Jump to content

MisterW

Honorary Members
  • Posts

    21
  • Joined

  • Last visited

Everything posted by MisterW

  1. I tried to uninstall the combofix as your instructions but when I did.. it started up the program. Other than that , I think everything is ok. Thank you so much for your help during this process.
  2. C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\FrostWire 5\frostwire-installer.exe Win32/OpenCandy application C:\Users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q67EKJT9\small[1].htm JS/TrojanDownloader.Iframe.NKE trojan C:\Users\Wheat\Downloads\cbsidlm-tr1_8-KLite_Mega_Codec_Pack-SEO2-10794603.exe Win32/DownloadAdmin.E application C:\Users\Wheat\Downloads\DTLite4454-0315.exe Win32/OpenCandy application
  3. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.16.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Wheat :: WHEAT-PC [administrator] 1/16/2013 7:32:44 AM mbam-log-2013-01-16 (07-32-44).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 238599 Time elapsed: 4 minute(s), 18 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Wheat\AppData\Roaming\skype.dat (Trojan.Bublik) -> Quarantined and deleted successfully. (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:47:19 AM, on 1/16/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe C:\Program Files (x86)\Dell Photo AIO Printer 924\dlccmon.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\BlueStacks\HD-Agent.exe C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Wheat\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120630001021.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe O4 - HKLM\..\Run: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe -tray O4 - HKLM\..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll O23 - Service: AD Blocker Service (ADBlockerSrv) - Unknown owner - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Anvi Smart Defender Realtime Guard Service (asdsrv) - Anvisoft - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe O23 - Service: dlcc_device - - C:\Windows\system32\dlcccoms.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 13754 bytes Thank you so much for the help. The only problem I've had so far was a random blue screen of death with "netio.sys"...but other than that, things are looking good. You even got rid of the nast pop ups at the lower left and right side that i've been dealing with for weeks.
  4. µTorrent AD Blocker Adobe AIR Adobe Community Help Adobe Flash Player 11 ActiveX Adobe Media Player Adobe Reader X (10.1.4) MUI AIM for Windows Anvi Smart Defender 1.8 Ares 2.1.8 Bejeweled 2 Deluxe Blackhawk Striker 2 Blio BlueStacks App Player Bounce Symphony Build-a-lot 2 Cake Mania Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chuzzle Deluxe Consumer In-Home Service Agreement Cozi D3DX10 DAEMON Tools Lite Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Getting Started Guide Dell MusicStage Dell PhotoStage Dell Stage Dell Stage Remote Dell VideoStage Diner Dash 2 Restaurant Rescue DirectX 9 Runtime DivX Setup Dora's World Adventure eBay Escape Whisper Valley Eusing Free Registry Cleaner Farm Frenzy FATE Final Drive Fury Final Drive Nitro Free FLAC to MP3 Converter 1.0 Free YouTube to MP3 Converter version 3.11.36.1130 FrostWire 5.3.6 Google Chrome Google Toolbar for Internet Explorer Google Update Helper High-Definition Video Playback Internet TV for Windows Media Center Java 7 Update 7 Java Auto Updater JDownloader 0.9 Jewel Quest Jewel Quest Solitaire 2 Junk Mail filter update K-Lite Mega Codec Pack 9.5.0 Luxor Malwarebytes Anti-Malware version 1.70.0.1100 McAfee SecurityCenter Mesh Runtime Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Namco All-Stars PAC-MAN Nero 10 Movie ThemePack Basic Nero Control Center 10 Nero ControlCenter 10 Help (CHM) Nero Core Components 10 Nero Update Notification Center Penguins! PhotoShowExpress Plants vs. Zombies - Game of the Year PlayReady PC Runtime x86 Poker Superstars III Polar Bowler Polar Golfer Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio Express Labeler 3 Samantha Swift Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Skype™ 5.10 Sonic CinePlayer Decoder Pack SyncUP System Checkup 3.3 Torenkey v1.0.0.34 TrustedID TrustedID IDMonitor Identity Protection Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update Installer for WildTangent Games App VC80CRTRedist - 8.0.50727.6195 Virtual Villagers 4 - The Tree of Life VLC media player 2.0.4 Wedding Dash - Ready, Aim, Love! WildTangent Games WildTangent Games App (Dell Games) Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Center Add-in for Flash WinRAR 4.11 (32-bit) Yahoo! Messenger Yahoo! Software Update Yahoo! Toolbar Zinio Reader 4 Zuma Deluxe
  5. ComboFix 13-01-15.02 - Wheat 01/16/2013 0:02.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.5939 [GMT -5:00] Running from: c:\users\Wheat\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . /wow section - STAGE 3 Access is denied. . /wow section - STAGE 4 Access is denied. . /wow section - STAGE 5 . /wow section - STAGE 6A . /wow section - STAGE 8 Access is denied. . /wow section - STAGE 17 Access is denied. Access is denied. Access is denied. . /wow section - STAGE 25 Access is denied. Access is denied. Access is denied. . /wow section - STAGE 27 . /wow section - STAGE 32A Access is denied. Access is denied. . /wow section - STAGE 37 Access is denied. Access is denied. Access is denied. Access is denied. . /wow section - STAGE 47 Access is denied. Access is denied. Access is denied. Access is denied. . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\nud0repor.pad c:\programdata\PCDr\6032\AddOnDownloaded\18d25bc5-acbb-424f-a6c6-d04a97765094.dll c:\programdata\PCDr\6032\AddOnDownloaded\2141cd58-3a24-481f-8ca2-8b466c9b797f.dll c:\programdata\PCDr\6032\AddOnDownloaded\2d2ff7e2-f0f8-4f32-a28e-e44234dd3300.dll c:\programdata\PCDr\6032\AddOnDownloaded\3e137363-345c-454a-a474-2da300d9297a.dll c:\programdata\PCDr\6032\AddOnDownloaded\65a823a3-a5fc-440a-b276-153555251042.dll c:\programdata\PCDr\6032\AddOnDownloaded\918ee45c-eb0a-4e61-97ad-c1849c2623ee.dll c:\programdata\PCDr\6032\AddOnDownloaded\b0654984-096d-4244-a127-3364577b6279.dll c:\programdata\PCDr\6032\AddOnDownloaded\b967e9c4-897a-42c8-96d2-4ceb543f8cdb.dll c:\programdata\PCDr\6032\AddOnDownloaded\ea058b56-dc30-479c-af0f-bcf27aed08df.dll c:\programdata\PCDr\6032\AddOnDownloaded\f4d48f15-9f33-4b3f-a84f-bc8b2800e772.dll c:\users\Wheat\AppData\Local\6o4v7yr6ikfw18072u c:\users\Wheat\AppData\Roaming\skype.ini . . ((((((((((((((((((((((((( Files Created from 2012-12-16 to 2013-01-16 ))))))))))))))))))))))))))))))) . . 2013-01-16 07:09 . 2013-01-16 07:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-16 07:09 . 2013-01-16 07:09 -------- d-----w- c:\users\Brian\AppData\Local\temp 2013-01-15 18:42 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{16BD622A-7256-4E50-80D3-EEBC9D6C780C}\mpengine.dll 2013-01-15 01:24 . 2013-01-15 01:24 -------- d-----w- C:\FRST 2013-01-14 22:56 . 2013-01-16 01:22 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client 2013-01-14 22:56 . 2013-01-14 22:56 -------- d-----w- c:\program files\Microsoft Office 2013-01-14 22:55 . 2013-01-14 23:31 -------- d-----w- c:\users\Brian\AppData\Roaming\TP 2013-01-14 20:49 . 2013-01-15 21:37 -------- d-----w- c:\users\Brian\AppData\Local\Nero 2013-01-14 20:49 . 2013-01-14 20:49 -------- d-----w- c:\users\Brian\AppData\Roaming\Nero 2013-01-14 19:57 . 2013-01-14 19:57 -------- d-----w- c:\users\Brian\My Backup Files 2013-01-14 19:57 . 2013-01-14 20:22 -------- d-----w- c:\users\Brian\AppData\Roaming\dvdcss 2013-01-14 19:56 . 2013-01-14 19:56 -------- d-----w- c:\users\Brian\AppData\Roaming\DAEMON Tools Lite 2013-01-14 18:03 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-10 17:39 . 2013-01-10 17:39 -------- d-----w- c:\users\Brian\AppData\Local\Adobe 2013-01-09 04:17 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-01-09 04:17 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-09 04:17 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 04:17 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll 2013-01-09 04:17 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-01-09 04:17 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2013-01-09 04:17 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 04:17 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2013-01-09 04:17 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll 2013-01-09 04:17 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll 2013-01-09 04:15 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll 2013-01-08 06:41 . 2013-01-08 06:48 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner 2013-01-08 05:36 . 2013-01-08 05:36 74703 ----a-w- c:\windows\SysWow64\mfc45.dll 2013-01-08 05:36 . 2013-01-08 05:39 -------- d-----w- c:\programdata\iolo 2013-01-08 05:36 . 2013-01-08 05:36 -------- d-----w- c:\program files (x86)\iolo 2012-12-30 21:50 . 2012-12-30 21:50 -------- d-----w- c:\users\Wheat\AppData\Local\Powercinema 2012-12-29 11:28 . 2012-12-29 11:28 208216 ----a-w- c:\windows\system32\drivers\39652122.sys 2012-12-29 11:05 . 2012-12-29 11:05 -------- d-----w- c:\users\Wheat\AppData\Roaming\Anvisoft 2012-12-29 11:04 . 2012-11-07 07:16 17232 ----a-w- c:\windows\system32\drivers\asdws.sys 2012-12-29 11:04 . 2012-11-07 07:16 23376 ----a-w- c:\windows\system32\drivers\asdrs.sys 2012-12-29 11:04 . 2012-11-07 07:16 18768 ----a-w- c:\windows\system32\drivers\asdrm.sys 2012-12-29 11:04 . 2012-12-29 11:04 -------- d-----w- c:\programdata\Anvisoft 2012-12-29 11:04 . 2012-12-29 11:04 -------- d-----w- c:\program files (x86)\Anvisoft 2012-12-22 08:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-22 08:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-22 08:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-22 08:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-19 23:08 . 2013-01-16 05:08 -------- d-----w- c:\windows\rescache 2012-12-19 22:40 . 2012-12-19 22:40 -------- d-----w- C:\_OTL . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-09 08:12 . 2012-05-21 07:05 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-09 06:08 . 2012-07-09 12:25 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-09 06:08 . 2012-07-09 12:25 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-14 21:49 . 2012-10-04 08:42 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-30 04:45 . 2013-01-09 04:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-25 18:00 . 2012-12-02 11:44 127488 ----a-w- c:\windows\system32\ff_vfw.dll 2012-11-16 18:00 . 2012-12-03 01:13 112640 ----a-w- c:\windows\SysWow64\ff_vfw.dll 2012-11-14 07:06 . 2012-12-15 08:00 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-15 08:00 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-15 08:00 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-15 08:00 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-15 08:00 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-15 08:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-15 08:00 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-15 08:00 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-15 08:00 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-15 08:00 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-15 08:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-15 08:00 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-15 08:00 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-15 08:00 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-15 08:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-15 08:00 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-15 08:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-15 08:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-15 08:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-15 08:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-15 08:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-15 08:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 11:40 . 2011-03-13 16:20 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-11-09 11:37 . 2011-03-13 16:20 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2012-11-09 11:37 . 2012-05-15 03:27 177680 ----a-w- c:\windows\system32\mfevtps.exe 2012-11-09 11:36 . 2012-05-15 03:28 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-11-09 11:36 . 2011-03-13 16:20 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-11-09 11:35 . 2011-03-13 16:20 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-11-09 11:34 . 2011-03-13 16:20 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-11-09 11:34 . 2011-03-13 16:20 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-11-09 11:33 . 2011-03-13 16:20 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-11-09 05:45 . 2012-12-14 14:55 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-14 14:55 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-02 05:59 . 2012-12-14 14:54 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-11-02 05:11 . 2012-12-14 14:54 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-10-29 01:58 . 2012-10-29 01:58 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-23 6591800] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-29 336384] "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112] "NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872] "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2012-12-05 597880] "ADBlocker"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe" [2012-12-21 979816] "Anvi Smart Defender"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-12-21 1434984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . 2;2 cvhsvc;Client Virtualization Handler [x] R1 bjwqxjdu;bjwqxjdu;c:\windows\system32\drivers\bjwqxjdu.sys [x] R1 cxqzvjxj;cxqzvjxj;c:\windows\system32\drivers\cxqzvjxj.sys [x] R1 dcprjhtw;dcprjhtw;c:\windows\system32\drivers\dcprjhtw.sys [x] R1 krgkkgjz;krgkkgjz;c:\windows\system32\drivers\krgkkgjz.sys [x] R1 pwtnhvjk;pwtnhvjk;c:\windows\system32\drivers\pwtnhvjk.sys [x] R1 rdiexgsb;rdiexgsb;c:\windows\system32\drivers\rdiexgsb.sys [x] R1 tjjotera;tjjotera;c:\windows\system32\drivers\tjjotera.sys [x] R1 usnfzdbs;usnfzdbs;c:\windows\system32\drivers\usnfzdbs.sys [x] R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440] R3 hitmanpro36;HitmanPro 3.6 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-10-04 30496] R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-11-09 106112] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 25584] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-21 1255736] R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S1 asdnet;asdnet;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2012-09-07 19280] S1 asdrm;asdrm;c:\windows\system32\DRIVERS\asdrm.sys [2012-11-07 18768] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-22 283200] S2 ADBlockerSrv;AD Blocker Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2012-11-13 279368] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-10 204288] S2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys [2012-11-07 23376] S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-21 735592] S2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\DRIVERS\asdws.sys [2012-11-07 17232] S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-12-05 71032] S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-12-05 384888] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2012-02-16 1695040] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-08-10 231440] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-10 18:58 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe . Contents of the 'Scheduled Tasks' folder . 2013-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 06:08] . 2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-31 21:33] . 2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-31 21:33] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976] "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] "DLCCCATS"="c:\windows\system32\spool\DRIVERS\x64\3\DLCCtime.dll" [2006-02-24 28672] "dlccmon.exe"="c:\program files (x86)\Dell Photo AIO Printer 924\dlccmon.exe" [2007-01-30 431600] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://aol.com/ mStart Page = hxxp://www.google.com TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file) AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe . ************************************************************************** . Completion time: 2013-01-16 03:40:39 - machine was rebooted ComboFix-quarantined-files.txt 2013-01-16 08:40 . Pre-Run: 10,020,450,304 bytes free Post-Run: 7,727,611,904 bytes free . - - End Of File - - 0CA2EFBDB5F927BD4520804D1B300061
  6. I hope this is right. :Commands [CREATERESTOREPOINT] :OTL O20 - AppInit_DLLs: (c:\progra~1\wi371a~1\datamngr\datamngr.dll) O20 - AppInit_DLLs: (c:\progra~1\wi371a~1\datamngr\iebho.dll) :Reg [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"=- [-HKEY_CURRENT_USER\Software\DataMngr_Toolbar] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Bandoo] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\iLivid] [-HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar] [-HKEY_CURRENT_USER\Software\DataMngr] [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo] [-HKEY_CURRENT_USER\Software\Trolltech] [-HKEY_CURRENT_USER\Software\ilivid] [-HKEY_CURRENT_USER\Software\searchqutoolbar] [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}] [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}] [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr] [-HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971} [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Searchqu Toolbar] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DATAMNGR"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0] [-HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3829492E-27D0-4A03-82EB-FCBA146C57F6}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\Low Rights\ElevationPolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0EDE4701-347A-45E0-81F0-D81D9F69BBFB}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{99079a25-328f-4bd4-be04-00955acaa0a7}"=- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe"=- "C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"=- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe"=- "C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"=- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe"=- "C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"=- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe"=- "C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DATAMNGR"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- :Files C:\Program Files\Windows iLivid Toolbar C:\Program Files\Windows Searchqu Toolbar C:\Program Files\Searchqu Toolbar C:\Program Files\iLivid C:\Windows\Prefetch\ILIVID* C:\Windows\Prefetch\SEARCHQUMEDIABAR* C:\Windows\Prefetch\SETUPDATAMNGR* C:\Program Files\mozilla firefox\searchplugins\SearchquWebSearch.xml C:\Documents and Settings\Administrator\AppData\LocalLow\DataMngr %APPDATA%\searchquband %APPDATA%\searchqutoolbar ipconfig /flushdns /c :Commands [EMPTYTEMP]
  7. Should I sign in under the infected name and do this or can I do this from another name/same computer? ??? Should I sign in under the infected name in safe mode?????
  8. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-01-2013 Ran by SYSTEM at 2013-01-15 12:32:25 Run:2 Running from G:\ ============================================== HKEY_USERS\Wheat\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully. HKU\Wheat\...\Winlogon: [shell] explorer.exe,C:\Users\Wheat\AppData\Roaming\skype.dat [78332012-05-14] ()1 bjwqxjdu service not found. ==== End of Fixlog ====
  9. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2013 (ATTENTION: FRST version is 6 days old) Ran by SYSTEM at 15-01-2013 05:45:46 Running from G:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) The current controlset is ControlSet002 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet [2022976 2011-06-27] () HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] () HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation) HKLM\...\Run: [DLCCCATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\DLCCtime.dll,RunDLLEntry [28672 2006-02-24] () HKLM\...\Run: [dlccmon.exe] "C:\Program Files (x86)\Dell Photo AIO Printer 924\dlccmon.exe" [431600 2007-01-29] (Dell) HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-06-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35768 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] () HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1535112 2012-09-12] (McAfee, Inc.) HKLM-x32\...\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 [66872 2012-02-06] () HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2835443 2012-02-01] () HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] () HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe [597880 2012-12-05] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe -tray [979816 2012-12-21] () HKLM-x32\...\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe [1434984 2012-12-20] (Anvisoft) HKU\Brian\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-05-31] (Google Inc.) HKU\Brian\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd) HKU\Wheat\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [6591800 2012-02-22] (Yahoo! Inc.) HKU\Wheat\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd) HKU\Wheat\...\Winlogon: [shell] explorer.exe,C:\Users\Wheat\AppData\Roaming\skype.dat [78336 2012-05-14] () Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 ==================== Services (Whitelisted) =================== 2 ADBlockerSrv; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [279368 2012-11-13] () 2 asdsrv; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [735592 2012-12-20] (Anvisoft) 2 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [393080 2012-12-05] (BlueStack Systems, Inc.) 2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2012-12-05] (BlueStack Systems, Inc.) 2 dlcc_device; C:\Windows\system32\dlcccoms.exe -service [566768 2007-01-29] ( ) 2 dlcc_device; C:\Windows\SysWow64\dlcccoms.exe -service [538096 2007-01-29] ( ) 2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation) 2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation) 2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.) 3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [224704 2011-03-08] (McAfee, Inc.) 2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.) 2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.) 2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.) 2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.) 3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [383608 2012-11-16] (McAfee, Inc.) 4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.) 2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.) 2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [241016 2012-11-09] (McAfee, Inc.) 2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-11-09] (McAfee, Inc.) 2 mfevtp; "C:\Windows\system32\mfevtps.exe" [177680 2012-11-09] (McAfee, Inc.) 2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.) 2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation) 3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation) ==================== Drivers (Whitelisted) ===================== 1 asdnet; \??\C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [19280 2012-09-07] () 1 asdrm; C:\Windows\System32\Drivers\asdrm.sys [18768 2012-11-06] (Anvisoft) 2 asdrs; C:\Windows\System32\Drivers\asdrs.sys [23376 2012-11-06] (Anvisoft) 2 asdws; C:\Windows\System32\Drivers\asdws.sys [17232 2012-11-06] () 2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2012-12-05] (BlueStack Systems) 3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-11-09] (McAfee, Inc.) 1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-07-21] (DT Soft Ltd) 3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.) 3 hitmanpro36; C:\Windows\System32\Drivers\hitmanpro36.sys [30496 2012-10-03] () 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) 3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [178840 2012-11-09] (McAfee, Inc.) 3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [309400 2012-11-09] (McAfee, Inc.) 3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [515528 2012-11-09] (McAfee, Inc.) 0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [771096 2012-11-09] (McAfee, Inc.) 3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-11-09] (McAfee, Inc.) 0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [339776 2012-11-09] (McAfee, Inc.) 0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation) 3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation) 1 bjwqxjdu; \??\C:\Windows\system32\drivers\bjwqxjdu.sys [x] 1 cxqzvjxj; \??\C:\Windows\system32\drivers\cxqzvjxj.sys [x] 1 dcprjhtw; \??\C:\Windows\system32\drivers\dcprjhtw.sys [x] 1 krgkkgjz; \??\C:\Windows\system32\drivers\krgkkgjz.sys [x] 3 mfeavfk01; [x] 3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x] 1 pwtnhvjk; \??\C:\Windows\system32\drivers\pwtnhvjk.sys [x] 1 rdiexgsb; \??\C:\Windows\system32\drivers\rdiexgsb.sys [x] 1 tjjotera; \??\C:\Windows\system32\drivers\tjjotera.sys [x] 1 usnfzdbs; \??\C:\Windows\system32\drivers\usnfzdbs.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-01-14 19:35 - 2013-01-14 19:35 - 00366545 ____N C:\Windows\Minidump\011413-22261-01.dmp 2013-01-14 17:24 - 2013-01-14 17:24 - 00000000 ____D C:\FRST 2013-01-14 14:56 - 2013-01-14 14:56 - 00000000 ____D C:\Program Files\Microsoft Office 2013-01-14 14:56 - 2013-01-14 14:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2013-01-14 14:55 - 2013-01-14 15:31 - 00000000 ____D C:\Users\Brian\AppData\Roaming\TP 2013-01-14 14:55 - 2013-01-14 15:25 - 00000000 ____D C:\Users\Brian\Application Data\TP 2013-01-14 14:03 - 2013-01-14 14:03 - 00000736 ____A C:\Users\Brian\Desktop\EmsisoftAntiMalwareSetup - Shortcut.lnk 2013-01-14 14:03 - 2013-01-14 14:03 - 00000628 ____A C:\Users\Brian\Desktop\FixNCR - Shortcut.lnk 2013-01-14 14:03 - 2013-01-14 14:03 - 00000577 ____A C:\Users\Brian\Desktop\tdsskiller - Shortcut.lnk 2013-01-14 14:03 - 2013-01-14 14:03 - 00000522 ____A C:\Users\Brian\Desktop\PS3 - Shortcut.lnk 2013-01-14 12:50 - 2013-01-14 12:50 - 00000000 ____D C:\Users\Brian\Local Settings\Nero_AG 2013-01-14 12:50 - 2013-01-14 12:50 - 00000000 ____D C:\Users\Brian\Local Settings\Application Data\Nero_AG 2013-01-14 12:50 - 2013-01-14 12:50 - 00000000 ____D C:\Users\Brian\AppData\Local\Nero_AG 2013-01-14 12:49 - 2013-01-14 15:35 - 00000000 ____D C:\Users\Brian\Local Settings\Nero 2013-01-14 12:49 - 2013-01-14 15:35 - 00000000 ____D C:\Users\Brian\Local Settings\Application Data\Nero 2013-01-14 12:49 - 2013-01-14 15:35 - 00000000 ____D C:\Users\Brian\AppData\Local\Nero 2013-01-14 12:49 - 2013-01-14 12:49 - 00000000 ___RD C:\Users\Brian\Desktop\MySyncUPFiles 2013-01-14 12:49 - 2013-01-14 12:49 - 00000000 ____D C:\Users\Brian\Application Data\Nero 2013-01-14 12:49 - 2013-01-14 12:49 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Nero 2013-01-14 11:57 - 2013-01-14 12:22 - 00000000 ____D C:\Users\Brian\Application Data\dvdcss 2013-01-14 11:57 - 2013-01-14 12:22 - 00000000 ____D C:\Users\Brian\AppData\Roaming\dvdcss 2013-01-14 11:57 - 2013-01-14 11:57 - 00000000 ____D C:\Users\Brian\My Backup Files 2013-01-14 11:56 - 2013-01-14 11:56 - 00000000 ____D C:\Users\Brian\Application Data\DAEMON Tools Lite 2013-01-14 11:56 - 2013-01-14 11:56 - 00000000 ____D C:\Users\Brian\AppData\Roaming\DAEMON Tools Lite 2013-01-14 11:03 - 2013-01-14 11:56 - 00002257 ____A C:\Users\Brian\Desktop\Google Chrome.lnk 2013-01-14 10:29 - 2013-01-14 19:35 - 00000004 ____A C:\Users\Wheat\Application Data\skype.ini 2013-01-14 10:29 - 2013-01-14 19:35 - 00000004 ____A C:\Users\Wheat\AppData\Roaming\skype.ini 2013-01-14 09:55 - 2013-01-14 10:11 - 161766152 ____A C:\Users\Wheat\Downloads\6942284c7a9144d94d0b00400ee4736c.flv 2013-01-14 09:33 - 2013-01-14 09:47 - 66500855 ____A C:\Users\Wheat\Downloads\4fe37716110720913690264a36ed5296.flv 2013-01-14 09:32 - 2013-01-14 09:47 - 161751150 ____A C:\Users\Wheat\Downloads\9fac1c9963b2eb3ff977fcf1ec840fa2.flv 2013-01-14 09:19 - 2013-01-14 09:29 - 117091875 ____A C:\Users\Wheat\Downloads\cd71a57047e7de489b5113cf846b1c4b.flv 2013-01-14 09:17 - 2013-01-14 09:22 - 62959830 ____A C:\Users\Wheat\Downloads\4aa04fc1e692114d2da80c9145a1306d.flv 0013-01-11 05:39 - 2013-01-11 05:39 - 00000887 ____A C:\AdwCleaner[R2].txt 2013-01-10 09:39 - 2013-01-10 09:39 - 00000000 ____D C:\Users\Brian\Local Settings\Application Data\Adobe 2013-01-10 09:39 - 2013-01-10 09:39 - 00000000 ____D C:\Users\Brian\Local Settings\Adobe 2013-01-10 09:39 - 2013-01-10 09:39 - 00000000 ____D C:\Users\Brian\AppData\Local\Adobe 2013-01-08 20:17 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll 2013-01-08 20:17 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2013-01-08 20:17 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2013-01-08 20:17 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2013-01-08 20:17 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-01-08 20:17 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-01-08 20:17 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2013-01-08 20:17 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2013-01-08 20:17 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2013-01-08 20:17 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2013-01-08 20:16 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll 2013-01-08 20:16 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll 2013-01-08 20:16 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll 2013-01-08 20:16 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll 2013-01-08 20:16 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs 2013-01-08 20:16 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs 2013-01-08 20:16 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs 2013-01-08 20:16 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs 2013-01-08 20:16 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs 2013-01-08 20:16 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs 2013-01-08 20:16 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs 2013-01-08 20:16 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs 2013-01-08 20:16 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs 2013-01-08 20:16 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs 2013-01-08 20:16 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs 2013-01-08 20:16 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs 2013-01-08 20:16 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs 2013-01-08 20:16 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs 2013-01-08 20:16 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs 2013-01-08 20:16 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs 2013-01-08 20:16 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs 2013-01-08 20:16 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs 2013-01-08 20:16 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs 2013-01-08 20:16 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs 2013-01-08 20:16 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs 2013-01-08 20:16 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs 2013-01-08 20:16 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs 2013-01-08 20:16 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs 2013-01-08 20:16 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs 2013-01-08 20:16 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs 2013-01-08 20:16 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs 2013-01-08 20:16 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs 2013-01-08 20:15 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll 2013-01-08 20:15 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll 2013-01-08 20:15 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2013-01-08 20:15 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll 2013-01-08 20:15 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll 2013-01-08 20:15 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2013-01-08 20:15 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-01-08 20:15 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-01-08 20:15 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe 2013-01-08 20:15 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-01-08 20:15 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-01-08 20:15 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-01-08 20:15 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-01-08 20:15 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls 2013-01-08 20:15 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls 2013-01-08 20:15 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-01-08 20:15 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe 2013-01-07 22:51 - 2013-01-07 22:51 - 00001718 ____A C:\Users\Wheat\Desktop\RKreport[4]_S_01082013_02d0151.txt 2013-01-07 22:51 - 2013-01-07 22:51 - 00001683 ____A C:\Users\Wheat\Desktop\RKreport[3]_D_01082013_02d0151.txt 2013-01-07 22:50 - 2013-01-07 22:50 - 00002683 ____A C:\Users\Wheat\Desktop\RKreport[1]_S_01082013_02d0150.txt 2013-01-07 22:50 - 2013-01-07 22:50 - 00002641 ____A C:\Users\Wheat\Desktop\RKreport[2]_D_01082013_02d0150.txt 2013-01-07 22:49 - 2013-01-07 22:50 - 00000000 ____D C:\Users\Wheat\Desktop\RK_Quarantine 2013-01-07 22:41 - 2013-01-07 22:48 - 00000000 ____D C:\Program Files (x86)\Eusing Free Registry Cleaner 2013-01-07 22:41 - 2013-01-07 22:41 - 00001055 ____A C:\Users\Wheat\Desktop\Eusing Free Registry Cleaner.lnk 2013-01-07 22:41 - 2013-01-07 22:41 - 00001055 ____A C:\Users\Brian\Desktop\Eusing Free Registry Cleaner.lnk 2013-01-07 21:36 - 2013-01-07 21:39 - 00000000 ____D C:\Users\All Users\iolo 2013-01-07 21:36 - 2013-01-07 21:39 - 00000000 ____D C:\Users\All Users\Application Data\iolo 2013-01-07 21:36 - 2013-01-07 21:36 - 00074703 ____A C:\Windows\SysWOW64\mfc45.dll 2013-01-07 21:36 - 2013-01-07 21:36 - 00001177 ____A C:\Users\Wheat\Desktop\System Checkup.lnk 2013-01-07 21:36 - 2013-01-07 21:36 - 00000000 ____D C:\Program Files (x86)\iolo 2013-01-07 09:19 - 2013-01-07 09:37 - 45369887 ____A C:\Users\Wheat\Downloads\a76e9cb9514ce1d531b4fe52da1a5402.flv 2013-01-07 09:19 - 2013-01-07 09:22 - 45369887 ____A C:\Users\Wheat\Downloads\a76e9cb9514ce1d531b4fe52da1a5402 (1).flv 0013-01-06 13:21 - 2013-01-06 13:30 - 00000000 ____D C:\Users\Wheat\Downloads\BTTF pack 1-5 2013-01-02 13:00 - 2013-01-02 13:00 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf 2012-12-30 13:50 - 2012-12-30 13:50 - 00000000 ____D C:\Users\Wheat\Local Settings\Powercinema 2012-12-30 13:50 - 2012-12-30 13:50 - 00000000 ____D C:\Users\Wheat\Local Settings\Application Data\Powercinema 2012-12-30 13:50 - 2012-12-30 13:50 - 00000000 ____D C:\Users\Wheat\AppData\Local\Powercinema 2012-12-30 13:14 - 2012-12-30 13:41 - 00364537 ____N C:\Windows\Minidump\123012-30435-01.dmp 2012-12-30 10:42 - 2012-12-30 13:08 - 00000000 ____D C:\Users\Wheat\Downloads\The Walking Dead Episodes 1 2 3 4 5 PC full Game ^^nosTEAM^^ 2012-12-30 03:17 - 2012-12-30 03:17 - 00000000 ____D C:\Users\Wheat\Downloads\Super.8.2011.720p.BRRip.XviD.AC3-ViSiON 2012-12-29 08:39 - 2012-12-29 08:40 - 00000000 ____D C:\Users\Wheat\Downloads\ParaNorman.2012.1080p.BluRay.x264-ALLiANCE 2012-12-29 03:28 - 2012-12-29 03:28 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\39652122.sys 2012-12-29 03:09 - 2012-12-29 03:08 - 00000736 ____A C:\Windows\System32\Drivers\etc\hosts.txt 2012-12-29 03:08 - 2012-12-29 03:08 - 00000736 ____A C:\Users\Wheat\Desktop\hosts.txt 2012-12-29 03:05 - 2012-12-29 03:05 - 00000000 ____D C:\Users\Wheat\Application Data\Anvisoft 2012-12-29 03:05 - 2012-12-29 03:05 - 00000000 ____D C:\Users\Wheat\AppData\Roaming\Anvisoft 2012-12-29 03:04 - 2012-12-29 03:04 - 00001502 ____A C:\Users\Public\Desktop\Anvi AD Blocker.lnk 2012-12-29 03:04 - 2012-12-29 03:04 - 00001502 ____A C:\Users\All Users\Desktop\Anvi AD Blocker.lnk 2012-12-29 03:04 - 2012-12-29 03:04 - 00001186 ____A C:\Users\Public\Desktop\Anvi Smart Defender.lnk 2012-12-29 03:04 - 2012-12-29 03:04 - 00001186 ____A C:\Users\All Users\Desktop\Anvi Smart Defender.lnk 2012-12-29 03:04 - 2012-12-29 03:04 - 00000000 ____D C:\Users\All Users\Application Data\Anvisoft 2012-12-29 03:04 - 2012-12-29 03:04 - 00000000 ____D C:\Users\All Users\Anvisoft 2012-12-29 03:04 - 2012-12-29 03:04 - 00000000 ____D C:\Program Files (x86)\Anvisoft 2012-12-29 03:04 - 2012-11-06 23:16 - 00023376 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrs.sys 2012-12-29 03:04 - 2012-11-06 23:16 - 00018768 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrm.sys 2012-12-29 03:04 - 2012-11-06 23:16 - 00017232 ____A C:\Windows\System32\Drivers\asdws.sys 0012-12-22 00:00 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll 2012-12-22 00:00 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2012-12-22 00:00 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2012-12-22 00:00 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2012-12-21 14:38 - 2013-01-09 21:07 - 00003580 ____A C:\Users\Wheat\Desktop\Rkill.txt 2012-12-21 14:38 - 2013-01-09 21:06 - 00000000 ____D C:\Users\Wheat\Desktop\rkill 2012-12-21 12:12 - 2012-12-21 12:12 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Wheat\Downloads\tdsskiller.exe 2012-12-21 12:12 - 2012-12-21 12:12 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Wheat\Desktop\tdsskiller.exe 2012-12-20 04:59 - 2012-12-20 06:00 - 00500850 ____N C:\Windows\Minidump\122012-21481-01.dmp 2012-12-19 16:39 - 2012-12-19 16:39 - 00059170 ____A C:\Users\Wheat\Desktop\Extras.Txt 2012-12-19 16:38 - 2012-12-19 16:38 - 00167738 ____A C:\Users\Wheat\Desktop\OTL.Txt 2012-12-19 16:11 - 2012-12-19 16:16 - 00012884 ____A C:\Users\Wheat\Desktop\SystemLook.txt 2012-12-19 15:08 - 2012-12-19 15:09 - 00000000 ____D C:\Windows\rescache 2012-12-19 14:41 - 2012-12-19 14:41 - 00139264 ____A C:\Users\Wheat\Desktop\SystemLook.exe 2012-12-19 14:40 - 2012-12-19 14:40 - 00000000 ____D C:\_OTL 2012-12-19 14:39 - 2012-12-19 14:39 - 00009682 ____A C:\Users\Wheat\Desktop\fix.txt 2012-12-19 14:38 - 2012-12-19 14:39 - 00602112 ____A (OldTimer Tools) C:\Users\Wheat\Desktop\OTL.exe 2012-12-17 02:39 - 2012-12-17 02:40 - 00003645 ____A C:\AdwCleaner[s1].txt 2012-12-17 02:38 - 2012-12-17 02:38 - 00003965 ____A C:\AdwCleaner[R1].txt 2012-12-17 02:22 - 2013-01-11 23:11 - 00002257 ____A C:\Users\Wheat\Desktop\Google Chrome.lnk ==================== One Month Modified Files and Folders ======= 2013-01-15 02:30 - 2012-05-31 13:33 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-01-15 02:30 - 2012-05-14 19:34 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks 2013-01-15 02:30 - 2012-05-14 19:34 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks 2013-01-15 02:30 - 2012-05-14 19:34 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2013-01-15 02:30 - 2012-05-14 19:34 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks 2013-01-15 02:30 - 2012-05-14 19:34 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks 2013-01-15 02:30 - 2012-05-14 19:34 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2013-01-15 02:30 - 2012-05-14 19:03 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2013-01-15 02:29 - 2012-12-03 16:14 - 00020124 ____A C:\Windows\setupact.log 2013-01-15 02:08 - 2012-07-12 09:21 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-01-15 01:58 - 2012-05-31 13:33 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-01-14 19:46 - 2009-07-13 20:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-01-14 19:46 - 2009-07-13 20:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-01-14 19:37 - 2012-05-19 22:25 - 00000000 ____D C:\Windows\Minidump 2013-01-14 19:37 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-01-14 19:35 - 2013-01-14 19:35 - 00366545 ____N C:\Windows\Minidump\011413-22261-01.dmp 2013-01-14 19:35 - 2013-01-14 10:29 - 00000004 ____A C:\Users\Wheat\Application Data\skype.ini 2013-01-14 19:35 - 2013-01-14 10:29 - 00000004 ____A C:\Users\Wheat\AppData\Roaming\skype.ini 2013-01-14 17:24 - 2013-01-14 17:24 - 00000000 ____D C:\FRST 2013-01-14 16:29 - 2012-12-03 16:18 - 01138689 ____A C:\Windows\WindowsUpdate.log 2013-01-14 15:35 - 2013-01-14 12:49 - 00000000 ____D C:\Users\Brian\Local Settings\Nero 2013-01-14 15:35 - 2013-01-14 12:49 - 00000000 ____D C:\Users\Brian\Local Settings\Application Data\Nero 2013-01-14 15:35 - 2013-01-14 12:49 - 00000000 ____D C:\Users\Brian\AppData\Local\Nero 2013-01-14 15:31 - 2013-01-14 14:55 - 00000000 ____D C:\Users\Brian\Application Data\TP 2013-01-14 15:31 - 2013-01-14 14:55 - 00000000 ____D C:\Users\Brian\AppData\Roaming\TP 2013-01-14 14:56 - 2013-01-14 14:56 - 00000000 ____D C:\Program Files\Microsoft Office 2013-01-14 14:56 - 2013-01-14 14:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2013-01-14 14:56 - 2012-05-14 19:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2013-01-14 14:56 - 2011-02-10 08:10 - 00795928 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2013-01-14 14:56 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-01-14 14:40 - 2012-05-14 19:21 - 00000000 ____D C:\Users\All Users\Sonic 2013-01-14 14:40 - 2012-05-14 19:21 - 00000000 ____D C:\Users\All Users\Application Data\Sonic 2013-01-14 14:21 - 2012-06-30 23:46 - 00000000 ____D C:\Users\Brian\Application Data\vlc 2013-01-14 14:21 - 2012-06-30 23:46 - 00000000 ____D C:\Users\Brian\AppData\Roaming\vlc 2013-01-14 14:03 - 2013-01-14 14:03 - 00000736 ____A C:\Users\Brian\Desktop\EmsisoftAntiMalwareSetup - Shortcut.lnk 2013-01-14 14:03 - 2013-01-14 14:03 - 00000628 ____A C:\Users\Brian\Desktop\FixNCR - Shortcut.lnk 2013-01-14 14:03 - 2013-01-14 14:03 - 00000577 ____A C:\Users\Brian\Desktop\tdsskiller - Shortcut.lnk 2013-01-14 14:03 - 2013-01-14 14:03 - 00000522 ____A C:\Users\Brian\Desktop\PS3 - Shortcut.lnk 2013-01-14 12:50 - 2013-01-14 12:50 - 00000000 ____D C:\Users\Brian\Local Settings\Nero_AG 2013-01-14 12:50 - 2013-01-14 12:50 - 00000000 ____D C:\Users\Brian\Local Settings\Application Data\Nero_AG 2013-01-14 12:50 - 2013-01-14 12:50 - 00000000 ____D C:\Users\Brian\AppData\Local\Nero_AG 2013-01-14 12:49 - 2013-01-14 12:49 - 00000000 ___RD C:\Users\Brian\Desktop\MySyncUPFiles 2013-01-14 12:49 - 2013-01-14 12:49 - 00000000 ____D C:\Users\Brian\Application Data\Nero 2013-01-14 12:49 - 2013-01-14 12:49 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Nero 2013-01-14 12:49 - 2012-06-27 12:09 - 00000000 ____D C:\Users\Brian\Local Settings\VirtualStore 2013-01-14 12:49 - 2012-06-27 12:09 - 00000000 ____D C:\Users\Brian\Local Settings\Application Data\VirtualStore 2013-01-14 12:49 - 2012-06-27 12:09 - 00000000 ____D C:\Users\Brian\AppData\Local\VirtualStore 2013-01-14 12:22 - 2013-01-14 11:57 - 00000000 ____D C:\Users\Brian\Application Data\dvdcss 2013-01-14 12:22 - 2013-01-14 11:57 - 00000000 ____D C:\Users\Brian\AppData\Roaming\dvdcss 2013-01-14 11:57 - 2013-01-14 11:57 - 00000000 ____D C:\Users\Brian\My Backup Files 2013-01-14 11:57 - 2012-06-27 12:09 - 00000000 ____D C:\Users\Brian\Local Settings\SoftThinks 2013-01-14 11:57 - 2012-06-27 12:09 - 00000000 ____D C:\Users\Brian\Local Settings\Application Data\SoftThinks 2013-01-14 11:57 - 2012-06-27 12:09 - 00000000 ____D C:\Users\Brian\AppData\Local\SoftThinks 2013-01-14 11:57 - 2012-06-27 12:09 - 00000000 ____D C:\users\Brian 2013-01-14 11:56 - 2013-01-14 11:56 - 00000000 ____D C:\Users\Brian\Application Data\DAEMON Tools Lite 2013-01-14 11:56 - 2013-01-14 11:56 - 00000000 ____D C:\Users\Brian\AppData\Roaming\DAEMON Tools Lite 2013-01-14 11:56 - 2013-01-14 11:03 - 00002257 ____A C:\Users\Brian\Desktop\Google Chrome.lnk 2013-01-14 11:55 - 2012-06-27 12:48 - 00000000 ____D C:\Users\Brian\Local Settings\Google 2013-01-14 11:55 - 2012-06-27 12:48 - 00000000 ____D C:\Users\Brian\Local Settings\Application Data\Google 2013-01-14 11:55 - 2012-06-27 12:48 - 00000000 ____D C:\Users\Brian\AppData\Local\Google 2013-01-14 11:13 - 2009-07-13 21:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI 2013-01-14 11:03 - 2012-11-15 01:36 - 00000000 ____D C:\Program Files\Dl_cats 2013-01-14 10:59 - 2010-11-20 19:24 - 00000000 __SHD C:\Users\Wheat\Application Data\6FB51F 2013-01-14 10:59 - 2010-11-20 19:24 - 00000000 __SHD C:\Users\Wheat\AppData\Roaming\6FB51F 2013-01-14 10:58 - 2012-12-03 16:14 - 00018454 ____A C:\Windows\PFRO.log 2013-01-14 10:11 - 2013-01-14 09:55 - 161766152 ____A C:\Users\Wheat\Downloads\6942284c7a9144d94d0b00400ee4736c.flv 2013-01-14 09:52 - 2012-05-19 19:41 - 00000000 ____D C:\Users\Wheat\Application Data\uTorrent 2013-01-14 09:52 - 2012-05-19 19:41 - 00000000 ____D C:\Users\Wheat\AppData\Roaming\uTorrent 2013-01-14 09:47 - 2013-01-14 09:33 - 66500855 ____A C:\Users\Wheat\Downloads\4fe37716110720913690264a36ed5296.flv 2013-01-14 09:47 - 2013-01-14 09:32 - 161751150 ____A C:\Users\Wheat\Downloads\9fac1c9963b2eb3ff977fcf1ec840fa2.flv 2013-01-14 09:29 - 2013-01-14 09:19 - 117091875 ____A C:\Users\Wheat\Downloads\cd71a57047e7de489b5113cf846b1c4b.flv 2013-01-14 09:22 - 2013-01-14 09:17 - 62959830 ____A C:\Users\Wheat\Downloads\4aa04fc1e692114d2da80c9145a1306d.flv 2013-01-14 00:09 - 2013-01-12 17:37 - 00000000 ____D C:\Users\Wheat\Downloads\Django Unchained 2012 DVDSCR X264 AAC 2013-01-13 18:13 - 2012-09-07 22:30 - 00000000 ____D C:\Users\Wheat\Application Data\vlc 2013-01-13 18:13 - 2012-09-07 22:30 - 00000000 ____D C:\Users\Wheat\AppData\Roaming\vlc 2013-01-13 10:09 - 2012-05-19 21:45 - 00000000 ____D C:\Users\Wheat\Local Settings\Nero 2013-01-13 10:09 - 2012-05-19 21:45 - 00000000 ____D C:\Users\Wheat\Local Settings\Application Data\Nero 2013-01-13 10:09 - 2012-05-19 21:45 - 00000000 ____D C:\Users\Wheat\AppData\Local\Nero 2013-01-12 17:56 - 2013-01-12 17:53 - 00000000 ____D C:\Users\Wheat\Downloads\The Expendables 2 (2012) PAL Eng NL subs DVDR-NLU002 2013-01-11 23:11 - 2012-12-17 02:22 - 00002257 ____A C:\Users\Wheat\Desktop\Google Chrome.lnk 2013-01-11 05:39 - 2013-01-11 05:39 - 00000887 ____A C:\AdwCleaner[R2].txt 2013-01-10 09:39 - 2013-01-10 09:39 - 00000000 ____D C:\Users\Brian\Local Settings\Application Data\Adobe 2013-01-10 09:39 - 2013-01-10 09:39 - 00000000 ____D C:\Users\Brian\Local Settings\Adobe 2013-01-10 09:39 - 2013-01-10 09:39 - 00000000 ____D C:\Users\Brian\AppData\Local\Adobe 2013-01-10 09:39 - 2012-06-27 12:29 - 00074856 ____A C:\Users\Brian\Local Settings\GDIPFONTCACHEV1.DAT 2013-01-10 09:39 - 2012-06-27 12:29 - 00074856 ____A C:\Users\Brian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2013-01-10 09:39 - 2012-06-27 12:29 - 00074856 ____A C:\Users\Brian\AppData\Local\GDIPFONTCACHEV1.DAT 2013-01-09 21:07 - 2012-12-21 14:38 - 00003580 ____A C:\Users\Wheat\Desktop\Rkill.txt 2013-01-09 21:06 - 2012-12-21 14:38 - 00000000 ____D C:\Users\Wheat\Desktop\rkill 2013-01-09 00:47 - 2009-07-13 20:45 - 04879288 ____A C:\Windows\System32\FNTCACHE.DAT 2013-01-09 00:12 - 2012-05-20 23:05 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-01-08 22:08 - 2012-07-09 04:25 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-01-08 22:08 - 2012-07-09 04:25 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-01-07 22:51 - 2013-01-07 22:51 - 00001718 ____A C:\Users\Wheat\Desktop\RKreport[4]_S_01082013_02d0151.txt 2013-01-07 22:51 - 2013-01-07 22:51 - 00001683 ____A C:\Users\Wheat\Desktop\RKreport[3]_D_01082013_02d0151.txt 2013-01-07 22:50 - 2013-01-07 22:50 - 00002683 ____A C:\Users\Wheat\Desktop\RKreport[1]_S_01082013_02d0150.txt 2013-01-07 22:50 - 2013-01-07 22:50 - 00002641 ____A C:\Users\Wheat\Desktop\RKreport[2]_D_01082013_02d0150.txt 2013-01-07 22:50 - 2013-01-07 22:49 - 00000000 ____D C:\Users\Wheat\Desktop\RK_Quarantine 2013-01-07 22:48 - 2013-01-07 22:41 - 00000000 ____D C:\Program Files (x86)\Eusing Free Registry Cleaner 2013-01-07 22:48 - 2012-10-04 00:42 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-01-07 22:48 - 2012-10-04 00:42 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2013-01-07 22:48 - 2012-10-04 00:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-01-07 22:41 - 2013-01-07 22:41 - 00001055 ____A C:\Users\Wheat\Desktop\Eusing Free Registry Cleaner.lnk 2013-01-07 22:41 - 2013-01-07 22:41 - 00001055 ____A C:\Users\Brian\Desktop\Eusing Free Registry Cleaner.lnk 2013-01-07 21:39 - 2013-01-07 21:36 - 00000000 ____D C:\Users\All Users\iolo 2013-01-07 21:39 - 2013-01-07 21:36 - 00000000 ____D C:\Users\All Users\Application Data\iolo 2013-01-07 21:36 - 2013-01-07 21:36 - 00074703 ____A C:\Windows\SysWOW64\mfc45.dll 2013-01-07 21:36 - 2013-01-07 21:36 - 00001177 ____A C:\Users\Wheat\Desktop\System Checkup.lnk 2013-01-07 21:36 - 2013-01-07 21:36 - 00000000 ____D C:\Program Files (x86)\iolo 2013-01-07 09:37 - 2013-01-07 09:19 - 45369887 ____A C:\Users\Wheat\Downloads\a76e9cb9514ce1d531b4fe52da1a5402.flv 2013-01-07 09:22 - 2013-01-07 09:19 - 45369887 ____A C:\Users\Wheat\Downloads\a76e9cb9514ce1d531b4fe52da1a5402 (1).flv 2013-01-06 13:30 - 2013-01-06 13:21 - 00000000 ____D C:\Users\Wheat\Downloads\BTTF pack 1-5 2013-01-02 13:00 - 2013-01-02 13:00 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf 2012-12-30 13:50 - 2012-12-30 13:50 - 00000000 ____D C:\Users\Wheat\Local Settings\Powercinema 2012-12-30 13:50 - 2012-12-30 13:50 - 00000000 ____D C:\Users\Wheat\Local Settings\Application Data\Powercinema 2012-12-30 13:50 - 2012-12-30 13:50 - 00000000 ____D C:\Users\Wheat\AppData\Local\Powercinema 2012-12-30 13:50 - 2012-05-20 01:14 - 00000000 ____D C:\Users\Wheat\Application Data\CyberLink 2012-12-30 13:50 - 2012-05-20 01:14 - 00000000 ____D C:\Users\Wheat\AppData\Roaming\CyberLink 2012-12-30 13:41 - 2012-12-30 13:14 - 00364537 ____N C:\Windows\Minidump\123012-30435-01.dmp 2012-12-30 13:10 - 2012-10-13 09:43 - 00002515 ____A C:\Users\Wheat\Desktop\Play The Walking Dead nosTEAM.lnk 2012-12-30 13:08 - 2012-12-30 10:42 - 00000000 ____D C:\Users\Wheat\Downloads\The Walking Dead Episodes 1 2 3 4 5 PC full Game ^^nosTEAM^^ 2012-12-30 03:17 - 2012-12-30 03:17 - 00000000 ____D C:\Users\Wheat\Downloads\Super.8.2011.720p.BRRip.XviD.AC3-ViSiON 2012-12-29 13:52 - 2012-05-19 17:58 - 00000000 ____D C:\Program Files (x86)\Torenkey 2012-12-29 08:40 - 2012-12-29 08:39 - 00000000 ____D C:\Users\Wheat\Downloads\ParaNorman.2012.1080p.BluRay.x264-ALLiANCE 2012-12-29 03:28 - 2012-12-29 03:28 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\39652122.sys 2012-12-29 03:08 - 2012-12-29 03:09 - 00000736 ____A C:\Windows\System32\Drivers\etc\hosts.txt 2012-12-29 03:08 - 2012-12-29 03:08 - 00000736 ____A C:\Users\Wheat\Desktop\hosts.txt 2012-12-29 03:05 - 2012-12-29 03:05 - 00000000 ____D C:\Users\Wheat\Application Data\Anvisoft 2012-12-29 03:05 - 2012-12-29 03:05 - 00000000 ____D C:\Users\Wheat\AppData\Roaming\Anvisoft 2012-12-29 03:04 - 2012-12-29 03:04 - 00001502 ____A C:\Users\Public\Desktop\Anvi AD Blocker.lnk 2012-12-29 03:04 - 2012-12-29 03:04 - 00001502 ____A C:\Users\All Users\Desktop\Anvi AD Blocker.lnk 2012-12-29 03:04 - 2012-12-29 03:04 - 00001186 ____A C:\Users\Public\Desktop\Anvi Smart Defender.lnk 2012-12-29 03:04 - 2012-12-29 03:04 - 00001186 ____A C:\Users\All Users\Desktop\Anvi Smart Defender.lnk 2012-12-29 03:04 - 2012-12-29 03:04 - 00000000 ____D C:\Users\All Users\Application Data\Anvisoft 2012-12-29 03:04 - 2012-12-29 03:04 - 00000000 ____D C:\Users\All Users\Anvisoft 2012-12-29 03:04 - 2012-12-29 03:04 - 00000000 ____D C:\Program Files (x86)\Anvisoft 2012-12-27 16:20 - 2012-07-21 14:22 - 00000000 ____D C:\Users\Wheat\Application Data\dvdcss 2012-12-27 16:20 - 2012-07-21 14:22 - 00000000 ____D C:\Users\Wheat\AppData\Roaming\dvdcss 2012-12-22 05:58 - 2012-05-14 19:17 - 00000000 ____D C:\Users\All Users\Application Data\Adobe 2012-12-22 05:58 - 2012-05-14 19:17 - 00000000 ____D C:\Users\All Users\Adobe 2012-12-22 05:56 - 2012-05-14 19:17 - 00000000 ____D C:\Program Files (x86)\Adobe 2012-12-22 05:54 - 2012-12-08 07:30 - 00000000 ____D C:\Program Files\Common Files\Adobe 2012-12-22 05:53 - 2012-12-08 07:32 - 00000000 ____D C:\Program Files\Adobe 2012-12-22 05:50 - 2012-05-21 04:50 - 00000000 ____D C:\Users\Wheat\Local Settings\Application Data\Adobe 2012-12-22 05:50 - 2012-05-21 04:50 - 00000000 ____D C:\Users\Wheat\Local Settings\Adobe 2012-12-22 05:50 - 2012-05-21 04:50 - 00000000 ____D C:\Users\Wheat\AppData\Local\Adobe 2012-12-21 15:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2012-12-21 12:12 - 2012-12-21 12:12 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Wheat\Downloads\tdsskiller.exe 2012-12-21 12:12 - 2012-12-21 12:12 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Wheat\Desktop\tdsskiller.exe 2012-12-21 11:10 - 2012-05-19 19:41 - 00000000 ____D C:\Users\Wheat\Local Settings\Google 2012-12-21 11:10 - 2012-05-19 19:41 - 00000000 ____D C:\Users\Wheat\Local Settings\Application Data\Google 2012-12-21 11:10 - 2012-05-19 19:41 - 00000000 ____D C:\Users\Wheat\AppData\Local\Google 2012-12-20 06:00 - 2012-12-20 04:59 - 00500850 ____N C:\Windows\Minidump\122012-21481-01.dmp 2012-12-19 16:39 - 2012-12-19 16:39 - 00059170 ____A C:\Users\Wheat\Desktop\Extras.Txt 2012-12-19 16:38 - 2012-12-19 16:38 - 00167738 ____A C:\Users\Wheat\Desktop\OTL.Txt 2012-12-19 16:16 - 2012-12-19 16:11 - 00012884 ____A C:\Users\Wheat\Desktop\SystemLook.txt 2012-12-19 15:09 - 2012-12-19 15:08 - 00000000 ____D C:\Windows\rescache 2012-12-19 14:41 - 2012-12-19 14:41 - 00139264 ____A C:\Users\Wheat\Desktop\SystemLook.exe 2012-12-19 14:40 - 2012-12-19 14:40 - 00000000 ____D C:\_OTL 2012-12-19 14:39 - 2012-12-19 14:39 - 00009682 ____A C:\Users\Wheat\Desktop\fix.txt 2012-12-19 14:39 - 2012-12-19 14:38 - 00602112 ____A (OldTimer Tools) C:\Users\Wheat\Desktop\OTL.exe 2012-12-17 15:07 - 2012-07-21 19:30 - 00000000 ____D C:\Users\Wheat\Application Data\DAEMON Tools Lite 2012-12-17 15:07 - 2012-07-21 19:30 - 00000000 ____D C:\Users\Wheat\AppData\Roaming\DAEMON Tools Lite 2012-12-17 02:40 - 2012-12-17 02:39 - 00003645 ____A C:\AdwCleaner[s1].txt 2012-12-17 02:38 - 2012-12-17 02:38 - 00003965 ____A C:\AdwCleaner[R1].txt 2012-12-17 02:22 - 2012-05-31 13:33 - 00000000 ____D C:\Program Files (x86)\Google 2012-12-16 09:11 - 2012-12-22 00:00 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll 2012-12-16 06:45 - 2012-12-22 00:00 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2012-12-16 06:13 - 2012-12-22 00:00 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2012-12-16 06:13 - 2012-12-22 00:00 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2012-12-16 03:48 - 2012-05-25 00:55 - 00000000 ____D C:\Users\Wheat\Local Settings\Kjs.AppLife.Update 2012-12-16 03:48 - 2012-05-25 00:55 - 00000000 ____D C:\Users\Wheat\Local Settings\Application Data\Kjs.AppLife.Update 2012-12-16 03:48 - 2012-05-25 00:55 - 00000000 ____D C:\Users\Wheat\AppData\Local\Kjs.AppLife.Update ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 9% Total physical RAM: 8174.64 MB Available physical RAM: 7393.52 MB Total Pagefile: 8172.84 MB Available Pagefile: 7391.48 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:5.27 GB) NTFS 4 Drive f: (RECOVERY) (Fixed) (Total:14.81 GB) (Free:5.27 GB) NTFS ==>[system with boot components (obtained from reading drive)] 5 Drive g: (KINGSTON) (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 931 GB 0 B Disk 1 No Media 0 B 0 B Disk 2 Online 1918 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 31 KB Partition 2 Primary 14 GB 40 MB Partition 3 Primary 916 GB 14 GB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 FAT Partition 39 MB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 F RECOVERY NTFS Partition 14 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 916 GB Healthy ========================================================= Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1917 MB 124 KB ================================================================================== Disk: 2 Partition 1 Type : 06 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G KINGSTON FAT Removable 1917 MB Healthy ========================================================= Last Boot: 2013-01-08 00:46 ==================== End Of Log ============================= Farbar Recovery Scan Tool (x64) Version: 09-01-2013 Ran by SYSTEM at 2013-01-15 05:48:44 Running from G:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2012-10-04 00:18] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ======
  10. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-01-2013 Ran by SYSTEM at 2013-01-14 18:17:19 Run:1 Running from G:\ ============================================== HKEY_USERS\Wheat\Software\Microsoft\Windows\CurrentVersion\Run\\Trolltech Value deleted successfully. HKU\Wheat\...\Run: [Trolltech] C:\Users\Wheat\AppData\Roaming\6FB51F\6FB51F.exe [x]bjwqxjdu service not found. ==== End of Fixlog ====
  11. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2013 Ran by SYSTEM at 14-01-2013 17:28:32 Running from G:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) The current controlset is ControlSet002 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet [2022976 2011-06-27] () HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] () HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation) HKLM\...\Run: [DLCCCATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\DLCCtime.dll,RunDLLEntry [28672 2006-02-24] () HKLM\...\Run: [dlccmon.exe] "C:\Program Files (x86)\Dell Photo AIO Printer 924\dlccmon.exe" [431600 2007-01-29] (Dell) HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-06-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35768 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] () HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1535112 2012-09-12] (McAfee, Inc.) HKLM-x32\...\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 [66872 2012-02-06] () HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2835443 2012-02-01] () HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] () HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe [597880 2012-12-05] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe -tray [979816 2012-12-21] () HKLM-x32\...\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe [1434984 2012-12-20] (Anvisoft) HKU\Brian\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-05-31] (Google Inc.) HKU\Brian\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd) HKU\Wheat\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [6591800 2012-02-22] (Yahoo! Inc.) HKU\Wheat\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd) HKU\Wheat\...\Run: [Trolltech] C:\Users\Wheat\AppData\Roaming\6FB51F\6FB51F.exe [x] HKU\Wheat\...\Winlogon: [shell] explorer.exe,C:\Users\Wheat\AppData\Roaming\skype.dat [78336 2012-05-14] () Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 ==================== Services (Whitelisted) =================== 2 ADBlockerSrv; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [279368 2012-11-13] () 2 asdsrv; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [735592 2012-12-20] (Anvisoft) 2 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [393080 2012-12-05] (BlueStack Systems, Inc.) 2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2012-12-05] (BlueStack Systems, Inc.) 2 dlcc_device; C:\Windows\system32\dlcccoms.exe -service [566768 2007-01-29] ( ) 2 dlcc_device; C:\Windows\SysWow64\dlcccoms.exe -service [538096 2007-01-29] ( ) 2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation) 2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation) 2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.) 3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [224704 2011-03-08] (McAfee, Inc.) 2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.) 2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.) 2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.) 2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.) 3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [383608 2012-11-16] (McAfee, Inc.) 4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.) 2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.) 2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [241016 2012-11-09] (McAfee, Inc.) 2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-11-09] (McAfee, Inc.) 2 mfevtp; "C:\Windows\system32\mfevtps.exe" [177680 2012-11-09] (McAfee, Inc.) 2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.) 2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation) 3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation) ==================== Drivers (Whitelisted) ===================== 1 asdnet; \??\C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [19280 2012-09-07] () 1 asdrm; C:\Windows\System32\Drivers\asdrm.sys [18768 2012-11-06] (Anvisoft) 2 asdrs; C:\Windows\System32\Drivers\asdrs.sys [23376 2012-11-06] (Anvisoft) 2 asdws; C:\Windows\System32\Drivers\asdws.sys [17232 2012-11-06] () 2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2012-12-05] (BlueStack Systems) 3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-11-09] (McAfee, Inc.) 1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-07-21] (DT Soft Ltd) 3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.) 3 hitmanpro36; C:\Windows\System32\Drivers\hitmanpro36.sys [30496 2012-10-03] () 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) 3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [178840 2012-11-09] (McAfee, Inc.) 3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [309400 2012-11-09] (McAfee, Inc.) 3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [515528 2012-11-09] (McAfee, Inc.) 0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [771096 2012-11-09] (McAfee, Inc.) 3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-11-09] (McAfee, Inc.) 0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [339776 2012-11-09] (McAfee, Inc.) 0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation) 3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation) 1 bjwqxjdu; \??\C:\Windows\system32\drivers\bjwqxjdu.sys [x] 1 cxqzvjxj; \??\C:\Windows\system32\drivers\cxqzvjxj.sys [x] 1 dcprjhtw; \??\C:\Windows\system32\drivers\dcprjhtw.sys [x] 1 krgkkgjz; \??\C:\Windows\system32\drivers\krgkkgjz.sys [x] 3 mfeavfk01; [x] 3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x] 1 pwtnhvjk; \??\C:\Windows\system32\drivers\pwtnhvjk.sys [x] 1 rdiexgsb; \??\C:\Windows\system32\drivers\rdiexgsb.sys [x] 1 tjjotera; \??\C:\Windows\system32\drivers\tjjotera.sys [x] 1 usnfzdbs; \??\C:\Windows\system32\drivers\usnfzdbs.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-01-14 17:24 - 2013-01-14 17:24 - 00000000 ____D C:\FRST 2013-01-14 14:03 - 2013-01-14 14:03 - 00000736 ____A C:\Users\Brian\Desktop\EmsisoftAntiMalwareSetup - Shortcut.lnk 2013-01-14 14:03 - 2013-01-14 14:03 - 00000628 ____A C:\Users\Brian\Desktop\FixNCR - Shortcut.lnk 2013-01-14 14:03 - 2013-01-14 14:03 - 00000577 ____A C:\Users\Brian\Desktop\tdsskiller - Shortcut.lnk 2013-01-14 14:03 - 2013-01-14 14:03 - 00000522 ____A C:\Users\Brian\Desktop\PS3 - Shortcut.lnk 2013-01-14 12:50 - 2013-01-14 12:50 - 00000000 ____D C:\Users\Brian\Local Settings\Nero_AG 2013-01-14 12:50 - 2013-01-14 12:50 - 00000000 ____D C:\Users\Brian\Local Settings\Application Data\Nero_AG 2013-01-14 12:50 - 2013-01-14 12:50 - 00000000 ____D C:\Users\Brian\AppData\Local\Nero_AG 2013-01-14 12:49 - 2013-01-14 12:50 - 00000000 ____D C:\Users\Brian\Local Settings\Nero 2013-01-14 12:49 - 2013-01-14 12:50 - 00000000 ____D C:\Users\Brian\Local Settings\Application Data\Nero 2013-01-14 12:49 - 2013-01-14 12:50 - 00000000 ____D C:\Users\Brian\AppData\Local\Nero 2013-01-14 12:49 - 2013-01-14 12:49 - 00000000 ___RD C:\Users\Brian\Desktop\MySyncUPFiles 2013-01-14 12:49 - 2013-01-14 12:49 - 00000000 ____D C:\Users\Brian\Application Data\Nero 2013-01-14 12:49 - 2013-01-14 12:49 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Nero 2013-01-14 11:57 - 2013-01-14 12:22 - 00000000 ____D C:\Users\Brian\Application Data\dvdcss 2013-01-14 11:57 - 2013-01-14 12:22 - 00000000 ____D C:\Users\Brian\AppData\Roaming\dvdcss 2013-01-14 11:57 - 2013-01-14 11:57 - 00000000 ____D C:\Users\Brian\My Backup Files 2013-01-14 11:56 - 2013-01-14 11:56 - 00000000 ____D C:\Users\Brian\Application Data\DAEMON Tools Lite 2013-01-14 11:56 - 2013-01-14 11:56 - 00000000 ____D C:\Users\Brian\AppData\Roaming\DAEMON Tools Lite 2013-01-14 11:03 - 2013-01-14 11:56 - 00002257 ____A C:\Users\Brian\Desktop\Google Chrome.lnk 2013-01-14 10:29 - 2013-01-14 11:00 - 00000004 ____A C:\Users\Wheat\Application Data\skype.ini 2013-01-14 10:29 - 2013-01-14 11:00 - 00000004 ____A C:\Users\Wheat\AppData\Roaming\skype.ini 2013-01-11 05:39 - 2013-01-11 05:39 - 00000887 ____A C:\AdwCleaner[R2].txt 2013-01-10 09:39 - 2013-01-10 09:39 - 00000000 ____D C:\Users\Brian\Local Settings\Application Data\Adobe 2013-01-10 09:39 - 2013-01-10 09:39 - 00000000 ____D C:\Users\Brian\Local Settings\Adobe 2013-01-10 09:39 - 2013-01-10 09:39 - 00000000 ____D C:\Users\Brian\AppData\Local\Adobe 2013-01-08 20:17 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll 2013-01-08 20:17 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2013-01-08 20:17 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2013-01-08 20:17 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2013-01-08 20:17 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-01-08 20:17 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-01-08 20:17 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2013-01-08 20:17 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2013-01-08 20:17 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2013-01-08 20:17 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2013-01-08 20:16 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll 2013-01-08 20:16 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll 2013-01-08 20:16 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll 2013-01-08 20:16 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll 2013-01-08 20:16 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs 2013-01-08 20:16 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs 2013-01-08 20:16 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs 2013-01-08 20:16 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs 2013-01-08 20:16 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs 2013-01-08 20:16 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs 2013-01-08 20:16 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs 2013-01-08 20:16 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs 2013-01-08 20:16 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs 2013-01-08 20:16 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs 2013-01-08 20:16 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs 2013-01-08 20:16 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs 2013-01-08 20:16 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs 2013-01-08 20:16 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs 2013-01-08 20:16 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs 2013-01-08 20:16 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs 2013-01-08 20:16 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs 2013-01-08 20:16 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs 2013-01-08 20:16 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs 2013-01-08 20:16 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs 2013-01-08 20:16 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs 2013-01-08 20:16 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs 2013-01-08 20:16 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs 2013-01-08 20:16 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs 2013-01-08 20:16 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs 2013-01-08 20:16 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs 2013-01-08 20:16 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs 2013-01-08 20:16 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs 2013-01-08 20:15 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll 2013-01-08 20:15 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll 2013-01-08 20:15 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2013-01-08 20:15 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll 2013-01-08 20:15 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll 2013-01-08 20:15 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2013-01-08 20:15 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-01-08 20:15 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-01-08 20:15 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe 2013-01-08 20:15 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-01-08 20:15 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-01-08 20:15 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-01-08 20:15 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-01-08 20:15 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-01-08 20:15 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls 2013-01-08 20:15 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls 2013-01-08 20:15 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-01-08 20:15 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe 2013-01-07 22:51 - 2013-01-07 22:51 - 00001718 ____A C:\Users\Wheat\Desktop\RKreport[4]_S_01082013_02d0151.txt 2013-01-07 22:51 - 2013-01-07 22:51 - 00001683 ____A C:\Users\Wheat\Desktop\RKreport[3]_D_01082013_02d0151.txt 2013-01-07 22:50 - 2013-01-07 22:50 - 00002683 ____A C:\Users\Wheat\Desktop\RKreport[1]_S_01082013_02d0150.txt 2013-01-07 22:50 - 2013-01-07 22:50 - 00002641 ____A C:\Users\Wheat\Desktop\RKreport[2]_D_01082013_02d0150.txt 2013-01-07 22:49 - 2013-01-07 22:50 - 00000000 ____D C:\Users\Wheat\Desktop\RK_Quarantine 2013-01-07 22:41 - 2013-01-07 22:48 - 00000000 ____D C:\Program Files (x86)\Eusing Free Registry Cleaner 2013-01-07 22:41 - 2013-01-07 22:41 - 00001055 ____A C:\Users\Wheat\Desktop\Eusing Free Registry Cleaner.lnk 2013-01-07 22:41 - 2013-01-07 22:41 - 00001055 ____A C:\Users\Brian\Desktop\Eusing Free Registry Cleaner.lnk 2013-01-07 21:36 - 2013-01-07 21:39 - 00000000 ____D C:\Users\All Users\iolo 2013-01-07 21:36 - 2013-01-07 21:39 - 00000000 ____D C:\Users\All Users\Application Data\iolo 2013-01-07 21:36 - 2013-01-07 21:36 - 00074703 ____A C:\Windows\SysWOW64\mfc45.dll 2013-01-07 21:36 - 2013-01-07 21:36 - 00001177 ____A C:\Users\Wheat\Desktop\System Checkup.lnk 2013-01-07 21:36 - 2013-01-07 21:36 - 00000000 ____D C:\Program Files (x86)\iolo 2013-01-07 09:19 - 2013-01-07 09:37 - 45369887 ____A C:\Users\Wheat\Downloads\a76e9cb9514ce1d531b4fe52da1a5402.flv 2013-01-07 09:19 - 2013-01-07 09:22 - 45369887 ____A C:\Users\Wheat\Downloads\a76e9cb9514ce1d531b4fe52da1a5402 (1).flv 2013-01-07 09:14 - 2013-01-07 09:19 - 80767612 ____A C:\Users\Wheat\Downloads\15b7bf73d456ef13fa7cb3a11d3fac25toledo.flv 2013-01-06 13:21 - 2013-01-06 13:30 - 00000000 ____D C:\Users\Wheat\Downloads\BTTF pack 1-5 2013-01-02 13:00 - 2013-01-02 13:00 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf 2012-12-30 13:50 - 2012-12-30 13:50 - 00000000 ____D C:\Users\Wheat\Local Settings\Powercinema 2012-12-30 13:50 - 2012-12-30 13:50 - 00000000 ____D C:\Users\Wheat\Local Settings\Application Data\Powercinema 2012-12-30 13:50 - 2012-12-30 13:50 - 00000000 ____D C:\Users\Wheat\AppData\Local\Powercinema 2012-12-30 13:14 - 2012-12-30 13:41 - 00364537 ____N C:\Windows\Minidump\123012-30435-01.dmp 2012-12-30 10:42 - 2012-12-30 13:08 - 00000000 ____D C:\Users\Wheat\Downloads\The Walking Dead Episodes 1 2 3 4 5 PC full Game ^^nosTEAM^^ 2012-12-30 03:17 - 2012-12-30 03:17 - 00000000 ____D C:\Users\Wheat\Downloads\Super.8.2011.720p.BRRip.XviD.AC3-ViSiON 2012-12-29 08:39 - 2012-12-29 08:40 - 00000000 ____D C:\Users\Wheat\Downloads\ParaNorman.2012.1080p.BluRay.x264-ALLiANCE 2012-12-29 03:28 - 2012-12-29 03:28 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\39652122.sys 2012-12-29 03:09 - 2012-12-29 03:08 - 00000736 ____A C:\Windows\System32\Drivers\etc\hosts.txt 2012-12-29 03:08 - 2012-12-29 03:08 - 00000736 ____A C:\Users\Wheat\Desktop\hosts.txt 2012-12-29 03:05 - 2012-12-29 03:05 - 00000000 ____D C:\Users\Wheat\Application Data\Anvisoft 2012-12-29 03:05 - 2012-12-29 03:05 - 00000000 ____D C:\Users\Wheat\AppData\Roaming\Anvisoft 2012-12-29 03:04 - 2012-12-29 03:04 - 00001502 ____A C:\Users\Public\Desktop\Anvi AD Blocker.lnk 2012-12-29 03:04 - 2012-12-29 03:04 - 00001502 ____A C:\Users\All Users\Desktop\Anvi AD Blocker.lnk 2012-12-29 03:04 - 2012-12-29 03:04 - 00001186 ____A C:\Users\Public\Desktop\Anvi Smart Defender.lnk 2012-12-29 03:04 - 2012-12-29 03:04 - 00001186 ____A C:\Users\All Users\Desktop\Anvi Smart Defender.lnk 2012-12-29 03:04 - 2012-12-29 03:04 - 00000000 ____D C:\Users\All Users\Application Data\Anvisoft 2012-12-29 03:04 - 2012-12-29 03:04 - 00000000 ____D C:\Users\All Users\Anvisoft 2012-12-29 03:04 - 2012-12-29 03:04 - 00000000 ____D C:\Program Files (x86)\Anvisoft 2012-12-29 03:04 - 2012-11-06 23:16 - 00023376 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrs.sys 2012-12-29 03:04 - 2012-11-06 23:16 - 00018768 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrm.sys 2012-12-29 03:04 - 2012-11-06 23:16 - 00017232 ____A C:\Windows\System32\Drivers\asdws.sys 2012-12-22 00:00 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll 2012-12-22 00:00 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2012-12-22 00:00 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2012-12-22 00:00 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2012-12-21 14:38 - 2013-01-09 21:07 - 00003580 ____A C:\Users\Wheat\Desktop\Rkill.txt 2012-12-21 14:38 - 2013-01-09 21:06 - 00000000 ____D C:\Users\Wheat\Desktop\rkill 2012-12-21 12:12 - 2012-12-21 12:12 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Wheat\Downloads\tdsskiller.exe 2012-12-21 12:12 - 2012-12-21 12:12 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Wheat\Desktop\tdsskiller.exe 2012-12-20 04:59 - 2012-12-20 06:00 - 00500850 ____N C:\Windows\Minidump\122012-21481-01.dmp 2012-12-19 16:39 - 2012-12-19 16:39 - 00059170 ____A C:\Users\Wheat\Desktop\Extras.Txt 2012-12-19 16:38 - 2012-12-19 16:38 - 00167738 ____A C:\Users\Wheat\Desktop\OTL.Txt 2012-12-19 16:11 - 2012-12-19 16:16 - 00012884 ____A C:\Users\Wheat\Desktop\SystemLook.txt 2012-12-19 15:08 - 2012-12-19 15:09 - 00000000 ____D C:\Windows\rescache 2012-12-19 14:41 - 2012-12-19 14:41 - 00139264 ____A C:\Users\Wheat\Desktop\SystemLook.exe 2012-12-19 14:40 - 2012-12-19 14:40 - 00000000 ____D C:\_OTL 2012-12-19 14:39 - 2012-12-19 14:39 - 00009682 ____A C:\Users\Wheat\Desktop\fix.txt 2012-12-19 14:38 - 2012-12-19 14:39 - 00602112 ____A (OldTimer Tools) C:\Users\Wheat\Desktop\OTL.exe 2012-12-17 02:39 - 2012-12-17 02:40 - 00003645 ____A C:\AdwCleaner[s1].txt 2012-12-17 02:38 - 2012-12-17 02:38 - 00003965 ____A C:\AdwCleaner[R1].txt 2012-12-17 02:22 - 2013-01-11 23:11 - 00002257 ____A C:\Users\Wheat\Desktop\Google Chrome.lnk 2012-12-15 00:00 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-12-15 00:00 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-12-15 00:00 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-12-15 00:00 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-12-15 00:00 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-12-15 00:00 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-12-15 00:00 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-12-15 00:00 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-12-15 00:00 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-12-15 00:00 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-12-15 00:00 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-12-15 00:00 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-12-15 00:00 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-12-15 00:00 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-12-15 00:00 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-12-15 00:00 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-12-15 00:00 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-12-15 00:00 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-12-15 00:00 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-12-15 00:00 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-12-15 00:00 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-12-15 00:00 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-12-15 00:00 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-12-15 00:00 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-12-15 00:00 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-12-15 00:00 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-12-15 00:00 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-12-15 00:00 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-12-15 00:00 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-12-15 00:00 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-12-15 00:00 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-12-15 00:00 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll ==================== One Month Modified Files and Folders ======= 2013-01-14 17:24 - 2013-01-14 17:24 - 00000000 ____D C:\FRST 2013-01-14 14:21 - 2012-06-30 23:46 - 00000000 ____D C:\Users\Brian\Application Data\vlc 2013-01-14 14:21 - 2012-06-30 23:46 - 00000000 ____D C:\Users\Brian\AppData\Roaming\vlc 2013-01-14 14:08 - 2012-07-12 09:21 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-01-14 14:03 - 2013-01-14 14:03 - 00000736 ____A C:\Users\Brian\Desktop\EmsisoftAntiMalwareSetup - Shortcut.lnk 2013-01-14 14:03 - 2013-01-14 14:03 - 00000628 ____A C:\Users\Brian\Desktop\FixNCR - Shortcut.lnk 2013-01-14 14:03 - 2013-01-14 14:03 - 00000577 ____A C:\Users\Brian\Desktop\tdsskiller - Shortcut.lnk 2013-01-14 14:03 - 2013-01-14 14:03 - 00000522 ____A C:\Users\Brian\Desktop\PS3 - Shortcut.lnk 2013-01-14 13:58 - 2012-05-31 13:33 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-01-14 12:50 - 2013-01-14 12:50 - 00000000 ____D C:\Users\Brian\Local Settings\Nero_AG 2013-01-14 12:50 - 2013-01-14 12:50 - 00000000 ____D C:\Users\Brian\Local Settings\Application Data\Nero_AG 2013-01-14 12:50 - 2013-01-14 12:50 - 00000000 ____D C:\Users\Brian\AppData\Local\Nero_AG 2013-01-14 12:50 - 2013-01-14 12:49 - 00000000 ____D C:\Users\Brian\Local Settings\Nero 2013-01-14 12:50 - 2013-01-14 12:49 - 00000000 ____D C:\Users\Brian\Local Settings\Application Data\Nero 2013-01-14 12:50 - 2013-01-14 12:49 - 00000000 ____D C:\Users\Brian\AppData\Local\Nero 2013-01-14 12:49 - 2013-01-14 12:49 - 00000000 ___RD C:\Users\Brian\Desktop\MySyncUPFiles 2013-01-14 12:49 - 2013-01-14 12:49 - 00000000 ____D C:\Users\Brian\Application Data\Nero 2013-01-14 12:49 - 2013-01-14 12:49 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Nero 2013-01-14 12:49 - 2012-06-27 12:09 - 00000000 ____D C:\Users\Brian\Local Settings\VirtualStore 2013-01-14 12:49 - 2012-06-27 12:09 - 00000000 ____D C:\Users\Brian\Local Settings\Application Data\VirtualStore 2013-01-14 12:49 - 2012-06-27 12:09 - 00000000 ____D C:\Users\Brian\AppData\Local\VirtualStore 2013-01-14 12:22 - 2013-01-14 11:57 - 00000000 ____D C:\Users\Brian\Application Data\dvdcss 2013-01-14 12:22 - 2013-01-14 11:57 - 00000000 ____D C:\Users\Brian\AppData\Roaming\dvdcss 2013-01-14 11:57 - 2013-01-14 11:57 - 00000000 ____D C:\Users\Brian\My Backup Files 2013-01-14 11:57 - 2012-06-27 12:09 - 00000000 ____D C:\Users\Brian\Local Settings\SoftThinks 2013-01-14 11:57 - 2012-06-27 12:09 - 00000000 ____D C:\Users\Brian\Local Settings\Application Data\SoftThinks 2013-01-14 11:57 - 2012-06-27 12:09 - 00000000 ____D C:\Users\Brian\AppData\Local\SoftThinks 2013-01-14 11:57 - 2012-06-27 12:09 - 00000000 ____D C:\users\Brian 2013-01-14 11:57 - 2012-05-14 19:03 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2013-01-14 11:56 - 2013-01-14 11:56 - 00000000 ____D C:\Users\Brian\Application Data\DAEMON Tools Lite 2013-01-14 11:56 - 2013-01-14 11:56 - 00000000 ____D C:\Users\Brian\AppData\Roaming\DAEMON Tools Lite 2013-01-14 11:56 - 2013-01-14 11:03 - 00002257 ____A C:\Users\Brian\Desktop\Google Chrome.lnk 2013-01-14 11:55 - 2012-06-27 12:48 - 00000000 ____D C:\Users\Brian\Local Settings\Google 2013-01-14 11:55 - 2012-06-27 12:48 - 00000000 ____D C:\Users\Brian\Local Settings\Application Data\Google 2013-01-14 11:55 - 2012-06-27 12:48 - 00000000 ____D C:\Users\Brian\AppData\Local\Google 2013-01-14 11:34 - 2012-12-03 16:18 - 01115543 ____A C:\Windows\WindowsUpdate.log 2013-01-14 11:13 - 2009-07-13 21:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI 2013-01-14 11:10 - 2009-07-13 20:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-01-14 11:10 - 2009-07-13 20:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-01-14 11:04 - 2012-05-14 19:21 - 00000000 ____D C:\Users\All Users\Sonic 2013-01-14 11:04 - 2012-05-14 19:21 - 00000000 ____D C:\Users\All Users\Application Data\Sonic 2013-01-14 11:03 - 2012-11-15 01:36 - 00000000 ____D C:\Program Files\Dl_cats 2013-01-14 11:03 - 2012-05-31 13:33 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-01-14 11:03 - 2012-05-14 19:34 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks 2013-01-14 11:03 - 2012-05-14 19:34 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks 2013-01-14 11:03 - 2012-05-14 19:34 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2013-01-14 11:03 - 2012-05-14 19:34 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks 2013-01-14 11:03 - 2012-05-14 19:34 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks 2013-01-14 11:03 - 2012-05-14 19:34 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2013-01-14 11:02 - 2012-12-03 16:14 - 00019844 ____A C:\Windows\setupact.log 2013-01-14 11:02 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-01-14 11:00 - 2013-01-14 10:29 - 00000004 ____A C:\Users\Wheat\Application Data\skype.ini 2013-01-14 11:00 - 2013-01-14 10:29 - 00000004 ____A C:\Users\Wheat\AppData\Roaming\skype.ini 2013-01-14 10:59 - 2010-11-20 19:24 - 00000000 __SHD C:\Users\Wheat\Application Data\6FB51F 2013-01-14 10:59 - 2010-11-20 19:24 - 00000000 __SHD C:\Users\Wheat\AppData\Roaming\6FB51F 2013-01-14 10:58 - 2012-12-03 16:14 - 00018454 ____A C:\Windows\PFRO.log 2013-01-14 10:11 - 2013-01-14 09:55 - 161766152 ____A C:\Users\Wheat\Downloads\6942284c7a9144d94d0b00400ee4736c.flv 2013-01-14 09:52 - 2012-05-19 19:41 - 00000000 ____D C:\Users\Wheat\Application Data\uTorrent 2013-01-14 09:52 - 2012-05-19 19:41 - 00000000 ____D C:\Users\Wheat\AppData\Roaming\uTorrent 2013-01-14 00:09 - 2013-01-12 17:37 - 00000000 ____D C:\Users\Wheat\Downloads\Django Unchained 2012 DVDSCR X264 AAC-P2P 2013-01-13 18:13 - 2012-09-07 22:30 - 00000000 ____D C:\Users\Wheat\Application Data\vlc 2013-01-13 18:13 - 2012-09-07 22:30 - 00000000 ____D C:\Users\Wheat\AppData\Roaming\vlc 2013-01-13 10:09 - 2012-05-19 21:45 - 00000000 ____D C:\Users\Wheat\Local Settings\Nero 2013-01-13 10:09 - 2012-05-19 21:45 - 00000000 ____D C:\Users\Wheat\Local Settings\Application Data\Nero 2013-01-13 10:09 - 2012-05-19 21:45 - 00000000 ____D C:\Users\Wheat\AppData\Local\Nero 2013-01-11 23:11 - 2012-12-17 02:22 - 00002257 ____A C:\Users\Wheat\Desktop\Google Chrome.lnk 2013-01-11 05:39 - 2013-01-11 05:39 - 00000887 ____A C:\AdwCleaner[R2].txt 2013-01-10 09:39 - 2013-01-10 09:39 - 00000000 ____D C:\Users\Brian\Local Settings\Application Data\Adobe 2013-01-10 09:39 - 2013-01-10 09:39 - 00000000 ____D C:\Users\Brian\Local Settings\Adobe 2013-01-10 09:39 - 2013-01-10 09:39 - 00000000 ____D C:\Users\Brian\AppData\Local\Adobe 2013-01-10 09:39 - 2012-06-27 12:29 - 00074856 ____A C:\Users\Brian\Local Settings\GDIPFONTCACHEV1.DAT 2013-01-10 09:39 - 2012-06-27 12:29 - 00074856 ____A C:\Users\Brian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2013-01-10 09:39 - 2012-06-27 12:29 - 00074856 ____A C:\Users\Brian\AppData\Local\GDIPFONTCACHEV1.DAT 2013-01-09 21:07 - 2012-12-21 14:38 - 00003580 ____A C:\Users\Wheat\Desktop\Rkill.txt 2013-01-09 21:06 - 2012-12-21 14:38 - 00000000 ____D C:\Users\Wheat\Desktop\rkill 2013-01-09 00:47 - 2009-07-13 20:45 - 04879288 ____A C:\Windows\System32\FNTCACHE.DAT 2013-01-09 00:21 - 2011-02-10 08:10 - 00772558 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2013-01-09 00:12 - 2012-05-20 23:05 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-01-08 22:08 - 2012-07-09 04:25 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-01-08 22:08 - 2012-07-09 04:25 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-01-07 22:51 - 2013-01-07 22:51 - 00001718 ____A C:\Users\Wheat\Desktop\RKreport[4]_S_01082013_02d0151.txt 2013-01-07 22:51 - 2013-01-07 22:51 - 00001683 ____A C:\Users\Wheat\Desktop\RKreport[3]_D_01082013_02d0151.txt 2013-01-07 22:50 - 2013-01-07 22:50 - 00002683 ____A C:\Users\Wheat\Desktop\RKreport[1]_S_01082013_02d0150.txt 2013-01-07 22:50 - 2013-01-07 22:50 - 00002641 ____A C:\Users\Wheat\Desktop\RKreport[2]_D_01082013_02d0150.txt 2013-01-07 22:50 - 2013-01-07 22:49 - 00000000 ____D C:\Users\Wheat\Desktop\RK_Quarantine 2013-01-07 22:48 - 2013-01-07 22:41 - 00000000 ____D C:\Program Files (x86)\Eusing Free Registry Cleaner 2013-01-07 22:48 - 2012-10-04 00:42 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-01-07 22:48 - 2012-10-04 00:42 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2013-01-07 22:48 - 2012-10-04 00:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-01-07 22:41 - 2013-01-07 22:41 - 00001055 ____A C:\Users\Wheat\Desktop\Eusing Free Registry Cleaner.lnk 2013-01-07 22:41 - 2013-01-07 22:41 - 00001055 ____A C:\Users\Brian\Desktop\Eusing Free Registry Cleaner.lnk 2013-01-07 21:39 - 2013-01-07 21:36 - 00000000 ____D C:\Users\All Users\iolo 2013-01-07 21:39 - 2013-01-07 21:36 - 00000000 ____D C:\Users\All Users\Application Data\iolo 2013-01-07 21:36 - 2013-01-07 21:36 - 00074703 ____A C:\Windows\SysWOW64\mfc45.dll 2013-01-07 21:36 - 2013-01-07 21:36 - 00001177 ____A C:\Users\Wheat\Desktop\System Checkup.lnk 2013-01-07 21:36 - 2013-01-07 21:36 - 00000000 ____D C:\Program Files (x86)\iolo 2013-01-07 09:37 - 2013-01-07 09:19 - 45369887 ____A C:\Users\Wheat\Downloads\a76e9cb9514ce1d531b4fe52da1a5402.flv 2013-01-07 09:22 - 2013-01-07 09:19 - 45369887 ____A C:\Users\Wheat\Downloads\a76e9cb9514ce1d531b4fe52da1a5402 (1).flv 2013-01-06 13:30 - 2013-01-06 13:21 - 00000000 ____D C:\Users\Wheat\Downloads\BTTF pack 1-5 2013-01-02 13:00 - 2013-01-02 13:00 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf 2012-12-30 13:50 - 2012-12-30 13:50 - 00000000 ____D C:\Users\Wheat\Local Settings\Powercinema 2012-12-30 13:50 - 2012-12-30 13:50 - 00000000 ____D C:\Users\Wheat\Local Settings\Application Data\Powercinema 2012-12-30 13:50 - 2012-12-30 13:50 - 00000000 ____D C:\Users\Wheat\AppData\Local\Powercinema 2012-12-30 13:50 - 2012-05-20 01:14 - 00000000 ____D C:\Users\Wheat\Application Data\CyberLink 2012-12-30 13:50 - 2012-05-20 01:14 - 00000000 ____D C:\Users\Wheat\AppData\Roaming\CyberLink 2012-12-30 13:42 - 2012-05-19 22:25 - 00000000 ____D C:\Windows\Minidump 2012-12-30 13:41 - 2012-12-30 13:14 - 00364537 ____N C:\Windows\Minidump\123012-30435-01.dmp 2012-12-30 13:10 - 2012-10-13 09:43 - 00002515 ____A C:\Users\Wheat\Desktop\Play The Walking Dead nosTEAM.lnk 2012-12-30 13:08 - 2012-12-30 10:42 - 00000000 ____D C:\Users\Wheat\Downloads\The Walking Dead Episodes 1 2 3 4 5 PC full Game ^^nosTEAM^^ 2012-12-30 03:17 - 2012-12-30 03:17 - 00000000 ____D C:\Users\Wheat\Downloads\Super.8.2011.720p.BRRip.XviD.AC3-ViSiON 2012-12-29 08:40 - 2012-12-29 08:39 - 00000000 ____D C:\Users\Wheat\Downloads\ParaNorman.2012.1080p.BluRay.x264-ALLiANCE 2012-12-29 03:28 - 2012-12-29 03:28 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\39652122.sys 2012-12-29 03:08 - 2012-12-29 03:09 - 00000736 ____A C:\Windows\System32\Drivers\etc\hosts.txt 2012-12-29 03:08 - 2012-12-29 03:08 - 00000736 ____A C:\Users\Wheat\Desktop\hosts.txt 2012-12-29 03:05 - 2012-12-29 03:05 - 00000000 ____D C:\Users\Wheat\Application Data\Anvisoft 2012-12-29 03:05 - 2012-12-29 03:05 - 00000000 ____D C:\Users\Wheat\AppData\Roaming\Anvisoft 2012-12-29 03:04 - 2012-12-29 03:04 - 00001502 ____A C:\Users\Public\Desktop\Anvi AD Blocker.lnk 2012-12-29 03:04 - 2012-12-29 03:04 - 00001502 ____A C:\Users\All Users\Desktop\Anvi AD Blocker.lnk 2012-12-29 03:04 - 2012-12-29 03:04 - 00001186 ____A C:\Users\Public\Desktop\Anvi Smart Defender.lnk 2012-12-29 03:04 - 2012-12-29 03:04 - 00001186 ____A C:\Users\All Users\Desktop\Anvi Smart Defender.lnk 2012-12-29 03:04 - 2012-12-29 03:04 - 00000000 ____D C:\Users\All Users\Application Data\Anvisoft 2012-12-29 03:04 - 2012-12-29 03:04 - 00000000 ____D C:\Users\All Users\Anvisoft 2012-12-29 03:04 - 2012-12-29 03:04 - 00000000 ____D C:\Program Files (x86)\Anvisoft 2012-12-27 16:20 - 2012-07-21 14:22 - 00000000 ____D C:\Users\Wheat\Application Data\dvdcss 2012-12-27 16:20 - 2012-07-21 14:22 - 00000000 ____D C:\Users\Wheat\AppData\Roaming\dvdcss 2012-12-22 05:58 - 2012-05-14 19:17 - 00000000 ____D C:\Users\All Users\Application Data\Adobe 2012-12-22 05:58 - 2012-05-14 19:17 - 00000000 ____D C:\Users\All Users\Adobe 2012-12-22 05:56 - 2012-05-14 19:17 - 00000000 ____D C:\Program Files (x86)\Adobe 2012-12-22 05:54 - 2012-12-08 07:30 - 00000000 ____D C:\Program Files\Common Files\Adobe 2012-12-22 05:53 - 2012-12-08 07:32 - 00000000 ____D C:\Program Files\Adobe 2012-12-22 05:50 - 2012-05-21 04:50 - 00000000 ____D C:\Users\Wheat\Local Settings\Application Data\Adobe 2012-12-22 05:50 - 2012-05-21 04:50 - 00000000 ____D C:\Users\Wheat\Local Settings\Adobe 2012-12-22 05:50 - 2012-05-21 04:50 - 00000000 ____D C:\Users\Wheat\AppData\Local\Adobe 2012-12-21 15:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2012-12-21 12:12 - 2012-12-21 12:12 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Wheat\Downloads\tdsskiller.exe 2012-12-21 12:12 - 2012-12-21 12:12 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Wheat\Desktop\tdsskiller.exe 2012-12-21 11:10 - 2012-05-19 19:41 - 00000000 ____D C:\Users\Wheat\Local Settings\Google 2012-12-21 11:10 - 2012-05-19 19:41 - 00000000 ____D C:\Users\Wheat\Local Settings\Application Data\Google 2012-12-21 11:10 - 2012-05-19 19:41 - 00000000 ____D C:\Users\Wheat\AppData\Local\Google 2012-12-20 06:00 - 2012-12-20 04:59 - 00500850 ____N C:\Windows\Minidump\122012-21481-01.dmp 2012-12-19 16:39 - 2012-12-19 16:39 - 00059170 ____A C:\Users\Wheat\Desktop\Extras.Txt 2012-12-19 16:38 - 2012-12-19 16:38 - 00167738 ____A C:\Users\Wheat\Desktop\OTL.Txt 2012-12-19 16:16 - 2012-12-19 16:11 - 00012884 ____A C:\Users\Wheat\Desktop\SystemLook.txt 2012-12-19 15:09 - 2012-12-19 15:08 - 00000000 ____D C:\Windows\rescache 2012-12-19 14:41 - 2012-12-19 14:41 - 00139264 ____A C:\Users\Wheat\Desktop\SystemLook.exe 2012-12-19 14:40 - 2012-12-19 14:40 - 00000000 ____D C:\_OTL 2012-12-19 14:39 - 2012-12-19 14:39 - 00009682 ____A C:\Users\Wheat\Desktop\fix.txt 2012-12-19 14:39 - 2012-12-19 14:38 - 00602112 ____A (OldTimer Tools) C:\Users\Wheat\Desktop\OTL.exe 2012-12-17 15:07 - 2012-07-21 19:30 - 00000000 ____D C:\Users\Wheat\Application Data\DAEMON Tools Lite 2012-12-17 15:07 - 2012-07-21 19:30 - 00000000 ____D C:\Users\Wheat\AppData\Roaming\DAEMON Tools Lite 2012-12-17 07:26 - 2012-07-06 05:13 - 00000000 ____D C:\Users\Wheat\Downloads\OKAD376 AVI 2012-12-17 02:40 - 2012-12-17 02:39 - 00003645 ____A C:\AdwCleaner[s1].txt 2012-12-17 02:38 - 2012-12-17 02:38 - 00003965 ____A C:\AdwCleaner[R1].txt 2012-12-17 02:22 - 2012-05-31 13:33 - 00000000 ____D C:\Program Files (x86)\Google 2012-12-16 09:11 - 2012-12-22 00:00 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll 2012-12-16 06:45 - 2012-12-22 00:00 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2012-12-16 06:13 - 2012-12-22 00:00 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2012-12-16 06:13 - 2012-12-22 00:00 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2012-12-16 03:48 - 2012-05-25 00:55 - 00000000 ____D C:\Users\Wheat\Local Settings\Kjs.AppLife.Update 2012-12-16 03:48 - 2012-05-25 00:55 - 00000000 ____D C:\Users\Wheat\Local Settings\Application Data\Kjs.AppLife.Update 2012-12-16 03:48 - 2012-05-25 00:55 - 00000000 ____D C:\Users\Wheat\AppData\Local\Kjs.AppLife.Update ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 8174.64 MB Available physical RAM: 7341.21 MB Total Pagefile: 8172.84 MB Available Pagefile: 7350.14 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:7.26 GB) NTFS 4 Drive f: (RECOVERY) (Fixed) (Total:14.81 GB) (Free:5.27 GB) NTFS ==>[system with boot components (obtained from reading drive)] 5 Drive g: (KINGSTON) (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 931 GB 0 B Disk 1 No Media 0 B 0 B Disk 2 Online 1918 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 31 KB Partition 2 Primary 14 GB 40 MB Partition 3 Primary 916 GB 14 GB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 FAT Partition 39 MB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 F RECOVERY NTFS Partition 14 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 916 GB Healthy ========================================================= Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1917 MB 124 KB ================================================================================== Disk: 2 Partition 1 Type : 06 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G KINGSTON FAT Removable 1917 MB Healthy ========================================================= Last Boot: 2013-01-08 00:46 ==================== End Of Log ============================= Farbar Recovery Scan Tool (x64) Version: 09-01-2013 Ran by SYSTEM at 2013-01-14 17:29:49 Running from G:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2012-10-04 00:18] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2012-10-04 00:18] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ============ End Of Search ======
  12. Fbi virus and when I try to start in safe mode...it reboots me back into regular mode. Can anyone help? When I got this in the past...I was able to use safe mode and run malwarebyte but this time I can't even use safe mode.
  13. Fbi virus and when I try to start in safe mode...it reboots me back into regular mode. Can anyone help? When I got this in the past...I was able to use safe mode and run malwarebyte but this time I can't even use safe mode.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.