Brett1337Vierra

Honorary Members

View Profile See their activity

Posts
29
Joined
April 21, 2014
Last visited
May 5, 2014

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by Brett1337Vierra

If not infected then what?

Brett1337Vierra replied to Brett1337Vierra's topic in Resolved Malware Removal Logs

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2014 Ran by Sirly at 2014-05-03 10:18:34 Running from C:\Users\Sirly\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09} AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275} FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3} ==================== Installed Programs ====================== Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) AMD Accelerated Video Transcoding (Version: 12.10.100.30313 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{9D5A28E4-6AC3-DD51-C1FA-A8698E91ECBE}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) AMD Fuel (Version: 2013.0313.2330.40379 - Advanced Micro Devices, Inc.) Hidden AMD Steady Video Plug-In (Version: 2.06.0000 - AMD) Hidden AMD VISION Engine Control Center (x32 Version: 2013.0313.2330.40379 - Advanced Micro Devices, Inc.) Hidden Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.15.16 - Atheros Communications Inc.) Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender) Catalyst Control Center InstallProxy (x32 Version: 2013.0313.2330.40379 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.0313.2330.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.0313.2330.40379 - Advanced Micro Devices, Inc.) Hidden COMODO Firewall (HKLM\...\{D32EF4F9-1506-434E-A813-3D4C0AA50300}) (Version: 7.0.53315.4132 - COMODO Security Solutions Inc.) ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer) Heroes of Newerth (HKLM-x32\...\hon) (Version: 2.3.0 - S2 Games) InfiniteCrisis_410193F41CAE (HKLM-x32\...\InfiniteCrisis_410193F41CAE) (Version: - Turbine, Inc) League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games) League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.8.1 - LG Electronics) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Mozilla Firefox 29.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0 (x86 en-US)) (Version: 29.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 2.2.0.2 - NETGEAR) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) VT Hash Check 1.42 (HKLM-x32\...\{1E579B65-503B-4184-B481-5138124BEE1D}_is1) (Version: 1.42 - Boredom Software) WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Restore Points ========================= 25-04-2014 17:53:43 Installed LG United Mobile Driver 26-04-2014 17:21:27 Windows Update 29-04-2014 04:01:39 Installed Atheros Communications Inc.® AR81Family Gigabit/Fast]áu! 01-05-2014 16:24:16 ComboFix created restore point 02-05-2014 17:54:30 Windows Update 03-05-2014 05:00:12 Windows Update 03-05-2014 17:04:20 Installed Microsoft Fix it 50688 03-05-2014 17:05:49 Installed Microsoft Fix it 50656 ==================== Hosts content: ========================== 2009-07-13 19:34 - 2014-04-25 18:23 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {57A80709-F66B-4C5A-B80C-1D7B04103FCC} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO) Task: {BD18720E-EE08-40A8-B3BD-6006DAD46DC7} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO) ==================== Loaded Modules (whitelisted) ============= 2014-04-14 18:31 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll 2014-04-14 18:31 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll 2013-03-14 00:41 - 2013-03-14 00:41 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2012-09-23 14:53 - 2012-09-23 14:53 - 00748544 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2012-09-23 14:53 - 2012-09-23 14:53 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2013-03-14 00:41 - 2013-03-14 00:41 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-02-10 18:03 - 2013-11-22 19:34 - 08266456 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe 2014-02-10 18:03 - 2013-11-01 17:31 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Administrator\Downloads\FRST64.exe:BDU AlternateDataStreams: C:\Users\Sirly\Desktop\AdwCleaner.exe:BDU AlternateDataStreams: C:\Users\Sirly\Desktop\ComboFix.exe:BDU AlternateDataStreams: C:\Users\Sirly\Desktop\FRST64.exe:BDU AlternateDataStreams: C:\Users\Sirly\Desktop\JRT.exe:BDU AlternateDataStreams: C:\Users\Sirly\Desktop\mbam-check-2.1.0.0002.exe:BDU AlternateDataStreams: C:\Users\Sirly\Desktop\mbam-clean-2.0.2.0.exe:BDU AlternateDataStreams: C:\Users\Sirly\Desktop\mbam-setup-consumer-2.0.2.1007.exe:BDU AlternateDataStreams: C:\Users\Sirly\Desktop\mbar-1.07.0.1009.exe:BDU AlternateDataStreams: C:\Users\Sirly\Desktop\MiniToolBox.exe:BDU AlternateDataStreams: C:\Users\Sirly\Desktop\rkill.exe:BDU AlternateDataStreams: C:\Users\Sirly\Desktop\RogueKillerX64.exe:BDU AlternateDataStreams: C:\Users\Sirly\Desktop\SecurityCheck.exe:BDU AlternateDataStreams: C:\Users\Sirly\Desktop\TFC.exe:BDU ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: MpsSvc => 2 MSCONFIG\Services: WinDefend => 2 MSCONFIG\Services: WMPNetworkSvc => 3 ==================== Faulty Device Manager Devices ============= Name: Printer Port (LPT1) Description: Printer Port Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard port types) Service: Parport Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32) Resolution: The start type for this driver is set to disabled in the registry. Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry. ==================== Event log errors: ========================= Application errors: ================== Error: (05/03/2014 10:01:19 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/02/2014 10:10:39 PM) (Source: ESENT) (User: ) Description: WinMail (4360) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed. Error: (05/02/2014 10:10:38 PM) (Source: ESENT) (User: ) Description: WinMail (3996) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed. Error: (05/02/2014 10:09:51 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/02/2014 10:51:08 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/01/2014 09:13:20 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/01/2014 09:18:23 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/01/2014 08:46:49 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/30/2014 03:10:36 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/30/2014 00:37:43 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (05/03/2014 10:16:44 AM) (Source: Service Control Manager) (User: ) Description: The mbamchameleon service failed to start due to the following error: %%2 Error: (05/03/2014 10:14:42 AM) (Source: Service Control Manager) (User: ) Description: The mbamchameleon service failed to start due to the following error: %%2 Error: (05/03/2014 10:00:23 AM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (05/03/2014 09:59:55 AM) (Source: Service Control Manager) (User: ) Description: The mbamchameleon service failed to start due to the following error: %%2 Error: (05/02/2014 10:08:38 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (05/02/2014 10:08:05 PM) (Source: Service Control Manager) (User: ) Description: The mbamchameleon service failed to start due to the following error: %%2 Error: (05/02/2014 10:49:47 AM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (05/02/2014 10:49:23 AM) (Source: Service Control Manager) (User: ) Description: The mbamchameleon service failed to start due to the following error: %%2 Error: (05/01/2014 09:11:59 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (05/01/2014 09:11:34 PM) (Source: Service Control Manager) (User: ) Description: The mbamchameleon service failed to start due to the following error: %%2 Microsoft Office Sessions: ========================= Error: (05/03/2014 10:01:19 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/02/2014 10:10:39 PM) (Source: ESENT)(User: ) Description: WinMail4360WindowsMail0: Error: (05/02/2014 10:10:38 PM) (Source: ESENT)(User: ) Description: WinMail3996WindowsMail0: Error: (05/02/2014 10:09:51 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/02/2014 10:51:08 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/01/2014 09:13:20 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/01/2014 09:18:23 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/01/2014 08:46:49 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/30/2014 03:10:36 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/30/2014 00:37:43 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2014-04-25 18:19:32.173 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-25 18:19:32.127 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 18% Total physical RAM: 7657.54 MB Available physical RAM: 6224.63 MB Total Pagefile: 15313.25 MB Available Pagefile: 13784.44 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:186.31 GB) (Free:139.92 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186 GB) (Disk ID: 00037BA0) Partition 1: (Active) - (Size=186 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Sorry it took so long
- May 3, 2014
- 46 replies
- - Unable
  - Delete
  - (and 2 more)
    Tagged with:
    
    Unable
    
    Delete
    
    removed
    
    user
If not infected then what?

Brett1337Vierra replied to Brett1337Vierra's topic in Resolved Malware Removal Logs

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2014 Ran by Sirly (administrator) on VITTORIO-PC on 03-05-2014 10:17:48 Running from C:\Users\Sirly\Desktop Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe (Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO) HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-14] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated) HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION Winlogon\Notify\ScCertProp: wlnotify.dll [X] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3E51F0CA5363CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Sirly\AppData\Roaming\Mozilla\Firefox\Profiles\jvy1qi3l.default-1398738901204 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll () FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-14] (Advanced Micro Devices, Inc.) R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO) R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender) R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation) R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-13] (Microsoft Corporation) R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation) S2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [307928 2013-11-11] () ==================== Drivers (Whitelisted) ==================== S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2012-07-03] (Google Inc) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.) R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender) U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2012-11-02] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender) R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-16] (COMODO) R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC) R3 HPKBx64; C:\Windows\System32\DRIVERS\HPKBx64.sys [57856 2013-03-19] (Hewlett-Packard Company) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104560 2012-04-25] (Qualcomm Atheros Co., Ltd.) R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-13] (Microsoft Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.) S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S2 mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-03 10:06 - 2014-05-03 10:06 - 02062336 _____ (Farbar) C:\Users\Sirly\Desktop\FRST64.exe 2014-05-02 22:00 - 2014-04-29 07:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-02 22:00 - 2014-04-29 06:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-02 22:00 - 2014-04-29 05:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-02 22:00 - 2014-04-29 05:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-02 11:10 - 2014-05-02 11:15 - 00054331 _____ () C:\Users\Sirly\Desktop\Result.txt 2014-05-02 11:08 - 2014-05-02 11:08 - 00982016 _____ (Farbar) C:\Users\Sirly\Desktop\MiniToolBox.exe 2014-05-01 18:39 - 2014-05-01 18:39 - 00000000 ____D () C:\Users\Beta\AppData\Roaming\Comodo 2014-05-01 10:42 - 2014-05-01 10:42 - 00000000 ____D () C:\Users\Beta\AppData\Local\Adobe 2014-05-01 09:52 - 2014-05-01 09:52 - 00025186 _____ () C:\ComboFix.txt 2014-05-01 09:19 - 2014-05-01 09:19 - 05197895 ____R (Swearware) C:\Users\Sirly\Desktop\ComboFix.exe 2014-04-30 12:09 - 2014-04-30 12:09 - 00018141 _____ () C:\Users\Sirly\Desktop\CheckResults.txt 2014-04-30 11:58 - 2014-05-03 10:17 - 00008271 _____ () C:\Users\Sirly\Desktop\FRST.txt 2014-04-30 11:56 - 2014-05-03 10:12 - 00018711 _____ () C:\Users\Sirly\Desktop\Addition.txt 2014-04-29 10:21 - 2014-04-29 10:22 - 17290592 _____ (Malwarebytes Corporation ) C:\Users\Sirly\Desktop\mbam-setup-consumer-2.0.2.1007.exe 2014-04-29 10:20 - 2014-04-29 10:20 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Sirly\Desktop\mbam-clean-2.0.2.0.exe 2014-04-29 10:19 - 2014-04-29 10:19 - 01673896 _____ (Malwarebytes Corporation) C:\Users\Sirly\Desktop\mbam-check-2.1.0.0002.exe 2014-04-28 21:02 - 2014-04-28 21:02 - 00000000 ____D () C:\Windows\SysWOW64\Atheros_L1e 2014-04-28 19:35 - 2014-04-28 19:35 - 00000000 ____D () C:\Users\Sirly\Desktop\Old Firefox Data 2014-04-28 15:26 - 2014-04-28 15:26 - 00000000 ____D () C:\Users\Sirly\AppData\Local\Adobe 2014-04-28 12:55 - 2014-04-28 12:55 - 00854355 _____ () C:\Users\Sirly\Desktop\SecurityCheck.exe 2014-04-28 12:16 - 2014-04-28 12:16 - 00000629 _____ () C:\Users\Sirly\Desktop\JRT.txt 2014-04-27 21:30 - 2014-04-27 21:30 - 01016261 _____ (Thisisu) C:\Users\Sirly\Desktop\JRT.exe 2014-04-27 21:16 - 2014-04-27 21:16 - 00448512 _____ (OldTimer Tools) C:\Users\Sirly\Desktop\TFC.exe 2014-04-25 17:58 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-04-25 17:58 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-04-25 17:58 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-04-25 17:58 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-04-25 17:58 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-04-25 17:58 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe 2014-04-25 17:58 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe 2014-04-25 17:58 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe 2014-04-25 17:56 - 2014-05-01 09:52 - 00000000 ____D () C:\Qoobox 2014-04-25 14:16 - 2014-04-25 14:17 - 00000000 ____D () C:\AdwCleaner 2014-04-25 12:09 - 2014-04-25 12:12 - 10303344 _____ () C:\Users\Beta\Downloads\Kit_Kat_Xperience.zip 2014-04-25 11:00 - 2014-04-25 11:24 - 436903589 _____ () C:\Users\Beta\Downloads\Samurai_4-9-2014.zip 2014-04-25 10:54 - 2012-07-03 11:58 - 00031744 _____ (Google Inc) C:\Windows\system32\Drivers\lgandnetadb.sys 2014-04-25 10:54 - 2012-07-03 11:50 - 00036352 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetmodem64.sys 2014-04-25 10:54 - 2012-07-03 11:50 - 00029184 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetdiag64.sys 2014-04-25 10:53 - 2014-04-25 10:53 - 00000000 ____D () C:\Program Files (x86)\LG Electronics 2014-04-25 10:49 - 2013-02-25 18:01 - 00000000 ____D () C:\Users\Beta\Desktop\spirited_away 2014-04-25 07:16 - 2014-04-25 07:16 - 00000000 ____D () C:\Windows\ERUNT 2014-04-25 07:03 - 2014-04-25 07:13 - 00000000 ____D () C:\Users\Sirly\Desktop\mbar 2014-04-25 07:03 - 2014-04-25 07:03 - 01365865 _____ () C:\Users\Sirly\Desktop\AdwCleaner.exe 2014-04-25 07:02 - 2014-04-25 07:03 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Sirly\Desktop\mbar-1.07.0.1009.exe 2014-04-24 13:33 - 2014-04-24 13:34 - 00000000 ____D () C:\Users\Sirly\Desktop\GrantPerms64 2014-04-24 13:21 - 2014-04-24 13:21 - 00000000 ____D () C:\Users\Sirly\AppData\Roaming\Boredom Software 2014-04-24 13:19 - 2014-04-24 13:19 - 00000000 ____D () C:\Program Files (x86)\Boredom Software 2014-04-24 13:17 - 2014-04-24 13:17 - 00000000 ____D () C:\Users\Sirly\AppData\Roaming\WinRAR 2014-04-24 13:03 - 2014-04-24 13:03 - 00002956 _____ () C:\Users\Sirly\Desktop\RKreport[0]_S_04242014_130356.txt 2014-04-24 12:41 - 2014-04-24 12:41 - 00000000 ____D () C:\Users\Sirly\AppData\Local\CrashDumps 2014-04-24 12:27 - 2014-04-24 12:27 - 00000000 ____D () C:\Users\Sirly\AppData\Local\Macromedia 2014-04-24 12:20 - 2014-04-24 13:00 - 00000000 ____D () C:\Users\Sirly\Desktop\RK_Quarantine 2014-04-24 12:19 - 2014-04-24 12:19 - 04527616 _____ () C:\Users\Sirly\Desktop\RogueKillerX64.exe 2014-04-24 12:07 - 2014-04-25 18:27 - 00000000 ____D () C:\Windows\ERDNT 2014-04-24 12:06 - 2014-04-24 12:06 - 00000924 _____ () C:\Users\Sirly\Desktop\NTREGOPT.lnk 2014-04-24 12:06 - 2014-04-24 12:06 - 00000924 _____ () C:\Users\Administrator\Desktop\NTREGOPT.lnk 2014-04-24 12:06 - 2014-04-24 12:06 - 00000905 _____ () C:\Users\Sirly\Desktop\ERUNT.lnk 2014-04-24 12:06 - 2014-04-24 12:06 - 00000905 _____ () C:\Users\Administrator\Desktop\ERUNT.lnk 2014-04-24 12:06 - 2014-04-24 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-04-24 12:06 - 2014-04-24 12:06 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-04-24 12:01 - 2014-04-25 08:06 - 00002522 _____ () C:\Users\Sirly\Desktop\Rkill.txt 2014-04-24 12:00 - 2014-04-24 12:00 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Sirly\Desktop\rkill.exe 2014-04-24 11:38 - 2014-04-24 11:38 - 00024505 _____ () C:\Users\Beta\Documents\CisReport_x64_v7.0.317799.4142_20140424-113807.zip 2014-04-24 11:38 - 2014-04-24 11:38 - 00000000 ____D () C:\Users\Beta\AppData\Roaming\WinRAR 2014-04-22 12:05 - 2012-05-31 22:39 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll 2014-04-22 12:05 - 2012-05-31 22:36 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll 2014-04-22 12:05 - 2012-05-31 22:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll 2014-04-22 12:05 - 2012-05-31 22:35 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll 2014-04-22 12:05 - 2012-05-31 22:34 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll 2014-04-22 12:05 - 2012-05-31 22:33 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe 2014-04-22 12:05 - 2012-05-31 21:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll 2014-04-22 12:05 - 2012-05-31 21:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll 2014-04-22 12:05 - 2012-05-31 21:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll 2014-04-22 12:05 - 2012-05-31 21:35 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll 2014-04-22 12:05 - 2012-05-31 21:35 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll 2014-04-22 12:05 - 2012-05-31 21:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe 2014-04-21 17:46 - 2014-04-22 22:17 - 00047601 _____ () C:\Windows\iis7.log 2014-04-21 17:45 - 2014-04-21 17:45 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices 2014-04-21 17:45 - 2014-04-21 17:45 - 00000000 ____D () C:\Windows\system32\msmq 2014-04-21 17:45 - 2014-04-21 17:45 - 00000000 ____D () C:\Windows\system32\BestPractices 2014-04-21 17:45 - 2014-04-21 17:45 - 00000000 ____D () C:\inetpub 2014-04-21 17:29 - 2014-04-21 17:29 - 00000000 ____D () C:\Users\Sirly\AppData\Roaming\Mozilla 2014-04-21 17:29 - 2014-04-21 17:29 - 00000000 ____D () C:\Users\Sirly\AppData\Local\Mozilla 2014-04-21 15:40 - 2014-04-21 15:40 - 00000000 ____D () C:\Users\Sirly\AppData\Roaming\ATI 2014-04-21 15:40 - 2014-04-21 15:40 - 00000000 ____D () C:\Users\Sirly\AppData\Local\ATI 2014-04-21 15:40 - 2014-04-21 15:40 - 00000000 ____D () C:\Users\Sirly\AppData\Local\AMD 2014-04-21 14:37 - 2014-04-21 14:42 - 00014830 _____ () C:\Users\Administrator\Downloads\Addition.txt 2014-04-21 14:36 - 2014-05-03 10:17 - 00000000 ____D () C:\FRST 2014-04-21 14:36 - 2014-04-21 14:42 - 00057207 _____ () C:\Users\Administrator\Downloads\FRST.txt 2014-04-21 14:25 - 2014-04-21 14:25 - 02061312 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe 2014-04-21 14:08 - 2014-04-21 14:08 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe 2014-04-21 11:46 - 2014-04-21 11:46 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia 2014-04-21 11:46 - 2014-04-21 11:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Macromedia 2014-04-21 11:44 - 2014-04-21 11:44 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla 2014-04-21 11:44 - 2014-04-21 11:44 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla 2014-04-21 11:15 - 2014-04-21 11:15 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList 2014-04-21 11:15 - 2014-04-21 11:15 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList 2014-04-21 11:09 - 2014-04-21 11:09 - 00058016 _____ () C:\Users\Sirly\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-21 11:09 - 2014-04-21 11:09 - 00001413 _____ () C:\Users\Sirly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-21 11:09 - 2014-04-21 11:09 - 00000000 ___RD () C:\Users\Sirly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-21 11:09 - 2014-04-21 11:09 - 00000000 ___RD () C:\Users\Sirly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-21 11:09 - 2014-04-21 11:09 - 00000000 ____D () C:\Users\Sirly\AppData\Local\VirtualStore 2014-04-19 00:25 - 2014-04-19 00:25 - 00000000 ____D () C:\Users\Beta\AppData\Local\Macromedia 2014-04-18 22:12 - 2014-04-18 22:12 - 00000000 __SHD () C:\Users\Beta\AppData\Local\EmieUserList 2014-04-18 22:12 - 2014-04-18 22:12 - 00000000 __SHD () C:\Users\Beta\AppData\Local\EmieSiteList 2014-04-18 20:54 - 2014-04-18 20:54 - 00000000 ____D () C:\Users\Sirly\AppData\Roaming\Macromedia 2014-04-18 20:13 - 2014-04-28 15:26 - 00000000 ____D () C:\Users\Sirly\AppData\Roaming\Adobe 2014-04-18 20:13 - 2014-04-18 22:04 - 00000000 ____D () C:\Users\Sirly\Documents\InfiniteCrisis 2014-04-18 20:13 - 2014-04-18 20:14 - 00000000 ____D () C:\Users\Sirly\AppData\Local\InfiniteCrisis 2014-04-18 20:13 - 2014-04-18 20:13 - 00000000 __SHD () C:\Users\Sirly\AppData\Local\EmieUserList 2014-04-18 20:13 - 2014-04-18 20:13 - 00000000 __SHD () C:\Users\Sirly\AppData\Local\EmieSiteList 2014-04-18 20:12 - 2014-04-18 20:13 - 00000000 ____D () C:\Users\Sirly\AppData\Local\Turbine 2014-04-18 19:52 - 2014-04-18 20:12 - 00000000 ____D () C:\Users\Beta\Documents\InfiniteCrisis 2014-04-18 19:51 - 2014-04-18 19:52 - 00000000 ____D () C:\Users\Beta\AppData\Local\InfiniteCrisis 2014-04-18 19:49 - 2014-04-22 12:18 - 00000000 ____D () C:\Users\Beta\AppData\Local\Turbine 2014-04-18 18:01 - 2014-05-02 22:15 - 00000000 ____D () C:\Users\Sirly 2014-04-18 18:01 - 2014-04-18 18:01 - 00000020 ___SH () C:\Users\Sirly\ntuser.ini 2014-04-18 18:01 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\Sirly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-04-18 18:01 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\Sirly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-04-18 17:56 - 2014-04-18 17:56 - 00000000 ____D () C:\Users\Beta\AppData\Local\AMD 2014-04-18 17:53 - 2014-04-18 17:53 - 00000000 ____D () C:\Users\Beta\AppData\Roaming\Mozilla 2014-04-18 17:53 - 2014-04-18 17:53 - 00000000 ____D () C:\Users\Beta\AppData\Local\Mozilla 2014-04-18 17:52 - 2014-04-18 17:52 - 00000000 ____D () C:\Users\Beta\AppData\Roaming\Macromedia 2014-04-18 17:52 - 2014-04-18 17:52 - 00000000 ____D () C:\Users\Beta\AppData\Roaming\LolClient 2014-04-18 17:46 - 2014-04-18 17:46 - 00000000 ____D () C:\Users\Beta\AppData\Roaming\ATI 2014-04-18 17:46 - 2014-04-18 17:46 - 00000000 ____D () C:\Users\Beta\AppData\Local\ATI 2014-04-18 17:41 - 2014-05-01 10:42 - 00000000 ____D () C:\Users\Beta\AppData\Roaming\Adobe 2014-04-18 17:41 - 2014-04-18 17:41 - 00058016 _____ () C:\Users\Beta\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-18 17:41 - 2014-04-18 17:41 - 00001413 _____ () C:\Users\Beta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-18 17:41 - 2014-04-18 17:41 - 00000000 ___RD () C:\Users\Beta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-18 17:41 - 2014-04-18 17:41 - 00000000 ___RD () C:\Users\Beta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-18 17:40 - 2014-04-18 17:41 - 00000000 ____D () C:\Users\Beta 2014-04-18 17:40 - 2014-04-18 17:40 - 00000020 ___SH () C:\Users\Beta\ntuser.ini 2014-04-18 17:40 - 2014-04-18 17:40 - 00000000 ____D () C:\Users\Beta\AppData\Local\VirtualStore 2014-04-18 17:40 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\Beta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-04-18 17:40 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\Beta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-04-18 17:22 - 2014-04-18 17:22 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI 2014-04-18 17:22 - 2014-04-18 17:22 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI 2014-04-18 17:22 - 2014-04-18 17:22 - 00000000 ____D () C:\Users\Administrator\AppData\Local\AMD 2014-04-18 17:17 - 2014-04-21 14:08 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe 2014-04-18 17:17 - 2014-04-18 17:17 - 00058016 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-18 17:17 - 2014-04-18 17:17 - 00001409 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-18 17:17 - 2014-04-18 17:17 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini 2014-04-18 17:17 - 2014-04-18 17:17 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-18 17:17 - 2014-04-18 17:17 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-18 17:17 - 2014-04-18 17:17 - 00000000 ____D () C:\Users\Administrator 2014-04-18 17:17 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-04-18 17:17 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-04-18 17:13 - 2014-04-18 17:26 - 00004040 __RSH () C:\ProgramData\ntuser.pol 2014-04-18 12:17 - 2014-04-18 12:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-04-18 12:16 - 2014-04-18 12:26 - 00000000 ____D () C:\ProgramData\Adobe 2014-04-18 12:16 - 2014-04-18 12:16 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-04-17 23:14 - 2014-05-03 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-17 23:14 - 2014-05-03 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-17 23:14 - 2014-04-17 23:14 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-04-17 21:14 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2014-04-17 21:14 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2014-04-17 21:14 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll 2014-04-17 21:14 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2014-04-17 21:14 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2014-04-17 21:14 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2014-04-17 21:14 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2014-04-17 21:14 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2014-04-17 21:14 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2014-04-17 21:14 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2014-04-17 21:14 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2014-04-17 21:14 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2014-04-17 21:14 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2014-04-17 21:14 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll 2014-04-17 21:14 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2014-04-17 21:14 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2014-04-17 21:14 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll 2014-04-17 21:14 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll 2014-04-17 21:14 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll 2014-04-17 21:14 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2014-04-17 21:14 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2014-04-17 21:14 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll 2014-04-17 21:14 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2014-04-17 21:14 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll 2014-04-17 21:14 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll 2014-04-17 21:14 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll 2014-04-17 21:14 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll 2014-04-17 21:14 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll 2014-04-17 21:14 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll 2014-04-17 21:14 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll 2014-04-17 21:14 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll 2014-04-17 21:14 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll 2014-04-17 21:14 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll 2014-04-17 21:14 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll 2014-04-17 21:14 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll 2014-04-17 21:14 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll 2014-04-17 21:14 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll 2014-04-17 21:14 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll 2014-04-17 21:14 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll 2014-04-17 21:14 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll 2014-04-17 21:14 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll 2014-04-17 21:14 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll 2014-04-17 21:14 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll 2014-04-17 21:14 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll 2014-04-17 21:14 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll 2014-04-17 21:14 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll 2014-04-17 21:14 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll 2014-04-17 21:14 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll 2014-04-17 21:14 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll 2014-04-17 21:14 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll 2014-04-17 21:14 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll 2014-04-17 21:14 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll 2014-04-17 21:13 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll 2014-04-17 21:13 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll 2014-04-17 21:13 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll 2014-04-17 21:13 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll 2014-04-17 21:13 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll 2014-04-17 21:13 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll 2014-04-17 21:13 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll 2014-04-17 21:13 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll 2014-04-17 21:13 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll 2014-04-17 21:13 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll 2014-04-17 21:13 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll 2014-04-17 21:13 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll 2014-04-17 21:13 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll 2014-04-17 21:13 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll 2014-04-17 21:13 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll 2014-04-17 21:13 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll 2014-04-17 21:13 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2014-04-17 21:13 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll 2014-04-17 21:13 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2014-04-17 21:13 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2014-04-17 21:13 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2014-04-17 21:13 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll 2014-04-17 21:13 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll 2014-04-17 21:13 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll 2014-04-17 21:13 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll 2014-04-17 21:13 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll 2014-04-17 21:13 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll 2014-04-17 21:13 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll 2014-04-17 21:13 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll 2014-04-17 21:13 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll 2014-04-17 21:13 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll 2014-04-17 21:13 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll 2014-04-17 21:13 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll 2014-04-17 21:13 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll 2014-04-17 21:13 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll 2014-04-17 21:13 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll 2014-04-17 21:13 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll 2014-04-17 21:13 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll 2014-04-17 21:13 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll 2014-04-17 21:13 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll 2014-04-17 21:13 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll 2014-04-17 21:13 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll 2014-04-17 21:13 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll 2014-04-17 21:13 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll 2014-04-17 21:13 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll 2014-04-17 21:13 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll 2014-04-17 21:13 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll 2014-04-17 21:13 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll 2014-04-17 21:13 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll 2014-04-17 21:13 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll 2014-04-17 21:13 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll 2014-04-17 21:13 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll 2014-04-17 21:13 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll 2014-04-17 21:13 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll 2014-04-17 21:13 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll 2014-04-17 21:13 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll 2014-04-17 21:13 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll 2014-04-17 21:13 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll 2014-04-17 21:13 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll 2014-04-17 21:13 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2014-04-17 21:13 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll 2014-04-17 21:13 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll 2014-04-17 21:13 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll 2014-04-17 21:13 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll 2014-04-17 21:13 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll 2014-04-17 21:13 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2014-04-17 21:13 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll 2014-04-17 21:13 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2014-04-17 21:13 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll 2014-04-17 21:13 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2014-04-17 21:13 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll 2014-04-17 21:13 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2014-04-17 21:13 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll 2014-04-17 21:13 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2014-04-17 21:13 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll 2014-04-17 21:13 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2014-04-17 21:13 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2014-04-17 21:13 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll 2014-04-17 21:13 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2014-04-17 21:13 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll 2014-04-17 21:13 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2014-04-17 21:13 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll 2014-04-17 21:13 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2014-04-17 21:13 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll 2014-04-17 21:13 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2014-04-17 21:13 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll 2014-04-17 21:13 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll 2014-04-17 21:13 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2014-04-17 21:13 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2014-04-17 21:13 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll 2014-04-17 21:13 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2014-04-17 21:13 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll 2014-04-17 21:13 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2014-04-17 21:13 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll 2014-04-17 21:13 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll 2014-04-17 21:13 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2014-04-17 21:13 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2014-04-17 21:13 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2014-04-17 21:13 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll 2014-04-17 21:13 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll 2014-04-17 21:13 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll 2014-04-17 21:13 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2014-04-17 21:13 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2014-04-17 21:13 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2014-04-17 21:13 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2014-04-17 21:13 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2014-04-17 21:13 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2014-04-17 21:13 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll 2014-04-17 21:13 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2014-04-17 21:13 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll 2014-04-17 21:13 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2014-04-17 21:13 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll 2014-04-17 21:13 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2014-04-17 21:13 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2014-04-17 21:12 - 2014-04-18 03:10 - 00000000 ____D () C:\Program Files (x86)\InfiniteCrisis 2014-04-17 21:12 - 2014-04-17 21:13 - 00010123 _____ () C:\Windows\DirectX.log 2014-04-17 21:12 - 2014-04-17 21:12 - 00000000 ____D () C:\ProgramData\Turbine 2014-04-17 21:12 - 2014-04-17 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infinite Crisis 2014-04-17 21:12 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2014-04-17 21:12 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll 2014-04-17 21:12 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2014-04-17 21:12 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll 2014-04-17 21:12 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2014-04-17 21:12 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll 2014-04-17 21:12 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2014-04-17 21:12 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll 2014-04-17 21:12 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2014-04-17 21:12 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll 2014-04-17 15:22 - 2014-04-17 15:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-17 15:22 - 2014-04-17 15:22 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-14 18:49 - 2014-04-22 22:16 - 00313636 _____ () C:\Windows\system32\Drivers\fvstore.dat 2014-04-14 18:49 - 2014-04-14 18:49 - 00000000 ____D () C:\VTRoot 2014-04-14 18:39 - 2014-04-14 18:39 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO 2014-04-14 18:39 - 2014-04-14 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO 2014-04-14 18:38 - 2014-04-14 18:39 - 00000000 ___SD () C:\ProgramData\Shared Space 2014-04-14 18:37 - 2014-04-14 18:37 - 00000000 ____D () C:\Program Files\COMODO 2014-04-14 18:31 - 2014-04-14 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition 2014-04-14 18:31 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys 2014-04-14 18:31 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys 2014-04-14 18:29 - 2014-04-14 18:31 - 00000000 ____D () C:\Program Files\Bitdefender 2014-04-14 18:29 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys 2014-04-14 18:29 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys 2014-04-14 18:20 - 2014-04-14 18:20 - 00000000 ____D () C:\ProgramData\Comodo Downloader 2014-04-14 18:18 - 2014-04-18 15:10 - 00000000 ____D () C:\ProgramData\Comodo 2014-04-14 18:10 - 2014-05-01 21:11 - 00338276 _____ () C:\Windows\PFRO.log 2014-04-09 22:32 - 2014-03-06 02:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-09 22:32 - 2014-03-06 01:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-09 22:32 - 2014-03-06 01:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-09 22:32 - 2014-03-06 01:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-09 22:32 - 2014-03-06 01:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-09 22:32 - 2014-03-06 01:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-09 22:32 - 2014-03-06 01:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-09 22:32 - 2014-03-06 01:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-09 22:32 - 2014-03-06 01:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-09 22:32 - 2014-03-06 01:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-09 22:32 - 2014-03-06 01:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-09 22:32 - 2014-03-06 01:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-09 22:32 - 2014-03-06 01:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-09 22:32 - 2014-03-06 01:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-09 22:32 - 2014-03-06 01:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-09 22:32 - 2014-03-06 01:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-09 22:32 - 2014-03-06 01:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-09 22:32 - 2014-03-06 01:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-09 22:32 - 2014-03-06 00:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-09 22:32 - 2014-03-06 00:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-09 22:32 - 2014-03-06 00:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-09 22:32 - 2014-03-06 00:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-09 22:32 - 2014-03-06 00:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-09 22:32 - 2014-03-06 00:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-09 22:32 - 2014-03-06 00:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-09 22:32 - 2014-03-06 00:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-09 22:32 - 2014-03-06 00:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-09 22:32 - 2014-03-06 00:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-09 22:32 - 2014-03-06 00:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-09 22:32 - 2014-03-06 00:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-09 22:32 - 2014-03-06 00:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-09 22:32 - 2014-03-06 00:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-09 22:32 - 2014-03-06 00:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-09 22:32 - 2014-03-06 00:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-09 22:32 - 2014-03-05 23:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-09 22:32 - 2014-03-05 23:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-09 22:32 - 2014-03-05 23:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-09 22:32 - 2014-03-05 23:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-09 22:32 - 2014-03-05 23:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-09 22:32 - 2014-03-05 22:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-09 22:32 - 2014-03-05 22:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-09 22:32 - 2014-03-05 22:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-09 22:32 - 2014-03-05 22:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-09 22:32 - 2014-03-05 22:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-09 12:04 - 2014-03-04 02:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 12:04 - 2014-03-04 02:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-09 12:04 - 2014-03-04 02:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-09 12:04 - 2014-03-04 02:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-09 12:04 - 2014-03-04 02:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-09 12:04 - 2014-03-04 02:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 12:04 - 2014-03-04 02:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-09 12:04 - 2014-03-04 02:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-09 12:04 - 2014-03-04 02:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-09 12:04 - 2014-03-04 01:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-09 12:04 - 2014-03-04 01:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-09 12:04 - 2014-02-03 19:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-09 12:04 - 2014-02-03 19:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-09 12:04 - 2014-02-03 19:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-09 12:04 - 2014-02-03 19:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-09 12:04 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-09 12:04 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys ==================== One Month Modified Files and Folders ======= 2014-05-03 10:17 - 2014-04-30 11:58 - 00008271 _____ () C:\Users\Sirly\Desktop\FRST.txt 2014-05-03 10:17 - 2014-04-21 14:36 - 00000000 ____D () C:\FRST 2014-05-03 10:17 - 2014-03-29 23:50 - 00010751 _____ () C:\Windows\setupact.log 2014-05-03 10:17 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-03 10:17 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\inetsrv 2014-05-03 10:13 - 2014-03-26 14:14 - 01539658 _____ () C:\Windows\WindowsUpdate.log 2014-05-03 10:12 - 2014-04-30 11:56 - 00018711 _____ () C:\Users\Sirly\Desktop\Addition.txt 2014-05-03 10:07 - 2009-07-13 21:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-03 10:07 - 2009-07-13 21:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-03 10:06 - 2014-05-03 10:06 - 02062336 _____ (Farbar) C:\Users\Sirly\Desktop\FRST64.exe 2014-05-03 10:05 - 2009-07-13 22:13 - 00891324 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-03 09:59 - 2014-04-17 23:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-03 09:59 - 2014-04-17 23:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-02 22:15 - 2014-04-18 18:01 - 00000000 ____D () C:\Users\Sirly 2014-05-02 11:15 - 2014-05-02 11:10 - 00054331 _____ () C:\Users\Sirly\Desktop\Result.txt 2014-05-02 11:08 - 2014-05-02 11:08 - 00982016 _____ (Farbar) C:\Users\Sirly\Desktop\MiniToolBox.exe 2014-05-01 21:11 - 2014-04-14 18:10 - 00338276 _____ () C:\Windows\PFRO.log 2014-05-01 18:39 - 2014-05-01 18:39 - 00000000 ____D () C:\Users\Beta\AppData\Roaming\Comodo 2014-05-01 10:42 - 2014-05-01 10:42 - 00000000 ____D () C:\Users\Beta\AppData\Local\Adobe 2014-05-01 10:42 - 2014-04-18 17:41 - 00000000 ____D () C:\Users\Beta\AppData\Roaming\Adobe 2014-05-01 09:52 - 2014-05-01 09:52 - 00025186 _____ () C:\ComboFix.txt 2014-05-01 09:52 - 2014-04-25 17:56 - 00000000 ____D () C:\Qoobox 2014-05-01 09:45 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini 2014-05-01 09:19 - 2014-05-01 09:19 - 05197895 ____R (Swearware) C:\Users\Sirly\Desktop\ComboFix.exe 2014-04-30 12:09 - 2014-04-30 12:09 - 00018141 _____ () C:\Users\Sirly\Desktop\CheckResults.txt 2014-04-29 10:22 - 2014-04-29 10:21 - 17290592 _____ (Malwarebytes Corporation ) C:\Users\Sirly\Desktop\mbam-setup-consumer-2.0.2.1007.exe 2014-04-29 10:20 - 2014-04-29 10:20 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Sirly\Desktop\mbam-clean-2.0.2.0.exe 2014-04-29 10:19 - 2014-04-29 10:19 - 01673896 _____ (Malwarebytes Corporation) C:\Users\Sirly\Desktop\mbam-check-2.1.0.0002.exe 2014-04-29 07:01 - 2014-05-02 22:00 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-29 06:40 - 2014-05-02 22:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-29 05:48 - 2014-05-02 22:00 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-29 05:34 - 2014-05-02 22:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-28 21:02 - 2014-04-28 21:02 - 00000000 ____D () C:\Windows\SysWOW64\Atheros_L1e 2014-04-28 21:01 - 2014-02-10 18:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-04-28 19:35 - 2014-04-28 19:35 - 00000000 ____D () C:\Users\Sirly\Desktop\Old Firefox Data 2014-04-28 15:26 - 2014-04-28 15:26 - 00000000 ____D () C:\Users\Sirly\AppData\Local\Adobe 2014-04-28 15:26 - 2014-04-18 20:13 - 00000000 ____D () C:\Users\Sirly\AppData\Roaming\Adobe 2014-04-28 12:55 - 2014-04-28 12:55 - 00854355 _____ () C:\Users\Sirly\Desktop\SecurityCheck.exe 2014-04-28 12:16 - 2014-04-28 12:16 - 00000629 _____ () C:\Users\Sirly\Desktop\JRT.txt 2014-04-27 21:30 - 2014-04-27 21:30 - 01016261 _____ (Thisisu) C:\Users\Sirly\Desktop\JRT.exe 2014-04-27 21:16 - 2014-04-27 21:16 - 00448512 _____ (OldTimer Tools) C:\Users\Sirly\Desktop\TFC.exe 2014-04-25 18:27 - 2014-04-24 12:07 - 00000000 ____D () C:\Windows\ERDNT 2014-04-25 18:22 - 2009-07-13 19:34 - 52166656 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-04-25 18:22 - 2009-07-13 19:34 - 19136512 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-04-25 18:22 - 2009-07-13 19:34 - 00786432 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-04-25 18:22 - 2009-07-13 19:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-04-25 18:22 - 2009-07-13 19:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-04-25 14:17 - 2014-04-25 14:16 - 00000000 ____D () C:\AdwCleaner 2014-04-25 12:12 - 2014-04-25 12:09 - 10303344 _____ () C:\Users\Beta\Downloads\Kit_Kat_Xperience.zip 2014-04-25 11:24 - 2014-04-25 11:00 - 436903589 _____ () C:\Users\Beta\Downloads\Samurai_4-9-2014.zip 2014-04-25 10:53 - 2014-04-25 10:53 - 00000000 ____D () C:\Program Files (x86)\LG Electronics 2014-04-25 08:06 - 2014-04-24 12:01 - 00002522 _____ () C:\Users\Sirly\Desktop\Rkill.txt 2014-04-25 07:16 - 2014-04-25 07:16 - 00000000 ____D () C:\Windows\ERUNT 2014-04-25 07:13 - 2014-04-25 07:03 - 00000000 ____D () C:\Users\Sirly\Desktop\mbar 2014-04-25 07:03 - 2014-04-25 07:03 - 01365865 _____ () C:\Users\Sirly\Desktop\AdwCleaner.exe 2014-04-25 07:03 - 2014-04-25 07:02 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Sirly\Desktop\mbar-1.07.0.1009.exe 2014-04-24 13:34 - 2014-04-24 13:33 - 00000000 ____D () C:\Users\Sirly\Desktop\GrantPerms64 2014-04-24 13:21 - 2014-04-24 13:21 - 00000000 ____D () C:\Users\Sirly\AppData\Roaming\Boredom Software 2014-04-24 13:19 - 2014-04-24 13:19 - 00000000 ____D () C:\Program Files (x86)\Boredom Software 2014-04-24 13:17 - 2014-04-24 13:17 - 00000000 ____D () C:\Users\Sirly\AppData\Roaming\WinRAR 2014-04-24 13:03 - 2014-04-24 13:03 - 00002956 _____ () C:\Users\Sirly\Desktop\RKreport[0]_S_04242014_130356.txt 2014-04-24 13:00 - 2014-04-24 12:20 - 00000000 ____D () C:\Users\Sirly\Desktop\RK_Quarantine 2014-04-24 12:41 - 2014-04-24 12:41 - 00000000 ____D () C:\Users\Sirly\AppData\Local\CrashDumps 2014-04-24 12:27 - 2014-04-24 12:27 - 00000000 ____D () C:\Users\Sirly\AppData\Local\Macromedia 2014-04-24 12:19 - 2014-04-24 12:19 - 04527616 _____ () C:\Users\Sirly\Desktop\RogueKillerX64.exe 2014-04-24 12:06 - 2014-04-24 12:06 - 00000924 _____ () C:\Users\Sirly\Desktop\NTREGOPT.lnk 2014-04-24 12:06 - 2014-04-24 12:06 - 00000924 _____ () C:\Users\Administrator\Desktop\NTREGOPT.lnk 2014-04-24 12:06 - 2014-04-24 12:06 - 00000905 _____ () C:\Users\Sirly\Desktop\ERUNT.lnk 2014-04-24 12:06 - 2014-04-24 12:06 - 00000905 _____ () C:\Users\Administrator\Desktop\ERUNT.lnk 2014-04-24 12:06 - 2014-04-24 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-04-24 12:06 - 2014-04-24 12:06 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-04-24 12:00 - 2014-04-24 12:00 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Sirly\Desktop\rkill.exe 2014-04-24 11:38 - 2014-04-24 11:38 - 00024505 _____ () C:\Users\Beta\Documents\CisReport_x64_v7.0.317799.4142_20140424-113807.zip 2014-04-24 11:38 - 2014-04-24 11:38 - 00000000 ____D () C:\Users\Beta\AppData\Roaming\WinRAR 2014-04-22 22:17 - 2014-04-21 17:46 - 00047601 _____ () C:\Windows\iis7.log 2014-04-22 22:16 - 2014-04-14 18:49 - 00313636 _____ () C:\Windows\system32\Drivers\fvstore.dat 2014-04-22 22:16 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv 2014-04-22 12:18 - 2014-04-18 19:49 - 00000000 ____D () C:\Users\Beta\AppData\Local\Turbine 2014-04-21 20:18 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache 2014-04-21 17:48 - 2014-02-10 18:11 - 00843060 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-04-21 17:48 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-21 17:45 - 2014-04-21 17:45 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices 2014-04-21 17:45 - 2014-04-21 17:45 - 00000000 ____D () C:\Windows\system32\msmq 2014-04-21 17:45 - 2014-04-21 17:45 - 00000000 ____D () C:\Windows\system32\BestPractices 2014-04-21 17:45 - 2014-04-21 17:45 - 00000000 ____D () C:\inetpub 2014-04-21 17:45 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-04-21 17:45 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files\Microsoft Games 2014-04-21 17:29 - 2014-04-21 17:29 - 00000000 ____D () C:\Users\Sirly\AppData\Roaming\Mozilla 2014-04-21 17:29 - 2014-04-21 17:29 - 00000000 ____D () C:\Users\Sirly\AppData\Local\Mozilla 2014-04-21 15:40 - 2014-04-21 15:40 - 00000000 ____D () C:\Users\Sirly\AppData\Roaming\ATI 2014-04-21 15:40 - 2014-04-21 15:40 - 00000000 ____D () C:\Users\Sirly\AppData\Local\ATI 2014-04-21 15:40 - 2014-04-21 15:40 - 00000000 ____D () C:\Users\Sirly\AppData\Local\AMD 2014-04-21 14:42 - 2014-04-21 14:37 - 00014830 _____ () C:\Users\Administrator\Downloads\Addition.txt 2014-04-21 14:42 - 2014-04-21 14:36 - 00057207 _____ () C:\Users\Administrator\Downloads\FRST.txt 2014-04-21 14:25 - 2014-04-21 14:25 - 02061312 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe 2014-04-21 14:08 - 2014-04-21 14:08 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe 2014-04-21 14:08 - 2014-04-18 17:17 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe 2014-04-21 11:46 - 2014-04-21 11:46 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia 2014-04-21 11:46 - 2014-04-21 11:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Macromedia 2014-04-21 11:44 - 2014-04-21 11:44 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla 2014-04-21 11:44 - 2014-04-21 11:44 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla 2014-04-21 11:37 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-04-21 11:15 - 2014-04-21 11:15 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList 2014-04-21 11:15 - 2014-04-21 11:15 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList 2014-04-21 11:09 - 2014-04-21 11:09 - 00058016 _____ () C:\Users\Sirly\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-21 11:09 - 2014-04-21 11:09 - 00001413 _____ () C:\Users\Sirly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-21 11:09 - 2014-04-21 11:09 - 00000000 ___RD () C:\Users\Sirly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-21 11:09 - 2014-04-21 11:09 - 00000000 ___RD () C:\Users\Sirly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-21 11:09 - 2014-04-21 11:09 - 00000000 ____D () C:\Users\Sirly\AppData\Local\VirtualStore 2014-04-19 00:25 - 2014-04-19 00:25 - 00000000 ____D () C:\Users\Beta\AppData\Local\Macromedia 2014-04-18 22:12 - 2014-04-18 22:12 - 00000000 __SHD () C:\Users\Beta\AppData\Local\EmieUserList 2014-04-18 22:12 - 2014-04-18 22:12 - 00000000 __SHD () C:\Users\Beta\AppData\Local\EmieSiteList 2014-04-18 22:04 - 2014-04-18 20:13 - 00000000 ____D () C:\Users\Sirly\Documents\InfiniteCrisis 2014-04-18 20:54 - 2014-04-18 20:54 - 00000000 ____D () C:\Users\Sirly\AppData\Roaming\Macromedia 2014-04-18 20:14 - 2014-04-18 20:13 - 00000000 ____D () C:\Users\Sirly\AppData\Local\InfiniteCrisis 2014-04-18 20:13 - 2014-04-18 20:13 - 00000000 __SHD () C:\Users\Sirly\AppData\Local\EmieUserList 2014-04-18 20:13 - 2014-04-18 20:13 - 00000000 __SHD () C:\Users\Sirly\AppData\Local\EmieSiteList 2014-04-18 20:13 - 2014-04-18 20:12 - 00000000 ____D () C:\Users\Sirly\AppData\Local\Turbine 2014-04-18 20:12 - 2014-04-18 19:52 - 00000000 ____D () C:\Users\Beta\Documents\InfiniteCrisis 2014-04-18 19:52 - 2014-04-18 19:51 - 00000000 ____D () C:\Users\Beta\AppData\Local\InfiniteCrisis 2014-04-18 18:01 - 2014-04-18 18:01 - 00000020 ___SH () C:\Users\Sirly\ntuser.ini 2014-04-18 17:56 - 2014-04-18 17:56 - 00000000 ____D () C:\Users\Beta\AppData\Local\AMD 2014-04-18 17:53 - 2014-04-18 17:53 - 00000000 ____D () C:\Users\Beta\AppData\Roaming\Mozilla 2014-04-18 17:53 - 2014-04-18 17:53 - 00000000 ____D () C:\Users\Beta\AppData\Local\Mozilla 2014-04-18 17:52 - 2014-04-18 17:52 - 00000000 ____D () C:\Users\Beta\AppData\Roaming\Macromedia 2014-04-18 17:52 - 2014-04-18 17:52 - 00000000 ____D () C:\Users\Beta\AppData\Roaming\LolClient 2014-04-18 17:46 - 2014-04-18 17:46 - 00000000 ____D () C:\Users\Beta\AppData\Roaming\ATI 2014-04-18 17:46 - 2014-04-18 17:46 - 00000000 ____D () C:\Users\Beta\AppData\Local\ATI 2014-04-18 17:41 - 2014-04-18 17:41 - 00058016 _____ () C:\Users\Beta\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-18 17:41 - 2014-04-18 17:41 - 00001413 _____ () C:\Users\Beta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-18 17:41 - 2014-04-18 17:41 - 00000000 ___RD () C:\Users\Beta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-18 17:41 - 2014-04-18 17:41 - 00000000 ___RD () C:\Users\Beta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-18 17:41 - 2014-04-18 17:40 - 00000000 ____D () C:\Users\Beta 2014-04-18 17:40 - 2014-04-18 17:40 - 00000020 ___SH () C:\Users\Beta\ntuser.ini 2014-04-18 17:40 - 2014-04-18 17:40 - 00000000 ____D () C:\Users\Beta\AppData\Local\VirtualStore 2014-04-18 17:30 - 2014-02-21 19:37 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-04-18 17:26 - 2014-04-18 17:13 - 00004040 __RSH () C:\ProgramData\ntuser.pol 2014-04-18 17:22 - 2014-04-18 17:22 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI 2014-04-18 17:22 - 2014-04-18 17:22 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI 2014-04-18 17:22 - 2014-04-18 17:22 - 00000000 ____D () C:\Users\Administrator\AppData\Local\AMD 2014-04-18 17:17 - 2014-04-18 17:17 - 00058016 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-18 17:17 - 2014-04-18 17:17 - 00001409 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-18 17:17 - 2014-04-18 17:17 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini 2014-04-18 17:17 - 2014-04-18 17:17 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-18 17:17 - 2014-04-18 17:17 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-18 17:17 - 2014-04-18 17:17 - 00000000 ____D () C:\Users\Administrator 2014-04-18 17:17 - 2009-07-13 21:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-04-18 17:10 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-04-18 15:13 - 2014-03-29 23:50 - 00275712 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-18 15:10 - 2014-04-14 18:18 - 00000000 ____D () C:\ProgramData\Comodo 2014-04-18 15:04 - 2014-02-11 16:52 - 00000000 ____D () C:\Riot Games 2014-04-18 12:26 - 2014-04-18 12:16 - 00000000 ____D () C:\ProgramData\Adobe 2014-04-18 12:17 - 2014-04-18 12:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-04-18 12:16 - 2014-04-18 12:16 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-04-18 03:10 - 2014-04-17 21:12 - 00000000 ____D () C:\Program Files (x86)\InfiniteCrisis 2014-04-17 23:14 - 2014-04-17 23:14 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-04-17 21:13 - 2014-04-17 21:12 - 00010123 _____ () C:\Windows\DirectX.log 2014-04-17 21:12 - 2014-04-17 21:12 - 00000000 ____D () C:\ProgramData\Turbine 2014-04-17 21:12 - 2014-04-17 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infinite Crisis 2014-04-17 15:57 - 2014-02-21 21:39 - 00000000 ____D () C:\Windows\System32\Tasks\Games 2014-04-17 15:22 - 2014-04-17 15:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-17 15:22 - 2014-04-17 15:22 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-16 14:12 - 2014-03-25 20:22 - 00738472 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys 2014-04-16 14:12 - 2014-03-25 20:22 - 00105552 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys 2014-04-16 14:12 - 2014-03-25 20:22 - 00048360 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys 2014-04-16 14:12 - 2014-03-25 20:22 - 00023168 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys 2014-04-14 18:55 - 2009-07-13 22:08 - 00032574 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-14 18:49 - 2014-04-14 18:49 - 00000000 ____D () C:\VTRoot 2014-04-14 18:39 - 2014-04-14 18:39 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO 2014-04-14 18:39 - 2014-04-14 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO 2014-04-14 18:39 - 2014-04-14 18:38 - 00000000 ___SD () C:\ProgramData\Shared Space 2014-04-14 18:37 - 2014-04-14 18:37 - 00000000 ____D () C:\Program Files\COMODO 2014-04-14 18:31 - 2014-04-14 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition 2014-04-14 18:31 - 2014-04-14 18:29 - 00000000 ____D () C:\Program Files\Bitdefender 2014-04-14 18:20 - 2014-04-14 18:20 - 00000000 ____D () C:\ProgramData\Comodo Downloader 2014-04-10 14:45 - 2014-03-03 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-04-10 14:45 - 2014-03-03 18:46 - 00000000 ____D () C:\ProgramData\Skype 2014-04-09 22:34 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-09 22:02 - 2014-02-10 19:10 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-09 22:01 - 2014-02-10 19:10 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-29 13:12 ==================== End Of Log ============================
- May 3, 2014
- 46 replies
- - Unable
  - Delete
  - (and 2 more)
    Tagged with:
    
    Unable
    
    Delete
    
    removed
    
    user
If not infected then what?

Brett1337Vierra replied to Brett1337Vierra's topic in Resolved Malware Removal Logs

Here it is Result.txt
- May 2, 2014
- 46 replies
- - Unable
  - Delete
  - (and 2 more)
    Tagged with:
    
    Unable
    
    Delete
    
    removed
    
    user
If not infected then what?

Brett1337Vierra replied to Brett1337Vierra's topic in Resolved Malware Removal Logs

Seems ok
- May 2, 2014
- 46 replies
- - Unable
  - Delete
  - (and 2 more)
    Tagged with:
    
    Unable
    
    Delete
    
    removed
    
    user
If not infected then what?

Brett1337Vierra replied to Brett1337Vierra's topic in Resolved Malware Removal Logs

ComboFix 14-04-30.01 - Sirly 05/01/2014 9:27.2.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.7658.6003 [GMT -7:00] Running from: c:\users\Sirly\Desktop\ComboFix.exe AV: Bitdefender Antivirus Free Edition *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4} FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3} SP: Bitdefender Antivirus Free Edition *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09} SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2014-04-01 to 2014-05-01 ))))))))))))))))))))))))))))))) . . 2014-05-01 16:44 . 2014-05-01 16:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-04-29 17:18 . 2014-04-17 12:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F55CBAFA-D3A6-4FEA-878A-522970583828}\mpengine.dll 2014-04-29 04:02 . 2014-04-29 04:02 -------- d-----w- c:\windows\SysWow64\Atheros_L1e 2014-04-28 20:49 . 2014-04-30 19:14 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-04-25 21:16 . 2014-04-25 21:17 -------- d-----w- C:\AdwCleaner 2014-04-25 17:54 . 2012-07-03 18:58 31744 ----a-w- c:\windows\system32\drivers\lgandnetadb.sys 2014-04-25 17:54 . 2012-07-03 18:50 36352 ----a-w- c:\windows\system32\drivers\lgandnetmodem64.sys 2014-04-25 17:54 . 2012-07-03 18:50 29184 ----a-w- c:\windows\system32\drivers\lgandnetdiag64.sys 2014-04-25 17:53 . 2014-04-25 17:53 -------- d-----w- c:\program files (x86)\LG Electronics 2014-04-25 14:16 . 2014-04-25 14:16 -------- d-----w- c:\windows\ERUNT 2014-04-24 20:19 . 2014-04-24 20:19 -------- d-----w- c:\program files (x86)\Boredom Software 2014-04-24 19:06 . 2014-04-24 19:06 -------- d-----w- c:\program files (x86)\ERUNT 2014-04-22 19:05 . 2012-06-01 05:39 14848 ----a-w- c:\windows\system32\wamregps.dll 2014-04-22 19:05 . 2012-06-01 05:36 192000 ----a-w- c:\windows\system32\iisRtl.dll 2014-04-22 19:05 . 2012-06-01 05:35 60928 ----a-w- c:\windows\system32\ahadmin.dll 2014-04-22 19:05 . 2012-06-01 05:34 55296 ----a-w- c:\windows\system32\admwprox.dll 2014-04-22 19:05 . 2012-06-01 05:33 16896 ----a-w- c:\windows\system32\iisreset.exe 2014-04-22 19:05 . 2012-06-01 04:37 154624 ----a-w- c:\windows\SysWow64\iisRtl.dll 2014-04-22 19:05 . 2012-06-01 04:35 50688 ----a-w- c:\windows\SysWow64\admwprox.dll 2014-04-22 19:05 . 2012-06-01 04:34 15360 ----a-w- c:\windows\SysWow64\iisreset.exe 2014-04-22 19:05 . 2012-06-01 05:36 11264 ----a-w- c:\windows\system32\iisrstap.dll 2014-04-22 19:05 . 2012-06-01 04:40 10752 ----a-w- c:\windows\SysWow64\wamregps.dll 2014-04-22 19:05 . 2012-06-01 04:37 8192 ----a-w- c:\windows\SysWow64\iisrstap.dll 2014-04-22 19:05 . 2012-06-01 04:35 26624 ----a-w- c:\windows\SysWow64\ahadmin.dll 2014-04-22 00:45 . 2014-05-01 16:16 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin 2014-04-22 00:45 . 2014-04-22 00:45 -------- d-----w- c:\windows\SysWow64\BestPractices 2014-04-22 00:45 . 2014-04-22 00:45 -------- d-----w- c:\windows\system32\msmq 2014-04-22 00:45 . 2014-04-22 00:45 -------- d-----w- c:\windows\system32\BestPractices 2014-04-22 00:45 . 2014-04-22 00:45 -------- d-----w- C:\inetpub 2014-04-21 21:36 . 2014-04-30 19:05 -------- d-----w- C:\FRST 2014-04-19 01:01 . 2014-04-28 05:44 -------- d-----w- c:\users\Sirly 2014-04-19 00:40 . 2014-04-19 00:41 -------- d-----w- c:\users\Beta 2014-04-19 00:17 . 2014-04-19 00:17 -------- d-----w- c:\users\Administrator 2014-04-18 19:16 . 2014-04-18 19:16 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2014-04-18 06:14 . 2014-04-18 06:14 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2014-04-18 04:13 . 2008-10-15 13:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll 2014-04-18 04:12 . 2005-12-06 01:09 3815120 ----a-w- c:\windows\system32\d3dx9_28.dll 2014-04-18 04:12 . 2005-07-23 02:59 3807440 ----a-w- c:\windows\system32\d3dx9_27.dll 2014-04-18 04:12 . 2005-05-26 22:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll 2014-04-18 04:12 . 2005-05-26 22:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll 2014-04-18 04:12 . 2005-03-19 00:19 3823312 ----a-w- c:\windows\system32\d3dx9_25.dll 2014-04-18 04:12 . 2005-02-06 02:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll 2014-04-18 04:12 . 2014-04-18 04:12 -------- d-----w- c:\programdata\Turbine 2014-04-18 04:12 . 2014-04-18 10:10 -------- d-----w- c:\program files (x86)\InfiniteCrisis 2014-04-17 22:22 . 2014-04-17 22:22 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-04-17 22:22 . 2014-04-17 22:22 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-04-15 01:49 . 2014-04-15 01:49 -------- d-----w- C:\VTRoot 2014-04-15 01:38 . 2014-04-15 01:39 -------- d-s---w- c:\programdata\Shared Space 2014-04-15 01:37 . 2014-04-15 01:37 -------- d-----w- c:\program files\COMODO 2014-04-15 01:31 . 2013-04-17 21:59 593144 ----a-w- c:\windows\system32\drivers\avckf.sys 2014-04-15 01:31 . 2013-04-17 21:59 718840 ----a-w- c:\windows\system32\drivers\avc3.sys 2014-04-15 01:29 . 2014-04-15 01:31 -------- d-----w- c:\program files\Bitdefender 2014-04-15 01:29 . 2013-04-22 20:21 148696 ----a-w- c:\windows\system32\drivers\gzflt.sys 2014-04-15 01:29 . 2013-05-28 19:12 382536 ----a-w- c:\windows\system32\drivers\trufos.sys 2014-04-15 01:20 . 2014-04-15 01:20 -------- d-----w- c:\programdata\Comodo Downloader 2014-04-15 01:18 . 2014-04-18 22:10 -------- d-----w- c:\programdata\Comodo 2014-04-15 01:13 . 2014-04-28 20:45 -------- d-----w- c:\program files (x86)\Mbam2 2014-04-15 01:13 . 2014-04-18 21:03 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-04-15 01:13 . 2014-04-18 21:03 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-04-15 01:13 . 2014-04-18 21:03 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-04-09 19:04 . 2014-01-29 02:32 116736 ----a-w- c:\windows\system32\drivers\UMDF\WUDFUsbccidDriver.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-04-30 19:29 . 2014-03-26 19:46 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-04-16 21:12 . 2014-03-26 03:22 48360 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2014-04-16 21:12 . 2014-03-26 03:22 105552 ----a-w- c:\windows\system32\drivers\inspect.sys 2014-04-16 21:12 . 2014-03-26 03:22 738472 ----a-w- c:\windows\system32\drivers\cmdguard.sys 2014-04-16 21:12 . 2014-03-26 03:22 23168 ----a-w- c:\windows\system32\drivers\cmderd.sys 2014-04-10 05:01 . 2014-02-11 02:10 90655440 ----a-w- c:\windows\system32\MRT.exe 2014-03-31 16:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe 2014-03-26 03:22 . 2014-03-26 03:22 43216 ----a-w- c:\windows\system32\cmdcsr.dll 2014-03-26 03:22 . 2014-03-26 03:22 363504 ----a-w- c:\windows\SysWow64\guard32.dll 2014-03-26 03:22 . 2014-03-26 03:22 453680 ----a-w- c:\windows\system32\guard64.dll 2014-03-26 03:22 . 2014-03-26 03:22 45784 ----a-w- c:\windows\system32\cmdkbd64.dll 2014-03-26 03:22 . 2014-03-26 03:22 352984 ----a-w- c:\windows\system32\cmdvrt64.dll 2014-03-26 03:22 . 2014-03-26 03:22 284888 ----a-w- c:\windows\SysWow64\cmdvrt32.dll 2014-03-26 03:22 . 2014-03-26 03:22 40664 ----a-w- c:\windows\SysWow64\cmdkbd32.dll 2014-03-04 09:17 . 2014-04-09 19:04 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2014-03-02 04:22 . 2014-03-02 04:22 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2014-03-02 04:22 . 2014-03-02 04:22 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll 2014-03-02 04:22 . 2014-03-02 04:22 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll 2014-02-27 22:19 . 2014-02-27 22:19 194048 ----a-w- c:\windows\SysWow64\elshyph.dll 2014-02-27 22:19 . 2014-02-27 22:19 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll 2014-02-27 22:19 . 2014-02-27 22:19 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2014-02-27 22:19 . 2014-02-27 22:19 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2014-02-27 22:19 . 2014-02-27 22:19 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll 2014-02-27 22:19 . 2014-02-27 22:19 62464 ----a-w- c:\windows\SysWow64\tdc.ocx 2014-02-27 22:19 . 2014-02-27 22:19 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2014-02-27 22:19 . 2014-02-27 22:19 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2014-02-27 22:19 . 2014-02-27 22:19 36352 ----a-w- c:\windows\SysWow64\imgutil.dll 2014-02-27 22:19 . 2014-02-27 22:19 337408 ----a-w- c:\windows\SysWow64\html.iec 2014-02-27 22:19 . 2014-02-27 22:19 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll 2014-02-27 22:19 . 2014-02-27 22:19 235008 ----a-w- c:\windows\system32\elshyph.dll 2014-02-27 22:19 . 2014-02-27 22:19 182272 ----a-w- c:\windows\SysWow64\msls31.dll 2014-02-27 22:19 . 2014-02-27 22:19 151552 ----a-w- c:\windows\SysWow64\iexpress.exe 2014-02-27 22:19 . 2014-02-27 22:19 139264 ----a-w- c:\windows\SysWow64\wextract.exe 2014-02-27 22:19 . 2014-02-27 22:19 13312 ----a-w- c:\windows\SysWow64\mshta.exe 2014-02-27 22:19 . 2014-02-27 22:19 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2014-02-27 22:19 . 2014-02-27 22:19 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2014-02-27 22:19 . 2014-02-27 22:19 942592 ----a-w- c:\windows\system32\jsIntl.dll 2014-02-27 22:19 . 2014-02-27 22:19 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2014-02-27 22:19 . 2014-02-27 22:19 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2014-02-27 22:19 . 2014-02-27 22:19 84992 ----a-w- c:\windows\system32\mshtmled.dll 2014-02-27 22:19 . 2014-02-27 22:19 83968 ----a-w- c:\windows\system32\MshtmlDac.dll 2014-02-27 22:19 . 2014-02-27 22:19 81408 ----a-w- c:\windows\system32\icardie.dll 2014-02-27 22:19 . 2014-02-27 22:19 774144 ----a-w- c:\windows\system32\jscript.dll 2014-02-27 22:19 . 2014-02-27 22:19 77312 ----a-w- c:\windows\system32\tdc.ocx 2014-02-27 22:19 . 2014-02-27 22:19 62464 ----a-w- c:\windows\system32\pngfilt.dll 2014-02-27 22:19 . 2014-02-27 22:19 616104 ----a-w- c:\windows\system32\ieapfltr.dat 2014-02-27 22:19 . 2014-02-27 22:19 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2014-02-27 22:19 . 2014-02-27 22:19 48640 ----a-w- c:\windows\system32\mshtmler.dll 2014-02-27 22:19 . 2014-02-27 22:19 48128 ----a-w- c:\windows\system32\imgutil.dll 2014-02-27 22:19 . 2014-02-27 22:19 413696 ----a-w- c:\windows\system32\html.iec 2014-02-27 22:19 . 2014-02-27 22:19 30208 ----a-w- c:\windows\system32\licmgr10.dll 2014-02-27 22:19 . 2014-02-27 22:19 263376 ----a-w- c:\windows\system32\iedkcs32.dll 2014-02-27 22:19 . 2014-02-27 22:19 247808 ----a-w- c:\windows\system32\msls31.dll 2014-02-27 22:19 . 2014-02-27 22:19 243200 ----a-w- c:\windows\system32\webcheck.dll 2014-02-27 22:19 . 2014-02-27 22:19 235520 ----a-w- c:\windows\system32\url.dll 2014-02-27 22:19 . 2014-02-27 22:19 167424 ----a-w- c:\windows\system32\iexpress.exe 2014-02-27 22:19 . 2014-02-27 22:19 147968 ----a-w- c:\windows\system32\occache.dll 2014-02-27 22:19 . 2014-02-27 22:19 143872 ----a-w- c:\windows\system32\wextract.exe 2014-02-27 22:19 . 2014-02-27 22:19 13824 ----a-w- c:\windows\system32\mshta.exe 2014-02-27 22:19 . 2014-02-27 22:19 135680 ----a-w- c:\windows\system32\iepeers.dll 2014-02-27 22:19 . 2014-02-27 22:19 13312 ----a-w- c:\windows\system32\msfeedssync.exe 2014-02-27 22:19 . 2014-02-27 22:19 131072 ----a-w- c:\windows\system32\IEAdvpack.dll 2014-02-27 22:19 . 2014-02-27 22:19 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll 2014-02-27 22:19 . 2014-02-27 22:19 105984 ----a-w- c:\windows\system32\iesysprep.dll 2014-02-27 22:19 . 2014-02-27 22:19 101376 ----a-w- c:\windows\system32\inseng.dll 2014-02-11 02:51 . 2014-02-11 02:51 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2014-02-11 02:51 . 2014-02-11 02:51 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2014-02-11 02:51 . 2014-02-11 02:51 648192 ----a-w- c:\windows\system32\d3d10level9.dll 2014-02-11 02:51 . 2014-02-11 02:51 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2014-02-11 02:51 . 2014-02-11 02:51 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2014-02-11 02:51 . 2014-02-11 02:51 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2014-02-11 02:51 . 2014-02-11 02:51 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2014-02-11 02:51 . 2014-02-11 02:51 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2014-02-11 02:51 . 2014-02-11 02:51 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2014-02-11 02:51 . 2014-02-11 02:51 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2014-02-11 02:51 . 2014-02-11 02:51 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2014-02-11 02:51 . 2014-02-11 02:51 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2014-02-11 02:51 . 2014-02-11 02:51 363008 ----a-w- c:\windows\system32\dxgi.dll 2014-02-11 02:51 . 2014-02-11 02:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2014-02-11 02:51 . 2014-02-11 02:51 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2014-02-11 02:51 . 2014-02-11 02:51 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2014-02-11 02:51 . 2014-02-11 02:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2014-02-11 02:51 . 2014-02-11 02:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2014-02-11 02:51 . 2014-02-11 02:51 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2014-02-11 02:51 . 2014-02-11 02:51 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2014-02-11 02:51 . 2014-02-11 02:51 296960 ----a-w- c:\windows\system32\d3d10core.dll 2014-02-11 02:51 . 2014-02-11 02:51 293376 ----a-w- c:\windows\SysWow64\dxgi.dll 2014-02-11 02:51 . 2014-02-11 02:51 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2014-02-11 02:51 . 2014-02-11 02:51 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2014-02-11 02:51 . 2014-02-11 02:51 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2014-02-11 02:51 . 2014-02-11 02:51 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2014-02-11 02:51 . 2014-02-11 02:51 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2014-02-11 02:51 . 2014-02-11 02:51 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2014-02-11 02:51 . 2014-02-11 02:51 221184 ----a-w- c:\windows\system32\UIAnimation.dll 2014-02-11 02:51 . 2014-02-11 02:51 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll 2014-02-11 02:51 . 2014-02-11 02:51 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll 2014-02-11 02:51 . 2014-02-11 02:51 194560 ----a-w- c:\windows\system32\d3d10_1.dll 2014-02-11 02:51 . 2014-02-11 02:51 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll 2014-02-11 02:51 . 2014-02-11 02:51 1682432 ----a-w- c:\windows\system32\XpsPrint.dll 2014-02-11 02:51 . 2014-02-11 02:51 1643520 ----a-w- c:\windows\system32\DWrite.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-14 642656] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ NETGEAR WNA3100 Genie.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2014-2-10 8266456] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [x] R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x] R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x] R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x] R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x] R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x] S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x] S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x] S1 bdfwfpf;bdfwfpf;c:\program files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys;c:\program files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [x] S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x] S1 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] S2 gzserv;Bitdefender Antivirus Free Edition;c:\program files\Bitdefender\Antivirus Free Edition\gzserv.exe;c:\program files\Bitdefender\Antivirus Free Edition\gzserv.exe [x] S2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x] S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x] S3 HPKBx64;HP Keyboard Smart Card Driver;c:\windows\system32\DRIVERS\HPKBx64.sys;c:\windows\SYSNATIVE\DRIVERS\HPKBx64.sys [x] S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2014-03-26 1275608] "MsmqIntCert"="mqrt.dll" [2010-11-21 247808] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Sirly\AppData\Roaming\Mozilla\Firefox\Profiles\jvy1qi3l.default-1398738901204\ . - - - - ORPHANS REMOVED - - - - . ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) AddRemove-{8e70e4e1-06d7-470b-9f74-a51bef21088e} - c:\programdata\Package Cache\{8e70e4e1-06d7-470b-9f74-a51bef21088e}\vcredist_x86.exe . . "ImagePath"="\"c:\program files\COMODO\COMODO Internet Security\cmdagent.exe\"" "Filename"="HKLM\SYSTEM\ControlSet001\services\MBAMWebAccessControl\ImagePath" "ImagePath"="\"c:\program files\COMODO\COMODO Internet Security\cmdagent.exe\"" "Filename"="HKLM\SYSTEM\ControlSet001\services\MBAMWebAccessControl\ImagePath" "DeviceName"="HKLM\SYSTEM\ControlSet001\services\MBAMWebAccessControl\ImagePath" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Configurations] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Data] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Options] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\ . Completion time: 2014-05-01 09:52:23 ComboFix-quarantined-files.txt 2014-05-01 16:52 ComboFix2.txt 2014-04-26 01:34 . Pre-Run: 146,804,121,600 bytes free Post-Run: 146,588,532,736 bytes free . - - End Of File - - 7C786C7CC2D05981F29F27B74B76BA6A A36C5E4F47E84449FF07ED3517B43A31
- May 1, 2014
- 46 replies
- - Unable
  - Delete
  - (and 2 more)
    Tagged with:
    
    Unable
    
    Delete
    
    removed
    
    user
If not infected then what?

Brett1337Vierra replied to Brett1337Vierra's topic in Resolved Malware Removal Logs

Now malwarebytes will not activate file system protection and website protection. Please help.
- April 30, 2014
- 46 replies
- - Unable
  - Delete
  - (and 2 more)
    Tagged with:
    
    Unable
    
    Delete
    
    removed
    
    user
If not infected then what?

Brett1337Vierra replied to Brett1337Vierra's topic in Resolved Malware Removal Logs

Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 4/30/2014 Scan Time: 12:16:19 PM Logfile: Administrator: Yes Version: 2.00.2.1007 Malware Database: v2014.04.30.10 Rootkit Database: v2014.03.27.01 License: Premium Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Sirly Scan Type: Threat Scan Result: Completed Objects Scanned: 313375 Time Elapsed: 8 min, 22 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
- April 30, 2014
- 46 replies
- - Unable
  - Delete
  - (and 2 more)
    Tagged with:
    
    Unable
    
    Delete
    
    removed
    
    user
If not infected then what?

Brett1337Vierra replied to Brett1337Vierra's topic in Resolved Malware Removal Logs

This one is to large CheckResults.txt
- April 30, 2014
- 46 replies
- - Unable
  - Delete
  - (and 2 more)
    Tagged with:
    
    Unable
    
    Delete
    
    removed
    
    user
If not infected then what?

Brett1337Vierra replied to Brett1337Vierra's topic in Resolved Malware Removal Logs

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2014 Ran by Sirly at 2014-04-30 11:59:18 Running from C:\Users\Sirly\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09} AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275} FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3} ==================== Installed Programs ====================== Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) AMD Accelerated Video Transcoding (Version: 12.10.100.30313 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{9D5A28E4-6AC3-DD51-C1FA-A8698E91ECBE}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) AMD Fuel (Version: 2013.0313.2330.40379 - Advanced Micro Devices, Inc.) Hidden AMD Steady Video Plug-In (Version: 2.06.0000 - AMD) Hidden AMD VISION Engine Control Center (x32 Version: 2013.0313.2330.40379 - Advanced Micro Devices, Inc.) Hidden Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.15.16 - Atheros Communications Inc.) Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender) Catalyst Control Center InstallProxy (x32 Version: 2013.0313.2330.40379 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.0313.2330.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.0313.2330.40379 - Advanced Micro Devices, Inc.) Hidden COMODO Firewall (HKLM\...\{D32EF4F9-1506-434E-A813-3D4C0AA50300}) (Version: 7.0.53315.4132 - COMODO Security Solutions Inc.) ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer) Heroes of Newerth (HKLM-x32\...\hon) (Version: 2.3.0 - S2 Games) InfiniteCrisis_410193F41CAE (HKLM-x32\...\InfiniteCrisis_410193F41CAE) (Version: - Turbine, Inc) League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games) League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.8.1 - LG Electronics) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 2.2.0.2 - NETGEAR) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) VT Hash Check 1.42 (HKLM-x32\...\{1E579B65-503B-4184-B481-5138124BEE1D}_is1) (Version: 1.42 - Boredom Software) WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Restore Points ========================= 22-04-2014 00:34:27 Lag redection regedit 22-04-2014 00:44:45 Windows Modules Installer 23-04-2014 05:00:18 Windows Update 25-04-2014 17:53:43 Installed LG United Mobile Driver 26-04-2014 17:21:27 Windows Update 29-04-2014 04:01:39 Installed Atheros Communications Inc.® AR81Family Gigabit/Fast]áu! ==================== Hosts content: ========================== 2009-07-13 19:34 - 2014-04-25 18:23 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {57A80709-F66B-4C5A-B80C-1D7B04103FCC} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO) Task: {BD18720E-EE08-40A8-B3BD-6006DAD46DC7} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO) ==================== Loaded Modules (whitelisted) ============= 2014-04-14 18:31 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll 2014-04-14 18:31 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll 2013-03-14 00:41 - 2013-03-14 00:41 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2012-09-23 14:53 - 2012-09-23 14:53 - 00748544 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2012-09-23 14:53 - 2012-09-23 14:53 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2013-03-14 00:41 - 2013-03-14 00:41 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-02-10 18:03 - 2013-11-22 19:34 - 08266456 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe 2013-03-14 00:41 - 2013-03-14 00:41 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2014-02-10 18:03 - 2013-11-01 17:31 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Administrator\Downloads\FRST64.exe:BDU AlternateDataStreams: C:\Users\Sirly\Desktop\AdwCleaner.exe:BDU AlternateDataStreams: C:\Users\Sirly\Desktop\ComboFix.exe:BDU AlternateDataStreams: C:\Users\Sirly\Desktop\FRST64.exe:BDU AlternateDataStreams: C:\Users\Sirly\Desktop\JRT.exe:BDU AlternateDataStreams: C:\Users\Sirly\Desktop\mbam-check-2.1.0.0002.exe:BDU AlternateDataStreams: C:\Users\Sirly\Desktop\mbam-clean-2.0.2.0.exe:BDU AlternateDataStreams: C:\Users\Sirly\Desktop\mbam-setup-consumer-2.0.2.1007.exe:BDU AlternateDataStreams: C:\Users\Sirly\Desktop\mbar-1.07.0.1009.exe:BDU AlternateDataStreams: C:\Users\Sirly\Desktop\rkill.exe:BDU AlternateDataStreams: C:\Users\Sirly\Desktop\RogueKillerX64.exe:BDU AlternateDataStreams: C:\Users\Sirly\Desktop\SecurityCheck.exe:BDU AlternateDataStreams: C:\Users\Sirly\Desktop\TFC.exe:BDU ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: MpsSvc => 2 MSCONFIG\Services: WinDefend => 2 MSCONFIG\Services: WMPNetworkSvc => 3 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/30/2014 11:36:29 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/29/2014 10:27:47 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/29/2014 10:15:01 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/28/2014 08:52:38 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/28/2014 01:48:03 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/28/2014 00:41:23 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/28/2014 00:19:59 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (04/30/2014 11:35:09 AM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Microsoft Office Sessions: ========================= Error: (04/30/2014 11:36:29 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/29/2014 10:27:47 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/29/2014 10:15:01 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/28/2014 08:52:38 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/28/2014 01:48:03 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/28/2014 00:41:23 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/28/2014 00:19:59 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2014-04-25 18:19:32.173 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-25 18:19:32.127 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 20% Total physical RAM: 7657.54 MB Available physical RAM: 6081.39 MB Total Pagefile: 15313.25 MB Available Pagefile: 13543.08 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:186.31 GB) (Free:135.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186 GB) (Disk ID: 00037BA0) Partition 1: (Active) - (Size=186 GB) - (Type=07 NTFS) ==================== End Of Log ============================
- April 30, 2014
- 46 replies
- - Unable
  - Delete
  - (and 2 more)
    Tagged with:
    
    Unable
    
    Delete
    
    removed
    
    user
If not infected then what?

Brett1337Vierra replied to Brett1337Vierra's topic in Resolved Malware Removal Logs

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014 Ran by Sirly (administrator) on VITTORIO-PC on 30-04-2014 11:57:56 Running from C:\Users\Sirly\Desktop Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (AMD) C:\Windows\system32\atiesrxx.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corporation) C:\Windows\system32\inetsrv\inetinfo.exe (Microsoft Corporation) C:\Windows\system32\mqsvc.exe (Microsoft Corporation) C:\Windows\system32\mqtgsvc.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (AMD) C:\Windows\system32\atieclxx.exe (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO) HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-14] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated) HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION Winlogon\Notify\ScCertProp: wlnotify.dll [X] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3E51F0CA5363CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Sirly\AppData\Roaming\Mozilla\Firefox\Profiles\jvy1qi3l.default-1398738901204 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll () FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-14] (Advanced Micro Devices, Inc.) R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO) R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender) R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation) R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-13] (Microsoft Corporation) R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation) S2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [307928 2013-11-11] () ==================== Drivers (Whitelisted) ==================== S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2012-07-03] (Google Inc) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.) R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender) U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2012-11-02] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender) R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-16] (COMODO) R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC) R3 HPKBx64; C:\Windows\System32\DRIVERS\HPKBx64.sys [57856 2013-03-19] (Hewlett-Packard Company) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104560 2012-04-25] (Qualcomm Atheros Co., Ltd.) R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-04-18] (Malwarebytes Corporation) R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-13] (Microsoft Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.) S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-30 11:58 - 2014-04-30 11:58 - 00008329 _____ () C:\Users\Sirly\Desktop\FRST.txt 2014-04-30 11:56 - 2014-04-30 11:56 - 00000000 _____ () C:\Users\Sirly\Desktop\Addition.txt 2014-04-29 10:42 - 2014-04-29 10:42 - 02061824 _____ (Farbar) C:\Users\Sirly\Desktop\FRST64.exe 2014-04-29 10:21 - 2014-04-29 10:22 - 17290592 _____ (Malwarebytes Corporation ) C:\Users\Sirly\Desktop\mbam-setup-consumer-2.0.2.1007.exe 2014-04-29 10:20 - 2014-04-29 10:20 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Sirly\Desktop\mbam-clean-2.0.2.0.exe 2014-04-29 10:19 - 2014-04-29 10:19 - 01673896 _____ (Malwarebytes Corporation) C:\Users\Sirly\Desktop\mbam-check-2.1.0.0002.exe 2014-04-28 21:02 - 2014-04-28 21:02 - 00000000 ____D () C:\Windows\SysWOW64\Atheros_L1e 2014-04-28 19:35 - 2014-04-28 19:35 - 00000000 ____D () C:\Users\Sirly\Desktop\Old Firefox Data 2014-04-28 15:26 - 2014-04-28 15:26 - 00000000 ____D () C:\Users\Sirly\AppData\Local\Adobe 2014-04-28 13:49 - 2014-04-29 10:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-04-28 12:55 - 2014-04-28 12:55 - 00854355 _____ () C:\Users\Sirly\Desktop\SecurityCheck.exe 2014-04-28 12:16 - 2014-04-28 12:16 - 00000629 _____ () C:\Users\Sirly\Desktop\JRT.txt 2014-04-27 22:44 - 2014-04-27 22:44 - 00000637 _____ () C:\Users\Sirly\Sirly - Shortcut.lnk 2014-04-27 21:30 - 2014-04-27 21:30 - 01016261 _____ (Thisisu) C:\Users\Sirly\Desktop\JRT.exe 2014-04-27 21:16 - 2014-04-27 21:16 - 00448512 _____ (OldTimer Tools) C:\Users\Sirly\Desktop\TFC.exe 2014-04-25 18:34 - 2014-04-25 18:34 - 00079863 _____ () C:\ComboFix.txt 2014-04-25 17:58 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-04-25 17:58 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-04-25 17:58 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-04-25 17:58 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-04-25 17:58 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-04-25 17:58 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe 2014-04-25 17:58 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe 2014-04-25 17:58 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe 2014-04-25 17:56 - 2014-04-25 18:34 - 00000000 ____D () C:\Qoobox 2014-04-25 17:53 - 2014-04-25 17:54 - 05196870 ____R (Swearware) C:\Users\Sirly\Desktop\ComboFix.exe 2014-04-25 14:16 - 2014-04-25 14:17 - 00000000 ____D () C:\AdwCleaner 2014-04-25 12:09 - 2014-04-25 12:12 - 10303344 _____ () C:\Users\Beta\Downloads\Kit_Kat_Xperience.zip 2014-04-25 11:00 - 2014-04-25 11:24 - 436903589 _____ () C:\Users\Beta\Downloads\Samurai_4-9-2014.zip 2014-04-25 10:54 - 2012-07-03 11:58 - 00031744 _____ (Google Inc) C:\Windows\system32\Drivers\lgandnetadb.sys 2014-04-25 10:54 - 2012-07-03 11:50 - 00036352 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetmodem64.sys 2014-04-25 10:54 - 2012-07-03 11:50 - 00029184 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetdiag64.sys 2014-04-25 10:53 - 2014-04-25 10:53 - 00000000 ____D () C:\Program Files (x86)\LG Electronics 2014-04-25 10:49 - 2013-02-25 18:01 - 00000000 ____D () C:\Users\Beta\Desktop\spirited_away 2014-04-25 07:16 - 2014-04-25 07:16 - 00000000 ____D () C:\Windows\ERUNT 2014-04-25 07:03 - 2014-04-25 07:13 - 00000000 ____D () C:\Users\Sirly\Desktop\mbar 2014-04-25 07:03 - 2014-04-25 07:03 - 01365865 _____ () C:\Users\Sirly\Desktop\AdwCleaner.exe 2014-04-25 07:02 - 2014-04-25 07:03 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Sirly\Desktop\mbar-1.07.0.1009.exe 2014-04-24 13:33 - 2014-04-24 13:34 - 00000000 ____D () C:\Users\Sirly\Desktop\GrantPerms64 2014-04-24 13:21 - 2014-04-24 13:21 - 00000000 ____D () C:\Users\Sirly\AppData\Roaming\Boredom Software 2014-04-24 13:19 - 2014-04-24 13:19 - 00000000 ____D () C:\Program Files (x86)\Boredom Software 2014-04-24 13:17 - 2014-04-24 13:17 - 00000000 ____D () C:\Users\Sirly\AppData\Roaming\WinRAR 2014-04-24 13:03 - 2014-04-24 13:03 - 00002956 _____ () C:\Users\Sirly\Desktop\RKreport[0]_S_04242014_130356.txt 2014-04-24 12:41 - 2014-04-24 12:41 - 00000000 ____D () C:\Users\Sirly\AppData\Local\CrashDumps 2014-04-24 12:27 - 2014-04-24 12:27 - 00000000 ____D () C:\Users\Sirly\AppData\Local\Macromedia 2014-04-24 12:20 - 2014-04-24 13:00 - 00000000 ____D () C:\Users\Sirly\Desktop\RK_Quarantine 2014-04-24 12:19 - 2014-04-24 12:19 - 04527616 _____ () C:\Users\Sirly\Desktop\RogueKillerX64.exe 2014-04-24 12:07 - 2014-04-25 18:27 - 00000000 ____D () C:\Windows\ERDNT 2014-04-24 12:06 - 2014-04-24 12:06 - 00000924 _____ () C:\Users\Sirly\Desktop\NTREGOPT.lnk 2014-04-24 12:06 - 2014-04-24 12:06 - 00000924 _____ () C:\Users\Administrator\Desktop\NTREGOPT.lnk 2014-04-24 12:06 - 2014-04-24 12:06 - 00000905 _____ () C:\Users\Sirly\Desktop\ERUNT.lnk 2014-04-24 12:06 - 2014-04-24 12:06 - 00000905 _____ () C:\Users\Administrator\Desktop\ERUNT.lnk 2014-04-24 12:06 - 2014-04-24 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-04-24 12:06 - 2014-04-24 12:06 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-04-24 12:01 - 2014-04-25 08:06 - 00002522 _____ () C:\Users\Sirly\Desktop\Rkill.txt 2014-04-24 12:00 - 2014-04-24 12:00 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Sirly\Desktop\rkill.exe 2014-04-24 11:38 - 2014-04-24 11:38 - 00024505 _____ () C:\Users\Beta\Documents\CisReport_x64_v7.0.317799.4142_20140424-113807.zip 2014-04-24 11:38 - 2014-04-24 11:38 - 00000000 ____D () C:\Users\Beta\AppData\Roaming\WinRAR 2014-04-22 12:05 - 2012-05-31 22:39 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll 2014-04-22 12:05 - 2012-05-31 22:36 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll 2014-04-22 12:05 - 2012-05-31 22:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll 2014-04-22 12:05 - 2012-05-31 22:35 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll 2014-04-22 12:05 - 2012-05-31 22:34 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll 2014-04-22 12:05 - 2012-05-31 22:33 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe 2014-04-22 12:05 - 2012-05-31 21:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll 2014-04-22 12:05 - 2012-05-31 21:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll 2014-04-22 12:05 - 2012-05-31 21:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll 2014-04-22 12:05 - 2012-05-31 21:35 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll 2014-04-22 12:05 - 2012-05-31 21:35 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll 2014-04-22 12:05 - 2012-05-31 21:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe 2014-04-21 17:46 - 2014-04-22 22:17 - 00047601 _____ () C:\Windows\iis7.log 2014-04-21 17:45 - 2014-04-21 17:45 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices 2014-04-21 17:45 - 2014-04-21 17:45 - 00000000 ____D () C:\Windows\system32\msmq 2014-04-21 17:45 - 2014-04-21 17:45 - 00000000 ____D () C:\Windows\system32\BestPractices 2014-04-21 17:45 - 2014-04-21 17:45 - 00000000 ____D () C:\inetpub 2014-04-21 17:29 - 2014-04-21 17:29 - 00000000 ____D () C:\Users\Sirly\AppData\Roaming\Mozilla 2014-04-21 17:29 - 2014-04-21 17:29 - 00000000 ____D () C:\Users\Sirly\AppData\Local\Mozilla 2014-04-21 15:40 - 2014-04-21 15:40 - 00000000 ____D () C:\Users\Sirly\AppData\Roaming\ATI 2014-04-21 15:40 - 2014-04-21 15:40 - 00000000 ____D () C:\Users\Sirly\AppData\Local\ATI 2014-04-21 15:40 - 2014-04-21 15:40 - 00000000 ____D () C:\Users\Sirly\AppData\Local\AMD 2014-04-21 14:37 - 2014-04-21 14:42 - 00014830 _____ () C:\Users\Administrator\Downloads\Addition.txt 2014-04-21 14:36 - 2014-04-30 11:57 - 00000000 ____D () C:\FRST 2014-04-21 14:36 - 2014-04-21 14:42 - 00057207 _____ () C:\Users\Administrator\Downloads\FRST.txt 2014-04-21 14:25 - 2014-04-21 14:25 - 02061312 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe 2014-04-21 14:08 - 2014-04-21 14:08 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe 2014-04-21 11:46 - 2014-04-21 11:46 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia 2014-04-21 11:46 - 2014-04-21 11:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Macromedia 2014-04-21 11:44 - 2014-04-21 11:44 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla 2014-04-21 11:44 - 2014-04-21 11:44 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla 2014-04-21 11:15 - 2014-04-21 11:15 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList 2014-04-21 11:15 - 2014-04-21 11:15 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList 2014-04-21 11:09 - 2014-04-21 11:09 - 00058016 _____ () C:\Users\Sirly\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-21 11:09 - 2014-04-21 11:09 - 00001413 _____ () C:\Users\Sirly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-21 11:09 - 2014-04-21 11:09 - 00000000 ___RD () C:\Users\Sirly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-21 11:09 - 2014-04-21 11:09 - 00000000 ___RD () C:\Users\Sirly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-21 11:09 - 2014-04-21 11:09 - 00000000 ____D () C:\Users\Sirly\AppData\Local\VirtualStore 2014-04-19 00:25 - 2014-04-19 00:25 - 00000000 ____D () C:\Users\Beta\AppData\Local\Macromedia 2014-04-18 22:12 - 2014-04-18 22:12 - 00000000 __SHD () C:\Users\Beta\AppData\Local\EmieUserList 2014-04-18 22:12 - 2014-04-18 22:12 - 00000000 __SHD () C:\Users\Beta\AppData\Local\EmieSiteList 2014-04-18 20:54 - 2014-04-18 20:54 - 00000000 ____D () C:\Users\Sirly\AppData\Roaming\Macromedia 2014-04-18 20:13 - 2014-04-28 15:26 - 00000000 ____D () C:\Users\Sirly\AppData\Roaming\Adobe 2014-04-18 20:13 - 2014-04-18 22:04 - 00000000 ____D () C:\Users\Sirly\Documents\InfiniteCrisis 2014-04-18 20:13 - 2014-04-18 20:14 - 00000000 ____D () C:\Users\Sirly\AppData\Local\InfiniteCrisis 2014-04-18 20:13 - 2014-04-18 20:13 - 00000000 __SHD () C:\Users\Sirly\AppData\Local\EmieUserList 2014-04-18 20:13 - 2014-04-18 20:13 - 00000000 __SHD () C:\Users\Sirly\AppData\Local\EmieSiteList 2014-04-18 20:12 - 2014-04-18 20:13 - 00000000 ____D () C:\Users\Sirly\AppData\Local\Turbine 2014-04-18 19:52 - 2014-04-18 20:12 - 00000000 ____D () C:\Users\Beta\Documents\InfiniteCrisis 2014-04-18 19:51 - 2014-04-18 19:52 - 00000000 ____D () C:\Users\Beta\AppData\Local\InfiniteCrisis 2014-04-18 19:49 - 2014-04-22 12:18 - 00000000 ____D () C:\Users\Beta\AppData\Local\Turbine 2014-04-18 18:01 - 2014-04-27 22:44 - 00000000 ____D () C:\Users\Sirly 2014-04-18 18:01 - 2014-04-18 18:01 - 00000020 ___SH () C:\Users\Sirly\ntuser.ini 2014-04-18 18:01 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\Sirly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-04-18 18:01 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\Sirly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-04-18 17:56 - 2014-04-18 17:56 - 00000000 ____D () C:\Users\Beta\AppData\Local\AMD 2014-04-18 17:53 - 2014-04-18 17:53 - 00000000 ____D () C:\Users\Beta\AppData\Roaming\Mozilla 2014-04-18 17:53 - 2014-04-18 17:53 - 00000000 ____D () C:\Users\Beta\AppData\Local\Mozilla 2014-04-18 17:52 - 2014-04-18 17:52 - 00000000 ____D () C:\Users\Beta\AppData\Roaming\Macromedia 2014-04-18 17:52 - 2014-04-18 17:52 - 00000000 ____D () C:\Users\Beta\AppData\Roaming\LolClient 2014-04-18 17:46 - 2014-04-18 17:46 - 00000000 ____D () C:\Users\Beta\AppData\Roaming\ATI 2014-04-18 17:46 - 2014-04-18 17:46 - 00000000 ____D () C:\Users\Beta\AppData\Local\ATI 2014-04-18 17:41 - 2014-04-18 17:41 - 00058016 _____ () C:\Users\Beta\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-18 17:41 - 2014-04-18 17:41 - 00001413 _____ () C:\Users\Beta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-18 17:41 - 2014-04-18 17:41 - 00000000 ___RD () C:\Users\Beta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-18 17:41 - 2014-04-18 17:41 - 00000000 ___RD () C:\Users\Beta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-18 17:41 - 2014-04-18 17:41 - 00000000 ____D () C:\Users\Beta\AppData\Roaming\Adobe 2014-04-18 17:40 - 2014-04-18 17:41 - 00000000 ____D () C:\Users\Beta 2014-04-18 17:40 - 2014-04-18 17:40 - 00000020 ___SH () C:\Users\Beta\ntuser.ini 2014-04-18 17:40 - 2014-04-18 17:40 - 00000000 ____D () C:\Users\Beta\AppData\Local\VirtualStore 2014-04-18 17:40 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\Beta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-04-18 17:40 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\Beta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-04-18 17:22 - 2014-04-18 17:22 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI 2014-04-18 17:22 - 2014-04-18 17:22 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI 2014-04-18 17:22 - 2014-04-18 17:22 - 00000000 ____D () C:\Users\Administrator\AppData\Local\AMD 2014-04-18 17:17 - 2014-04-21 14:08 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe 2014-04-18 17:17 - 2014-04-18 17:17 - 00058016 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-18 17:17 - 2014-04-18 17:17 - 00001409 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-18 17:17 - 2014-04-18 17:17 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini 2014-04-18 17:17 - 2014-04-18 17:17 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-18 17:17 - 2014-04-18 17:17 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-18 17:17 - 2014-04-18 17:17 - 00000000 ____D () C:\Users\Administrator 2014-04-18 17:17 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-04-18 17:17 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-04-18 17:13 - 2014-04-18 17:26 - 00004040 __RSH () C:\ProgramData\ntuser.pol 2014-04-18 12:17 - 2014-04-18 12:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-04-18 12:16 - 2014-04-18 12:26 - 00000000 ____D () C:\ProgramData\Adobe 2014-04-18 12:16 - 2014-04-18 12:16 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-04-17 23:14 - 2014-04-17 23:14 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-04-17 23:14 - 2014-04-17 23:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-17 23:14 - 2014-04-17 23:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-17 21:14 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2014-04-17 21:14 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2014-04-17 21:14 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll 2014-04-17 21:14 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2014-04-17 21:14 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2014-04-17 21:14 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2014-04-17 21:14 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2014-04-17 21:14 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2014-04-17 21:14 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2014-04-17 21:14 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2014-04-17 21:14 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2014-04-17 21:14 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2014-04-17 21:14 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2014-04-17 21:14 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll 2014-04-17 21:14 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2014-04-17 21:14 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2014-04-17 21:14 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll 2014-04-17 21:14 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll 2014-04-17 21:14 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll 2014-04-17 21:14 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2014-04-17 21:14 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2014-04-17 21:14 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll 2014-04-17 21:14 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2014-04-17 21:14 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll 2014-04-17 21:14 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll 2014-04-17 21:14 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll 2014-04-17 21:14 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll 2014-04-17 21:14 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll 2014-04-17 21:14 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll 2014-04-17 21:14 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll 2014-04-17 21:14 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll 2014-04-17 21:14 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll 2014-04-17 21:14 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll 2014-04-17 21:14 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll 2014-04-17 21:14 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll 2014-04-17 21:14 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll 2014-04-17 21:14 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll 2014-04-17 21:14 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll 2014-04-17 21:14 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll 2014-04-17 21:14 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll 2014-04-17 21:14 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll 2014-04-17 21:14 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll 2014-04-17 21:14 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll 2014-04-17 21:14 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll 2014-04-17 21:14 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll 2014-04-17 21:14 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll 2014-04-17 21:14 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll 2014-04-17 21:14 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll 2014-04-17 21:14 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll 2014-04-17 21:14 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll 2014-04-17 21:14 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll 2014-04-17 21:14 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll 2014-04-17 21:13 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll 2014-04-17 21:13 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll 2014-04-17 21:13 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll 2014-04-17 21:13 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll 2014-04-17 21:13 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll 2014-04-17 21:13 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll 2014-04-17 21:13 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll 2014-04-17 21:13 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll 2014-04-17 21:13 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll 2014-04-17 21:13 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll 2014-04-17 21:13 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll 2014-04-17 21:13 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll 2014-04-17 21:13 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll 2014-04-17 21:13 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll 2014-04-17 21:13 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll 2014-04-17 21:13 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll 2014-04-17 21:13 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2014-04-17 21:13 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll 2014-04-17 21:13 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2014-04-17 21:13 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2014-04-17 21:13 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2014-04-17 21:13 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll 2014-04-17 21:13 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll 2014-04-17 21:13 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll 2014-04-17 21:13 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll 2014-04-17 21:13 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll 2014-04-17 21:13 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll 2014-04-17 21:13 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll 2014-04-17 21:13 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll 2014-04-17 21:13 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll 2014-04-17 21:13 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll 2014-04-17 21:13 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll 2014-04-17 21:13 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll 2014-04-17 21:13 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll 2014-04-17 21:13 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll 2014-04-17 21:13 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll 2014-04-17 21:13 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll 2014-04-17 21:13 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll 2014-04-17 21:13 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll 2014-04-17 21:13 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll 2014-04-17 21:13 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll 2014-04-17 21:13 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll 2014-04-17 21:13 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll 2014-04-17 21:13 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll 2014-04-17 21:13 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll 2014-04-17 21:13 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll 2014-04-17 21:13 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll 2014-04-17 21:13 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll 2014-04-17 21:13 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll 2014-04-17 21:13 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll 2014-04-17 21:13 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll 2014-04-17 21:13 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll 2014-04-17 21:13 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll 2014-04-17 21:13 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll 2014-04-17 21:13 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll 2014-04-17 21:13 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll 2014-04-17 21:13 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll 2014-04-17 21:13 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll 2014-04-17 21:13 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll 2014-04-17 21:13 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2014-04-17 21:13 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll 2014-04-17 21:13 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll 2014-04-17 21:13 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll 2014-04-17 21:13 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll 2014-04-17 21:13 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll 2014-04-17 21:13 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2014-04-17 21:13 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll 2014-04-17 21:13 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2014-04-17 21:13 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll 2014-04-17 21:13 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2014-04-17 21:13 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll 2014-04-17 21:13 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2014-04-17 21:13 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll 2014-04-17 21:13 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2014-04-17 21:13 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll 2014-04-17 21:13 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2014-04-17 21:13 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2014-04-17 21:13 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll 2014-04-17 21:13 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2014-04-17 21:13 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll 2014-04-17 21:13 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2014-04-17 21:13 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll 2014-04-17 21:13 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2014-04-17 21:13 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll 2014-04-17 21:13 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2014-04-17 21:13 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll 2014-04-17 21:13 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll 2014-04-17 21:13 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2014-04-17 21:13 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2014-04-17 21:13 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll 2014-04-17 21:13 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2014-04-17 21:13 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll 2014-04-17 21:13 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2014-04-17 21:13 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll 2014-04-17 21:13 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll 2014-04-17 21:13 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2014-04-17 21:13 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2014-04-17 21:13 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2014-04-17 21:13 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll 2014-04-17 21:13 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll 2014-04-17 21:13 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll 2014-04-17 21:13 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2014-04-17 21:13 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2014-04-17 21:13 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2014-04-17 21:13 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2014-04-17 21:13 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2014-04-17 21:13 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2014-04-17 21:13 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll 2014-04-17 21:13 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2014-04-17 21:13 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll 2014-04-17 21:13 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2014-04-17 21:13 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll 2014-04-17 21:13 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2014-04-17 21:13 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2014-04-17 21:12 - 2014-04-18 03:10 - 00000000 ____D () C:\Program Files (x86)\InfiniteCrisis 2014-04-17 21:12 - 2014-04-17 21:13 - 00010123 _____ () C:\Windows\DirectX.log 2014-04-17 21:12 - 2014-04-17 21:12 - 00000000 ____D () C:\ProgramData\Turbine 2014-04-17 21:12 - 2014-04-17 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infinite Crisis 2014-04-17 21:12 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2014-04-17 21:12 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll 2014-04-17 21:12 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2014-04-17 21:12 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll 2014-04-17 21:12 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2014-04-17 21:12 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll 2014-04-17 21:12 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2014-04-17 21:12 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll 2014-04-17 21:12 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2014-04-17 21:12 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll 2014-04-17 15:22 - 2014-04-17 15:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-17 15:22 - 2014-04-17 15:22 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-14 18:49 - 2014-04-22 22:16 - 00313636 _____ () C:\Windows\system32\Drivers\fvstore.dat 2014-04-14 18:49 - 2014-04-14 18:49 - 00000000 ____D () C:\VTRoot 2014-04-14 18:39 - 2014-04-14 18:39 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO 2014-04-14 18:39 - 2014-04-14 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO 2014-04-14 18:38 - 2014-04-14 18:39 - 00000000 ___SD () C:\ProgramData\Shared Space 2014-04-14 18:37 - 2014-04-14 18:37 - 00000000 ____D () C:\Program Files\COMODO 2014-04-14 18:31 - 2014-04-14 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition 2014-04-14 18:31 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys 2014-04-14 18:31 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys 2014-04-14 18:29 - 2014-04-14 18:31 - 00000000 ____D () C:\Program Files\Bitdefender 2014-04-14 18:29 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys 2014-04-14 18:29 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys 2014-04-14 18:20 - 2014-04-14 18:20 - 00000000 ____D () C:\ProgramData\Comodo Downloader 2014-04-14 18:18 - 2014-04-18 15:10 - 00000000 ____D () C:\ProgramData\Comodo 2014-04-14 18:13 - 2014-04-28 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-04-14 18:13 - 2014-04-28 13:45 - 00000000 ____D () C:\Program Files (x86)\Mbam2 2014-04-14 18:13 - 2014-04-18 14:03 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-14 18:13 - 2014-04-18 14:03 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-14 18:13 - 2014-04-18 14:03 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-14 18:10 - 2014-04-25 18:22 - 00324506 _____ () C:\Windows\PFRO.log 2014-04-09 22:32 - 2014-03-06 03:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-09 22:32 - 2014-03-06 02:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-09 22:32 - 2014-03-06 02:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-09 22:32 - 2014-03-06 02:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-09 22:32 - 2014-03-06 01:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-09 22:32 - 2014-03-06 01:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-09 22:32 - 2014-03-06 01:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-09 22:32 - 2014-03-06 01:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-09 22:32 - 2014-03-06 01:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-09 22:32 - 2014-03-06 01:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-09 22:32 - 2014-03-06 01:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-09 22:32 - 2014-03-06 01:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-09 22:32 - 2014-03-06 01:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-09 22:32 - 2014-03-06 01:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-09 22:32 - 2014-03-06 01:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-09 22:32 - 2014-03-06 01:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-09 22:32 - 2014-03-06 01:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-09 22:32 - 2014-03-06 01:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-09 22:32 - 2014-03-06 01:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-09 22:32 - 2014-03-06 01:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-09 22:32 - 2014-03-06 01:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-09 22:32 - 2014-03-06 01:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-09 22:32 - 2014-03-06 00:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-09 22:32 - 2014-03-06 00:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-09 22:32 - 2014-03-06 00:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-09 22:32 - 2014-03-06 00:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-09 22:32 - 2014-03-06 00:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-09 22:32 - 2014-03-06 00:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-09 22:32 - 2014-03-06 00:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-09 22:32 - 2014-03-06 00:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-09 22:32 - 2014-03-06 00:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-09 22:32 - 2014-03-06 00:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-09 22:32 - 2014-03-06 00:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-09 22:32 - 2014-03-06 00:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-09 22:32 - 2014-03-06 00:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-09 22:32 - 2014-03-06 00:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-09 22:32 - 2014-03-06 00:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-09 22:32 - 2014-03-06 00:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-09 22:32 - 2014-03-05 23:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-09 22:32 - 2014-03-05 23:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-09 22:32 - 2014-03-05 23:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-09 22:32 - 2014-03-05 23:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-09 22:32 - 2014-03-05 23:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-09 22:32 - 2014-03-05 22:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-09 22:32 - 2014-03-05 22:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-09 22:32 - 2014-03-05 22:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-09 22:32 - 2014-03-05 22:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-09 22:32 - 2014-03-05 22:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-09 12:04 - 2014-03-04 02:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 12:04 - 2014-03-04 02:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-09 12:04 - 2014-03-04 02:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-09 12:04 - 2014-03-04 02:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-09 12:04 - 2014-03-04 02:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-09 12:04 - 2014-03-04 02:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 12:04 - 2014-03-04 02:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-09 12:04 - 2014-03-04 02:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-09 12:04 - 2014-03-04 02:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-09 12:04 - 2014-03-04 01:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-09 12:04 - 2014-03-04 01:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-09 12:04 - 2014-02-03 19:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-09 12:04 - 2014-02-03 19:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-09 12:04 - 2014-02-03 19:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-09 12:04 - 2014-02-03 19:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-09 12:04 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-09 12:04 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys ==================== One Month Modified Files and Folders ======= 2014-04-30 11:58 - 2014-04-30 11:58 - 00008329 _____ () C:\Users\Sirly\Desktop\FRST.txt 2014-04-30 11:57 - 2014-04-21 14:36 - 00000000 ____D () C:\FRST 2014-04-30 11:56 - 2014-04-30 11:56 - 00000000 _____ () C:\Users\Sirly\Desktop\Addition.txt 2014-04-30 11:42 - 2009-07-13 21:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-30 11:42 - 2009-07-13 21:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-30 11:39 - 2014-03-26 14:14 - 01344625 _____ () C:\Windows\WindowsUpdate.log 2014-04-30 11:39 - 2009-07-13 22:13 - 00891324 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-30 11:37 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\inetsrv 2014-04-30 11:35 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-30 11:34 - 2014-03-29 23:50 - 00010023 _____ () C:\Windows\setupact.log 2014-04-29 10:42 - 2014-04-29 10:42 - 02061824 _____ (Farbar) C:\Users\Sirly\Desktop\FRST64.exe 2014-04-29 10:25 - 2014-04-28 13:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-04-29 10:22 - 2014-04-29 10:21 - 17290592 _____ (Malwarebytes Corporation ) C:\Users\Sirly\Desktop\mbam-setup-consumer-2.0.2.1007.exe 2014-04-29 10:20 - 2014-04-29 10:20 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Sirly\Desktop\mbam-clean-2.0.2.0.exe 2014-04-29 10:19 - 2014-04-29 10:19 - 01673896 _____ (Malwarebytes Corporation) C:\Users\Sirly\Desktop\mbam-check-2.1.0.0002.exe 2014-04-29 10:17 - 2014-03-26 12:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-28 21:02 - 2014-04-28 21:02 - 00000000 ____D () C:\Windows\SysWOW64\Atheros_L1e 2014-04-28 21:01 - 2014-02-10 18:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-04-28 19:35 - 2014-04-28 19:35 - 00000000 ____D () C:\Users\Sirly\Desktop\Old Firefox Data 2014-04-28 15:26 - 2014-04-28 15:26 - 00000000 ____D () C:\Users\Sirly\AppData\Local\Adobe 2014-04-28 15:26 - 2014-04-18 20:13 - 00000000 ____D () C:\Users\Sirly\AppData\Roaming\Adobe 2014-04-28 13:49 - 2014-04-14 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-04-28 13:45 - 2014-04-14 18:13 - 00000000 ____D () C:\Program Files (x86)\Mbam2 2014-04-28 12:55 - 2014-04-28 12:55 - 00854355 _____ () C:\Users\Sirly\Desktop\SecurityCheck.exe 2014-04-28 12:16 - 2014-04-28 12:16 - 00000629 _____ () C:\Users\Sirly\Desktop\JRT.txt 2014-04-27 22:44 - 2014-04-27 22:44 - 00000637 _____ () C:\Users\Sirly\Sirly - Shortcut.lnk 2014-04-27 22:44 - 2014-04-18 18:01 - 00000000 ____D () C:\Users\Sirly 2014-04-27 21:30 - 2014-04-27 21:30 - 01016261 _____ (Thisisu) C:\Users\Sirly\Desktop\JRT.exe 2014-04-27 21:16 - 2014-04-27 21:16 - 00448512 _____ (OldTimer Tools) C:\Users\Sirly\Desktop\TFC.exe 2014-04-25 18:34 - 2014-04-25 18:34 - 00079863 _____ () C:\ComboFix.txt 2014-04-25 18:34 - 2014-04-25 17:56 - 00000000 ____D () C:\Qoobox 2014-04-25 18:27 - 2014-04-24 12:07 - 00000000 ____D () C:\Windows\ERDNT 2014-04-25 18:24 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini 2014-04-25 18:22 - 2014-04-14 18:10 - 00324506 _____ () C:\Windows\PFRO.log 2014-04-25 18:22 - 2009-07-13 19:34 - 52166656 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-04-25 18:22 - 2009-07-13 19:34 - 19136512 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-04-25 18:22 - 2009-07-13 19:34 - 00786432 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-04-25 18:22 - 2009-07-13 19:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-04-25 18:22 - 2009-07-13 19:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-04-25 17:54 - 2014-04-25 17:53 - 05196870 ____R (Swearware) C:\Users\Sirly\Desktop\ComboFix.exe 2014-04-25 14:17 - 2014-04-25 14:16 - 00000000 ____D () C:\AdwCleaner 2014-04-25 12:12 - 2014-04-25 12:09 - 10303344 _____ () C:\Users\Beta\Downloads\Kit_Kat_Xperience.zip 2014-04-25 11:24 - 2014-04-25 11:00 - 436903589 _____ () C:\Users\Beta\Downloads\Samurai_4-9-2014.zip 2014-04-25 10:53 - 2014-04-25 10:53 - 00000000 ____D () C:\Program Files (x86)\LG Electronics 2014-04-25 08:06 - 2014-04-24 12:01 - 00002522 _____ () C:\Users\Sirly\Desktop\Rkill.txt 2014-04-25 07:16 - 2014-04-25 07:16 - 00000000 ____D () C:\Windows\ERUNT 2014-04-25 07:13 - 2014-04-25 07:03 - 00000000 ____D () C:\Users\Sirly\Desktop\mbar 2014-04-25 07:13 - 2014-03-19 23:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-04-25 07:03 - 2014-04-25 07:03 - 01365865 _____ () C:\Users\Sirly\Desktop\AdwCleaner.exe 2014-04-25 07:03 - 2014-04-25 07:02 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Sirly\Desktop\mbar-1.07.0.1009.exe 2014-04-24 13:34 - 2014-04-24 13:33 - 00000000 ____D () C:\Users\Sirly\Desktop\GrantPerms64 2014-04-24 13:21 - 2014-04-24 13:21 - 00000000 ____D () C:\Users\Sirly\AppData\Roaming\Boredom Software 2014-04-24 13:19 - 2014-04-24 13:19 - 00000000 ____D () C:\Program Files (x86)\Boredom Software 2014-04-24 13:17 - 2014-04-24 13:17 - 00000000 ____D () C:\Users\Sirly\AppData\Roaming\WinRAR 2014-04-24 13:03 - 2014-04-24 13:03 - 00002956 _____ () C:\Users\Sirly\Desktop\RKreport[0]_S_04242014_130356.txt 2014-04-24 13:00 - 2014-04-24 12:20 - 00000000 ____D () C:\Users\Sirly\Desktop\RK_Quarantine 2014-04-24 12:41 - 2014-04-24 12:41 - 00000000 ____D () C:\Users\Sirly\AppData\Local\CrashDumps 2014-04-24 12:27 - 2014-04-24 12:27 - 00000000 ____D () C:\Users\Sirly\AppData\Local\Macromedia 2014-04-24 12:19 - 2014-04-24 12:19 - 04527616 _____ () C:\Users\Sirly\Desktop\RogueKillerX64.exe 2014-04-24 12:06 - 2014-04-24 12:06 - 00000924 _____ () C:\Users\Sirly\Desktop\NTREGOPT.lnk 2014-04-24 12:06 - 2014-04-24 12:06 - 00000924 _____ () C:\Users\Administrator\Desktop\NTREGOPT.lnk 2014-04-24 12:06 - 2014-04-24 12:06 - 00000905 _____ () C:\Users\Sirly\Desktop\ERUNT.lnk 2014-04-24 12:06 - 2014-04-24 12:06 - 00000905 _____ () C:\Users\Administrator\Desktop\ERUNT.lnk 2014-04-24 12:06 - 2014-04-24 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-04-24 12:06 - 2014-04-24 12:06 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-04-24 12:00 - 2014-04-24 12:00 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Sirly\Desktop\rkill.exe 2014-04-24 11:38 - 2014-04-24 11:38 - 00024505 _____ () C:\Users\Beta\Documents\CisReport_x64_v7.0.317799.4142_20140424-113807.zip 2014-04-24 11:38 - 2014-04-24 11:38 - 00000000 ____D () C:\Users\Beta\AppData\Roaming\WinRAR 2014-04-22 22:17 - 2014-04-21 17:46 - 00047601 _____ () C:\Windows\iis7.log 2014-04-22 22:16 - 2014-04-14 18:49 - 00313636 _____ () C:\Windows\system32\Drivers\fvstore.dat 2014-04-22 22:16 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv 2014-04-22 12:18 - 2014-04-18 19:49 - 00000000 ____D () C:\Users\Beta\AppData\Local\Turbine 2014-04-21 20:18 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache 2014-04-21 17:48 - 2014-02-10 18:11 - 00843060 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-04-21 17:48 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-21 17:45 - 2014-04-21 17:45 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices 2014-04-21 17:45 - 2014-04-21 17:45 - 00000000 ____D () C:\Windows\system32\msmq 2014-04-21 17:45 - 2014-04-21 17:45 - 00000000 ____D () C:\Windows\system32\BestPractices 2014-04-21 17:45 - 2014-04-21 17:45 - 00000000 ____D () C:\inetpub 2014-04-21 17:45 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-04-21 17:45 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files\Microsoft Games 2014-04-21 17:29 - 2014-04-21 17:29 - 00000000 ____D () C:\Users\Sirly\AppData\Roaming\Mozilla 2014-04-21 17:29 - 2014-04-21 17:29 - 00000000 ____D () C:\Users\Sirly\AppData\Local\Mozilla 2014-04-21 15:40 - 2014-04-21 15:40 - 00000000 ____D () C:\Users\Sirly\AppData\Roaming\ATI 2014-04-21 15:40 - 2014-04-21 15:40 - 00000000 ____D () C:\Users\Sirly\AppData\Local\ATI 2014-04-21 15:40 - 2014-04-21 15:40 - 00000000 ____D () C:\Users\Sirly\AppData\Local\AMD 2014-04-21 14:42 - 2014-04-21 14:37 - 00014830 _____ () C:\Users\Administrator\Downloads\Addition.txt 2014-04-21 14:42 - 2014-04-21 14:36 - 00057207 _____ () C:\Users\Administrator\Downloads\FRST.txt 2014-04-21 14:25 - 2014-04-21 14:25 - 02061312 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe 2014-04-21 14:08 - 2014-04-21 14:08 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe 2014-04-21 14:08 - 2014-04-18 17:17 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe 2014-04-21 11:46 - 2014-04-21 11:46 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia 2014-04-21 11:46 - 2014-04-21 11:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Macromedia 2014-04-21 11:44 - 2014-04-21 11:44 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla 2014-04-21 11:44 - 2014-04-21 11:44 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla 2014-04-21 11:37 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-04-21 11:15 - 2014-04-21 11:15 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList 2014-04-21 11:15 - 2014-04-21 11:15 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList 2014-04-21 11:09 - 2014-04-21 11:09 - 00058016 _____ () C:\Users\Sirly\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-21 11:09 - 2014-04-21 11:09 - 00001413 _____ () C:\Users\Sirly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-21 11:09 - 2014-04-21 11:09 - 00000000 ___RD () C:\Users\Sirly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-21 11:09 - 2014-04-21 11:09 - 00000000 ___RD () C:\Users\Sirly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-21 11:09 - 2014-04-21 11:09 - 00000000 ____D () C:\Users\Sirly\AppData\Local\VirtualStore 2014-04-19 00:25 - 2014-04-19 00:25 - 00000000 ____D () C:\Users\Beta\AppData\Local\Macromedia 2014-04-18 22:12 - 2014-04-18 22:12 - 00000000 __SHD () C:\Users\Beta\AppData\Local\EmieUserList 2014-04-18 22:12 - 2014-04-18 22:12 - 00000000 __SHD () C:\Users\Beta\AppData\Local\EmieSiteList 2014-04-18 22:04 - 2014-04-18 20:13 - 00000000 ____D () C:\Users\Sirly\Documents\InfiniteCrisis 2014-04-18 20:54 - 2014-04-18 20:54 - 00000000 ____D () C:\Users\Sirly\AppData\Roaming\Macromedia 2014-04-18 20:14 - 2014-04-18 20:13 - 00000000 ____D () C:\Users\Sirly\AppData\Local\InfiniteCrisis 2014-04-18 20:13 - 2014-04-18 20:13 - 00000000 __SHD () C:\Users\Sirly\AppData\Local\EmieUserList 2014-04-18 20:13 - 2014-04-18 20:13 - 00000000 __SHD () C:\Users\Sirly\AppData\Local\EmieSiteList 2014-04-18 20:13 - 2014-04-18 20:12 - 00000000 ____D () C:\Users\Sirly\AppData\Local\Turbine 2014-04-18 20:12 - 2014-04-18 19:52 - 00000000 ____D () C:\Users\Beta\Documents\InfiniteCrisis 2014-04-18 19:52 - 2014-04-18 19:51 - 00000000 ____D () C:\Users\Beta\AppData\Local\InfiniteCrisis 2014-04-18 18:01 - 2014-04-18 18:01 - 00000020 ___SH () C:\Users\Sirly\ntuser.ini 2014-04-18 17:56 - 2014-04-18 17:56 - 00000000 ____D () C:\Users\Beta\AppData\Local\AMD 2014-04-18 17:53 - 2014-04-18 17:53 - 00000000 ____D () C:\Users\Beta\AppData\Roaming\Mozilla 2014-04-18 17:53 - 2014-04-18 17:53 - 00000000 ____D () C:\Users\Beta\AppData\Local\Mozilla 2014-04-18 17:52 - 2014-04-18 17:52 - 00000000 ____D () C:\Users\Beta\AppData\Roaming\Macromedia 2014-04-18 17:52 - 2014-04-18 17:52 - 00000000 ____D () C:\Users\Beta\AppData\Roaming\LolClient 2014-04-18 17:46 - 2014-04-18 17:46 - 00000000 ____D () C:\Users\Beta\AppData\Roaming\ATI 2014-04-18 17:46 - 2014-04-18 17:46 - 00000000 ____D () C:\Users\Beta\AppData\Local\ATI 2014-04-18 17:41 - 2014-04-18 17:41 - 00058016 _____ () C:\Users\Beta\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-18 17:41 - 2014-04-18 17:41 - 00001413 _____ () C:\Users\Beta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-18 17:41 - 2014-04-18 17:41 - 00000000 ___RD () C:\Users\Beta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-18 17:41 - 2014-04-18 17:41 - 00000000 ___RD () C:\Users\Beta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-18 17:41 - 2014-04-18 17:41 - 00000000 ____D () C:\Users\Beta\AppData\Roaming\Adobe 2014-04-18 17:41 - 2014-04-18 17:40 - 00000000 ____D () C:\Users\Beta 2014-04-18 17:40 - 2014-04-18 17:40 - 00000020 ___SH () C:\Users\Beta\ntuser.ini 2014-04-18 17:40 - 2014-04-18 17:40 - 00000000 ____D () C:\Users\Beta\AppData\Local\VirtualStore 2014-04-18 17:30 - 2014-02-21 19:37 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-04-18 17:26 - 2014-04-18 17:13 - 00004040 __RSH () C:\ProgramData\ntuser.pol 2014-04-18 17:22 - 2014-04-18 17:22 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI 2014-04-18 17:22 - 2014-04-18 17:22 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI 2014-04-18 17:22 - 2014-04-18 17:22 - 00000000 ____D () C:\Users\Administrator\AppData\Local\AMD 2014-04-18 17:17 - 2014-04-18 17:17 - 00058016 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-18 17:17 - 2014-04-18 17:17 - 00001409 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-18 17:17 - 2014-04-18 17:17 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini 2014-04-18 17:17 - 2014-04-18 17:17 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-18 17:17 - 2014-04-18 17:17 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-18 17:17 - 2014-04-18 17:17 - 00000000 ____D () C:\Users\Administrator 2014-04-18 17:17 - 2009-07-13 21:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-04-18 17:10 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-04-18 15:13 - 2014-03-29 23:50 - 00275712 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-18 15:10 - 2014-04-14 18:18 - 00000000 ____D () C:\ProgramData\Comodo 2014-04-18 15:04 - 2014-02-11 16:52 - 00000000 ____D () C:\Riot Games 2014-04-18 14:03 - 2014-04-14 18:13 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-18 14:03 - 2014-04-14 18:13 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-18 14:03 - 2014-04-14 18:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-18 12:26 - 2014-04-18 12:16 - 00000000 ____D () C:\ProgramData\Adobe 2014-04-18 12:17 - 2014-04-18 12:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-04-18 12:16 - 2014-04-18 12:16 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-04-18 03:10 - 2014-04-17 21:12 - 00000000 ____D () C:\Program Files (x86)\InfiniteCrisis 2014-04-17 23:14 - 2014-04-17 23:14 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-04-17 23:14 - 2014-04-17 23:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-17 23:14 - 2014-04-17 23:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-17 21:13 - 2014-04-17 21:12 - 00010123 _____ () C:\Windows\DirectX.log 2014-04-17 21:12 - 2014-04-17 21:12 - 00000000 ____D () C:\ProgramData\Turbine 2014-04-17 21:12 - 2014-04-17 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infinite Crisis 2014-04-17 15:57 - 2014-02-21 21:39 - 00000000 ____D () C:\Windows\System32\Tasks\Games 2014-04-17 15:22 - 2014-04-17 15:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-17 15:22 - 2014-04-17 15:22 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-16 14:12 - 2014-03-25 20:22 - 00738472 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys 2014-04-16 14:12 - 2014-03-25 20:22 - 00105552 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys 2014-04-16 14:12 - 2014-03-25 20:22 - 00048360 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys 2014-04-16 14:12 - 2014-03-25 20:22 - 00023168 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys 2014-04-14 18:55 - 2009-07-13 22:08 - 00032574 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-14 18:49 - 2014-04-14 18:49 - 00000000 ____D () C:\VTRoot 2014-04-14 18:39 - 2014-04-14 18:39 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO 2014-04-14 18:39 - 2014-04-14 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO 2014-04-14 18:39 - 2014-04-14 18:38 - 00000000 ___SD () C:\ProgramData\Shared Space 2014-04-14 18:37 - 2014-04-14 18:37 - 00000000 ____D () C:\Program Files\COMODO 2014-04-14 18:31 - 2014-04-14 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition 2014-04-14 18:31 - 2014-04-14 18:29 - 00000000 ____D () C:\Program Files\Bitdefender 2014-04-14 18:20 - 2014-04-14 18:20 - 00000000 ____D () C:\ProgramData\Comodo Downloader 2014-04-10 14:45 - 2014-03-03 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-04-10 14:45 - 2014-03-03 18:46 - 00000000 ____D () C:\ProgramData\Skype 2014-04-09 22:34 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-09 22:02 - 2014-02-10 19:10 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-09 22:01 - 2014-02-10 19:10 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-31 09:35 - 2010-11-20 20:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-29 13:12 ==================== End Of Log ============================ I got it to work. The cause was comodo on game mode.
- April 30, 2014
- 46 replies
- - Unable
  - Delete
  - (and 2 more)
    Tagged with:
    
    Unable
    
    Delete
    
    removed
    
    user
If not infected then what?

Brett1337Vierra replied to Brett1337Vierra's topic in Resolved Malware Removal Logs

Same thing FRST64 ran. at drivers it froze and said not responding and then started back up finish and spit out nothing. as of now I have no malwarebytes installed on my computer and it hasn't been there for a day now.
- April 30, 2014
- 46 replies
- - Unable
  - Delete
  - (and 2 more)
    Tagged with:
    
    Unable
    
    Delete
    
    removed
    
    user
If not infected then what?

Brett1337Vierra replied to Brett1337Vierra's topic in Resolved Malware Removal Logs

I tried MBAM-chk and it got a cmd prompt with an error 7-zip something it went away to fast
- April 29, 2014
- 46 replies
- - Unable
  - Delete
  - (and 2 more)
    Tagged with:
    
    Unable
    
    Delete
    
    removed
    
    user
If not infected then what?

Brett1337Vierra replied to Brett1337Vierra's topic in Resolved Malware Removal Logs

MBAM Clean Removal Process 2x worked. I restarted and tried to run FRST64. It scaned and made the files but nothing in them.
- April 29, 2014
- 46 replies
- - Unable
  - Delete
  - (and 2 more)
    Tagged with:
    
    Unable
    
    Delete
    
    removed
    
    user
If not infected then what?

Brett1337Vierra replied to Brett1337Vierra's topic in Resolved Malware Removal Logs

Log Name: Application Source: Microsoft-Windows-Wininit Date: 4/28/2014 8:51:41 PM Event ID: 1001 Task Category: None Level: Information Keywords: Classic User: N/A Computer: Vittorio-PC Description: Checking file system on C: The type of the file system is NTFS. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 187904 file records processed. File verification completed. 282 large file records processed. 0 bad file records processed. 2 EA records processed. 75 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 252152 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 187904 file SDs/SIDs processed. Cleaning up 929 unused index entries from index $SII of file 0x9. Cleaning up 929 unused index entries from index $SDH of file 0x9. Cleaning up 929 unused security descriptors. Security descriptor verification completed. 32125 data files processed. CHKDSK is verifying Usn Journal... 216188464 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... 187888 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 35864505 free clusters processed. Free space verification is complete. CHKDSK discovered free space marked as allocated in the master file table (MFT) bitmap. CHKDSK discovered free space marked as allocated in the volume bitmap. Windows has made corrections to the file system. 195358719 KB total disk space. 51364912 KB in 92728 files. 63528 KB in 32126 indexes. 0 KB in bad sectors. 472255 KB in use by the system. 65536 KB occupied by the log file. 143458024 KB available on disk. 4096 bytes in each allocation unit. 48839679 total allocation units on disk. 35864506 allocation units available on disk. Internal Info: 00 de 02 00 c1 e7 01 00 3b 9a 03 00 00 00 00 00 ........;....... 59 01 00 00 4b 00 00 00 00 00 00 00 00 00 00 00 Y...K........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" /> <EventID Qualifiers="16384">1001</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2014-04-29T03:51:41.000000000Z" /> <EventRecordID>6907</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>Vittorio-PC</Computer> <Security /> </System> <EventData> <Data> Checking file system on C: The type of the file system is NTFS. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 187904 file records processed. File verification completed. 282 large file records processed. 0 bad file records processed. 2 EA records processed. 75 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 252152 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 187904 file SDs/SIDs processed. Cleaning up 929 unused index entries from index $SII of file 0x9. Cleaning up 929 unused index entries from index $SDH of file 0x9. Cleaning up 929 unused security descriptors. Security descriptor verification completed. 32125 data files processed. CHKDSK is verifying Usn Journal... 216188464 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... 187888 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 35864505 free clusters processed. Free space verification is complete. CHKDSK discovered free space marked as allocated in the master file table (MFT) bitmap. CHKDSK discovered free space marked as allocated in the volume bitmap. Windows has made corrections to the file system. 195358719 KB total disk space. 51364912 KB in 92728 files. 63528 KB in 32126 indexes. 0 KB in bad sectors. 472255 KB in use by the system. 65536 KB occupied by the log file. 143458024 KB available on disk. 4096 bytes in each allocation unit. 48839679 total allocation units on disk. 35864506 allocation units available on disk. Internal Info: 00 de 02 00 c1 e7 01 00 3b 9a 03 00 00 00 00 00 ........;....... 59 01 00 00 4b 00 00 00 00 00 00 00 00 00 00 00 Y...K........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts. </Data> </EventData> </Event> I had a problem when rebooting. Malwarebytes did not boot up and the icon was removed
- April 29, 2014
- 46 replies
- - Unable
  - Delete
  - (and 2 more)
    Tagged with:
    
    Unable
    
    Delete
    
    removed
    
    user
If not infected then what?

Brett1337Vierra replied to Brett1337Vierra's topic in Resolved Malware Removal Logs

I am running the scan now sorry about that. I'm using my mobile while it scans
- April 29, 2014
- 46 replies
- - Unable
  - Delete
  - (and 2 more)
    Tagged with:
    
    Unable
    
    Delete
    
    removed
    
    user
If not infected then what?

Brett1337Vierra replied to Brett1337Vierra's topic in Resolved Malware Removal Logs

Thanks for all the time. I wish it was malware but alas....anyway thanks again good luck with the next guy
- April 29, 2014
- 46 replies
- - Unable
  - Delete
  - (and 2 more)
    Tagged with:
    
    Unable
    
    Delete
    
    removed
    
    user
If not infected then what?

Brett1337Vierra replied to Brett1337Vierra's topic in Resolved Malware Removal Logs

Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 4/28/2014 Scan Time: 1:54:54 PM Logfile: Administrator: Yes Version: 2.00.2.1007 Malware Database: v2014.04.28.09 Rootkit Database: v2014.03.27.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Sirly Scan Type: Threat Scan Result: Completed Objects Scanned: 311718 Time Elapsed: 7 min, 25 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Nothing and im still getting a white box on startup and shutdown with a much longer then normal login time
- April 28, 2014
- 46 replies
- - Unable
  - Delete
  - (and 2 more)
    Tagged with:
    
    Unable
    
    Delete
    
    removed
    
    user
If not infected then what?

Brett1337Vierra replied to Brett1337Vierra's topic in Resolved Malware Removal Logs

Sorry this should have been first. When I tried to run a threat scan it updated and said rootkit drivers was not enabled and asked for a reboot. I did and when i logged on I had black screen and malwarebytes ran 0 pre-scan ops memory and startup went by so fast. I don't know if this is weird but let me know. Mbam log.txt
- April 28, 2014
- 46 replies
- - Unable
  - Delete
  - (and 2 more)
    Tagged with:
    
    Unable
    
    Delete
    
    removed
    
    user
If not infected then what?

Brett1337Vierra replied to Brett1337Vierra's topic in Resolved Malware Removal Logs

Results of screen317's Security Check version 0.99.82 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Bitdefender Antivirus Free Edition Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 13.0.0.182 Adobe Reader XI Mozilla Firefox (28.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Comodo Firewall cmdagent.exe Bitdefender Antivirus Free Edition gzserv.exe Bitdefender Antivirus Free Edition gziface.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log``````````````````````
- April 28, 2014
- 46 replies
- - Unable
  - Delete
  - (and 2 more)
    Tagged with:
    
    Unable
    
    Delete
    
    removed
    
    user
If not infected then what?

Brett1337Vierra replied to Brett1337Vierra's topic in Resolved Malware Removal Logs

This took more then 2 hours after I got it working. The first time I tried it took so long I went to sleep and woke up to access denied for reg files. JRT.txt
- April 28, 2014
- 46 replies
- - Unable
  - Delete
  - (and 2 more)
    Tagged with:
    
    Unable
    
    Delete
    
    removed
    
    user
If not infected then what?

Brett1337Vierra replied to Brett1337Vierra's topic in Resolved Malware Removal Logs

Here is the quarantinedlist ComboFix-quarantined-files.txt
- April 27, 2014
- 46 replies
- - Unable
  - Delete
  - (and 2 more)
    Tagged with:
    
    Unable
    
    Delete
    
    removed
    
    user
If not infected then what?

Brett1337Vierra replied to Brett1337Vierra's topic in Resolved Malware Removal Logs

Here it is ComboFix.txt
- April 26, 2014
- 46 replies
- - Unable
  - Delete
  - (and 2 more)
    Tagged with:
    
    Unable
    
    Delete
    
    removed
    
    user
If not infected then what?

Brett1337Vierra replied to Brett1337Vierra's topic in Resolved Malware Removal Logs

Sorry this too AdwCleanerR0.txt
- April 25, 2014
- 46 replies
- - Unable
  - Delete
  - (and 2 more)
    Tagged with:
    
    Unable
    
    Delete
    
    removed
    
    user
If not infected then what?

Brett1337Vierra replied to Brett1337Vierra's topic in Resolved Malware Removal Logs

Here it is nothing was found. Mbam log.txt Addition.txt FRST.txt
- April 25, 2014
- 46 replies
- - Unable
  - Delete
  - (and 2 more)
    Tagged with:
    
    Unable
    
    Delete
    
    removed
    
    user
If not infected then what?

Brett1337Vierra replied to Brett1337Vierra's topic in Resolved Malware Removal Logs

So i made it to Mbar scan number 1 and when i scanned with jrt it froze on checking startup... Crashed and now i get a can not write error: Could not create file "C:\Users\Sirly\AppData\Local\Temp\jrt\WGET.DAT ill post the mbar logs mbar-log-2014-04-25 (07-04-35).txt system-log.txt
- April 25, 2014
- 46 replies
- - Unable
  - Delete
  - (and 2 more)
    Tagged with:
    
    Unable
    
    Delete
    
    removed
    
    user

Events

Profiles

Forums

Everything posted by Brett1337Vierra

Important Information