Dogtooth
-
Posts
9 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Dogtooth
-
-
My Windows 7 laptop has been hit with the Moneypak virus, and I ran FARBAR to get the log, and I just need a fixlist.txt to move on to the next step.
Here's the log, and I appreciate any help.
Thanks!
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-05-2013 01 (ATTENTION: FRST version is 148 days old)
Ran by SYSTEM on 05-10-2013 04:27:41
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.==================== Registry (Whitelisted) ==================
HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-21] (IDT, Inc.)
HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2799912 2013-09-28] (Synaptics Incorporated)
HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL "" [1111568 2011-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [197152 2011-02-10] (Trend Micro Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-09-13] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] [x]
HKU\Andrew\...\Run: [GoogleChromeAutoLaunch_AF2E2510EC2DA94726BF08BC757DFE33] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window [844752 2013-09-26] (Google Inc.)
HKU\Andrew\...\Winlogon: [shell] explorer.exe,C:\Users\Andrew\AppData\Roaming\data.dat [85504 2013-08-01] () <==== ATTENTION
BootExecute: autocheck autochk * r??,autocheck autochk * ????==================== Services (Whitelisted) =================
S4 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-08-31] (Adobe Systems Incorporated)
S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-24] (CyberLink)
S2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1164328 2013-09-09] (iolo technologies, LLC)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]==================== Drivers (Whitelisted) ====================
S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-08-08] (Trend Micro Inc.)
S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-08-08] (Trend Micro Inc.)
S2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-08-08] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-08-08] (Trend Micro Inc.)==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-04 18:26 - 2013-10-04 18:26 - 00000000 ____D C:\FRST
2013-10-04 13:51 - 2013-10-04 15:39 - 00000004 ____A C:\Users\Andrew\AppData\Roaming\settings.ini
2013-10-04 13:00 - 2013-10-04 13:00 - 00262144 ____A C:\Windows\Minidump\100413-43040-01.dmp
2013-10-02 19:58 - 2013-10-02 19:58 - 00000000 ____D C:\Users\Andrew\Desktop\Nausicaa.Of.The.Valley.Of.The.Wind.1984.x264.AC3.4AUDIO-WAF
2013-10-02 18:03 - 2013-10-03 10:58 - 3741257391 ____A C:\Users\Andrew\Desktop\Miyazaki - Laputa Castle in the sky.mkv
2013-10-02 10:10 - 2013-10-02 10:11 - 18182900 ____A C:\Users\Andrew\Downloads\P1E.mov
2013-10-01 14:17 - 2013-10-01 14:17 - 00003288 ____N C:\bootsqm.dat
2013-10-01 13:59 - 2013-10-01 23:07 - 00015758 ____H C:\Users\Andrew\Desktop\~WRL3595.tmp
2013-10-01 13:53 - 2013-09-24 02:07 - 1725359838 ____A C:\Users\Andrew\Downloads\21792_03_720p.mp4
2013-09-30 17:45 - 2013-09-30 17:45 - 00015146 ____A C:\Users\Andrew\Downloads\WWE.Triple.H.Thy.Kingdom.Come.2013.BDRip.x264-RUDOS.torrent
2013-09-30 10:48 - 2013-09-30 10:48 - 00023300 ____A C:\Users\Andrew\Downloads\The.Princess.Bride.1987.720p.BluRay.x264-REVEiLLE.4757494.TPB.torrent
2013-09-29 11:20 - 2013-09-29 11:45 - 295105297 ____A C:\Users\Andrew\Downloads\rnyaoe210.wmv
2013-09-29 11:15 - 2013-09-29 11:17 - 132497180 ____A C:\Users\Andrew\Downloads\Comedy Bang! Bang! 2013 Tour.zip
2013-09-29 08:45 - 2013-09-29 08:45 - 00000000 ____D C:\ProgramData\Synaptics
2013-09-28 14:17 - 2013-09-28 16:35 - 418250189 ____A C:\Users\Andrew\Downloads\sg_TIBLc3.mp4
2013-09-28 10:04 - 2013-09-28 10:06 - 00004414 ____A C:\Windows\DPINST.LOG
2013-09-28 10:04 - 2013-09-28 10:06 - 00001414 ____A C:\Windows\Synaptics.log
2013-09-28 10:04 - 2013-09-28 10:04 - 01451056 ____A (Synaptics Incorporated) C:\Windows\System32\Drivers\SynTP.sys
2013-09-28 10:04 - 2013-09-28 10:04 - 00276264 ____A (Synaptics Incorporated) C:\Windows\System32\SynCtrl.dll
2013-09-28 10:04 - 2013-09-28 10:04 - 00226600 ____A (Synaptics Incorporated) C:\Windows\System32\SynTPAPI.dll
2013-09-28 10:04 - 2013-09-28 10:04 - 00222504 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynCtrl.dll
2013-09-28 10:04 - 2013-09-28 10:04 - 00177448 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynCOM.dll
2013-09-28 10:04 - 2013-09-28 10:04 - 00148264 ____A (Synaptics Incorporated) C:\Windows\System32\SynTPCo9.dll
2013-09-28 10:04 - 2013-09-28 10:04 - 00107816 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCOM.dll
2013-09-28 10:04 - 2013-09-28 10:04 - 00066856 ____A C:\Windows\SysWOW64\SynTPEnhPS.dll
2013-09-27 10:43 - 2013-09-27 10:45 - 143794880 ____A C:\Users\Andrew\Downloads\IMG_1233.MOV
2013-09-26 20:15 - 2013-09-15 06:39 - 1368691539 ____A C:\Users\Andrew\Downloads\6HBk3PnA4T.mp4
2013-09-24 13:48 - 2013-09-24 13:48 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-09-24 13:47 - 2013-09-24 13:48 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-24 13:47 - 2013-09-24 13:48 - 00000000 ____D C:\Program Files\iTunes
2013-09-24 13:47 - 2013-09-24 13:48 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-24 13:47 - 2013-09-24 13:47 - 00000000 ____D C:\Program Files\iPod
2013-09-24 10:27 - 2013-09-24 11:33 - 150817268 ____A C:\Users\Andrew\Downloads\tallW861.wmv
2013-09-23 07:35 - 2013-09-23 07:35 - 00000301 ____A C:\Users\Andrew\Downloads\widgets-tweet_button.html (1).torrent
2013-09-23 07:34 - 2013-09-23 07:34 - 00000301 ____A C:\Users\Andrew\Downloads\widgets-tweet_button.html.torrent
2013-09-21 08:22 - 2013-09-21 08:22 - 00002185 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2013-09-21 08:19 - 2013-09-21 08:19 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-09-21 08:14 - 2013-09-21 08:14 - 00059608 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2013-09-18 20:13 - 2013-09-18 22:15 - 347222016 ____A C:\Users\Andrew\Downloads\nr077.mpg
2013-09-13 10:37 - 2013-09-13 11:08 - 376823808 ____A C:\Users\Andrew\Downloads\nr120.mpg
2013-09-12 21:30 - 2013-09-12 22:07 - 440460420 ____A C:\Users\Andrew\Downloads\nr044.avi
2013-09-12 19:49 - 2013-09-12 20:06 - 201717760 ____A C:\Users\Andrew\Downloads\ashblue0100.avi
2013-09-12 19:29 - 2013-09-12 20:50 - 198574080 ____A C:\Users\Andrew\Downloads\ashblue0065.avi
2013-09-12 18:09 - 2013-09-12 19:18 - 146745344 ____A C:\Users\Andrew\Downloads\ashblue0041.avi
2013-09-12 13:29 - 2013-07-31 05:09 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-09-12 13:29 - 2013-07-31 05:08 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-09-12 13:29 - 2013-07-31 01:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-12 13:29 - 2013-07-31 01:45 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 13:29 - 2013-07-31 01:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-12 13:28 - 2013-07-31 06:17 - 17833472 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-12 13:28 - 2013-07-31 05:42 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-12 13:28 - 2013-07-31 05:29 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-09-12 13:28 - 2013-07-31 05:20 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-12 13:28 - 2013-07-31 05:19 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-12 13:28 - 2013-07-31 05:18 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-09-12 13:28 - 2013-07-31 05:17 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-09-12 13:28 - 2013-07-31 05:16 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-12 13:28 - 2013-07-31 05:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-09-12 13:28 - 2013-07-31 05:13 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-09-12 13:28 - 2013-07-31 05:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-09-12 13:28 - 2013-07-31 05:11 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-12 13:28 - 2013-07-31 05:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-12 13:28 - 2013-07-31 05:05 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-09-12 13:28 - 2013-07-31 02:30 - 12335104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 13:28 - 2013-07-31 02:05 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 13:28 - 2013-07-31 02:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 13:28 - 2013-07-31 01:53 - 01104896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 13:28 - 2013-07-31 01:52 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-12 13:28 - 2013-07-31 01:52 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 13:28 - 2013-07-31 01:51 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-12 13:28 - 2013-07-31 01:49 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 13:28 - 2013-07-31 01:48 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 13:28 - 2013-07-31 01:48 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-12 13:28 - 2013-07-31 01:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 13:28 - 2013-07-31 01:46 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 13:28 - 2013-07-31 01:42 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 06:04 - 2013-08-07 17:20 - 03155456 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-09-12 06:04 - 2013-08-04 18:25 - 00155584 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2013-09-12 06:04 - 2013-08-01 18:23 - 05550528 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-09-12 06:04 - 2013-08-01 18:15 - 01732032 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-09-12 06:04 - 2013-08-01 18:15 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-09-12 06:04 - 2013-08-01 18:15 - 00243712 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-09-12 06:04 - 2013-08-01 18:15 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-09-12 06:04 - 2013-08-01 18:14 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-09-12 06:04 - 2013-08-01 18:14 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-09-12 06:04 - 2013-08-01 18:13 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-09-12 06:04 - 2013-08-01 18:13 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00006656 ____A (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:59 - 03968960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 06:04 - 2013-08-01 17:59 - 03913664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 06:04 - 2013-08-01 17:51 - 01292192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 06:04 - 2013-08-01 17:51 - 00085504 ____A C:\Users\Andrew\AppData\Roaming\data.dat
2013-09-12 06:04 - 2013-08-01 17:50 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 06:04 - 2013-08-01 17:50 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 06:04 - 2013-08-01 17:50 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:09 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-09-12 06:04 - 2013-08-01 16:59 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-09-12 06:04 - 2013-08-01 16:45 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 06:04 - 2013-08-01 16:45 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 06:04 - 2013-08-01 16:45 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 06:04 - 2013-08-01 16:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 06:04 - 2013-08-01 16:43 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 16:43 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 16:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 16:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 06:04 - 2013-07-25 18:24 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-09-12 06:04 - 2013-07-25 18:24 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-09-12 06:04 - 2013-07-25 17:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 06:04 - 2013-07-25 17:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-11 13:10 - 2013-09-11 11:09 - 779907957 ____A C:\Users\Andrew\Downloads\LisaA_BHC_Sc2hd.mp4
2013-09-07 12:38 - 2013-09-07 13:34 - 393764129 ____A 2013-09-05 19:13 - 2013-09-05 19:13 - 00020153 ____A C:\ComboFix.txt
2013-09-05 19:03 - 2013-10-04 13:00 - 00071598 ____A C:\Windows\PFRO.log
2013-09-05 18:20 - 2013-10-04 16:54 - 00262899 ____A C:\Windows\setupact.log
2013-09-05 18:20 - 2013-09-05 18:20 - 00000000 ____A C:\Windows\setuperr.log
2013-09-05 18:17 - 2013-09-05 18:19 - 00000000 ____D C:\AdwCleaner
==================== One Month Modified Files and Folders =======2098-05-21 20:42 - 2013-01-31 00:29 - 1143474353 ____A C:\Users\Andrew\Downloads\0455hd.mp4
2013-10-04 18:26 - 2013-10-04 18:26 - 00000000 ____D C:\FRST
2013-10-04 16:54 - 2013-09-05 18:20 - 00262899 ____A C:\Windows\setupact.log
2013-10-04 16:54 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-10-04 16:21 - 2013-03-21 21:50 - 01941825 ____A C:\Windows\WindowsUpdate.log
2013-10-04 16:21 - 2009-07-13 20:45 - 00036064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-04 16:21 - 2009-07-13 20:45 - 00036064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-04 15:47 - 2013-07-15 08:42 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-04 15:39 - 2013-10-04 13:51 - 00000004 ____A C:\Users\Andrew\AppData\Roaming\settings.ini
2013-10-04 15:38 - 2013-07-15 08:42 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-04 13:52 - 2011-12-15 18:23 - 00000000 ____D C:\Users\Andrew\Documents\Youcam
2013-10-04 13:33 - 2012-04-01 14:01 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-04 13:00 - 2013-10-04 13:00 - 00262144 ____A C:\Windows\Minidump\100413-43040-01.dmp
2013-10-04 13:00 - 2013-09-05 19:03 - 00071598 ____A C:\Windows\PFRO.log
2013-10-04 13:00 - 2013-05-12 08:54 - 00000000 ____D C:\Windows\Minidump
2013-10-04 12:55 - 2011-12-15 19:22 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Azureus
2013-10-03 11:21 - 2013-02-17 20:43 - 00000000 ____D C:\Users\Andrew\Documents\New folder
2013-10-03 11:21 - 2012-01-04 21:30 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\vlc
2013-10-03 10:58 - 2013-10-02 18:03 - 3741257391 ____A C:\Users\Andrew\Desktop\Miyazaki - Laputa Castle in the sky.mkv
2013-10-02 19:58 - 2013-10-02 19:58 - 00000000 ____D C:\Users\Andrew\Desktop\Nausicaa.Of.The.Valley.Of.The.Wind.1984.x264.AC3.4AUDIO-WAF
2013-10-02 18:52 - 2013-07-15 08:43 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-02 15:52 - 2013-10-02 09:47 - 596432818 ____A C:\Users\Andrew\Downloads\GL85s3-DD54O.mp4
2013-10-02 12:30 - 2013-10-02 09:54 - 478707868 ____A C:\Users\Andrew\Downloads\LABLKOTs5.mp4
2013-10-02 12:27 - 2013-04-05 16:56 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForAndrew.job
2013-10-02 10:11 - 2013-10-02 10:10 - 18182900 ____A C:\Users\Andrew\Downloads\P1E.mov
2013-10-01 23:08 - 2012-10-05 07:27 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\SoftGrid Client
2013-10-01 23:07 - 2013-10-01 13:59 - 00015758 ____H C:\Users\Andrew\Desktop\~WRL3595.tmp
2013-10-01 14:21 - 2013-03-21 19:50 - 00000000 ___HD C:\users\Andrew
2013-10-01 14:17 - 2013-10-01 14:17 - 00003288 ____N C:\bootsqm.dat
2013-09-30 17:45 - 2013-09-30 17:45 - 00015146 ____A C:\Users\Andrew\Downloads\WWE.Triple.H.Thy.Kingdom.Come.2013.BDRip.x264-RUDOS.torrent
2013-09-30 10:48 - 2013-09-30 10:48 - 00023300 ____A C:\Users\Andrew\Downloads\The.Princess.Bride.1987.720p.BluRay.x264-REVEiLLE.4757494.TPB.torrent
2013-09-29 11:45 - 2013-09-29 11:20 - 295105297 ____A C:\Users\Andrew\Downloads\rnyaoe210.wmv
2013-09-29 11:17 - 2013-09-29 11:15 - 132497180 ____A C:\Users\Andrew\Downloads\Comedy Bang! Bang! 2013 Tour.zip
2013-09-29 08:45 - 2013-09-29 08:45 - 00000000 ____D C:\ProgramData\Synaptics
2013-09-28 16:35 - 2013-09-28 14:17 - 418250189 ____A C:\Users\Andrew\Downloads\sg_TIBLc3.mp4
2013-09-28 10:09 - 2011-12-24 10:16 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-09-28 10:08 - 2011-09-01 19:18 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-09-28 10:08 - 2011-09-01 19:05 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-09-28 10:07 - 2011-02-10 11:23 - 00000000 ____D C:\SWSetup
2013-09-28 10:06 - 2013-09-28 10:04 - 00004414 ____A C:\Windows\DPINST.LOG
2013-09-28 10:06 - 2013-09-28 10:04 - 00001414 ____A C:\Windows\Synaptics.log
2013-09-28 10:04 - 2013-09-28 10:04 - 01451056 ____A (Synaptics Incorporated) C:\Windows\System32\Drivers\SynTP.sys
2013-09-28 10:04 - 2013-09-28 10:04 - 00276264 ____A (Synaptics Incorporated) C:\Windows\System32\SynCtrl.dll
2013-09-28 10:04 - 2013-09-28 10:04 - 00226600 ____A (Synaptics Incorporated) C:\Windows\System32\SynTPAPI.dll
2013-09-28 10:04 - 2013-09-28 10:04 - 00222504 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynCtrl.dll
2013-09-28 10:04 - 2013-09-28 10:04 - 00177448 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynCOM.dll
2013-09-28 10:04 - 2013-09-28 10:04 - 00148264 ____A (Synaptics Incorporated) C:\Windows\System32\SynTPCo9.dll
2013-09-28 10:04 - 2013-09-28 10:04 - 00107816 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCOM.dll
2013-09-28 10:04 - 2013-09-28 10:04 - 00066856 ____A C:\Windows\SysWOW64\SynTPEnhPS.dll
2013-09-28 10:04 - 2010-12-16 18:26 - 00411944 ____A (Synaptics Incorporated) C:\Windows\System32\SynCOM.dll
2013-09-28 09:57 - 2012-01-06 17:25 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-09-25 14:00 - 2013-03-14 12:11 - 00000000 ____D C:\Users\Andrew\AppData\Local\Microsoft Games
2013-09-24 13:48 - 2013-09-24 13:48 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-09-24 13:48 - 2013-09-24 13:47 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-24 13:48 - 2013-09-24 13:47 - 00000000 ____D C:\Program Files\iTunes
2013-09-24 13:48 - 2013-09-24 13:47 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-24 13:47 - 2013-09-24 13:47 - 00000000 ____D C:\Program Files\iPod
2013-09-24 11:33 - 2013-09-24 10:27 - 150817268 ____A C:\Users\Andrew\Downloads\tallW861.wmv
2013-09-24 02:07 - 2013-10-01 13:53 - 1725359838 ____A C:\Users\Andrew\Downloads\21792_03_720p.mp4
2013-09-23 07:35 - 2013-09-23 07:35 - 00000301 ____A C:\Users\Andrew\Downloads\widgets-tweet_button.html (1).torrent
2013-09-23 07:34 - 2013-09-23 07:34 - 00000301 ____A C:\Users\Andrew\Downloads\widgets-tweet_button.html.torrent
2013-09-23 06:37 - 2012-04-01 14:01 - 00692616 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-23 06:37 - 2011-12-24 10:06 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-21 08:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2013-09-21 08:23 - 2011-09-01 19:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-21 08:22 - 2013-09-21 08:22 - 00002185 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2013-09-21 08:19 - 2013-09-21 08:19 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-09-21 08:14 - 2013-09-21 08:14 - 00059608 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2013-09-18 22:15 - 2013-09-18 20:13 - 347222016 ____A C:\Users\Andrew\Downloads\nr077.mpg
2013-09-17 13:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-09-15 08:43 - 2009-07-13 21:08 - 00032584 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-15 06:39 - 2013-09-26 20:15 - 1368691539 ____A C:\Users\Andrew\Downloads\6HBk3PnA4T.mp4
2013-09-13 11:08 - 2013-09-13 10:37 - 376823808 ____A C:\Users\Andrew\Downloads\nr120.mpg
2013-09-13 06:24 - 2013-07-22 16:41 - 00000000 ____D C:\ProgramData\iolo
2013-09-12 22:07 - 2013-09-12 21:30 - 440460420 ____A C:\Users\Andrew\Downloads\nr044.avi
2013-09-12 20:50 - 2013-09-12 19:29 - 198574080 ____A C:\Users\Andrew\Downloads\ashblue0065.avi
2013-09-12 20:07 - 2013-07-22 16:43 - 00002219 ____A C:\Users\Andrew\Desktop\System Mechanic.lnk
2013-09-12 20:06 - 2013-09-12 19:49 - 201717760 ____A C:\Users\Andrew\Downloads\ashblue0100.avi
2013-09-12 19:18 - 2013-09-12 18:09 - 146745344 ____A C:\Users\Andrew\Downloads\ashblue0041.avi
2013-09-12 13:59 - 2009-07-13 20:45 - 00273872 ____A C:\Windows\System32\FNTCACHE.DAT
2013-09-12 13:35 - 2013-08-14 23:04 - 00000000 ____D C:\Windows\System32\MRT
2013-09-12 13:35 - 2013-03-21 22:14 - 00811080 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-12 13:35 - 2012-10-05 07:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-12 13:30 - 2013-03-22 13:28 - 79143768 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-09-11 11:09 - 2013-09-11 13:10 - 779907957 ____A C:\Users\Andrew\Downloads\LisaA_BHC_Sc2hd.mp4
2013-09-09 14:26 - 2013-07-22 16:43 - 00057584 ____A (iolo technologies, LLC) C:\Windows\System32\iolobtdfg.exe
2013-09-09 14:26 - 2013-07-22 16:43 - 00026184 ____A (iolo technologies, LLC) C:\Windows\System32\smrgdf.exe
2013-09-09 14:08 - 2013-07-22 16:43 - 02155152 ____A (iolo technologies, LLC) C:\Windows\System32\Incinerator64.dll
2013-09-09 14:08 - 2013-07-22 16:43 - 02097984 ____A (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll
2013-09-05 19:13 - 2013-09-05 19:13 - 00020153 ____A C:\ComboFix.txt
2013-09-05 19:13 - 2013-07-15 00:58 - 00000000 ____D C:\Qoobox
2013-09-05 19:04 - 2009-07-13 18:34 - 00000215 ____N C:\Windows\system.ini
2013-09-05 18:23 - 2013-07-15 06:49 - 05120804 ____R (Swearware) C:\Users\Andrew\Desktop\ComboFix.exe
2013-09-05 18:20 - 2013-09-05 18:20 - 00000000 ____A C:\Windows\setuperr.log
2013-09-05 18:19 - 2013-09-05 18:17 - 00000000 ____D C:\AdwCleaner
==================== Known DLLs (Whitelisted) ==================================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 10%
Total physical RAM: 7657.91 MB
Available physical RAM: 6828.79 MB
Total Pagefile: 7656.11 MB
Available Pagefile: 6821.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB==================== Drives ================================
Drive c: () (Fixed) (Total:680.98 GB) (Free:6.44 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:17.37 GB) (Free:1.9 GB) NTFS (Disk=0 Partition=3) ==>[system with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 (Disk=0 Partition=4)
Drive h: (STORE N GO) (Removable) (Total:3.83 GB) (Free:3.83 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)]==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 5A01AB4C)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=681 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 9BAD4F6E)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0C)Last Boot: 2013-09-24 13:16
==================== End Of Log ============================
-
# AdwCleaner v2.300 - Logfile created 05/10/2013 at 21:47:01
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Andrew - ANDREW-HP
# Boot Mode : Normal
# Running from : C:\Users\Andrew\Desktop\adwcleaner.exe
# Option [Delete]
***** [services] *****
Stopped & Deleted : Application Updater
***** [Files / Folders] *****
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Vuze Remote toolbar
Folder Deleted : C:\Program Files (x86)\Vuze_Remote
Folder Deleted : C:\Users\Andrew\AppData\Local\Conduit
Folder Deleted : C:\Users\Andrew\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Andrew\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Andrew\AppData\LocalLow\Vuze Remote
Folder Deleted : C:\Users\Andrew\AppData\LocalLow\Vuze_Remote
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\Vuze_Remote
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E6C4492-4246-4799-ABC2-F98AFA5D3C15}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B8C6D7E2-567D-415D-A3F7-9D95CF35B827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16476
[OK] Registry is clean.
-\\ Google Chrome v26.0.1410.64
File : C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [4618 octets] - [10/05/2013 21:33:31]
AdwCleaner[R2].txt - [4678 octets] - [10/05/2013 21:34:36]
AdwCleaner[s1].txt - [4173 octets] - [10/05/2013 21:47:01]
########## EOF - C:\AdwCleaner[s1].txt - [4233 octets] ##########
Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Trend Micro Titanium
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Java 7 Update 21
Adobe Flash Player 11.6.602.180
Adobe Reader XI
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
iolo Common Lib ioloServiceManager.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````
-
# AdwCleaner v2.300 - Logfile created 05/10/2013 at 21:34:36
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Andrew - ANDREW-HP
# Boot Mode : Normal
# Running from : C:\Users\Andrew\Desktop\adwcleaner.exe
# Option [search]
***** [services] *****
Found : Application Updater
***** [Files / Folders] *****
File Found : C:\END
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found : C:\Program Files (x86)\Application Updater
Folder Found : C:\Program Files (x86)\Common Files\spigot
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Vuze Remote toolbar
Folder Found : C:\Program Files (x86)\Vuze_Remote
Folder Found : C:\Program Files (x86)\Vuze_Remote
Folder Found : C:\Users\Andrew\AppData\Local\Conduit
Folder Found : C:\Users\Andrew\AppData\LocalLow\Conduit
Folder Found : C:\Users\Andrew\AppData\LocalLow\Search Settings
Folder Found : C:\Users\Andrew\AppData\LocalLow\Vuze Remote
Folder Found : C:\Users\Andrew\AppData\LocalLow\Vuze_Remote
Folder Found : C:\Users\Andrew\AppData\LocalLow\Vuze_Remote
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Found : HKCU\Software\Search Settings
Key Found : HKLM\Software\Application Updater
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Key Found : HKLM\Software\Search Settings
Key Found : HKLM\Software\Vuze_Remote
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E6C4492-4246-4799-ABC2-F98AFA5D3C15}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B8C6D7E2-567D-415D-A3F7-9D95CF35B827}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16476
[OK] Registry is clean.
-\\ Google Chrome v26.0.1410.64
File : C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [4618 octets] - [10/05/2013 21:33:31]
AdwCleaner[R2].txt - [4551 octets] - [10/05/2013 21:34:36]
########## EOF - C:\AdwCleaner[R2].txt - [4611 octets] ##########
-
ComboFix 13-05-10.03 - Andrew 05/10/2013 21:06:48.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7658.5316 [GMT -4:00]
Running from: c:\users\Andrew\Desktop\ComboFix.exe
AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-04-11 to 2013-05-11 )))))))))))))))))))))))))))))))
.
.
2013-05-11 01:15 . 2013-05-11 01:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-10 22:43 . 2013-05-10 22:43 -------- d-----w- c:\programdata\Malwarebytes
2013-05-10 22:01 . 2013-05-10 22:01 -------- d-----w- C:\FRST
2013-04-28 08:36 . 2013-04-28 08:36 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-23 18:12 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-17 15:57 . 2013-04-17 15:57 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-17 15:55 . 2013-04-04 09:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-17 15:53 . 2013-04-17 15:53 -------- d-----w- c:\programdata\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-21 16:53 . 2012-04-01 22:01 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-21 16:53 . 2011-12-24 18:06 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-10 03:54 . 2013-03-22 21:28 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-30 19:33 . 2013-03-30 19:33 388096 ----a-r- c:\users\Andrew\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-22 20:52 . 2013-03-22 20:52 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-03-22 20:52 . 2013-03-22 20:52 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-22 20:52 . 2013-03-22 20:52 1129472 ----a-w- c:\windows\SysWow64\wininet.dll_old0
2013-03-22 20:52 . 2013-03-22 20:52 1103872 ----a-w- c:\windows\SysWow64\urlmon.dll_old0
2013-03-22 20:52 . 2013-03-22 20:52 1796096 ----a-w- c:\windows\SysWow64\iertutil.dll_old0
2013-03-22 20:52 . 2013-03-22 20:52 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-03-22 20:52 . 2013-03-22 20:52 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-22 20:52 . 2013-03-22 20:52 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-22 20:52 . 2013-03-22 20:52 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-22 20:52 . 2013-03-22 20:52 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-03-22 20:52 . 2013-03-22 20:52 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-22 20:52 . 2013-03-22 20:52 367104 ----a-w- c:\windows\SysWow64\html.iec
2013-03-22 20:52 . 2013-03-22 20:52 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-22 20:52 . 2013-03-22 20:52 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-22 20:52 . 2013-03-22 20:52 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-22 20:52 . 2013-03-22 20:52 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-22 20:52 . 2013-03-22 20:52 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2013-03-22 20:52 . 2013-03-22 20:52 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-22 20:52 . 2013-03-22 20:52 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-03-22 20:52 . 2013-03-22 20:52 222208 ----a-w- c:\windows\system32\msls31.dll
2013-03-22 20:52 . 2013-03-22 20:52 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-22 20:52 . 2013-03-22 20:52 65024 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-22 20:52 . 2013-03-22 20:52 267776 ----a-w- c:\windows\system32\ieaksie.dll
2013-03-22 20:52 . 2013-03-22 20:52 163840 ----a-w- c:\windows\system32\ieakui.dll
2013-03-22 20:52 . 2013-03-22 20:52 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-22 20:52 . 2013-03-22 20:52 12288 ----a-w- c:\windows\system32\mshta.exe
2013-03-22 20:52 . 2013-03-22 20:52 114176 ----a-w- c:\windows\system32\admparse.dll
2013-03-22 20:52 . 2013-03-22 20:52 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-22 20:52 . 2013-03-22 20:52 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-22 20:52 . 2013-03-22 20:52 49664 ----a-w- c:\windows\system32\imgutil.dll
2013-03-22 20:52 . 2013-03-22 20:52 160256 ----a-w- c:\windows\system32\ieakeng.dll
2013-03-22 20:52 . 2013-03-22 20:52 145920 ----a-w- c:\windows\system32\iepeers.dll
2013-03-22 20:52 . 2013-03-22 20:52 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-22 20:52 . 2013-03-22 20:52 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-22 20:52 . 2013-03-22 20:52 76800 ----a-w- c:\windows\system32\tdc.ocx
2013-03-22 20:52 . 2013-03-22 20:52 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-22 20:52 . 2013-03-22 20:52 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-22 20:52 . 2013-03-22 20:52 448512 ----a-w- c:\windows\system32\html.iec
2013-03-22 20:52 . 2013-03-22 20:52 282112 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-22 20:52 . 2013-03-22 20:52 111616 ----a-w- c:\windows\system32\iesysprep.dll
2013-03-22 20:52 . 2013-03-22 20:52 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2013-03-22 20:52 . 2013-03-22 20:52 85504 ----a-w- c:\windows\system32\iesetup.dll
2013-03-22 20:52 . 2013-03-22 20:52 82432 ----a-w- c:\windows\system32\icardie.dll
2013-03-22 20:52 . 2013-03-22 20:52 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-22 20:52 . 2013-03-22 20:52 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-22 20:52 . 2013-03-22 20:52 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-03-22 20:52 . 2013-03-22 20:52 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-22 20:52 . 2013-03-22 20:52 30720 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-22 20:52 . 2013-03-22 20:52 249344 ----a-w- c:\windows\system32\webcheck.dll
2013-03-22 20:52 . 2013-03-22 20:52 165888 ----a-w- c:\windows\system32\iexpress.exe
2013-03-22 20:52 . 2013-03-22 20:52 160256 ----a-w- c:\windows\system32\wextract.exe
2013-03-22 20:52 . 2013-03-22 20:52 103936 ----a-w- c:\windows\system32\inseng.dll
2013-03-21 23:30 . 2013-03-21 14:43 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-03-21 21:28 . 2013-03-21 21:28 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-21 21:27 . 2013-03-21 21:28 310688 ----a-w- c:\windows\system32\javaws.exe
2013-03-21 21:27 . 2013-03-21 21:28 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-21 21:27 . 2013-03-21 21:28 188832 ----a-w- c:\windows\system32\javaw.exe
2013-03-21 21:27 . 2013-03-21 21:28 188320 ----a-w- c:\windows\system32\java.exe
2013-03-21 21:27 . 2011-09-02 03:25 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-21 21:27 . 2013-03-21 21:27 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-21 21:27 . 2011-09-02 03:25 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-21 06:24 . 2013-03-21 06:24 1054720 ------w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-21 06:24 . 2013-03-21 06:24 226304 ------w- c:\windows\system32\elshyph.dll
2013-03-21 06:24 . 2013-03-21 06:24 185344 ------w- c:\windows\SysWow64\elshyph.dll
2013-03-21 06:24 . 2013-03-21 06:24 719360 ------w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-21 06:24 . 2013-03-21 06:24 905728 ------w- c:\windows\system32\mshtmlmedia.dll
2013-03-21 06:22 . 2013-03-21 06:22 4096 ------w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-21 06:22 . 2013-03-21 06:22 4096 ------w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-21 06:22 . 2013-03-21 06:22 9728 ------w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-21 06:22 . 2013-03-21 06:22 9728 ------w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-21 06:22 . 2013-03-21 06:22 5632 ------w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-21 06:22 . 2013-03-21 06:22 5632 ------w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-21 06:22 . 2013-03-21 06:22 5632 ------w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-21 06:22 . 2013-03-21 06:22 5632 ------w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-21 06:22 . 2013-03-21 06:22 3072 ------w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-21 06:22 . 2013-03-21 06:22 3072 ------w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-21 06:22 . 2013-03-21 06:22 3072 ------w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-21 06:22 . 2013-03-21 06:22 3072 ------w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-21 06:22 . 2013-03-21 06:22 2560 ------w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-21 06:22 . 2013-03-21 06:22 3584 ------w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-21 06:22 . 2013-03-21 06:22 3584 ------w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-21 06:22 . 2013-03-21 06:22 2560 ------w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-21 06:22 . 2013-03-21 06:22 10752 ------w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-21 06:22 . 2013-03-21 06:22 10752 ------w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-19 06:04 . 2013-04-10 00:23 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 00:23 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 00:23 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 00:23 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 00:23 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 00:23 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-18 03:59 . 2011-12-16 21:32 57584 ----a-w- c:\windows\system32\iolobtdfg.exe
2013-03-18 03:58 . 2011-12-16 21:32 26184 ----a-w- c:\windows\system32\smrgdf.exe
2013-03-18 03:43 . 2013-01-11 07:26 2155688 ----a-w- c:\windows\system32\Incinerator64.dll
2013-03-18 03:43 . 2011-12-16 21:32 2097472 ----a-w- c:\windows\SysWow64\Incinerator32.dll
2013-03-03 17:49 . 2012-10-15 02:34 234544 ----a-w- c:\windows\RegBootClean64.exe
2013-03-03 17:49 . 2012-10-15 02:34 22064 ----a-w- c:\windows\DCEBoot64.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
2013-02-23 23:17 1352512 ----a-w- c:\program files (x86)\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{05478A66-EDB6-4A22-A870-A5987F80A7DA}"= "c:\program files (x86)\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll" [2013-02-23 1352512]
.
[HKEY_CLASSES_ROOT\clsid\{05478a66-edb6-4a22-a870-a5987f80a7da}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-22 1255736]
R4 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]
R4 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2013-02-23 805752]
R4 CLKMSVC10_38F51D56;CyberLink Product - 2012/01/02 14:59;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-02-25 241648]
R4 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-08-25 260424]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R4 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R4 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-06-14 1098296]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-01-02 2413056]
R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-04-15 79488]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-04-15 40064]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2012-04-17 31432]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-09-21 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-02 204288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2013-03-18 1070080]
S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [2012-07-26 82160]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-08-08 67664]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-11-15 1813056]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-01-02 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - hitmanpro37
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 02:23 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 16:53]
.
2013-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-21 06:55]
.
2013-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-21 06:55]
.
2013-05-08 c:\windows\Tasks\HPCeeScheduleForANDREW-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2013-05-04 c:\windows\Tasks\HPCeeScheduleForAndrew.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-09-21 1425408]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://espn.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-Sudoku, Kakuro + Friends - c:\windows\uninstall\Sudoku
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-10 21:19:40
ComboFix-quarantined-files.txt 2013-05-11 01:19
.
Pre-Run: 172,059,987,968 bytes free
Post-Run: 171,657,932,800 bytes free
.
- - End Of File - - AC21A6F3284C6F414A815084DE6EA1CA
-
mbar-log
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
Database version: v2013.05.10.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Andrew :: ANDREW-HP [administrator]
5/10/2013 8:15:17 PM
mbar-log-2013-05-10 (20-15-17).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30248
Time elapsed: 43 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
system-log
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 1.397000 GHz
Memory total: 8029896704, free: 5951246336
------------ Kernel report ------------
05/10/2013 18:43:42
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amd_sata.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\drivers\amd_xata.sys
\SystemRoot\system32\drivers\amdsata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\tmtdi.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Windows\system32\drivers\ElRawDsk.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsPStor.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\PDFsFilter.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\tmcomm.sys
\SystemRoot\system32\DRIVERS\tmevtmgr.sys
\SystemRoot\system32\DRIVERS\tmactmon.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\sechost.dll
\Windows\System32\kernel32.dll
\Windows\System32\lpk.dll
\Windows\System32\msctf.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\ole32.dll
\Windows\System32\normaliz.dll
\Windows\System32\iertutil.dll
\Windows\System32\ws2_32.dll
\Windows\System32\advapi32.dll
\Windows\System32\imm32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\urlmon.dll
\Windows\System32\nsi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\psapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\wininet.dll
\Windows\System32\clbcatq.dll
\Windows\System32\imagehlp.dll
\Windows\System32\setupapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\shell32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\user32.dll
\Windows\System32\usp10.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\devobj.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\msasn1.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800722b060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000066\
Lower Device Object: 0xfffffa8006bd19c0
Lower Device Driver Name: \Driver\amd_sata\
Driver name found: amd_sata
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.05.10.10
Downloaded database version: v2013.05.07.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800722b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800706d9b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800722b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800706c950, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8006bcc8c0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa8006bc31f0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8006bd19c0, DeviceName: \Device\00000066\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00d291c30, 0xfffffa800722b060, 0xfffffa800a5cf190
Lower DeviceData: 0xfffff8a0113ec3e0, 0xfffffa8006bd19c0, 0xfffffa800a59d170
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5A01AB4C
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 407552
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 409600 Numsec = 1428109312
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1428518912 Numsec = 36417536
Partition 3 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 1464936448 Numsec = 210672
Disk Size: 750156374016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!
Performing system, memory and registry scan...
Infected: c:\$RECYCLE.BIN\S-1-5-18\$826ce7f6c92fb53a67876a75897c27ab --> [Trojan.Siredef.C]
Infected: c:\$RECYCLE.BIN\S-1-5-21-4211300235-2248101734-400005066-1001\$826ce7f6c92fb53a67876a75897c27ab --> [Trojan.Siredef.C]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Executing an action fixdamage.exe...
Success!
Removal successful. No system shutdown is required.
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 1.397000 GHz
Memory total: 8029896704, free: 5518893056
------------ Kernel report ------------
05/10/2013 19:31:39
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amd_sata.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\drivers\amd_xata.sys
\SystemRoot\system32\drivers\amdsata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\tmtdi.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Windows\system32\drivers\ElRawDsk.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsPStor.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\PDFsFilter.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\tmcomm.sys
\SystemRoot\system32\DRIVERS\tmevtmgr.sys
\SystemRoot\system32\DRIVERS\tmactmon.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\sechost.dll
\Windows\System32\kernel32.dll
\Windows\System32\lpk.dll
\Windows\System32\msctf.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\ole32.dll
\Windows\System32\normaliz.dll
\Windows\System32\iertutil.dll
\Windows\System32\ws2_32.dll
\Windows\System32\advapi32.dll
\Windows\System32\imm32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\urlmon.dll
\Windows\System32\nsi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\psapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\wininet.dll
\Windows\System32\clbcatq.dll
\Windows\System32\imagehlp.dll
\Windows\System32\setupapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\shell32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\user32.dll
\Windows\System32\usp10.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\devobj.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\msasn1.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800722b060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000066\
Lower Device Object: 0xfffffa8006bd19c0
Lower Device Driver Name: \Driver\amd_sata\
Device already Exists: 0xfffffa800a59d170
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800722b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800706d9b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800722b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800706c950, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8006bcc8c0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa8006bc31f0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8006bd19c0, DeviceName: \Device\00000066\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a01137e220, 0xfffffa800722b060, 0xfffffa800a5cf190
Lower DeviceData: 0xfffff8a002c3c7c0, 0xfffffa8006bd19c0, 0xfffffa800a59d170
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5A01AB4C
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 407552
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 409600 Numsec = 1428109312
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1428518912 Numsec = 36417536
Partition 3 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 1464936448 Numsec = 210672
Disk Size: 750156374016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
-
Computer was able to boot normally, no problems.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-05-2013 01
Ran by SYSTEM at 2013-05-10 16:30:32 Run:1
Running from H:\
Boot Mode: Recovery
==============================================
HKEY_USERS\Andrew\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
HKEY_USERS\Andrew\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKLM\System\ControlSet002\Control\Session Manager\\BootExecute => Value was restored successfully.
C:\Users\Andrew\Documents\6ba0b90b.exe => Moved successfully.
C:\ProgramData\2433f433 => Moved successfully.
C:\Users\Andrew\AppData\Local\2433f433 => Moved successfully.
C:\Users\Andrew\AppData\Roaming\2433f433 => Moved successfully.
C:\Users\Andrew\Documents\6ba0b90b.exe => File/Directory not found.
==== End of Fixlog ====
-
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-05-2013 01
Ran by SYSTEM on 10-05-2013 14:28:18
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-21] (IDT, Inc.)
HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated)
HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL "" [1111568 2011-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [197152 2011-02-10] (Trend Micro Inc.)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Andrew\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Andrew\Documents\6ba0b90b.exe [34304 2013-05-09] ()
HKU\Andrew\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation)
BootExecute: autocheck autochk * 7???NT Native Test???NT Native Test?????????
==================== Services (Whitelisted) =================
S4 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-08-31] (Adobe Systems Incorporated)
S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-24] (CyberLink)
S2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1070080 2013-03-17] (iolo technologies, LLC)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]
==================== Drivers (Whitelisted) ====================
S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32152 2013-03-21] ()
S2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-08-08] (Trend Micro Inc.)
S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-08-08] (Trend Micro Inc.)
S2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-08-08] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-08-08] (Trend Micro Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-05-10 14:01 - 2013-05-10 14:01 - 00000000 ____D C:\FRST
2013-05-09 11:25 - 2013-05-09 11:25 - 00174410 ____A C:\ProgramData\2433f433
2013-05-09 11:25 - 2013-05-09 11:25 - 00174403 ____A C:\Users\Andrew\AppData\Local\2433f433
2013-05-09 11:25 - 2013-05-09 11:25 - 00174394 ____A C:\Users\Andrew\AppData\Roaming\2433f433
2013-05-09 11:25 - 2013-05-09 11:25 - 00034304 ____A C:\Users\Andrew\Documents\6ba0b90b.exe
2013-05-09 10:50 - 2013-05-09 11:25 - 107339160 ____A C:\Users\Andrew\Downloads\ROH.Best.of.Nigel.McGuinness.part2.rar.crdownload
2013-05-07 11:38 - 2013-05-07 11:38 - 00060557 ____A C:\Users\Andrew\Downloads\[kat.ph]intimidation.1960.dvdrip.xvid.wrd.torrent
2013-05-05 16:18 - 2013-05-05 21:29 - 889039366 ____A C:\Users\Andrew\Downloads\0013.mcSW_hd.mp4
2013-05-05 11:04 - 2013-05-05 11:36 - 285620309 ____A C:\Users\Andrew\Downloads\Cum_Fart_Tsunami_2_Scene_2_dvd.wmv
2013-05-05 10:54 - 2013-05-05 12:19 - 260032894 ____A C:\Users\Andrew\Downloads\pc.avi
2013-05-05 10:15 - 2013-05-05 10:39 - 220600207 ____A C:\Users\Andrew\Downloads\Wh11itney_brnntyscene3.wmv
2013-05-05 09:31 - 2013-05-05 10:17 - 1362826387 ____A C:\Users\Andrew\Downloads\fa-chelsea-taylor-1280x720-01.wmv
2013-05-04 18:59 - 2013-05-04 19:09 - 481675268 ____A C:\Users\Andrew\Downloads\olga-496x368-01.mpeg
2013-05-04 18:15 - 2013-05-04 18:55 - 1660101569 ____A C:\Users\Andrew\Downloads\fa-arianna-sky-1280x720-01.wmv
2013-05-04 17:59 - 2013-05-04 18:23 - 1091536530 ____A C:\Users\Andrew\Downloads\fa-alla-1280x720-01.wmv
2013-05-04 17:38 - 2013-05-04 18:13 - 1460323315 ____A C:\Users\Andrew\Downloads\fa-rikki-love-1280x720-01.wmv
2013-05-04 17:18 - 2013-05-04 17:53 - 1533892011 ____A C:\Users\Andrew\Downloads\fa-aaralyn-barra-1280x720-01.wmv
2013-05-04 16:51 - 2013-05-04 17:23 - 1345130219 ____A C:\Users\Andrew\Downloads\fa-kim-seoul-1280x720-01.wmv
2013-05-04 16:36 - 2013-05-04 16:59 - 1387826657 ____A C:\Users\Andrew\Downloads\fa-chrissie-summers-1280x720-01.wmv
2013-05-04 16:09 - 2013-05-04 16:34 - 1466723697 ____A C:\Users\Andrew\Downloads\fa-amor-vond-1280x720-01.wmv
2013-05-04 15:09 - 2013-05-04 15:41 - 1671413683 ____A C:\Users\Andrew\Downloads\fa-kali-michaels-1280x720-01.wmv
2013-05-04 14:40 - 2013-05-04 15:06 - 1245401328 ____A C:\Users\Andrew\Downloads\fa-rayna-1920x1080-01.wmv
2013-05-03 17:15 - 2013-05-03 18:28 - 1618540817 ____A C:\Users\Andrew\Downloads\fa-dolly-valentine-1280x720-01.wmv
2013-05-03 16:29 - 2013-05-03 17:23 - 973252593 ____A C:\Users\Andrew\Downloads\fa-maia-davis-1280x720-01.wmv
2013-05-03 15:41 - 2013-05-03 17:14 - 1680573767 ____A C:\Users\Andrew\Downloads\fa-francesca-1280x720-01.wmv
2013-05-03 12:04 - 2013-05-03 13:44 - 1697269591 ____A C:\Users\Andrew\Downloads\fa-vanessa-lee-1280x720-01.wmv
2013-05-03 11:43 - 2013-05-03 13:30 - 1788958431 ____A C:\Users\Andrew\Downloads\fa-needa-1280x720-01.wmv
2013-05-03 11:36 - 2013-05-03 12:08 - 557633540 ____A C:\Users\Andrew\Downloads\renee-496x368-01.mpeg
2013-05-03 11:33 - 2013-05-03 13:30 - 1878167283 ____A C:\Users\Andrew\Downloads\fa-leena-sky-1280x720-01.wmv
2013-05-03 10:45 - 2013-05-03 11:31 - 1479614333 ____A C:\Users\Andrew\Downloads\emma_heart-1280x720-01.wmv
2013-05-02 16:05 - 2013-05-02 16:05 - 00025788 ____A C:\Users\Andrew\Downloads\472A55D198ED0D896790F9EC7CC2549CC4E185E3.torrent
2013-05-02 15:01 - 2013-05-02 15:26 - 203958272 ____A C:\Users\Andrew\Downloads\nr131.avi
2013-05-02 14:03 - 2013-05-02 15:05 - 358282275 ____A C:\Users\Andrew\Downloads\Whitney_-_Britney_Stevens_-_Nice_Rack_15.mp4
2013-05-02 10:34 - 2013-05-02 12:17 - 312655214 ____A C:\Users\Andrew\Downloads\Whitney_Stevens_and_Britney_Stevens_-_fotb5_df.avi
2013-05-02 10:30 - 2013-05-02 13:01 - 464292992 ____A C:\Users\Andrew\Downloads\nr155.avi
2013-05-01 10:42 - 2013-05-01 11:07 - 408659972 ____A C:\Users\Andrew\Downloads\gigi-496x368-01.mpeg
2013-05-01 08:21 - 2013-05-01 09:15 - 236437176 ____A C:\Users\Andrew\Downloads\Britney_Stevens__Whitney_Stevens__Sledge_Hammer.wmv
2013-04-29 10:34 - 2013-04-29 10:34 - 00010809 ____A C:\Users\Andrew\Downloads\Mad_Men_S06E05_HDTV_x264-EVOLVE.8421721.TPB.torrent
2013-04-29 10:15 - 2013-04-29 10:39 - 209231092 ____A C:\Users\Andrew\Downloads\Britney_Stevens__MOC-_Britneys_Balloon_Party_.avi
2013-04-28 21:22 - 2013-04-29 09:51 - 1437665961 ____A C:\Users\Andrew\Desktop\Koreyoshi Kurahara – 1960 – The Warped Ones.mkv
2013-04-27 16:01 - 2013-04-27 16:01 - 00001066 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-04-27 15:34 - 2013-04-26 12:43 - 1185952375 ____A C:\Users\Andrew\Downloads\Whores on the 14th - Katie St. Ives.mp4
2013-04-26 16:28 - 2013-04-04 20:04 - 629120521 ____A C:\Users\Andrew\Downloads\Jayden Jaymes,Chanel Preston - Pretty_Dirty_2_Scene_5 - Anal HD.mp4
2013-04-25 21:41 - 2013-04-25 22:13 - 1896447487 ____A C:\Users\Andrew\Downloads\fa-cassie-hills-1280x720-01.wmv
2013-04-25 21:41 - 2013-04-25 21:50 - 117157954 ____A C:\Users\Andrew\Downloads\samantha-320x240_fla-01.wmv
2013-04-25 21:15 - 2013-04-25 21:28 - 964476299 ____A C:\Users\Andrew\Downloads\fa-jolee2-1280x720-01.wmv
2013-04-25 20:48 - 2013-04-25 21:12 - 1306905857 ____A C:\Users\Andrew\Downloads\fa-kylie-1280x720-01.wmv
2013-04-25 20:17 - 2013-04-25 20:48 - 1311777929 ____A C:\Users\Andrew\Downloads\fa-brittney-stevens-1280x720-01.wmv
2013-04-25 20:08 - 2013-04-25 20:41 - 1322884545 ____A C:\Users\Andrew\Downloads\jordan_james-1280x720-01.wmv
2013-04-25 19:46 - 2013-04-25 20:11 - 1814191063 ____A C:\Users\Andrew\Downloads\fa-amy-lee-1280x720-01.wmv
2013-04-25 19:14 - 2013-04-25 19:29 - 901435531 ____A C:\Users\Andrew\Downloads\fa-rosalyn-winter-1280x720-01.wmv
2013-04-25 10:46 - 2013-04-25 11:07 - 1274729551 ____A C:\Users\Andrew\Downloads\fa-crissy-moon-1280x720-01.wmv
2013-04-25 10:36 - 2013-04-25 11:17 - 1616572821 ____A C:\Users\Andrew\Downloads\fa-allie-foster2-1280x720-01.wmv
2013-04-24 15:38 - 2013-04-24 18:26 - 1856527477 ____A C:\Users\Andrew\Downloads\fa-zoe-holloway-1280x720-01.wmv
2013-04-24 15:33 - 2013-04-24 18:22 - 1408674853 ____A C:\Users\Andrew\Downloads\fa-beverly-hills-1280x720-01.wmv
2013-04-24 15:07 - 2013-04-24 18:23 - 1558108241 ____A C:\Users\Andrew\Downloads\fa-mimi-rayne-1280x720-01.wmv
2013-04-24 14:56 - 2013-04-24 18:07 - 1896214782 ____A C:\Users\Andrew\Downloads\fa-jordyn-peaks-1920x1080-01.wmv
2013-04-24 13:34 - 2013-04-24 13:34 - 00000000 ____D C:\Users\Andrew\Desktop\Spellbound.1945.720p.BluRay.X264-AMIABLE [PublicHD]
2013-04-23 20:07 - 2012-01-05 11:04 - 369887140 ____A C:\Users\Andrew\Downloads\Taylor St. Claire - Cocktails 2.avi
2013-04-23 16:41 - 2013-04-22 18:26 - 512794900 ____A C:\Users\Andrew\Downloads\last_minute_model_big.mp4
2013-04-23 16:33 - 2013-04-23 18:50 - 1380522857 ____A C:\Users\Andrew\Downloads\fa-danica-dillon-1280x720-01.wmv
2013-04-23 16:31 - 2013-04-23 18:11 - 954068345 ____A C:\Users\Andrew\Downloads\fa-danica-dillon2-1280x720-01.wmv
2013-04-23 16:28 - 2013-04-23 18:53 - 1546492213 ____A C:\Users\Andrew\Downloads\belle_bond-1280x720-01.wmv
2013-04-23 15:50 - 2013-04-23 18:34 - 1544572143 ____A C:\Users\Andrew\Downloads\maya_mckay-1280x720-01.wmv
2013-04-23 15:43 - 2013-04-23 18:39 - 1523716249 ____A C:\Users\Andrew\Downloads\fa-the-sexxxtons-1280x720-01.wmv
2013-04-23 15:32 - 2013-04-23 18:37 - 1640605078 ____A C:\Users\Andrew\Downloads\fa-nala-1920x1080-01.wmv
2013-04-23 15:25 - 2013-04-20 16:04 - 118276152 ____A C:\Users\Andrew\Downloads\FaceslapYourself.mov
2013-04-23 10:12 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-22 17:03 - 2013-04-22 17:51 - 436125195 ____A C:\Users\Andrew\Downloads\Skye070.mp4
2013-04-21 20:08 - 2013-04-20 03:43 - 855419541 ____A C:\Users\Andrew\Downloads\Madison Scott - Old Timer Happy Ending.wmv
2013-04-21 16:30 - 2013-04-21 17:14 - 408468354 ____A C:\Users\Andrew\Downloads\massage_hi.wmv
2013-04-21 08:57 - 2013-04-21 09:25 - 227246080 ____A C:\Users\Andrew\Downloads\Big Tits Round Asses 3.avi
2013-04-20 17:24 - 2013-04-20 18:03 - 302400998 ____A C:\Users\Andrew\Downloads\Brianna_Banks_-_Touch_Me_Sc_
2013-04-19 14:23 - 2013-04-19 15:23 - 539889664 ____A C:\Users\Andrew\Downloads\nr033.mpg
2013-04-19 13:36 - 2013-04-19 13:53 - 151476510 ____A C:\Users\Andrew\Downloads\nr032.avi
2013-04-19 12:44 - 2013-04-19 13:15 - 284239144 ____A C:\Users\Andrew\Downloads\nr049.mpg
2013-04-19 11:55 - 2013-04-19 12:34 - 356583424 ____A C:\Users\Andrew\Downloads\Rachel Roxxx - College Invasion 12 (Scene 6).avi
2013-04-19 11:09 - 2013-04-19 11:36 - 193642086 ____A C:\Users\Andrew\Downloads\nr070.avi
2013-04-19 09:57 - 2013-04-19 11:01 - 463495270 ____A C:\Users\Andrew\Downloads\Eva Angelina - Deviance scene 1.avi
2013-04-19 06:21 - 2013-04-19 06:21 - 00000000 ____D C:\Users\Andrew\AppData\Local\{8B5DB727-358D-4852-930B-A5E2F39BBD00}
2013-04-17 14:51 - 2009-08-27 10:00 - 259571800 ____A C:\Users\Andrew\Downloads\2104-rf.avi
2013-04-17 09:28 - 2013-04-16 07:46 - 382199434 ____A C:\Users\Andrew\Downloads\michaels.mp4
2013-04-17 08:03 - 2013-04-17 10:07 - 380371778 ____A C:\Users\Andrew\Downloads\Ta St - Pu man Aud 12 (1995).avi
2013-04-17 07:55 - 2013-04-17 07:55 - 00003886 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-04-17 07:55 - 2013-04-04 01:35 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-04-17 07:55 - 2013-04-04 01:30 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-04-17 07:55 - 2013-04-04 01:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-04-17 07:53 - 2013-04-17 07:53 - 00000000 ____D C:\ProgramData\McAfee
2013-04-16 23:14 - 2013-03-17 11:15 - 251284862 ____A C:\Users\Andrew\Downloads\RitaF_TheWTheB2.mp4
2013-04-16 20:01 - 2013-04-16 21:52 - 165259559 ____A C:\Users\Andrew\Downloads\nr181.mpg
2013-04-16 18:57 - 2013-04-16 19:23 - 220629566 ____A C:\Users\Andrew\Downloads\nr017.avi
2013-04-16 16:49 - 2011-04-03 15:03 - 317181306 ____A C:\Users\Andrew\Downloads\Jewel De'Nyle - I Love It Rough.wmv
2013-04-16 16:20 - 2006-11-23 08:43 - 239728670 ____A C:\Users\Andrew\Downloads\G_rp.avi
2013-04-16 15:49 - 2013-04-16 17:39 - 333072384 ____A C:\Users\Andrew\Downloads\NyleCaution.avi
2013-04-16 15:48 - 2013-04-16 17:53 - 890587219 ____A C:\Users\Andrew\Downloads\nr009.mp4
2013-04-16 14:54 - 2013-04-16 15:36 - 319943015 ____A C:\Users\Andrew\Downloads\2890_03_big.mp4
2013-04-16 14:22 - 2013-04-16 14:48 - 228595084 ____A C:\Users\Andrew\Downloads\Jewel_DeNyle-Super_Sex_Girl.avi
2013-04-14 20:55 - 2013-02-18 09:41 - 99623920 ____A C:\Users\Andrew\Downloads\Tiffany - censored A Pudding Cup And Eat It.wmv
2013-04-12 13:03 - 2013-04-12 13:03 - 22816850 ____A C:\Users\Andrew\Downloads\AnalFanatic2.mov
2013-04-10 21:17 - 2013-04-10 22:58 - 686689865 ____A C:\Users\Andrew\Downloads\Nicole.Ray-JC.jan10.700p_pornfactor.net_.wmv
2013-04-10 19:58 - 2013-04-10 20:56 - 502560537 ____A C:\Users\Andrew\Downloads\jc_alanahrae-wmvFullHigh-1.wmv
2013-04-10 16:14 - 2013-04-10 16:32 - 875562340 ____A C:\Users\Andrew\Downloads\cock-hits-the-spot-2-scene4.720p.mp4
==================== One Month Modified Files and Folders =======
2098-05-21 20:42 - 2013-01-31 00:29 - 1143474353 ____A C:\Users\Andrew\Downloads\0455hd.mp4
2013-05-10 14:01 - 2013-05-10 14:01 - 00000000 ____D C:\FRST
2013-05-10 10:17 - 2013-03-21 19:50 - 00000000 ____D C:\users\Andrew
2013-05-10 10:16 - 2011-12-16 13:24 - 00000000 ____D C:\ProgramData\Trend Micro
2013-05-10 10:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-05-10 06:33 - 2012-04-01 14:01 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-10 06:31 - 2009-07-13 20:45 - 00036064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-10 06:31 - 2009-07-13 20:45 - 00036064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-10 06:28 - 2013-03-21 21:50 - 01279172 ____A C:\Windows\WindowsUpdate.log
2013-05-10 06:24 - 2013-03-20 22:55 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-10 06:23 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-10 06:23 - 2009-07-13 20:51 - 01140795 ____A C:\Windows\setupact.log
2013-05-10 06:19 - 2009-07-13 21:08 - 00020878 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-09 20:13 - 2013-03-20 22:55 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-09 11:26 - 2010-11-20 19:47 - 00245422 ____A C:\Windows\PFRO.log
2013-05-09 11:25 - 2013-05-09 11:25 - 00174410 ____A C:\ProgramData\2433f433
2013-05-09 11:25 - 2013-05-09 11:25 - 00174403 ____A C:\Users\Andrew\AppData\Local\2433f433
2013-05-09 11:25 - 2013-05-09 11:25 - 00174394 ____A C:\Users\Andrew\AppData\Roaming\2433f433
2013-05-09 11:25 - 2013-05-09 11:25 - 00034304 ____A C:\Users\Andrew\Documents\6ba0b90b.exe
2013-05-09 11:25 - 2013-05-09 10:50 - 107339160 ____A C:\Users\Andrew\Downloads\ROH.Best.of.Nigel.McGuinness.part2.rar.crdownload
2013-05-09 11:25 - 2011-12-15 19:22 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Azureus
2013-05-08 12:21 - 2012-11-04 21:52 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForANDREW-HP$.job
2013-05-08 09:12 - 2012-01-04 21:30 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\vlc
2013-05-07 11:38 - 2013-05-07 11:38 - 00060557 ____A C:\Users\Andrew\Downloads\[kat.ph]intimidation.1960.dvdrip.xvid.wrd.torrent
2013-05-05 21:29 - 2013-05-05 16:18 - 889039366 ____A C:\Users\Andrew\Downloads\0013.mcSW_hd.mp4
2013-05-05 12:19 - 2013-05-05 10:54 - 260032894 ____A C:\Users\Andrew\Downloads\pc.avi
2013-05-05 11:36 - 2013-05-05 11:04 - 285620309 ____A C:\Users\Andrew\Downloads\Cum_Fart_Tsunami_2_Scene_2_dvd.wmv
2013-05-05 10:39 - 2013-05-05 10:15 - 220600207 ____A C:\Users\Andrew\Downloads\Wh11itney_brnntyscene3.wmv
2013-05-05 10:17 - 2013-05-05 09:31 - 1362826387 ____A C:\Users\Andrew\Downloads\fa-chelsea-taylor-1280x720-01.wmv
2013-05-04 19:09 - 2013-05-04 18:59 - 481675268 ____A C:\Users\Andrew\Downloads\olga-496x368-01.mpeg
2013-05-04 18:55 - 2013-05-04 18:15 - 1660101569 ____A C:\Users\Andrew\Downloads\fa-arianna-sky-1280x720-01.wmv
2013-05-04 18:23 - 2013-05-04 17:59 - 1091536530 ____A C:\Users\Andrew\Downloads\fa-alla-1280x720-01.wmv
2013-05-04 18:13 - 2013-05-04 17:38 - 1460323315 ____A C:\Users\Andrew\Downloads\fa-rikki-love-1280x720-01.wmv
2013-05-04 17:53 - 2013-05-04 17:18 - 1533892011 ____A C:\Users\Andrew\Downloads\fa-aaralyn-barra-1280x720-01.wmv
2013-05-04 17:23 - 2013-05-04 16:51 - 1345130219 ____A C:\Users\Andrew\Downloads\fa-kim-seoul-1280x720-01.wmv
2013-05-04 16:59 - 2013-05-04 16:36 - 1387826657 ____A C:\Users\Andrew\Downloads\fa-chrissie-summers-1280x720-01.wmv
2013-05-04 16:34 - 2013-05-04 16:09 - 1466723697 ____A C:\Users\Andrew\Downloads\fa-amor-vond-1280x720-01.wmv
2013-05-04 15:41 - 2013-05-04 15:09 - 1671413683 ____A C:\Users\Andrew\Downloads\fa-kali-michaels-1280x720-01.wmv
2013-05-04 15:06 - 2013-05-04 14:40 - 1245401328 ____A C:\Users\Andrew\Downloads\fa-rayna-1920x1080-01.wmv
2013-05-04 09:44 - 2013-04-05 16:56 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForAndrew.job
2013-05-04 01:04 - 2012-10-05 07:27 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\SoftGrid Client
2013-05-03 18:28 - 2013-05-03 17:15 - 1618540817 ____A C:\Users\Andrew\Downloads\fa-dolly-valentine-1280x720-01.wmv
2013-05-03 17:23 - 2013-05-03 16:29 - 973252593 ____A C:\Users\Andrew\Downloads\fa-maia-davis-1280x720-01.wmv
2013-05-03 17:14 - 2013-05-03 15:41 - 1680573767 ____A C:\Users\Andrew\Downloads\fa-francesca-1280x720-01.wmv
2013-05-03 13:44 - 2013-05-03 12:04 - 1697269591 ____A C:\Users\Andrew\Downloads\fa-vanessa-lee-1280x720-01.wmv
2013-05-03 13:30 - 2013-05-03 11:43 - 1788958431 ____A C:\Users\Andrew\Downloads\fa-needa-1280x720-01.wmv
2013-05-03 13:30 - 2013-05-03 11:33 - 1878167283 ____A C:\Users\Andrew\Downloads\fa-leena-sky-1280x720-01.wmv
2013-05-03 12:08 - 2013-05-03 11:36 - 557633540 ____A C:\Users\Andrew\Downloads\renee-496x368-01.mpeg
2013-05-03 11:31 - 2013-05-03 10:45 - 1479614333 ____A C:\Users\Andrew\Downloads\emma_heart-1280x720-01.wmv
2013-05-02 16:05 - 2013-05-02 16:05 - 00025788 ____A C:\Users\Andrew\Downloads\472A55D198ED0D896790F9EC7CC2549CC4E185E3.torrent
2013-05-02 15:26 - 2013-05-02 15:01 - 203958272 ____A C:\Users\Andrew\Downloads\nr131.avi
2013-05-02 15:05 - 2013-05-02 14:03 - 358282275 ____A C:\Users\Andrew\Downloads\Whitney_-_Britney_Stevens_-_Nice_Rack_15.mp4
2013-05-02 13:01 - 2013-05-02 10:30 - 464292992 ____A C:\Users\Andrew\Downloads\nr155.avi
2013-05-02 12:17 - 2013-05-02 10:34 - 312655214 ____A C:\Users\Andrew\Downloads\Whitney_Stevens_and_Britney_Stevens_-_fotb5_df.avi
2013-05-01 11:07 - 2013-05-01 10:42 - 408659972 ____A C:\Users\Andrew\Downloads\gigi-496x368-01.mpeg
2013-05-01 09:15 - 2013-05-01 08:21 - 236437176 ____A C:\Users\Andrew\Downloads\Britney_Stevens__Whitney_Stevens__Sledge_Hammer.wmv
2013-04-29 10:39 - 2013-04-29 10:15 - 209231092 ____A C:\Users\Andrew\Downloads\Britney_Stevens__MOC-_Britneys_Balloon_Party_.avi
2013-04-29 10:34 - 2013-04-29 10:34 - 00010809 ____A C:\Users\Andrew\Downloads\Mad_Men_S06E05_HDTV_x264-EVOLVE.8421721.TPB.torrent
2013-04-29 09:51 - 2013-04-28 21:22 - 1437665961 ____A C:\Users\Andrew\Desktop\Koreyoshi Kurahara – 1960 – The Warped Ones.mkv
2013-04-27 16:01 - 2013-04-27 16:01 - 00001066 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-04-26 12:43 - 2013-04-27 15:34 - 1185952375 ____A C:\Users\Andrew\Downloads\Whores on the 14th - Katie St. Ives.mp4
2013-04-25 22:13 - 2013-04-25 21:41 - 1896447487 ____A C:\Users\Andrew\Downloads\fa-cassie-hills-1280x720-01.wmv
2013-04-25 21:50 - 2013-04-25 21:41 - 117157954 ____A C:\Users\Andrew\Downloads\samantha-320x240_fla-01.wmv
2013-04-25 21:28 - 2013-04-25 21:15 - 964476299 ____A C:\Users\Andrew\Downloads\fa-jolee2-1280x720-01.wmv
2013-04-25 21:12 - 2013-04-25 20:48 - 1306905857 ____A C:\Users\Andrew\Downloads\fa-kylie-1280x720-01.wmv
2013-04-25 20:48 - 2013-04-25 20:17 - 1311777929 ____A C:\Users\Andrew\Downloads\fa-brittney-stevens-1280x720-01.wmv
2013-04-25 20:41 - 2013-04-25 20:08 - 1322884545 ____A C:\Users\Andrew\Downloads\jordan_james-1280x720-01.wmv
2013-04-25 20:11 - 2013-04-25 19:46 - 1814191063 ____A C:\Users\Andrew\Downloads\fa-amy-lee-1280x720-01.wmv
2013-04-25 19:29 - 2013-04-25 19:14 - 901435531 ____A C:\Users\Andrew\Downloads\fa-rosalyn-winter-1280x720-01.wmv
2013-04-25 11:17 - 2013-04-25 10:36 - 1616572821 ____A C:\Users\Andrew\Downloads\fa-allie-foster2-1280x720-01.wmv
2013-04-25 11:07 - 2013-04-25 10:46 - 1274729551 ____A C:\Users\Andrew\Downloads\fa-crissy-moon-1280x720-01.wmv
2013-04-24 18:26 - 2013-04-24 15:38 - 1856527477 ____A C:\Users\Andrew\Downloads\fa-zoe-holloway-1280x720-01.wmv
2013-04-24 18:23 - 2013-04-24 15:07 - 1558108241 ____A C:\Users\Andrew\Downloads\fa-mimi-rayne-1280x720-01.wmv
2013-04-24 18:22 - 2013-04-24 15:33 - 1408674853 ____A C:\Users\Andrew\Downloads\fa-beverly-hills-1280x720-01.wmv
2013-04-24 18:07 - 2013-04-24 14:56 - 1896214782 ____A C:\Users\Andrew\Downloads\fa-jordyn-peaks-1920x1080-01.wmv
2013-04-24 13:34 - 2013-04-24 13:34 - 00000000 ____D C:\Users\Andrew\Desktop\Spellbound.1945.720p.BluRay.X264-AMIABLE [PublicHD]
2013-04-23 18:53 - 2013-04-23 16:28 - 1546492213 ____A C:\Users\Andrew\Downloads\belle_bond-1280x720-01.wmv
2013-04-23 18:50 - 2013-04-23 16:33 - 1380522857 ____A C:\Users\Andrew\Downloads\fa-danica-dillon-1280x720-01.wmv
2013-04-23 18:39 - 2013-04-23 15:43 - 1523716249 ____A C:\Users\Andrew\Downloads\fa-the-sexxxtons-1280x720-01.wmv
2013-04-23 18:37 - 2013-04-23 15:32 - 1640605078 ____A C:\Users\Andrew\Downloads\fa-nala-1920x1080-01.wmv
2013-04-23 18:34 - 2013-04-23 15:50 - 1544572143 ____A C:\Users\Andrew\Downloads\maya_mckay-1280x720-01.wmv
2013-04-23 18:11 - 2013-04-23 16:31 - 954068345 ____A C:\Users\Andrew\Downloads\fa-danica-dillon2-1280x720-01.wmv
2013-04-23 09:32 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-04-22 18:26 - 2013-04-23 16:41 - 512794900 ____A C:\Users\Andrew\Downloads\last_minute_model_big.mp4
2013-04-22 17:51 - 2013-04-22 17:03 - 436125195 ____A C:\Users\Andrew\Downloads\Skye070.mp4
2013-04-21 17:14 - 2013-04-21 16:30 - 408468354 ____A C:\Users\Andrew\Downloads\massage_hi.wmv
2013-04-21 09:25 - 2013-04-21 08:57 - 227246080 ____A C:\Users\Andrew\Downloads\Big Tits Round Asses 3.avi
2013-04-21 08:54 - 2011-09-01 19:22 - 00000000 ____D C:\ProgramData\Adobe
2013-04-21 08:53 - 2012-04-01 14:01 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-04-21 08:53 - 2011-12-24 10:06 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-04-20 18:03 - 2013-04-20 17:24 - 302400998 ____A C:\Users\Andrew\Downloads\Brianna_Banks_-_Touch_Me_Sc_
2013-04-20 16:04 - 2013-04-23 15:25 - 118276152 ____A C:\Users\Andrew\Downloads\FaceslapYourself.mov
2013-04-20 03:43 - 2013-04-21 20:08 - 855419541 ____A C:\Users\Andrew\Downloads\Madison Scott - Old Timer Happy Ending.wmv
2013-04-19 15:23 - 2013-04-19 14:23 - 539889664 ____A C:\Users\Andrew\Downloads\nr033.mpg
2013-04-19 13:53 - 2013-04-19 13:36 - 151476510 ____A C:\Users\Andrew\Downloads\nr032.avi
2013-04-19 13:15 - 2013-04-19 12:44 - 284239144 ____A C:\Users\Andrew\Downloads\nr049.mpg
2013-04-19 12:34 - 2013-04-19 11:55 - 356583424 ____A C:\Users\Andrew\Downloads\Rachel Roxxx - College Invasion 12 (Scene 6).avi
2013-04-19 11:36 - 2013-04-19 11:09 - 193642086 ____A C:\Users\Andrew\Downloads\nr070.avi
2013-04-19 11:01 - 2013-04-19 09:57 - 463495270 ____A C:\Users\Andrew\Downloads\Eva Angelina - Deviance scene 1.avi
2013-04-19 06:21 - 2013-04-19 06:21 - 00000000 ____D C:\Users\Andrew\AppData\Local\{8B5DB727-358D-4852-930B-A5E2F39BBD00}
2013-04-19 06:21 - 2013-03-21 09:45 - 00000000 ____D C:\Users\Andrew\AppData\Local\Windows Live
2013-04-17 10:07 - 2013-04-17 08:03 - 380371778 ____A C:\Users\Andrew\Downloads\Ta St - Pu man Aud 12 (1995).avi
2013-04-17 07:55 - 2013-04-17 07:55 - 00003886 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-04-17 07:55 - 2013-03-21 13:27 - 00000000 ____D C:\Program Files (x86)\Java
2013-04-17 07:53 - 2013-04-17 07:53 - 00000000 ____D C:\ProgramData\McAfee
2013-04-16 21:52 - 2013-04-16 20:01 - 165259559 ____A C:\Users\Andrew\Downloads\nr181.mpg
2013-04-16 19:23 - 2013-04-16 18:57 - 220629566 ____A C:\Users\Andrew\Downloads\nr017.avi
2013-04-16 17:53 - 2013-04-16 15:48 - 890587219 ____A C:\Users\Andrew\Downloads\nr009.mp4
2013-04-16 17:39 - 2013-04-16 15:49 - 333072384 ____A C:\Users\Andrew\Downloads\NyleCaution.avi
2013-04-16 15:36 - 2013-04-16 14:54 - 319943015 ____A C:\Users\Andrew\Downloads\2890_03_big.mp4
2013-04-16 14:48 - 2013-04-16 14:22 - 228595084 ____A C:\Users\Andrew\Downloads\Jewel_DeNyle-Super_Sex_Girl.avi
2013-04-16 07:46 - 2013-04-17 09:28 - 382199434 ____A C:\Users\Andrew\Downloads\michaels.mp4
2013-04-12 13:03 - 2013-04-12 13:03 - 22816850 ____A C:\Users\Andrew\Downloads\AnalFanatic2.mov
2013-04-12 06:45 - 2013-04-23 10:12 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-10 22:58 - 2013-04-10 21:17 - 686689865 ____A C:\Users\Andrew\Downloads\Nicole.Ray-JC.jan10.700p_pornfactor.net_.wmv
2013-04-10 20:56 - 2013-04-10 19:58 - 502560537 ____A C:\Users\Andrew\Downloads\jc_alanahrae-wmvFullHigh-1.wmv
2013-04-10 16:32 - 2013-04-10 16:14 - 875562340 ____A C:\Users\Andrew\Downloads\cock-hits-the-spot-2-scene4.720p.mp4
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-05-09 20:14:40
==================== Memory info ===========================
Percentage of memory in use: 11%
Total physical RAM: 7657.91 MB
Available physical RAM: 6778.26 MB
Total Pagefile: 7656.11 MB
Available Pagefile: 6770.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:680.98 GB) (Free:159.76 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:17.37 GB) (Free:1.9 GB) NTFS (Disk=0 Partition=3) ==>[system with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 (Disk=0 Partition=4)
Drive g: (50637) (CDROM) (Total:3.59 GB) (Free:0 GB) CDFS
Drive h: (STORE N GO) (Removable) (Total:3.83 GB) (Free:3.83 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 5A01AB4C)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=681 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 9BAD4F6E)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0C)
Last Boot: 2013-05-05 16:09
==================== End Of Log ============================
-
My Windows 7 laptop was hit yesterday by the Moneypak virus and I'm unable to get into any of the safe modes to get rid of it. When I log in normally it locks up and when I try to log in with any of the safe modes it automatically logs off and reboots the computer.
Any attempts at system restore didn't work either. Any help is much appreciated.
Moneypak Virus, need fixlist.txt
in Resolved Malware Removal Logs
Posted
Can't get to my desktop in either normal or safe mode thanks to the Moneypak, so I'm running this from the command prompt under Repair Your Computer, and no addition.txt was created.
Here's the new log.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-KNII173 on 05-10-2013 13:52:42
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-21] (IDT, Inc.)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2013-09-28] (Synaptics Incorporated)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1111568 2011-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [197152 2011-02-10] (Trend Micro Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-09-13] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] - [x]
HKU\Andrew\...\Run: [GoogleChromeAutoLaunch_AF2E2510EC2DA94726BF08BC757DFE33] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [844752 2013-09-26] (Google Inc.)
HKU\Andrew\...\Winlogon: [shell] explorer.exe,C:\Users\Andrew\AppData\Roaming\data.dat [85504 2013-08-01] () <==== ATTENTION
BootExecute: autocheck autochk * r݂,autocheck autochk * ݂Ꮼچ
==================== Services (Whitelisted) =================
S4 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-08-31] (Adobe Systems Incorporated)
S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-24] (CyberLink)
S2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1164328 2013-09-09] (iolo technologies, LLC)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]
==================== Drivers (Whitelisted) ====================
S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation)
S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-08-08] (Trend Micro Inc.)
S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-08-08] (Trend Micro Inc.)
S2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-08-08] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-08-08] (Trend Micro Inc.)
S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-04 18:26 - 2013-10-04 18:26 - 00000000 ____D C:\FRST
2013-10-04 13:51 - 2013-10-04 15:39 - 00000004 _____ C:\Users\Andrew\AppData\Roaming\settings.ini
2013-10-04 13:00 - 2013-10-04 13:00 - 00262144 _____ C:\Windows\Minidump\100413-43040-01.dmp
2013-10-02 19:58 - 2013-10-02 19:58 - 00000000 ____D C:\Users\Andrew\Desktop\Nausicaa.Of.The.Valley.Of.The.Wind.1984.x264.AC3.4AUDIO-WAF
2013-10-02 18:03 - 2013-10-03 10:58 - 3741257391 _____ C:\Users\Andrew\Desktop\Miyazaki - Laputa Castle in the sky.mkv
2013-10-02 10:10 - 2013-10-02 10:11 - 18182900 _____ C:\Users\Andrew\Downloads\P1E.mov
2013-10-02 09:54 - 2013-10-02 12:30 - 478707868 _____ C:\Users\Andrew\Downloads\LABLKOTs5.mp4
2013-10-02 09:47 - 2013-10-02 15:52 - 596432818 _____ C:\Users\Andrew\Downloads\GL85s3-DD54O.mp4
2013-10-01 14:17 - 2013-10-01 14:17 - 00003288 ____N C:\bootsqm.dat
2013-10-01 13:59 - 2013-10-01 23:07 - 00015758 ____H C:\Users\Andrew\Desktop\~WRL3595.tmp
2013-10-01 13:53 - 2013-09-24 02:07 - 1725359838 _____ C:\Users\Andrew\Downloads\21792_03_720p.mp4
2013-09-30 10:48 - 2013-09-30 10:48 - 00023300 _____ C:\Users\Andrew\Downloads\The.Princess.Bride.1987.720p.BluRay.x264-REVEiLLE.4757494.TPB.torrent
2013-09-29 11:20 - 2013-09-29 11:45 - 295105297 _____ C:\Users\Andrew\Downloads\rnyaoe210.wmv
2013-09-29 11:15 - 2013-09-29 11:17 - 132497180 _____ C:\Users\Andrew\Downloads\Comedy Bang! Bang! 2013 Tour.zip
2013-09-29 08:45 - 2013-09-29 08:45 - 00000000 ____D C:\ProgramData\Synaptics
2013-09-28 14:17 - 2013-09-28 16:35 - 418250189 _____ C:\Users\Andrew\Downloads\sg_TIBLc3.mp4
2013-09-28 10:04 - 2013-09-28 10:06 - 00004414 _____ C:\Windows\DPINST.LOG
2013-09-28 10:04 - 2013-09-28 10:06 - 00001414 _____ C:\Windows\Synaptics.log
2013-09-28 10:04 - 2013-09-28 10:04 - 01451056 _____ (Synaptics Incorporated) C:\Windows\System32\Drivers\SynTP.sys
2013-09-28 10:04 - 2013-09-28 10:04 - 00276264 _____ (Synaptics Incorporated) C:\Windows\System32\SynCtrl.dll
2013-09-28 10:04 - 2013-09-28 10:04 - 00226600 _____ (Synaptics Incorporated) C:\Windows\System32\SynTPAPI.dll
2013-09-28 10:04 - 2013-09-28 10:04 - 00222504 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCtrl.dll
2013-09-28 10:04 - 2013-09-28 10:04 - 00177448 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCOM.dll
2013-09-28 10:04 - 2013-09-28 10:04 - 00148264 _____ (Synaptics Incorporated) C:\Windows\System32\SynTPCo9.dll
2013-09-28 10:04 - 2013-09-28 10:04 - 00107816 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCOM.dll
2013-09-28 10:04 - 2013-09-28 10:04 - 00066856 _____ C:\Windows\SysWOW64\SynTPEnhPS.dll
2013-09-27 10:43 - 2013-09-27 10:45 - 143794880 _____ C:\Users\Andrew\Downloads\IMG_1233.MOV
2013-09-26 20:15 - 2013-09-15 06:39 - 1368691539 _____ C:\Users\Andrew\Downloads\6HBk3PnA4T.mp4
2013-09-25 13:46 - 2013-09-25 13:46 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-09-24 13:48 - 2013-09-24 13:48 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-24 13:47 - 2013-09-24 13:48 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-24 13:47 - 2013-09-24 13:48 - 00000000 ____D C:\Program Files\iTunes
2013-09-24 13:47 - 2013-09-24 13:48 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-24 13:47 - 2013-09-24 13:47 - 00000000 ____D C:\Program Files\iPod
2013-09-24 10:27 - 2013-09-24 11:33 - 150817268 _____ C:\Users\Andrew\Downloads\tallW861.wmv
2013-09-23 07:35 - 2013-09-23 07:35 - 00000301 _____ C:\Users\Andrew\Downloads\widgets-tweet_button.html (1).torrent
2013-09-23 07:34 - 2013-09-23 07:34 - 00000301 _____ C:\Users\Andrew\Downloads\widgets-tweet_button.html.torrent
2013-09-21 08:22 - 2013-09-21 08:22 - 00002185 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk
2013-09-21 08:19 - 2013-09-21 08:19 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-09-21 08:14 - 2013-09-21 08:14 - 00059608 _____ C:\Windows\System32\GDIPFONTCACHEV1.DAT
2013-09-18 20:13 - 2013-09-18 22:15 - 347222016 _____ C:\Users\Andrew\Downloads\nr077.mpg
2013-09-13 10:37 - 2013-09-13 11:08 - 376823808 _____ C:\Users\Andrew\Downloads\nr120.mpg
2013-09-12 21:30 - 2013-09-12 22:07 - 440460420 _____ C:\Users\Andrew\Downloads\nr044.avi
2013-09-12 13:29 - 2013-07-31 05:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-09-12 13:29 - 2013-07-31 05:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-09-12 13:29 - 2013-07-31 01:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-12 13:29 - 2013-07-31 01:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 13:29 - 2013-07-31 01:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-12 13:28 - 2013-07-31 06:17 - 17833472 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-12 13:28 - 2013-07-31 05:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-12 13:28 - 2013-07-31 05:29 - 02312704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-09-12 13:28 - 2013-07-31 05:20 - 01346560 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-12 13:28 - 2013-07-31 05:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-12 13:28 - 2013-07-31 05:18 - 01494528 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-09-12 13:28 - 2013-07-31 05:17 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-09-12 13:28 - 2013-07-31 05:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-12 13:28 - 2013-07-31 05:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-09-12 13:28 - 2013-07-31 05:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-09-12 13:28 - 2013-07-31 05:13 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-09-12 13:28 - 2013-07-31 05:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-12 13:28 - 2013-07-31 05:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-12 13:28 - 2013-07-31 05:05 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-09-12 13:28 - 2013-07-31 02:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 13:28 - 2013-07-31 02:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 13:28 - 2013-07-31 02:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 13:28 - 2013-07-31 01:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 13:28 - 2013-07-31 01:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-12 13:28 - 2013-07-31 01:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 13:28 - 2013-07-31 01:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-12 13:28 - 2013-07-31 01:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 13:28 - 2013-07-31 01:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 13:28 - 2013-07-31 01:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-12 13:28 - 2013-07-31 01:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 13:28 - 2013-07-31 01:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 13:28 - 2013-07-31 01:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 06:04 - 2013-08-07 17:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-09-12 06:04 - 2013-08-04 18:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2013-09-12 06:04 - 2013-08-01 18:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-09-12 06:04 - 2013-08-01 18:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-09-12 06:04 - 2013-08-01 18:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-09-12 06:04 - 2013-08-01 18:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-09-12 06:04 - 2013-08-01 18:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-09-12 06:04 - 2013-08-01 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-09-12 06:04 - 2013-08-01 18:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-09-12 06:04 - 2013-08-01 18:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-09-12 06:04 - 2013-08-01 18:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 06:04 - 2013-08-01 17:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 06:04 - 2013-08-01 17:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 06:04 - 2013-08-01 17:51 - 00085504 _____ C:\Users\Andrew\AppData\Roaming\data.dat
2013-09-12 06:04 - 2013-08-01 17:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 06:04 - 2013-08-01 17:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 06:04 - 2013-08-01 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 17:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-09-12 06:04 - 2013-08-01 16:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-09-12 06:04 - 2013-08-01 16:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 06:04 - 2013-08-01 16:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 06:04 - 2013-08-01 16:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 06:04 - 2013-08-01 16:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 06:04 - 2013-08-01 16:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 16:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 16:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 06:04 - 2013-08-01 16:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 06:04 - 2013-07-25 18:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-09-12 06:04 - 2013-07-25 18:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-09-12 06:04 - 2013-07-25 17:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 06:04 - 2013-07-25 17:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-05 19:13 - 2013-09-05 19:13 - 00020153 _____ C:\ComboFix.txt
2013-09-05 19:03 - 2013-10-04 13:00 - 00071598 _____ C:\Windows\PFRO.log
2013-09-05 18:20 - 2013-10-04 16:54 - 00262899 _____ C:\Windows\setupact.log
2013-09-05 18:20 - 2013-09-05 18:20 - 00000000 _____ C:\Windows\setuperr.log
2013-09-05 18:17 - 2013-09-05 18:19 - 00000000 ____D C:\AdwCleaner
==================== One Month Modified Files and Folders =======
2098-05-21 20:42 - 2013-01-31 00:29 - 1143474353 _____ C:\Users\Andrew\Downloads\0455hd.mp4
2013-10-04 18:26 - 2013-10-04 18:26 - 00000000 ____D C:\FRST
2013-10-04 16:54 - 2013-09-05 18:20 - 00262899 _____ C:\Windows\setupact.log
2013-10-04 16:54 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-04 16:21 - 2013-03-21 21:50 - 01941825 _____ C:\Windows\WindowsUpdate.log
2013-10-04 16:21 - 2009-07-13 20:45 - 00036064 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-04 16:21 - 2009-07-13 20:45 - 00036064 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-04 15:47 - 2013-07-15 08:42 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-04 15:39 - 2013-10-04 13:51 - 00000004 _____ C:\Users\Andrew\AppData\Roaming\settings.ini
2013-10-04 15:38 - 2013-07-15 08:42 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-04 13:52 - 2011-12-15 18:23 - 00000000 ____D C:\Users\Andrew\Documents\Youcam
2013-10-04 13:33 - 2012-04-01 14:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-04 13:00 - 2013-10-04 13:00 - 00262144 _____ C:\Windows\Minidump\100413-43040-01.dmp
2013-10-04 13:00 - 2013-09-05 19:03 - 00071598 _____ C:\Windows\PFRO.log
2013-10-04 13:00 - 2013-05-12 08:54 - 00000000 ____D C:\Windows\Minidump
2013-10-04 12:55 - 2011-12-15 19:22 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Azureus
2013-10-04 12:27 - 2011-12-15 16:24 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AC47C312-F710-4A38-A019-33A44B055B1F}
2013-10-03 11:21 - 2013-02-17 20:43 - 00000000 ____D C:\Users\Andrew\Documents\New folder
2013-10-03 11:21 - 2012-01-04 21:30 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\vlc
2013-10-03 10:58 - 2013-10-02 18:03 - 3741257391 _____ C:\Users\Andrew\Desktop\Miyazaki - Laputa Castle in the sky.mkv
2013-10-02 19:58 - 2013-10-02 19:58 - 00000000 ____D C:\Users\Andrew\Desktop\Nausicaa.Of.The.Valley.Of.The.Wind.1984.x264.AC3.4AUDIO-WAF
2013-10-02 18:52 - 2013-07-15 08:43 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-02 15:52 - 2013-10-02 09:47 - 596432818 _____ C:\Users\Andrew\Downloads\GL85s3-DD54O.mp4
2013-10-02 12:30 - 2013-10-02 09:54 - 478707868 _____ C:\Users\Andrew\Downloads\LABLKOTs5.mp4
2013-10-02 12:27 - 2013-04-05 16:56 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAndrew
2013-10-02 12:27 - 2013-04-05 16:56 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForAndrew.job
2013-10-02 10:11 - 2013-10-02 10:10 - 18182900 _____ C:\Users\Andrew\Downloads\P1E.mov
2013-10-01 23:08 - 2012-10-05 07:27 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\SoftGrid Client
2013-10-01 23:07 - 2013-10-01 13:59 - 00015758 ____H C:\Users\Andrew\Desktop\~WRL3595.tmp
2013-10-01 14:21 - 2013-03-21 19:50 - 00000000 ___HD C:\users\Andrew
2013-10-01 14:17 - 2013-10-01 14:17 - 00003288 ____N C:\bootsqm.dat
2013-09-30 10:48 - 2013-09-30 10:48 - 00023300 _____ C:\Users\Andrew\Downloads\The.Princess.Bride.1987.720p.BluRay.x264-REVEiLLE.4757494.TPB.torrent
2013-09-29 11:45 - 2013-09-29 11:20 - 295105297 _____ C:\Users\Andrew\Downloads\rnyaoe210.wmv
2013-09-29 11:17 - 2013-09-29 11:15 - 132497180 _____ C:\Users\Andrew\Downloads\Comedy Bang! Bang! 2013 Tour.zip
2013-09-29 08:45 - 2013-09-29 08:45 - 00000000 ____D C:\ProgramData\Synaptics
2013-09-28 16:35 - 2013-09-28 14:17 - 418250189 _____ C:\Users\Andrew\Downloads\sg_TIBLc3.mp4
2013-09-28 10:09 - 2011-12-24 10:16 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-09-28 10:08 - 2011-09-01 19:18 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-09-28 10:08 - 2011-09-01 19:05 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-09-28 10:07 - 2011-02-10 11:23 - 00000000 ____D C:\SWSetup
2013-09-28 10:06 - 2013-09-28 10:04 - 00004414 _____ C:\Windows\DPINST.LOG
2013-09-28 10:06 - 2013-09-28 10:04 - 00001414 _____ C:\Windows\Synaptics.log
2013-09-28 10:04 - 2013-09-28 10:04 - 01451056 _____ (Synaptics Incorporated) C:\Windows\System32\Drivers\SynTP.sys
2013-09-28 10:04 - 2013-09-28 10:04 - 00276264 _____ (Synaptics Incorporated) C:\Windows\System32\SynCtrl.dll
2013-09-28 10:04 - 2013-09-28 10:04 - 00226600 _____ (Synaptics Incorporated) C:\Windows\System32\SynTPAPI.dll
2013-09-28 10:04 - 2013-09-28 10:04 - 00222504 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCtrl.dll
2013-09-28 10:04 - 2013-09-28 10:04 - 00177448 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCOM.dll
2013-09-28 10:04 - 2013-09-28 10:04 - 00148264 _____ (Synaptics Incorporated) C:\Windows\System32\SynTPCo9.dll
2013-09-28 10:04 - 2013-09-28 10:04 - 00107816 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCOM.dll
2013-09-28 10:04 - 2013-09-28 10:04 - 00066856 _____ C:\Windows\SysWOW64\SynTPEnhPS.dll
2013-09-28 10:04 - 2010-12-16 18:26 - 00411944 _____ (Synaptics Incorporated) C:\Windows\System32\SynCOM.dll
2013-09-28 09:57 - 2012-01-06 17:25 - 00000000 _____ C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-09-27 10:45 - 2013-09-27 10:43 - 143794880 _____ C:\Users\Andrew\Downloads\IMG_1233.MOV
2013-09-25 14:00 - 2013-03-14 12:11 - 00000000 ____D C:\Users\Andrew\AppData\Local\Microsoft Games
2013-09-25 13:46 - 2013-09-25 13:46 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-09-24 13:48 - 2013-09-24 13:48 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-24 13:48 - 2013-09-24 13:47 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-24 13:48 - 2013-09-24 13:47 - 00000000 ____D C:\Program Files\iTunes
2013-09-24 13:48 - 2013-09-24 13:47 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-24 13:47 - 2013-09-24 13:47 - 00000000 ____D C:\Program Files\iPod
2013-09-24 11:33 - 2013-09-24 10:27 - 150817268 _____ C:\Users\Andrew\Downloads\tallW861.wmv
2013-09-24 02:07 - 2013-10-01 13:53 - 1725359838 _____ C:\Users\Andrew\Downloads\21792_03_720p.mp4
2013-09-23 07:35 - 2013-09-23 07:35 - 00000301 _____ C:\Users\Andrew\Downloads\widgets-tweet_button.html (1).torrent
2013-09-23 07:34 - 2013-09-23 07:34 - 00000301 _____ C:\Users\Andrew\Downloads\widgets-tweet_button.html.torrent
2013-09-23 06:37 - 2012-04-01 14:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-23 06:37 - 2012-04-01 14:01 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-23 06:37 - 2011-12-24 10:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-21 08:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2013-09-21 08:23 - 2011-09-01 19:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-21 08:22 - 2013-09-21 08:22 - 00002185 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk
2013-09-21 08:19 - 2013-09-21 08:19 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-09-21 08:18 - 2011-09-01 19:27 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2013-09-21 08:14 - 2013-09-21 08:14 - 00059608 _____ C:\Windows\System32\GDIPFONTCACHEV1.DAT
2013-09-18 22:15 - 2013-09-18 20:13 - 347222016 _____ C:\Users\Andrew\Downloads\nr077.mpg
2013-09-17 13:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-09-15 08:43 - 2009-07-13 21:08 - 00032584 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-15 06:39 - 2013-09-26 20:15 - 1368691539 _____ C:\Users\Andrew\Downloads\6HBk3PnA4T.mp4
2013-09-13 11:08 - 2013-09-13 10:37 - 376823808 _____ C:\Users\Andrew\Downloads\nr120.mpg
2013-09-13 06:24 - 2013-07-22 16:41 - 00000000 ____D C:\ProgramData\iolo
2013-09-12 22:07 - 2013-09-12 21:30 - 440460420 _____ C:\Users\Andrew\Downloads\nr044.avi
2013-09-12 20:50 - 2013-09-12 19:29 - 198574080 _____ C:\Users\Andrew\Downloads\ashblue0065.avi
2013-09-12 20:07 - 2013-07-22 16:43 - 00002219 _____ C:\Users\Andrew\Desktop\System Mechanic.lnk
2013-09-12 13:59 - 2009-07-13 20:45 - 00273872 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-12 13:35 - 2013-08-14 23:04 - 00000000 ____D C:\Windows\System32\MRT
2013-09-12 13:35 - 2013-03-21 22:14 - 00811080 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-12 13:35 - 2012-10-05 07:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-12 13:30 - 2013-03-22 13:28 - 79143768 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-09-09 14:26 - 2013-07-22 16:43 - 00057584 _____ (iolo technologies, LLC) C:\Windows\System32\iolobtdfg.exe
2013-09-09 14:26 - 2013-07-22 16:43 - 00026184 _____ (iolo technologies, LLC) C:\Windows\System32\smrgdf.exe
2013-09-09 14:08 - 2013-07-22 16:43 - 02155152 _____ (iolo technologies, LLC) C:\Windows\System32\Incinerator64.dll
2013-09-09 14:08 - 2013-07-22 16:43 - 02097984 _____ (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll
2013-09-05 19:13 - 2013-09-05 19:13 - 00020153 _____ C:\ComboFix.txt
2013-09-05 19:13 - 2013-07-15 00:58 - 00000000 ____D C:\Qoobox
2013-09-05 19:04 - 2009-07-13 18:34 - 00000215 ____N C:\Windows\system.ini
2013-09-05 18:23 - 2013-07-15 06:49 - 05120804 ____R (Swearware) C:\Users\Andrew\Desktop\ComboFix.exe
2013-09-05 18:20 - 2013-09-05 18:20 - 00000000 _____ C:\Windows\setuperr.log
2013-09-05 18:19 - 2013-09-05 18:17 - 00000000 ____D C:\AdwCleaner
2013-09-05 12:21 - 2012-11-04 21:52 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForANDREW-HP$.job
2013-09-05 12:21 - 2012-10-21 21:38 - 00003220 _____ C:\Windows\System32\Tasks\HPCeeScheduleForANDREW-HP$
Files to move or delete:
====================
C:\Users\Andrew\AppData\Roaming\data.dat
C:\Users\Andrew\AppData\Roaming\settings.ini
ZeroAccess:
C:\Users\Andrew\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
C:\Users\Andrew\AppData\Roaming\i.ini
Some content of TEMP:
====================
C:\Users\Andrew\AppData\Local\Temp\hnmguagknaidfmjwnyu.bfg
C:\Users\Andrew\AppData\Local\Temp\i4jdel0.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 10%
Total physical RAM: 7657.91 MB
Available physical RAM: 6819.93 MB
Total Pagefile: 7656.11 MB
Available Pagefile: 6804.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:680.98 GB) (Free:6.44 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:17.37 GB) (Free:1.9 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive h: (STORE N GO) (Removable) (Total:3.83 GB) (Free:3.83 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 5A01AB4C)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=681 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 9BAD4F6E)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0C)
LastRegBack: 2013-09-24 13:16
==================== End Of Log ============================