Over 1 million tech questions and answers.

Internet computer compliance virus infected all safe modes

Q: Internet computer compliance virus infected all safe modes

Title says it all, can't get in any of the safe modes. Saw another guy with the same problem so I followed Gringo's advice on how to run FRST and here are the logs. Assumed I should start my own thread, hope that's cool
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2013
Ran by SYSTEM at 14-01-2013 19:50:59
Running from I:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Dan\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-04-27] (Google Inc.)
HKU\Dan\...\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe [2646128 2010-11-06] (PeerBlock, LLC)
HKU\Dan\...\Run: [rlqvaknd] C:\Users\Dan\AppData\Roaming\unzhaza [x]
HKU\Dan\...\Policies\system: [DisableTaskMgr] 1
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [512360 2012-12-14] (Malwarebytes Corporation)
HKLM-x32\...\Runonce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x]
HKLM\...\Winlogon: [Shell] explorer.exe, C:\ProgramData\unzhaza [x ] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)

==================== Services (Whitelisted) ===================

3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe -service [1296728 2010-12-28] (www.BitComet.com)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)

==================== Drivers (Whitelisted) =====================

1 A2DDA; \??\C:\Users\Dan\Desktop\Run\a2ddax64.sys [23208 2013-01-14] (Emsi Software GmbH)
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========

2013-01-14 19:50 - 2013-01-14 19:50 - 00000000 ____D C:\FRST
2013-01-14 15:38 - 2013-01-14 15:38 - 01593776 ____A (Emsisoft GmbH) C:\Users\Dan\Desktop\start.exe
2013-01-14 15:38 - 2013-01-14 15:38 - 00003902 ____A C:\Users\Dan\Desktop\readme.txt
2013-01-14 15:37 - 2013-01-14 15:37 - 00000060 ____A C:\Users\Dan\Desktop\CommandlineScanner.bat
2013-01-14 15:37 - 2013-01-14 15:37 - 00000056 ____A C:\Users\Dan\Desktop\EmergencyKitScanner.bat
2013-01-14 15:14 - 2013-01-14 15:43 - 00000000 ____D C:\Users\Dan\Desktop\Run
2013-01-14 15:14 - 2013-01-14 15:15 - 00000000 ____D C:\Users\Dan\Desktop\EmsisoftEmergencyKit
2013-01-14 15:14 - 2013-01-14 15:14 - 00000000 ____D C:\Users\Dan\Desktop\Languages
2013-01-14 11:18 - 2013-01-14 15:12 - 259550112 ____A C:\Users\Dan\Desktop\EmsisoftEmergencyKit.zip
2013-01-14 11:11 - 2013-01-14 15:18 - 00114688 ____A (Juvarif) C:\Users\Dan\AppData\Roaming\unzhaza.exe
2013-01-14 10:52 - 2013-01-14 10:52 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-01-14 10:52 - 2013-01-14 10:52 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Malwarebytes
2013-01-14 10:52 - 2013-01-14 10:52 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-14 10:52 - 2013-01-14 10:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-14 10:52 - 2012-12-14 13:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-01-14 10:50 - 2013-01-14 10:50 - 01754528 ____A (Bleeping Computer, LLC) C:\Users\Dan\Downloads\rkill.exe
2013-01-14 10:50 - 2013-01-14 10:50 - 00002792 ____A C:\Users\Dan\Desktop\Rkill.txt
2013-01-14 10:50 - 2013-01-14 10:50 - 00000000 ____D C:\Users\Dan\Desktop\rkill
2013-01-14 10:43 - 2013-01-14 15:47 - 00114688 ____A (Juvarif) C:\Users\All Users\unzhaza.exe
2013-01-14 10:43 - 2013-01-14 15:33 - 00114688 ____A (Juvarif) C:\Users\Dan\AppData\Local\unzhaza.exe
2013-01-13 16:42 - 2013-01-13 17:36 - 00000000 ____D C:\Program Files (x86)\Diablo III Public Test
2013-01-13 16:42 - 2013-01-13 16:42 - 00001312 ____A C:\Users\Public\Desktop\Diablo III Public Test.lnk
2013-01-13 16:41 - 2013-01-13 16:42 - 64953208 ____A (Blizzard Entertainment) C:\Users\Dan\Downloads\Diablo-III-Public-Test-Setup-enUS.exe
2013-01-12 22:40 - 2013-01-12 22:40 - 11226160 ___RA C:\Users\Dan\My Money Backup_2013-01-13_014022.mbf
2013-01-12 22:40 - 2013-01-12 22:40 - 11226159 ___RA C:\Users\Dan\My Money Backup_2013-01-13_014023.mbf
2013-01-11 12:17 - 2013-01-11 12:17 - 11148320 ___RA C:\Users\Dan\My Money Backup_2013-01-11_151712.mbf
2013-01-09 10:07 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2013-01-09 10:07 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-01-09 10:07 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-01-09 10:07 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-01-09 10:07 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
2013-01-09 10:07 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
2013-01-09 10:07 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
2013-01-09 10:07 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
2013-01-09 10:07 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
2013-01-09 10:07 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
2013-01-09 10:07 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
2013-01-09 10:07 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
2013-01-09 10:07 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
2013-01-09 10:07 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
2013-01-09 10:07 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
2013-01-09 10:07 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
2013-01-09 10:07 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
2013-01-09 10:07 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
2013-01-09 10:07 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-01-09 10:07 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-01-09 10:07 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-01-09 10:07 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-01-09 10:07 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-01-09 10:07 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-01-09 10:07 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-01-09 10:07 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-01-09 10:07 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-01-09 10:07 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-01-09 10:07 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-01-09 10:07 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-01-09 10:07 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-01-09 10:07 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-01-09 10:07 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-01-09 10:07 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-01-09 10:07 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-01-09 10:07 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-01-09 10:07 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-01-09 10:07 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-01-09 10:07 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-01-09 10:07 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-01-09 10:07 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-01-09 10:07 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-01-09 10:07 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-01-09 10:07 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-01-09 10:07 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-01-09 10:07 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-01-09 10:07 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-01-09 10:07 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-09 10:07 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
2013-01-09 10:07 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls
2013-01-09 10:07 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-01-09 10:07 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-01-09 10:07 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-01-09 10:07 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-01-09 10:07 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-01-09 10:07 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-01-09 10:07 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-01-09 10:07 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-01-09 10:07 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-01-09 10:07 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-01-09 10:07 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-01-09 10:07 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-12-29 08:17 - 2012-12-29 08:17 - 788992472 ____A C:\Windows\MEMORY.DMP
2012-12-29 08:17 - 2012-12-29 08:17 - 00297528 ____A C:\Windows\Minidump\122912-13072-01.dmp
2012-12-29 08:17 - 2012-12-29 08:17 - 00000000 ____D C:\Windows\Minidump
2012-12-23 13:01 - 2012-12-23 13:01 - 00002176 ____A C:\Users\Dan\Documents\Bra Size answers.txt
2012-12-22 11:26 - 2012-12-22 11:28 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Ventrilo
2012-12-22 11:26 - 2012-12-22 11:26 - 00000917 ____A C:\Users\Dan\Desktop\Ventrilo.lnk
2012-12-22 11:26 - 2012-12-22 11:26 - 00000262 ____A C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2012-12-22 11:26 - 2012-12-22 11:26 - 00000000 ____D C:\Program Files\Ventrilo
2012-12-22 11:25 - 2012-12-22 11:25 - 04135696 ____A C:\Users\Dan\Downloads\ventrilo-3.0.8-Windows-x64.exe
2012-12-21 22:11 - 2012-12-21 22:11 - 00000000 ____D C:\Users\Dan\AppData\Local\WinZip
2012-12-21 22:10 - 2012-12-21 22:11 - 00000000 ____D C:\Users\All Users\WinZip
2012-12-21 22:10 - 2012-12-21 22:10 - 00000000 ____D C:\Program Files (x86)\WinZip
2012-12-21 20:54 - 2012-12-21 20:54 - 00000000 ____D C:\Users\Dan\Downloads\win32diskimager-RELEASE-0.2-r23-win32
2012-12-21 20:54 - 2012-12-21 20:54 - 00000000 ____D C:\Users\Dan\Downloads\Torrents
2012-12-21 20:53 - 2012-12-21 20:53 - 00000000 ____D C:\Users\Dan\Downloads\auto-nooter-3.0.0
2012-12-21 20:52 - 2012-12-21 16:39 - 74584889 ____A C:\Users\Dan\Downloads\Helicon Blue - Discography_1.rar
2012-12-21 20:52 - 2012-12-21 16:39 - 498580680 ____A (Microsoft Corporation) C:\Users\Dan\Downloads\Windows6.0-KB948465-X86_1.exe
2012-12-21 20:52 - 2012-12-21 16:39 - 20533281 ____A C:\Users\Dan\Downloads\vlc-1.1.9-win32_1.exe
2012-12-21 20:52 - 2012-12-21 16:39 - 02741248 ____A C:\Users\Dan\Downloads\QtCore4_1.dll
2012-12-21 20:52 - 2012-12-21 16:39 - 00760368 ____A (WinImage) C:\Users\Dan\Downloads\winima85_1.exe
2012-12-21 20:52 - 2012-12-21 16:39 - 00288048 ____A (BitTorrent, Inc.) C:\Users\Dan\Downloads\utorrent_1.exe
2012-12-21 20:52 - 2012-12-21 16:39 - 00026434 ____A C:\Users\Dan\Downloads\LGPL-2_1.1
2012-12-21 20:52 - 2012-12-21 16:39 - 00001434 ____A C:\Users\Dan\Downloads\README_1.txt
2012-12-21 20:52 - 2012-12-21 16:38 - 77698827 ____A C:\Users\Dan\Downloads\auto-nooter-3.0.0_1.zip
2012-12-21 20:52 - 2012-12-21 16:38 - 62950768 ____A C:\Users\Dan\Downloads\62139747_1.mp4
2012-12-21 20:52 - 2012-12-21 16:38 - 01222124 ____A C:\Users\Dan\Downloads\VIDEO0013_1.3gp
2012-12-21 20:52 - 2012-12-21 16:38 - 00617259 ____A C:\Users\Dan\Downloads\VIDEO0017.3gp
2012-12-21 20:52 - 2012-12-21 16:37 - 110974197 ____A C:\Users\Dan\Downloads\Intel_Gigabit_V16500_XPVistaWin7_1.zip
2012-12-21 20:52 - 2012-12-21 16:36 - 323079765 ____A C:\Users\Dan\Downloads\AISuite_II_V10225_P8Z68_D_G3_XPVistaWin7_1.zip
2012-12-21 20:52 - 2012-12-21 16:36 - 10361336 ____A C:\Users\Dan\Downloads\E6848_P8Z68_DELUXE_1.zip
2012-12-21 20:52 - 2012-12-21 16:36 - 10063000 ____A C:\Users\Dan\Downloads\mbam-setup-1.61.0.1400_1.exe
2012-12-21 20:52 - 2012-12-21 16:36 - 04564321 ____A C:\Users\Dan\Downloads\P8Z68-DELUXE-GEN3-ASUS-3202_2.zip
2012-12-21 20:52 - 2012-12-21 16:36 - 04364800 ____A (Krzysztof Kowalczyk) C:\Users\Dan\Downloads\SumatraPDF-2.0.1-install_1.exe
2012-12-21 20:52 - 2012-12-21 16:36 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Dan\Downloads\tdsskiller_1.exe
2012-12-21 20:52 - 2012-12-21 16:36 - 01012656 ____A C:\Users\Dan\Downloads\iExplore_2.exe
2012-12-21 20:52 - 2012-12-21 16:36 - 00816039 ____A C:\Users\Dan\Downloads\IMG950815.3gp
2012-12-21 20:52 - 2012-12-21 16:36 - 00273013 ____A C:\Users\Dan\Downloads\IMG950803_2.3gp
2012-12-21 20:52 - 2012-12-21 16:36 - 00014946 ____A C:\Users\Dan\Downloads\o-Demonoid.me-o_The_Legend_of_Korra_101_Welcome_to_Republic_City_[Oj]_8010804.555.torrent
2012-12-21 20:52 - 2012-12-21 16:36 - 00012296 ____A C:\Users\Dan\Downloads\o-Demonoid.me-o_Avatar_The_Last_Airbender_2010_720P_BRRip_H264_AAC_Barba_(Kingdom_Release)_8010804.555.torrent
2012-12-21 20:52 - 2012-12-21 16:35 - 40667136 ____A C:\Users\Dan\Downloads\calibre-0.7.48_1.msi
2012-12-21 20:52 - 2012-12-21 16:35 - 21022914 ____A C:\Users\Dan\Downloads\vlc-1.1.10-win32_1.exe
2012-12-21 20:52 - 2012-12-21 16:35 - 11448320 ____A C:\Users\Dan\Downloads\QtGui4_1.dll
2012-12-21 20:52 - 2012-12-21 16:35 - 04886870 ____A C:\Users\Dan\Downloads\HandBrake-0.9.4-Win_1.exe
2012-12-21 20:52 - 2012-12-21 16:35 - 04854784 ____A C:\Users\Dan\Downloads\WD Discovery Setup_v1.80_(1035.003)_1.msi
2012-12-21 20:52 - 2012-12-21 16:35 - 03208183 ____A (Blizzard Entertainment) C:\Users\Dan\Downloads\StarCraft_2_NA_en-US_1.exe
2012-12-21 20:52 - 2012-12-21 16:35 - 02789033 ____A C:\Users\Dan\Downloads\VIDEO0018_1.3gp
2012-12-21 20:52 - 2012-12-21 16:35 - 01035110 ____A C:\Users\Dan\Downloads\VIDEO0015.3gp
2012-12-21 20:52 - 2012-12-21 16:35 - 00317091 ____A C:\Users\Dan\Downloads\VIDEO0016_1.3gp
2012-12-21 20:52 - 2012-12-21 16:35 - 00273013 ____A C:\Users\Dan\Downloads\IMG950803_1.3gp
2012-12-21 20:52 - 2012-12-21 16:35 - 00094720 ____A C:\Users\Dan\Downloads\Win32DiskImager_1.exe
2012-12-21 20:52 - 2012-12-21 16:35 - 00015964 ____A C:\Users\Dan\Downloads\mingwm10_1.dll
2012-12-21 20:52 - 2012-12-21 16:34 - 08834304 ____A (SurfRight B.V.) C:\Users\Dan\Downloads\HitmanPro36_1.exe
2012-12-21 20:52 - 2012-12-21 16:34 - 05858867 ____A C:\Users\Dan\Downloads\win32diskimager-RELEASE-0.2-r23-win32_1.zip
2012-12-21 20:52 - 2012-12-21 16:33 - 22259528 ____A C:\Users\Dan\Downloads\vlc-2.0.1-win32_2.exe
2012-12-21 20:52 - 2012-12-21 16:33 - 12327040 ____A (Nullsoft, Inc.) C:\Users\Dan\Downloads\winamp5623_full_emusic-7plus_en-us_1.exe
2012-12-21 20:52 - 2012-12-21 16:32 - 20786971 ____A (Audacity Team ) C:\Users\Dan\Downloads\audacity-win-2.0_1.exe
2012-12-21 20:52 - 2012-12-21 16:32 - 04666284 ____A C:\Users\Dan\Downloads\WD_Discovery_v1.80_(1035.003)_With_Installer1_1.zip
2012-12-21 20:52 - 2012-12-21 16:32 - 04387080 ____A ( ) C:\Users\Dan\Downloads\cpu-z_1.60.1-setup-en_1.exe
2012-12-21 20:52 - 2012-12-21 16:32 - 00000282 ____A C:\Users\Dan\Downloads\desktop_1.ini
2012-12-21 20:52 - 2012-12-21 16:31 - 04472121 ____A (CamStudio Open Source Dev Team ) C:\Users\Dan\Downloads\CamStudio_Setup_v2.6b_r294_(build_24Oct2010).exe
2012-12-21 20:52 - 2012-12-21 16:31 - 01222124 ____A C:\Users\Dan\Downloads\VIDEO0013.3gp
2012-12-21 20:52 - 2012-12-21 16:31 - 01012656 ____A C:\Users\Dan\Downloads\iExplore_1.exe
2012-12-21 20:52 - 2012-12-21 16:31 - 00527423 ____A C:\Users\Dan\Downloads\Lame_v3.99.3_for_Windows_2.exe
2012-12-21 20:52 - 2012-12-21 16:31 - 00527423 ____A C:\Users\Dan\Downloads\Lame_v3.99.3_for_Windows_1.exe
2012-12-21 20:52 - 2012-12-21 16:30 - 22259528 ____A C:\Users\Dan\Downloads\vlc-2.0.1-win32_1.exe
2012-12-21 20:52 - 2012-12-21 16:30 - 04564321 ____A C:\Users\Dan\Downloads\P8Z68-DELUXE-GEN3-ASUS-3202_1.zip
2012-12-21 20:52 - 2012-12-21 16:30 - 00527423 ____A C:\Users\Dan\Downloads\Lame_v3.99.3_for_Windows.exe
2012-12-21 20:52 - 2012-12-21 16:30 - 00273013 ____A C:\Users\Dan\Downloads\IMG950803.3gp
2012-12-21 20:52 - 2012-12-21 16:29 - 05858867 ____A C:\Users\Dan\Downloads\win32diskimager-RELEASE-0.2-r23-win32.zip
2012-12-21 20:52 - 2012-12-21 16:29 - 04854784 ____A C:\Users\Dan\Downloads\WD Discovery Setup_v1.80_(1035.003).msi
2012-12-21 20:52 - 2012-12-21 16:29 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Dan\Downloads\tdsskiller.exe
2012-12-21 20:52 - 2012-12-21 16:29 - 00015964 ____A C:\Users\Dan\Downloads\mingwm10.dll
2012-12-21 20:52 - 2012-12-21 16:28 - 77698827 ____A C:\Users\Dan\Downloads\auto-nooter-3.0.0.zip
2012-12-21 20:52 - 2012-12-21 16:28 - 74584889 ____A C:\Users\Dan\Downloads\Helicon Blue - Discography.rar
2012-12-21 20:52 - 2012-12-21 16:28 - 498580680 ____A (Microsoft Corporation) C:\Users\Dan\Downloads\Windows6.0-KB948465-X86.exe
2012-12-21 20:52 - 2012-12-21 16:28 - 21022914 ____A C:\Users\Dan\Downloads\vlc-1.1.10-win32.exe
2012-12-21 20:52 - 2012-12-21 16:28 - 20533281 ____A C:\Users\Dan\Downloads\vlc-1.1.9-win32.exe
2012-12-21 20:52 - 2012-12-21 16:28 - 11448320 ____A C:\Users\Dan\Downloads\QtGui4.dll
2012-12-21 20:52 - 2012-12-21 16:28 - 04886870 ____A C:\Users\Dan\Downloads\HandBrake-0.9.4-Win_GUI.exe
2012-12-21 20:52 - 2012-12-21 16:28 - 04666284 ____A C:\Users\Dan\Downloads\WD_Discovery_v1.80_(1035.003)_With_Installer1_3.zip
2012-12-21 20:52 - 2012-12-21 16:28 - 03208183 ____A (Blizzard Entertainment) C:\Users\Dan\Downloads\StarCraft_2_NA_en-US.exe
2012-12-21 20:52 - 2012-12-21 16:28 - 02741248 ____A C:\Users\Dan\Downloads\QtCore4.dll
2012-12-21 20:52 - 2012-12-21 16:28 - 00288048 ____A (BitTorrent, Inc.) C:\Users\Dan\Downloads\utorrent.exe
2012-12-21 20:52 - 2012-12-21 16:28 - 00094720 ____A C:\Users\Dan\Downloads\Win32DiskImager.exe
2012-12-21 20:52 - 2012-12-21 16:28 - 00026434 ____A C:\Users\Dan\Downloads\LGPL-2.1
2012-12-21 20:52 - 2012-12-21 16:28 - 00017987 ____A C:\Users\Dan\Downloads\GPL-2
2012-12-21 20:52 - 2012-12-21 16:28 - 00001434 ____A C:\Users\Dan\Downloads\README.txt
2012-12-21 20:52 - 2012-12-21 16:24 - 62950768 ____A C:\Users\Dan\Downloads\62139747.mp4
2012-12-21 20:52 - 2012-12-21 16:24 - 40667136 ____A C:\Users\Dan\Downloads\calibre-0.7.48.msi
2012-12-21 20:52 - 2012-12-21 16:24 - 10063000 ____A C:\Users\Dan\Downloads\mbam-setup-1.61.0.1400.exe
2012-12-21 20:52 - 2012-12-21 16:24 - 08834304 ____A (SurfRight B.V.) C:\Users\Dan\Downloads\HitmanPro36_x64.exe
2012-12-21 20:52 - 2012-12-21 16:24 - 02789033 ____A C:\Users\Dan\Downloads\VIDEO0018.3gp
2012-12-21 20:52 - 2012-12-21 16:24 - 01012656 ____A C:\Users\Dan\Downloads\iExplore.exe
2012-12-21 20:52 - 2012-12-21 16:24 - 00760368 ____A (WinImage) C:\Users\Dan\Downloads\winima85.exe
2012-12-21 20:52 - 2012-12-21 16:24 - 00317091 ____A C:\Users\Dan\Downloads\VIDEO0016.3gp
2012-12-21 20:50 - 2012-12-21 20:50 - 00000000 ____D C:\Users\Dan\Documents\WDC
2012-12-21 20:50 - 2012-12-21 20:50 - 00000000 ____D C:\Users\Dan\Documents\Watchmen
2012-12-21 20:50 - 2012-12-21 20:50 - 00000000 ____D C:\Users\Dan\Documents\My Scans
2012-12-21 20:50 - 2012-12-21 20:50 - 00000000 ____D C:\Users\Dan\Documents\My Received Files
2012-12-21 20:50 - 2012-12-21 20:50 - 00000000 ____D C:\Users\Dan\Documents\My Games
2012-12-21 20:50 - 2012-12-21 20:50 - 00000000 ____D C:\Users\Dan\Documents\LightScribe
2012-12-21 20:50 - 2012-12-21 20:50 - 00000000 ____D C:\Users\Dan\Documents\EGEFCU Statements
2012-12-21 20:50 - 2012-12-21 20:50 - 00000000 ____D C:\Users\Dan\Documents\Calibre Library
2012-12-21 20:49 - 2012-12-21 20:50 - 00000000 ____D C:\Users\Dan\Documents\Books
2012-12-21 20:49 - 2012-12-21 20:49 - 00000000 ____D C:\Users\Dan\Documents\AnyDVDHD
2012-12-21 20:49 - 2012-12-21 20:49 - 00000000 ____D C:\Users\Dan\Documents\622 iBooks for iPhone iPad
2012-12-21 20:49 - 2012-12-21 16:39 - 12380288 ____A C:\Users\Dan\Documents\preview_1.mpeg
2012-12-21 20:49 - 2012-12-21 16:39 - 00024927 ____A C:\Users\Dan\Documents\Resume-Dan_1.odt
2012-12-21 20:49 - 2012-12-21 16:39 - 00019039 ____A C:\Users\Dan\Documents\Resume1_1.odt
2012-12-21 20:49 - 2012-12-21 16:39 - 00018759 ____A C:\Users\Dan\Documents\Untitled 1_1.odt
2012-12-21 20:49 - 2012-12-21 16:39 - 00011087 ____A C:\Users\Dan\Documents\new_1.m3u
2012-12-21 20:49 - 2012-12-21 16:35 - 306425450 ____A C:\Users\Dan\Documents\Preacher_1.rar
2012-12-21 20:49 - 2012-12-21 16:35 - 20364702 ____A C:\Users\Dan\Documents\vlc-1.1.7-win32_1.exe
2012-12-21 20:49 - 2012-12-21 16:35 - 00038894 ____A C:\Users\Dan\Documents\template_1.ott
2012-12-21 20:49 - 2012-12-21 16:35 - 00018759 ____A C:\Users\Dan\Documents\Resume_1.odt
2012-12-21 20:49 - 2012-12-21 16:35 - 00016108 ____A C:\Users\Dan\Documents\Loan_1.odt
2012-12-21 20:49 - 2012-12-21 16:35 - 00015240 ____A C:\Users\Dan\Documents\newest_1.m3u
2012-12-21 20:49 - 2012-12-21 16:35 - 00012756 ____A C:\Users\Dan\Documents\Hours Worked_1.odt
2012-12-21 20:49 - 2012-12-21 16:35 - 00003025 ____A C:\Users\Dan\Documents\Sadness_1.m3u
2012-12-21 20:49 - 2012-12-21 16:35 - 00000759 ____A C:\Users\Dan\Documents\My Sharing Folders.lnk
2012-12-21 20:49 - 2012-12-21 16:34 - 19985265 ____A C:\Users\Dan\Documents\vlc-1.1.5-win32_1.exe
2012-12-21 20:49 - 2012-12-21 16:32 - 07704576 ____A C:\Users\Dan\Documents\sample.mny
2012-12-21 20:49 - 2012-12-21 16:32 - 00080816 ____A C:\Users\Dan\Documents\readme.htm
2012-12-21 20:49 - 2012-12-21 16:32 - 00000784 ____A C:\Users\Dan\Documents\Money Plus.lnk
2012-12-21 20:49 - 2012-12-21 16:32 - 00000402 ____A C:\Users\Dan\Documents\desktop_2.ini
2012-12-21 20:49 - 2012-12-21 16:31 - 00000192 ____A C:\Users\Dan\Documents\My Money.lrd
2012-12-21 20:49 - 2012-12-21 16:30 - 00000402 ____A C:\Users\Dan\Documents\desktop_1.ini
2012-12-21 20:49 - 2012-12-21 16:29 - 306425450 ____A C:\Users\Dan\Documents\Preacher.rar
2012-12-21 20:49 - 2012-12-21 16:29 - 00015240 ____A C:\Users\Dan\Documents\newest.m3u
2012-12-21 20:49 - 2012-12-21 16:29 - 00003025 ____A C:\Users\Dan\Documents\Sadness.m3u
2012-12-21 20:49 - 2012-12-21 16:28 - 20364702 ____A C:\Users\Dan\Documents\vlc-1.1.7-win32.exe
2012-12-21 20:49 - 2012-12-21 16:28 - 19985265 ____A C:\Users\Dan\Documents\vlc-1.1.5-win32.exe
2012-12-21 20:49 - 2012-12-21 16:28 - 12380288 ____A C:\Users\Dan\Documents\preview.mpeg
2012-12-21 20:49 - 2012-12-21 16:28 - 00038894 ____A C:\Users\Dan\Documents\template.ott
2012-12-21 20:49 - 2012-12-21 16:28 - 00018759 ____A C:\Users\Dan\Documents\Resume.odt
2012-12-21 20:49 - 2012-12-21 16:28 - 00016108 ____A C:\Users\Dan\Documents\Loan.odt
2012-12-21 20:49 - 2012-12-21 16:28 - 00012756 ____A C:\Users\Dan\Documents\Hours Worked.odt
2012-12-21 20:49 - 2012-12-21 16:28 - 00011087 ____A C:\Users\Dan\Documents\new.m3u
2012-12-21 20:49 - 2012-12-21 16:24 - 00024927 ____A C:\Users\Dan\Documents\Resume-Dan.odt
2012-12-21 20:49 - 2012-12-21 16:24 - 00019039 ____A C:\Users\Dan\Documents\Resume1.odt
2012-12-21 20:49 - 2012-12-21 16:24 - 00018759 ____A C:\Users\Dan\Documents\Untitled 1.odt
2012-12-21 20:14 - 2012-12-21 20:59 - 00000000 ____D C:\Users\Dan\Documents\Diablo III
2012-12-21 19:26 - 2012-12-23 18:49 - 00000000 ____D C:\Program Files (x86)\Diablo III
2012-12-21 19:26 - 2012-12-21 19:40 - 00001144 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-12-21 19:25 - 2012-12-21 19:25 - 00000000 ____D C:\Users\All Users\Battle.net
2012-12-21 19:09 - 2013-01-14 10:52 - 00000000 ____D C:\Users\Dan\AppData\Roaming\BitComet
2012-12-21 19:09 - 2012-12-21 19:09 - 00000812 ____A C:\Users\Public\Desktop\BitComet.lnk
2012-12-21 19:09 - 2012-12-21 19:09 - 00000000 ____D C:\Program Files\BitComet
2012-12-21 17:19 - 2012-12-21 17:19 - 00000489 ____A C:\Users\Dan\Desktop\My Book (N).lnk
2012-12-21 17:19 - 2012-12-21 17:19 - 00000489 ____A C:\Users\Dan\Desktop\My Book (M).lnk
2012-12-21 13:01 - 2012-12-21 13:03 - 00000489 ____A C:\Users\Dan\Desktop\My Book (L).lnk
2012-12-21 12:47 - 2012-12-21 12:55 - 35677984 ____A (Microsoft Corporation) C:\Users\Dan\Downloads\USMoneyDlxSunset.exe
2012-12-21 11:19 - 2012-10-02 11:50 - 02557800 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2012-12-21 11:10 - 2012-12-21 11:10 - 00001070 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-12-21 11:10 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-12-21 11:10 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-12-21 11:10 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-12-21 11:10 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-12-21 11:00 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-21 11:00 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-21 11:00 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-21 11:00 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-21 11:00 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-21 11:00 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-21 11:00 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-21 11:00 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-21 11:00 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-21 11:00 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-21 11:00 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-21 11:00 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-21 11:00 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-21 11:00 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-21 11:00 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-21 11:00 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-21 11:00 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-21 11:00 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-21 11:00 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-12-21 11:00 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-12-21 11:00 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-21 11:00 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-21 11:00 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-21 11:00 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-21 11:00 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-21 11:00 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-12-21 11:00 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-12-21 11:00 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-21 11:00 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-21 11:00 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-21 11:00 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-21 11:00 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-21 10:58 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-21 10:58 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-21 10:58 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-21 10:58 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-21 10:58 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-12-21 10:58 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-12-21 10:58 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-12-21 10:58 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-12-21 10:58 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-12-21 10:58 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-12-21 10:58 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-12-21 10:58 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-12-21 10:25 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-21 10:25 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-21 10:25 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-21 10:25 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2012-12-21 10:25 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-12-21 10:25 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-12-21 10:25 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-12-21 10:25 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-12-21 10:25 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-12-21 10:25 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-12-21 10:25 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-12-21 10:25 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-12-21 10:25 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-12-21 10:25 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-12-21 10:25 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-12-21 10:25 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-12-21 10:25 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-12-21 10:25 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-12-21 10:25 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-12-21 10:25 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-12-21 10:25 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-12-21 10:25 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-12-21 10:25 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-12-21 10:25 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-12-21 10:25 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-12-21 10:25 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-12-21 10:25 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-12-21 10:25 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-12-21 10:25 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-12-21 10:25 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-12-21 10:25 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-12-21 10:25 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-12-21 10:25 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-12-21 10:25 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-12-21 10:25 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-12-21 10:25 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-12-21 10:25 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-12-21 10:25 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-12-21 10:25 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-12-21 10:25 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-12-21 10:25 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-12-21 10:25 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-12-21 10:25 - 2012-03-02 22:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-12-21 10:25 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-12-21 10:25 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2012-12-21 10:25 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-12-21 10:25 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-12-21 10:24 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-12-21 10:24 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-12-21 10:24 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-12-21 10:24 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-12-21 10:24 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-12-21 10:24 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-12-21 10:24 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-12-21 10:24 - 2012-04-27 21:32 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-12-21 10:24 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-12-21 10:24 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-12-21 10:24 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-12-21 10:24 - 2012-03-16 23:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-12-21 10:24 - 2011-03-24 19:29 - 00343040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2012-12-21 10:24 - 2011-03-24 19:29 - 00325120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2012-12-21 10:24 - 2011-03-24 19:29 - 00098816 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2012-12-21 10:24 - 2011-03-24 19:29 - 00052736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2012-12-21 10:24 - 2011-03-24 19:29 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2012-12-21 10:24 - 2011-03-24 19:29 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2012-12-21 10:24 - 2011-03-24 19:28 - 00007936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2012-12-21 10:23 - 2011-03-10 22:41 - 00410496 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2012-12-21 10:23 - 2011-03-10 22:41 - 00189824 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2012-12-21 10:23 - 2011-03-10 22:41 - 00166272 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2012-12-21 10:23 - 2011-03-10 22:41 - 00148352 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2012-12-21 10:23 - 2011-03-10 22:41 - 00107904 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2012-12-21 10:23 - 2011-03-10 22:41 - 00027008 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2012-12-21 10:23 - 2011-03-10 22:33 - 02565632 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2012-12-21 10:23 - 2011-03-10 22:30 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\fsutil.exe
2012-12-21 10:23 - 2011-03-10 21:33 - 01699328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2012-12-21 10:23 - 2011-03-10 21:31 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2012-12-21 10:23 - 2011-03-10 20:37 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2012-12-21 10:22 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-12-21 10:22 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-12-21 10:22 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-12-21 10:22 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-12-21 10:22 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-12-21 10:22 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-12-21 10:22 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-12-21 10:22 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-12-21 10:22 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-12-21 10:22 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-12-21 10:22 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-12-21 10:22 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-12-21 10:22 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-12-21 10:22 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-12-21 10:22 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-12-21 10:22 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-12-21 10:22 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-12-21 10:22 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-12-21 10:13 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-12-21 10:13 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-12-21 10:13 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-12-21 10:13 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-12-21 10:13 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-12-21 10:13 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-12-21 10:13 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-12-21 10:13 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-12-21 10:13 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

==================== One Month Modified Files and Folders =======

2013-01-14 19:50 - 2013-01-14 19:50 - 00000000 ____D C:\FRST
2013-01-14 16:20 - 2012-04-27 18:08 - 00000000 ____D C:\Users\All Users\NVIDIA
2013-01-14 16:20 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-14 16:20 - 2009-07-13 20:51 - 00034985 ____A C:\Windows\setupact.log
2013-01-14 15:47 - 2013-01-14 10:43 - 00114688 ____A (Juvarif) C:\Users\All Users\unzhaza.exe
2013-01-14 15:43 - 2013-01-14 15:14 - 00000000 ____D C:\Users\Dan\Desktop\Run
2013-01-14 15:40 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-14 15:38 - 2013-01-14 15:38 - 01593776 ____A (Emsisoft GmbH) C:\Users\Dan\Desktop\start.exe
2013-01-14 15:38 - 2013-01-14 15:38 - 00003902 ____A C:\Users\Dan\Desktop\readme.txt
2013-01-14 15:37 - 2013-01-14 15:37 - 00000060 ____A C:\Users\Dan\Desktop\CommandlineScanner.bat
2013-01-14 15:37 - 2013-01-14 15:37 - 00000056 ____A C:\Users\Dan\Desktop\EmergencyKitScanner.bat
2013-01-14 15:33 - 2013-01-14 10:43 - 00114688 ____A (Juvarif) C:\Users\Dan\AppData\Local\unzhaza.exe
2013-01-14 15:18 - 2013-01-14 11:11 - 00114688 ____A (Juvarif) C:\Users\Dan\AppData\Roaming\unzhaza.exe
2013-01-14 15:15 - 2013-01-14 15:14 - 00000000 ____D C:\Users\Dan\Desktop\EmsisoftEmergencyKit
2013-01-14 15:14 - 2013-01-14 15:14 - 00000000 ____D C:\Users\Dan\Desktop\Languages
2013-01-14 15:12 - 2013-01-14 11:18 - 259550112 ____A C:\Users\Dan\Desktop\EmsisoftEmergencyKit.zip
2013-01-14 11:12 - 2012-04-27 16:14 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-14 11:11 - 2012-04-27 16:14 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-14 11:11 - 2010-11-20 19:47 - 00015064 ____A C:\Windows\PFRO.log
2013-01-14 10:52 - 2013-01-14 10:52 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-01-14 10:52 - 2013-01-14 10:52 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Malwarebytes
2013-01-14 10:52 - 2013-01-14 10:52 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-14 10:52 - 2013-01-14 10:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-14 10:52 - 2012-12-21 19:09 - 00000000 ____D C:\Users\Dan\AppData\Roaming\BitComet
2013-01-14 10:50 - 2013-01-14 10:50 - 01754528 ____A (Bleeping Computer, LLC) C:\Users\Dan\Downloads\rkill.exe
2013-01-14 10:50 - 2013-01-14 10:50 - 00002792 ____A C:\Users\Dan\Desktop\Rkill.txt
2013-01-14 10:50 - 2013-01-14 10:50 - 00000000 ____D C:\Users\Dan\Desktop\rkill
2013-01-14 10:45 - 2012-04-27 09:53 - 01121828 ____A C:\Windows\WindowsUpdate.log
2013-01-14 10:13 - 2012-04-27 16:14 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-14 05:59 - 2009-07-13 20:45 - 00020688 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-14 05:59 - 2009-07-13 20:45 - 00020688 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-13 20:55 - 2012-04-28 06:59 - 00000000 ____D C:\Program Files\PeerBlock
2013-01-13 17:36 - 2013-01-13 16:42 - 00000000 ____D C:\Program Files (x86)\Diablo III Public Test
2013-01-13 16:42 - 2013-01-13 16:42 - 00001312 ____A C:\Users\Public\Desktop\Diablo III Public Test.lnk
2013-01-13 16:42 - 2013-01-13 16:41 - 64953208 ____A (Blizzard Entertainment) C:\Users\Dan\Downloads\Diablo-III-Public-Test-Setup-enUS.exe
2013-01-13 12:02 - 2012-04-27 14:51 - 00000000 ____D C:\Users\Dan\AppData\Roaming\vlc
2013-01-12 22:40 - 2013-01-12 22:40 - 11226160 ___RA C:\Users\Dan\My Money Backup_2013-01-13_014022.mbf
2013-01-12 22:40 - 2013-01-12 22:40 - 11226159 ___RA C:\Users\Dan\My Money Backup_2013-01-13_014023.mbf
2013-01-12 22:40 - 2012-04-27 06:58 - 00000000 ____D C:\users\Dan
2013-01-11 13:04 - 2012-04-27 16:14 - 00000000 ____D C:\Users\Dan\AppData\Local\Google
2013-01-11 12:17 - 2013-01-11 12:17 - 11148320 ___RA C:\Users\Dan\My Money Backup_2013-01-11_151712.mbf
2013-01-10 11:42 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-01-10 09:44 - 2009-07-13 20:45 - 00294200 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-10 05:22 - 2012-04-27 14:49 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-01-09 10:12 - 2012-04-27 16:14 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-01-09 10:12 - 2012-04-27 16:14 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-12-29 08:17 - 2012-12-29 08:17 - 788992472 ____A C:\Windows\MEMORY.DMP
2012-12-29 08:17 - 2012-12-29 08:17 - 00297528 ____A C:\Windows\Minidump\122912-13072-01.dmp
2012-12-29 08:17 - 2012-12-29 08:17 - 00000000 ____D C:\Windows\Minidump
2012-12-23 18:49 - 2012-12-21 19:26 - 00000000 ____D C:\Program Files (x86)\Diablo III
2012-12-23 13:01 - 2012-12-23 13:01 - 00002176 ____A C:\Users\Dan\Documents\Bra Size answers.txt
2012-12-22 11:28 - 2012-12-22 11:26 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Ventrilo
2012-12-22 11:26 - 2012-12-22 11:26 - 00000917 ____A C:\Users\Dan\Desktop\Ventrilo.lnk
2012-12

RELEVANCY SCORE 200
Preferred Solution: Internet computer compliance virus infected all safe modes

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Internet computer compliance virus infected all safe modes

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt
HKU\Dan\...\Run: [rlqvaknd] C:\Users\Dan\AppData\Roaming\unzhaza [x]
HKU\Dan\...\Policies\system: [DisableTaskMgr] 1
HKLM\...\Winlogon: [Shell] explorer.exe, C:\ProgramData\unzhaza [x ] ()
C:\Users\Dan\AppData\Roaming\unzhaza.exe
C:\Users\All Users\unzhaza.exe
C:\Users\Dan\AppData\Local\unzhaza.exe
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system On Vista or Windows 7: Now please enter System Recovery Options. Run FRST again like we did before but this time press the Fix button just once and wait. The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.Gringo

Read other 20 answers
RELEVANCY SCORE 72

In a laptop recently infected by ransomware, XP boots normally but with RUNDLL error messages, but all boots into safe modes end in BSOD 7B

Computer: Acer TravelMate 4070
System name: ACER-CD38DA1573
BIOS: §Acer 3°18, 21 Feb. 2006
SMBIOS version: 2.31
OS: Windows XP Home Edition, Vesion 5.1 (Build 2600.xpsp_sp3_gdr.120821-1629 : Service Pack 3) (Italian language version)
Antivirus: originally NOD32 (Italian), now AVG 2013 Free (Italian)

I am trying to fix the Acer laptop of a friend here in Italy. Giuseppe is a bookkeeper and does not visit the usual infected sites, but recently he booted up his computer and found it locked with a spash screen declaring, “Il vostro computer č stato bloccato.” This is an Italian ransomware that surfaced in December 2012 and presently is hitting computers that visit contaminated websites in Italy. Because it is extremely convincing it has apparently encouraged a lot of copycat imitations, since there appear to be several variants now in circulation. And because it is brand new, extremely devious, and mostly limited to Italian computers, the major antivirus firms do not seem to have produced specific removal tools for it yet. The only help I have found online for how to remove it are some sets of instructions here and there, some of them including a custom removal tool to download.

Giuseppe told me that he recently saw the ransomware splash screen on startup, but when he rebooted it the screen did not appear again. For protection he was ... Read more

A:In a laptop recently infected by ransomware, all boots into safe modes end in BSOD 7B

Read other 16 answers
RELEVANCY SCORE 71.6

First, Thanks in advance!

System info unavailable as I have removed the hard drive and loaded it into another computer to try and run MalwareBytes on it...

Info in general:

Windows 7 home edition 64 bit which should have all windows updates current on it.

As stated in title, ICE virus, have tried launching in safe mode/command prompt,no go, just rolls to shutdown...real kicker, when reset boot order to boot from CD first, still loads/boots off hard drive which is infected.... fairly computer literate so I'm sure I have it trying to load from CD first but it is not working....

Removed hard drive (60G SSD) and installed it in an older win xp machine and had it boot to a Win7 boot disk from which I ran Malwarebytes on the infected drive.... Malwarebytes found several things and did it's thing to remove, but upon reinstalling into original machine, problem remains the same, No safemode access and no boot from CD.....

At a loss now what to try short of reformat, so any help would be greatly appreciated,

Thanks,
Ben
 

A:ice virus - blocking all SAFE modes and CD drives

Read other 7 answers
RELEVANCY SCORE 71.6

In a world of computer hurt over here. Earlier this afternoon I was using the Internet on my Dell PC (which is Windows XP) when I suddenly started getting tons of spam pop-ups. I would X out of them and keep going, but soon Firefox completely crashed and I was getting warnings of low disk space - impossible because I just cleared off several GBs - and other bizarre error messages. I also lost my wallpaper image and taskbar. My gut instinct said "virus", but before I could get back on-line the computer restarted on its own - but when it did, it went through the initial Dell logo boot-up and then settled into a completely black screen. I can Control-Alt-Delete to start the process all over again, and the green power lights are on, but nothing I do gets me past the black screen. I also am not able to boot up in Safe Mode.

After some research via laptop I have a feeling the PC may have the VUNDO.B virus - only thing is, I have no way to initiate a virus scan since I can't actually boot up.

After looking for the discs that came with the Dell, I found a slip of paper that says "your new computer does not require an operating system CD or drivers CD" - so I have no boot disk to work off of. I tried downloading one and creating a CD, but the PC won't respond to that, either.

I am really stuck between a rock and a hard place here. Naturally, I have tons of vital files that never got backed up, and at the very least I would like to get in to copy them t... Read more

A:Won't Boot In Normal or Safe Modes, Possible Virus

Read other 16 answers
RELEVANCY SCORE 70

Hi all,

I have recently purchased a new laptop: Samsung 700Z5A-S05 running Windows 7 Home Premium 64-bit. This is the first time I am using a machine running an operating system other than XP.
We use wired internet in our flat, with no problems on other machines, including my older laptop running XP.

I had issues with the internet straight away after switching the laptop on. It would connect for 30s or so and then dissapear. I disabled Internet Protocol 6, hoping that would help. However, the problem persisted. Problem did not dissapear when running the laptop in Safe mode with networking.

I thought the problem might be caused by some of the software installed by Samsung. So I reinstalled Windows and installed all the drivers from Samsung's support website. However, this hasn't solved the problem. I don't seem to be able to connect to the internet in normal mode at all and can only connect for a couple of minutes in Safe mode.

I would be grateful if someone could please advise on potential reasons behind the issue and any solutions.

Many thanks,

Viktor

A:Wired internet not working in Normal or Safe modes on a new W7 laptop

Hi Viktor, welcome toSeven Forums.

Try deleting ALL network adapters in Device Manager, reboot and use Windows Update including Microsoft.

Read other 7 answers
RELEVANCY SCORE 70

I loaded the Farbar Recovery Scan Tool for the 64 bit and this was the text document after the scan - Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2013 01Ran by SYSTEM on 25-05-2013 17:46:11Running from I:\Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10920552 2010-06-22] (Realtek Semiconductor)HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.)HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] ()HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)HKLM-x32\...\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor ... Read more

A:ICE Moneypak virus has 3 three Safe Modes caught in a restart loop

Hi therooster42,
 
Welocme to the forum.
 
Please download
 fixlist.txt   1.21KB
  23 downloads
Save it to your flash drive.
Boot to System Recovery Options and select "Command Prompt".
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
 
Also restart, let it boot normally and tell me how it went.
 

Read other 8 answers
RELEVANCY SCORE 68

Hello, My name is Kristi, I work from home on my computer, and I can say when I tured it off the other night from workin, it was fine, but now it wont let me do anything, it wont let me download anything to even scan it, it wont let me delete from my control panal, nothing, it wont let me do a troubleshooting from my coumputer, its like someone has taken completely over my computer, it wont let me nothing in securty, I evn went to safe mode and still nothing, I went to best buy at the Geek squad and they didnt know either unless they could take it in and I dont have the money for that, so one of the guys at geek squad gave me this site and said that i would get the help that I need,please help me, this is my computer is my income and I cant afford to take to anyone to get it fixed.Split from here: http://www.bleepingcomputer.com/forums/topic473049.html ~ OB

A:Computer won't let me troubleshoot, scan, download, or uninstall in normal or safe modes

Hello,I will be helping you with your problems. Please be patient while I assist you.Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us Please do NOT run, install or uninstall any programs, unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post. Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process. Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Butt... Read more

Read other 1 answers
RELEVANCY SCORE 62

***before wasting your time reading this, I'm running Vista and don't know if it will work on XP or earlier systems***
 
Hi guys, I am by no means a tech expert. So do the following at your own risk.
 
About a month ago I contracted internet AIDS. The FBI virus is the worst virus I've ever had on my computer, and it did some serious damage. It even messed with my Xbox live account by tampering with my payment methods. Luckily, they weren't credit cards. If you have any access to credit cards from your computer I suggest removing them immediately upon contracting this virus. I can't remember how the virus started but I did notice some differences, and my Xbox Live account became unusable before my computer did. One day it randomly popped up on my computer and it became what I thought to be almost useless. I could only log in for about 30 seconds before the virus popped up. I wasn't thinking and left it plugged in (I don't know if this made a difference - as I said I'm no expert) for a couple weeks and then I couldn't even get to the desktop like I could before. When I started the computer and pressed F8 and selected 'Repair Computer' and tried logging in as the administrator, my password had been changed. When I tried starting it in safe mode, it logged in, logged off, shut down, restarted, and logged back in normally right away. Then the virus would pop up. After a while the virus just stopped popping up and my computer would white screen, giving me absolutely no co... Read more

Read other answers
RELEVANCY SCORE 62

Windows xp pro service pack 3.  Browser hijacked by the virus.  I turned off the computer and could not restart.  It continues to cycle through the Windows start up screen, then goes blank, then short timed screens of unintelligible (to me) white letters on black screen, a blue letter on black screen saying something about corrupt file(s), etc.
 
I created a HitmanPro boot flashdrive.  It would only let me make a 64-bit version on my laptop, and I think my tower that has the virus is a 32-bit system.  I can get to the boot screen, and I get a message that HitmanPro is booting the computer, but it just goes back to the "Start in safe mode" screen.  No matter which option I choose, the screen freezes.  If I hit the Alt, CTRL, Delete sequence, it goes back to the boot screen.
 
I do not have a boot disk.
 
Please help.

A:Infected with FBI Moneypak virus or similar and can't start computer in safe mod

Hi ssjphd,
 
Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
Insert your USB drive
Double click the unetbootin-xpud-windows-387.exe that you just downloaded
Press Run then OK
Select the DiskImage option then click the browse button located on the right side of the textbox field.
Browse to and select the xpud-0.9.2.iso file you downloaded
Verify the correct drive letter is selected for your USB device then click OK
It will install a little bootable OS on your USB device
Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
After it has completed do not choose to reboot the clean computer simply close the installer
Next download http://noahdfear.net/downloads/driver.sh to your USB
Remove the USB and insert it in the sick computer
Boot the Sick computer
Press F12 and choose to boot from the USB
Follow the prompts
A Welcome to xPUD screen will appear
Press File
Expand mnt
sda1,2...usually corresponds to your HDD
sdb1 is likely your USB
Click on the folder that represents your USB drive (sdb1 ?)
Confirm that you see driver.sh that you downloaded there
Press Tool at the top
Choose Open Terminal
Type bash driver.sh -f
Press Ente... Read more

Read other 42 answers
RELEVANCY SCORE 61.6

Ok my moms computer has a virus that has messed with the safe mode registry item and can't boot into safe mode. And before I new about the registry item I had set the computer to automatically boot in safe mode,like an idiot, assuming it would force it in but now it is stuck in a boot loop. When it tries to go into safe mode, it goes through the list of files loading then it stops listing files and reboots. So how do I get it to stop the reboot so I can get into safe mode so I can get rid of the little butt munch. PLS PLS PLS PLS HELP!!!!!

A:Computer infected with virus and stuck in safe mode boot loop

You could try and use a System Restore Point via Recovery Console -> How to Perform a System Restore in Windows XP through the Recovery Console | eHow.com

You could try a Repair Install which recreates the Basic Windows Registry.

(both the above require a Windows XP cd)

You could try 'fixing' the bad Safe Mode Registry keys -> Restoring Safe Mode with a .REG file ? Didier Stevens

Read other 1 answers
RELEVANCY SCORE 59.2

I've had before but have been able to shake it. Now safe mode with or without networking, command prompt, and last good session options all revert to the typical virus screen with the webcam activation. Running Win 7 64 bit. MBAM ran and deleted one. Cant get to the log cause I can't run in any mode. This sucks. Please help!
Thanks,
unocopy

A:FBI/Moneypak in all safe modes

Hi

I have posted on a section for unbootable computers due to malware. Someone will be with you soon.

Read other 3 answers
RELEVANCY SCORE 59.2

Hello:

I am having a problem with my computer - it was working fine (in the morning) two days ago, at some point in the day it had restarted and when I clicked on the login (which used to show "Family" and now it shows "Administrator" and "Family" for login choices.

Anyway my problem is that every time I log in (either name) my computer reboots.

During the reboot I see the Logo on the top left screen for my computer and then about the first 6 lines and nothing else on the page.

I then get a quick flash of the next screen and then it goes dark and then it has a kind of "loading" bar at the bottom of the screen (like the one when recovery is starting up). This goes solid all the way to the right then my screen blanks dark again and then goes into the safe mode etc. choices.

I have tried to log in on all safe mode choices (they work).

I have tried to log on normally and it just reboots.

I have tried to log onto the last know "good" point and it shows the May calendar and no previous points to return to (the restore option is on).

I have tried both options when you use the F10 feature on startup - neither of these options seems to effect my computer - everything stays the same and it errors on different files each time I retry the options.

I have tried the msconfig thing where you check "hide microsoft services" and uncheck "load startup" (general page) and then did the half at a time thing with every... Read more

A:XP Only BOOTS in SAFE MODES

Read other 16 answers
RELEVANCY SCORE 59.2

Hello, I have an FBI Ransomware virus on my main desktop computer. I can boot into safe mode with network and command promp, but the FBI screen pops up in about two seconds and I can't do a thing but log out after that. This computer is running Vista. Note I have had an FBI maleware before but this one looks a little different and with the others I was able to get into safe mode and remove it with instructions from this site (emmisoft etc.) but not this time. Please help. Thanks

A:FBI Ransomware in all three safe modes

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

Read other 52 answers
RELEVANCY SCORE 58.4

I can only start Windows XP in the safe modes. I was asked by Broni to attach DDS logs and GMER log. I am unable to post GMER log because being in safe mode I can only get the screen reduced enough to show the scan button I am unable to get to the save button. Any suggestions to get that log saved to post it? I have found one other problem. I am unable to lauch Google Chrome. I can only launch Internet Explorer.The Prep instructions I was given to do all of this say to post the DDS Attach txt file as a ZIP file. I haven't found a way to do that the way things are running on this computer so I can only send it in the attachment form it let me save.
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Owner at 11:49:18 on 2012-01-16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.569 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/
uInternet ... Read more

A:Can only start Windows XP in safe modes

Hello kedwinbrohl , Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.IMPORTANT NOTE: One or more of the identified infections is a backdoor Trojan. Backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors ... Read more

Read other 39 answers
RELEVANCY SCORE 58.4

My father's machine (Windows XP SP1) has a version of the FBI moneypak virus.  I cannot even boot in to any version of safe mode (even command line brings that FBI white splash screen up).
 
I built a UBCD4Win Disc as I saw mentioned in another thread.  I successfully ran the Farber Recovery Scan Tool.  My question is now what?  How do I generate a FIX log or do whatever I need to do next to fix the actual problem?
 
Here is the FRST.txt
 
Thanks in advance for any help!
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2013 (ATTENTION: FRST version is 20 days old)
Ran by SYSTEM at 02-04-2013 21:08:02
Running from D:\
Microsoft Windows XP Service Pack 2 (X86) OS Language: Georgian
The current controlset is ControlSet003
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE [237568 2005-07-22] ()
HKLM\...\Run: [PCDrProfiler] [x]
HKLM\...\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" [663552 2004-12-14] (SoftThinks)
HKLM\...\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [49152 2003-06-25] (Hewlett-Packard)
HKLM\...\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run [249856 2006-02-15] (Hewlett-Packard Company)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [7311360 2006-01-25] (NVIDIA Corporation)
HKLM\...\Run: [QuickTime... Read more

A:FBI moneypak wont let me use safe modes here is log

Hello skrontz I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same",... Read more

Read other 14 answers
RELEVANCY SCORE 57.6

This is an old desktop with Pentium 4 3GHz, 2 GB RAM; running fine without problems.

I wanted to reinstall Avast 17.9 on it & did so. Avast uninstalled, reinstalled, virus definitions updated successfully; & system worked for 2 days normally.

Now, its unable to boot. Before showing Windows XP (loading green bars) screen it just goes black & just sits there; giving no errors.
While booting in Safe Mode, it just sticks on the Boot Options Menu screen & doesn't go beyond that.
While booting from CD it again sticks on "Boot from CD Yes / No" screen & doesnt go beyond that.

I am unable to try chkdsk, or any other tools as it doesnt boot from CD. What do I do please advise.
Thank You
M
 

Read other answers
RELEVANCY SCORE 57.6

I'm hoping someone here might be able to steer me in the right direction here. I have a situation right now on my 2006 Dell E1505 laptop (with Windows XP Home Edition) where I can't restart the computer. I have been getting BSOD'S for about a year, off and on. Last night I got another BSOD and tried to fix it. It said: Driver_corrputed_mmpool. I've been getting this same message since last summer. I ran verifier.exe at the advice of someone online. Upon reboot it indicated a problem with iomdisk.sys. I removed the driver. (I figured this was from an old Iomega zip drive I had installed on the laptop about the same time I started getting the bsod's). Afterwards, I also did a search for that file name and removed two files. About an hour later I got the same bsod again. So, I restarted the computer and almost immediately a bsod came up. I tried restarting the computer in safe mode and best last known configuration, but both times the bsod came up after selecting those modes. I want to restart the computer and not lose any programs or files, and I don't have the OS disk, resource disk or drivers/utilities. Dell did not give me these when I bought the computer, so I called Dell this morning and they are mailing them to me in 2 to 3 days. I did a bunch of research last night about this and came up with the following course of action. I'm hoping maybe some people here might be able to tell me if this is my best option:1) To be safe and save... Read more

A:BSOD, Can't restart XP in safe or normal modes

Let's try this.Download/install BlueScreenView, http://www.nirsoft.net/utils/blue_screen_view.html.Double-click BlueScreenView.exe file.When scanning is done, Edit/Select All...then File/Save Selected Items.Save the report as BSOD.txt.Open BSOD.txt in Notepad, copy all content and paste it into your next reply.Louis

Read other 2 answers
RELEVANCY SCORE 57.6

I have a 4-year-old Dell 2400 running windows XP home ed. Today it started freezing on normal startup at the point where the windows desktop wallpaper is displayed. However, it never displayed any of the normal startup icons or any toolbars - which made it unusable. I next tried rebooting in safe mode. In this case, after signing on as prompted, the system froze upon displaying the black screen showing the "safe mode" literals on the top and bottom lines of the screen. This computer run the free Zonealarm firewall, Symantec antivirus, Spybot, and SafeEyes.

Any help is most appreciated!

Thanks!

A:Windows XP freezes in normal and safe modes

Hi Makjax, and welcome to BleepingComputer.Try using the Last Known Good Configuration.When the computer is starting repeatedly tap the F8 key, this should take you to the Windows Advanced Options Menu, once this opens click on Last Known Good Configuration (your most recent settings that worked).

Read other 7 answers
RELEVANCY SCORE 57.6

So, I am having trouble with a computer running Windows XP. It freezes on the Windows XP page with the scrolling bar at the bottom. The bar scrolls, but nothing loads. When I try to boot up in any of the safe modes, it freezes at one of the files: "WINDOWS\system32\DRIVERS\AVGIDSEH.Sys" I can't load anything on the computer. Once, the hardware profile/configuration recovery menu popped up, and gave me a choice of one profile, but since I didn't know what it was, I pressed F3 to restart, but I still can't access anything. We don't have an XP disk, since someone had built the computer for us. Any help would be appreciated!

A:Problems with booting in normal and safe modes

hi, check this link as i think its whats going on with your computer , follow the guide in this link http://www.spywareremovalhelp.org/spyware-removal-help/how-to-fix-avgidseh-sys-errors.htmlquick link to the file to create the cd .http://forums.avg.com/ww-en/avg-forums?sec=thread&act=show&id=68967

Read other 5 answers
RELEVANCY SCORE 57.6

Hello. I had a Windows XP login issue, and I originally posted asking about how to repair the BartPE errors. After further reading of prior topics, I decided to start a new topic for reasons I describe below. Here is my initial post: http://www.bleepingcomputer.com/forums/ind...p;#entry1629780I'm starting a new one because I've decided to use Hiren's boot cd rather than BartPE, since I was having trouble with BartPE. I followed these steps as instructed by tchbytes on a separate but related post:"Let's now create a boot disc so that you can access your files and folders and so I can get a look at a log.....*** Please print these instructions ***Download Hiren's BootCD Iso to the desktop of a clean computer.Extract the zipped HirensBootCD.zip to your desktop.Open the extracted HirensBootCD folder and extract the zipped HirensBootCD.iso. Double click the BurnToCD.cmd bat file contained in the HirensBootCD folder. This will launch BurnCDCC.Insert a blank CD in your drive.Press Start. This will burn the image to disc. After it has completed...Restart your sick computer and boot from the HBCD you created.If your PC is not booting from the CD, you need to change the boot order:Restart your PCAs soon as you get an image, press the Setup key. This is usually F2, F10, F12 or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.Once you enter the computer's BIOS, use the arrow keys and tab key to move betw... Read more

A:Unable to login to Windows XP/safe modes

Hi gnome008,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.Please update me on the current condition of your computer. Have you removed or changed anything? If yes please post the current log, otherwise no need for a new log and we can proceed from here.Also tell me the drive letter of your flash drive when you insert it to the infected computer.

Read other 23 answers
RELEVANCY SCORE 57.6

Hi guys,

I had an ugly run in with AntiSpyware Pro and I *think* it rewrote my registry, disabled my run32dll, and crippled my web browsers. I'm pretty sure I've cut out all the infected files at this point, but I still can't get exe's to run. I haven't tried to restore file associations in safe mode with DOS prompt yet but will try that and let you guys know how that turns out. In the meantime, I'm hoping some of you folks can help me out with this one since I'm trying to get the machine running ASAP since it's a work computer.

Anyway, what I was hoping to do was restore file association of exe's, so I can run a registry fixer and hope it would fix the damage done by the trojan. Is this a good idea?

Thanks in advance.


PS: I can't use that program to post the startup activity because of the exe issues. Also, run32dll doesn't seem to be working either...

A:Exe files don't work in normal and safe modes

Try the fix at Kelly's Korner.EXE (lnk and regfile) Fix for Windows XP - #12 on the left.Right click on it and save the .reg/.vbs file to your desktop. Then, double click on the file icon (on your desktop) to merge it into your registry/run the script. You may need to reboot your computer for the changes to take affect.With any fix like this you should create a new restore point and backup the registry first. For backing up the registry I like to use ERUNT.

Read other 1 answers
RELEVANCY SCORE 57.6

Hi,
Well add me to the list of people who fell into the Moneypak pit...
I have had this virus before, but have always been able to fix it through safe mode. This new version auto restarts when any safe mode is attempted.
Any help would be appreciated. Thank you ahead of time.

A:FBI Moneypak: No safe modes allowed / Windows 7

To be a bit more specific. This moneypak screen is the one that says its from the fbi and in the background there is a fake command prompt screen which makes it look like my files are locked.

Read other 1 answers
RELEVANCY SCORE 57.6

Hey, I need some help. I have the FBI moneypak virus that doesnt allow safemodes. I am currently running Windows 7 64 bit.
I havent been able to find any working solution for the last four days now and im just about at my wits end. If anyone could help me I would really appreciate it.
Thanks!

A:FBI Moneypak: No safe modes allowed / Windows 7

I'll report this topic to appropriate helpers.
Hold on there....

Read other 2 answers
RELEVANCY SCORE 57.6

Win 7 64 bit freezes after login. Because I could not figure out why, I completely re-installed the OS and it ran for a while, but has now started freezing again right after login.

Also of interest is the fact that if I create a new user while in safe mode I can boot and run as that user for a while, but eventually that will start to freeze right after login too.

I can boot in Safe and Diagnostic Mode (MSConfig) and it will run without problems.

What should I do?

Thanks!

A:Freeze after login except in safe/diagnostic modes

Welcome
Run a full updated anti virus scan
Download and make a full scan with Malwarebytes
If none of the above produce results, try a clean boot
Troubleshoot Application Conflicts by Performing a Clean Startup

Read other 1 answers
RELEVANCY SCORE 57.6

Hi . . . my PC, a Dell XPS 400 w/ Windows XP Media Edition, became infected with Personal Guard spyware.....Tried to remove with MalWare Bytes but it wouldn't let me get to the .exe file for it.... Tried deleting the files, and registry data for it....still didn't work....Finally the machine shut down and now wil not boot up..... The Dell POST screen loads, but then it sticks trying to load Windows...... Any help would be mucho appreciated.

When trying to boot in safe mode, I get the "blue screen of death". It says the following:

A problem has been detected and windows has been shut down to prevent damage to your computer.

blah. . .blah . . . blah down to the

Technical information:
***STOP: 0x0000007B (OxF78BB524, 0xc0000034, 0x00000000, 0x00000000)




Thanks in advance !!
Dan

Read other answers
RELEVANCY SCORE 57.6

Hi
I really don't know where to post my problem ..
I Have a strange problem in my laptop and I am hoping to find a fix for it. I have Windows Vista on my Toshiba Satellite A215-S7462 laptop, recently my laptop got infected with a virus that disabled all anti viruses and malware scanners plus I was not able to boot into safe mode. Anyway I tried to get rid of the virus but no scanner worked so I used system restore and I was able to get all software running again.
Now my problem is that whenever I try to enter safe mode or any other item in the F8 menu, my laptops shut down unexpectedley, sometimes I get into safe mode for some minutes then it just powers off. This also happen when I try to scan for viruses (normal scane or online) in safe mode. The same thing happend when I tried to boot from any CD even my toshiba recovery CD that let me reinstall vista. I tried also to use the memory check utlity provided by toshiba, it start scanning for problems after restarting the laptiop, but again it shutdowns by itself. After shutting down, when i try to power it on, the power on led lights for a second and turn off again. I need to repeat that a couple of times to get it on. I even tried to update my BIOS as I found some people in google having similar issues , but again the laptop shutdowns. I searched in google but couldn't find a solution.

The STRANGE thing is that I can use my laptop normally by booting in my account in a normal way, not in safe mode or any other way... Read more

A:Laptops shutdown in Safe Mode and all other modes

Read other 7 answers
RELEVANCY SCORE 57.2

I have a PC that locked up. Upon reboot, I only got a black screen with mouse control. I get the same thing when attempting Safe Mode, Sofe Mode w prompt, and last known good config options. I even atempted a repair install. I get the same result in all cases.

I suspect this was cause by malware but I cannot boot to fix. I need advise on what else I can try to get the machine booted so I can troubleshoot. Thanks in advance.

A:XP Home - Black Screen - Normal & Safe Modes

Have you tried tapping F8 and choose Last Known Good Config? See if you're able to bootup.

If this doesn't work and you really suspect Malware or Virus, you may post a new Thread in the Security forum, they are very good at this.

Read other 4 answers
RELEVANCY SCORE 57.2

I have been spending the last 12 hours reviewing threads in this forum for solution to my issue with no luck. Start-up Repair has been run-all routines successful. System restore cannot locate any restore points, I have been unable to open explorer to download malwarebytes. sfc scannow completed verification phase but I am not sure if there are other phases beyond that that need to be done as well. I was able to run chkdsk and hardware diagnostics - no issues found.

Hardware related is my battery. I has lost it ability to charge. Could this be the source of my problem?

BTW when I start in mode the Windows Help and Support Window pops up for no reason but then freezes...weird. When I close it I get very limited functionality (windows explorer will open) and everything moves at a glacial pace.

A:System freezing during start-up in both normal and safe modes

Hello welcome to SevenForums,

Please can you follow this this, i know its not related to your problem however i need to see the event log

So follow the instructions below



   Information
Before posting a BSOD thread, please read the instructions here: Blue Screen of Death (BSOD) Posting Instructions

If you need to add new information like the dump files, please make a new post in your initial BSOD thread. Please do not make an extra new thread.

If your computer is not creating DMP Files please follow this link: Dump Files - Configure Windows to Create on BSOD

I look Forward to Helping you.

Read other 1 answers
RELEVANCY SCORE 57.2

I'm hoping someone here might be able to steer me in the right direction here. I have a situation right now on my 2006 Dell E1505 laptop (with Windows XP Home Edition) where I can't restart the computer. I have been getting BSOD'S for about a year, off and on.

Last night I got another BSOD and tried to fix it. It said: Driver_corrputed_mmpool. I've been getting this same message since last summer. I ran verifier.exe at the advice of someone online. Upon reboot it indicated a problem with iomdisk.sys. I removed the driver. (I figured this was from an old Iomega zip drive I had installed on the laptop about the same time I started getting the bsod's). Afterwards, I also did a search for that file name and removed two files. About an hour later I got the same bsod again. So, I restarted the computer and almost immediately a bsod came up.

I tried restarting the computer in safe mode and last best known configuration, but both times the bsod came up after selecting those modes.

I want to restart the computer and not lose any programs or files, and I don't have the OS disk, resource disk or drivers/utilities. Dell did not give me these when I bought the computer, so I called Dell this morning and they are mailing them to me in 2 to 3 days.

I did a bunch of research last night about this and came up with the following course of action. I'm hoping maybe some people here might be able to tell me if this is my best option:

1) To be safe and save any files fir... Read more

A:[SOLVED] BSOD, Can't start XP in safe or normal modes

Hi

You can view this document. It should help you get the data off your hard drive.
Use Ubuntu Live CD to Backup Files

How did you remove the iomega driver?

Read other 19 answers
RELEVANCY SCORE 57.2

Woke up this morning, turned on my pc after using it the previous night, went downstairs came back up to find my computer rebooting itself, thought "that's odd", left it a few minutes thinking it might have been a windows update or something. It got to the windows logo, then went to a black screen with the loading mouse symbol.

Restarted the system a bunch of times, tried the safe modes with no luck. Tried recovery, no luck. Tried to repair from windows 7 installation disk, again no luck.

Frustrating as hell as it's a clean install (beginning of the week) after having issues previously with blue screens.

Starting to thinking i might be hardware related, even though the system was only bought beginning of august :/.

Could also just be the disk i've got for windows...

Any help would be appreciated.

A:Windows 7 ultimate x64 suddenly won't boot, even in safe modes.

From what your describing, it would be my guess that your hard drive has become corrupted or is crashing or crashed. Keep trying to load up OS and if your successful then try this..... Check your hard disk for errors

Read other 9 answers
RELEVANCY SCORE 57.2

Hi everyone, here is my problem. Yesterday, I noticed that my links are being redirected after I use search engines like google and yahoo in IE and Firefox. After doing some research on internet, I tried installing Webroot Spy Sweeper which never finished installing, and then I tried Spyware Doctor 2010 which didn't work properly. I decided to go to the safe mode to deal with this "redirection of links" so I used "msnconfig" and booted up my laptop in safe mode. Then, Windows Advanced Options Menue appeared but none of the options worked. Clicking (entering) on any of those options takes me to windows logo and the "loading" bar under it and then It takes me to the same menue. After trying every option available on this menue I tried using the installation CD that came with my computer but that doesn't work well. Right now I'm stocked in the Windows Advanced Options Menue where I can't boot up windows in normal mode or safe mode. I have a Dell XPS M140, and my OS is Windows XP Media Center Edition. I greatly appreciate any kind of help that you can offer me.Thx.
 

A:Windows doesn't boot up in safe nor normal modes! plz help.

Just an update and clarification. At this point no matter what I do, after restarting my laptop it takes me to the safe mode menue. However, none of the options in the safe menue works (when i click on any of options, it takes me to the same safe mode menue). However after restarting by tapping on F2 it takes me to the setup utility menue (I'm not sure if that's BIOS?). In this menue (with a blue screen) I tried changing my first and only preferences for the option "Boot Sequence" to "CD/DVD/CD-RW DRIVE" but nothing happens there whenever I put in my installation CD. Do you think If I try to reinstall XP using USB Flash drive instead of the actuall CD it would work?
*I am not worrying about losing my data since I have everything backed up on my external hard drive.
 

Read other 1 answers
RELEVANCY SCORE 57.2

Hello, I have a FBI moneypak infection on another computer:  Windows XP.  All safe modes result in the BSOD and no other removal techniques have worked.  I was able to boot using a Kapersky rescue USB and using Hiren's Boot CD but each time there is no access to the drive where the virus resides.  I was able to run Malware bytes scan (with up to date file) after the rescue CD loaded Mini-XP.  I noticed the C: drive showed as "unformatted": and was only showing 75G of the 80G harddrive available.  
It appears I can't access the hard drive where the virus and Windows XP and other files reside to scan.  
 
I'm stuck and don't see any forum posts that may help.. I'm wondering if my drive is actually erased?
Thanks
 

A:FBI Moneypak- no safe modes- hidden partition or HDD not scannable?

to the BC Forums, edgy72 !
 
In Windows XP, can you access the Command Prompt?
 
There are several ways...
 
Go to Start > Run, then type: cmd
Go to Start > Programs > Accessories > Command Prompt
Right-click the Taskbar, and then click: New Task, type cmd.exe, and press: Enter
Right-click Start, and open Windows Explorer, go to c:\windows\system32\ double click on: cmd.exe
In the Internet Explorer browser, type the following in the address bar, and press: Enter
 

file:///c:\windows\system32\cmd.exe
If so, can you then do the following...
 Step
On a clean computer, please download Farbar Recovery Scan Tool and save it to a USB pen drive.
Note: You need to run the version of FRST compatible with your system. Your XP system should be 32-bit.
 Step
Plug the pen drive into the infected PC.
Boot the infected machine into Windows XP, and get to the Command Prompt.
Step
At the Command Prompt window, type in notepad, and press Enter
Notepad opens. Under the File menu select: Open.
Select My Computer and find your pen drive letter, make note of it, and close Notepad.
At the Command Prompt window type x:\frst (or, for x64 bit version type e:\frst64) and press: EnterNote: Replace letter x with the drive letter of your pen drive!!
The tool starts to run.
At the program console, press  the Scan button. The scan may tke a few minutes...
When done, a report named FRST.txt... Read more

Read other 13 answers
RELEVANCY SCORE 56.4

The problem started when i woke up and nothing on my computer would run or move everything was frozen so i restarted it manually and waited for it to boot up it got to where you think the blue background screen would appear but the login box did not appear it just sat there for about 10 - 15 min before turning to black and restarting.

At this point i started it in safe mode to see if i could run some scans on my programs for a possible virus (i am very conscious about what i put on my computer and scan everything that i download) when it got to the login screen for safe mode the same thing happened as if i had normally started it before, accept this time two errors appeared:

1 - the application LoginUI.exe is not responding error code 0x000142
2 - C:\Windows\Prefetch\LOGIN.UI - 0914140401.pf is corrupted or unreadable

I then proceeded to let Disk check run and see if it would fix it, it did not as a result it ran it again and with little hope i let it, it still had not fixed the problem i left it on the blue screen where the login box should be for curiosity until it BSOD and restarted.

Therefor I put in a windows 7 home premium disk (I have windows 7 ultimate installed currently however its on a USB and i cant find it the files for it are on the laptop which is having problems) for recovery options
I started by doing the first option it found an error and it would run a disk check to fix it, it ran . . . it did not fix it, I then system restored twice with no ... Read more

A:Error code 0x0000142 and safe modes wont work.

Can you still logon in safe mode (or any other mode)?
If i read correctly.... you know how to access "command prompt" from win7 install disk?

Read other 8 answers
RELEVANCY SCORE 56.4

Basics: Dell Dimension 2350 desktop with 1G RAM running on XP (home edition?). USB mouse, keyboard & printer connections. Wired 10/100 Ethernet connection. Printer is an HP DeskJet D2660.

What happened: I'm fairly certain this reflects the order of the actions I took and the resulting problems but it's been a long few days.
There was an intermittent problem with the printer (ie it was flashing lights and printed items would sit in queue but never actually print). The computer was also running VERY slow. I used the update feature in the HP software but it didn't resolve the problem. I then used the Device Manager to look for better drivers without success so I deleted the printer (from the printer window) with the thought reinstalling would fix the issue however the PC locked up during the delete process (due to the delete?). Soft restart wouldn't work so I hard booted the system.

When I restarted the system I got a blue screen in the boot process with a ialmrnt5 file issue which I researched and learned is a video problem. After several re-attempts to start the PC in normal mode I booted to safe mode and used the restore feature going back to the last date in which system was working. When I restarted the computer I got the same message so I restarted it to safe mode and disabled the video driver hoping on restart it would find and fix the issue. The computer then started to normal mode but in what looked like VGA (?), ie big granular charact... Read more

A:Screen goes black after the Windows logo in normal & safe modes

is the video card on board or a separate card also what are the specs of the card.

Read other 4 answers
RELEVANCY SCORE 56.4

I owned this PC for quite a while now and this is the first time that this gets infected. I can't browse the internet, a big message saying on my screen "YOUR SYSTEM IS INFECTED" greets me everytime I boot it up. My anti-virus has expired so this is probably the reason why I'm getting this message. Also, lots of error messages pop up whenever I try to use my computer.
Anyway, I'm so glad I found this forum. I really need help fixing my computer and I did follow the instructions here on what to do so I can get help removing the virus from my PC. To someone who's going to help me, please let me know if I need to provide more infos regarding my PC. Thanks so much and happy new year!

DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 22:50:08.06 on Thu 12/31/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.535 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\Program Files\Microsoft SQL Server\90\Shared\sqlw... Read more

A:My computer is infected with virus, cannot surf the internet at all.

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

It can take as little as eight seconds to infect an unprotected computer.

Please keep this computer offline except when downloading tools and posting in the forum until we get an antivirus installed. Let me know your intentions for an antivirus program.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions... Read more

Read other 2 answers
RELEVANCY SCORE 56.4

DDS (Ver_10-03-17.01) - NTFSx86 Run by dpuglia at 18:54:23.59 on Wed 07/28/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.65 [GMT -7:00]AV: Sophos Anti-Virus *On-access scanning enabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Enfocus Software\Enfocus Instant PDF 4\Application\InstantPDFService.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\System32\svchost.exe -k HPZ12C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exeC:\Program Files\Sophos\Remote Management System\ManagementAgentNT.e... Read more

A:Computer Keeps Shutting down internet/infected w/virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 2 answers
RELEVANCY SCORE 56

Hi,I have some virus that is re-directing my Google and Firefox searches. It randomly goes to other sites and I have to hit the back button, sometimes several times, and end up in the right place. It seems like a lot of people are having this same problem. I tried rkill and mbam, but they didn't work on this.Thanks for your help!Here is the DDS.txt log:DDS (Ver_09-12-01.01) - NTFSx86 Run by purecheminc at 15:57:52.34 on Mon 01/25/2010Internet Explorer: 8.0.6001.18882Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2036.1163 [GMT -6:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\tasken... Read more

A:Infected with Internet browser redirect virus [Computer 1]

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS or GMER log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resu... Read more

Read other 3 answers
RELEVANCY SCORE 55.6

A Massachusetts stock broker will pay a $100,000 penalty to the Securities and Exchange Commission for failing to have security software or procedures when intruders stole account information of hundreds of customers and began making transactions with it.



Sunbelt Blog: No anti-virus software or procedures = compliance i$$ue

Read other answers
RELEVANCY SCORE 52

I'm not able to use internet in regular mode of windows xp. If i restart in safe mode with network support I can access the internet.I have checked everything concerning driver issues etc. The ip is correctly assigned. I have done several scans wit MBAM, I've used registry cleaners, etc. It all started a couple weeks ago when the pc started working very slow. I did a disk cleanup, defragmented the harddisk, did registry cleans, scanned for viruses etc. It was a bit better but not too much. After a few days the internet stopped working on my pc.Is there any solution to fix this problem?Hereby the DDS.txt log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Zjefne at 13:56:09,23 on vr 24/09/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.447.221 [GMT 2:00]AV: Panda Antivirus Pro 2010 *On-access scanning enabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcsC:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\WebProxy.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\A... Read more

A:Infected? No internet, just in safe mode

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 3 answers
RELEVANCY SCORE 51.6

Hi, last fri I received an email via my yahoo account from UPS ( which I now now is not). I think this is a nasty virus has worms too.Avira scanned the file before I unzipped it, I did not get any warning, even though I had updated avira files before, then it went spirling downhill!!I had so many windows opening up, I immediately disconnected from the net then proceded to virus scan with Avira. At the end of the scan, it could not help as it was infected. I could not open the report, even though there were warnings.I tried Spybot scan which found a majority of problems which I allowed the fix. I did not think it wise to go on the net as I kept getting Internet Explorer pages opening up.All during this time I was getting Norton virus updates and warnings - I dont have nortons so ignored them and did not open any of the files. Just closed at the X them and made sure i was disconnected from net.After spybot cleaned up, I used ATF to clean my temp files and then turned off and re-started.Since then I can not log on to windows, even in safe mode and adminstrator. I tried and logging on a number of times in a variety of ways but it keeps logging me out. I am not getting past the log on page.I cannot seem to get into windows and think I must have messed up somewhere. I have my external drive plugged in and was about to back up my monthly documents but decided to reply to my emails before! Hence now cannot access anything. I have spent the weekend reading forums and page... Read more

A:infected with UPS virus. Cannot log on even in safe mode

I tried ... logging on a number of times in a variety of ways but it keeps logging me out. I am not getting past the log on page.I have spent the weekend reading forums and pages and pages of advise. I read this forum thread as well as thread: http://thinkinginpixels.com/quick-fixes/fi...onlog-off-loop/I really need my documents and cannot afford to loose them as there are files I need to send to my mortgage lender asap.mandyRe: LogOn/LogOff LoopGo ahead with the thinkinginpixels instructions: That is your best chance to get back in to Windows. It will take several hours to complete, and you should then be able to use Windows and retrieve the documents that you need. The instructions provide a series of logical steps that are relatively easy to follow and should lead to a positive result. Any problems, let us knowShould that fail (unlikely) we can help you get those documents by another means.Let us know how you are getting on.'Alien

Read other 81 answers
RELEVANCY SCORE 51.2

A user came to me with a laptop that does not connect to the internet at all in normal mode. (Wired or wireless, DHCP or static IP, IPv4 or IPv6)
Connects to the network perfectly fine, but no internet connection.
Unless in safe mode then the internet works just fine. (which led me to think malware was the root of the problem)
Nothing else appears to be wrong/off; just lost internet connection.

disable/enable adapter... nothing
ipconfig /release /renew... nothing
ipconfig /dnsflush /dnsregister... nothing
Tried new drivers... nothing
reset winsock... nothing
Scanned with McAfee... Clean
Scanned with MBAM... Clean
rkill... clean
tdsskiller... clean
running a hjt now, but thought I would post here first and see if it may well be something else.

NOTE: If you think this should be posted in networking then let me know and i'll gladly create a new thread there. I will not post my HJT until recommended, and that will go into the appropriate thread

Thanks in advance for your help. I've been using this site for years, first time I couldn't find a fix and need to post.

A:Internet Connection In safe mode only. Am I infected?

Uninstall your antivirus and let us know if you can connect

Read other 1 answers
RELEVANCY SCORE 51.2

I tried to install win xp pro sp3, but didnt complete installation.
next time i start up it shows, choose ur OS
windows xp professional
windows xp professional installation
default is the later with 3 seconds delay time. I tried to change this by going to
My computer<Properties<Advanced<Startup and Recovery<Settings
There i select windows xp professional as the default one and by editing it delete the text that reads as "non-execute,....windows xp professional installation", and save the text file then apply and Ok.

Next time i startup windows won't login, but it keeps on restarting.
Tried the safe modes, couldn't login either.
Tried using the XP pro CD to Repair windows but sadly i didn't have a recovery portion disks.
As a last resort i tried to install the OS from the cd, the result was even worse, as it shows an error message as
txtsetup.sif file missing, couldnt load setup..
I have no idea what else to do now, please help me out.
 

Read other answers
RELEVANCY SCORE 51.2

I was working with Adobe After Effects CS3 on my Windows XP and it exported my movie as a 1GB big swf file for some reason. I figured, hey, After Effects has done worse, so I opened it. That completely locked up my computer and I had to hard reset it. I tried to restart it, but it gave me a blue screen STOP error so fast that I couldn't read it, then it reverted back to restarting. Now whenever I try to boot my computer, it immediately sends me to the Windows Advanced Options Menu where I can pick a number of booting options. NONE of the options I can choose from work. Not even Safe Mode or Last Known Good Configuration. They ALL start booting as a computer normally should, then it flashes the blue screen STOP error and starts restarting again, sending me back to the Windows Advanced Options Menu.

NONE of the options work! I cant get to the desktop no matter what, not even in Safe Mode. What can I do??

I have search all over the internet and other people have had the same problem, but no one seems to be solving it fully. I hope I can find the genius that can do this.
 

A:No booting modes (Safe Mode, Normal Mode, etc.) work!...

If you have a Windows XP CD you may be able to fix it. For details see: http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/doug92.mspx

Good luck.
 

Read other 1 answers
RELEVANCY SCORE 51.2

Hi,
My computer is running windows 7 64bit and got infected with win32.sality.bh. I am not able to run any program except kaspersky. I had a full scan and removed all threats it could find but apparently the so called anti virus is not as powderful as it described. i still cant open any program. I tried to run in safe mode but cant do it without msconfig. any idea how can i run in safe mode? thanks in advance.

Read other answers
RELEVANCY SCORE 51.2

Hey guys,So my girlfriends computer had a virus on it called Windows System Defender. It installed itself while browsing the internet, no we don't remember what site it was. I looked up ways to remove it and I did everything it said to do and even removed an instances of it from the Registry. It still persists and continues to come back,we think. After running a bunch of virus scanners it appears that I have gotten rid of the original virus but now have a new one that we can't figure out what it is and won't pop up on virus scanners. It also won't let us boot up in safe mood. It gives us a blank blue screen when we try to do so. I have posted a HJT log to see if that will show anything. Any help is much appreciated. Thanks.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:20:16 PM, on 11/3/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system... Read more

A:Infected With Virus and Can't Boot to Safe Mode

Problem has been resolved.

Read other 2 answers