13 16:36] - [2009-07-13 18:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5 C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
  5. it doesn't say run as administrator. Should I go ahead and click 'Merge' ?
  6. Farbar Service Scanner Version: 26-07-2012 Ran by Ryan (administrator) on 01-08-2012 at 14:23:07 Running from "C:\Users\Ryan\Desktop" Microsoft Windows 7 Ultimate (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ BITS Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== sharedaccess Service is not running. Checking service configuration: The start type of sharedaccess service is set to Auto The ImagePath of sharedaccess service is OK. The ServiceDll of sharedaccess service is OK. File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys [2012-03-30 06:49] - [2011-12-27 20:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll [2009-07-13 17:09] - [2009-07-13 18:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3 C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll [2009-07-13 16:36] - [2009-07-13 18:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5 C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
  7. Well, I did all the cleanup you said. My computer is working great now, the only thing is windows update won't install any updates. It gets an error code 80246008. Honestly, I don't usually have windows set to update automatically, and I'm sure I've gone a long time without installing any updates before I was having any problems. Do you think it's important to always update windows? What about the optional updates? Thanks again for your tremendous help.
  8. Looks perfect. Thanks a ton! Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.01.06 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Ryan :: RYAN-PC [administrator] Protection: Enabled 8/1/2012 11:01:38 AM mbam-log-2012-08-01 (11-01-38).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 210378 Time elapsed: 1 minute(s), 5 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  9. RogueKiller V7.6.4 [07/17/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User: Ryan [Admin rights] Mode: Scan -- Date: 08/01/2012 10:52:26 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 4 ¤¤¤ [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD1502FAEX-007BA0 ATA Device +++++ --- User --- [MBR] 71e078ed60656b726c33c2e303366e6d [bSP] 2480a6928ca5e881d32a6b033d557b07 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430697 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt
  10. ComboFix 12-07-31.03 - Ryan 08/01/2012 10:21:21.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8105.6508 [GMT -7:00] Running from: c:\users\Ryan\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini . . ((((((((((((((((((((((((( Files Created from 2012-07-01 to 2012-08-01 ))))))))))))))))))))))))))))))) . . 2012-08-01 14:51 . 2012-08-01 14:51 -------- d-----w- C:\FRST 2012-07-31 23:42 . 2012-07-31 23:46 -------- d-----w- c:\program files\PeerBlock 2012-07-28 14:31 . 2012-07-28 14:31 -------- d-----w- c:\users\Ryan\AppData\Roaming\Malwarebytes 2012-07-28 14:31 . 2012-07-28 14:31 -------- d-----w- c:\programdata\Malwarebytes 2012-07-28 14:31 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-28 14:31 . 2012-07-28 14:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-22 15:32 . 2012-07-22 15:32 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-18 09:59 . 2012-08-01 16:49 -------- d-----w- c:\users\Ryan\AppData\Local\GOGcom 2012-07-16 09:42 . 2012-07-16 09:42 -------- d-----w- c:\users\Ryan\AppData\Local\Power2Go 2012-07-13 14:01 . 2012-07-13 14:01 -------- d-----w- C:\Games 2012-07-13 14:00 . 2012-07-13 14:00 -------- d-----w- c:\users\Ryan\AppData\Local\Black_Tree_Gaming 2012-07-13 14:00 . 2012-07-27 17:46 -------- d-----w- c:\program files\Nexus Mod Manager 2012-07-08 18:26 . 2012-07-08 18:26 -------- d-----w- c:\users\Ryan\AppData\Local\Cyberlink 2012-07-07 06:27 . 2012-07-07 06:27 -------- d-----w- c:\users\Public\CyberLink 2012-07-07 06:14 . 2012-07-07 06:14 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll 2012-07-07 06:14 . 2012-07-07 06:14 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-07-07 06:14 . 2012-07-07 06:14 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-07-07 06:11 . 2012-07-08 18:26 -------- d-----w- c:\users\Ryan\AppData\Roaming\CyberLink 2012-07-07 06:11 . 2001-09-05 11:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2012-07-07 06:11 . 2001-09-05 11:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll 2012-07-07 06:11 . 2001-09-05 11:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2012-07-07 06:11 . 2001-09-05 11:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2012-07-07 06:07 . 2012-07-07 06:17 -------- d-----w- c:\program files (x86)\CyberLink 2012-07-07 06:07 . 2012-07-07 06:25 -------- d-----w- c:\programdata\CyberLink . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-27 15:12 . 2012-04-19 09:33 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-27 15:12 . 2011-12-27 12:09 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-02 22:19 . 2012-06-28 21:43 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-28 21:43 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-28 21:43 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-28 21:43 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-28 21:43 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 22:19 . 2012-06-28 21:43 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-28 21:43 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-28 21:43 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 22:15 . 2012-06-28 21:43 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-05-15 10:48 . 2012-05-12 08:58 949056 ----a-w- c:\windows\system32\nvumdshimx.dll 2012-05-15 10:48 . 2012-05-12 08:58 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2012-05-15 10:48 . 2012-05-12 08:58 68928 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:48 . 2012-05-12 08:58 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-05-15 10:48 . 2012-05-12 08:58 246592 ----a-w- c:\windows\system32\nvinitx.dll 2012-05-15 10:48 . 2012-05-12 08:58 202048 ----a-w- c:\windows\SysWow64\nvinit.dll 2012-05-15 10:48 . 2012-05-12 08:58 1738048 ----a-w- c:\windows\system32\nvdispco64.dll 2012-05-15 10:48 . 2012-05-12 08:58 1468224 ----a-w- c:\windows\system32\nvgenco64.dll 2012-05-15 10:48 . 2011-12-27 15:32 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-05-15 10:48 . 2011-12-27 15:32 2741568 ----a-w- c:\windows\system32\nvapi64.dll 2012-05-15 10:48 . 2011-12-27 15:32 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-05-15 10:48 . 2011-12-27 15:32 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-05-15 10:48 . 2011-12-27 15:32 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-05-15 09:29 . 2011-12-27 15:32 889664 ----a-w- c:\windows\system32\nvvsvc.exe 2012-05-15 09:29 . 2011-12-27 15:32 63296 ----a-w- c:\windows\system32\nvshext.dll 2012-05-15 09:29 . 2011-12-27 15:32 118080 ----a-w- c:\windows\system32\nvmctray.dll 2012-05-15 09:29 . 2012-05-12 08:58 2621723 ----a-w- c:\windows\system32\nvcoproc.bin 2012-05-15 09:29 . 2011-12-27 15:32 3149632 ----a-w- c:\windows\system32\nvsvc64.dll 2012-05-15 09:28 . 2011-12-27 15:32 6151488 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 09:21 . 2012-05-15 09:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-05-12 08:48 . 2012-05-12 08:49 772552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-05-12 06:11 . 2009-08-18 20:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll 2012-05-12 06:11 . 2009-08-18 19:24 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-12-28 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-10-26 74752] "Razer Blackwidow Driver"="c:\program files (x86)\Razer\BlackWidow\BlackwidowTray.exe" [2011-05-16 887696] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720] "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336] "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-29 75048] "UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-12-20 222504] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/07/06 23:15;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-29 241648] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-06-01 1432400] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-22 113120] R3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-05-13 154624] S0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [2011-04-08 312624] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-02-15 412712] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736] S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [2011-09-20 183104] S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [2011-09-20 47168] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *Deregistered* - CLKMDRV10_38F51D56 . Contents of the 'Scheduled Tasks' folder . 2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 15:12] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024] "ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2011-11-10 310272] "SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2011-11-10 158208] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://isearch.whitesmoke.com/?isid=9858 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9858 TCP: DhcpNameServer = 192.168.1.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\6uittgxq.default\ FF - prefs.js: browser.startup.homepage - hxxp://isearch.whitesmoke.com/?isid=9858 FF - prefs.js: keyword.URL - hxxp://isearch.whitesmoke.com/?babsrc=home&s=web&as=0&isid=9858&q= . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-GOGcom - c:\users\Ryan\AppData\Local\GOGcom\fgjdyafh.dll . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2613894083-535015234-3304594621-1000\Software\SecuROM\License information*] "datasecu"=hex:72,9c,b1,44,70,ee,1e,e3,58,bf,d7,4b,23,17,f0,16,35,4c,8c,3f,c7, c2,06,2c,f1,d6,41,a7,d2,6a,ff,be,a6,89,b7,eb,4b,21,26,d9,2a,cd,a8,8f,e9,c0,\ "rkeysecu"=hex:97,83,0a,43,1f,25,b1,e6,ad,54,d9,8a,a9,e6,d4,cc . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-08-01 10:31:53 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-01 17:31 . Pre-Run: 590,974,447,616 bytes free Post-Run: 593,876,488,192 bytes free . - - End Of File - - D701E5331A017BE1B4971BC17B5AAC2C
  11. well, you posted back immediately after that last post, so I'll continue with what you tell me. System Recovery Options just won't seem to start up when I press F8 though.
  12. Ok, I obviously should've run the fix file when I was in recovery. Since I'm having too many problems running recovery options through BIOS, I'm gonna use my windows disc.
  13. OK, I figured out my timing problem was with my mechanical keyboard not powering up until the second BIOS screen appeared. But, here's the fixlog file from FRST64 run in normal windows. Do I have to do it again in recovery? Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01 Ran by Ryan at 2012-08-01 09:49:42 Run:1 Running from G:\ ATTENTION: THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY. ============================================== HKEY_USERS\Ryan\Software\Microsoft\Windows\CurrentVersion\Run\\GOGcom Value not found. C:\Users\Ryan\AppData\Local\GOGcom\fgjdyafh.dll moved successfully. C:\Windows\Installer\{e63a8549-b6f6-7370-358e-cd0d114b279c} moved successfully. C:\Users\Ryan\AppData\Local\{e63a8549-b6f6-7370-358e-cd0d114b279c} moved successfully. Could not move C:\Windows\assembly\GAC_32\Desktop.ini. Could not move C:\Windows\assembly\GAC_64\Desktop.ini. C:\Windows\System32\services.exe moved successfully. C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe ==== End of Fixlog ====
  14. OK, the hardest part about this is getting the timing down of when to press F8 when I restart to bring up system recover options. I got it right before my last post, but the last time I actually got to the command prompt, I forgot what to do so I just started up to read this again. Now, the last two times I've pressed F8, it's brought up the screen saying windows didn't startup properly, and just has two options for system repair, or to start windows normally. I'll try again, but if it doesn't get back to system recovery options, should I load my system restore point?
  15. Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01 Ran by SYSTEM at 01-08-2012 06:57:32 Running from F:\ Windows 7 Ultimate (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [168216 2011-04-20] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-04-20] (Intel Corporation) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-04-20] (Intel Corporation) HKLM\...\Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe [310272 2011-11-09] (Saitek) HKLM\...\Run: [saiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2011-11-09] (Saitek) HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11860072 2011-06-08] (Realtek Semiconductor) HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-10-26] (Nullsoft, Inc.) HKLM-x32\...\Run: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow\BlackwidowTray.exe [887696 2011-05-16] (Razer USA Ltd) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.) HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-11-02] (CyberLink) HKLM-x32\...\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [87336 2010-02-02] (CyberLink Corp.) HKLM-x32\...\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-11-28] (cyberlink) HKLM-x32\...\Run: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [222504 2010-12-20] (CyberLink Corp.) HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation) HKU\Ryan\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-12-28] (Valve Corporation) HKU\Ryan\...\Run: [GOGcom] RUNDLL32.EXE C:\Users\Ryan\AppData\Local\GOGcom\fgjdyafh.dll,InjectDll [454144 2012-07-28] (Microsoft Corporation) Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 AppInit_DLLs: C:\Windows\system32\nvinitx.dll ==================== Services (Whitelisted) ====== 2 CLKMSVC10_38F51D56; "C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe" /svc [241648 2010-11-29] (CyberLink) 2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation) 2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] () 2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2011-02-22] (Intel Corporation) ========================== Drivers (Whitelisted) ============= 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation) 0 mvs91xx; C:\Windows\System32\Drivers\mvs91xx.sys [312624 2011-04-08] (Marvell Semiconductor, Inc.) 3 RzSynapse; C:\Windows\System32\Drivers\RzSynapse.sys [154624 2011-05-12] (Razer USA Ltd) 3 SaiK0CCB; C:\Windows\System32\Drivers\SaiK0CCB.sys [183104 2011-09-20] (Saitek) 3 SaiMini; C:\Windows\System32\Drivers\SaiMini.sys [24640 2011-11-10] (Saitek) 3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52160 2011-11-10] (Saitek) 3 SaiU0CCB; C:\Windows\System32\Drivers\SaiU0CCB.sys [47168 2011-09-20] (Saitek) ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-08-01 05:22 - 2012-08-01 05:22 - 01438391 ____A (Farbar) C:\Users\Ryan\Downloads\FRST64.exe 2012-08-01 04:49 - 2012-08-01 04:49 - 00002502 ____A C:\Users\Ryan\Desktop\RKreport[1].txt 2012-08-01 04:48 - 2012-08-01 04:49 - 00000000 ____D C:\Users\Ryan\Desktop\RK_Quarantine 2012-08-01 04:47 - 2012-08-01 04:47 - 01552384 ____A C:\Users\Ryan\Desktop\RogueKiller.exe 2012-07-31 16:17 - 2012-07-31 16:17 - 00003981 ____A C:\Users\Ryan\Desktop\Attach.txt 2012-07-31 16:16 - 2012-07-31 16:16 - 00015685 ____A C:\Users\Ryan\Desktop\DDS.txt 2012-07-31 16:06 - 2012-07-31 16:06 - 00607260 ____R (Swearware) C:\Users\Ryan\Desktop\dds.com 2012-07-31 15:42 - 2012-07-31 15:46 - 00000000 ____D C:\Program Files\PeerBlock 2012-07-31 15:42 - 2012-07-31 15:42 - 00001736 ____A C:\Users\Ryan\Desktop\PeerBlock.lnk 2012-07-31 15:41 - 2012-07-31 15:41 - 02105040 ____A (PeerBlock, LLC ) C:\Users\Ryan\Downloads\PeerBlock-Setup_v1.1_r518(2).exe 2012-07-31 07:38 - 2012-05-18 06:26 - 00002380 ____A C:\Users\Ryan\Downloads\Firewall-Repair-Windows-7.reg 2012-07-31 07:38 - 2012-05-18 04:26 - 00086094 ____A C:\Users\Ryan\Downloads\BFE-Repair-Windows-7.reg 2012-07-31 07:35 - 2012-07-31 07:35 - 00007191 ____A C:\Users\Ryan\Downloads\BFE-Repair-Windows-7.zip 2012-07-28 13:04 - 2012-07-28 13:04 - 02105040 ____A (PeerBlock, LLC ) C:\Users\Ryan\Downloads\PeerBlock-Setup_v1.1_r518(1).exe 2012-07-28 10:11 - 2012-07-28 10:11 - 00000000 ____D C:\Users\Ryan\Downloads\Winkers 5 2012-07-28 10:07 - 2012-07-28 10:07 - 00000000 ____D C:\Users\Ryan\Downloads\Winkers 6 [DvdRip] [480p]._.mp4 2012-07-28 06:31 - 2012-07-28 06:31 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-28 06:31 - 2012-07-28 06:31 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Malwarebytes 2012-07-28 06:31 - 2012-07-28 06:31 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-07-28 06:31 - 2012-07-28 06:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-28 06:31 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-07-28 06:30 - 2012-07-28 06:30 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Ryan\Downloads\mbam-setup-1.62.0.1300.exe 2012-07-27 06:47 - 2012-08-01 05:12 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-07-26 07:29 - 2012-07-26 10:25 - 00000000 ____D C:\Users\Ryan\Downloads\Jenna Haze ## BD Remux ## 2012-07-26 04:30 - 2012-07-26 04:30 - 00000000 ____D C:\Users\Ryan\Desktop\RPG_Profiles_v1 2012-07-26 04:16 - 2012-07-26 05:45 - 00000000 ____D C:\Users\Ryan\Downloads\Cum Fart Cocktails 7 2012-07-26 04:12 - 2012-07-26 05:06 - 00000000 ____D C:\Users\Ryan\Downloads\Cum.Fart.Cocktails.8.XXX.DVDRip.XviD-STARLETS 2012-07-26 04:11 - 2012-07-26 04:11 - 00000000 ____D C:\Users\Ryan\Downloads\Cum Fart Cocktails # 3 2012-07-25 23:26 - 2012-07-25 23:26 - 00015029 ____A C:\Users\Ryan\Desktop\Lesbian.Oil.Orgy.2.XviD-PORNOLATiON.torrent 2012-07-25 23:19 - 2012-07-25 23:19 - 00000000 ____D C:\Users\Ryan\Downloads\Buttsluts 2012-07-25 06:55 - 2012-07-25 11:26 - 00000000 ____D C:\Users\Ryan\Downloads\Jenna. Haze.Oil.Orgy.720p.x264-CtrlHD 2012-07-25 03:48 - 2012-07-25 03:50 - 00000000 ____D C:\Users\Ryan\Downloads\Tristan Taormino's Expert Guides To Sex 2012-07-25 03:42 - 2012-07-25 04:51 - 00000000 ____D C:\Users\Ryan\Downloads\jenna_haze_oil_orgy HD 2012-07-25 03:36 - 2012-07-25 03:41 - 00000000 ____D C:\Users\Ryan\Downloads\Microsoft Office Proffesional Plus 2010 Corporate Final (full activated) 2012-07-25 03:23 - 2012-07-25 03:24 - 00000000 ____D C:\Users\Ryan\Downloads\Formulas and Functions Microsoft Excel 2010 2012-07-24 07:31 - 2012-07-24 08:37 - 00000000 ____D C:\Users\Ryan\Downloads\Lesbian.Oil.Orgy.2.XviD-PORNOLATiON 2012-07-24 06:12 - 2012-07-24 09:44 - 3376740309 ____A C:\Users\Ryan\Downloads\The Dark Knight.mkv 2012-07-23 10:10 - 2012-07-23 20:25 - 00000000 ____D C:\Users\Ryan\Downloads\Fashionistas Safado 1080p 2012-07-23 03:56 - 2012-07-23 04:01 - 00000000 ____D C:\Users\Ryan\Downloads\Bitchcraft 7 2012-07-23 03:50 - 2012-07-23 04:00 - 00000000 ____D C:\Users\Ryan\Downloads\Bitchcraft_2_XXX_DVDRip_[torrents.ru] 2012-07-23 03:49 - 2012-07-23 03:49 - 00000140 ____A C:\Users\Ryan\Downloads\Bitchcraft 7 2009 DVDRip-[rarbg.com].nfo 2012-07-22 07:32 - 2012-07-22 07:32 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-07-21 20:15 - 2012-05-15 02:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll 2012-07-21 20:15 - 2012-05-15 02:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll 2012-07-21 20:15 - 2012-05-15 02:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2012-07-21 20:15 - 2012-05-15 02:48 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll 2012-07-21 20:15 - 2012-05-15 02:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2012-07-21 20:15 - 2012-05-15 02:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys 2012-07-21 20:15 - 2012-05-15 02:48 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll 2012-07-21 20:15 - 2012-05-15 02:48 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2012-07-21 20:15 - 2012-05-15 02:48 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll 2012-07-21 20:15 - 2012-05-15 02:48 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll 2012-07-21 20:15 - 2012-05-15 02:48 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2012-07-21 20:15 - 2012-05-15 02:48 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2012-07-21 20:15 - 2012-05-15 02:48 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll 2012-07-21 20:15 - 2012-05-15 02:48 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll 2012-07-21 20:15 - 2012-04-18 09:08 - 00188736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys 2012-07-21 20:15 - 2012-04-18 09:08 - 00031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll 2012-07-21 19:09 - 2012-07-21 19:10 - 168454136 ____A (NVIDIA Corporation) C:\Users\Ryan\Downloads\301.42-desktop-win7-winvista-64bit-english-whql.exe 2012-07-20 05:48 - 2012-07-28 04:09 - 22657136 ____A C:\Users\Ryan\Documents\vlc-2.0.2-win32.exe 2012-07-20 03:11 - 2012-07-20 03:15 - 00000000 ____D C:\Users\Ryan\Downloads\Batman.Begins.2005.720p.BluRay.DTS.x264-ESiR [PublicHD] 2012-07-20 02:48 - 2012-07-20 02:48 - 02105040 ____A (PeerBlock, LLC ) C:\Users\Ryan\Downloads\PeerBlock-Setup_v1.1_r518.exe 2012-07-19 06:34 - 2012-07-19 06:34 - 00000000 ____D C:\Users\Ryan\Downloads\Anal.Desires.2 2012-07-19 06:28 - 2012-07-19 06:34 - 00000000 ____D C:\Users\Ryan\Downloads\Anal Cavity Search 8 2012-07-19 06:23 - 2012-07-19 13:25 - 00000000 ____D C:\Users\Ryan\Downloads\Anal.Cavity.Search.6.DISC1.XXX.DVDRip.XviD-FLESHLiGHT 2012-07-18 21:33 - 2012-07-27 04:09 - 00000000 ____D C:\Users\Ryan\Desktop\Preset 2 2012-07-18 21:33 - 2011-12-18 18:11 - 00000000 ____D C:\Users\Ryan\Desktop\Preset 3 2012-07-18 21:33 - 2011-12-18 18:11 - 00000000 ____D C:\Users\Ryan\Desktop\Preset 1 2012-07-18 21:33 - 2011-12-18 14:11 - 00000000 ____D C:\Users\Ryan\Desktop\Preset 4 2012-07-18 16:21 - 2012-07-18 16:21 - 00017280 ____A C:\Users\Ryan\Desktop\cover letter.odt 2012-07-18 07:25 - 2012-07-18 08:18 - 00000000 ____D C:\Users\Ryan\Downloads\Anal Lessons (2012) DVDRip 2012-07-18 01:59 - 2012-07-28 09:59 - 00000000 ____D C:\Users\Ryan\AppData\Local\GOGcom 2012-07-17 05:33 - 2012-07-17 05:33 - 01912168 ____A (mIRC Co. Ltd.) C:\Users\Ryan\Downloads\mirc725(1).exe 2012-07-17 02:50 - 2012-07-17 02:51 - 00000000 ____D C:\Users\Ryan\Desktop\lez 2012-07-17 02:17 - 2012-07-24 10:52 - 00000000 ____D C:\Users\Ryan\Desktop\MOVIES 2012-07-16 01:42 - 2012-07-16 01:42 - 00000000 ____D C:\Users\Ryan\AppData\Local\Power2Go 2012-07-14 02:34 - 2012-07-14 02:34 - 00000219 ____A C:\Users\Ryan\Desktop\Team Fortress 2.url 2012-07-13 21:46 - 2012-07-13 21:46 - 00127975 ___RA C:\Users\Ryan\Desktop\Post_Process_Injector_2_1_Manual_Install-131.7z 2012-07-13 06:39 - 2012-07-11 03:06 - 01200075 ___RA C:\Users\Ryan\Desktop\SkyUI_2_2-3863-2-2.7z 2012-07-13 06:11 - 2012-07-13 06:17 - 00002848 ____A C:\Users\Ryan\Desktop\SKSE.lnk 2012-07-13 06:05 - 2012-07-13 06:05 - 00076242 ____A C:\Users\Ryan\Desktop\SKSE Scripts.rar 2012-07-13 06:01 - 2012-07-13 06:01 - 00000000 ____D C:\Games 2012-07-13 06:00 - 2012-07-27 09:46 - 00000890 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk 2012-07-13 06:00 - 2012-07-27 09:46 - 00000000 ____D C:\Program Files\Nexus Mod Manager 2012-07-13 06:00 - 2012-07-27 04:28 - 00000000 ____D C:\Users\Ryan\Documents\Nexus Mod Manager 2012-07-13 06:00 - 2012-07-13 06:00 - 00000000 ____D C:\Users\Ryan\AppData\Local\Black_Tree_Gaming 2012-07-13 05:52 - 2012-07-13 05:52 - 03842975 ____A (Black Tree Gaming ) C:\Users\Ryan\Downloads\Nexus Mod Manager-0.18.9.exe 2012-07-13 05:26 - 2012-07-13 06:08 - 00000000 ____D C:\Users\Ryan\Desktop\skse_1_05_09 2012-07-10 18:54 - 2012-07-10 18:54 - 01912168 ____A (mIRC Co. Ltd.) C:\Users\Ryan\Downloads\mirc725.exe 2012-07-08 10:26 - 2012-07-08 10:26 - 00000000 ____D C:\Users\Ryan\AppData\Local\Cyberlink 2012-07-06 22:45 - 2012-07-06 22:45 - 00021517 ____A C:\Users\Ryan\Desktop\Resume.odt 2012-07-06 22:27 - 2012-07-06 22:27 - 00000000 ____D C:\Users\Public\CyberLink 2012-07-06 22:25 - 2012-07-06 22:25 - 00000000 ____D C:\Users\Ryan\Documents\CyberLink 2012-07-06 22:17 - 2012-07-16 01:42 - 00001235 ____A C:\Users\Ryan\Desktop\Blu-ray Disc Suite.lnk 2012-07-06 22:17 - 2012-07-06 22:17 - 00001253 ____A C:\Users\UpdatusUser\Desktop\Blu-ray Disc Suite.lnk 2012-07-06 22:17 - 2012-07-06 22:17 - 00001253 ____A C:\Users\Default\Desktop\Blu-ray Disc Suite.lnk 2012-07-06 22:17 - 2012-07-06 22:17 - 00001253 ____A C:\Users\Default User\Desktop\Blu-ray Disc Suite.lnk 2012-07-06 22:14 - 2012-07-06 22:14 - 00505128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll 2012-07-06 22:14 - 2012-07-06 22:14 - 00353576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll 2012-07-06 22:14 - 2012-07-06 22:14 - 00029480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll 2012-07-06 22:11 - 2012-07-08 10:26 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\CyberLink 2012-07-06 22:07 - 2012-07-06 22:25 - 00000000 ____D C:\Users\All Users\CyberLink 2012-07-06 22:07 - 2012-07-06 22:17 - 00000000 ____D C:\Program Files (x86)\CyberLink ============ 3 Months Modified Files ======================== 2012-08-01 05:43 - 2009-07-13 20:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-08-01 05:43 - 2009-07-13 20:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-08-01 05:40 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-01 05:40 - 2009-07-13 20:51 - 00031790 ____A C:\Windows\setupact.log 2012-08-01 05:22 - 2012-08-01 05:22 - 01438391 ____A (Farbar) C:\Users\Ryan\Downloads\FRST64.exe 2012-08-01 05:16 - 2009-07-13 21:13 - 00778660 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-01 05:12 - 2012-07-27 06:47 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-08-01 04:49 - 2012-08-01 04:49 - 00002502 ____A C:\Users\Ryan\Desktop\RKreport[1].txt 2012-08-01 04:47 - 2012-08-01 04:47 - 01552384 ____A C:\Users\Ryan\Desktop\RogueKiller.exe 2012-07-31 16:17 - 2012-07-31 16:17 - 00003981 ____A C:\Users\Ryan\Desktop\Attach.txt 2012-07-31 16:16 - 2012-07-31 16:16 - 00015685 ____A C:\Users\Ryan\Desktop\DDS.txt 2012-07-31 16:06 - 2012-07-31 16:06 - 00607260 ____R (Swearware) C:\Users\Ryan\Desktop\dds.com 2012-07-31 15:42 - 2012-07-31 15:42 - 00001736 ____A C:\Users\Ryan\Desktop\PeerBlock.lnk 2012-07-31 15:41 - 2012-07-31 15:41 - 02105040 ____A (PeerBlock, LLC ) C:\Users\Ryan\Downloads\PeerBlock-Setup_v1.1_r518(2).exe 2012-07-31 15:40 - 2011-12-27 02:21 - 01081317 ____A C:\Windows\WindowsUpdate.log 2012-07-31 07:35 - 2012-07-31 07:35 - 00007191 ____A C:\Users\Ryan\Downloads\BFE-Repair-Windows-7.zip 2012-07-29 12:03 - 2011-12-30 04:38 - 333191136 ____A C:\Windows\PFRO.log 2012-07-28 13:04 - 2012-07-28 13:04 - 02105040 ____A (PeerBlock, LLC ) C:\Users\Ryan\Downloads\PeerBlock-Setup_v1.1_r518(1).exe 2012-07-28 06:31 - 2012-07-28 06:31 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-28 06:30 - 2012-07-28 06:30 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Ryan\Downloads\mbam-setup-1.62.0.1300.exe 2012-07-28 04:09 - 2012-07-20 05:48 - 22657136 ____A C:\Users\Ryan\Documents\vlc-2.0.2-win32.exe 2012-07-27 09:46 - 2012-07-13 06:00 - 00000890 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk 2012-07-27 07:12 - 2012-04-19 01:33 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-07-27 07:12 - 2011-12-27 04:09 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-07-25 23:26 - 2012-07-25 23:26 - 00015029 ____A C:\Users\Ryan\Desktop\Lesbian.Oil.Orgy.2.XviD-PORNOLATiON.torrent 2012-07-24 09:44 - 2012-07-24 06:12 - 3376740309 ____A C:\Users\Ryan\Downloads\The Dark Knight.mkv 2012-07-23 03:49 - 2012-07-23 03:49 - 00000140 ____A C:\Users\Ryan\Downloads\Bitchcraft 7 2009 DVDRip-[rarbg.com].nfo 2012-07-21 19:10 - 2012-07-21 19:09 - 168454136 ____A (NVIDIA Corporation) C:\Users\Ryan\Downloads\301.42-desktop-win7-winvista-64bit-english-whql.exe 2012-07-21 18:57 - 2009-07-13 20:45 - 00306344 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-20 02:48 - 2012-07-20 02:48 - 02105040 ____A (PeerBlock, LLC ) C:\Users\Ryan\Downloads\PeerBlock-Setup_v1.1_r518.exe 2012-07-18 16:21 - 2012-07-18 16:21 - 00017280 ____A C:\Users\Ryan\Desktop\cover letter.odt 2012-07-17 05:34 - 2011-12-27 03:37 - 00000951 ____A C:\Users\Public\Desktop\mIRC.lnk 2012-07-17 05:33 - 2012-07-17 05:33 - 01912168 ____A (mIRC Co. Ltd.) C:\Users\Ryan\Downloads\mirc725(1).exe 2012-07-16 01:42 - 2012-07-06 22:17 - 00001235 ____A C:\Users\Ryan\Desktop\Blu-ray Disc Suite.lnk 2012-07-14 02:34 - 2012-07-14 02:34 - 00000219 ____A C:\Users\Ryan\Desktop\Team Fortress 2.url 2012-07-13 21:46 - 2012-07-13 21:46 - 00127975 ___RA C:\Users\Ryan\Desktop\Post_Process_Injector_2_1_Manual_Install-131.7z 2012-07-13 06:17 - 2012-07-13 06:11 - 00002848 ____A C:\Users\Ryan\Desktop\SKSE.lnk 2012-07-13 06:05 - 2012-07-13 06:05 - 00076242 ____A C:\Users\Ryan\Desktop\SKSE Scripts.rar 2012-07-13 05:52 - 2012-07-13 05:52 - 03842975 ____A (Black Tree Gaming ) C:\Users\Ryan\Downloads\Nexus Mod Manager-0.18.9.exe 2012-07-11 03:06 - 2012-07-13 06:39 - 01200075 ___RA C:\Users\Ryan\Desktop\SkyUI_2_2-3863-2-2.7z 2012-07-10 19:34 - 2012-06-18 01:52 - 00129116 ___AH C:\Windows\SysWOW64\mlfcache.dat 2012-07-10 18:54 - 2012-07-10 18:54 - 01912168 ____A (mIRC Co. Ltd.) C:\Users\Ryan\Downloads\mirc725.exe 2012-07-07 02:26 - 2011-12-28 12:16 - 00070312 ____A C:\Users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT 2012-07-06 22:45 - 2012-07-06 22:45 - 00021517 ____A C:\Users\Ryan\Desktop\Resume.odt 2012-07-06 22:17 - 2012-07-06 22:17 - 00001253 ____A C:\Users\UpdatusUser\Desktop\Blu-ray Disc Suite.lnk 2012-07-06 22:17 - 2012-07-06 22:17 - 00001253 ____A C:\Users\Default\Desktop\Blu-ray Disc Suite.lnk 2012-07-06 22:17 - 2012-07-06 22:17 - 00001253 ____A C:\Users\Default User\Desktop\Blu-ray Disc Suite.lnk 2012-07-06 22:14 - 2012-07-06 22:14 - 00505128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll 2012-07-06 22:14 - 2012-07-06 22:14 - 00353576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll 2012-07-06 22:14 - 2012-07-06 22:14 - 00029480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll 2012-07-03 12:46 - 2012-07-28 06:31 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-30 16:02 - 2012-06-30 16:02 - 00014499 ____A C:\Users\Ryan\Documents\Untitled 1.odt 2012-06-30 16:02 - 2012-06-12 14:48 - 00008825 ____A C:\Users\Ryan\Desktop\winriver_application_cocktail server.txt 2012-06-25 01:20 - 2012-05-29 23:29 - 22259528 ____A C:\Users\Ryan\Documents\vlc-2.0.1-win32.exe 2012-06-18 16:50 - 2012-06-28 08:48 - 00011305 ____A C:\Users\Ryan\Documents\winriver_application_cocktail%20server.txt_1_1.odt 2012-06-15 14:36 - 2012-06-17 01:48 - 00015510 ____A C:\Users\Ryan\Documents\winriver_application_cocktail%20server.txt_1.odt 2012-06-14 18:56 - 2012-06-14 17:38 - 1326187219 ____A C:\Users\Ryan\Desktop\Microsoft Office 2011 v14.1.3.zip 2012-06-14 17:14 - 2012-06-14 17:14 - 00001168 ____A C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk 2012-06-14 17:04 - 2012-06-14 15:49 - 151801119 ____A C:\Users\Ryan\Downloads\Apache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe 2012-06-07 15:33 - 2012-06-07 15:33 - 05314684 ____A C:\Users\Ryan\Downloads\IMG_6286.MOV 2012-06-02 14:19 - 2012-06-28 13:43 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-28 13:43 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-28 13:43 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 14:19 - 2012-06-28 13:43 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-28 13:43 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-28 13:43 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:15 - 2012-06-28 13:43 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-28 13:43 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 14:15 - 2012-06-28 13:43 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-05-31 21:22 - 2012-05-31 21:22 - 00001792 ____A C:\Users\Public\Desktop\Autodesk Maya 2013 64-bit.lnk 2012-05-31 21:20 - 2011-12-28 12:16 - 00063356 ____A C:\Windows\DirectX.log 2012-05-27 20:02 - 2012-05-27 20:02 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-05-22 16:46 - 2012-05-22 16:46 - 03216374 ____A (Blizzard Entertainment) C:\Users\Ryan\Downloads\StarCraft_2_NA_en-US.exe 2012-05-20 18:31 - 2012-05-20 18:31 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk 2012-05-18 06:26 - 2012-07-31 07:38 - 00002380 ____A C:\Users\Ryan\Downloads\Firewall-Repair-Windows-7.reg 2012-05-18 04:26 - 2012-07-31 07:38 - 00086094 ____A C:\Users\Ryan\Downloads\BFE-Repair-Windows-7.reg 2012-05-15 22:18 - 2012-05-15 22:18 - 32288896 ____A (Blizzard Entertainment) C:\Users\Ryan\Downloads\Diablo-III-Setup-enUS.exe 2012-05-15 17:53 - 2012-05-15 17:25 - 00001189 ____A C:\Users\Public\Desktop\Diablo III.lnk 2012-05-15 16:43 - 2012-05-15 16:43 - 00001125 ____A C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk 2012-05-15 16:06 - 2012-05-15 16:06 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2012-05-15 02:48 - 2012-07-21 20:15 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll 2012-05-15 02:48 - 2012-07-21 20:15 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll 2012-05-15 02:48 - 2012-07-21 20:15 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2012-05-15 02:48 - 2012-07-21 20:15 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll 2012-05-15 02:48 - 2012-07-21 20:15 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2012-05-15 02:48 - 2012-07-21 20:15 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys 2012-05-15 02:48 - 2012-07-21 20:15 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll 2012-05-15 02:48 - 2012-07-21 20:15 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2012-05-15 02:48 - 2012-07-21 20:15 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll 2012-05-15 02:48 - 2012-07-21 20:15 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll 2012-05-15 02:48 - 2012-07-21 20:15 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2012-05-15 02:48 - 2012-07-21 20:15 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2012-05-15 02:48 - 2012-07-21 20:15 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll 2012-05-15 02:48 - 2012-07-21 20:15 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll 2012-05-15 02:48 - 2012-05-12 00:58 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll 2012-05-15 02:48 - 2012-05-12 00:58 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll 2012-05-15 02:48 - 2012-05-12 00:58 - 00949056 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll 2012-05-15 02:48 - 2012-05-12 00:58 - 00818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2012-05-15 02:48 - 2012-05-12 00:58 - 00246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll 2012-05-15 02:48 - 2012-05-12 00:58 - 00202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2012-05-15 02:48 - 2012-05-12 00:58 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll 2012-05-15 02:48 - 2012-05-12 00:58 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2012-05-15 02:48 - 2011-12-27 07:32 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2012-05-15 02:48 - 2011-12-27 07:32 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll 2012-05-15 02:48 - 2011-12-27 07:32 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2012-05-15 02:48 - 2011-12-27 07:32 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll 2012-05-15 02:48 - 2011-12-27 07:32 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2012-05-15 02:48 - 2011-12-27 07:32 - 00014324 ____A C:\Windows\System32\nvinfo.pb 2012-05-15 01:29 - 2012-05-12 00:58 - 02621723 ____A C:\Windows\System32\nvcoproc.bin 2012-05-15 01:29 - 2011-12-27 07:32 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll 2012-05-15 01:29 - 2011-12-27 07:32 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe 2012-05-15 01:29 - 2011-12-27 07:32 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll 2012-05-15 01:29 - 2011-12-27 07:32 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll 2012-05-15 01:28 - 2011-12-27 07:32 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll 2012-05-15 01:21 - 2012-05-15 01:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe 2012-05-12 00:59 - 2012-05-12 00:59 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini 2012-05-12 00:55 - 2012-05-12 00:51 - 166448312 ____A (NVIDIA Corporation) C:\Users\Ryan\Downloads\296.10-desktop-win7-winvista-64bit-english-whql.exe 2012-05-12 00:48 - 2012-05-12 00:49 - 00772552 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2012-05-12 00:48 - 2012-05-12 00:48 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2012-05-12 00:48 - 2012-05-12 00:48 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2012-05-12 00:47 - 2012-05-12 00:47 - 00892360 ____A (Oracle Corporation) C:\Users\Ryan\Downloads\jxpiinstall.exe 2012-05-04 02:19 - 2012-05-04 02:13 - 74354694 ____A (BioWare) C:\Users\Ryan\Downloads\MassEffect_EFIGS_1.02.exe ZeroAccess: C:\Windows\Installer\{e63a8549-b6f6-7370-358e-cd0d114b279c} C:\Windows\Installer\{e63a8549-b6f6-7370-358e-cd0d114b279c}\@ C:\Windows\Installer\{e63a8549-b6f6-7370-358e-cd0d114b279c}\L C:\Windows\Installer\{e63a8549-b6f6-7370-358e-cd0d114b279c}\U C:\Windows\Installer\{e63a8549-b6f6-7370-358e-cd0d114b279c}\L\00000004.@ C:\Windows\Installer\{e63a8549-b6f6-7370-358e-cd0d114b279c}\L\201d3dde C:\Windows\Installer\{e63a8549-b6f6-7370-358e-cd0d114b279c}\U\00000004.@ C:\Windows\Installer\{e63a8549-b6f6-7370-358e-cd0d114b279c}\U\000000cb.@ C:\Windows\Installer\{e63a8549-b6f6-7370-358e-cd0d114b279c}\U\80000000.@ C:\Windows\Installer\{e63a8549-b6f6-7370-358e-cd0d114b279c}\U\80000032.@ C:\Windows\Installer\{e63a8549-b6f6-7370-358e-cd0d114b279c}\U\80000064.@ ZeroAccess: C:\Users\Ryan\AppData\Local\{e63a8549-b6f6-7370-358e-cd0d114b279c} C:\Users\Ryan\AppData\Local\{e63a8549-b6f6-7370-358e-cd0d114b279c}\@ C:\Users\Ryan\AppData\Local\{e63a8549-b6f6-7370-358e-cd0d114b279c}\L C:\Users\Ryan\AppData\Local\{e63a8549-b6f6-7370-358e-cd0d114b279c}\U ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 15% Total physical RAM: 8104.58 MB Available physical RAM: 6863.7 MB Total Pagefile: 8102.73 MB Available Pagefile: 7009.08 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:1397.17 GB) (Free:540.28 GB) NTFS 3 Drive f: () (Removable) (Total:3.74 GB) (Free:3.71 GB) FAT32 4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 1397 GB 0 B Disk 1 Online 3835 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 1397 GB 101 MB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y System Rese NTFS Partition 100 MB Healthy ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 1397 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3827 MB 19 KB ================================================================================== Disk: 1 Partition 1 Type : 0B Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F FAT32 Removable 3827 MB Healthy ================================================================================== ========================================================== Last Boot: 2012-07-27 23:32 ======================= End Of Log ========================== Farbar Recovery Scan Tool Version: 25-07-2012 01 Ran by SYSTEM at 2012-08-01 06:52:51 Running from F:\ ================== Search: "services.exe" =================== C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows.old\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06 ====== End Of Search ======
  16. RogueKiller V7.6.4 [07/17/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User: Ryan [Admin rights] Mode: Scan -- Date: 08/01/2012 05:49:10 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 7 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : GOGcom (RUNDLL32.EXE C:\Users\Ryan\AppData\Local\GOGcom\fgjdyafh.dll,InjectDll) -> FOUND [sUSP PATH] HKUS\S-1-5-21-2613894083-535015234-3304594621-1000[...]\Run : GOGcom (RUNDLL32.EXE C:\Users\Ryan\AppData\Local\GOGcom\fgjdyafh.dll,InjectDll) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Ryan\AppData\Local\{e63a8549-b6f6-7370-358e-cd0d114b279c}\n.) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : c:\windows\installer\{e63a8549-b6f6-7370-358e-cd0d114b279c}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\windows\installer\{e63a8549-b6f6-7370-358e-cd0d114b279c}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{e63a8549-b6f6-7370-358e-cd0d114b279c}\L --> FOUND [ZeroAccess][FILE] @ : c:\users\ryan\appdata\local\{e63a8549-b6f6-7370-358e-cd0d114b279c}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\users\ryan\appdata\local\{e63a8549-b6f6-7370-358e-cd0d114b279c}\U --> FOUND [ZeroAccess][FOLDER] L : c:\users\ryan\appdata\local\{e63a8549-b6f6-7370-358e-cd0d114b279c}\L --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD1502FAEX-007BA0 ATA Device +++++ --- User --- [MBR] 71e078ed60656b726c33c2e303366e6d [bSP] 2480a6928ca5e881d32a6b033d557b07 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430697 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  17. This started off with peer block not working and getting random browser redirects to work at home ads and various others. Windows update won't work either. Also got the same message that started this topic... http://forums.peerblock.com/read.php?3,12165,page=1. I installed malwarebytes as soon as I started having problems, and it detected a few trojans, which I deleted and restarted, but it still kept finding 'trojan.dropper.bcminer', which would keep reappearing everytime I repeated that. Once it blocked and quarantined the 'rootkit.tdss.expd1' virus, I deleted it, but haven't restarted my pc yet, and won't unless I'm told to do so. Also, the only other procedure I've done is the one outlined here, about the bfe.dll file... http://forums.peerblock.com/read.php?3,12165,13138 Here's the two reports... . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.4.1 Run by Ryan at 17:14:45 on 2012-07-31 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8105.6211 [GMT -7:00] . SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxpers.exe C:\Program Files\SmartTechnology\Software\ProfilerU.exe C:\Program Files\SmartTechnology\Software\SaiMfd.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Steam\Steam.exe C:\Windows\System32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\Razer\BlackWidow\BlackWidowTray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\CyberLink\Shared files\brs.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\mIRC\mirc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe C:\Windows\system32\taskeng.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9858 uStart Page = hxxp://isearch.whitesmoke.com/?isid=9858 uSearch Bar = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9858 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9858 mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll {ae07101b-46d4-4a98-af68-0333ea26e113} uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [GOGcom] RUNDLL32.EXE C:\Users\Ryan\AppData\Local\GOGcom\fgjdyafh.dll,InjectDll mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow\BlackwidowTray.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe mRun: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) LSP: mswsock.dll TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{26C25435-B5DB-42FC-95A3-4A59EB7D71DA} : DhcpNameServer = 192.168.1.1 AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll {ae07101b-46d4-4a98-af68-0333ea26e113} mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun-x64: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow\BlackwidowTray.exe mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe mRun-x64: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" mRun-x64: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\6uittgxq.default\ FF - prefs.js: browser.startup.homepage - hxxp://isearch.whitesmoke.com/?isid=9858 FF - prefs.js: keyword.URL - hxxp://isearch.whitesmoke.com/?babsrc=home&s=web&as=0&isid=9858&q= FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll . ============= SERVICES / DRIVERS =============== . R0 mvs91xx;mvs91xx;C:\Windows\system32\DRIVERS\mvs91xx.sys --> C:\Windows\system32\DRIVERS\mvs91xx.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-28 655944] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-12 1262400] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-27 2656280] R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?] R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?] R3 SaiK0CCB;SaiK0CCB;C:\Windows\system32\DRIVERS\SaiK0CCB.sys --> C:\Windows\system32\DRIVERS\SaiK0CCB.sys [?] R3 SaiU0CCB;SaiU0CCB;C:\Windows\system32\DRIVERS\SaiU0CCB.sys --> C:\Windows\system32\DRIVERS\SaiU0CCB.sys [?] S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/07/06 23:15:36;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-29 241648] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-19 250056] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-5-31 1432400] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120] . =============== Created Last 30 ================ . 2012-07-31 23:42:19 -------- d-----w- C:\Program Files\PeerBlock 2012-07-28 14:31:31 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Malwarebytes 2012-07-28 14:31:25 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-28 14:31:25 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-28 14:31:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-22 15:32:26 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-07-18 09:59:09 -------- d-----w- C:\Users\Ryan\AppData\Local\GOGcom 2012-07-16 09:42:16 -------- d-----w- C:\Users\Ryan\AppData\Local\Power2Go 2012-07-13 14:01:33 -------- d-----w- C:\Games 2012-07-13 14:00:26 -------- d-----w- C:\Users\Ryan\AppData\Local\Black_Tree_Gaming 2012-07-13 14:00:21 -------- d-----w- C:\Program Files\Nexus Mod Manager 2012-07-08 18:26:34 -------- d-----w- C:\Users\Ryan\AppData\Local\Cyberlink 2012-07-07 06:14:25 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-07-07 06:14:25 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-07-07 06:14:25 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll 2012-07-07 06:11:46 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2012-07-07 06:11:46 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2012-07-07 06:11:46 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll 2012-07-07 06:11:46 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll . ==================== Find3M ==================== . 2012-07-27 15:12:08 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-27 15:12:08 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll 2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll 2012-05-15 09:29:45 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin 2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll 2012-05-15 09:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2012-05-12 08:48:54 772552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll . ============= FINISH: 17:15:06.33 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 12/27/2011 2:34:09 AM System Uptime: 7/31/2012 9:34:05 AM (8 hours ago) . Motherboard: ASRock | | Z68 Extreme4 Gen3 Processor: Intel® Core i5-2500K CPU @ 3.30GHz | CPUSocket | 3301/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 1397 GiB total, 543.796 GiB free. D: is CDROM (CDFS) E: is FIXED (NTFS) - 0 GiB total, 0.07 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP53: 7/27/2012 12:52:59 AM - Scheduled Checkpoint RP54: 7/31/2012 6:42:13 AM - PB prob . ==== Installed Programs ====================== . µTorrent Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.2) Apple Application Support Apple Software Update Autodesk Backburner 2013.0.0 Batman: Arkham City™ Braid (Version 1.015) CyberLink Blu-ray Disc Suite CyberLink LabelPrint CyberLink Power2Go CyberLink PowerBackup CyberLink PowerDirector CyberLink PowerDVD 10 CyberLink PowerProducer Diablo II Diablo III Dual-Core Optimizer Etron USB3.0 Host Controller GOG.com Downloader version 3.0.40 Guild Wars Intel® Management Engine Components Intel® Processor Graphics Java Auto Updater Java 7 Update 4 JavaFX 2.1.0 League of Legends Malwarebytes Anti-Malware version 1.62.0.1300 marvell 91xx driver Mass Effect Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 mIRC Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service NVIDIA 3D Vision Controller Driver NVIDIA PhysX NVIDIA Stereoscopic 3D Driver OpenOffice.org 3.4 Pando Media Booster Portal Portal 2 Portal 2 Publishing Tool QuickTime Razer BlackWidow Razer BlackWidow Firmware Updater Realtek High Definition Audio Driver Safari Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Star Wars: The Old Republic Steam Team Fortress 2 The Elder Scrolls V: Skyrim The Witcher 2 The Witcher 2 - Assassins of Kings Enhanced Edition VLC media player 1.0.5 Winamp Winamp Detector Plug-in . ==== Event Viewer Messages From Past Week ======== . 7/31/2012 8:46:09 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied.. 7/31/2012 8:01:09 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 7/31/2012 8:01:09 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 7/31/2012 8:01:08 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 7/27/2012 12:52:37 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. . ==== End Of File =========================== Thanks and I hope to hear back from you.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.