I'm not sure if I'll be able to fix this system- it was full of malware to begin with. Initially presented with no internet connection- I thought the integrated adapter was bad, but two add on cards don't work either.
Ran Tdsskiller, MBAM, Rkill, Rootkiller, and all found issues- repaired/deleted. Then I ran combofix, which caused a Startup Repair Loop. I restored back to before everything! Ran the same again, this time instead of combofix I ran Tweaking.com's Repair tool to see if I could fix the error that was preventing the internet issue. Got a Repair loop again. Restored, then tried combofix again. Repair Loop again. This time it will not boot successfully after a system restore.
I am considering loading the default registry hives, but first I want to try FARBAR. The scan reveals rootkits but I don't know how to remove them. And I don't know if that is what's causing the Repair loop!!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-04-2013 (ATTENTION: FRST version is 132 days old)
Ran by SYSTEM at 21-08-2013 09:51:56
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet002
==================== Registry (Whitelisted) ===================
HKLM-x32\...\Run: [] [x]
HKU\Cody\...\Run: [DVDXGhost] C:\Program Files (x86)\DVD Ghost\DVDGhost.EXE [x]
HKU\Cody\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Cody\...\Run: [SetDefaultMIDI] MIDIDef.exe [x]
HKU\Cody\...\Policies\system: [LogonHoursAction] 2
HKU\Cody\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Kim\...\Run: [DVDXGhost] C:\Program Files (x86)\DVD Ghost\DVDGhost.EXE [x]
HKU\Kim\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Kim\...\Run: [SetDefaultMIDI] MIDIDef.exe [x]
HKU\Kim\...\Policies\system: [LogonHoursAction] 2
HKU\Kim\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Michael\...\Policies\system: [LogonHoursAction] 2
HKU\Michael\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Zoie\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Zoie\...\Run: [DVDXGhost] C:\Program Files (x86)\DVD Ghost\DVDGhost.EXE [x]
HKU\Zoie\...\Run: [SetDefaultMIDI] MIDIDef.exe [x]
HKU\Zoie\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [1653248 2009-12-29] (AWS Convergence Technologies, Inc.)
HKU\Zoie\...\Run: [Akamai NetSession Interface] "C:\Users\Zoie\AppData\Local\Akamai\netsession_win.exe" [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKU\Zoie\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex [814472 2013-06-18] (Adobe Systems Incorporated)
HKU\Zoie\...\Policies\system: [LogonHoursAction] 2
HKU\Zoie\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
==================== Services (Whitelisted) ===================
4 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-10] ()
2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-02] (Akamai Technologies, Inc.)
4 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [488776 2010-08-27] ()
4 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [6104144 2010-09-03] (AVG Technologies CZ, s.r.o.)
4 avgwd; "C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe" [265400 2010-09-09] (AVG Technologies CZ, s.r.o.)
3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [252712 2007-04-10] (Creative Technology Ltd.)
3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [219432 2007-04-10] (Creative Technology Ltd)
3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [321832 2007-04-10] (Creative Technology Ltd)
3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [190248 2007-04-10] (Creative Technology Ltd)
3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [363304 2007-04-10] (Creative Technology Ltd)
3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1571112 2007-04-10] (Creative Technology Ltd.)
3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [123688 2007-04-10] (Creative Technology Ltd.)
4 HsdService; "C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe" [1393976 2011-04-25] (Windstream)
4 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-05-13] (Alcatel-Lucent)
2 N360; "C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\diMaster.dll" /prefetch:1 [556336 2013-05-29] (Symantec Corporation)
4 nvsvc; "C:\Windows\system32\nvvsvc.exe" [877856 2013-03-14] (NVIDIA Corporation)
4 nvUpdatusService; "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" [1266464 2013-03-14] (NVIDIA Corporation)
2 ServicepointService; "C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe" [10315064 2011-10-13] (Radialpoint SafeCare Inc.)
4 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [383264 2013-03-14] (NVIDIA Corporation)
3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [x]
2 Creative Service for CDROM Access; C:\Windows\SysWOW64\CTsvcCDA.EXE [x]
3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [x]
3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [x]
3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [x]
2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
==================== Drivers (Whitelisted) =====================
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
3 ctsfm2k; C:\Windows\SysWow64\Drivers\ctsfm2k.sys [130288 2004-07-12] (Creative Technology Ltd)
3 e1express; C:\Windows\System32\DRIVERS\e1e6232e.sys [286936 2009-06-05] (Intel Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-02-22] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130726.001\IDSvia64.sys [513184 2013-07-12] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130712.016\ENG64.SYS [126040 2013-06-25] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130712.016\EX64.SYS [2098776 2013-06-25] (Symantec Corporation)
3 OEM05Afx; C:\Windows\System32\Drivers\OEM05Afx.sys [212864 2007-06-07] (Creative Technology Ltd.)
3 OEM05Vfx; C:\Windows\System32\Drivers\OEM05Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.)
3 OEM05Vid; C:\Windows\System32\Drivers\OEM05Vid.sys [266720 2007-07-19] (Creative Technology Ltd.)
3 RLDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\livecamv.sys [49664 2007-02-05] ()
3 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-18] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========
2013-08-21 09:51 - 2013-08-21 09:51 - 00000000 ____D C:\FRST
2013-08-20 13:48 - 2013-08-20 17:07 - 00000000 ___SD C:\ComboFix
2013-08-20 12:33 - 2013-08-20 12:33 - 00000000 ____D C:\RegBackup
2013-08-19 14:07 - 2013-08-19 14:07 - 00000000 ____D C:\Windows\pss
2013-08-19 13:59 - 2013-08-19 13:59 - 00000000 ____D C:\Users\Michael\AppData\Local\{A68ACB53-E805-4F10-A7B0-E6B0F8D2D3C1}
2013-08-19 13:34 - 2013-08-19 13:34 - 00000000 ____D C:\AdwCleaner
2013-08-19 12:47 - 2013-08-19 12:47 - 00001224 ____A C:\Users\Michael\Desktop\Revo Uninstaller.lnk
2013-08-19 12:47 - 2013-08-19 12:47 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-08-19 12:44 - 2013-08-19 12:44 - 00000000 ____D C:\Users\Michael\AppData\Local\{EB25F247-D787-4AF2-8EAE-43996522F091}
2013-08-19 11:54 - 2013-08-14 05:39 - 00800594 ____A C:\Users\Michael\Desktop\AdwCleaner(1).exe
2013-08-19 11:42 - 2013-08-19 11:42 - 00000000 ____D C:\Users\Michael\AppData\Local\{C0240286-2649-48A6-9DA5-6DB42114AFDC}
2013-08-19 11:33 - 2013-08-19 11:33 - 00000000 ____D C:\Users\Michael\AppData\Local\{3468E448-D349-444F-A20B-02C9CF04BC4A}
2013-08-19 09:52 - 2013-08-19 09:52 - 00000000 ____D C:\Program Files\Intel
2013-08-19 09:52 - 2013-07-04 01:05 - 00552760 ____A (Intel Corporation) C:\Windows\System32\PROUnstl.exe
2013-08-19 09:52 - 2006-01-12 14:52 - 00001904 ____N C:\Windows\System32\SetupBD.din
2013-08-19 09:48 - 2013-08-19 09:48 - 32962600 ____A C:\Users\Michael\Desktop\PROWinx64.exe
2013-08-19 09:35 - 2013-08-21 09:07 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-08-19 09:34 - 2013-08-19 09:34 - 00000000 ____D C:\ProgramData\Dell
2013-08-19 09:34 - 2013-08-19 09:32 - 07635240 ____A C:\Users\Michael\Desktop\R290807.exe
2013-08-19 09:34 - 2013-08-19 09:32 - 05711728 ____A C:\Users\Michael\Desktop\R266204.exe
2013-08-19 09:23 - 2007-05-02 13:14 - 01029833 ____A (CPUID) C:\Users\Michael\Desktop\cpuz.exe
2013-08-19 09:18 - 2013-08-19 09:18 - 00001107 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-19 09:18 - 2013-08-19 09:18 - 00000000 ____D C:\Users\Michael\AppData\Local\Mozilla
2013-08-19 09:18 - 2013-08-19 09:18 - 00000000 ____D C:\ProgramData\Mozilla
2013-08-19 09:18 - 2013-08-19 09:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 09:11 - 2013-08-19 09:12 - 00000000 ____D C:\Users\Michael\Desktop\IMAGES
2013-08-19 08:51 - 2013-08-21 09:08 - 00000000 ___SD C:\32788R22FWJFW
2013-08-19 08:51 - 2013-08-21 09:07 - 00000000 ____D C:\Windows\erdnt
2013-08-19 08:51 - 2013-08-19 08:52 - 00000000 ____D C:\Qoobox
2013-08-19 08:48 - 2013-08-19 08:48 - 00004153 ____A C:\Users\Michael\Desktop\RKreport[1]_S_08192013_02d1148.txt
2013-08-19 08:46 - 2013-08-19 08:49 - 00000000 ____D C:\Users\Michael\Desktop\RK_Quarantine
2013-08-19 08:46 - 2013-08-19 07:55 - 00006576 ____A C:\Users\Michael\Documents\Rkill.txt
2013-08-19 07:56 - 2013-08-19 07:56 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-19 07:56 - 2013-08-19 07:56 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Malwarebytes
2013-08-19 07:56 - 2013-08-19 07:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-19 07:56 - 2013-08-19 07:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-19 07:56 - 2013-04-04 11:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-08-19 07:55 - 2013-08-19 07:55 - 00006576 ____A C:\Users\Michael\Desktop\Rkill.txt
2013-08-19 07:55 - 2013-08-19 07:55 - 00000000 ____D C:\Users\Michael\Desktop\rkill
2013-08-19 07:54 - 2013-08-19 07:54 - 00000000 ____D C:\Users\Michael\Desktop\tweaking.com_windows_repair_aio
2013-08-19 07:54 - 2013-05-22 06:27 - 00816128 ____A C:\Users\Michael\Desktop\RogueKiller.exe
2013-08-19 07:41 - 2013-08-19 07:41 - 00000000 ____D C:\Users\Michael\AppData\Local\{E0DBCE77-6665-4BFD-9922-34D09E0D47FE}
2013-07-24 13:04 - 2013-07-24 13:04 - 00256512 ____A (Intel(R) Corporation) C:\Windows\System32\Ncs2Setp.dll
2013-07-24 12:54 - 2013-07-24 12:54 - 00805592 ____A (Intel(R) Corporation) C:\Windows\System32\ncs2dmix.dll
2013-07-24 12:54 - 2013-07-24 12:54 - 00794328 ____A (Intel(R) Corporation) C:\Windows\System32\accesor.dll
2013-07-24 12:45 - 2013-07-24 12:45 - 00234200 ____A (Intel(R) Corporation) C:\Windows\System32\ncs2instutility.dll
2013-07-24 12:41 - 2013-07-24 12:41 - 03422424 ____A (Intel(R) Corporation) C:\Windows\System32\ncscolib.dll
2013-07-24 05:05 - 2013-07-24 05:13 - 00000000 ____D C:\Windows\System32\MRT
==================== One Month Modified Files and Folders =======
2013-08-21 09:51 - 2013-08-21 09:51 - 00000000 ____D C:\FRST
2013-08-21 09:08 - 2013-08-19 08:51 - 00000000 ___SD C:\32788R22FWJFW
2013-08-21 09:08 - 2011-07-01 12:47 - 00000000 ____D C:\ProgramData\Norton
2013-08-21 09:08 - 2010-02-14 05:41 - 00000000 ____D C:\users\Cody
2013-08-21 09:08 - 2010-02-08 12:46 - 00000000 ____D C:\users\Kim
2013-08-21 09:08 - 2010-02-06 14:30 - 00000000 ____D C:\users\Zoie
2013-08-21 09:08 - 2010-02-04 08:04 - 00000000 ____D C:\users\Michael
2013-08-21 09:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-08-21 09:07 - 2013-08-19 09:35 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-08-21 09:07 - 2013-08-19 08:51 - 00000000 ____D C:\Windows\erdnt
2013-08-21 09:07 - 2010-02-04 12:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-21 09:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-08-20 17:07 - 2013-08-20 13:48 - 00000000 ___SD C:\ComboFix
2013-08-20 12:40 - 2012-04-11 09:41 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps
2013-08-20 12:33 - 2013-08-20 12:33 - 00000000 ____D C:\RegBackup
2013-08-20 12:29 - 2012-09-11 21:30 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2013-08-20 12:22 - 2009-07-13 20:45 - 00015680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-20 12:22 - 2009-07-13 20:45 - 00015680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-20 12:21 - 2009-07-13 21:08 - 00032628 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-20 12:21 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-08-20 12:20 - 2012-12-20 09:14 - 00000000 ____D C:\ProgramData\Radialpoint
2013-08-20 12:18 - 2010-02-03 14:37 - 02054673 ____A C:\Windows\WindowsUpdate.log
2013-08-20 12:15 - 2013-04-12 20:13 - 00004635 ____A C:\Windows\setupact.log
2013-08-19 15:40 - 2010-02-06 14:25 - 00000000 ____D C:\ProgramData\Google
2013-08-19 14:09 - 2010-02-06 15:37 - 01523310 ____A C:\Windows\PFRO.log
2013-08-19 14:07 - 2013-08-19 14:07 - 00000000 ____D C:\Windows\pss
2013-08-19 14:05 - 2010-04-22 17:16 - 00000000 ____D C:\Program Files (x86)\Unity
2013-08-19 14:05 - 2010-02-27 10:25 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Uniblue
2013-08-19 14:04 - 2011-07-09 09:26 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-08-19 14:01 - 2010-02-06 13:14 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-08-19 13:59 - 2013-08-19 13:59 - 00000000 ____D C:\Users\Michael\AppData\Local\{A68ACB53-E805-4F10-A7B0-E6B0F8D2D3C1}
2013-08-19 13:59 - 2010-02-18 18:39 - 00000000 ____D C:\Users\Michael\Tracing
2013-08-19 13:56 - 2010-02-13 18:01 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-19 13:55 - 2013-01-26 19:23 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-19 13:55 - 2010-02-06 14:25 - 00000000 ____D C:\Program Files\Google
2013-08-19 13:55 - 2010-02-06 14:25 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-19 13:34 - 2013-08-19 13:34 - 00000000 ____D C:\AdwCleaner
2013-08-19 13:26 - 2010-02-20 19:02 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-19 12:51 - 2010-02-06 14:26 - 00000000 ____D C:\Users\Michael\AppData\Local\Google
2013-08-19 12:47 - 2013-08-19 12:47 - 00001224 ____A C:\Users\Michael\Desktop\Revo Uninstaller.lnk
2013-08-19 12:47 - 2013-08-19 12:47 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-08-19 12:44 - 2013-08-19 12:44 - 00000000 ____D C:\Users\Michael\AppData\Local\{EB25F247-D787-4AF2-8EAE-43996522F091}
2013-08-19 11:55 - 2010-12-21 07:09 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-08-19 11:42 - 2013-08-19 11:42 - 00000000 ____D C:\Users\Michael\AppData\Local\{C0240286-2649-48A6-9DA5-6DB42114AFDC}
2013-08-19 11:42 - 2010-02-20 18:28 - 00000000 ____D C:\Users\Michael\AppData\Roaming\FrostWire
2013-08-19 11:33 - 2013-08-19 11:33 - 00000000 ____D C:\Users\Michael\AppData\Local\{3468E448-D349-444F-A20B-02C9CF04BC4A}
2013-08-19 09:52 - 2013-08-19 09:52 - 00000000 ____D C:\Program Files\Intel
2013-08-19 09:48 - 2013-08-19 09:48 - 32962600 ____A C:\Users\Michael\Desktop\PROWinx64.exe
2013-08-19 09:34 - 2013-08-19 09:34 - 00000000 ____D C:\ProgramData\Dell
2013-08-19 09:32 - 2013-08-19 09:34 - 07635240 ____A C:\Users\Michael\Desktop\R290807.exe
2013-08-19 09:32 - 2013-08-19 09:34 - 05711728 ____A C:\Users\Michael\Desktop\R266204.exe
2013-08-19 09:18 - 2013-08-19 09:18 - 00001107 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-19 09:18 - 2013-08-19 09:18 - 00000000 ____D C:\Users\Michael\AppData\Local\Mozilla
2013-08-19 09:18 - 2013-08-19 09:18 - 00000000 ____D C:\ProgramData\Mozilla
2013-08-19 09:18 - 2013-08-19 09:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 09:18 - 2013-01-02 09:48 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Mozilla
2013-08-19 09:18 - 2013-01-02 09:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-19 09:12 - 2013-08-19 09:11 - 00000000 ____D C:\Users\Michael\Desktop\IMAGES
2013-08-19 09:09 - 2010-09-27 13:10 - 00011347 ____A C:\Windows\{00000005-00000000-00000004-00001102-00000004-20061102}.BAK
2013-08-19 09:09 - 2010-09-27 13:09 - 00011347 ____A C:\Windows\{00000005-00000000-00000004-00001102-00000004-20061102}.CDF
2013-08-19 08:52 - 2013-08-19 08:51 - 00000000 ____D C:\Qoobox
2013-08-19 08:49 - 2013-08-19 08:46 - 00000000 ____D C:\Users\Michael\Desktop\RK_Quarantine
2013-08-19 08:48 - 2013-08-19 08:48 - 00004153 ____A C:\Users\Michael\Desktop\RKreport[1]_S_08192013_02d1148.txt
2013-08-19 07:56 - 2013-08-19 07:56 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-19 07:56 - 2013-08-19 07:56 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Malwarebytes
2013-08-19 07:56 - 2013-08-19 07:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-19 07:56 - 2013-08-19 07:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-19 07:55 - 2013-08-19 08:46 - 00006576 ____A C:\Users\Michael\Documents\Rkill.txt
2013-08-19 07:55 - 2013-08-19 07:55 - 00006576 ____A C:\Users\Michael\Desktop\Rkill.txt
2013-08-19 07:55 - 2013-08-19 07:55 - 00000000 ____D C:\Users\Michael\Desktop\rkill
2013-08-19 07:54 - 2013-08-19 07:54 - 00000000 ____D C:\Users\Michael\Desktop\tweaking.com_windows_repair_aio
2013-08-19 07:49 - 2009-07-13 21:13 - 00065532 ____A C:\Windows\System32\PerfStringBackup.INI
2013-08-19 07:41 - 2013-08-19 07:41 - 00000000 ____D C:\Users\Michael\AppData\Local\{E0DBCE77-6665-4BFD-9922-34D09E0D47FE}
2013-08-16 08:58 - 2010-02-27 08:21 - 00000000 ____D C:\Users\Kim\AppData\Local\Google
2013-08-14 05:39 - 2013-08-19 11:54 - 00800594 ____A C:\Users\Michael\Desktop\AdwCleaner(1).exe
2013-07-29 23:49 - 2012-05-05 15:10 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-29 23:23 - 2010-02-06 14:26 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-29 22:23 - 2010-02-06 14:26 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-28 21:25 - 2012-12-20 09:14 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Radialpoint
2013-07-24 13:04 - 2013-07-24 13:04 - 00256512 ____A (Intel(R) Corporation) C:\Windows\System32\Ncs2Setp.dll
2013-07-24 12:54 - 2013-07-24 12:54 - 00805592 ____A (Intel(R) Corporation) C:\Windows\System32\ncs2dmix.dll
2013-07-24 12:54 - 2013-07-24 12:54 - 00794328 ____A (Intel(R) Corporation) C:\Windows\System32\accesor.dll
2013-07-24 12:45 - 2013-07-24 12:45 - 00234200 ____A (Intel(R) Corporation) C:\Windows\System32\ncs2instutility.dll
2013-07-24 12:41 - 2013-07-24 12:41 - 03422424 ____A (Intel(R) Corporation) C:\Windows\System32\ncscolib.dll
2013-07-24 05:13 - 2013-07-24 05:05 - 00000000 ____D C:\Windows\System32\MRT
ZeroAccess:
C:\Users\Zoie\AppData\Local\{b0632319-bd2f-0984-95f2-371b6f8bc86c}
C:\Users\Zoie\AppData\Local\{b0632319-bd2f-0984-95f2-371b6f8bc86c}\@
C:\Users\Zoie\AppData\Local\{b0632319-bd2f-0984-95f2-371b6f8bc86c}\L
C:\Users\Zoie\AppData\Local\{b0632319-bd2f-0984-95f2-371b6f8bc86c}\U
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-08-20 12:33:37
Restore point made on: 2013-08-20 12:34:22
==================== Memory info ===========================
Percentage of memory in use: 17%
Total physical RAM: 3582.16 MB
Available physical RAM: 2963.5 MB
Total Pagefile: 3580.31 MB
Available Pagefile: 2988.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:107.08 GB) (Free:6.15 GB) NTFS
2 Drive d: () (Fixed) (Total:37.23 GB) (Free:33.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (MARINE) (CDROM) (Total:0.58 GB) (Free:0 GB) CDFS
5 Drive g: () (Fixed) (Total:4.63 GB) (Free:0.5 GB) FAT32
6 Drive h: (ExtraSpace) (Fixed) (Total:316.76 GB) (Free:306.44 GB) NTFS
7 Drive i: (SCHMIDT) (Removable) (Total:3.72 GB) (Free:3.45 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB *
Disk 1 Online 3819 MB 0 B
Partitions of Disk 0:
===============
Disk ID: E686F016
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 47 MB 31 KB
Partition 2 Dynamic Data 957 KB 47 MB
Partition 3 Dynamic Data 107 GB 48 MB
Partition 4 Dynamic Data 37 GB 107 GB
=========================================================================== =======
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 FAT Partition 47 MB Healthy Hidden
=========================================================
Disk: 0
Partition 2
Type : 42
Hidden: Yes
Active: No
There is no volume associated with this partition.
=========================================================
Disk: 0
Partition 3
Type : 42
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Simple 107 GB Healthy
=========================================================
Disk: 0
Partition 4
Type : 42
Hidden: Yes
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D NTFS Simple 37 GB Healthy
=========================================================
Partitions of Disk 1:
===============
Disk ID: 00000000
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3818 MB 16 KB
=========================================================================== =======
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I SCHMIDT FAT32 Removable 3818 MB Healthy
=========================================================
============================== MBR Partition Table ==================
==============================
Partitions of Disk 0:
===============
Disk ID: E686F016
Partition 1:
=========
Hex: 00010100DEFE3F053F00000047780100
Active: NO
Type: DE
Size: 47 MB
Partition 2:
=========
Hex: 00000106421E1806867801007A070000
Active: NO
Type: 42
Size: 957 KB
Partition 3:
=========
Hex: 001E190642FEFFFF0080010000A8620D
Active: NO
Type: 42
Size: 107 GB
Partition 4:
=========
Hex: 80FEFFFF42FEFFFF612D640DFC57A704
Active: YES
Type: 42
Size: 37 GB
==============================
Partitions of Disk 1:
===============
Disk ID: 00000000
Partition 1:
=========
Hex: 000021000B73F3C920000000E0577700
Active: NO
Type: 0B
Size: 4 GB
Last Boot: 2013-07-12 21:52
==================== End Of Log =============================
Ran Tdsskiller, MBAM, Rkill, Rootkiller, and all found issues- repaired/deleted. Then I ran combofix, which caused a Startup Repair Loop. I restored back to before everything! Ran the same again, this time instead of combofix I ran Tweaking.com's Repair tool to see if I could fix the error that was preventing the internet issue. Got a Repair loop again. Restored, then tried combofix again. Repair Loop again. This time it will not boot successfully after a system restore.
I am considering loading the default registry hives, but first I want to try FARBAR. The scan reveals rootkits but I don't know how to remove them. And I don't know if that is what's causing the Repair loop!!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-04-2013 (ATTENTION: FRST version is 132 days old)
Ran by SYSTEM at 21-08-2013 09:51:56
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet002
==================== Registry (Whitelisted) ===================
HKLM-x32\...\Run: [] [x]
HKU\Cody\...\Run: [DVDXGhost] C:\Program Files (x86)\DVD Ghost\DVDGhost.EXE [x]
HKU\Cody\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Cody\...\Run: [SetDefaultMIDI] MIDIDef.exe [x]
HKU\Cody\...\Policies\system: [LogonHoursAction] 2
HKU\Cody\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Kim\...\Run: [DVDXGhost] C:\Program Files (x86)\DVD Ghost\DVDGhost.EXE [x]
HKU\Kim\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Kim\...\Run: [SetDefaultMIDI] MIDIDef.exe [x]
HKU\Kim\...\Policies\system: [LogonHoursAction] 2
HKU\Kim\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Michael\...\Policies\system: [LogonHoursAction] 2
HKU\Michael\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Zoie\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Zoie\...\Run: [DVDXGhost] C:\Program Files (x86)\DVD Ghost\DVDGhost.EXE [x]
HKU\Zoie\...\Run: [SetDefaultMIDI] MIDIDef.exe [x]
HKU\Zoie\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [1653248 2009-12-29] (AWS Convergence Technologies, Inc.)
HKU\Zoie\...\Run: [Akamai NetSession Interface] "C:\Users\Zoie\AppData\Local\Akamai\netsession_win.exe" [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKU\Zoie\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex [814472 2013-06-18] (Adobe Systems Incorporated)
HKU\Zoie\...\Policies\system: [LogonHoursAction] 2
HKU\Zoie\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
==================== Services (Whitelisted) ===================
4 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-10] ()
2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-02] (Akamai Technologies, Inc.)
4 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [488776 2010-08-27] ()
4 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [6104144 2010-09-03] (AVG Technologies CZ, s.r.o.)
4 avgwd; "C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe" [265400 2010-09-09] (AVG Technologies CZ, s.r.o.)
3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [252712 2007-04-10] (Creative Technology Ltd.)
3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [219432 2007-04-10] (Creative Technology Ltd)
3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [321832 2007-04-10] (Creative Technology Ltd)
3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [190248 2007-04-10] (Creative Technology Ltd)
3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [363304 2007-04-10] (Creative Technology Ltd)
3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1571112 2007-04-10] (Creative Technology Ltd.)
3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [123688 2007-04-10] (Creative Technology Ltd.)
4 HsdService; "C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe" [1393976 2011-04-25] (Windstream)
4 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-05-13] (Alcatel-Lucent)
2 N360; "C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\diMaster.dll" /prefetch:1 [556336 2013-05-29] (Symantec Corporation)
4 nvsvc; "C:\Windows\system32\nvvsvc.exe" [877856 2013-03-14] (NVIDIA Corporation)
4 nvUpdatusService; "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" [1266464 2013-03-14] (NVIDIA Corporation)
2 ServicepointService; "C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe" [10315064 2011-10-13] (Radialpoint SafeCare Inc.)
4 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [383264 2013-03-14] (NVIDIA Corporation)
3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [x]
2 Creative Service for CDROM Access; C:\Windows\SysWOW64\CTsvcCDA.EXE [x]
3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [x]
3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [x]
3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [x]
2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
==================== Drivers (Whitelisted) =====================
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
3 ctsfm2k; C:\Windows\SysWow64\Drivers\ctsfm2k.sys [130288 2004-07-12] (Creative Technology Ltd)
3 e1express; C:\Windows\System32\DRIVERS\e1e6232e.sys [286936 2009-06-05] (Intel Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-02-22] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130726.001\IDSvia64.sys [513184 2013-07-12] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130712.016\ENG64.SYS [126040 2013-06-25] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130712.016\EX64.SYS [2098776 2013-06-25] (Symantec Corporation)
3 OEM05Afx; C:\Windows\System32\Drivers\OEM05Afx.sys [212864 2007-06-07] (Creative Technology Ltd.)
3 OEM05Vfx; C:\Windows\System32\Drivers\OEM05Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.)
3 OEM05Vid; C:\Windows\System32\Drivers\OEM05Vid.sys [266720 2007-07-19] (Creative Technology Ltd.)
3 RLDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\livecamv.sys [49664 2007-02-05] ()
3 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-18] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========
2013-08-21 09:51 - 2013-08-21 09:51 - 00000000 ____D C:\FRST
2013-08-20 13:48 - 2013-08-20 17:07 - 00000000 ___SD C:\ComboFix
2013-08-20 12:33 - 2013-08-20 12:33 - 00000000 ____D C:\RegBackup
2013-08-19 14:07 - 2013-08-19 14:07 - 00000000 ____D C:\Windows\pss
2013-08-19 13:59 - 2013-08-19 13:59 - 00000000 ____D C:\Users\Michael\AppData\Local\{A68ACB53-E805-4F10-A7B0-E6B0F8D2D3C1}
2013-08-19 13:34 - 2013-08-19 13:34 - 00000000 ____D C:\AdwCleaner
2013-08-19 12:47 - 2013-08-19 12:47 - 00001224 ____A C:\Users\Michael\Desktop\Revo Uninstaller.lnk
2013-08-19 12:47 - 2013-08-19 12:47 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-08-19 12:44 - 2013-08-19 12:44 - 00000000 ____D C:\Users\Michael\AppData\Local\{EB25F247-D787-4AF2-8EAE-43996522F091}
2013-08-19 11:54 - 2013-08-14 05:39 - 00800594 ____A C:\Users\Michael\Desktop\AdwCleaner(1).exe
2013-08-19 11:42 - 2013-08-19 11:42 - 00000000 ____D C:\Users\Michael\AppData\Local\{C0240286-2649-48A6-9DA5-6DB42114AFDC}
2013-08-19 11:33 - 2013-08-19 11:33 - 00000000 ____D C:\Users\Michael\AppData\Local\{3468E448-D349-444F-A20B-02C9CF04BC4A}
2013-08-19 09:52 - 2013-08-19 09:52 - 00000000 ____D C:\Program Files\Intel
2013-08-19 09:52 - 2013-07-04 01:05 - 00552760 ____A (Intel Corporation) C:\Windows\System32\PROUnstl.exe
2013-08-19 09:52 - 2006-01-12 14:52 - 00001904 ____N C:\Windows\System32\SetupBD.din
2013-08-19 09:48 - 2013-08-19 09:48 - 32962600 ____A C:\Users\Michael\Desktop\PROWinx64.exe
2013-08-19 09:35 - 2013-08-21 09:07 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-08-19 09:34 - 2013-08-19 09:34 - 00000000 ____D C:\ProgramData\Dell
2013-08-19 09:34 - 2013-08-19 09:32 - 07635240 ____A C:\Users\Michael\Desktop\R290807.exe
2013-08-19 09:34 - 2013-08-19 09:32 - 05711728 ____A C:\Users\Michael\Desktop\R266204.exe
2013-08-19 09:23 - 2007-05-02 13:14 - 01029833 ____A (CPUID) C:\Users\Michael\Desktop\cpuz.exe
2013-08-19 09:18 - 2013-08-19 09:18 - 00001107 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-19 09:18 - 2013-08-19 09:18 - 00000000 ____D C:\Users\Michael\AppData\Local\Mozilla
2013-08-19 09:18 - 2013-08-19 09:18 - 00000000 ____D C:\ProgramData\Mozilla
2013-08-19 09:18 - 2013-08-19 09:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 09:11 - 2013-08-19 09:12 - 00000000 ____D C:\Users\Michael\Desktop\IMAGES
2013-08-19 08:51 - 2013-08-21 09:08 - 00000000 ___SD C:\32788R22FWJFW
2013-08-19 08:51 - 2013-08-21 09:07 - 00000000 ____D C:\Windows\erdnt
2013-08-19 08:51 - 2013-08-19 08:52 - 00000000 ____D C:\Qoobox
2013-08-19 08:48 - 2013-08-19 08:48 - 00004153 ____A C:\Users\Michael\Desktop\RKreport[1]_S_08192013_02d1148.txt
2013-08-19 08:46 - 2013-08-19 08:49 - 00000000 ____D C:\Users\Michael\Desktop\RK_Quarantine
2013-08-19 08:46 - 2013-08-19 07:55 - 00006576 ____A C:\Users\Michael\Documents\Rkill.txt
2013-08-19 07:56 - 2013-08-19 07:56 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-19 07:56 - 2013-08-19 07:56 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Malwarebytes
2013-08-19 07:56 - 2013-08-19 07:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-19 07:56 - 2013-08-19 07:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-19 07:56 - 2013-04-04 11:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-08-19 07:55 - 2013-08-19 07:55 - 00006576 ____A C:\Users\Michael\Desktop\Rkill.txt
2013-08-19 07:55 - 2013-08-19 07:55 - 00000000 ____D C:\Users\Michael\Desktop\rkill
2013-08-19 07:54 - 2013-08-19 07:54 - 00000000 ____D C:\Users\Michael\Desktop\tweaking.com_windows_repair_aio
2013-08-19 07:54 - 2013-05-22 06:27 - 00816128 ____A C:\Users\Michael\Desktop\RogueKiller.exe
2013-08-19 07:41 - 2013-08-19 07:41 - 00000000 ____D C:\Users\Michael\AppData\Local\{E0DBCE77-6665-4BFD-9922-34D09E0D47FE}
2013-07-24 13:04 - 2013-07-24 13:04 - 00256512 ____A (Intel(R) Corporation) C:\Windows\System32\Ncs2Setp.dll
2013-07-24 12:54 - 2013-07-24 12:54 - 00805592 ____A (Intel(R) Corporation) C:\Windows\System32\ncs2dmix.dll
2013-07-24 12:54 - 2013-07-24 12:54 - 00794328 ____A (Intel(R) Corporation) C:\Windows\System32\accesor.dll
2013-07-24 12:45 - 2013-07-24 12:45 - 00234200 ____A (Intel(R) Corporation) C:\Windows\System32\ncs2instutility.dll
2013-07-24 12:41 - 2013-07-24 12:41 - 03422424 ____A (Intel(R) Corporation) C:\Windows\System32\ncscolib.dll
2013-07-24 05:05 - 2013-07-24 05:13 - 00000000 ____D C:\Windows\System32\MRT
==================== One Month Modified Files and Folders =======
2013-08-21 09:51 - 2013-08-21 09:51 - 00000000 ____D C:\FRST
2013-08-21 09:08 - 2013-08-19 08:51 - 00000000 ___SD C:\32788R22FWJFW
2013-08-21 09:08 - 2011-07-01 12:47 - 00000000 ____D C:\ProgramData\Norton
2013-08-21 09:08 - 2010-02-14 05:41 - 00000000 ____D C:\users\Cody
2013-08-21 09:08 - 2010-02-08 12:46 - 00000000 ____D C:\users\Kim
2013-08-21 09:08 - 2010-02-06 14:30 - 00000000 ____D C:\users\Zoie
2013-08-21 09:08 - 2010-02-04 08:04 - 00000000 ____D C:\users\Michael
2013-08-21 09:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-08-21 09:07 - 2013-08-19 09:35 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-08-21 09:07 - 2013-08-19 08:51 - 00000000 ____D C:\Windows\erdnt
2013-08-21 09:07 - 2010-02-04 12:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-21 09:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-08-20 17:07 - 2013-08-20 13:48 - 00000000 ___SD C:\ComboFix
2013-08-20 12:40 - 2012-04-11 09:41 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps
2013-08-20 12:33 - 2013-08-20 12:33 - 00000000 ____D C:\RegBackup
2013-08-20 12:29 - 2012-09-11 21:30 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2013-08-20 12:22 - 2009-07-13 20:45 - 00015680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-20 12:22 - 2009-07-13 20:45 - 00015680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-20 12:21 - 2009-07-13 21:08 - 00032628 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-20 12:21 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-08-20 12:20 - 2012-12-20 09:14 - 00000000 ____D C:\ProgramData\Radialpoint
2013-08-20 12:18 - 2010-02-03 14:37 - 02054673 ____A C:\Windows\WindowsUpdate.log
2013-08-20 12:15 - 2013-04-12 20:13 - 00004635 ____A C:\Windows\setupact.log
2013-08-19 15:40 - 2010-02-06 14:25 - 00000000 ____D C:\ProgramData\Google
2013-08-19 14:09 - 2010-02-06 15:37 - 01523310 ____A C:\Windows\PFRO.log
2013-08-19 14:07 - 2013-08-19 14:07 - 00000000 ____D C:\Windows\pss
2013-08-19 14:05 - 2010-04-22 17:16 - 00000000 ____D C:\Program Files (x86)\Unity
2013-08-19 14:05 - 2010-02-27 10:25 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Uniblue
2013-08-19 14:04 - 2011-07-09 09:26 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-08-19 14:01 - 2010-02-06 13:14 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-08-19 13:59 - 2013-08-19 13:59 - 00000000 ____D C:\Users\Michael\AppData\Local\{A68ACB53-E805-4F10-A7B0-E6B0F8D2D3C1}
2013-08-19 13:59 - 2010-02-18 18:39 - 00000000 ____D C:\Users\Michael\Tracing
2013-08-19 13:56 - 2010-02-13 18:01 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-19 13:55 - 2013-01-26 19:23 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-19 13:55 - 2010-02-06 14:25 - 00000000 ____D C:\Program Files\Google
2013-08-19 13:55 - 2010-02-06 14:25 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-19 13:34 - 2013-08-19 13:34 - 00000000 ____D C:\AdwCleaner
2013-08-19 13:26 - 2010-02-20 19:02 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-19 12:51 - 2010-02-06 14:26 - 00000000 ____D C:\Users\Michael\AppData\Local\Google
2013-08-19 12:47 - 2013-08-19 12:47 - 00001224 ____A C:\Users\Michael\Desktop\Revo Uninstaller.lnk
2013-08-19 12:47 - 2013-08-19 12:47 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-08-19 12:44 - 2013-08-19 12:44 - 00000000 ____D C:\Users\Michael\AppData\Local\{EB25F247-D787-4AF2-8EAE-43996522F091}
2013-08-19 11:55 - 2010-12-21 07:09 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-08-19 11:42 - 2013-08-19 11:42 - 00000000 ____D C:\Users\Michael\AppData\Local\{C0240286-2649-48A6-9DA5-6DB42114AFDC}
2013-08-19 11:42 - 2010-02-20 18:28 - 00000000 ____D C:\Users\Michael\AppData\Roaming\FrostWire
2013-08-19 11:33 - 2013-08-19 11:33 - 00000000 ____D C:\Users\Michael\AppData\Local\{3468E448-D349-444F-A20B-02C9CF04BC4A}
2013-08-19 09:52 - 2013-08-19 09:52 - 00000000 ____D C:\Program Files\Intel
2013-08-19 09:48 - 2013-08-19 09:48 - 32962600 ____A C:\Users\Michael\Desktop\PROWinx64.exe
2013-08-19 09:34 - 2013-08-19 09:34 - 00000000 ____D C:\ProgramData\Dell
2013-08-19 09:32 - 2013-08-19 09:34 - 07635240 ____A C:\Users\Michael\Desktop\R290807.exe
2013-08-19 09:32 - 2013-08-19 09:34 - 05711728 ____A C:\Users\Michael\Desktop\R266204.exe
2013-08-19 09:18 - 2013-08-19 09:18 - 00001107 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-19 09:18 - 2013-08-19 09:18 - 00000000 ____D C:\Users\Michael\AppData\Local\Mozilla
2013-08-19 09:18 - 2013-08-19 09:18 - 00000000 ____D C:\ProgramData\Mozilla
2013-08-19 09:18 - 2013-08-19 09:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 09:18 - 2013-01-02 09:48 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Mozilla
2013-08-19 09:18 - 2013-01-02 09:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-19 09:12 - 2013-08-19 09:11 - 00000000 ____D C:\Users\Michael\Desktop\IMAGES
2013-08-19 09:09 - 2010-09-27 13:10 - 00011347 ____A C:\Windows\{00000005-00000000-00000004-00001102-00000004-20061102}.BAK
2013-08-19 09:09 - 2010-09-27 13:09 - 00011347 ____A C:\Windows\{00000005-00000000-00000004-00001102-00000004-20061102}.CDF
2013-08-19 08:52 - 2013-08-19 08:51 - 00000000 ____D C:\Qoobox
2013-08-19 08:49 - 2013-08-19 08:46 - 00000000 ____D C:\Users\Michael\Desktop\RK_Quarantine
2013-08-19 08:48 - 2013-08-19 08:48 - 00004153 ____A C:\Users\Michael\Desktop\RKreport[1]_S_08192013_02d1148.txt
2013-08-19 07:56 - 2013-08-19 07:56 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-19 07:56 - 2013-08-19 07:56 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Malwarebytes
2013-08-19 07:56 - 2013-08-19 07:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-19 07:56 - 2013-08-19 07:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-19 07:55 - 2013-08-19 08:46 - 00006576 ____A C:\Users\Michael\Documents\Rkill.txt
2013-08-19 07:55 - 2013-08-19 07:55 - 00006576 ____A C:\Users\Michael\Desktop\Rkill.txt
2013-08-19 07:55 - 2013-08-19 07:55 - 00000000 ____D C:\Users\Michael\Desktop\rkill
2013-08-19 07:54 - 2013-08-19 07:54 - 00000000 ____D C:\Users\Michael\Desktop\tweaking.com_windows_repair_aio
2013-08-19 07:49 - 2009-07-13 21:13 - 00065532 ____A C:\Windows\System32\PerfStringBackup.INI
2013-08-19 07:41 - 2013-08-19 07:41 - 00000000 ____D C:\Users\Michael\AppData\Local\{E0DBCE77-6665-4BFD-9922-34D09E0D47FE}
2013-08-16 08:58 - 2010-02-27 08:21 - 00000000 ____D C:\Users\Kim\AppData\Local\Google
2013-08-14 05:39 - 2013-08-19 11:54 - 00800594 ____A C:\Users\Michael\Desktop\AdwCleaner(1).exe
2013-07-29 23:49 - 2012-05-05 15:10 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-29 23:23 - 2010-02-06 14:26 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-29 22:23 - 2010-02-06 14:26 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-28 21:25 - 2012-12-20 09:14 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Radialpoint
2013-07-24 13:04 - 2013-07-24 13:04 - 00256512 ____A (Intel(R) Corporation) C:\Windows\System32\Ncs2Setp.dll
2013-07-24 12:54 - 2013-07-24 12:54 - 00805592 ____A (Intel(R) Corporation) C:\Windows\System32\ncs2dmix.dll
2013-07-24 12:54 - 2013-07-24 12:54 - 00794328 ____A (Intel(R) Corporation) C:\Windows\System32\accesor.dll
2013-07-24 12:45 - 2013-07-24 12:45 - 00234200 ____A (Intel(R) Corporation) C:\Windows\System32\ncs2instutility.dll
2013-07-24 12:41 - 2013-07-24 12:41 - 03422424 ____A (Intel(R) Corporation) C:\Windows\System32\ncscolib.dll
2013-07-24 05:13 - 2013-07-24 05:05 - 00000000 ____D C:\Windows\System32\MRT
ZeroAccess:
C:\Users\Zoie\AppData\Local\{b0632319-bd2f-0984-95f2-371b6f8bc86c}
C:\Users\Zoie\AppData\Local\{b0632319-bd2f-0984-95f2-371b6f8bc86c}\@
C:\Users\Zoie\AppData\Local\{b0632319-bd2f-0984-95f2-371b6f8bc86c}\L
C:\Users\Zoie\AppData\Local\{b0632319-bd2f-0984-95f2-371b6f8bc86c}\U
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-08-20 12:33:37
Restore point made on: 2013-08-20 12:34:22
==================== Memory info ===========================
Percentage of memory in use: 17%
Total physical RAM: 3582.16 MB
Available physical RAM: 2963.5 MB
Total Pagefile: 3580.31 MB
Available Pagefile: 2988.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:107.08 GB) (Free:6.15 GB) NTFS
2 Drive d: () (Fixed) (Total:37.23 GB) (Free:33.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (MARINE) (CDROM) (Total:0.58 GB) (Free:0 GB) CDFS
5 Drive g: () (Fixed) (Total:4.63 GB) (Free:0.5 GB) FAT32
6 Drive h: (ExtraSpace) (Fixed) (Total:316.76 GB) (Free:306.44 GB) NTFS
7 Drive i: (SCHMIDT) (Removable) (Total:3.72 GB) (Free:3.45 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB *
Disk 1 Online 3819 MB 0 B
Partitions of Disk 0:
===============
Disk ID: E686F016
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 47 MB 31 KB
Partition 2 Dynamic Data 957 KB 47 MB
Partition 3 Dynamic Data 107 GB 48 MB
Partition 4 Dynamic Data 37 GB 107 GB
=========================================================================== =======
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 FAT Partition 47 MB Healthy Hidden
=========================================================
Disk: 0
Partition 2
Type : 42
Hidden: Yes
Active: No
There is no volume associated with this partition.
=========================================================
Disk: 0
Partition 3
Type : 42
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Simple 107 GB Healthy
=========================================================
Disk: 0
Partition 4
Type : 42
Hidden: Yes
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D NTFS Simple 37 GB Healthy
=========================================================
Partitions of Disk 1:
===============
Disk ID: 00000000
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3818 MB 16 KB
=========================================================================== =======
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I SCHMIDT FAT32 Removable 3818 MB Healthy
=========================================================
============================== MBR Partition Table ==================
==============================
Partitions of Disk 0:
===============
Disk ID: E686F016
Partition 1:
=========
Hex: 00010100DEFE3F053F00000047780100
Active: NO
Type: DE
Size: 47 MB
Partition 2:
=========
Hex: 00000106421E1806867801007A070000
Active: NO
Type: 42
Size: 957 KB
Partition 3:
=========
Hex: 001E190642FEFFFF0080010000A8620D
Active: NO
Type: 42
Size: 107 GB
Partition 4:
=========
Hex: 80FEFFFF42FEFFFF612D640DFC57A704
Active: YES
Type: 42
Size: 37 GB
==============================
Partitions of Disk 1:
===============
Disk ID: 00000000
Partition 1:
=========
Hex: 000021000B73F3C920000000E0577700
Active: NO
Type: 0B
Size: 4 GB
Last Boot: 2013-07-12 21:52
==================== End Of Log =============================