hikittie

Ok, here is the log from the security check: Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Kaspersky Anti-Virus Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 37 Java 7 Update 9 Java version out of Date! Adobe Reader XI Google Chrome 29.0.1547.57 Google Chrome 29.0.1547.62 ````````Process Check: objlist.exe by Laurent```````` Kaspersky Lab Kaspersky Anti-Virus 2012 x64 klwtblfs.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````

Everything seems to be running good. Here is the log from adw cleaner: # AdwCleaner v3.001 - Report created 28/08/2013 at 11:56:05 # Updated 24/08/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Mike - LENOVO # Running from : C:\Users\Mike\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Babylon [!] Folder Deleted : C:\ProgramData\BrowserDefender Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Program Files (x86)\Movdap Folder Deleted : C:\Users\Mike\AppData\LocalLow\delta Folder Deleted : C:\Users\Mike\AppData\Roaming\Babylon Folder Deleted : C:\Users\Mike\AppData\Roaming\Movdap Folder Deleted : C:\Users\Mike\AppData\Roaming\search protection Folder Deleted : C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender File Deleted : C:\END File Deleted : C:\windows\System32\Tasks\BrowserDefendert ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS Key Deleted : HKCU\Software\5a53d888b635be44 Key Deleted : HKLM\SOFTWARE\5a53d888b635be44 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\APN PIP [#] Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\Delta Key Deleted : HKCU\Software\InstallCore Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\Delta ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 -\\ Google Chrome v29.0.1547.57 [ File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : homepage Deleted : icon_url Deleted : search_url Deleted : keyword Deleted : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [4481 octets] - [28/08/2013 11:44:22] AdwCleaner[s0].txt - [4164 octets] - [28/08/2013 11:56:05] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4224 octets] ########## Here is the log from malawarebytes: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.28.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Mike :: LENOVO [administrator] 8/28/2013 12:04:44 PM mbam-log-2013-08-28 (12-04-44).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 223761 Time elapsed: 4 minute(s), 17 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\Mike\Local Settings\Temporary Internet Files\Content.IE5\DFCDIQ4B\pack[1].7z (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully. C:\Users\Mike\Local Settings\Temporary Internet Files\Content.IE5\DFCDIQ4B\WebCakesetup[1].exe (PUP.Optional.Yontoo) -> Quarantined and deleted successfully. (end)

here is the log: ComboFix 13-08-28.02 - Mike 08/28/2013 1:21.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4010.2368 [GMT -5:00] Running from: c:\users\Mike\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Kaspersky Anti-Virus *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences c:\users\Mike\AppData\Roaming\inst.exe c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender\Uninstall BrowserDefender.lnk c:\users\Mike\AppData\Roaming\vso_ts_preview.xml c:\windows\gt.exe c:\windows\s.bat c:\windows\SysWow64\Cache c:\windows\SysWow64\Cache\014dd27af2a9cf92.fb c:\windows\SysWow64\Cache\26c630d098e22dd5.fb c:\windows\SysWow64\Cache\272512937d9e61a4.fb c:\windows\SysWow64\Cache\287204568329e189.fb c:\windows\SysWow64\Cache\28bc8f716fd76a47.fb c:\windows\SysWow64\Cache\31a0997e9a5b5eb3.fb c:\windows\SysWow64\Cache\32c84fe32bb74d60.fb c:\windows\SysWow64\Cache\3917078cb68ec657.fb c:\windows\SysWow64\Cache\590ba23ce359fd0c.fb c:\windows\SysWow64\Cache\610289e025a3ee9a.fb c:\windows\SysWow64\Cache\6c59ac5e7e7a3ad0.fb c:\windows\SysWow64\Cache\6d03dad1035885d3.fb c:\windows\SysWow64\Cache\95f567698be8a182.fb c:\windows\SysWow64\Cache\ad10a52aff5e038d.fb c:\windows\SysWow64\Cache\c1fa887b03019701.fb c:\windows\SysWow64\Cache\c4d28dca2e7648be.fb c:\windows\SysWow64\Cache\cc19a0aff88a76dd.fb c:\windows\SysWow64\Cache\d201ef9910cd39de.fb c:\windows\SysWow64\Cache\d2e94710a5708128.fb c:\windows\SysWow64\Cache\d79b9dfe81484ec4.fb c:\windows\SysWow64\Cache\f20682c6be234f2a.fb c:\windows\SysWow64\Cache\f998975c9cc711ee.fb c:\windows\version.txt c:\programdata\BrowserDefender . . . . Failed to delete c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl . . . . Failed to delete c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll . . . . Failed to delete c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe . . . . Failed to delete c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings . . . . Failed to delete c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm . . . . Failed to delete c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js . . . . Failed to delete c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 . . . . Failed to delete c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 . . . . Failed to delete c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 . . . . Failed to delete c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 . . . . Failed to delete c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 . . . . Failed to delete c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 . . . . Failed to delete c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 . . . . Failed to delete c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 . . . . Failed to delete c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 . . . . Failed to delete c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 . . . . Failed to delete c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 . . . . Failed to delete c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 . . . . Failed to delete c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe . . . . Failed to delete . Infected copy of c:\windows\system32\Services.exe was found and disinfected Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_BrowserDefendert . . ((((((((((((((((((((((((( Files Created from 2013-07-28 to 2013-08-28 ))))))))))))))))))))))))))))))) . . 2013-08-28 06:29 . 2013-08-28 06:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-28 03:43 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B027194F-48D6-45B1-A3C8-B138E81D4AF3}\mpengine.dll 2013-08-27 18:48 . 2013-08-27 18:48 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-08-27 18:48 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-08-27 18:48 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-08-27 18:48 . 2013-08-27 18:48 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-08-27 18:48 . 2013-08-27 18:48 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-08-27 18:48 . 2013-05-09 08:59 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-08-27 18:48 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-08-27 18:48 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-08-27 18:48 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-08-27 18:47 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr 2013-08-27 18:47 . 2013-08-27 18:47 -------- d-----w- c:\program files\AVAST Software 2013-08-27 18:45 . 2013-08-27 18:47 -------- d-----w- c:\programdata\AVAST Software 2013-08-27 04:10 . 2013-08-27 19:52 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-08-25 22:05 . 2013-08-25 22:06 -------- d-----w- c:\programdata\vsosdk 2013-08-25 21:19 . 2009-09-02 18:44 65602 ----a-w- c:\windows\SysWow64\cook3260.dll 2013-08-25 21:19 . 2009-09-02 18:44 626688 ----a-w- c:\windows\SysWow64\vp7vfw.dll 2013-08-25 21:19 . 2009-09-02 18:44 217127 ----a-w- c:\windows\SysWow64\drv43260.dll 2013-08-25 21:19 . 2009-09-02 18:44 208935 ----a-w- c:\windows\SysWow64\drv33260.dll 2013-08-25 21:19 . 2009-09-02 18:44 176165 ----a-w- c:\windows\SysWow64\drv23260.dll 2013-08-25 21:19 . 2009-09-02 18:44 1184984 ----a-w- c:\windows\SysWow64\wvc1dmod.dll 2013-08-25 21:19 . 2009-09-02 18:44 102439 ----a-w- c:\windows\SysWow64\sipr3260.dll 2013-08-25 20:07 . 2013-08-25 20:07 -------- d-----w- C:\FRST 2013-08-25 14:54 . 2013-08-25 14:54 82816 ----a-w- c:\users\Mike\AppData\Roaming\pcouffin.sys 2013-08-25 14:54 . 2013-08-26 02:16 -------- d-----w- c:\users\Mike\AppData\Roaming\Vso 2013-08-25 14:54 . 2013-08-25 14:55 -------- d-----w- c:\programdata\VSO 2013-08-25 14:54 . 2013-08-25 14:54 -------- d-----w- c:\program files (x86)\VSO 2013-08-15 19:34 . 2013-08-25 19:02 -------- d-----w- c:\users\Mike\AppData\Roaming\Movdap 2013-08-15 19:34 . 2013-08-15 19:34 -------- d-----w- c:\program files (x86)\Movdap 2013-08-15 08:05 . 2013-08-15 08:07 -------- d-----w- c:\windows\system32\MRT 2013-08-12 02:08 . 2013-08-21 20:56 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared 2013-08-12 02:05 . 2013-08-12 02:05 -------- d-----w- c:\programdata\Symantec 2013-08-12 02:05 . 2013-08-12 02:05 -------- d-----w- c:\users\Mike\AppData\Roaming\Python-Eggs 2013-08-12 02:05 . 2013-08-12 02:05 -------- d-----w- c:\programdata\Norton 2013-08-12 02:05 . 2013-08-21 05:10 -------- d-----w- c:\users\Mike\AppData\Roaming\BitLord 2013-08-12 02:03 . 2013-08-12 02:05 -------- d-----w- c:\program files (x86)\BitLord 2 2013-08-12 02:02 . 2013-08-12 02:02 -------- d-----w- c:\windows\SysWow64\Extensions 2013-08-12 02:02 . 2013-08-12 02:02 -------- d-----w- c:\windows\SysWow64\searchplugins 2013-08-12 02:02 . 2013-08-12 02:02 -------- d-----w- c:\programdata\BrowserDefender 2013-08-12 02:02 . 2013-08-21 22:43 -------- d-----w- c:\programdata\Tarma Installer 2013-08-12 02:02 . 2013-08-12 02:02 -------- d-----w- c:\users\Mike\AppData\Roaming\Babylon 2013-08-12 02:02 . 2013-08-12 02:02 -------- d-----w- c:\programdata\Babylon 2013-08-12 01:33 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll 2013-08-12 01:33 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll 2013-08-12 01:33 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll 2013-08-12 01:33 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll 2013-08-12 01:33 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll 2013-08-12 01:33 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll 2013-08-12 01:33 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll 2013-08-12 01:31 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2013-08-12 01:31 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-08-11 04:14 . 2013-08-11 04:46 -------- d-----w- c:\programdata\AVG2013 2013-08-11 04:14 . 2013-08-11 04:14 -------- d-----w- C:\$AVG 2013-08-11 04:13 . 2013-08-11 04:18 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Avg2013 2013-08-11 04:13 . 2013-08-11 19:48 -------- d-----w- c:\program files (x86)\AVG 2013-08-11 03:58 . 2013-08-11 03:58 -------- d-----w- c:\users\Mike\AppData\Roaming\Malwarebytes 2013-08-11 03:58 . 2013-08-12 01:23 -------- d-----w- c:\users\Mike\AppData\Roaming\Search Protection 2013-08-11 03:57 . 2013-08-12 03:36 -------- d-----w- c:\users\Mike\AppData\Roaming\BitTorrent 2013-08-11 03:56 . 2013-08-11 19:48 -------- d-----w- c:\users\Mike\AppData\Roaming\SUPERAntiSpyware.com 2013-08-11 03:55 . 2013-08-15 19:11 -------- d-----w- c:\program files\SUPERAntiSpyware 2013-08-11 03:55 . 2013-08-11 03:55 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2013-08-11 03:55 . 2013-08-12 01:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-08-11 03:55 . 2013-08-11 19:48 -------- d-----w- c:\programdata\Malwarebytes 2013-08-11 03:55 . 2013-08-12 01:23 -------- d-----w- c:\programdata\MFAData 2013-08-11 03:55 . 2013-08-11 03:55 -------- d-----w- c:\users\Mike\AppData\Local\MFAData 2013-08-11 03:55 . 2013-08-11 03:55 -------- d-----w- c:\users\Mike\AppData\Local\Avg2013 2013-08-11 03:41 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2013-08-11 03:41 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-28 06:31 . 2013-08-28 06:31 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B027194F-48D6-45B1-A3C8-B138E81D4AF3}\offreg.dll 2013-08-21 04:28 . 2012-05-05 20:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-21 04:28 . 2012-05-05 20:01 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-08-15 08:05 . 2012-05-06 10:51 78161360 ----a-w- c:\windows\system32\MRT.exe 2013-07-12 08:14 . 2013-07-12 08:14 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-07-12 08:14 . 2013-07-12 08:14 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-07-12 08:14 . 2013-07-12 08:14 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-07-12 08:14 . 2013-07-12 08:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-07-12 08:14 . 2013-07-12 08:14 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-07-12 08:14 . 2013-07-12 08:14 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-07-12 08:14 . 2013-07-12 08:14 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-07-12 08:14 . 2013-07-12 08:14 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-07-12 08:14 . 2013-07-12 08:14 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-07-12 08:14 . 2013-07-12 08:14 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-07-12 08:14 . 2013-07-12 08:14 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-07-12 08:14 . 2013-07-12 08:14 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-07-12 08:14 . 2013-07-12 08:14 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-07-12 08:14 . 2013-07-12 08:14 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-07-12 08:14 . 2013-07-12 08:14 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-07-12 08:14 . 2013-07-12 08:14 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-07-12 08:14 . 2013-07-12 08:14 441856 ----a-w- c:\windows\system32\html.iec 2013-07-12 08:14 . 2013-07-12 08:14 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-07-12 08:14 . 2013-07-12 08:14 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-07-12 08:14 . 2013-07-12 08:14 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-07-12 08:14 . 2013-07-12 08:14 216064 ----a-w- c:\windows\system32\msls31.dll 2013-07-12 08:14 . 2013-07-12 08:14 197120 ----a-w- c:\windows\system32\msrating.dll 2013-07-12 08:14 . 2013-07-12 08:14 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-07-12 08:14 . 2013-07-12 08:14 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-07-12 08:14 . 2013-07-12 08:14 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-07-12 08:14 . 2013-07-12 08:14 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-07-12 08:14 . 2013-07-12 08:14 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-07-12 08:14 . 2013-07-12 08:14 81408 ----a-w- c:\windows\system32\icardie.dll 2013-07-12 08:14 . 2013-07-12 08:14 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-07-12 08:14 . 2013-07-12 08:14 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-07-12 08:14 . 2013-07-12 08:14 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-07-12 08:14 . 2013-07-12 08:14 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-07-12 08:14 . 2013-07-12 08:14 235008 ----a-w- c:\windows\system32\url.dll 2013-07-12 08:14 . 2013-07-12 08:14 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-07-12 08:14 . 2013-07-12 08:14 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-07-12 08:14 . 2013-07-12 08:14 144896 ----a-w- c:\windows\system32\wextract.exe 2013-07-12 08:14 . 2013-07-12 08:14 102912 ----a-w- c:\windows\system32\inseng.dll 2013-07-12 08:14 . 2013-07-12 08:14 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-07-12 08:14 . 2013-07-12 08:14 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-07-12 08:14 . 2013-07-12 08:14 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-07-12 08:14 . 2013-07-12 08:14 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-07-12 08:14 . 2013-07-12 08:14 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-07-12 08:14 . 2013-07-12 08:14 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-07-12 08:14 . 2013-07-12 08:14 149504 ----a-w- c:\windows\system32\occache.dll 2013-07-12 08:14 . 2013-07-12 08:14 13824 ----a-w- c:\windows\system32\mshta.exe 2013-07-12 08:14 . 2013-07-12 08:14 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-07-12 08:14 . 2013-07-12 08:14 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-07-12 08:14 . 2013-07-12 08:14 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-07-12 08:14 . 2013-07-12 08:14 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-07-12 08:12 . 2013-07-12 08:12 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-07-12 08:12 . 2013-07-12 08:12 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-07-12 08:12 . 2013-07-12 08:12 648192 ----a-w- c:\windows\system32\d3d10level9.dll 2013-07-12 08:12 . 2013-07-12 08:12 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2013-07-12 08:12 . 2013-07-12 08:12 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-07-12 08:12 . 2013-07-12 08:12 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-07-12 08:12 . 2013-07-12 08:12 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-07-12 08:12 . 2013-07-12 08:12 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-07-12 08:12 . 2013-07-12 08:12 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-07-12 08:12 . 2013-07-12 08:12 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-07-12 08:12 . 2013-07-12 08:12 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-07-12 08:12 . 2013-07-12 08:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-07-12 08:12 . 2013-07-12 08:12 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-07-12 08:12 . 2013-07-12 08:12 3928064 ----a-w- c:\windows\system32\d2d1.dll 2013-07-12 08:12 . 2013-07-12 08:12 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2013-07-12 08:12 . 2013-07-12 08:12 363008 ----a-w- c:\windows\system32\dxgi.dll 2013-07-12 08:12 . 2013-07-12 08:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-07-12 08:12 . 2013-07-12 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-07-12 08:12 . 2013-07-12 08:12 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2013-07-12 08:12 . 2013-07-12 08:12 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-07-12 08:12 . 2013-07-12 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-07-12 08:12 . 2013-07-12 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-07-12 08:12 . 2013-07-12 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-07-12 08:12 . 2013-07-12 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-07-12 08:12 . 2013-07-12 08:12 296960 ----a-w- c:\windows\system32\d3d10core.dll 2013-07-12 08:12 . 2013-07-12 08:12 293376 ----a-w- c:\windows\SysWow64\dxgi.dll 2013-07-12 08:12 . 2013-07-12 08:12 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2013-07-12 08:12 . 2013-07-12 08:12 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2013-07-12 08:12 . 2013-07-12 08:12 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-07-12 08:12 . 2013-07-12 08:12 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-07-12 08:12 . 2013-07-12 08:12 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2013-07-12 08:12 . 2013-07-12 08:12 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-07-12 08:12 . 2013-07-12 08:12 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2013-07-12 08:12 . 2013-07-12 08:12 221184 ----a-w- c:\windows\system32\UIAnimation.dll 2013-07-12 08:12 . 2013-07-12 08:12 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll 2013-07-12 08:12 . 2013-07-12 08:12 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll 2013-07-12 08:12 . 2013-07-12 08:12 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2013-07-12 08:12 . 2013-07-12 08:12 194560 ----a-w- c:\windows\system32\d3d10_1.dll 2013-07-12 08:12 . 2013-07-12 08:12 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll 2013-07-12 08:12 . 2013-07-12 08:12 1682432 ----a-w- c:\windows\system32\XpsPrint.dll 2013-07-12 08:12 . 2013-07-12 08:12 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2013-07-12 08:12 . 2013-07-12 08:12 1238528 ----a-w- c:\windows\system32\d3d10.dll 2013-07-12 08:12 . 2013-07-12 08:12 1175552 ----a-w- c:\windows\system32\FntCache.dll 2013-07-12 08:12 . 2013-07-12 08:12 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2013-07-12 08:12 . 2013-07-12 08:12 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll 2013-07-12 08:12 . 2013-07-12 08:12 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-07-12 08:12 . 2013-07-12 08:12 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EasyTether"="c:\program files (x86)\Mobile Stream\EasyTether\easytthr.exe" [2011-05-22 48648] "PC Speed Boost"="c:\program files (x86)\PC Speed Boost\PCSBLauncher.exe" [2013-03-16 107816] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-15 6581488] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2010-01-15 536576] "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-11-05 407920] "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-11-05 202096] "VitaKeyTSR"="c:\program files (x86)\EgisTec BioExcess\EgisTSR.exe" [2010-12-13 383344] "VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-02-20 329056] "YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-24 136488] "YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-24 224352] "UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504] "UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2012-10-25 206448] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] . c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Giganews Accelerator.lnk - c:\program files (x86)\Giganews Accelerator\GiganewsAccelerator.exe [2011-4-20 456192] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2011-2-25 15776] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\progra~3\BROWSE~1\261519~1.190\{C16C1~1\BrowserDefender.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x] S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys;c:\windows\SYSNATIVE\DRIVERS\kl2.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 EgisTec Service;EgisTec Service;c:\program files (x86)\EgisTec BioExcess\EgisService.exe;c:\program files (x86)\EgisTec BioExcess\EgisService.exe [x] S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x] S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys;c:\windows\SYSNATIVE\Drivers\FPSensor.sys [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys;c:\windows\SYSNATIVE\DRIVERS\easytthr.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x] S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x] S3 vmuvcflt;Vimicro USB Camera Filter;c:\windows\system32\Drivers\vmuvcflt.sys;c:\windows\SYSNATIVE\Drivers\vmuvcflt.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-08-21 07:12 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 04:28] . 2013-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 02:13] . 2013-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 02:13] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc] @="{771C7324-DA80-49D3-8017-753B0AF60951}" [HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}] 2012-02-20 02:04 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418840] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520] "Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-02-20 9769888] "EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-02-20 5908928] "Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-02-20 114688] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.2.1 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file) Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2013-08-28 01:35:06 - machine was rebooted ComboFix-quarantined-files.txt 2013-08-28 06:35 . Pre-Run: 369,367,531,520 bytes free Post-Run: 369,382,043,648 bytes free . - - End Of File - - B9DD33CAAFF1990701B14671B6FB829B

I ran that and no threats were found. Here is the system log: --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16660 Java version: 1.6.0_37 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.294000 GHz Memory total: 4204937216, free: 2515566592 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16660 Java version: 1.6.0_37 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.294000 GHz Memory total: 4204937216, free: 2537590784 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16660 Java version: 1.6.0_37 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.294000 GHz Memory total: 4204937216, free: 2546294784 Downloaded database version: v2013.08.25.05 Downloaded database version: v2013.08.06.01 Initializing... ====================== ------------ Kernel report ------------ 08/25/2013 13:40:16 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\DRIVERS\kl1.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\compbatt.sys \SystemRoot\system32\drivers\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\DRIVERS\LhdX64.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\fbfmon.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\EgisTecFF.sys \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys \SystemRoot\system32\DRIVERS\klif.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\kl2.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\klim6.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\drivers\BPntDrv.sys \SystemRoot\system32\drivers\BOOTVID.dll \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\easytthr.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\athrx.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\AcpiVpc.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\klmouflt.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\FPSensor.sys \SystemRoot\System32\Drivers\RtsUVStor.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\vm331avs.sys \SystemRoot\System32\Drivers\STREAM.SYS \SystemRoot\System32\Drivers\vmuvcflt.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\drivers\spsys.sys \??\C:\windows\system32\drivers\mbamchameleon.sys \??\C:\windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\usp10.dll \Windows\System32\comdlg32.dll \Windows\System32\clbcatq.dll \Windows\System32\ole32.dll \Windows\System32\user32.dll \Windows\System32\iertutil.dll \Windows\System32\imm32.dll \Windows\System32\sechost.dll \Windows\System32\ws2_32.dll \Windows\System32\lpk.dll \Windows\System32\wininet.dll \Windows\System32\setupapi.dll \Windows\System32\kernel32.dll \Windows\System32\shell32.dll \Windows\System32\Wldap32.dll \Windows\System32\nsi.dll \Windows\System32\urlmon.dll \Windows\System32\oleaut32.dll \Windows\System32\msvcrt.dll \Windows\System32\rpcrt4.dll \Windows\System32\psapi.dll \Windows\System32\advapi32.dll \Windows\System32\shlwapi.dll \Windows\System32\msctf.dll \Windows\System32\imagehlp.dll \Windows\System32\difxapi.dll \Windows\System32\gdi32.dll \Windows\System32\normaliz.dll \Windows\System32\devobj.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\wintrust.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\cfgmgr32.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\KernelBase.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\comctl32.dll \Windows\System32\crypt32.dll \Windows\System32\msasn1.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa8008801060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007e\ Lower Device Object: 0xfffffa8008815b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8006641060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa8004ad4050 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8006641060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006641ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006642040, DeviceName: Unknown, DriverName: \Driver\LHDmgr\ DevicePointer: 0xfffffa8006641060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8004ad4050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\LHDmgr\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 8AEFE21C Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 409600 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 411648 Numsec = 884609024 Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 885020672 Numsec = 60809216 Partition 3 type is Other (0x12) Partition is NOT ACTIVE. Partition starts at LBA: 945829888 Numsec = 30943280 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)... Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa8008801060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8008801b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8008801060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8008815b60, DeviceName: \Device\0000007e\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 8619E90 Partition information: Partition 0 type is Other (0x6) Partition is ACTIVE. Partition starts at LBA: 128 Numsec = 3911552 Partition file system is FAT Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 2002780160 bytes Sector size: 512 bytes Done! Infected: C:\Users\Mike\AppData\Roaming\Movdap\WebCakeDesktop.exe --> [Adware.WebCake] Infected: C:\Users\Mike\AppData\Local\Temp\SetupToparcadehits.exe --> [Adware.GameVance] Infected: C:\Users\Mike\AppData\Local\Temp\uxyyaxmqpjsxdvquuff.dll --> [Heuristics.Shuriken] Infected: C:\Users\Mike\AppData\Local\YRmcSvB2N\WRHUZ4gRTR9.dll --> [Heuristics.Shuriken] Scan finished Creating System Restore point... Cleaning up... Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_1_0_128_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16660 Java version: 1.6.0_37 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.294000 GHz Memory total: 4204937216, free: 3096850432 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16660 Java version: 1.6.0_37 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.294000 GHz Memory total: 4204937216, free: 2638897152 Initializing... ====================== ------------ Kernel report ------------ 08/25/2013 14:07:51 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\imofugc.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\DRIVERS\kl1.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\compbatt.sys \SystemRoot\system32\drivers\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\DRIVERS\LhdX64.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\fbfmon.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\EgisTecFF.sys \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys \SystemRoot\system32\DRIVERS\klif.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\kl2.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\klim6.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\drivers\BPntDrv.sys \SystemRoot\system32\drivers\BOOTVID.dll \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\easytthr.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\athrx.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\AcpiVpc.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\klmouflt.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\Drivers\FPSensor.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\RtsUVStor.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\vm331avs.sys \SystemRoot\System32\Drivers\STREAM.SYS \SystemRoot\System32\Drivers\vmuvcflt.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\drivers\spsys.sys \??\C:\windows\system32\drivers\mbamchameleon.sys \??\C:\windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\rpcrt4.dll \Windows\System32\urlmon.dll \Windows\System32\shell32.dll \Windows\System32\difxapi.dll \Windows\System32\nsi.dll \Windows\System32\psapi.dll \Windows\System32\wininet.dll \Windows\System32\Wldap32.dll \Windows\System32\iertutil.dll \Windows\System32\imagehlp.dll \Windows\System32\ole32.dll \Windows\System32\user32.dll \Windows\System32\setupapi.dll \Windows\System32\gdi32.dll \Windows\System32\oleaut32.dll \Windows\System32\comdlg32.dll \Windows\System32\advapi32.dll \Windows\System32\msctf.dll \Windows\System32\usp10.dll \Windows\System32\lpk.dll \Windows\System32\clbcatq.dll \Windows\System32\ws2_32.dll \Windows\System32\sechost.dll \Windows\System32\imm32.dll \Windows\System32\normaliz.dll \Windows\System32\msvcrt.dll \Windows\System32\kernel32.dll \Windows\System32\shlwapi.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\cfgmgr32.dll \Windows\System32\comctl32.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\KernelBase.dll \Windows\System32\devobj.dll \Windows\System32\wintrust.dll \Windows\System32\crypt32.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\msasn1.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa8007d5e790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007d\ Lower Device Object: 0xfffffa8007b61b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8006660060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa8004af3050 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8006660060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006660b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006661040, DeviceName: Unknown, DriverName: \Driver\LHDmgr\ DevicePointer: 0xfffffa8006660060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8004af3050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\LHDmgr\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 8AEFE21C Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 409600 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 411648 Numsec = 884609024 Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 885020672 Numsec = 60809216 Partition 3 type is Other (0x12) Partition is NOT ACTIVE. Partition starts at LBA: 945829888 Numsec = 30943280 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)... Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa8007d5e790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007b63b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007d5e790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8007b61b60, DeviceName: \Device\0000007d\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 8619E90 Partition information: Partition 0 type is Other (0x6) Partition is ACTIVE. Partition starts at LBA: 128 Numsec = 3911552 Partition file system is FAT Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 2002780160 bytes Sector size: 512 bytes Done! Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_1_0_128_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16660 Java version: 1.6.0_37 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.294000 GHz Memory total: 4204937216, free: 2934382592 Downloaded database version: v2013.08.25.06 Downloaded database version: v2013.08.26.01 Downloaded database version: v2013.08.26.02 Downloaded database version: v2013.08.26.03 Downloaded database version: v2013.08.26.04 Downloaded database version: v2013.08.26.05 Downloaded database version: v2013.08.26.06 Downloaded database version: v2013.08.27.01 ======================================= Initializing... ------------ Kernel report ------------ 08/26/2013 23:10:29 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\DRIVERS\kl1.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\compbatt.sys \SystemRoot\system32\drivers\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\DRIVERS\LhdX64.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\fbfmon.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys \SystemRoot\system32\DRIVERS\klif.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\kl2.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\klim6.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\drivers\BPntDrv.sys \SystemRoot\system32\drivers\BOOTVID.dll \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\easytthr.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\athrx.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\AcpiVpc.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\klmouflt.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\vm331avs.sys \SystemRoot\System32\Drivers\STREAM.SYS \SystemRoot\System32\Drivers\vmuvcflt.sys \SystemRoot\System32\Drivers\FPSensor.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\Drivers\RtsUVStor.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \??\C:\windows\system32\drivers\mbamchameleon.sys \??\C:\windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\ws2_32.dll \Windows\System32\normaliz.dll \Windows\System32\lpk.dll \Windows\System32\gdi32.dll \Windows\System32\kernel32.dll \Windows\System32\user32.dll \Windows\System32\setupapi.dll \Windows\System32\comdlg32.dll \Windows\System32\difxapi.dll \Windows\System32\nsi.dll \Windows\System32\psapi.dll \Windows\System32\msvcrt.dll \Windows\System32\Wldap32.dll \Windows\System32\imm32.dll \Windows\System32\clbcatq.dll \Windows\System32\iertutil.dll \Windows\System32\oleaut32.dll \Windows\System32\shlwapi.dll \Windows\System32\wininet.dll \Windows\System32\urlmon.dll \Windows\System32\shell32.dll \Windows\System32\sechost.dll \Windows\System32\imagehlp.dll \Windows\System32\rpcrt4.dll \Windows\System32\ole32.dll \Windows\System32\msctf.dll \Windows\System32\advapi32.dll \Windows\System32\usp10.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\KernelBase.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\cfgmgr32.dll \Windows\System32\devobj.dll \Windows\System32\wintrust.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\crypt32.dll \Windows\System32\comctl32.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\msasn1.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8006641060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa8004ad2050 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8006641060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006642b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006642040, DeviceName: Unknown, DriverName: \Driver\LHDmgr\ DevicePointer: 0xfffffa8006641060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8004ad2050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\LHDmgr\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 8AEFE21C Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 409600 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 411648 Numsec = 884609024 Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 885020672 Numsec = 60809216 Partition 3 type is Other (0x12) Partition is NOT ACTIVE. Partition starts at LBA: 945829888 Numsec = 30943280 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)... Done! Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16660 Java version: 1.6.0_37 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.294000 GHz Memory total: 4204937216, free: 2856382464 Downloaded database version: v2013.08.27.02 Downloaded database version: v2013.08.27.03 Downloaded database version: v2013.08.27.04 Downloaded database version: v2013.08.27.05 Downloaded database version: v2013.08.27.06 Downloaded database version: v2013.08.27.07 Initializing... ====================== ------------ Kernel report ------------ 08/27/2013 13:37:05 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\DRIVERS\kl1.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\compbatt.sys \SystemRoot\system32\drivers\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\DRIVERS\LhdX64.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\fbfmon.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys \SystemRoot\system32\DRIVERS\klif.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\kl2.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\klim6.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\drivers\BPntDrv.sys \SystemRoot\system32\drivers\BOOTVID.dll \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\easytthr.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\athrx.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\AcpiVpc.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\klmouflt.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\FPSensor.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\Drivers\RtsUVStor.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\vm331avs.sys \SystemRoot\System32\Drivers\STREAM.SYS \SystemRoot\System32\Drivers\vmuvcflt.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\System32\ATMFD.DLL \??\C:\windows\system32\drivers\mbamchameleon.sys \??\C:\windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\user32.dll \Windows\System32\sechost.dll \Windows\System32\rpcrt4.dll \Windows\System32\imagehlp.dll \Windows\System32\lpk.dll \Windows\System32\oleaut32.dll \Windows\System32\msvcrt.dll \Windows\System32\advapi32.dll \Windows\System32\shlwapi.dll \Windows\System32\nsi.dll \Windows\System32\urlmon.dll \Windows\System32\ole32.dll \Windows\System32\setupapi.dll \Windows\System32\msctf.dll \Windows\System32\kernel32.dll \Windows\System32\comdlg32.dll \Windows\System32\psapi.dll \Windows\System32\usp10.dll \Windows\System32\shell32.dll \Windows\System32\imm32.dll \Windows\System32\normaliz.dll \Windows\System32\clbcatq.dll \Windows\System32\gdi32.dll \Windows\System32\ws2_32.dll \Windows\System32\difxapi.dll \Windows\System32\iertutil.dll \Windows\System32\wininet.dll \Windows\System32\Wldap32.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\crypt32.dll \Windows\System32\cfgmgr32.dll \Windows\System32\comctl32.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\KernelBase.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\devobj.dll \Windows\System32\wintrust.dll \Windows\System32\msasn1.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8006660060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa8004ae4050 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8006660060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006660b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006661040, DeviceName: Unknown, DriverName: \Driver\LHDmgr\ DevicePointer: 0xfffffa8006660060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8004ae4050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\LHDmgr\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 8AEFE21C Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 409600 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 411648 Numsec = 884609024 Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 885020672 Numsec = 60809216 Partition 3 type is Other (0x12) Partition is NOT ACTIVE. Partition starts at LBA: 945829888 Numsec = 30943280 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)... Done! Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam... Removal finished Here is the mbar log: Malwarebytes Anti-Rootkit BETA 1.07.0.1005 www.malwarebytes.org Database version: v2013.08.27.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Mike :: LENOVO [administrator] 8/27/2013 1:37:09 PM mbar-log-2013-08-27 (13-37-09).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 237961 Time elapsed: 9 minute(s), 41 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end)

Yes it now boots normally. Here is the fix log: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-08-2013 02 Ran by SYSTEM at 2013-08-26 22:34:46 Run:2 Running from G:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** HKU\Mike\...\Run: [p0nTMTTmzy.exe] - C:\Users\Mike\AppData\Local\ioC2Huxm\p0nTMTTmzy.exe [105584 2013-08-26] (Microsoft Corporation) HKU\Mike\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) HKU\Mike\...\Command Processor: "C:\Users\Mike\AppData\Local\ioC2Huxm\p0nTMTTmzy.exe" C:\Users\Mike\AppData\Local\caSAXudm C:\ProgramData\X7oXqMGw7v C:\Users\Mike\AppData\Local\ioC2Huxm C:\Users\Mike\AppData\Roaming\ZNwGrG7XUFm C:\Users\Mike\AppData\Local\i6ekHSXj C:\ProgramData\SiU5LTTOH C:\Users\Mike\AppData\Roaming\rp0iC0v21 C:\Users\Mike\AppData\Local\X8ZEsc7V2kZ C:\ProgramData\YY7xmJFnSL6 C:\Users\Mike\AppData\Roaming\z1Bzgv7QzYq C:\Users\Mike\AppData\Local\xV7u4vqhnX C:\ProgramData\xVhVy6Mp4UW C:\Users\Mike\AppData\Roaming\UVcZ6NsHg C:\Users\Mike\AppData\Local\LRQ1jxOK C:\ProgramData\kI8AF4Q6q C:\Users\Mike\AppData\Roaming\2GcftZ4dwZ0 C:\Users\Mike\AppData\Local\twieYeW5PTX C:\ProgramData\uCLLdt0lT C:\Users\Mike\AppData\Roaming\hfPHjweYhj C:\Users\Mike\AppData\Local\5SeeZ85Q C:\ProgramData\UpfePDK12Gm C:\Users\Mike\AppData\Roaming\YkZ7YAp7bc C:\Users\Mike\AppData\Local\ZPCuWpqR C:\ProgramData\cYNxDrHp1 C:\Users\Mike\AppData\Roaming\CFOeFY39waW C:\Users\Mike\AppData\Local\P9sOaZ4h C:\ProgramData\xIYs29uX C:\Users\Mike\AppData\Local\YRmcSvB2N C:\Users\Mike\AppData\Roaming\ummkVB1TA C:\Users\Mike\AppData\Local\3psuP0yog C:\ProgramData\kNqVKUk3K ***************** HKU\Mike\Software\Microsoft\Windows\CurrentVersion\Run\\p0nTMTTmzy.exe => Value deleted successfully. HKU\Mike\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. HKU\Mike\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully. C:\Users\Mike\AppData\Local\caSAXudm => Moved successfully. C:\ProgramData\X7oXqMGw7v => Moved successfully. C:\Users\Mike\AppData\Local\ioC2Huxm => Moved successfully. C:\Users\Mike\AppData\Roaming\ZNwGrG7XUFm => Moved successfully. C:\Users\Mike\AppData\Local\i6ekHSXj => Moved successfully. C:\ProgramData\SiU5LTTOH => Moved successfully. C:\Users\Mike\AppData\Roaming\rp0iC0v21 => Moved successfully. C:\Users\Mike\AppData\Local\X8ZEsc7V2kZ => Moved successfully. C:\ProgramData\YY7xmJFnSL6 => Moved successfully. C:\Users\Mike\AppData\Roaming\z1Bzgv7QzYq => Moved successfully. C:\Users\Mike\AppData\Local\xV7u4vqhnX => Moved successfully. C:\ProgramData\xVhVy6Mp4UW => Moved successfully. C:\Users\Mike\AppData\Roaming\UVcZ6NsHg => Moved successfully. C:\Users\Mike\AppData\Local\LRQ1jxOK => Moved successfully. C:\ProgramData\kI8AF4Q6q => Moved successfully. C:\Users\Mike\AppData\Roaming\2GcftZ4dwZ0 => Moved successfully. C:\Users\Mike\AppData\Local\twieYeW5PTX => Moved successfully. C:\ProgramData\uCLLdt0lT => Moved successfully. C:\Users\Mike\AppData\Roaming\hfPHjweYhj => Moved successfully. C:\Users\Mike\AppData\Local\5SeeZ85Q => Moved successfully. C:\ProgramData\UpfePDK12Gm => Moved successfully. C:\Users\Mike\AppData\Roaming\YkZ7YAp7bc => Moved successfully. C:\Users\Mike\AppData\Local\ZPCuWpqR => Moved successfully. C:\ProgramData\cYNxDrHp1 => Moved successfully. C:\Users\Mike\AppData\Roaming\CFOeFY39waW => Moved successfully. C:\Users\Mike\AppData\Local\P9sOaZ4h => Moved successfully. C:\ProgramData\xIYs29uX => Moved successfully. C:\Users\Mike\AppData\Local\YRmcSvB2N => Moved successfully. C:\Users\Mike\AppData\Roaming\ummkVB1TA => Moved successfully. ==== End of Fixlog ====

Here is the log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2013 02 Ran by SYSTEM on 26-08-2013 20:44:14 Running from G:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor) HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated) HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-02-19] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-02-19] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-02-19] (Lenovo) Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO) HKLM-x32\...\Run: [331BigDog] - C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro) HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.) HKLM-x32\...\Run: [VitaKeyTSR] - C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-13] (Egis Technology Inc. ) HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-02-19] (Lenovo) HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-24] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-24] (CyberLink Corp.) HKLM-x32\...\Run: [updateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.) HKLM-x32\...\Run: [updatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2012-10-24] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [ROC_roc_ssl_v12] - "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [x] HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.) HKU\Mike\...\Run: [EasyTether] - C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe [48648 2011-05-22] (Mobile Stream) HKU\Mike\...\Run: [PC Speed Boost] - C:\Program Files (x86)\PC Speed Boost\PCSBLauncher.exe [107816 2013-03-15] (PC Speed Boost) HKU\Mike\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6581488 2013-08-15] (SUPERAntiSpyware) HKU\Mike\...\Run: [p0nTMTTmzy.exe] - C:\Users\Mike\AppData\Local\ioC2Huxm\p0nTMTTmzy.exe [105584 2013-08-26] (Microsoft Corporation) HKU\Mike\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION HKU\Mike\...\Command Processor: "C:\Users\Mike\AppData\Local\ioC2Huxm\p0nTMTTmzy.exe" <===== ATTENTION! AppInit_DLLs-x32: c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll [2691536 2013-07-26] () Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Services (Whitelisted) ================= S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com) S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2012-10-24] (Kaspersky Lab ZAO) S2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2847696 2013-07-26] () ==================== Drivers (Whitelisted) ==================== S3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [20752 2011-05-22] (Mobile Stream) S0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO) S1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO) S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-10-24] (Kaspersky Lab) S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO) S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab) S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228224 2010-10-21] (Vimicro Corporation) S3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation) S3 BcmSqlStartupSvc; S2 CLKMSVC10_3A60B698; S2 CLKMSVC10_C3B3B687; S2 DriverService; S2 IAStorDataMgrSvc; S2 iATAgentService; S2 idealife Update Service; S3 IGRS; S2 IviRegMgr; S2 nvUpdatusService; S2 Oasis2Service; S2 PCCarerService; S2 ReadyComm.DirectRouter; S2 RichVideo; S2 RtLedService; S2 SeaPort; S2 SoftwareService; S3 SQLWriter; S2 Stereo Service; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-26 12:47 - 2013-08-26 12:47 - 00182272 _____ C:\Users\Mike\AppData\Local\caSAXudm 2013-08-26 12:47 - 2013-08-26 12:47 - 00182272 _____ C:\ProgramData\X7oXqMGw7v 2013-08-26 12:47 - 2013-08-26 12:47 - 00000000 ____D C:\Users\Mike\AppData\Local\ioC2Huxm 2013-08-25 14:05 - 2013-08-25 14:06 - 00000000 ____D C:\ProgramData\vsosdk 2013-08-25 13:35 - 2013-08-25 14:05 - 1330865137 _____ C:\Users\Mike\Downloads\The Heat 2013 TS x264-THC.mp4 2013-08-25 13:19 - 2013-08-25 18:16 - 00001057 _____ C:\Users\Mike\AppData\Roaming\vso_ts_preview.xml 2013-08-25 13:19 - 2013-08-25 13:19 - 00001232 _____ C:\Users\Mike\Desktop\ConvertXtoDVD 4.lnk 2013-08-25 13:19 - 2009-09-02 10:44 - 01184984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc1dmod.dll 2013-08-25 13:19 - 2009-09-02 10:44 - 00626688 _____ (On2.com) C:\Windows\SysWOW64\vp7vfw.dll 2013-08-25 13:19 - 2009-09-02 10:44 - 00273408 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\Pncrt.dll 2013-08-25 13:19 - 2009-09-02 10:44 - 00217127 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\drv43260.dll 2013-08-25 13:19 - 2009-09-02 10:44 - 00208935 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\drv33260.dll 2013-08-25 13:19 - 2009-09-02 10:44 - 00176165 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\drv23260.dll 2013-08-25 13:19 - 2009-09-02 10:44 - 00102439 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\sipr3260.dll 2013-08-25 13:19 - 2009-09-02 10:44 - 00065602 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\cook3260.dll 2013-08-25 12:07 - 2013-08-25 12:07 - 00000000 ____D C:\FRST 2013-08-25 10:38 - 2013-08-25 11:35 - 00000000 ____D C:\Users\Mike\Desktop\mbar 2013-08-25 10:38 - 2013-08-25 10:38 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Mike\Downloads\mbar-1.07.0.1005.exe 2013-08-25 10:35 - 2013-08-26 09:49 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert 2013-08-25 08:32 - 2013-08-25 08:32 - 00182272 _____ C:\Users\Mike\AppData\Roaming\ZNwGrG7XUFm 2013-08-25 08:32 - 2013-08-25 08:32 - 00182272 _____ C:\Users\Mike\AppData\Local\i6ekHSXj 2013-08-25 08:32 - 2013-08-25 08:32 - 00182272 _____ C:\ProgramData\SiU5LTTOH 2013-08-25 08:31 - 2013-08-25 08:31 - 00182272 _____ C:\Users\Mike\AppData\Roaming\rp0iC0v21 2013-08-25 08:31 - 2013-08-25 08:31 - 00182272 _____ C:\Users\Mike\AppData\Local\X8ZEsc7V2kZ 2013-08-25 08:31 - 2013-08-25 08:31 - 00182272 _____ C:\ProgramData\YY7xmJFnSL6 2013-08-25 07:58 - 2013-08-25 07:58 - 00182272 _____ C:\Users\Mike\AppData\Roaming\z1Bzgv7QzYq 2013-08-25 07:58 - 2013-08-25 07:58 - 00182272 _____ C:\Users\Mike\AppData\Local\xV7u4vqhnX 2013-08-25 07:58 - 2013-08-25 07:58 - 00182272 _____ C:\ProgramData\xVhVy6Mp4UW 2013-08-25 07:56 - 2013-08-25 07:56 - 00182272 _____ C:\Users\Mike\AppData\Roaming\UVcZ6NsHg 2013-08-25 07:56 - 2013-08-25 07:56 - 00182272 _____ C:\Users\Mike\AppData\Local\LRQ1jxOK 2013-08-25 07:56 - 2013-08-25 07:56 - 00182272 _____ C:\ProgramData\kI8AF4Q6q 2013-08-25 07:50 - 2013-08-25 07:50 - 00182272 _____ C:\Users\Mike\AppData\Roaming\2GcftZ4dwZ0 2013-08-25 07:50 - 2013-08-25 07:50 - 00182272 _____ C:\Users\Mike\AppData\Local\twieYeW5PTX 2013-08-25 07:50 - 2013-08-25 07:50 - 00182272 _____ C:\ProgramData\uCLLdt0lT 2013-08-25 07:15 - 2013-08-25 07:15 - 00182272 _____ C:\Users\Mike\AppData\Roaming\hfPHjweYhj 2013-08-25 07:15 - 2013-08-25 07:15 - 00182272 _____ C:\Users\Mike\AppData\Local\5SeeZ85Q 2013-08-25 07:15 - 2013-08-25 07:15 - 00182272 _____ C:\ProgramData\UpfePDK12Gm 2013-08-25 07:03 - 2013-08-25 07:03 - 00182272 _____ C:\Users\Mike\AppData\Roaming\YkZ7YAp7bc 2013-08-25 07:03 - 2013-08-25 07:03 - 00182272 _____ C:\Users\Mike\AppData\Local\ZPCuWpqR 2013-08-25 07:03 - 2013-08-25 07:03 - 00182272 _____ C:\ProgramData\cYNxDrHp1 2013-08-25 07:01 - 2013-08-25 07:01 - 00182272 _____ C:\Users\Mike\AppData\Roaming\CFOeFY39waW 2013-08-25 07:01 - 2013-08-25 07:01 - 00182272 _____ C:\Users\Mike\AppData\Local\P9sOaZ4h 2013-08-25 07:01 - 2013-08-25 07:01 - 00182272 _____ C:\ProgramData\xIYs29uX 2013-08-25 06:58 - 2013-08-25 11:02 - 00000000 ____D C:\Users\Mike\AppData\Local\YRmcSvB2N 2013-08-25 06:58 - 2013-08-25 06:58 - 00182272 _____ C:\Users\Mike\AppData\Roaming\ummkVB1TA 2013-08-25 06:58 - 2013-08-25 06:58 - 00182272 _____ C:\Users\Mike\AppData\Local\3psuP0yog 2013-08-25 06:58 - 2013-08-25 06:58 - 00182272 _____ C:\ProgramData\kNqVKUk3K 2013-08-25 06:57 - 2013-08-25 15:02 - 00000000 ____D C:\Users\Mike\Documents\ConvertXtoDVD 2013-08-25 06:54 - 2013-08-25 18:16 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Vso 2013-08-25 06:54 - 2013-08-25 06:55 - 00000000 ____D C:\ProgramData\VSO 2013-08-25 06:54 - 2013-08-25 06:54 - 00099384 _____ C:\Users\Mike\AppData\Roaming\inst.exe 2013-08-25 06:54 - 2013-08-25 06:54 - 00082816 _____ (VSO Software) C:\Users\Mike\AppData\Roaming\pcouffin.sys 2013-08-25 06:54 - 2013-08-25 06:54 - 00007859 _____ C:\Users\Mike\AppData\Roaming\pcouffin.cat 2013-08-25 06:54 - 2013-08-25 06:54 - 00000055 _____ C:\Users\Mike\AppData\Roaming\pcouffin.log 2013-08-25 06:54 - 2013-08-25 06:54 - 00000000 ____D C:\Users\Mike\Documents\PcSetup 2013-08-25 06:54 - 2013-08-25 06:54 - 00000000 ____D C:\Program Files (x86)\VSO 2013-08-25 06:53 - 2013-08-25 06:53 - 27940440 _____ (VSO-Software ) C:\Users\Mike\Downloads\vsoConvertXtoDVD5_setup.exe 2013-08-21 14:43 - 2013-08-21 14:43 - 00003288 _____ C:\Windows\System32\Tasks\4571 2013-08-21 14:43 - 2013-08-21 14:43 - 00003194 _____ C:\Windows\System32\Tasks\0 2013-08-20 22:29 - 2013-08-20 23:30 - 751342272 _____ C:\Users\Mike\Downloads\Barbie presents Thumbelina(2009).avi 2013-08-20 22:29 - 2013-08-20 22:53 - 00000000 ____D C:\Users\Mike\Downloads\True Blood Season 5 2013-08-20 22:29 - 2013-08-20 22:45 - 721751452 _____ C:\Users\Mike\Downloads\My.Little.Pony_.Equestria.Girls.2013.720p.BluRay.x264.YIFY.mp4 2013-08-20 22:02 - 2013-08-20 22:03 - 00000000 ____D C:\Users\Mike\Downloads\Pirates vol. 2 XxX - Stagnetti's Revenge [DvdRip].avi 2013-08-20 21:16 - 2013-08-21 14:25 - 00000000 ____D C:\Users\Mike\Downloads\True Blood Season 4 2013-08-20 21:11 - 2013-08-20 21:13 - 00000000 ____D C:\Users\Mike\Downloads\Bridesmaids 2013-08-20 19:41 - 2013-08-20 19:58 - 738704034 _____ C:\Users\Mike\Downloads\s4a-beautiful.creatures.brrip.xvid.avi 2013-08-20 19:18 - 2013-08-20 19:41 - 732458544 _____ C:\Users\Mike\Downloads\The Big Wedding [2013]avi 2013-08-20 19:15 - 2013-08-20 19:33 - 794860607 _____ C:\Users\Mike\Downloads\Spring.Breakers.2012.720p.BluRay.x264.YIFY.mp4 2013-08-15 11:34 - 2013-08-25 11:02 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Movdap 2013-08-15 11:34 - 2013-08-15 11:34 - 00000000 ____D C:\Program Files (x86)\Movdap 2013-08-15 00:11 - 2013-07-25 21:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-08-15 00:11 - 2013-07-25 21:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-08-15 00:11 - 2013-07-25 21:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-08-15 00:11 - 2013-07-25 21:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-08-15 00:11 - 2013-07-25 21:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-08-15 00:11 - 2013-07-25 21:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-08-15 00:11 - 2013-07-25 21:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-08-15 00:11 - 2013-07-25 21:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-08-15 00:11 - 2013-07-25 21:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-08-15 00:11 - 2013-07-25 21:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-08-15 00:11 - 2013-07-25 21:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-08-15 00:11 - 2013-07-25 21:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-08-15 00:11 - 2013-07-25 21:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-08-15 00:11 - 2013-07-25 21:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-08-15 00:11 - 2013-07-25 19:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-08-15 00:11 - 2013-07-25 19:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-15 00:11 - 2013-07-25 19:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-15 00:11 - 2013-07-25 19:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-15 00:11 - 2013-07-25 19:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-15 00:11 - 2013-07-25 19:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-15 00:11 - 2013-07-25 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-15 00:11 - 2013-07-25 19:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-15 00:11 - 2013-07-25 19:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-15 00:11 - 2013-07-25 19:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-15 00:11 - 2013-07-25 19:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-15 00:11 - 2013-07-25 19:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-15 00:11 - 2013-07-25 19:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-15 00:11 - 2013-07-25 19:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-15 00:11 - 2013-07-25 18:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-15 00:11 - 2013-07-25 18:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-08-15 00:11 - 2013-07-25 17:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-15 00:05 - 2013-08-15 00:07 - 00000000 ____D C:\Windows\System32\MRT 2013-08-14 20:10 - 2013-08-14 20:45 - 1531953152 _____ C:\Users\Mike\Downloads\santi-sideeffects.brrip.xvid.avi 2013-08-14 19:25 - 2013-08-14 20:13 - 1711036854 _____ C:\Users\Mike\Downloads\Oz the Great and Powerful (2013) DVDRip XviD-MAXSPEED www.torentz.3xforum.ro.avi 2013-08-14 19:23 - 2013-08-14 20:42 - 1468078080 _____ C:\Users\Mike\Downloads\the canyons.avi 2013-08-14 14:32 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL 2013-08-14 14:32 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-14 14:32 - 2013-07-18 17:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll 2013-08-14 14:32 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-14 14:32 - 2013-07-08 22:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-08-14 14:32 - 2013-07-08 21:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll 2013-08-14 14:32 - 2013-07-08 21:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll 2013-08-14 14:32 - 2013-07-08 21:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2013-08-14 14:32 - 2013-07-08 21:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll 2013-08-14 14:32 - 2013-07-08 21:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-08-14 14:32 - 2013-07-08 21:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-08-14 14:32 - 2013-07-08 21:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-08-14 14:32 - 2013-07-08 21:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-14 14:32 - 2013-07-08 21:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-14 14:32 - 2013-07-08 20:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-14 14:32 - 2013-07-08 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-14 14:32 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-14 14:32 - 2013-07-08 20:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-14 14:32 - 2013-07-08 20:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-14 14:32 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-14 14:32 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-14 14:32 - 2013-07-08 18:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-14 14:32 - 2013-07-08 18:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-14 14:32 - 2013-07-08 18:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-14 14:32 - 2013-07-08 18:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-14 14:32 - 2013-07-05 22:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-08-14 14:32 - 2013-06-14 20:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys 2013-08-11 18:34 - 2013-08-11 18:34 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2013-08-11 18:05 - 2013-08-20 21:10 - 00000000 ____D C:\Users\Mike\AppData\Roaming\BitLord 2013-08-11 18:05 - 2013-08-11 18:05 - 00002027 _____ C:\Users\Mike\Desktop\BitLord.lnk 2013-08-11 18:05 - 2013-08-11 18:05 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Python-Eggs 2013-08-11 18:05 - 2013-08-11 18:05 - 00000000 ____D C:\ProgramData\Symantec 2013-08-11 18:05 - 2013-08-11 18:05 - 00000000 ____D C:\ProgramData\Norton 2013-08-11 18:04 - 2013-08-26 11:42 - 00000000 ____D C:\Users\Mike\Documents\BitLord 2013-08-11 18:03 - 2013-08-11 18:05 - 00000000 ____D C:\Program Files (x86)\BitLord 2 2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Windows\SysWOW64\searchplugins 2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Windows\SysWOW64\Extensions 2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Mozilla 2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Babylon 2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\ProgramData\BrowserDefender 2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\ProgramData\Babylon 2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-11 17:31 - 2013-04-16 23:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-08-11 17:31 - 2013-04-16 22:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-08-10 20:14 - 2013-08-10 20:46 - 00000000 ____D C:\ProgramData\AVG2013 2013-08-10 20:14 - 2013-08-10 20:14 - 00000000 ___HD C:\$AVG 2013-08-10 20:13 - 2013-08-11 11:48 - 00000000 ____D C:\Program Files (x86)\AVG 2013-08-10 19:58 - 2013-08-11 17:23 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Search Protection 2013-08-10 19:58 - 2013-08-10 19:58 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes 2013-08-10 19:57 - 2013-08-11 19:36 - 00000000 ____D C:\Users\Mike\AppData\Roaming\BitTorrent 2013-08-10 19:56 - 2013-08-11 11:48 - 00000000 ____D C:\Users\Mike\AppData\Roaming\SUPERAntiSpyware.com 2013-08-10 19:55 - 2013-08-15 11:11 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2013-08-10 19:55 - 2013-08-11 17:23 - 00000000 ____D C:\ProgramData\MFAData 2013-08-10 19:55 - 2013-08-11 17:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-10 19:55 - 2013-08-11 11:48 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-10 19:55 - 2013-08-10 19:55 - 00000000 ____D C:\Users\Mike\AppData\Local\MFAData 2013-08-10 19:55 - 2013-08-10 19:55 - 00000000 ____D C:\Users\Mike\AppData\Local\Avg2013 2013-08-10 19:55 - 2013-08-10 19:55 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2013-08-10 19:41 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-08-10 19:41 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll ==================== One Month Modified Files and Folders ======= 2013-08-26 17:41 - 2012-05-05 12:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-26 17:41 - 2012-02-19 18:13 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-26 17:41 - 2012-02-19 18:04 - 00926754 _____ C:\FaceProv.log 2013-08-26 16:48 - 2012-02-19 18:04 - 00000000 ____D C:\ProgramData\VeriFace 2013-08-26 15:38 - 2012-02-19 17:24 - 02033630 _____ C:\Windows\WindowsUpdate.log 2013-08-26 12:47 - 2013-08-26 12:47 - 00182272 _____ C:\Users\Mike\AppData\Roaming\th0Pm0BQ 2013-08-26 12:47 - 2013-08-26 12:47 - 00182272 _____ C:\Users\Mike\AppData\Local\caSAXudm 2013-08-26 12:47 - 2013-08-26 12:47 - 00182272 _____ C:\ProgramData\X7oXqMGw7v 2013-08-26 12:47 - 2013-08-26 12:47 - 00000000 ____D C:\Users\Mike\AppData\Local\ioC2Huxm 2013-08-26 11:42 - 2013-08-11 18:04 - 00000000 ____D C:\Users\Mike\Documents\BitLord 2013-08-26 09:56 - 2009-07-13 20:45 - 00021280 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-26 09:56 - 2009-07-13 20:45 - 00021280 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-26 09:53 - 2009-07-13 21:13 - 00778834 _____ C:\Windows\System32\PerfStringBackup.INI 2013-08-26 09:49 - 2013-08-25 10:35 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert 2013-08-26 09:49 - 2013-06-03 19:08 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2013-08-26 09:49 - 2012-02-19 18:17 - 00409015 _____ C:\Windows\System32\fastboot.set 2013-08-26 09:49 - 2012-02-19 18:13 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-26 09:49 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-26 09:49 - 2009-07-13 20:51 - 00075081 _____ C:\Windows\setupact.log 2013-08-26 09:48 - 2010-11-20 19:47 - 00025106 _____ C:\Windows\PFRO.log 2013-08-26 09:46 - 2012-05-20 06:21 - 00000000 ____D C:\Users\Mike\AppData\Local\Adobe 2013-08-25 20:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF 2013-08-25 19:41 - 2012-11-01 22:31 - 00000000 ____D C:\Users\Mike\AppData\Roaming\vlc 2013-08-25 18:16 - 2013-08-25 13:19 - 00001057 _____ C:\Users\Mike\AppData\Roaming\vso_ts_preview.xml 2013-08-25 18:16 - 2013-08-25 06:54 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Vso 2013-08-25 15:02 - 2013-08-25 06:57 - 00000000 ____D C:\Users\Mike\Documents\ConvertXtoDVD 2013-08-25 14:06 - 2013-08-25 14:05 - 00000000 ____D C:\ProgramData\vsosdk 2013-08-25 14:05 - 2013-08-25 13:35 - 1330865137 _____ C:\Users\Mike\Downloads\The Heat 2013 TS x264-THC.mp4 2013-08-25 13:19 - 2013-08-25 13:19 - 00001232 _____ C:\Users\Mike\Desktop\ConvertXtoDVD 4.lnk 2013-08-25 12:07 - 2013-08-25 12:07 - 00000000 ____D C:\FRST 2013-08-25 11:42 - 2012-05-02 09:20 - 00000000 ____D C:\Users\Mike\AppData\Local\EgisTec 2013-08-25 11:42 - 2012-02-19 17:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-08-25 11:39 - 2013-05-10 10:10 - 00000002 _____ C:\END 2013-08-25 11:35 - 2013-08-25 10:38 - 00000000 ____D C:\Users\Mike\Desktop\mbar 2013-08-25 11:02 - 2013-08-25 06:58 - 00000000 ____D C:\Users\Mike\AppData\Local\YRmcSvB2N 2013-08-25 11:02 - 2013-08-15 11:34 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Movdap 2013-08-25 10:38 - 2013-08-25 10:38 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Mike\Downloads\mbar-1.07.0.1005.exe 2013-08-25 08:32 - 2013-08-25 08:32 - 00182272 _____ C:\Users\Mike\AppData\Roaming\ZNwGrG7XUFm 2013-08-25 08:32 - 2013-08-25 08:32 - 00182272 _____ C:\Users\Mike\AppData\Local\i6ekHSXj 2013-08-25 08:32 - 2013-08-25 08:32 - 00182272 _____ C:\ProgramData\SiU5LTTOH 2013-08-25 08:31 - 2013-08-25 08:31 - 00182272 _____ C:\Users\Mike\AppData\Roaming\rp0iC0v21 2013-08-25 08:31 - 2013-08-25 08:31 - 00182272 _____ C:\Users\Mike\AppData\Local\X8ZEsc7V2kZ 2013-08-25 08:31 - 2013-08-25 08:31 - 00182272 _____ C:\ProgramData\YY7xmJFnSL6 2013-08-25 07:58 - 2013-08-25 07:58 - 00182272 _____ C:\Users\Mike\AppData\Roaming\z1Bzgv7QzYq 2013-08-25 07:58 - 2013-08-25 07:58 - 00182272 _____ C:\Users\Mike\AppData\Local\xV7u4vqhnX 2013-08-25 07:58 - 2013-08-25 07:58 - 00182272 _____ C:\ProgramData\xVhVy6Mp4UW 2013-08-25 07:56 - 2013-08-25 07:56 - 00182272 _____ C:\Users\Mike\AppData\Roaming\UVcZ6NsHg 2013-08-25 07:56 - 2013-08-25 07:56 - 00182272 _____ C:\Users\Mike\AppData\Local\LRQ1jxOK 2013-08-25 07:56 - 2013-08-25 07:56 - 00182272 _____ C:\ProgramData\kI8AF4Q6q 2013-08-25 07:50 - 2013-08-25 07:50 - 00182272 _____ C:\Users\Mike\AppData\Roaming\2GcftZ4dwZ0 2013-08-25 07:50 - 2013-08-25 07:50 - 00182272 _____ C:\Users\Mike\AppData\Local\twieYeW5PTX 2013-08-25 07:50 - 2013-08-25 07:50 - 00182272 _____ C:\ProgramData\uCLLdt0lT 2013-08-25 07:15 - 2013-08-25 07:15 - 00182272 _____ C:\Users\Mike\AppData\Roaming\hfPHjweYhj 2013-08-25 07:15 - 2013-08-25 07:15 - 00182272 _____ C:\Users\Mike\AppData\Local\5SeeZ85Q 2013-08-25 07:15 - 2013-08-25 07:15 - 00182272 _____ C:\ProgramData\UpfePDK12Gm 2013-08-25 07:03 - 2013-08-25 07:03 - 00182272 _____ C:\Users\Mike\AppData\Roaming\YkZ7YAp7bc 2013-08-25 07:03 - 2013-08-25 07:03 - 00182272 _____ C:\Users\Mike\AppData\Local\ZPCuWpqR 2013-08-25 07:03 - 2013-08-25 07:03 - 00182272 _____ C:\ProgramData\cYNxDrHp1 2013-08-25 07:01 - 2013-08-25 07:01 - 00182272 _____ C:\Users\Mike\AppData\Roaming\CFOeFY39waW 2013-08-25 07:01 - 2013-08-25 07:01 - 00182272 _____ C:\Users\Mike\AppData\Local\P9sOaZ4h 2013-08-25 07:01 - 2013-08-25 07:01 - 00182272 _____ C:\ProgramData\xIYs29uX 2013-08-25 06:58 - 2013-08-25 06:58 - 00182272 _____ C:\Users\Mike\AppData\Roaming\ummkVB1TA 2013-08-25 06:58 - 2013-08-25 06:58 - 00182272 _____ C:\Users\Mike\AppData\Local\3psuP0yog 2013-08-25 06:58 - 2013-08-25 06:58 - 00182272 _____ C:\ProgramData\kNqVKUk3K 2013-08-25 06:55 - 2013-08-25 06:54 - 00000000 ____D C:\ProgramData\VSO 2013-08-25 06:54 - 2013-08-25 06:54 - 00099384 _____ C:\Users\Mike\AppData\Roaming\inst.exe 2013-08-25 06:54 - 2013-08-25 06:54 - 00082816 _____ (VSO Software) C:\Users\Mike\AppData\Roaming\pcouffin.sys 2013-08-25 06:54 - 2013-08-25 06:54 - 00007859 _____ C:\Users\Mike\AppData\Roaming\pcouffin.cat 2013-08-25 06:54 - 2013-08-25 06:54 - 00000055 _____ C:\Users\Mike\AppData\Roaming\pcouffin.log 2013-08-25 06:54 - 2013-08-25 06:54 - 00000000 ____D C:\Users\Mike\Documents\PcSetup 2013-08-25 06:54 - 2013-08-25 06:54 - 00000000 ____D C:\Program Files (x86)\VSO 2013-08-25 06:53 - 2013-08-25 06:53 - 27940440 _____ (VSO-Software ) C:\Users\Mike\Downloads\vsoConvertXtoDVD5_setup.exe 2013-08-21 14:44 - 2013-05-10 10:10 - 00000000 ____D C:\ProgramData\Yahoo! 2013-08-21 14:44 - 2013-05-10 10:10 - 00000000 ____D C:\Program Files (x86)\Yahoo! 2013-08-21 14:43 - 2013-08-21 14:43 - 00003288 _____ C:\Windows\System32\Tasks\4571 2013-08-21 14:43 - 2013-08-21 14:43 - 00003194 _____ C:\Windows\System32\Tasks\0 2013-08-21 14:25 - 2013-08-20 21:16 - 00000000 ____D C:\Users\Mike\Downloads\True Blood Season 4 2013-08-20 23:30 - 2013-08-20 22:29 - 751342272 _____ C:\Users\Mike\Downloads\Barbie presents Thumbelina(2009).avi 2013-08-20 22:53 - 2013-08-20 22:29 - 00000000 ____D C:\Users\Mike\Downloads\True Blood Season 5 2013-08-20 22:45 - 2013-08-20 22:29 - 721751452 _____ C:\Users\Mike\Downloads\My.Little.Pony_.Equestria.Girls.2013.720p.BluRay.x264.YIFY.mp4 2013-08-20 22:03 - 2013-08-20 22:02 - 00000000 ____D C:\Users\Mike\Downloads\Pirates vol. 2 XxX - Stagnetti's Revenge [DvdRip].avi 2013-08-20 21:13 - 2013-08-20 21:11 - 00000000 ____D C:\Users\Mike\Downloads\Bridesmaids 2013-08-20 21:10 - 2013-08-11 18:05 - 00000000 ____D C:\Users\Mike\AppData\Roaming\BitLord 2013-08-20 20:28 - 2012-05-05 12:01 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-20 20:28 - 2012-05-05 12:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-20 20:28 - 2012-05-05 12:01 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-20 19:58 - 2013-08-20 19:41 - 738704034 _____ C:\Users\Mike\Downloads\s4a-beautiful.creatures.brrip.xvid.avi 2013-08-20 19:41 - 2013-08-20 19:18 - 732458544 _____ C:\Users\Mike\Downloads\The Big Wedding [2013]avi 2013-08-20 19:33 - 2013-08-20 19:15 - 794860607 _____ C:\Users\Mike\Downloads\Spring.Breakers.2012.720p.BluRay.x264.YIFY.mp4 2013-08-15 11:34 - 2013-08-15 11:34 - 00000000 ____D C:\Program Files (x86)\Movdap 2013-08-15 11:11 - 2013-08-10 19:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2013-08-15 01:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-08-15 00:31 - 2011-02-22 03:19 - 00000000 ____D C:\Windows\Panther 2013-08-15 00:29 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-08-15 00:29 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-08-15 00:07 - 2013-08-15 00:05 - 00000000 ____D C:\Windows\System32\MRT 2013-08-15 00:05 - 2012-05-06 02:51 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-08-15 00:04 - 2012-05-28 07:35 - 00773050 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-08-14 20:45 - 2013-08-14 20:10 - 1531953152 _____ C:\Users\Mike\Downloads\santi-sideeffects.brrip.xvid.avi 2013-08-14 20:42 - 2013-08-14 19:23 - 1468078080 _____ C:\Users\Mike\Downloads\the canyons.avi 2013-08-14 20:13 - 2013-08-14 19:25 - 1711036854 _____ C:\Users\Mike\Downloads\Oz the Great and Powerful (2013) DVDRip XviD-MAXSPEED www.torentz.3xforum.ro.avi 2013-08-14 14:26 - 2013-07-11 18:54 - 00000000 ____D C:\Windows\SysWOW64\cache 2013-08-11 19:36 - 2013-08-10 19:57 - 00000000 ____D C:\Users\Mike\AppData\Roaming\BitTorrent 2013-08-11 18:34 - 2013-08-11 18:34 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2013-08-11 18:05 - 2013-08-11 18:05 - 00002027 _____ C:\Users\Mike\Desktop\BitLord.lnk 2013-08-11 18:05 - 2013-08-11 18:05 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Python-Eggs 2013-08-11 18:05 - 2013-08-11 18:05 - 00000000 ____D C:\ProgramData\Symantec 2013-08-11 18:05 - 2013-08-11 18:05 - 00000000 ____D C:\ProgramData\Norton 2013-08-11 18:05 - 2013-08-11 18:03 - 00000000 ____D C:\Program Files (x86)\BitLord 2 2013-08-11 18:05 - 2012-05-02 09:44 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Windows\SysWOW64\searchplugins 2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Windows\SysWOW64\Extensions 2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Mozilla 2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Babylon 2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\ProgramData\BrowserDefender 2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\ProgramData\Babylon 2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-11 17:31 - 2013-03-29 19:44 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Skype 2013-08-11 17:31 - 2013-03-29 19:44 - 00000000 ____D C:\ProgramData\Skype 2013-08-11 17:28 - 2012-06-17 06:32 - 00000000 ____D C:\Users\Mike\AppData\Roaming\uTorrent 2013-08-11 17:24 - 2012-05-02 09:06 - 00000000 ____D C:\users\Mike 2013-08-11 17:23 - 2013-08-10 19:58 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Search Protection 2013-08-11 17:23 - 2013-08-10 19:55 - 00000000 ____D C:\ProgramData\MFAData 2013-08-11 17:23 - 2013-08-10 19:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-11 17:23 - 2013-04-21 06:57 - 00000000 ____D C:\Program Files\Bonjour 2013-08-11 17:23 - 2013-04-21 06:57 - 00000000 ____D C:\Program Files (x86)\Bonjour 2013-08-11 17:23 - 2012-11-24 15:36 - 00000000 ____D C:\Program Files (x86)\Free Video Joiner 2013-08-11 17:23 - 2012-11-17 17:04 - 00000000 ____D C:\Program Files (x86)\Giganews Accelerator 2013-08-11 17:23 - 2012-11-17 15:13 - 00000000 ____D C:\Program Files\Newsbin 2013-08-11 17:23 - 2012-10-18 15:03 - 00000000 ____D C:\Program Files (x86)\Mimo 2013-08-11 17:23 - 2012-09-21 01:55 - 00000000 ____D C:\Program Files (x86)\Comical 2013-08-11 17:23 - 2012-05-02 09:44 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2013-08-11 17:23 - 2012-05-02 09:07 - 00000000 ____D C:\Users\Mike\AppData\Local\BioExcess 2013-08-11 17:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2013-08-11 11:48 - 2013-08-10 20:13 - 00000000 ____D C:\Program Files (x86)\AVG 2013-08-11 11:48 - 2013-08-10 19:56 - 00000000 ____D C:\Users\Mike\AppData\Roaming\SUPERAntiSpyware.com 2013-08-11 11:48 - 2013-08-10 19:55 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-10 20:46 - 2013-08-10 20:14 - 00000000 ____D C:\ProgramData\AVG2013 2013-08-10 20:14 - 2013-08-10 20:14 - 00000000 ___HD C:\$AVG 2013-08-10 19:58 - 2013-08-10 19:58 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes 2013-08-10 19:55 - 2013-08-10 19:55 - 00000000 ____D C:\Users\Mike\AppData\Local\MFAData 2013-08-10 19:55 - 2013-08-10 19:55 - 00000000 ____D C:\Users\Mike\AppData\Local\Avg2013 2013-08-10 19:55 - 2013-08-10 19:55 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2013-08-10 19:47 - 2012-11-17 15:13 - 00000000 ____D C:\Users\Mike\AppData\Local\Newsbin 2013-08-04 09:33 - 2012-02-19 18:13 - 00003908 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-08-04 09:33 - 2012-02-19 18:13 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore Files to move or delete: ==================== C:\Users\Mike\AppData\Local\ioC2Huxm\p0nTMTTmzy.exe C:\Users\Mike\AppData\Local\Temp\avguidx.dll C:\Users\Mike\AppData\Local\Temp\FastFreeConverterUpdt_v4.1.exe C:\Users\Mike\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe C:\Users\Mike\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe C:\Users\Mike\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe C:\Users\Mike\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\Mike\AppData\Local\Temp\MachineIdCreator.exe C:\Users\Mike\AppData\Local\Temp\mytiqrndbfpoupnvcqw.dll C:\Users\Mike\AppData\Local\Temp\oi_{F8D3AB6B-30B5-470C-9205-27A827638347}.exe C:\Users\Mike\AppData\Local\Temp\PreferencesJson.exe C:\Users\Mike\AppData\Local\Temp\sqlite3.exe C:\Users\Mike\AppData\Local\Temp\uninst1.exe C:\Users\Mike\AppData\Local\Temp\UNINSTALL.EXE C:\Users\Mike\AppData\Local\Temp\utt3FB8.tmp.exe C:\Users\Mike\AppData\Local\Temp\vlc-2.0.1-win32.exe C:\Users\Mike\AppData\Local\Temp\vlc-2.0.2-win32.exe C:\Users\Mike\AppData\Local\Temp\{6A20E406-08A8-453F-B651-0DDA7A917016}\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}\InstallHelper.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\phonon_backend\phonon_ds94.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\phonon_backend\Microsoft.VC90.CRT\msvcm90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\phonon_backend\Microsoft.VC90.CRT\msvcp90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\phonon_backend\Microsoft.VC90.CRT\msvcr90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\qgif4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\qjpeg4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\qmng4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\qsvg4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\qtiff4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\Microsoft.VC90.CRT\msvcm90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\Microsoft.VC90.CRT\msvcp90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\Microsoft.VC90.CRT\msvcr90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\iconengines\qsvgicon4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\iconengines\Microsoft.VC90.CRT\msvcm90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\iconengines\Microsoft.VC90.CRT\msvcp90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\iconengines\Microsoft.VC90.CRT\msvcr90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\codecs\qcncodecs4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\codecs\qjpcodecs4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\codecs\qkrcodecs4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\codecs\qtwcodecs4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\codecs\Microsoft.VC90.CRT\msvcm90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\codecs\Microsoft.VC90.CRT\msvcp90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\codecs\Microsoft.VC90.CRT\msvcr90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\accessible\qtaccessiblewidgets4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\accessible\Microsoft.VC90.CRT\msvcm90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\accessible\Microsoft.VC90.CRT\msvcp90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\accessible\Microsoft.VC90.CRT\msvcr90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_core.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_gui.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_help.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_multimedia.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_network.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_opengl.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_phonon.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_script.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_scripttools.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_sql.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_svg.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_webkit.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_xml.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_xmlpatterns.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\phonon4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtCore4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtGui4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtHelp4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\qtjambi.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtMultimedia4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtNetwork4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtOpenGL4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtScript4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtScriptTools4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtSql4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtSvg4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtWebKit4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtXml4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtXmlPatterns4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\Microsoft.VC90.CRT\msvcm90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\Microsoft.VC90.CRT\msvcp90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\Microsoft.VC90.CRT\msvcr90.dll C:\Users\Mike\AppData\Local\Temp\mwi2013130657\7za.dll C:\Users\Mike\AppData\Local\Temp\mwi2013130657\setup.exe C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\Setup.exe C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupEngine.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUi.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUtility.exe C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\sqmapi.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3082\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3076\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2070\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2052\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1055\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1053\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1049\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1046\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1045\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1044\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1043\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1042\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1041\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1040\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1038\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1037\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1036\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1035\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1033\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1032\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1031\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1030\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1029\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1028\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1025\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\is1832903999\2351662_Setup.EXE C:\Users\Mike\AppData\Local\Temp\is1832903999\2351696_Setup.EXE C:\Users\Mike\AppData\Local\Temp\is1832903999\DeltaTB.exe C:\Users\Mike\AppData\Local\Temp\is1832903999\nss_handler.exe C:\Users\Mike\AppData\Local\Temp\is1832903999\Setup-D502DD2B71B5.exe C:\Users\Mike\AppData\Local\Temp\is1832903999\SymCCIS.dll C:\Users\Mike\AppData\Local\Temp\is1832903999\Toparcadehits.exe C:\Users\Mike\AppData\Local\Temp\ExtremeFlashPlayer\YahooToolbar\offerbroker.exe C:\Users\Mike\AppData\Local\Temp\ExtremeFlashPlayer\YahooToolbar\YahooChecker.exe C:\Users\Mike\AppData\Local\Temp\ExtremeFlashPlayer\PCSpeedBoost\PCSpeedBoost3.exe C:\Users\Mike\AppData\Local\Temp\ExtremeFlashPlayer\FFC\FastFreeConverter.exe C:\Users\Mike\AppData\Local\Temp\ExtremeFlashPlayer\ExtremeFlashPlayer\Setup_ExtremeFlashPlayer.exe C:\Users\Mike\AppData\Local\Temp\avg_a04940\avg-secure-search-installer.exe C:\Users\Mike\AppData\Local\Temp\avg_a04940\ProgFiles\AVG Secure Search\GenericWndApi.dll C:\Users\Mike\AppData\Local\Temp\avg_a04940\ProgFiles\AVG Secure Search\lip.exe C:\Users\Mike\AppData\Local\Temp\avg_a04940\ProgFiles\AVG Secure Search\PostInstall.exe C:\Users\Mike\AppData\Local\Temp\avg_a04940\ProgFiles\AVG Secure Search\ROC_ssl.exe C:\Users\Mike\AppData\Local\Temp\avg_a04940\ProgFiles\AVG Secure Search\Uninstall.exe C:\Users\Mike\AppData\Local\Temp\avg_a04940\ProgFiles\AVG Secure Search\vprot.exe C:\Users\Mike\AppData\Local\Temp\avg_a04940\ProgFiles\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll C:\Users\Mike\AppData\Local\Temp\avg_a04940\ConfigFiles\avguidx.dll C:\Users\Mike\AppData\Local\Temp\avg_a04940\ConfigFiles\MachineIdCreator.exe C:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\avgdttbx.dll C:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\DriverInstaller.exe C:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\DriverInstaller_64.exe C:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\npsitesafety.dll C:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\ScriptHelper.exe C:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\SiteSafety.dll C:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\ToolbarUpdater.exe C:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\ViProtocol.dll C:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\BabMaint.exe C:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\BExternal.dll C:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\BUSolForMontiera.dll C:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\BUSolution.dll C:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\ccp.exe C:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\ChromeToolbarSetup.dll C:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\CrxInstaller.dll C:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\GUninstaller.exe C:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\IEHelper.dll C:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\MntrDLLInstall.dll C:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\MyDeltaTB.exe C:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\NTRedirect.dll C:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\Setup.exe C:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\sqlite3.dll ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-08-23 01:01:40 Restore point made on: 2013-08-25 11:01:50 Restore point made on: 2013-08-25 11:41:46 ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 4010.14 MB Available physical RAM: 3376.14 MB Total Pagefile: 4008.34 MB Available Pagefile: 3369.07 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:421.81 GB) (Free:341.75 GB) NTFS Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.8 GB) NTFS Drive g: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 8AEFE21C) Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=422 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=15 GB) - (Type=12) ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: 08619E90) Partition 1: (Active) - (Size=2 GB) - (Type=06) LastRegBack: 2013-08-22 10:17 ==================== End Of Log ============================

I am having the same MoneyPak virus again before I could even log on to do the steps in the last post. Do I do the same steps as before or something different?

Here are the logs after running both programs, everything seems to be back to normal. Thank you! Is there anything I should download to prevent this from happening again? system-log.txt mbar-log-2013-08-25 (13-40-20).txt mbar-log-2013-08-25 (14-07-56).txt

Thank you for helping me! I did as you asked & this is the log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2013 02 Ran by SYSTEM on 25-08-2013 12:07:52 Running from G:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor) HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated) HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-02-19] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-02-19] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-02-19] (Lenovo) Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO) HKLM-x32\...\Run: [331BigDog] - C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro) HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.) HKLM-x32\...\Run: [VitaKeyTSR] - C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-13] (Egis Technology Inc. ) HKLM-x32\...\Run: [PLTSR] - C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. ) HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-02-19] (Lenovo) HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-24] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-24] (CyberLink Corp.) HKLM-x32\...\Run: [updateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.) HKLM-x32\...\Run: [updatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2012-10-24] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [ROC_roc_ssl_v12] - "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [x] HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.) HKU\Mike\...\Run: [EasyTether] - C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe [48648 2011-05-22] (Mobile Stream) HKU\Mike\...\Run: [PC Speed Boost] - C:\Program Files (x86)\PC Speed Boost\PCSBLauncher.exe [107816 2013-03-15] (PC Speed Boost) HKU\Mike\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6581488 2013-08-15] (SUPERAntiSpyware) HKU\Mike\...\Run: [WRHUZ4gRTR9.exe] - C:\Users\Mike\AppData\Local\YRmcSvB2N\WRHUZ4gRTR9.exe [113664 2013-08-25] (Mzkzc Bxxvsb) HKU\Mike\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION HKU\Mike\...\Command Processor: "C:\Users\Mike\AppData\Local\YRmcSvB2N\WRHUZ4gRTR9.exe" <===== ATTENTION! AppInit_DLLs-x32: c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll [2691536 2013-07-26] () Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Services (Whitelisted) ================= S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com) S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2012-10-24] (Kaspersky Lab ZAO) S2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2847696 2013-07-26] () S2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. ) S2 FastFreeConverterUpdt; C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [687104 2012-11-26] () ==================== Drivers (Whitelisted) ==================== S3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [20752 2011-05-22] (Mobile Stream) S0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO) S1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO) S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-10-24] (Kaspersky Lab) S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO) S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab) S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228224 2010-10-21] (Vimicro Corporation) S3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation) S3 BcmSqlStartupSvc; S2 CLKMSVC10_3A60B698; S2 CLKMSVC10_C3B3B687; S2 DriverService; S2 IAStorDataMgrSvc; S2 iATAgentService; S2 idealife Update Service; S3 IGRS; S2 IviRegMgr; S2 nvUpdatusService; S2 Oasis2Service; S2 PCCarerService; S2 ReadyComm.DirectRouter; S2 RichVideo; S2 RtLedService; S2 SeaPort; S2 SoftwareService; S3 SQLWriter; S2 Stereo Service; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-25 08:32 - 2013-08-25 08:32 - 00182272 _____ C:\Users\Mike\AppData\Roaming\ZNwGrG7XUFm 2013-08-25 08:32 - 2013-08-25 08:32 - 00182272 _____ C:\Users\Mike\AppData\Local\i6ekHSXj 2013-08-25 08:32 - 2013-08-25 08:32 - 00182272 _____ C:\ProgramData\SiU5LTTOH 2013-08-25 08:31 - 2013-08-25 08:31 - 00182272 _____ C:\Users\Mike\AppData\Roaming\rp0iC0v21 2013-08-25 08:31 - 2013-08-25 08:31 - 00182272 _____ C:\Users\Mike\AppData\Local\X8ZEsc7V2kZ 2013-08-25 08:31 - 2013-08-25 08:31 - 00182272 _____ C:\ProgramData\YY7xmJFnSL6 2013-08-25 08:30 - 2013-08-25 08:33 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert 2013-08-25 07:58 - 2013-08-25 07:58 - 00182272 _____ C:\Users\Mike\AppData\Roaming\z1Bzgv7QzYq 2013-08-25 07:58 - 2013-08-25 07:58 - 00182272 _____ C:\Users\Mike\AppData\Local\xV7u4vqhnX 2013-08-25 07:58 - 2013-08-25 07:58 - 00182272 _____ C:\ProgramData\xVhVy6Mp4UW 2013-08-25 07:56 - 2013-08-25 07:56 - 00182272 _____ C:\Users\Mike\AppData\Roaming\UVcZ6NsHg 2013-08-25 07:56 - 2013-08-25 07:56 - 00182272 _____ C:\Users\Mike\AppData\Local\LRQ1jxOK 2013-08-25 07:56 - 2013-08-25 07:56 - 00182272 _____ C:\ProgramData\kI8AF4Q6q 2013-08-25 07:50 - 2013-08-25 07:50 - 00182272 _____ C:\Users\Mike\AppData\Roaming\2GcftZ4dwZ0 2013-08-25 07:50 - 2013-08-25 07:50 - 00182272 _____ C:\Users\Mike\AppData\Local\twieYeW5PTX 2013-08-25 07:50 - 2013-08-25 07:50 - 00182272 _____ C:\ProgramData\uCLLdt0lT 2013-08-25 07:15 - 2013-08-25 07:15 - 00182272 _____ C:\Users\Mike\AppData\Roaming\hfPHjweYhj 2013-08-25 07:15 - 2013-08-25 07:15 - 00182272 _____ C:\Users\Mike\AppData\Local\5SeeZ85Q 2013-08-25 07:15 - 2013-08-25 07:15 - 00182272 _____ C:\ProgramData\UpfePDK12Gm 2013-08-25 07:03 - 2013-08-25 07:03 - 00182272 _____ C:\Users\Mike\AppData\Roaming\YkZ7YAp7bc 2013-08-25 07:03 - 2013-08-25 07:03 - 00182272 _____ C:\Users\Mike\AppData\Local\ZPCuWpqR 2013-08-25 07:03 - 2013-08-25 07:03 - 00182272 _____ C:\ProgramData\cYNxDrHp1 2013-08-25 07:01 - 2013-08-25 07:01 - 00182272 _____ C:\Users\Mike\AppData\Roaming\CFOeFY39waW 2013-08-25 07:01 - 2013-08-25 07:01 - 00182272 _____ C:\Users\Mike\AppData\Local\P9sOaZ4h 2013-08-25 07:01 - 2013-08-25 07:01 - 00182272 _____ C:\ProgramData\xIYs29uX 2013-08-25 06:58 - 2013-08-25 07:00 - 00000000 ____D C:\Users\Mike\AppData\Local\YRmcSvB2N 2013-08-25 06:58 - 2013-08-25 06:58 - 00182272 _____ C:\Users\Mike\AppData\Roaming\ummkVB1TA 2013-08-25 06:58 - 2013-08-25 06:58 - 00182272 _____ C:\Users\Mike\AppData\Local\3psuP0yog 2013-08-25 06:58 - 2013-08-25 06:58 - 00182272 _____ C:\ProgramData\kNqVKUk3K 2013-08-25 06:57 - 2013-08-25 06:57 - 00000000 ____D C:\Users\Mike\Documents\ConvertXtoDVD 2013-08-25 06:54 - 2013-08-25 06:55 - 00000000 ____D C:\ProgramData\VSO 2013-08-25 06:54 - 2013-08-25 06:54 - 00099384 _____ C:\Users\Mike\AppData\Roaming\inst.exe 2013-08-25 06:54 - 2013-08-25 06:54 - 00082816 _____ (VSO Software) C:\Users\Mike\AppData\Roaming\pcouffin.sys 2013-08-25 06:54 - 2013-08-25 06:54 - 00007859 _____ C:\Users\Mike\AppData\Roaming\pcouffin.cat 2013-08-25 06:54 - 2013-08-25 06:54 - 00001232 _____ C:\Users\Mike\Desktop\ConvertXToDVD 5.lnk 2013-08-25 06:54 - 2013-08-25 06:54 - 00000055 _____ C:\Users\Mike\AppData\Roaming\pcouffin.log 2013-08-25 06:54 - 2013-08-25 06:54 - 00000000 ____D C:\Users\Mike\Documents\PcSetup 2013-08-25 06:54 - 2013-08-25 06:54 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Vso 2013-08-25 06:54 - 2013-08-25 06:54 - 00000000 ____D C:\Program Files (x86)\VSO 2013-08-25 06:53 - 2013-08-25 06:53 - 27940440 _____ (VSO-Software ) C:\Users\Mike\Downloads\vsoConvertXtoDVD5_setup.exe 2013-08-21 14:43 - 2013-08-21 14:43 - 00003288 _____ C:\Windows\System32\Tasks\4571 2013-08-21 14:43 - 2013-08-21 14:43 - 00003194 _____ C:\Windows\System32\Tasks\0 2013-08-20 22:29 - 2013-08-20 23:30 - 751342272 _____ C:\Users\Mike\Downloads\Barbie presents Thumbelina(2009).avi 2013-08-20 22:29 - 2013-08-20 22:53 - 00000000 ____D C:\Users\Mike\Downloads\True Blood Season 5 2013-08-20 22:29 - 2013-08-20 22:45 - 721751452 _____ C:\Users\Mike\Downloads\My.Little.Pony_.Equestria.Girls.2013.720p.BluRay.x264.YIFY.mp4 2013-08-20 22:02 - 2013-08-20 22:03 - 00000000 ____D C:\Users\Mike\Downloads\Pirates vol. 2 XxX - Stagnetti's Revenge [DvdRip].avi 2013-08-20 21:16 - 2013-08-21 14:25 - 00000000 ____D C:\Users\Mike\Downloads\True Blood Season 4 2013-08-20 21:11 - 2013-08-20 21:13 - 00000000 ____D C:\Users\Mike\Downloads\Bridesmaids 2013-08-20 19:41 - 2013-08-20 19:58 - 738704034 _____ C:\Users\Mike\Downloads\s4a-beautiful.creatures.brrip.xvid.avi 2013-08-20 19:18 - 2013-08-20 19:41 - 732458544 _____ C:\Users\Mike\Downloads\The Big Wedding [2013]avi 2013-08-20 19:15 - 2013-08-20 19:33 - 794860607 _____ C:\Users\Mike\Downloads\Spring.Breakers.2012.720p.BluRay.x264.YIFY.mp4 2013-08-15 11:34 - 2013-08-15 11:34 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Movdap 2013-08-15 11:34 - 2013-08-15 11:34 - 00000000 ____D C:\Program Files (x86)\Movdap 2013-08-15 00:11 - 2013-07-25 21:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-08-15 00:11 - 2013-07-25 21:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-08-15 00:11 - 2013-07-25 21:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-08-15 00:11 - 2013-07-25 21:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-08-15 00:11 - 2013-07-25 21:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-08-15 00:11 - 2013-07-25 21:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-08-15 00:11 - 2013-07-25 21:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-08-15 00:11 - 2013-07-25 21:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-08-15 00:11 - 2013-07-25 21:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-08-15 00:11 - 2013-07-25 21:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-08-15 00:11 - 2013-07-25 21:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-08-15 00:11 - 2013-07-25 21:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-08-15 00:11 - 2013-07-25 21:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-08-15 00:11 - 2013-07-25 21:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-08-15 00:11 - 2013-07-25 19:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-08-15 00:11 - 2013-07-25 19:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-15 00:11 - 2013-07-25 19:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-15 00:11 - 2013-07-25 19:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-15 00:11 - 2013-07-25 19:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-15 00:11 - 2013-07-25 19:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-15 00:11 - 2013-07-25 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-15 00:11 - 2013-07-25 19:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-15 00:11 - 2013-07-25 19:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-15 00:11 - 2013-07-25 19:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-15 00:11 - 2013-07-25 19:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-15 00:11 - 2013-07-25 19:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-15 00:11 - 2013-07-25 19:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-15 00:11 - 2013-07-25 19:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-15 00:11 - 2013-07-25 18:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-15 00:11 - 2013-07-25 18:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-08-15 00:11 - 2013-07-25 17:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-15 00:05 - 2013-08-15 00:07 - 00000000 ____D C:\Windows\System32\MRT 2013-08-14 20:10 - 2013-08-14 20:45 - 1531953152 _____ C:\Users\Mike\Downloads\santi-sideeffects.brrip.xvid.avi 2013-08-14 19:25 - 2013-08-14 20:13 - 1711036854 _____ C:\Users\Mike\Downloads\Oz the Great and Powerful (2013) DVDRip XviD-MAXSPEED www.torentz.3xforum.ro.avi 2013-08-14 19:23 - 2013-08-14 20:42 - 1468078080 _____ C:\Users\Mike\Downloads\the canyons.avi 2013-08-14 14:32 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL 2013-08-14 14:32 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-14 14:32 - 2013-07-18 17:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll 2013-08-14 14:32 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-14 14:32 - 2013-07-08 22:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-08-14 14:32 - 2013-07-08 21:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll 2013-08-14 14:32 - 2013-07-08 21:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll 2013-08-14 14:32 - 2013-07-08 21:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2013-08-14 14:32 - 2013-07-08 21:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll 2013-08-14 14:32 - 2013-07-08 21:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-08-14 14:32 - 2013-07-08 21:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-08-14 14:32 - 2013-07-08 21:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-08-14 14:32 - 2013-07-08 21:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-14 14:32 - 2013-07-08 21:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-14 14:32 - 2013-07-08 20:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-14 14:32 - 2013-07-08 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-14 14:32 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-14 14:32 - 2013-07-08 20:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-14 14:32 - 2013-07-08 20:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-14 14:32 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-14 14:32 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-14 14:32 - 2013-07-08 18:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-14 14:32 - 2013-07-08 18:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-14 14:32 - 2013-07-08 18:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-14 14:32 - 2013-07-08 18:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-14 14:32 - 2013-07-05 22:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-08-14 14:32 - 2013-06-14 20:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys 2013-08-11 18:34 - 2013-08-11 18:34 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2013-08-11 18:05 - 2013-08-20 21:10 - 00000000 ____D C:\Users\Mike\AppData\Roaming\BitLord 2013-08-11 18:05 - 2013-08-11 18:05 - 00002027 _____ C:\Users\Mike\Desktop\BitLord.lnk 2013-08-11 18:05 - 2013-08-11 18:05 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Python-Eggs 2013-08-11 18:05 - 2013-08-11 18:05 - 00000000 ____D C:\ProgramData\Symantec 2013-08-11 18:05 - 2013-08-11 18:05 - 00000000 ____D C:\ProgramData\Norton 2013-08-11 18:04 - 2013-08-25 06:59 - 00000000 ____D C:\Users\Mike\Documents\BitLord 2013-08-11 18:03 - 2013-08-11 18:05 - 00000000 ____D C:\Program Files (x86)\BitLord 2 2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Windows\SysWOW64\searchplugins 2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Windows\SysWOW64\Extensions 2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Mozilla 2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Babylon 2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\ProgramData\BrowserDefender 2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\ProgramData\Babylon 2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-11 17:31 - 2013-04-16 23:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-08-11 17:31 - 2013-04-16 22:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-08-10 20:14 - 2013-08-10 20:46 - 00000000 ____D C:\ProgramData\AVG2013 2013-08-10 20:14 - 2013-08-10 20:14 - 00000000 ___HD C:\$AVG 2013-08-10 20:13 - 2013-08-11 11:48 - 00000000 ____D C:\Program Files (x86)\AVG 2013-08-10 19:58 - 2013-08-11 17:23 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Search Protection 2013-08-10 19:58 - 2013-08-10 19:58 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes 2013-08-10 19:57 - 2013-08-11 19:36 - 00000000 ____D C:\Users\Mike\AppData\Roaming\BitTorrent 2013-08-10 19:56 - 2013-08-11 11:48 - 00000000 ____D C:\Users\Mike\AppData\Roaming\SUPERAntiSpyware.com 2013-08-10 19:55 - 2013-08-15 11:11 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2013-08-10 19:55 - 2013-08-11 17:23 - 00000000 ____D C:\ProgramData\MFAData 2013-08-10 19:55 - 2013-08-11 17:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-10 19:55 - 2013-08-11 11:48 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-10 19:55 - 2013-08-10 19:55 - 00000000 ____D C:\Users\Mike\AppData\Local\MFAData 2013-08-10 19:55 - 2013-08-10 19:55 - 00000000 ____D C:\Users\Mike\AppData\Local\Avg2013 2013-08-10 19:55 - 2013-08-10 19:55 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2013-08-10 19:41 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-08-10 19:41 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll ==================== One Month Modified Files and Folders ======= 2013-08-25 12:07 - 2013-08-25 12:07 - 00000000 ____D C:\FRST 2013-08-25 08:33 - 2013-08-25 08:30 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert 2013-08-25 08:33 - 2012-02-19 18:04 - 00915556 _____ C:\FaceProv.log 2013-08-25 08:32 - 2013-08-25 08:32 - 00182272 _____ C:\Users\Mike\AppData\Roaming\ZNwGrG7XUFm 2013-08-25 08:32 - 2013-08-25 08:32 - 00182272 _____ C:\Users\Mike\AppData\Local\i6ekHSXj 2013-08-25 08:32 - 2013-08-25 08:32 - 00182272 _____ C:\ProgramData\SiU5LTTOH 2013-08-25 08:32 - 2013-06-03 19:08 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2013-08-25 08:32 - 2012-02-19 18:17 - 00373143 _____ C:\Windows\System32\fastboot.set 2013-08-25 08:32 - 2012-02-19 18:13 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-25 08:32 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-25 08:32 - 2009-07-13 20:51 - 00074577 _____ C:\Windows\setupact.log 2013-08-25 08:31 - 2013-08-25 08:31 - 00182272 _____ C:\Users\Mike\AppData\Roaming\rp0iC0v21 2013-08-25 08:31 - 2013-08-25 08:31 - 00182272 _____ C:\Users\Mike\AppData\Local\X8ZEsc7V2kZ 2013-08-25 08:31 - 2013-08-25 08:31 - 00182272 _____ C:\ProgramData\YY7xmJFnSL6 2013-08-25 08:30 - 2012-05-05 12:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-25 08:05 - 2009-07-13 20:45 - 00021280 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-25 08:05 - 2009-07-13 20:45 - 00021280 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-25 08:02 - 2009-07-13 21:13 - 00778834 _____ C:\Windows\System32\PerfStringBackup.INI 2013-08-25 08:01 - 2012-02-19 17:24 - 01945740 _____ C:\Windows\WindowsUpdate.log 2013-08-25 07:58 - 2013-08-25 07:58 - 00182272 _____ C:\Users\Mike\AppData\Roaming\z1Bzgv7QzYq 2013-08-25 07:58 - 2013-08-25 07:58 - 00182272 _____ C:\Users\Mike\AppData\Local\xV7u4vqhnX 2013-08-25 07:58 - 2013-08-25 07:58 - 00182272 _____ C:\ProgramData\xVhVy6Mp4UW 2013-08-25 07:56 - 2013-08-25 07:56 - 00182272 _____ C:\Users\Mike\AppData\Roaming\UVcZ6NsHg 2013-08-25 07:56 - 2013-08-25 07:56 - 00182272 _____ C:\Users\Mike\AppData\Local\LRQ1jxOK 2013-08-25 07:56 - 2013-08-25 07:56 - 00182272 _____ C:\ProgramData\kI8AF4Q6q 2013-08-25 07:50 - 2013-08-25 07:50 - 00182272 _____ C:\Users\Mike\AppData\Roaming\2GcftZ4dwZ0 2013-08-25 07:50 - 2013-08-25 07:50 - 00182272 _____ C:\Users\Mike\AppData\Local\twieYeW5PTX 2013-08-25 07:50 - 2013-08-25 07:50 - 00182272 _____ C:\ProgramData\uCLLdt0lT 2013-08-25 07:15 - 2013-08-25 07:15 - 00182272 _____ C:\Users\Mike\AppData\Roaming\hfPHjweYhj 2013-08-25 07:15 - 2013-08-25 07:15 - 00182272 _____ C:\Users\Mike\AppData\Local\5SeeZ85Q 2013-08-25 07:15 - 2013-08-25 07:15 - 00182272 _____ C:\ProgramData\UpfePDK12Gm 2013-08-25 07:03 - 2013-08-25 07:03 - 00182272 _____ C:\Users\Mike\AppData\Roaming\YkZ7YAp7bc 2013-08-25 07:03 - 2013-08-25 07:03 - 00182272 _____ C:\Users\Mike\AppData\Local\ZPCuWpqR 2013-08-25 07:03 - 2013-08-25 07:03 - 00182272 _____ C:\ProgramData\cYNxDrHp1 2013-08-25 07:01 - 2013-08-25 07:01 - 00182272 _____ C:\Users\Mike\AppData\Roaming\CFOeFY39waW 2013-08-25 07:01 - 2013-08-25 07:01 - 00182272 _____ C:\Users\Mike\AppData\Local\P9sOaZ4h 2013-08-25 07:01 - 2013-08-25 07:01 - 00182272 _____ C:\ProgramData\xIYs29uX 2013-08-25 07:00 - 2013-08-25 06:58 - 00000000 ____D C:\Users\Mike\AppData\Local\YRmcSvB2N 2013-08-25 06:59 - 2013-08-11 18:04 - 00000000 ____D C:\Users\Mike\Documents\BitLord 2013-08-25 06:58 - 2013-08-25 06:58 - 00182272 _____ C:\Users\Mike\AppData\Roaming\ummkVB1TA 2013-08-25 06:58 - 2013-08-25 06:58 - 00182272 _____ C:\Users\Mike\AppData\Local\3psuP0yog 2013-08-25 06:58 - 2013-08-25 06:58 - 00182272 _____ C:\ProgramData\kNqVKUk3K 2013-08-25 06:57 - 2013-08-25 06:57 - 00000000 ____D C:\Users\Mike\Documents\ConvertXtoDVD 2013-08-25 06:55 - 2013-08-25 06:54 - 00000000 ____D C:\ProgramData\VSO 2013-08-25 06:54 - 2013-08-25 06:54 - 00099384 _____ C:\Users\Mike\AppData\Roaming\inst.exe 2013-08-25 06:54 - 2013-08-25 06:54 - 00082816 _____ (VSO Software) C:\Users\Mike\AppData\Roaming\pcouffin.sys 2013-08-25 06:54 - 2013-08-25 06:54 - 00007859 _____ C:\Users\Mike\AppData\Roaming\pcouffin.cat 2013-08-25 06:54 - 2013-08-25 06:54 - 00001232 _____ C:\Users\Mike\Desktop\ConvertXToDVD 5.lnk 2013-08-25 06:54 - 2013-08-25 06:54 - 00000055 _____ C:\Users\Mike\AppData\Roaming\pcouffin.log 2013-08-25 06:54 - 2013-08-25 06:54 - 00000000 ____D C:\Users\Mike\Documents\PcSetup 2013-08-25 06:54 - 2013-08-25 06:54 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Vso 2013-08-25 06:54 - 2013-08-25 06:54 - 00000000 ____D C:\Program Files (x86)\VSO 2013-08-25 06:53 - 2013-08-25 06:53 - 27940440 _____ (VSO-Software ) C:\Users\Mike\Downloads\vsoConvertXtoDVD5_setup.exe 2013-08-25 06:44 - 2012-02-19 18:04 - 00000000 ____D C:\ProgramData\VeriFace 2013-08-25 06:38 - 2012-02-19 18:13 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-23 09:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF 2013-08-22 21:46 - 2012-11-01 22:31 - 00000000 ____D C:\Users\Mike\AppData\Roaming\vlc 2013-08-21 15:21 - 2010-11-20 19:47 - 00023352 _____ C:\Windows\PFRO.log 2013-08-21 14:44 - 2013-05-10 10:10 - 00000000 ____D C:\Program Files (x86)\Yahoo! 2013-08-21 14:43 - 2013-08-21 14:43 - 00003288 _____ C:\Windows\System32\Tasks\4571 2013-08-21 14:43 - 2013-08-21 14:43 - 00003194 _____ C:\Windows\System32\Tasks\0 2013-08-21 14:25 - 2013-08-20 21:16 - 00000000 ____D C:\Users\Mike\Downloads\True Blood Season 4 2013-08-20 23:30 - 2013-08-20 22:29 - 751342272 _____ C:\Users\Mike\Downloads\Barbie presents Thumbelina(2009).avi 2013-08-20 22:53 - 2013-08-20 22:29 - 00000000 ____D C:\Users\Mike\Downloads\True Blood Season 5 2013-08-20 22:45 - 2013-08-20 22:29 - 721751452 _____ C:\Users\Mike\Downloads\My.Little.Pony_.Equestria.Girls.2013.720p.BluRay.x264.YIFY.mp4 2013-08-20 22:03 - 2013-08-20 22:02 - 00000000 ____D C:\Users\Mike\Downloads\Pirates vol. 2 XxX - Stagnetti's Revenge [DvdRip].avi 2013-08-20 21:13 - 2013-08-20 21:11 - 00000000 ____D C:\Users\Mike\Downloads\Bridesmaids 2013-08-20 21:10 - 2013-08-11 18:05 - 00000000 ____D C:\Users\Mike\AppData\Roaming\BitLord 2013-08-20 20:28 - 2012-05-05 12:01 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-20 20:28 - 2012-05-05 12:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-20 20:28 - 2012-05-05 12:01 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-20 19:58 - 2013-08-20 19:41 - 738704034 _____ C:\Users\Mike\Downloads\s4a-beautiful.creatures.brrip.xvid.avi 2013-08-20 19:41 - 2013-08-20 19:18 - 732458544 _____ C:\Users\Mike\Downloads\The Big Wedding [2013]avi 2013-08-20 19:33 - 2013-08-20 19:15 - 794860607 _____ C:\Users\Mike\Downloads\Spring.Breakers.2012.720p.BluRay.x264.YIFY.mp4 2013-08-15 11:34 - 2013-08-15 11:34 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Movdap 2013-08-15 11:34 - 2013-08-15 11:34 - 00000000 ____D C:\Program Files (x86)\Movdap 2013-08-15 11:11 - 2013-08-10 19:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2013-08-15 01:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-08-15 00:31 - 2011-02-22 03:19 - 00000000 ____D C:\Windows\Panther 2013-08-15 00:29 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-08-15 00:29 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-08-15 00:07 - 2013-08-15 00:05 - 00000000 ____D C:\Windows\System32\MRT 2013-08-15 00:05 - 2012-05-06 02:51 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-08-15 00:04 - 2012-05-28 07:35 - 00773050 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-08-14 20:45 - 2013-08-14 20:10 - 1531953152 _____ C:\Users\Mike\Downloads\santi-sideeffects.brrip.xvid.avi 2013-08-14 20:42 - 2013-08-14 19:23 - 1468078080 _____ C:\Users\Mike\Downloads\the canyons.avi 2013-08-14 20:13 - 2013-08-14 19:25 - 1711036854 _____ C:\Users\Mike\Downloads\Oz the Great and Powerful (2013) DVDRip XviD-MAXSPEED www.torentz.3xforum.ro.avi 2013-08-14 14:26 - 2013-07-11 18:54 - 00000000 ____D C:\Windows\SysWOW64\cache 2013-08-11 19:36 - 2013-08-10 19:57 - 00000000 ____D C:\Users\Mike\AppData\Roaming\BitTorrent 2013-08-11 18:34 - 2013-08-11 18:34 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2013-08-11 18:05 - 2013-08-11 18:05 - 00002027 _____ C:\Users\Mike\Desktop\BitLord.lnk 2013-08-11 18:05 - 2013-08-11 18:05 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Python-Eggs 2013-08-11 18:05 - 2013-08-11 18:05 - 00000000 ____D C:\ProgramData\Symantec 2013-08-11 18:05 - 2013-08-11 18:05 - 00000000 ____D C:\ProgramData\Norton 2013-08-11 18:05 - 2013-08-11 18:03 - 00000000 ____D C:\Program Files (x86)\BitLord 2 2013-08-11 18:05 - 2012-05-02 09:44 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Windows\SysWOW64\searchplugins 2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Windows\SysWOW64\Extensions 2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Mozilla 2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Babylon 2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\ProgramData\BrowserDefender 2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\ProgramData\Babylon 2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-11 17:31 - 2013-03-29 19:44 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Skype 2013-08-11 17:31 - 2013-03-29 19:44 - 00000000 ____D C:\ProgramData\Skype 2013-08-11 17:28 - 2012-06-17 06:32 - 00000000 ____D C:\Users\Mike\AppData\Roaming\uTorrent 2013-08-11 17:24 - 2012-05-02 09:06 - 00000000 ____D C:\users\Mike 2013-08-11 17:23 - 2013-08-10 19:58 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Search Protection 2013-08-11 17:23 - 2013-08-10 19:55 - 00000000 ____D C:\ProgramData\MFAData 2013-08-11 17:23 - 2013-08-10 19:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-11 17:23 - 2013-05-10 10:10 - 00000000 ____D C:\ProgramData\Yahoo! 2013-08-11 17:23 - 2013-04-21 06:57 - 00000000 ____D C:\Program Files\Bonjour 2013-08-11 17:23 - 2013-04-21 06:57 - 00000000 ____D C:\Program Files (x86)\Bonjour 2013-08-11 17:23 - 2012-11-24 15:36 - 00000000 ____D C:\Program Files (x86)\Free Video Joiner 2013-08-11 17:23 - 2012-11-17 17:04 - 00000000 ____D C:\Program Files (x86)\Giganews Accelerator 2013-08-11 17:23 - 2012-11-17 15:13 - 00000000 ____D C:\Program Files\Newsbin 2013-08-11 17:23 - 2012-10-18 15:03 - 00000000 ____D C:\Program Files (x86)\Mimo 2013-08-11 17:23 - 2012-09-21 01:55 - 00000000 ____D C:\Program Files (x86)\Comical 2013-08-11 17:23 - 2012-05-02 09:44 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2013-08-11 17:23 - 2012-05-02 09:07 - 00000000 ____D C:\Users\Mike\AppData\Local\BioExcess 2013-08-11 17:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2013-08-11 11:48 - 2013-08-10 20:13 - 00000000 ____D C:\Program Files (x86)\AVG 2013-08-11 11:48 - 2013-08-10 19:56 - 00000000 ____D C:\Users\Mike\AppData\Roaming\SUPERAntiSpyware.com 2013-08-11 11:48 - 2013-08-10 19:55 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-10 20:46 - 2013-08-10 20:14 - 00000000 ____D C:\ProgramData\AVG2013 2013-08-10 20:14 - 2013-08-10 20:14 - 00000000 ___HD C:\$AVG 2013-08-10 19:58 - 2013-08-10 19:58 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes 2013-08-10 19:55 - 2013-08-10 19:55 - 00000000 ____D C:\Users\Mike\AppData\Local\MFAData 2013-08-10 19:55 - 2013-08-10 19:55 - 00000000 ____D C:\Users\Mike\AppData\Local\Avg2013 2013-08-10 19:55 - 2013-08-10 19:55 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2013-08-10 19:47 - 2012-11-17 15:13 - 00000000 ____D C:\Users\Mike\AppData\Local\Newsbin 2013-08-04 09:33 - 2012-02-19 18:13 - 00003908 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-08-04 09:33 - 2012-02-19 18:13 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore Files to move or delete: ==================== C:\Users\Mike\AppData\Local\YRmcSvB2N\WRHUZ4gRTR9.exe C:\Users\Mike\AppData\Local\Temp\avguidx.dll C:\Users\Mike\AppData\Local\Temp\FastFreeConverterUpdt_v4.1.exe C:\Users\Mike\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe C:\Users\Mike\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe C:\Users\Mike\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe C:\Users\Mike\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\Mike\AppData\Local\Temp\MachineIdCreator.exe C:\Users\Mike\AppData\Local\Temp\oi_{F8D3AB6B-30B5-470C-9205-27A827638347}.exe C:\Users\Mike\AppData\Local\Temp\PreferencesJson.exe C:\Users\Mike\AppData\Local\Temp\SetupToparcadehits.exe C:\Users\Mike\AppData\Local\Temp\uninst1.exe C:\Users\Mike\AppData\Local\Temp\UNINSTALL.EXE C:\Users\Mike\AppData\Local\Temp\utt3FB8.tmp.exe C:\Users\Mike\AppData\Local\Temp\uxyyaxmqpjsxdvquuff.dll C:\Users\Mike\AppData\Local\Temp\vlc-2.0.1-win32.exe C:\Users\Mike\AppData\Local\Temp\vlc-2.0.2-win32.exe C:\Users\Mike\AppData\Local\Temp\{6A20E406-08A8-453F-B651-0DDA7A917016}\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}\InstallHelper.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\phonon_backend\phonon_ds94.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\phonon_backend\Microsoft.VC90.CRT\msvcm90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\phonon_backend\Microsoft.VC90.CRT\msvcp90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\phonon_backend\Microsoft.VC90.CRT\msvcr90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\qgif4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\qjpeg4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\qmng4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\qsvg4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\qtiff4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\Microsoft.VC90.CRT\msvcm90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\Microsoft.VC90.CRT\msvcp90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\Microsoft.VC90.CRT\msvcr90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\iconengines\qsvgicon4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\iconengines\Microsoft.VC90.CRT\msvcm90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\iconengines\Microsoft.VC90.CRT\msvcp90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\iconengines\Microsoft.VC90.CRT\msvcr90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\codecs\qcncodecs4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\codecs\qjpcodecs4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\codecs\qkrcodecs4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\codecs\qtwcodecs4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\codecs\Microsoft.VC90.CRT\msvcm90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\codecs\Microsoft.VC90.CRT\msvcp90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\codecs\Microsoft.VC90.CRT\msvcr90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\accessible\qtaccessiblewidgets4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\accessible\Microsoft.VC90.CRT\msvcm90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\accessible\Microsoft.VC90.CRT\msvcp90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\accessible\Microsoft.VC90.CRT\msvcr90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_core.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_gui.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_help.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_multimedia.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_network.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_opengl.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_phonon.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_script.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_scripttools.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_sql.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_svg.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_webkit.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_xml.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_xmlpatterns.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\phonon4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtCore4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtGui4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtHelp4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\qtjambi.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtMultimedia4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtNetwork4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtOpenGL4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtScript4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtScriptTools4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtSql4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtSvg4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtWebKit4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtXml4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtXmlPatterns4.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\Microsoft.VC90.CRT\msvcm90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\Microsoft.VC90.CRT\msvcp90.dll C:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\Microsoft.VC90.CRT\msvcr90.dll C:\Users\Mike\AppData\Local\Temp\mwi2013130657\7za.dll C:\Users\Mike\AppData\Local\Temp\mwi2013130657\setup.exe C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\Setup.exe C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupEngine.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUi.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUtility.exe C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\sqmapi.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3082\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3076\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2070\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2052\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1055\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1053\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1049\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1046\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1045\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1044\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1043\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1042\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1041\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1040\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1038\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1037\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1036\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1035\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1033\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1032\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1031\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1030\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1029\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1028\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1025\SetupResources.dll C:\Users\Mike\AppData\Local\Temp\is1832903999\2351662_Setup.EXE C:\Users\Mike\AppData\Local\Temp\is1832903999\2351696_Setup.EXE C:\Users\Mike\AppData\Local\Temp\is1832903999\DeltaTB.exe C:\Users\Mike\AppData\Local\Temp\is1832903999\nss_handler.exe C:\Users\Mike\AppData\Local\Temp\is1832903999\Setup-D502DD2B71B5.exe C:\Users\Mike\AppData\Local\Temp\is1832903999\SymCCIS.dll C:\Users\Mike\AppData\Local\Temp\is1832903999\Toparcadehits.exe C:\Users\Mike\AppData\Local\Temp\ExtremeFlashPlayer\YahooToolbar\offerbroker.exe C:\Users\Mike\AppData\Local\Temp\ExtremeFlashPlayer\YahooToolbar\YahooChecker.exe C:\Users\Mike\AppData\Local\Temp\ExtremeFlashPlayer\PCSpeedBoost\PCSpeedBoost3.exe C:\Users\Mike\AppData\Local\Temp\ExtremeFlashPlayer\FFC\FastFreeConverter.exe C:\Users\Mike\AppData\Local\Temp\ExtremeFlashPlayer\ExtremeFlashPlayer\Setup_ExtremeFlashPlayer.exe C:\Users\Mike\AppData\Local\Temp\avg_a04940\avg-secure-search-installer.exe C:\Users\Mike\AppData\Local\Temp\avg_a04940\ProgFiles\AVG Secure Search\GenericWndApi.dll C:\Users\Mike\AppData\Local\Temp\avg_a04940\ProgFiles\AVG Secure Search\lip.exe C:\Users\Mike\AppData\Local\Temp\avg_a04940\ProgFiles\AVG Secure Search\PostInstall.exe C:\Users\Mike\AppData\Local\Temp\avg_a04940\ProgFiles\AVG Secure Search\ROC_ssl.exe C:\Users\Mike\AppData\Local\Temp\avg_a04940\ProgFiles\AVG Secure Search\Uninstall.exe C:\Users\Mike\AppData\Local\Temp\avg_a04940\ProgFiles\AVG Secure Search\vprot.exe C:\Users\Mike\AppData\Local\Temp\avg_a04940\ProgFiles\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll C:\Users\Mike\AppData\Local\Temp\avg_a04940\ConfigFiles\avguidx.dll C:\Users\Mike\AppData\Local\Temp\avg_a04940\ConfigFiles\MachineIdCreator.exe C:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\avgdttbx.dll C:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\DriverInstaller.exe C:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\DriverInstaller_64.exe C:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\npsitesafety.dll C:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\ScriptHelper.exe C:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\SiteSafety.dll C:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\ToolbarUpdater.exe C:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\ViProtocol.dll C:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\BabMaint.exe C:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\BExternal.dll C:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\BUSolForMontiera.dll C:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\BUSolution.dll C:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\ccp.exe C:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\ChromeToolbarSetup.dll C:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\CrxInstaller.dll C:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\GUninstaller.exe C:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\IEHelper.dll C:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\MntrDLLInstall.dll C:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\MyDeltaTB.exe C:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\NTRedirect.dll C:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\Setup.exe C:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\sqlite3.dll ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-08-23 01:01:40 ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 4010.14 MB Available physical RAM: 3376.9 MB Total Pagefile: 4008.34 MB Available Pagefile: 3379.99 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:421.81 GB) (Free:341.55 GB) NTFS Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.8 GB) NTFS Drive g: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 8AEFE21C) Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=422 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=15 GB) - (Type=12) ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: 08619E90) Partition 1: (Active) - (Size=2 GB) - (Type=06) LastRegBack: 2013-08-22 10:17 ==================== End Of Log ============================

When I start my laptop I have a screen saying my PC is blocked and to pay $300 via MoneyPak. I have tried to boot in safe mode and can not. Can someone please help me remove this virus? I have windows 7 home 64 bit.