mccubed27388 Posted May 27, 2013 ID:684267 Share Posted May 27, 2013 Hello:Allow me to begin by saying that there was about a 2-3 day window between having Malwarebytes Trial expire and ourchasing the Pro version. That said, I've recieved the following issues:- Yesterdy Morning, my computer did not boot properly (to black screen with cursor), but this was fixed with the option in the advanced startup menu that was similar to "Use last successful boot settings." This was a day after changing my AV from bitdefender to MSE. I uninstalled Bitdefender first, but then when I "booted with last correct settings" the MSE client wasn't functioning properly, so I uninstalled that and went to Bitdefender Free.- I didn't have too many issues past that. Later that night, and today, my computer began to crash- - Normally - During a Malwarebytes Full or Quick, not flash scan - When attempting to use Steam. Of all of these, 2 were BSoD's and the rest freezing requireing a restart. In addition, every other boot and the files in the taskbar nd startup menu are only the black page icon. It is possible I assume that my overclock(4.4@1.27) was causinf the blue screens, but it has been running fine for about a month so far.\I have included my Hijack this log.Thank you so much in advanced for your doing this.DDS:DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16576Run by Brett at 13:38:20 on 2013-05-27Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.6210 [GMT -4:00].AV: Bitdefender Antivirus Free Edition *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Bitdefender Antivirus Free Edition *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exeC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exeC:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Windows\system32\IProsetMonitor.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeD:\Malwarebytes' Anti-Malware\mbamscheduler.exeD:\Malwarebytes' Anti-Malware\mbamservice.exeD:\Autodesk Inventor 2014\Inventor 2014\Moldflow\bin\mitsijm.exeC:\Program Files (x86)\Skype\Updater\Updater.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\taskhost.exeD:\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exeC:\Windows\system32\Dwm.exeC:\Program Files\SmartTechnology\Software\ProfilerU.exeC:\Program Files\SmartTechnology\Software\SaiMfd.exeC:\Windows\system\3DG4me.exeC:\Program Files\Autodesk\Autodesk Sync\AdSync.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\taskeng.exeC:\Program Files (x86)\proXPN\bin\proxpn.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\ASUS\PCE-AC66 WLAN Card Utilities\WlanMgr.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\explorer.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = about:blankmStart Page = about:blankuProxyOverride = <local>mWinlogon: Userinit = userinit.exe,BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Brett\AppData\Local\DownloadTerms\temp.datBHO: getsav-in 5.0: {452392C6-7148-4855-9E64-B5253F04883A} - C:\Users\Brett\AppData\Local\getsav-in\ie\getsav-in_1368482102.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: GetSavin 5.0: {AFC8DD71-809F-4119-AA78-D81CEC3B1F14} - C:\Users\Brett\AppData\Local\getsavin\ie\getsavin_1366933202.dlluRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silentuRun: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exedRun: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0TCP: NameServer = 10.0.0.1TCP: Interfaces\{9C7009F5-215D-4A22-8736-15C997F03ADB} : DHCPNameServer = 10.0.0.1TCP: Interfaces\{9C7009F5-215D-4A22-8736-15C997F03ADB}\0556E6765796E6A725F636B6D2D4F62696C65644566796365637 : DHCPNameServer = 10.0.0.1Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllAppInit_DLLs= C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLLSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-mStart Page = about:blankx64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exex64-Run: [saiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exex64-Run: [3DG4me] C:\Windows\System\3DG4me.exex64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2013-5-26 718840]R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-4-24 19264]R1 bdfwfpf;bdfwfpf;C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [2013-5-26 121928]R1 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2013-5-26 148696]R2 gzserv;Bitdefender Antivirus Free Edition;C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [2013-5-26 30240]R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-5-15 2467664]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-7-27 636952]R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-6-5 190824]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-4-24 164736]R2 MBAMScheduler;MBAMScheduler;D:\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-24 418376]R2 MBAMService;MBAMService;D:\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-24 701512]R2 mitsijm2014;Autodesk Simulation Moldflow MITSI 2014 Job Manager;D:\Autodesk Inventor 2014\Inventor 2014\Moldflow\bin\mitsijm.exe [2013-1-25 952608]R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-2-9 383264]R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2013-5-26 593144]R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-4-24 789824]R3 keycrypt;keycrypt;C:\Windows\System32\drivers\KeyCrypt64.sys [2013-4-25 25568]R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-2-3 58528]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-24 25928]R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-4-24 32344]R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2013-4-26 38912]R3 SaiK075C;SaiK075C;C:\Windows\System32\drivers\SaiK075C.sys [2013-4-30 181024]R3 SaiK0CCB;SaiK0CCB;C:\Windows\System32\drivers\SaiK0CCB.sys [2012-9-20 180544]R3 SaiU0CCB;SaiU0CCB;C:\Windows\System32\drivers\SaiU0CCB.sys [2012-9-20 47168]R3 USBADVAU;Sennheiser 3D G4ME1 Interface;C:\Windows\System32\drivers\cm11264.sys [2013-5-3 1308160]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-4-24 363904]S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-5-10 1471352]S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-5-25 31800]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-25 1255736].=============== File Associations ===============.FileExt: .scr: DWGTrueViewScriptFile=C:\Windows\System32\notepad.exe "%1".=============== Created Last 30 ================.2013-05-27 15:57:46 0 ----a-w- C:\Windows\System32\drivers\avchv.sys2013-05-27 04:44:39 -------- d-----w- C:\Program Files\CCleaner2013-05-26 18:23:28 -------- d-----w- C:\Users\Brett\AppData\Local\LogMeIn Hamachi2013-05-26 18:23:21 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi2013-05-26 16:26:50 150860 ----a-w- C:\ProgramData\1369581972.bdinstall.bin2013-05-26 15:29:35 718840 ----a-w- C:\Windows\System32\drivers\avc3.sys2013-05-26 15:29:35 593144 ----a-w- C:\Windows\System32\drivers\avckf.sys2013-05-26 15:26:23 350160 ----a-w- C:\Windows\System32\drivers\trufos.sys2013-05-26 15:26:23 148696 ----a-w- C:\Windows\System32\drivers\gzflt.sys2013-05-26 15:19:33 352292784 ----a-w- C:\Windows\System32\REGSITRYBACKUP-1.reg2013-05-26 01:40:34 238132 ----a-w- C:\ProgramData\1369532333.bdinstall.bin2013-05-26 01:37:27 -------- d-----w- C:\Program Files (x86)\VS Revo Group2013-05-26 01:26:11 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys2013-05-24 20:05:44 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4C69198C-3755-47BA-959E-425F712D6C92}\mpengine.dll2013-05-24 02:19:06 -------- d-----w- C:\Put a directory on PYTHONPATH here2013-05-20 21:25:10 -------- d-----w- C:\Windows\pss2013-05-19 01:30:54 -------- d-----w- C:\Users\Brett\AppData\Roaming\TrueCrypt2013-05-14 23:58:37 -------- d-----w- C:\Program Files (x86)\SpeedFan2013-05-14 23:16:56 -------- d-----w- C:\Users\Brett\AppData\Roaming\Rainmeter2013-05-14 23:10:06 -------- d-----w- C:\Program Files\Rainmeter2013-05-14 19:33:35 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys2013-05-13 23:59:42 -------- d-----w- C:\Users\Brett\AppData\Local\SplitMediaLabs2013-05-13 23:57:50 -------- d-----w- C:\ProgramData\SplitMediaLabs2013-05-13 23:56:59 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-05-13 23:56:59 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-05-13 23:56:36 -------- d-----w- C:\Users\Brett\AppData\Roaming\SplitMediaLabs2013-05-13 23:45:34 -------- d-----w- C:\Users\Brett\AppData\Roaming\Origin2013-05-13 23:45:34 -------- d-----w- C:\Program Files (x86)\Origin Games2013-05-13 23:45:28 -------- d-----w- C:\Users\Brett\AppData\Local\Origin2013-05-13 23:44:37 -------- d-----w- C:\ProgramData\Origin2013-05-13 23:44:37 -------- d-----w- C:\ProgramData\Electronic Arts2013-05-13 22:07:20 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v22013-05-13 22:07:11 1431552 ----a-w- C:\Windows\SysWow64\rewire.dll2013-05-13 22:07:08 -------- d-----w- C:\Users\Brett\AppData\Roaming\Image-Line2013-05-13 22:07:07 -------- d-----w- C:\Program Files\Image-Line2013-05-13 22:07:00 1554944 ----a-w- C:\Windows\SysWow64\vorbis.acm2013-05-13 22:06:59 -------- d-----w- C:\Users\Brett\AppData\Roaming\FlowStone2013-05-13 22:06:58 -------- d-----w- C:\Program Files (x86)\DSPRobotics2013-05-13 22:05:14 -------- d-----w- C:\Program Files (x86)\Image-Line2013-05-13 21:58:14 -------- d-----w- C:\Users\Brett\AppData\Local\getsav-in2013-05-11 16:57:20 -------- d-----w- C:\Program Files (x86)\MSXML 4.02013-05-11 03:44:05 -------- d-----w- C:\Users\Brett\AppData\Local\Autodesk,_Inc2013-05-11 03:42:28 -------- d-----w- C:\Users\Brett\AppData\Local\Granta Design2013-05-11 03:40:52 -------- d-----w- C:\ProgramData\boost_interprocess2013-05-11 03:07:33 -------- d-----w- C:\ProgramData\FARO2013-05-11 02:50:15 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared2013-05-11 02:44:13 -------- d-----w- C:\Program Files (x86)\Autodesk2013-05-11 02:41:40 -------- d-----w- C:\Program Files (x86)\DWG TrueView 20142013-05-11 02:41:39 -------- d-----w- C:\Users\Brett\AppData\Local\Autodesk2013-05-11 02:41:39 -------- d-----w- C:\Program Files\Common Files\Autodesk Shared2013-05-11 02:41:39 -------- d-----w- C:\Program Files\Autodesk2013-05-11 02:36:53 -------- d-----w- C:\Program Files (x86)\Common Files\Autodesk Shared2013-05-11 02:33:27 -------- d-----w- C:\Users\Brett\AppData\Roaming\Autodesk2013-05-11 02:32:01 -------- d-----w- C:\Users\Brett\AppData\Local\Akamai2013-05-11 02:31:58 -------- d-----w- C:\Autodesk2013-05-10 23:40:03 -------- d-----w- C:\Windows\Downloaded Installations2013-05-10 21:17:48 -------- d-----w- C:\Program Files\CPUID2013-05-10 01:55:47 -------- d-----w- C:\Users\Brett\AppData\Local\EdgeOfReality2013-05-06 01:53:58 15584 ----a-w- C:\Users\Brett\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll2013-05-06 01:48:17 -------- d-sh--w- C:\ProgramData\SecuROM2013-05-06 01:41:40 -------- d-----w- C:\Users\Brett\AppData\Local\Rockstar Games2013-05-06 01:41:33 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll2013-05-06 01:41:28 -------- d-----w- C:\Windows\SysWow64\xlive2013-05-06 01:41:28 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE2013-05-03 03:51:18 -------- d-----w- C:\Users\Brett\.VirtualBox2013-05-03 03:51:05 237840 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys2013-05-03 03:51:02 120080 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys2013-05-02 23:26:42 -------- d-----w- C:\Users\Brett\AppData\Local\SmartTechnology2013-04-30 19:50:54 1075424 ----a-w- C:\ProgramData\Microsoft\WDExpress\11.0\1033\ResourceCache.dll2013-04-30 19:50:41 -------- d-----w- C:\Program Files (x86)\NuGet2013-04-30 19:50:13 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules2013-04-30 19:49:54 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft2013-04-30 19:49:53 -------- d-----w- C:\Program Files (x86)\Windows Kits2013-04-30 19:49:43 -------- d-----w- C:\Program Files (x86)\Microsoft Help Viewer2013-04-30 19:49:36 -------- d-----w- C:\Windows\SysWow64\10332013-04-30 19:49:36 -------- d-----w- C:\Windows\System32\10332013-04-30 19:49:34 -------- d-----w- C:\Program Files\Microsoft SQL Server2013-04-30 19:49:34 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server2013-04-30 19:49:28 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition2013-04-30 19:49:27 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition2013-04-30 15:48:14 181024 ----a-w- C:\Windows\System32\drivers\SaiK075C.sys2013-04-30 15:48:12 959488 ----a-w- C:\Windows\System32\SaiC075C.Dll2013-04-30 15:48:12 8704 ----a-w- C:\Windows\System32\SaiC075C_0C.dll2013-04-30 15:48:12 8192 ----a-w- C:\Windows\System32\SaiC075C_10.dll2013-04-30 15:48:12 8192 ----a-w- C:\Windows\System32\SaiC075C_0A.dll2013-04-30 15:48:12 8192 ----a-w- C:\Windows\System32\SaiC075C_07.dll2013-04-30 15:48:12 7680 ----a-w- C:\Windows\System32\SaiC075C_19.dll2013-04-30 15:48:12 7168 ----a-w- C:\Windows\System32\SaiC075C_09.dll2013-04-30 15:48:12 7168 ----a-w- C:\Windows\System32\SaiC075C_05.dll2013-04-30 15:48:12 6656 ----a-w- C:\Windows\System32\SaiC075C_0402.dll2013-04-30 15:48:12 5632 ----a-w- C:\Windows\System32\SaiC075C_11.dll2013-04-30 15:48:12 5120 ----a-w- C:\Windows\System32\SaiC075C_12.dll2013-04-30 01:16:40 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft2013-04-30 01:16:40 -------- d-----w- C:\ProgramData\Package Cache2013-04-30 01:14:13 -------- d-----w- C:\Users\Brett\.idlerc2013-04-30 01:00:25 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys2013-04-30 01:00:22 -------- d-----w- C:\Program Files\TrueCrypt2013-04-30 00:52:40 -------- d-----w- C:\Program Files (x86)\proXPN2013-04-30 00:43:25 -------- d-----w- C:\Users\Brett\AppData\Roaming\uTorrent2013-04-29 22:35:52 971680 ----a-w- C:\Windows\System32\deployJava1.dll2013-04-29 22:35:52 1092512 ----a-w- C:\Windows\System32\npDeployJava1.dll2013-04-29 22:35:51 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll2013-04-29 22:29:00 -------- d-----w- C:\Users\Brett\AppData\Roaming\.technic2013-04-29 22:20:30 -------- d-----w- C:\Users\Brett\AppData\Roaming\.minecraft2013-04-29 22:19:05 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-04-29 22:19:05 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll.==================== Find3M ====================.2013-05-03 00:10:00 25568 ----a-w- C:\Windows\System32\drivers\KeyCrypt64.sys2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe2013-04-25 09:06:07 496115 ----a-w- C:\ProgramData\1366880323.bdinstall.bin2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll2013-04-12 15:41:28 131856 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys2013-04-12 15:40:18 146704 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys2013-04-12 15:40:16 204048 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys2013-04-07 00:28:08 94208 ----a-w- C:\Windows\pyw.exe2013-04-07 00:25:14 2653184 ----a-w- C:\Windows\SysWow64\python33.dll2013-04-07 00:24:36 93696 ----a-w- C:\Windows\py.exe2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe2013-02-27 06:02:44 111448 ----a-w- C:\Windows\System32\consent.exe2013-02-27 05:48:00 1930752 ----a-w- C:\Windows\System32\authui.dll2013-02-27 05:47:10 70144 ----a-w- C:\Windows\System32\appinfo.dll2013-02-27 04:49:24 1796096 ----a-w- C:\Windows\SysWow64\authui.dll.============= FINISH: 13:38:35.68 ===============attach.txtdds.txthijackthis.log Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 27, 2013 ID:684284 Share Posted May 27, 2013 Hello mccubed and welcome to MalwareBytes forum.Let me suggest, if you're an MBAM PRO customer, you contact the consumer help desk here. If you are in an organization or a corporate customer, contact Corporate Support for assistance.Otherwise, Know that BSODs can be caused by non-malware issues, such as conflicting auto-start apps, or conflicting driver issues, etc.I will focus on only hunting for malware.Kindly always Copy & Paste all log contents directly in-line within main-body of reply. Do not attach (unless a log is way huge).Regarding the "blue screen STOP exception"I need to have the STOP code information, along with any descriptive information Your STOP screen info will look similar to this:I need all the information from yours..... if and when the next time it happens.Step 11. Go >> Here << and download ERUNT (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)2. Install ERUNT by following the prompts (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)3. Start ERUNT (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)4. Choose a location for the backup (the default location is C:\WINDOWS\ERDNT which is acceptable).5. Make sure that at least the first two check boxes are ticked 6. Press OK7. Press YES to create the folder.Step 2To show all files: Press Windows-key +R key on your keyboard to get RUN option.Type in explorer.exe and press Enter to start Windows Explorer. From the menu options, Select Tools, then Folder Options. Next click the View tab. Locate and uncheck Hide file extensions for known file types. Locate and uncheck Hide protected operating system files (Recommended). Locate and click Show hidden files and folders and drives. Click Apply > OK. Step 3Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsFor directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDo NOT turn off the firewallPlease download AdwCleaner © Xplode from >>here<< and save it on your Desktop.If your are running Windows XP, double click adwcleaner.exe to start it.Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.Now click on the Search tab.Please post the contents of the log-file created in your next post.Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.Step 4Please read carefully and follow these steps.Download TDSSKiller and save it to your Desktop.Double-Click on TDSSKiller.exe to run the application, then on Start Scan.If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on ContinueIt may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. Step 5 Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or >> from here << Quit all programs that you may have started. Please disconnect any USB or external drives from the computer before you run this scan! For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.For Windows XP, double-click to start. Wait until Prescan has finished ... Then Click on Scan button at upper right of screen. Wait until the Status box shows "Scan Finished" Click on Report and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your Desktop Exit/Close RogueKillerDo NOT click any FIX buttons !Step 6RE-Enable your antivirus program. Then copy/paste the following into your post (in order):the contents of C:\AdwCleaner[R1].txt;the contents of TDSSKILLER log;the contents of RKReport log;Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply. Link to post Share on other sites More sharing options...
mccubed27388 Posted May 27, 2013 Author ID:684286 Share Posted May 27, 2013 Thank you SO much, i'll do that right now and get back to you. Link to post Share on other sites More sharing options...
mccubed27388 Posted May 27, 2013 Author ID:684288 Share Posted May 27, 2013 Question, In step 2, What menu has "tools?" Is it right click menu, or the menu on the side, or start menu? Link to post Share on other sites More sharing options...
mccubed27388 Posted May 27, 2013 Author ID:684289 Share Posted May 27, 2013 Found Folder Options, here is Adwcleaner:# AdwCleaner v2.301 - Logfile created 05/27/2013 at 15:11:29# Updated 16/05/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Brett - BRETT-PC# Boot Mode : Normal# Running from : D:\adwcleaner.exe# Option [search]***** [services] ********** [Files / Folders] *****File Found : C:\ENDFolder Found : C:\ProgramData\APNFolder Found : C:\ProgramData\boost_interprocessFolder Found : C:\Users\Brett\AppData\Local\getsavinFolder Found : C:\Users\Brett\AppData\Roaming\DefaultTab***** [Registry] *****Key Found : HKCU\Software\APN PIPKey Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}Key Found : HKLM\Software\Default TabKey Found : HKLM\Software\PIP***** [internet Browsers] *****-\\ Internet Explorer v10.0.9200.16576[OK] Registry is clean.-\\ Google Chrome v27.0.1453.94File : C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [1040 octets] - [27/05/2013 15:11:29]########## EOF - C:\AdwCleaner[R1].txt - [1100 octets] ########## Link to post Share on other sites More sharing options...
mccubed27388 Posted May 27, 2013 Author ID:684291 Share Posted May 27, 2013 Step 4 log is too long, Pastebin;http://pastebin.com/zYkzXBye Link to post Share on other sites More sharing options...
mccubed27388 Posted May 27, 2013 Author ID:684292 Share Posted May 27, 2013 Step 5:RogueKiller V8.5.4 [Mar 18 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Brett [Admin rights]Mode : Scan -- Date : 05/27/2013 15:18:05| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 2 ¤¤¤[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: WDC WD1002FAEX-00Z3A0 ATA Device +++++--- User ---[MBR] bc8a06daff7617c15612bd4e32963171[bSP] 93820247174159cc49868fd9ddbc1870 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MoUser = LL1 ... OK!User = LL2 ... OK!+++++ PhysicalDrive1: SanDisk SDSSDX120GG25 ATA Device +++++--- User ---[MBR] 446e5150ce3f7668bbc03d2b88a7ed53[bSP] 707ccd6c5fbce262ed79bfb6f4d13414 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1]_S_05272013_02d1518.txt >>RKreport[1]_S_05272013_02d1518.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 27, 2013 ID:684300 Share Posted May 27, 2013 The Tdsskiller report is good. So is roguekiller. But you do have adwares.For Windows Explorer, I was referring to the Windows Explorer main menu bar (at the top )To show all files: Press Windows-key +R key on your keyboard to get RUN option.Type in explorer.exe and press Enter to start Windows Explorer. From the menu options of Windows Explorer, Select Tools, then Folder Options. Next click the View tab. Locate and uncheck Hide file extensions for known file types. Locate and uncheck Hide protected operating system files (Recommended). Locate and click Show hidden files and folders and drives. Click Apply > OK. Task 2Close any open documents/programs & all internet browsers you have running.Please start AdwCleanerClick on Delete button.Confirm each time with OK.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.Note: You can find the logfile at C:\AdwCleaner[s1] Task 3See this Microsoft article http://support.microsoft.com/kb/2483120To remove remains of MS Security Essentials, click on the Fix it button for Fix it # 50692You will see it just under the title "Fix It for me".When all completed, 1) logoff and restart the system fresh and 2) report back here with resultTask 4Close any open work documents, if any, saving your work.Make sure to close any other programs that you started before.Please download Junkware Removal Tool by Thisisu to your Desktop.Please close your security software to avoid potential conflicts.Turn off your Antivirus. Leave the firewall alone.How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsRun the JRT tool by double-clicking it. If you are using Windows Vista or 7 or 8, right-mouse click JRT.exe and select Run as administrator.The tool will open and display information and disclaimer in a Command prompt window.I'd suggest you close all internet browsers at this point. Press a key on keyboard to start scanning your system.Please be very patient as this will take several minutes to complete, depending on your system's specifications.There are approximatly 12 phases or so in this tool. You will see each phase listed in the Command prompt window.On completion, a log (JRT.txt) is saved to your Desktop and will automatically open. And the command prompt will have been closed.Please post the contents of JRT.txt into a new reply. Task 51. Download Malwarebytes Anti-Rootkit from http://www.malwarebytes.org/products/mbar/2. Unzip the contents to a folder in a convenient location.3. Open the folder where the contents were unzipped and run mbar.exeIF your Windows is Windows 8 or 7 or Vista, do a RIGHT-Click on mbar.exe and select Run As Administrator and allow to run.If your Windows is XP, double-click to start.4. Follow the instructions in the wizard to update and allow the program to scan your computer for threats.5. Click on the Cleanup button to remove any threats and reboot if prompted to do so.6. Wait while the system shuts down and the cleanup process is performed.7. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.Re-enable your Antivirus security software. Link to post Share on other sites More sharing options...
mccubed27388 Posted May 27, 2013 Author ID:684301 Share Posted May 27, 2013 Step 2 log: Link to post Share on other sites More sharing options...
mccubed27388 Posted May 27, 2013 Author ID:684302 Share Posted May 27, 2013 # AdwCleaner v2.301 - Logfile created 05/27/2013 at 15:54:52# Updated 16/05/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Brett - BRETT-PC# Boot Mode : Normal# Running from : D:\adwcleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] *****File Deleted : C:\ENDFolder Deleted : C:\ProgramData\APNFolder Deleted : C:\ProgramData\boost_interprocessFolder Deleted : C:\Users\Brett\AppData\Local\getsavinFolder Deleted : C:\Users\Brett\AppData\Roaming\DefaultTab***** [Registry] *****Key Deleted : HKCU\Software\APN PIPKey Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}Key Deleted : HKLM\Software\Default TabKey Deleted : HKLM\Software\PIP***** [internet Browsers] *****-\\ Internet Explorer v10.0.9200.16576[OK] Registry is clean.-\\ Google Chrome v27.0.1453.94File : C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [1169 octets] - [27/05/2013 15:11:29]AdwCleaner[R2].txt - [1229 octets] - [27/05/2013 15:53:42]AdwCleaner[s1].txt - [1178 octets] - [27/05/2013 15:54:52]########## EOF - C:\AdwCleaner[s1].txt - [1238 octets] ########## Link to post Share on other sites More sharing options...
mccubed27388 Posted May 27, 2013 Author ID:684305 Share Posted May 27, 2013 My computer did freeze immediately after this finished. Step 4:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 4.9.4 (05.06.2013:1)OS: Windows 7 Home Premium x64Ran by Brett on Mon 05/27/2013 at 16:00:25.76~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}~~~ Files~~~ FoldersFailed to delete: [Folder] "C:\ProgramData\boost_interprocess"Successfully deleted: [Folder] "C:\Users\Brett\appdata\local\downloadterms"~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 05/27/2013 at 16:03:40.90End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
mccubed27388 Posted May 27, 2013 Author ID:684307 Share Posted May 27, 2013 I bsod during the root kit scan, will attempt again. *** STOP:0x000000F4 (0x0000000000000003, 0xFFFFFA8007D7EB30, 0xFFFFFA8007D7EE10,0XFFFFF8000399A350) Link to post Share on other sites More sharing options...
mccubed27388 Posted May 27, 2013 Author ID:684309 Share Posted May 27, 2013 BSOD The second time running the anti-root kit, right after the same file (in system32 named I blieve fubar.dll or soemthing like it) Same STOP error code, only this time the BSOD came shortly after the root kit ended itself and not during it. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 27, 2013 ID:684310 Share Posted May 27, 2013 Restart the system into Safe mode with NetworkingIf Windows normal mode is not useable, force a system restart/reboot, and right away start tapping F8 function key.When get Advanced Boot Menu, select Safe Mode with Networking.Then just 1 time each, retry the remaining tasks I outlined.This bsod may only be just a fluke. Link to post Share on other sites More sharing options...
mccubed27388 Posted May 27, 2013 Author ID:684313 Share Posted May 27, 2013 Would you like me to do all the tasks outlined in your second post or only the ones that I could not complete do to BSOD?Also, when in safe mode w/networking, the antiroot kit tells me to install a DDA driver before the scan. If I reboot into safemode, however,the scan does not conintue and I recieve the same message.Should I-Launch into safemode, allow malwarebytes anti root kit to install this DDA driver and reboot into normla windows-Or run the anti root kit without installing this DDA driver in safe mode with networking?Again thank you so much for your time and patience, I appreciae it dearly Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 27, 2013 ID:684316 Share Posted May 27, 2013 No, do not repeat those tools you already completed.I only meant for you to run MBAR in Safe Mode with Networking.Follow the prompts in MBAR and let it install what it needs. But stay in Safe mode with Networking.Let me know what the results are. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 27, 2013 ID:684318 Share Posted May 27, 2013 Run the following and post the requested log. Credit Kevinf80 for the following1. Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/2. Unzip the File to a convenient location. (Recommend the Desktop)3. Open the folder where the contents were unzipped to run mbar.exe4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)6. The following image opens, select Next.7. The following image opens, select Update8. When the Update completes, select Next9. In the following window ensure "Targets" are ticked. Then select "Scan"10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:12. Select "Yes" to close down the program. If NO infections were found you will see the following image:13. Select "Exit" to close down.14. Copy and paste the two following logs from the mbar folder:System - logMbar - log Date and time of scan will also be shownPost those two logs in your reply. Link to post Share on other sites More sharing options...
mccubed27388 Posted May 27, 2013 Author ID:684328 Share Posted May 27, 2013 Here is a synopsis of what is happening in my two tries:1. I boot into Safe mode with Networking (let's say SF w/N) and run malwarebytes as administrator.2. I Go through all the steps, and when I click "Scan" I am propmted to have to download DDA Drvers and restart, I select yes.3. I do not touch the machine after that, it boots into normal windows on its own, and with the entire screen being black except for one cmd and the scan running.4. BSOD---------------------------------------------------------Attempt 2:1. I boot into SF w/N, and run malwarebytes (As admin each time)2. I go through the steps, click scan, and am again prompted to install the DDA drivers.3. During the restart, I tap F8 and boot back into SF w/N3. The malwarebytes scan does not strt automaticlly. If I try to manually start it, I am again prompted to install DDA drivers and repeat the cycle. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 27, 2013 ID:684334 Share Posted May 27, 2013 Let's put mbar aside.Do the following now:For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.Disconnect any external storage drives from the computer.Enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select English as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.OR If you have the Windows o.s. DVD, then To enter System Recovery Options, by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select English as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt [*]Select Command PromptNow, Plug the flashdrive with FRST tool into the PC.[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press EnterNote: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply. Link to post Share on other sites More sharing options...
mccubed27388 Posted May 27, 2013 Author ID:684340 Share Posted May 27, 2013 FRST 64 Scan:Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-05-2013Ran by SYSTEM on 27-05-2013 17:47:25Running from G:\Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: RecoveryThe current controlset is ControlSet002ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-01-31] (Saitek)HKLM\...\Run: [saiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-01-31] (Saitek)HKLM\...\Run: [3DG4me] C:\Windows\System\3DG4me.exe [126976 2010-04-22] ()HKLM-x32\...\RunOnce: [A0] cmd /c "C:\Users\Brett\Desktop\MBAR\mbar.exe" /bootscan /s [768584 2013-05-08] (Malwarebytes Corporation)HKU\Brett\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1636264 2013-05-21] (Valve Corporation)HKU\Brett\...\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-04] (Autodesk, Inc.)Startup: C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnkShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()==================== Services (Whitelisted) =================S2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [30240 2013-05-14] (Bitdefender)S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [164736 2012-11-06] (Intel Corporation)S2 MBAMScheduler; "D:\Malwarebytes' Anti-Malware\mbamscheduler.exe" [x]S2 MBAMService; "D:\Malwarebytes' Anti-Malware\mbamservice.exe" [x]S2 mitsijm2014; "D:\Autodesk Inventor 2014\Inventor 2014\Moldflow\bin\mitsijm.exe" [x]==================== Drivers (Whitelisted) ====================S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)S1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-04-17] (Bitdefender SRL)S3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)S3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25568 2013-05-02] (Zemana Ltd.)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 PcaSp60; C:\Windows\SysWow64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))S3 SaiK075C; C:\Windows\System32\DRIVERS\SaiK075C.sys [181024 2013-04-30] (Saitek)S3 SaiK0CCB; C:\Windows\System32\DRIVERS\SaiK0CCB.sys [180544 2012-09-20] (Saitek)S3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-02-01] (Saitek)S3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-02-01] (Saitek)S3 SaiU0CCB; C:\Windows\System32\DRIVERS\SaiU0CCB.sys [47168 2012-09-20] (Saitek)S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [350160 2012-10-31] (BitDefender S.R.L.)S3 USBADVAU; C:\Windows\System32\drivers\cm11264.sys [1308160 2010-04-22] (C-Media Electronics Inc)S3 97360344; No ImagePathS3 BCM42RLY; system32\drivers\BCM42RLY.sys [x]S3 cpuz136; \??\C:\Users\Brett\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]S0 mbamchameleon; system32\drivers\mbamchameleon.sys [x]S0 mbamswissarmy; system32\drivers\mbamswissarmy.sys [x]S3 MSICDSetup; \??\E:\CDriver64.sys [x]S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [x]S1 truecrypt; System32\drivers\truecrypt.sys [x]S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Corsair\CorsairLINK2\CorsairLINK_HardwareMonitor.sys [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-05-27 17:47 - 2013-05-27 17:47 - 00000000 ____D C:\FRST2013-05-27 12:09 - 2013-05-27 12:54 - 00162008 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys2013-05-27 12:09 - 2013-05-27 12:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-05-27 12:08 - 2013-05-27 12:31 - 00036680 ____A C:\Windows\System32\Drivers\mbamchameleon.sys2013-05-27 12:08 - 2013-05-27 12:08 - 00000000 ____D C:\Users\Brett\Desktop\MBAR2013-05-27 12:03 - 2013-05-27 12:03 - 00000948 ____A C:\Users\Brett\Desktop\JRT.txt2013-05-27 12:00 - 2013-05-27 12:00 - 00000000 ____D C:\Windows\ERUNT2013-05-27 12:00 - 2013-05-27 12:00 - 00000000 ____D C:\JRT2013-05-27 12:00 - 2013-05-27 11:58 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Brett\Desktop\JRT.exe2013-05-27 11:55 - 2013-05-27 12:17 - 00000000 ____D C:\ProgramData\boost_interprocess2013-05-27 11:54 - 2013-05-27 11:55 - 00001307 ____A C:\AdwCleaner[s1].txt2013-05-27 11:53 - 2013-05-27 11:53 - 00001229 ____A C:\AdwCleaner[R2].txt2013-05-27 11:18 - 2013-05-27 11:18 - 00001682 ____A C:\Users\Brett\Desktop\RKreport[1]_S_05272013_02d1518.txt2013-05-27 11:17 - 2013-05-27 11:18 - 00000000 ____D C:\Users\Brett\Desktop\RK_Quarantine2013-05-27 11:11 - 2013-05-27 11:11 - 00001169 ____A C:\AdwCleaner[R1].txt2013-05-27 11:03 - 2013-05-27 11:03 - 00000924 ____A C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk2013-05-27 11:03 - 2013-05-27 11:03 - 00000924 ____A C:\Users\Brett\Desktop\NTREGOPT.lnk2013-05-27 11:03 - 2013-05-27 11:03 - 00000905 ____A C:\Users\UpdatusUser\Desktop\ERUNT.lnk2013-05-27 11:03 - 2013-05-27 11:03 - 00000905 ____A C:\Users\Brett\Desktop\ERUNT.lnk2013-05-27 11:03 - 2013-05-27 11:03 - 00000000 ____D C:\Windows\ERDNT2013-05-27 11:03 - 2013-05-27 11:03 - 00000000 ____D C:\Program Files (x86)\ERUNT2013-05-27 10:33 - 2013-05-26 07:29 - 00000000 ____A C:\Windows\System32\Drivers\avchv.sys2013-05-27 09:38 - 2013-05-27 09:38 - 00021181 ____A C:\Users\Brett\Desktop\dds.txt2013-05-27 09:38 - 2013-05-27 09:38 - 00011945 ____A C:\Users\Brett\Desktop\attach.txt2013-05-27 09:38 - 2013-05-27 09:37 - 00688992 ____R (Swearware) C:\Users\Brett\Desktop\dds.com2013-05-26 20:45 - 2013-05-26 20:45 - 00054410 ____A C:\Users\Brett\Documents\REG-2.reg2013-05-26 20:44 - 2013-05-26 20:44 - 00000000 ____D C:\Program Files\CCleaner2013-05-26 10:23 - 2013-05-27 08:53 - 00000000 ____D C:\Users\Brett\AppData\Local\LogMeIn Hamachi2013-05-26 10:23 - 2013-05-26 10:23 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi2013-05-26 09:57 - 2013-05-26 09:57 - 00000000 ____D C:\Users\Brett\Documents\Wizards of the Coast2013-05-26 08:26 - 2013-05-26 08:26 - 00150860 ____A C:\ProgramData\1369581972.bdinstall.bin2013-05-26 07:29 - 2013-04-17 10:59 - 00718840 ____A (BitDefender) C:\Windows\System32\Drivers\avc3.sys2013-05-26 07:29 - 2013-04-17 10:59 - 00593144 ____A (BitDefender) C:\Windows\System32\Drivers\avckf.sys2013-05-26 07:26 - 2013-04-22 09:21 - 00148696 ____A (BitDefender LLC) C:\Windows\System32\Drivers\gzflt.sys2013-05-26 07:26 - 2012-10-31 09:13 - 00350160 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys2013-05-26 07:19 - 2013-05-26 07:19 - 352292784 ____A C:\Windows\System32\REGSITRYBACKUP-1.reg2013-05-25 17:47 - 2013-05-26 07:18 - 00001945 ____A C:\Windows\epplauncher.mif2013-05-25 17:40 - 2013-05-25 17:40 - 00238132 ____A C:\ProgramData\1369532333.bdinstall.bin2013-05-25 17:37 - 2013-05-25 17:37 - 00000000 ____D C:\Program Files (x86)\VS Revo Group2013-05-25 17:26 - 2009-12-30 07:21 - 00031800 ____A (VS Revo Group) C:\Windows\System32\Drivers\revoflt.sys2013-05-24 12:27 - 2013-05-24 20:08 - 00000000 ____D C:\Users\Brett\Documents\PhoenixRC2013-05-23 18:19 - 2013-05-23 18:19 - 00000000 ____D C:\Put a directory on PYTHONPATH here2013-05-22 13:53 - 2013-05-22 13:53 - 00419663 ____A C:\Users\Brett\Documents\Computerpartsinvoice.xps2013-05-20 17:54 - 2013-05-20 17:54 - 00000000 ____D C:\Users\Brett\Documents\Rockstar Games2013-05-20 14:18 - 2013-05-20 14:18 - 00000000 ____D C:\Users\Brett\Documents\SavedGames2013-05-20 13:25 - 2013-05-20 13:25 - 00000000 ____D C:\Windows\pss2013-05-19 15:38 - 2013-05-19 15:38 - 00000000 ____D C:\Users\Brett\AppData\LocalGoogle2013-05-18 17:33 - 2013-05-18 17:33 - 20971520 ____A C:\START(Ipadpass)2013-05-18 17:30 - 2013-05-18 17:32 - 00000000 ____D C:\Users\Brett\AppData\Roaming\TrueCrypt2013-05-14 15:58 - 2013-05-14 15:58 - 02143832 ____A C:\Users\Brett\Downloads\instsf449.exe2013-05-14 15:58 - 2013-05-14 15:58 - 00001007 ____A C:\Users\UpdatusUser\Desktop\SpeedFan.lnk2013-05-14 15:58 - 2013-05-14 15:58 - 00000045 ____A C:\Windows\SysWOW64\initdebug.nfo2013-05-14 15:58 - 2013-05-14 15:58 - 00000000 ____D C:\Program Files (x86)\SpeedFan2013-05-14 15:27 - 2013-05-26 20:48 - 00000000 ____D C:\Users\Brett\Desktop\Games2013-05-14 15:26 - 2013-05-26 19:47 - 00000000 ____D C:\Users\Brett\Desktop\Antivirus, Gaming2013-05-14 15:24 - 2013-05-25 17:50 - 00000000 ____D C:\Users\Brett\Desktop\Benchmark, Moniters2013-05-14 15:23 - 2013-05-26 20:46 - 00000000 ____D C:\Users\Brett\Desktop\Coding, Productivity2013-05-14 15:22 - 2013-05-14 15:23 - 00000000 ____D C:\Users\Brett\AppData\Roaming\WinRAR2013-05-14 15:22 - 2013-05-14 15:22 - 00000000 ____D C:\Program Files (x86)\WinRAR2013-05-14 15:16 - 2013-05-14 15:16 - 00000000 ____D C:\Users\Brett\AppData\Roaming\Rainmeter2013-05-14 15:10 - 2013-05-14 15:10 - 00000000 ____D C:\Program Files\Rainmeter2013-05-14 13:04 - 2013-04-04 22:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-05-14 13:04 - 2013-04-04 22:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-05-14 13:04 - 2013-04-04 22:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2013-05-14 13:04 - 2013-04-04 22:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-05-14 13:04 - 2013-04-04 22:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-05-14 13:04 - 2013-04-04 22:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-05-14 13:04 - 2013-04-04 22:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-05-14 13:04 - 2013-04-04 22:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-05-14 13:04 - 2013-04-04 22:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-05-14 13:04 - 2013-04-04 22:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-05-14 13:04 - 2013-04-04 22:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll2013-05-14 13:04 - 2013-04-04 22:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll2013-05-14 13:04 - 2013-04-04 22:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-05-14 13:04 - 2013-04-04 22:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll2013-05-14 13:04 - 2013-04-04 21:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-05-14 13:04 - 2013-04-04 21:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-05-14 13:04 - 2013-04-04 21:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-05-14 13:04 - 2013-04-04 21:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-05-14 13:04 - 2013-04-04 21:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-05-14 13:04 - 2013-04-04 21:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-05-14 13:04 - 2013-04-04 21:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-05-14 13:04 - 2013-04-04 21:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-05-14 13:04 - 2013-04-04 21:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-05-14 13:04 - 2013-04-04 21:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-05-14 13:04 - 2013-04-04 21:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-05-14 13:04 - 2013-04-04 21:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-05-14 13:04 - 2013-04-04 21:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-05-14 13:04 - 2013-04-04 20:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-05-14 13:04 - 2013-04-04 20:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-05-14 13:04 - 2013-04-04 19:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe2013-05-14 13:04 - 2013-04-04 19:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-05-14 11:33 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys2013-05-14 11:33 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys2013-05-14 11:33 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys2013-05-14 11:33 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll2013-05-14 11:33 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll2013-05-14 11:33 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe2013-05-14 11:33 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll2013-05-14 11:33 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll2013-05-14 11:33 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll2013-05-14 11:33 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll2013-05-14 11:33 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2013-05-14 11:33 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll2013-05-14 11:33 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2013-05-14 11:33 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll2013-05-13 16:19 - 2013-05-13 16:19 - 00000000 ____D C:\Users\Brett\Documents\Rainmeter2013-05-13 15:59 - 2013-05-13 15:59 - 00000000 ____D C:\Users\Brett\AppData\Local\SplitMediaLabs2013-05-13 15:57 - 2013-05-13 15:57 - 00000000 ____D C:\ProgramData\SplitMediaLabs2013-05-13 15:56 - 2013-05-27 10:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2013-05-13 15:56 - 2013-05-14 18:30 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-05-13 15:56 - 2013-05-14 18:30 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-05-13 15:56 - 2013-05-13 15:56 - 00000000 ____D C:\Windows\SysWOW64\Macromed2013-05-13 15:56 - 2013-05-13 15:56 - 00000000 ____D C:\Windows\System32\Macromed2013-05-13 15:56 - 2013-05-13 15:56 - 00000000 ____D C:\Users\Brett\AppData\Roaming\SplitMediaLabs2013-05-13 15:45 - 2013-05-13 15:50 - 00000000 ____D C:\Users\Brett\AppData\Roaming\Origin2013-05-13 15:45 - 2013-05-13 15:45 - 00000000 ____D C:\Users\Brett\AppData\Local\Origin2013-05-13 15:45 - 2013-05-13 15:45 - 00000000 ____D C:\Program Files (x86)\Origin Games2013-05-13 15:44 - 2013-05-13 15:50 - 00000000 ____D C:\ProgramData\Origin2013-05-13 15:44 - 2013-05-13 15:44 - 00000000 ____D C:\ProgramData\Electronic Arts2013-05-13 14:07 - 2013-05-13 14:07 - 00000000 ____D C:\Users\Brett\Documents\Image-Line2013-05-13 14:07 - 2013-05-13 14:07 - 00000000 ____D C:\Users\Brett\AppData\Roaming\Image-Line2013-05-13 14:07 - 2013-05-13 14:07 - 00000000 ____D C:\Program Files\Image-Line2013-05-13 14:07 - 2013-05-13 14:07 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v22013-05-13 14:07 - 2013-03-12 02:47 - 01431552 ____A (Propellerhead Software AB) C:\Windows\SysWOW64\rewire.dll2013-05-13 14:07 - 2009-09-15 01:14 - 01554944 ____A (HMS http://hp.vector.co.jp/authors/VA012897/) C:\Windows\SysWOW64\vorbis.acm2013-05-13 14:06 - 2013-05-13 14:06 - 00000000 ____D C:\Users\Brett\AppData\Roaming\FlowStone2013-05-13 14:06 - 2013-05-13 14:06 - 00000000 ____D C:\Program Files (x86)\DSPRobotics2013-05-13 14:05 - 2013-05-13 14:07 - 00000000 ____D C:\Program Files (x86)\Image-Line2013-05-13 13:59 - 2013-05-13 14:05 - 307359850 ____A (Image-Line) C:\Users\Brett\Downloads\flstudio_11.exe2013-05-13 13:58 - 2013-05-13 13:58 - 00000000 ____D C:\Users\Brett\AppData\Local\getsav-in2013-05-12 06:14 - 2013-05-12 06:14 - 00069632 ____A C:\Users\Brett\Documents\WHEA 1.evtx2013-05-11 08:57 - 2013-05-11 08:57 - 00287956 ____A C:\Windows\msxml4-KB954430-enu.LOG2013-05-11 08:57 - 2013-05-11 08:57 - 00284150 ____A C:\Windows\msxml4-KB973688-enu.LOG2013-05-11 08:57 - 2013-05-11 08:57 - 00000000 ____D C:\Program Files (x86)\MSXML 4.02013-05-10 19:44 - 2013-05-10 19:44 - 00000000 ____D C:\Users\Brett\AppData\Local\Autodesk,_Inc2013-05-10 19:42 - 2013-05-10 19:42 - 00000000 ____D C:\Users\Brett\AppData\Local\Granta Design2013-05-10 19:41 - 2013-05-10 19:41 - 00000000 ____D C:\ProgramData\FLEXnet2013-05-10 19:07 - 2013-05-10 19:07 - 00000000 ____D C:\ProgramData\FARO2013-05-10 18:51 - 2013-05-10 19:42 - 00000000 ____D C:\Users\Brett\Documents\Inventor2013-05-10 18:50 - 2013-05-10 18:50 - 00000000 ____D C:\Users\Brett\Documents\Autodesk2013-05-10 18:50 - 2013-05-10 18:50 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared2013-05-10 18:44 - 2013-05-10 18:44 - 00000000 ____D C:\Program Files (x86)\Autodesk2013-05-10 18:41 - 2013-05-10 19:41 - 00000000 ____D C:\Users\Brett\AppData\Local\Autodesk2013-05-10 18:41 - 2013-05-10 18:50 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared2013-05-10 18:41 - 2013-05-10 18:49 - 00000000 ____D C:\Users\Public\Documents\Autodesk2013-05-10 18:41 - 2013-05-10 18:43 - 00000000 ____D C:\Program Files\Autodesk2013-05-10 18:41 - 2013-05-10 18:41 - 00000000 ____D C:\Program Files (x86)\DWG TrueView 20142013-05-10 18:33 - 2013-05-10 19:44 - 00000000 ____D C:\Users\Brett\AppData\Roaming\Autodesk2013-05-10 18:33 - 2013-05-10 19:42 - 00000000 ____D C:\ProgramData\Autodesk2013-05-10 18:32 - 2013-05-10 18:32 - 00000000 ____D C:\Users\Brett\AppData\Local\Akamai2013-05-10 18:31 - 2013-05-10 18:31 - 00000000 ____D C:\Autodesk2013-05-10 15:40 - 2013-05-10 15:40 - 00000000 ____D C:\Windows\Downloaded Installations2013-05-10 13:17 - 2013-05-10 13:17 - 00000000 ____D C:\Program Files\CPUID2013-05-09 17:55 - 2013-05-09 17:55 - 00000000 ____D C:\Users\Brett\AppData\Local\EdgeOfReality2013-05-07 15:51 - 2013-05-07 15:51 - 16846848 ____A C:\Users\Brett\Documents\LOG-1.evtx2013-05-05 19:18 - 2013-05-26 20:46 - 00000000 ____D C:\Windows\Minidump2013-05-05 17:48 - 2013-05-05 17:48 - 00000000 __SHD C:\ProgramData\SecuROM2013-05-05 17:41 - 2013-05-05 17:41 - 00178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll2013-05-05 17:41 - 2013-05-05 17:41 - 00000000 __RHD C:\Users\Brett\AppData\Roaming\SecuROM2013-05-05 17:41 - 2013-05-05 17:41 - 00000000 ____D C:\Windows\SysWOW64\xlive2013-05-05 17:41 - 2013-05-05 17:41 - 00000000 ____D C:\Users\Brett\AppData\Local\Rockstar Games2013-05-05 17:41 - 2013-05-05 17:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE2013-05-05 10:57 - 2013-05-05 10:57 - 00001737 ____A C:\Windows\System32\lvcoinst.log2013-05-05 10:57 - 2013-05-05 10:57 - 00000000 ____D C:\Program Files\Common Files\logishrd2013-05-03 20:20 - 2013-05-03 20:20 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 20122013-05-03 20:20 - 2013-05-03 20:20 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 20122013-05-03 12:52 - 2013-05-03 12:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2013-05-03 11:32 - 2013-05-03 11:32 - 00000230 ____A C:\Windows\Cm112.ini.imi2013-05-03 11:32 - 2013-05-03 11:32 - 00000185 ____A C:\Windows\Cm112.ini.cfl2013-05-03 11:32 - 2010-04-22 23:14 - 01308160 ____A (C-Media Electronics Inc) C:\Windows\System32\Drivers\cm11264.sys2013-05-03 11:32 - 2010-04-22 23:14 - 00779776 ___RA C:\Windows\System32\Cmeau112.exe2013-05-03 11:32 - 2010-04-22 23:14 - 00524768 ___RA (Microsoft Corporation) C:\Windows\difxapi.dll2013-05-03 11:32 - 2010-04-22 23:14 - 00354304 ___RA C:\Windows\System32\CmiInstallResAll64.dll2013-05-03 11:32 - 2010-04-22 23:14 - 00004608 ___RA C:\Windows\Thumbs.db2013-05-03 11:32 - 2010-04-22 23:14 - 00001198 ___RA C:\Windows\Cm112.ini.cfg2013-05-02 19:51 - 2013-05-26 19:48 - 00000000 ____D C:\Users\Brett\.VirtualBox2013-05-02 19:51 - 2013-04-12 07:41 - 00237840 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys2013-05-02 19:51 - 2013-04-12 07:40 - 00120080 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys2013-05-02 19:49 - 2013-05-02 19:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SaiK075C_01009.Wdf2013-05-02 15:26 - 2013-05-02 15:26 - 00000000 ____D C:\Users\Brett\AppData\Local\SmartTechnology2013-05-02 15:18 - 2013-05-02 15:18 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SaiK0CCB_01009.Wdf2013-04-30 12:10 - 2013-05-14 17:28 - 00000000 ____D C:\Users\Brett\AppData\Roaming\Audacity2013-04-30 11:59 - 2013-04-30 11:59 - 00008704 ___AH C:\Users\Brett\Desktop\WindowsApplication1.v11.suo2013-04-30 11:50 - 2013-05-23 18:12 - 00000000 ____D C:\Users\Brett\Documents\Visual Studio 20122013-04-30 11:50 - 2013-04-30 11:50 - 00000000 ____D C:\Windows\symbols2013-04-30 11:50 - 2013-04-30 11:50 - 00000000 ____D C:\Program Files (x86)\NuGet2013-04-30 11:49 - 2013-04-30 11:50 - 00000000 ____D C:\Program Files\Microsoft SQL Server2013-04-30 11:49 - 2013-04-30 11:50 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server2013-04-30 11:49 - 2013-04-30 11:49 - 00000000 ____D C:\Windows\SysWOW64\10332013-04-30 11:49 - 2013-04-30 11:49 - 00000000 ____D C:\Windows\System32\10332013-04-30 11:49 - 2013-04-30 11:49 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition2013-04-30 11:49 - 2013-04-30 11:49 - 00000000 ____D C:\Program Files (x86)\Windows Kits2013-04-30 11:49 - 2013-04-30 11:49 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition2013-04-30 11:49 - 2013-04-30 11:49 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs2013-04-30 11:49 - 2013-04-30 11:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer2013-04-30 07:48 - 2013-04-30 07:48 - 00959488 ____A C:\Windows\System32\SaiC075C.Dll2013-04-30 07:48 - 2013-04-30 07:48 - 00181024 ____A (Saitek) C:\Windows\System32\Drivers\SaiK075C.sys2013-04-30 07:48 - 2013-04-30 07:48 - 00010010 ____A C:\Windows\System32\SaiD075C.pr02013-04-30 07:48 - 2013-04-30 07:48 - 00008704 ____A C:\Windows\System32\SaiC075C_0C.dll2013-04-30 07:48 - 2013-04-30 07:48 - 00008192 ____A C:\Windows\System32\SaiC075C_10.dll2013-04-30 07:48 - 2013-04-30 07:48 - 00008192 ____A C:\Windows\System32\SaiC075C_0A.dll2013-04-30 07:48 - 2013-04-30 07:48 - 00008192 ____A C:\Windows\System32\SaiC075C_07.dll2013-04-30 07:48 - 2013-04-30 07:48 - 00007680 ____A C:\Windows\System32\SaiC075C_19.dll2013-04-30 07:48 - 2013-04-30 07:48 - 00007168 ____A C:\Windows\System32\SaiC075C_09.dll2013-04-30 07:48 - 2013-04-30 07:48 - 00007168 ____A C:\Windows\System32\SaiC075C_05.dll2013-04-30 07:48 - 2013-04-30 07:48 - 00006656 ____A C:\Windows\System32\SaiC075C_0402.dll2013-04-30 07:48 - 2013-04-30 07:48 - 00005632 ____A C:\Windows\System32\SaiC075C_11.dll2013-04-30 07:48 - 2013-04-30 07:48 - 00005120 ____A C:\Windows\System32\SaiC075C_12.dll2013-04-29 17:16 - 2013-05-13 16:18 - 00000000 ____D C:\ProgramData\Package Cache2013-04-29 17:14 - 2013-04-29 17:14 - 00000000 ____D C:\Users\Brett\.idlerc2013-04-29 17:00 - 2013-04-29 17:00 - 00231376 ____A (TrueCrypt Foundation) C:\Windows\System32\Drivers\truecrypt.sys2013-04-29 17:00 - 2013-04-29 17:00 - 00000000 ____D C:\Program Files\TrueCrypt2013-04-29 16:52 - 2013-04-29 16:52 - 00000000 ____D C:\Program Files (x86)\proXPN2013-04-29 16:43 - 2013-05-27 09:21 - 00000000 ____D C:\Users\Brett\AppData\Roaming\uTorrent2013-04-29 14:35 - 2013-04-29 14:35 - 01092512 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll2013-04-29 14:35 - 2013-04-29 14:35 - 00971680 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll2013-04-29 14:35 - 2013-04-29 14:35 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe2013-04-29 14:35 - 2013-04-29 14:35 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe2013-04-29 14:35 - 2013-04-29 14:35 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe2013-04-29 14:35 - 2013-04-29 14:35 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll2013-04-29 14:35 - 2013-04-29 14:35 - 00000000 ____D C:\Program Files\Java2013-04-29 14:29 - 2013-04-29 14:29 - 00000000 ____D C:\Users\Brett\AppData\Roaming\.technic2013-04-29 14:20 - 2013-04-29 14:28 - 00000000 ____D C:\Users\Brett\AppData\Roaming\.minecraft2013-04-29 14:19 - 2013-04-29 14:19 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll2013-04-29 14:19 - 2013-04-29 14:19 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll2013-04-29 14:18 - 2013-04-29 14:18 - 00000000 ____D C:\ProgramData\McAfee2013-04-27 08:33 - 2013-04-27 08:33 - 00000834 ____A C:\Users\Brett\Desktop\Photos - Shortcut.lnk2013-04-27 02:44 - 2013-05-02 19:49 - 00000000 ____D C:\ProgramData\SmartTechnology2013-04-27 02:44 - 2013-04-27 02:44 - 00000000 ____D C:\Program Files\SmartTechnology==================== One Month Modified Files and Folders =======2013-05-27 17:47 - 2013-05-27 17:47 - 00000000 ____D C:\FRST2013-05-27 12:54 - 2013-05-27 12:09 - 00162008 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys2013-05-27 12:47 - 2013-05-27 12:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-05-27 12:46 - 2013-04-24 07:21 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-05-27 12:46 - 2013-04-24 07:01 - 00000000 ____D C:\ProgramData\NVIDIA2013-05-27 12:46 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-05-27 12:46 - 2009-07-13 20:51 - 00042290 ____A C:\Windows\setupact.log2013-05-27 12:31 - 2013-05-27 12:08 - 00036680 ____A C:\Windows\System32\Drivers\mbamchameleon.sys2013-05-27 12:17 - 2013-05-27 11:55 - 00000000 ____D C:\ProgramData\boost_interprocess2013-05-27 12:17 - 2013-04-25 03:52 - 00000000 ____D C:\Program Files (x86)\Steam2013-05-27 12:08 - 2013-05-27 12:08 - 00000000 ____D C:\Users\Brett\Desktop\MBAR2013-05-27 12:03 - 2013-05-27 12:03 - 00000948 ____A C:\Users\Brett\Desktop\JRT.txt2013-05-27 12:03 - 2013-04-24 06:18 - 01802653 ____A C:\Windows\WindowsUpdate.log2013-05-27 12:03 - 2009-07-13 21:13 - 00780436 ____A C:\Windows\System32\PerfStringBackup.INI2013-05-27 12:00 - 2013-05-27 12:00 - 00000000 ____D C:\Windows\ERUNT2013-05-27 12:00 - 2013-05-27 12:00 - 00000000 ____D C:\JRT2013-05-27 11:58 - 2013-05-27 12:00 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Brett\Desktop\JRT.exe2013-05-27 11:55 - 2013-05-27 11:54 - 00001307 ____A C:\AdwCleaner[s1].txt2013-05-27 11:53 - 2013-05-27 11:53 - 00001229 ____A C:\AdwCleaner[R2].txt2013-05-27 11:18 - 2013-05-27 11:18 - 00001682 ____A C:\Users\Brett\Desktop\RKreport[1]_S_05272013_02d1518.txt2013-05-27 11:18 - 2013-05-27 11:17 - 00000000 ____D C:\Users\Brett\Desktop\RK_Quarantine2013-05-27 11:11 - 2013-05-27 11:11 - 00001169 ____A C:\AdwCleaner[R1].txt2013-05-27 11:03 - 2013-05-27 11:03 - 00000924 ____A C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk2013-05-27 11:03 - 2013-05-27 11:03 - 00000924 ____A C:\Users\Brett\Desktop\NTREGOPT.lnk2013-05-27 11:03 - 2013-05-27 11:03 - 00000905 ____A C:\Users\UpdatusUser\Desktop\ERUNT.lnk2013-05-27 11:03 - 2013-05-27 11:03 - 00000905 ____A C:\Users\Brett\Desktop\ERUNT.lnk2013-05-27 11:03 - 2013-05-27 11:03 - 00000000 ____D C:\Windows\ERDNT2013-05-27 11:03 - 2013-05-27 11:03 - 00000000 ____D C:\Program Files (x86)\ERUNT2013-05-27 10:30 - 2013-05-13 15:56 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2013-05-27 09:39 - 2009-07-13 20:45 - 00021888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-05-27 09:39 - 2009-07-13 20:45 - 00021888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-05-27 09:38 - 2013-05-27 09:38 - 00021181 ____A C:\Users\Brett\Desktop\dds.txt2013-05-27 09:38 - 2013-05-27 09:38 - 00011945 ____A C:\Users\Brett\Desktop\attach.txt2013-05-27 09:37 - 2013-05-27 09:38 - 00688992 ____R (Swearware) C:\Users\Brett\Desktop\dds.com2013-05-27 09:37 - 2013-04-24 07:21 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-05-27 09:26 - 2010-11-20 19:47 - 00167844 ____A C:\Windows\PFRO.log2013-05-27 09:23 - 2013-04-24 06:18 - 00000000 ____D C:\Users\Brett\AppData\Local\VirtualStore2013-05-27 09:21 - 2013-04-29 16:43 - 00000000 ____D C:\Users\Brett\AppData\Roaming\uTorrent2013-05-27 09:19 - 2009-07-13 21:08 - 00032584 ____A C:\Windows\Tasks\SCHEDLGU.TXT2013-05-27 08:54 - 2013-04-25 03:57 - 00000021 ____A C:\Users\Brett\AppData\Roaming\config_data.dat2013-05-27 08:54 - 2013-04-24 07:20 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information2013-05-27 08:53 - 2013-05-26 10:23 - 00000000 ____D C:\Users\Brett\AppData\Local\LogMeIn Hamachi2013-05-26 20:48 - 2013-05-14 15:27 - 00000000 ____D C:\Users\Brett\Desktop\Games2013-05-26 20:46 - 2013-05-14 15:23 - 00000000 ____D C:\Users\Brett\Desktop\Coding, Productivity2013-05-26 20:46 - 2013-05-05 19:18 - 00000000 ____D C:\Windows\Minidump2013-05-26 20:45 - 2013-05-26 20:45 - 00054410 ____A C:\Users\Brett\Documents\REG-2.reg2013-05-26 20:44 - 2013-05-26 20:44 - 00000000 ____D C:\Program Files\CCleaner2013-05-26 19:48 - 2013-05-02 19:51 - 00000000 ____D C:\Users\Brett\.VirtualBox2013-05-26 19:47 - 2013-05-14 15:26 - 00000000 ____D C:\Users\Brett\Desktop\Antivirus, Gaming2013-05-26 19:16 - 2013-04-25 07:11 - 00000000 ____D C:\Users\Brett\AppData\Roaming\Skype2013-05-26 10:23 - 2013-05-26 10:23 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi2013-05-26 09:57 - 2013-05-26 09:57 - 00000000 ____D C:\Users\Brett\Documents\Wizards of the Coast2013-05-26 09:57 - 2013-04-24 07:33 - 00132925 ____A C:\Windows\DirectX.log2013-05-26 08:26 - 2013-05-26 08:26 - 00150860 ____A C:\ProgramData\1369581972.bdinstall.bin2013-05-26 07:29 - 2013-05-27 10:33 - 00000000 ____A C:\Windows\System32\Drivers\avchv.sys2013-05-26 07:29 - 2013-04-25 00:59 - 00000000 ____D C:\Program Files\Bitdefender2013-05-26 07:19 - 2013-05-26 07:19 - 352292784 ____A C:\Windows\System32\REGSITRYBACKUP-1.reg2013-05-26 07:18 - 2013-05-25 17:47 - 00001945 ____A C:\Windows\epplauncher.mif2013-05-25 17:50 - 2013-05-14 15:24 - 00000000 ____D C:\Users\Brett\Desktop\Benchmark, Moniters2013-05-25 17:40 - 2013-05-25 17:40 - 00238132 ____A C:\ProgramData\1369532333.bdinstall.bin2013-05-25 17:39 - 2013-04-25 00:58 - 00000000 ____D C:\Program Files\Common Files\Bitdefender2013-05-25 17:37 - 2013-05-25 17:37 - 00000000 ____D C:\Program Files (x86)\VS Revo Group2013-05-24 20:08 - 2013-05-24 12:27 - 00000000 ____D C:\Users\Brett\Documents\PhoenixRC2013-05-23 18:19 - 2013-05-23 18:19 - 00000000 ____D C:\Put a directory on PYTHONPATH here2013-05-23 18:12 - 2013-04-30 11:50 - 00000000 ____D C:\Users\Brett\Documents\Visual Studio 20122013-05-22 13:53 - 2013-05-22 13:53 - 00419663 ____A C:\Users\Brett\Documents\Computerpartsinvoice.xps2013-05-20 17:54 - 2013-05-20 17:54 - 00000000 ____D C:\Users\Brett\Documents\Rockstar Games2013-05-20 14:18 - 2013-05-20 14:18 - 00000000 ____D C:\Users\Brett\Documents\SavedGames2013-05-20 13:25 - 2013-05-20 13:25 - 00000000 ____D C:\Windows\pss2013-05-19 15:38 - 2013-05-19 15:38 - 00000000 ____D C:\Users\Brett\AppData\LocalGoogle2013-05-19 15:38 - 2013-04-24 07:21 - 00000000 ____D C:\Users\Brett\AppData\Local\Google2013-05-19 15:38 - 2013-04-24 07:21 - 00000000 ____D C:\Program Files (x86)\Google2013-05-18 17:33 - 2013-05-18 17:33 - 20971520 ____A C:\START(Ipadpass)2013-05-18 17:32 - 2013-05-18 17:30 - 00000000 ____D C:\Users\Brett\AppData\Roaming\TrueCrypt2013-05-18 13:53 - 2013-04-25 04:16 - 00000000 ____D C:\Users\Brett\Documents\my games2013-05-18 12:41 - 2013-04-25 07:11 - 00000000 ___RD C:\Program Files (x86)\Skype2013-05-18 12:41 - 2013-04-25 07:11 - 00000000 ____D C:\ProgramData\Skype2013-05-16 13:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache2013-05-14 18:30 - 2013-05-13 15:56 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-05-14 18:30 - 2013-05-13 15:56 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-05-14 17:28 - 2013-04-30 12:10 - 00000000 ____D C:\Users\Brett\AppData\Roaming\Audacity2013-05-14 15:58 - 2013-05-14 15:58 - 02143832 ____A C:\Users\Brett\Downloads\instsf449.exe2013-05-14 15:58 - 2013-05-14 15:58 - 00001007 ____A C:\Users\UpdatusUser\Desktop\SpeedFan.lnk2013-05-14 15:58 - 2013-05-14 15:58 - 00000045 ____A C:\Windows\SysWOW64\initdebug.nfo2013-05-14 15:58 - 2013-05-14 15:58 - 00000000 ____D C:\Program Files (x86)\SpeedFan2013-05-14 15:57 - 2013-04-25 03:42 - 00000000 ____D C:\Users\Brett\AppData\Roaming\Mozilla2013-05-14 15:23 - 2013-05-14 15:22 - 00000000 ____D C:\Users\Brett\AppData\Roaming\WinRAR2013-05-14 15:22 - 2013-05-14 15:22 - 00000000 ____D C:\Program Files (x86)\WinRAR2013-05-14 15:16 - 2013-05-14 15:16 - 00000000 ____D C:\Users\Brett\AppData\Roaming\Rainmeter2013-05-14 15:10 - 2013-05-14 15:10 - 00000000 ____D C:\Program Files\Rainmeter2013-05-14 15:00 - 2009-07-13 20:45 - 00376400 ____A C:\Windows\System32\FNTCACHE.DAT2013-05-14 13:04 - 2013-04-26 01:41 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe2013-05-13 16:19 - 2013-05-13 16:19 - 00000000 ____D C:\Users\Brett\Documents\Rainmeter2013-05-13 16:18 - 2013-04-29 17:16 - 00000000 ____D C:\ProgramData\Package Cache2013-05-13 15:59 - 2013-05-13 15:59 - 00000000 ____D C:\Users\Brett\AppData\Local\SplitMediaLabs2013-05-13 15:57 - 2013-05-13 15:57 - 00000000 ____D C:\ProgramData\SplitMediaLabs2013-05-13 15:56 - 2013-05-13 15:56 - 00000000 ____D C:\Windows\SysWOW64\Macromed2013-05-13 15:56 - 2013-05-13 15:56 - 00000000 ____D C:\Windows\System32\Macromed2013-05-13 15:56 - 2013-05-13 15:56 - 00000000 ____D C:\Users\Brett\AppData\Roaming\SplitMediaLabs2013-05-13 15:50 - 2013-05-13 15:45 - 00000000 ____D C:\Users\Brett\AppData\Roaming\Origin2013-05-13 15:50 - 2013-05-13 15:44 - 00000000 ____D C:\ProgramData\Origin2013-05-13 15:45 - 2013-05-13 15:45 - 00000000 ____D C:\Users\Brett\AppData\Local\Origin2013-05-13 15:45 - 2013-05-13 15:45 - 00000000 ____D C:\Program Files (x86)\Origin Games2013-05-13 15:44 - 2013-05-13 15:44 - 00000000 ____D C:\ProgramData\Electronic Arts2013-05-13 14:07 - 2013-05-13 14:07 - 00000000 ____D C:\Users\Brett\Documents\Image-Line2013-05-13 14:07 - 2013-05-13 14:07 - 00000000 ____D C:\Users\Brett\AppData\Roaming\Image-Line2013-05-13 14:07 - 2013-05-13 14:07 - 00000000 ____D C:\Program Files\Image-Line2013-05-13 14:07 - 2013-05-13 14:07 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v22013-05-13 14:07 - 2013-05-13 14:05 - 00000000 ____D C:\Program Files (x86)\Image-Line2013-05-13 14:06 - 2013-05-13 14:06 - 00000000 ____D C:\Users\Brett\AppData\Roaming\FlowStone2013-05-13 14:06 - 2013-05-13 14:06 - 00000000 ____D C:\Program Files (x86)\DSPRobotics2013-05-13 14:05 - 2013-05-13 13:59 - 307359850 ____A (Image-Line) C:\Users\Brett\Downloads\flstudio_11.exe2013-05-13 13:58 - 2013-05-13 13:58 - 00000000 ____D C:\Users\Brett\AppData\Local\getsav-in2013-05-12 06:14 - 2013-05-12 06:14 - 00069632 ____A C:\Users\Brett\Documents\WHEA 1.evtx2013-05-12 05:43 - 2013-04-25 01:01 - 00108016 ____A C:\Users\Brett\AppData\Local\GDIPFONTCACHEV1.DAT2013-05-11 13:26 - 2013-04-25 03:57 - 00000000 ____D C:\Users\Brett\AppData\Roaming\Corsair2013-05-11 08:57 - 2013-05-11 08:57 - 00287956 ____A C:\Windows\msxml4-KB954430-enu.LOG2013-05-11 08:57 - 2013-05-11 08:57 - 00284150 ____A C:\Windows\msxml4-KB973688-enu.LOG2013-05-11 08:57 - 2013-05-11 08:57 - 00000000 ____D C:\Program Files (x86)\MSXML 4.02013-05-10 19:44 - 2013-05-10 19:44 - 00000000 ____D C:\Users\Brett\AppData\Local\Autodesk,_Inc2013-05-10 19:44 - 2013-05-10 18:33 - 00000000 ____D C:\Users\Brett\AppData\Roaming\Autodesk2013-05-10 19:42 - 2013-05-10 19:42 - 00000000 ____D C:\Users\Brett\AppData\Local\Granta Design2013-05-10 19:42 - 2013-05-10 18:51 - 00000000 ____D C:\Users\Brett\Documents\Inventor2013-05-10 19:42 - 2013-05-10 18:33 - 00000000 ____D C:\ProgramData\Autodesk2013-05-10 19:41 - 2013-05-10 19:41 - 00000000 ____D C:\ProgramData\FLEXnet2013-05-10 19:41 - 2013-05-10 18:41 - 00000000 ____D C:\Users\Brett\AppData\Local\Autodesk2013-05-10 19:07 - 2013-05-10 19:07 - 00000000 ____D C:\ProgramData\FARO2013-05-10 18:50 - 2013-05-10 18:50 - 00000000 ____D C:\Users\Brett\Documents\Autodesk2013-05-10 18:50 - 2013-05-10 18:50 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared2013-05-10 18:50 - 2013-05-10 18:41 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared2013-05-10 18:49 - 2013-05-10 18:41 - 00000000 ____D C:\Users\Public\Documents\Autodesk2013-05-10 18:44 - 2013-05-10 18:44 - 00000000 ____D C:\Program Files (x86)\Autodesk2013-05-10 18:43 - 2013-05-10 18:41 - 00000000 ____D C:\Program Files\Autodesk2013-05-10 18:41 - 2013-05-10 18:41 - 00000000 ____D C:\Program Files (x86)\DWG TrueView 20142013-05-10 18:37 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared2013-05-10 18:32 - 2013-05-10 18:32 - 00000000 ____D C:\Users\Brett\AppData\Local\Akamai2013-05-10 18:31 - 2013-05-10 18:31 - 00000000 ____D C:\Autodesk2013-05-10 15:40 - 2013-05-10 15:40 - 00000000 ____D C:\Windows\Downloaded Installations2013-05-10 13:17 - 2013-05-10 13:17 - 00000000 ____D C:\Program Files\CPUID2013-05-09 17:55 - 2013-05-09 17:55 - 00000000 ____D C:\Users\Brett\AppData\Local\EdgeOfReality2013-05-07 15:51 - 2013-05-07 15:51 - 16846848 ____A C:\Users\Brett\Documents\LOG-1.evtx2013-05-05 17:48 - 2013-05-05 17:48 - 00000000 __SHD C:\ProgramData\SecuROM2013-05-05 17:41 - 2013-05-05 17:41 - 00178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll2013-05-05 17:41 - 2013-05-05 17:41 - 00000000 __RHD C:\Users\Brett\AppData\Roaming\SecuROM2013-05-05 17:41 - 2013-05-05 17:41 - 00000000 ____D C:\Windows\SysWOW64\xlive2013-05-05 17:41 - 2013-05-05 17:41 - 00000000 ____D C:\Users\Brett\AppData\Local\Rockstar Games2013-05-05 17:41 - 2013-05-05 17:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE2013-05-05 10:57 - 2013-05-05 10:57 - 00001737 ____A C:\Windows\System32\lvcoinst.log2013-05-05 10:57 - 2013-05-05 10:57 - 00000000 ____D C:\Program Files\Common Files\logishrd2013-05-05 07:13 - 2013-04-25 00:58 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK2013-05-04 09:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports2013-05-04 08:55 - 2013-04-25 00:58 - 00000000 ____D C:\Program Files (x86)\Zemana AntiLogger Free2013-05-03 20:20 - 2013-05-03 20:20 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 20122013-05-03 20:20 - 2013-05-03 20:20 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 20122013-05-03 12:52 - 2013-05-03 12:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2013-05-03 11:32 - 2013-05-03 11:32 - 00000230 ____A C:\Windows\Cm112.ini.imi2013-05-03 11:32 - 2013-05-03 11:32 - 00000185 ____A C:\Windows\Cm112.ini.cfl2013-05-03 11:32 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system2013-05-02 19:51 - 2013-04-24 06:18 - 00000000 ____D C:\users\Brett2013-05-02 19:49 - 2013-05-02 19:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SaiK075C_01009.Wdf2013-05-02 19:49 - 2013-04-27 02:44 - 00000000 ____D C:\ProgramData\SmartTechnology2013-05-02 16:10 - 2013-04-25 00:58 - 00025568 ____A (Zemana Ltd.) C:\Windows\System32\Drivers\KeyCrypt64.sys2013-05-02 15:26 - 2013-05-02 15:26 - 00000000 ____D C:\Users\Brett\AppData\Local\SmartTechnology2013-05-02 15:18 - 2013-05-02 15:18 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SaiK0CCB_01009.Wdf2013-05-02 07:29 - 2010-11-20 19:27 - 00278800 ____N C:\Windows\System32\MpSigStub.exe2013-04-30 12:53 - 2013-04-24 07:19 - 00772558 ____A C:\Windows\SysWOW64\PerfStringBackup.INI2013-04-30 11:59 - 2013-04-30 11:59 - 00008704 ___AH C:\Users\Brett\Desktop\WindowsApplication1.v11.suo2013-04-30 11:50 - 2013-04-30 11:50 - 00000000 ____D C:\Windows\symbols2013-04-30 11:50 - 2013-04-30 11:50 - 00000000 ____D C:\Program Files (x86)\NuGet2013-04-30 11:50 - 2013-04-30 11:49 - 00000000 ____D C:\Program Files\Microsoft SQL Server2013-04-30 11:50 - 2013-04-30 11:49 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server2013-04-30 11:49 - 2013-04-30 11:49 - 00000000 ____D C:\Windows\SysWOW64\10332013-04-30 11:49 - 2013-04-30 11:49 - 00000000 ____D C:\Windows\System32\10332013-04-30 11:49 - 2013-04-30 11:49 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition2013-04-30 11:49 - 2013-04-30 11:49 - 00000000 ____D C:\Program Files (x86)\Windows Kits2013-04-30 11:49 - 2013-04-30 11:49 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition2013-04-30 11:49 - 2013-04-30 11:49 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs2013-04-30 11:49 - 2013-04-30 11:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer2013-04-30 11:49 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\MSBuild2013-04-30 07:48 - 2013-04-30 07:48 - 00959488 ____A C:\Windows\System32\SaiC075C.Dll2013-04-30 07:48 - 2013-04-30 07:48 - 00181024 ____A (Saitek) C:\Windows\System32\Drivers\SaiK075C.sys2013-04-30 07:48 - 2013-04-30 07:48 - 00010010 ____A C:\Windows\System32\SaiD075C.pr02013-04-30 07:48 - 2013-04-30 07:48 - 00008704 ____A C:\Windows\System32\SaiC075C_0C.dll2013-04-30 07:48 - 2013-04-30 07:48 - 00008192 ____A C:\Windows\System32\SaiC075C_10.dll2013-04-30 07:48 - 2013-04-30 07:48 - 00008192 ____A C:\Windows\System32\SaiC075C_0A.dll2013-04-30 07:48 - 2013-04-30 07:48 - 00008192 ____A C:\Windows\System32\SaiC075C_07.dll2013-04-30 07:48 - 2013-04-30 07:48 - 00007680 ____A C:\Windows\System32\SaiC075C_19.dll2013-04-30 07:48 - 2013-04-30 07:48 - 00007168 ____A C:\Windows\System32\SaiC075C_09.dll2013-04-30 07:48 - 2013-04-30 07:48 - 00007168 ____A C:\Windows\System32\SaiC075C_05.dll2013-04-30 07:48 - 2013-04-30 07:48 - 00006656 ____A C:\Windows\System32\SaiC075C_0402.dll2013-04-30 07:48 - 2013-04-30 07:48 - 00005632 ____A C:\Windows\System32\SaiC075C_11.dll2013-04-30 07:48 - 2013-04-30 07:48 - 00005120 ____A C:\Windows\System32\SaiC075C_12.dll2013-04-29 17:14 - 2013-04-29 17:14 - 00000000 ____D C:\Users\Brett\.idlerc2013-04-29 17:00 - 2013-04-29 17:00 - 00231376 ____A (TrueCrypt Foundation) C:\Windows\System32\Drivers\truecrypt.sys2013-04-29 17:00 - 2013-04-29 17:00 - 00000000 ____D C:\Program Files\TrueCrypt2013-04-29 16:52 - 2013-04-29 16:52 - 00000000 ____D C:\Program Files (x86)\proXPN2013-04-29 16:52 - 2009-07-13 18:34 - 00000426 ____A C:\Windows\win.ini2013-04-29 14:35 - 2013-04-29 14:35 - 01092512 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll2013-04-29 14:35 - 2013-04-29 14:35 - 00971680 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll2013-04-29 14:35 - 2013-04-29 14:35 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe2013-04-29 14:35 - 2013-04-29 14:35 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe2013-04-29 14:35 - 2013-04-29 14:35 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe2013-04-29 14:35 - 2013-04-29 14:35 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll2013-04-29 14:35 - 2013-04-29 14:35 - 00000000 ____D C:\Program Files\Java2013-04-29 14:29 - 2013-04-29 14:29 - 00000000 ____D C:\Users\Brett\AppData\Roaming\.technic2013-04-29 14:28 - 2013-04-29 14:20 - 00000000 ____D C:\Users\Brett\AppData\Roaming\.minecraft2013-04-29 14:20 - 2013-04-26 08:08 - 00000000 ____D C:\Users\Brett\AppData\Roaming\NVIDIA2013-04-29 14:19 - 2013-04-29 14:19 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll2013-04-29 14:19 - 2013-04-29 14:19 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll2013-04-29 14:18 - 2013-04-29 14:18 - 00000000 ____D C:\ProgramData\McAfee2013-04-27 08:33 - 2013-04-27 08:33 - 00000834 ____A C:\Users\Brett\Desktop\Photos - Shortcut.lnk2013-04-27 02:53 - 2013-04-24 07:36 - 01065984 ____A C:\Users\Brett\AppData\Local\file__0.localstorage2013-04-27 02:44 - 2013-04-27 02:44 - 00000000 ____D C:\Program Files\SmartTechnology2013-04-27 00:27 - 2013-04-26 02:29 - 00000000 ____D C:\Fraps==================== Known DLLs (Whitelisted) ==================================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points =========================Restore point made on: 2013-05-24 12:05:41Restore point made on: 2013-05-26 09:57:06Restore point made on: 2013-05-26 10:23:14Restore point made on: 2013-05-27 08:54:08==================== Memory info ===========================Percentage of memory in use: 10%Total physical RAM: 8140.16 MBAvailable physical RAM: 7292.73 MBTotal Pagefile: 8138.36 MBAvailable Pagefile: 7291.6 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.85 MB==================== Drives ================================Drive c: () (Fixed) (Total:111.69 GB) (Free:27.66 GB) NTFS (Disk=1 Partition=2)Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS (Disk=1 Partition=1) ==>[system with boot components (obtained from reading drive)]Drive g: () (Removable) (Total:1.86 GB) (Free:1.79 GB) FAT (Disk=2 Partition=1)Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFSDrive y: () (Fixed) (Total:931.51 GB) (Free:802.85 GB) NTFS (Disk=0 Partition=1)==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 32037640)Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)========================================================Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 32037651)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)========================================================Disk: 2 (Size: 2 GB) (Disk ID: 00000000)Partition 1: (Not Active) - (Size=2 GB) - (Type=0E)Last Boot: 2013-05-24 17:39==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 27, 2013 ID:684350 Share Posted May 27, 2013 (edited) This next is a procedure to trim down some auto-start apps.I am removing 3DG4me.exe, and Steam and Autodesk sync & mbar from auto-starting with each Windows startup.Steam you can start on your own manually, as needed.The others are not needed at Windows startup.Please carefully follow this procedure Please download the attached fixlist.txt and SAVE / copy it to your flashdrive.NOTICE: This script was written specifically for this user, for use on this particular system. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7/8: Now please enter System Recovery Options. (as you did before)Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.Fixlist.txt Edited May 27, 2013 by Maurice Naggar Link to post Share on other sites More sharing options...
mccubed27388 Posted May 27, 2013 Author ID:684356 Share Posted May 27, 2013 Thank you for all your help so far Maurice. Do you do this out of your own violition or do you work for Malwarebytes?Here is the log file:Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-05-2013Ran by SYSTEM at 2013-05-27 18:14:53 Run:1Running from G:\Boot Mode: Recovery==============================================HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\3DG4me => Value deleted successfully.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\A0 => Value deleted successfully.HKEY_USERS\Brett\Software\Microsoft\Windows\CurrentVersion\Run\\Steam => Value deleted successfully.HKEY_USERS\Brett\Software\Microsoft\Windows\CurrentVersion\Run\\Autodesk Sync => Value deleted successfully.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 27, 2013 ID:684361 Share Posted May 27, 2013 I am volunteering my help now. As it happens, tomorrow starts my 1st official day on the MB staff.Good run of FRST. Now, restart the pc fresh into normal Windows 7.You will need to turn off your BitDefender a-v before running Combofix.You will want to print out or copy these instructions to Notepad for offline reference!These steps are for member mccubed only. If you are a casual viewer, do NOT try this on your system! If you are not mccubed and have a similar problem, do NOT post here; start your own topicDo not run or start any other programs while these utilities and tools are in use!Do NOT run any other tools on your own or do any fixes other than what is listed here.If you have questions, please ask before you do something on your own.But it is important that you get going on these following steps.=Close any of your open programs while you run these tools.On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.If you have a prior copy of Combofix, delete it now Download Combofix from any of the links below, and SAVE it to your Desktop. Link 1Link 2**Note: It is important that it is saved directly to your Desktop and not run straight away from download **Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsHave infinite patience during the run & scan by Combofix. It has many phases: some 50+ stagesIt will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator". A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. A file will be created at => C:\Combofix.txt. Notes:[1] IF after Combofix reboot you get the message Illegal operation attempted on registry key that has been marked for deletion....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.[2] Do not mouseclick combofix's window nor run any program while Combofix is running.That may cause it to stall.[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh Reply & Copy & Paste contents of the C:\Combofix.txt logand tell me, How is the system now Re-enable your antivirus program. Link to post Share on other sites More sharing options...
mccubed27388 Posted May 27, 2013 Author ID:684363 Share Posted May 27, 2013 Ok, I have one question before I begin. Is it ok if I copy what is downloaded into my download folder onto my desktop, or can I run it from the download folder, or do I hvae to ensure its downloaded directly to my desktop? Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 27, 2013 ID:684365 Share Posted May 27, 2013 For sure, save & have Combofix placed on "the" DESKTOP .....before you start it.Generally speaking, it is recommend that all tools I have you get, to be on the Desktop.Putting them in a folder, will also have the complication of the (later) cleanup steps not being able to delete/cleanup the tools we used. Link to post Share on other sites More sharing options...
Recommended Posts