FBI Ransom Virus need help

[jonesda]

Hello im having trouble with an FBI virsus. Currently i cannot enter into save mode or do anything. I have been poking around to see if I could find a solution and came upon this frst.exe for 64 bit windows7. And that this is supposed to help with finding a way to remove it. If any one can help it would be greatly appreciated

[Tomk1]

Hi jonesda,

Welcome to Malwarebytes Forum

My name is Tomk1. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.

The fixes are specific to your problem and should only be used for the issues on this machine.

Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.

It's often worth reading through these instructions and printing them for ease of reference.

If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.

Please reply to this thread. Do not start a new topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

download Farbar Recovery Scan Tool 32-Bit

Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.
  

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.
  

On the System Recovery Options menu you will get the following options:

• 
  
  • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
    

  [*]Select Command Prompt

  [*]In the command window type in notepad and press Enter.

  [*]The notepad opens. Under File menu select Open.

  [*]Select "Computer" and find your flash drive letter and close the notepad.

  [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

  Note: Replace letter e with the drive letter of your flash drive.

  [*]The tool will start to run.

  [*]When the tool opens click Yes to disclaimer.

  [*]Press Scan button.

  [*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[jonesda]

Hello Tomk sorry i missed you last night went to sleep. Any ways here is the log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 28 days old)

Ran by SYSTEM at 10-04-2013 01:15:19

Running from F:\

Windows 7 Ultimate (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8114720 2009-09-11] (Realtek Semiconductor)

HKLM\...\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)

HKLM\...\Run: [spupr] rundll32.exe "C:\Users\Daivd\AppData\Roaming\spupr.dll",CchFileTimeToDateTimeSz [x]

HKLM-x32\...\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" [115560 2010-08-10] (Symantec Corporation)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)

HKLM-x32\...\Run: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe [182784 2011-02-22] (Ideazon, Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" [336304 2012-10-11] (Razer USA Ltd)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255360 2012-12-14] (LogMeIn Inc.)

HKU\Daivd\...\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1631144 2013-03-29] (Valve Corporation)

HKU\Daivd\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-07-17] (Google Inc.)

HKU\Daivd\...\Run: [DownloadAccelerator] "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP [3774680 2012-08-19] (Speedbit Ltd.)

HKU\Daivd\...\Run: [Akamai NetSession Interface] "C:\Users\Daivd\AppData\Local\Akamai\netsession_win.exe" [4480768 2013-01-26] (Akamai Technologies, Inc.)

HKU\Daivd\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3673728 2012-11-06] (DT Soft Ltd)

HKU\Daivd\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18705664 2013-01-08] (Skype Technologies S.A.)

HKU\Daivd\...\Run: [Rundll32] Rundll32.exe "C:\Users\Daivd\AppData\Roaming\Microsoft\Windows\unicode2.nls",0 [x]

HKU\Daivd\...\Winlogon: [shell] C:\Users\Daivd\AppData\Roaming\mcafee.ini,explorer.exe

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$7a6e0f0ca26cd7468ad186046e2d5299\n. ATTENTION! ====> ZeroAccess

Startup: C:\Users\Daivd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk

ShortcutTarget: Xfire.lnk -> C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)

==================== Services (Whitelisted) ===================

2 ccEvtMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108392 2010-08-10] (Symantec Corporation)

2 ccSetMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108392 2010-08-10] (Symantec Corporation)

3 LiveUpdate; "C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE" [3093880 2010-09-07] (Symantec Corporation)

2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)

2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-08-08] ()

2 SmcService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe" [3249768 2010-11-11] (Symantec Corporation)

4 SNAC; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE" [428912 2010-11-17] (Symantec Corporation)

2 Symantec AntiVirus; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe" [1839776 2010-11-08] (Symantec Corporation)

==================== Drivers (Whitelisted) =====================

3 Alpham1; C:\Windows\System32\DRIVERS\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation)

3 Alpham2; C:\Windows\System32\DRIVERS\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation)

1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-12-04] (DT Soft Ltd)

1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)

3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)

3 NAVENG; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130409.009\ENG64.SYS [126192 2013-01-16] (Symantec Corporation)

3 NAVEX15; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130409.009\EX64.SYS [2087664 2013-01-16] (Symantec Corporation)

3 nvrd64; C:\Windows\System32\Drivers\nvrd64.sys [175648 2009-06-30] (NVIDIA Corporation)

1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [449072 2010-09-17] (Symantec Corporation)

3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [482352 2010-09-17] (Symantec Corporation)

1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2010-09-17] (Symantec Corporation)

3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173616 2012-07-15] (Symantec Corporation)

3 Teefer2; C:\Windows\System32\Drivers\Teefer2.sys [64048 2010-08-16] (Symantec Corporation)

1 WPS; \??\C:\Windows\system32\drivers\wpsdrvnt.sys [53808 2010-11-11] (Symantec Corporation)

3 WpsHelper; C:\Windows\System32\Drivers\WpsHelper.sys [233120 2012-10-04] (Symantec Corporation)

3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]

3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]

3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-04-09 20:27 - 2013-04-09 20:27 - 00000000 ____D C:\ProgramData\sve

2013-04-09 20:26 - 2013-04-09 20:26 - 00096768 ____A C:\Users\Daivd\Desktop\mlhb.tmp

2013-04-07 14:07 - 2013-04-07 14:07 - 04911104 ____A C:\Users\Daivd\Desktop\ENGR ISYS 3010 HIRED Interview Success Mar 2013(1).ppt

2013-04-04 23:06 - 2013-04-04 23:06 - 19221504 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 15407616 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 14317568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-04-04 23:06 - 2013-04-04 23:06 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-04-04 23:06 - 2013-04-04 23:06 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-04-04 23:06 - 2013-04-04 23:06 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-04-04 23:06 - 2013-04-04 23:06 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2013-04-04 23:06 - 2013-04-04 23:06 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat

2013-04-04 23:06 - 2013-04-04 23:06 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00526848 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec

2013-04-04 23:06 - 2013-04-04 23:06 - 00391680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2013-04-04 23:06 - 2013-04-04 23:06 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx

2013-04-04 23:06 - 2013-04-04 23:06 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2013-04-04 23:06 - 2013-04-04 23:06 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2013-04-04 23:04 - 2013-04-04 23:04 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-04-04 23:01 - 2013-04-04 23:09 - 00007985 ____A C:\Windows\IE10_main.log

2013-04-01 17:09 - 2013-04-01 17:09 - 00002235 ____A C:\Users\Public\Desktop\Launch BioShock Infinite.lnk

2013-04-01 17:09 - 2013-04-01 17:09 - 00002200 ____A C:\Users\Public\Desktop\Launch BioShock Infinite Benchmarking Utility.lnk

2013-04-01 16:36 - 2013-04-01 17:16 - 00000000 ____D C:\Program Files (x86)\BioShock Infinite

2013-04-01 15:16 - 2013-04-01 15:59 - 00000000 ____D C:\Users\Daivd\Desktop\New Folder (3)

2013-04-01 15:15 - 2013-04-01 15:15 - 00000000 ____D C:\Users\Daivd\Desktop\New Folder (2)

2013-04-01 14:22 - 2013-03-25 14:43 - 4247060480 ____A C:\Users\Daivd\Desktop\flt-bina.iso

2013-04-01 11:48 - 2013-04-01 11:55 - 00000000 ____D C:\Users\Daivd\Desktop\BioShock_Infinite-FLT

2013-03-27 12:46 - 2013-03-27 12:46 - 00071680 ____A C:\Users\Daivd\Desktop\Queue.xls

2013-03-23 10:14 - 2013-04-08 15:53 - 00000000 ____D C:\Program Files (x86)\War Thunder

2013-03-23 10:14 - 2013-04-01 13:27 - 00000000 ____D C:\ProgramData\WarThunder

2013-03-23 10:14 - 2013-03-23 10:14 - 00000000 ____D C:\Users\Daivd\AppData\Local\WarThunder

2013-03-21 08:41 - 2013-03-21 08:41 - 00000000 ____D C:\Users\Daivd\Documents\EA Games

2013-03-21 08:41 - 2013-03-21 08:41 - 00000000 ____D C:\Users\Daivd\AppData\Local\EA Games

2013-03-20 20:10 - 2013-03-20 20:10 - 00042880 ____A C:\Windows\SysWOW64\xfcodec.dll

2013-03-20 20:10 - 2013-03-20 20:10 - 00028544 ____A C:\Windows\System32\xfcodec64.dll

2013-03-20 12:31 - 2013-02-11 20:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys

2013-03-20 06:23 - 2013-03-20 19:07 - 00000000 ____D C:\Users\Daivd\Desktop\signals system

2013-03-15 15:56 - 2013-04-09 20:33 - 00000000 ____D C:\Users\Daivd\AppData\Local\LogMeIn Hamachi

2013-03-15 15:56 - 2013-03-15 15:56 - 00000926 ____A C:\Users\Public\Desktop\LogMeIn Hamachi.lnk

2013-03-15 15:55 - 2013-03-15 15:55 - 04295168 ____A C:\Users\Daivd\Desktop\hamachi.msi

2013-03-15 15:55 - 2013-03-15 15:55 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

2013-03-15 15:53 - 2013-03-15 15:53 - 00393024 ____A (Softonic ) C:\Users\Daivd\Desktop\SoftonicDownloader_for_hamachi.exe

2013-03-15 15:31 - 2013-03-15 15:31 - 00003363 ____A C:\Windows\SysWOW64\server.log

2013-03-15 15:31 - 2013-03-15 15:31 - 00002515 ____A C:\Windows\SysWOW64\ForgeModLoader-0.log

2013-03-15 15:31 - 2013-03-15 15:31 - 00000202 ____A C:\Windows\SysWOW64\server.properties

2013-03-15 15:31 - 2013-03-15 15:31 - 00000000 ____D C:\Windows\SysWOW64\mods

2013-03-15 15:31 - 2013-03-15 15:31 - 00000000 ____A C:\Windows\SysWOW64\server.log.lck

2013-03-15 15:31 - 2013-03-15 15:31 - 00000000 ____A C:\Windows\SysWOW64\ForgeModLoader-0.log.lck

2013-03-15 15:21 - 2013-04-07 15:52 - 00000000 ____D C:\Users\Daivd\Desktop\Tekkit server

2013-03-14 17:10 - 2013-03-19 14:12 - 00000000 ____D C:\Users\Daivd\AppData\Roaming\.technic

2013-03-14 16:34 - 2013-03-19 13:04 - 02446236 ____A () C:\Users\Daivd\Desktop\TechnicLauncher.exe

2013-03-12 10:01 - 2013-03-12 10:01 - 00000562 ____A C:\Windows\wmsetup.log

2013-03-12 10:01 - 2013-03-12 10:01 - 00000000 ____D C:\Users\Daivd\Documents\DeadIsland

==================== One Month Modified Files and Folders =======

2013-04-10 01:15 - 2013-04-10 01:15 - 00000000 ____D C:\FRST

2013-04-09 20:40 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-04-09 20:40 - 2009-07-13 20:51 - 00032197 ____A C:\Windows\setupact.log

2013-04-09 20:39 - 2012-07-15 18:34 - 00090630 ____A C:\Windows\PFRO.log

2013-04-09 20:38 - 2012-07-15 17:09 - 01696020 ____A C:\Windows\WindowsUpdate.log

2013-04-09 20:38 - 2012-07-15 15:02 - 00000000 ____D C:\Program Files (x86)\Steam

2013-04-09 20:36 - 2009-07-13 21:13 - 00782902 ____A C:\Windows\System32\PerfStringBackup.INI

2013-04-09 20:36 - 2009-07-13 20:45 - 00013760 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-04-09 20:36 - 2009-07-13 20:45 - 00013760 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-04-09 20:33 - 2013-03-15 15:56 - 00000000 ____D C:\Users\Daivd\AppData\Local\LogMeIn Hamachi

2013-04-09 20:32 - 2012-07-17 11:30 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-04-09 20:29 - 2012-07-20 14:10 - 00000000 ____D C:\Users\Daivd\AppData\Roaming\Skype

2013-04-09 20:27 - 2013-04-09 20:27 - 00000000 ____D C:\ProgramData\sve

2013-04-09 20:26 - 2013-04-09 20:26 - 00096768 ____A C:\Users\Daivd\Desktop\mlhb.tmp

2013-04-09 20:26 - 2012-07-15 17:24 - 00000000 ____D C:\users\Daivd

2013-04-09 19:57 - 2012-07-17 11:30 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-04-09 19:41 - 2012-07-24 21:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-04-08 15:53 - 2013-03-23 10:14 - 00000000 ____D C:\Program Files (x86)\War Thunder

2013-04-07 15:52 - 2013-03-15 15:21 - 00000000 ____D C:\Users\Daivd\Desktop\Tekkit server

2013-04-07 14:07 - 2013-04-07 14:07 - 04911104 ____A C:\Users\Daivd\Desktop\ENGR ISYS 3010 HIRED Interview Success Mar 2013(1).ppt

2013-04-05 06:11 - 2012-07-16 06:01 - 00000000 ____D C:\Users\Daivd\AppData\Roaming\Xfire

2013-04-05 00:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2013-04-04 23:25 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK

2013-04-04 23:25 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR

2013-04-04 23:25 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK

2013-04-04 23:25 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR

2013-04-04 23:25 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-04-04 23:09 - 2013-04-04 23:01 - 00007985 ____A C:\Windows\IE10_main.log

2013-04-04 23:06 - 2013-04-04 23:06 - 19221504 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 15407616 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 14317568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-04-04 23:06 - 2013-04-04 23:06 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-04-04 23:06 - 2013-04-04 23:06 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-04-04 23:06 - 2013-04-04 23:06 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-04-04 23:06 - 2013-04-04 23:06 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2013-04-04 23:06 - 2013-04-04 23:06 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat

2013-04-04 23:06 - 2013-04-04 23:06 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00526848 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec

2013-04-04 23:06 - 2013-04-04 23:06 - 00391680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2013-04-04 23:06 - 2013-04-04 23:06 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx

2013-04-04 23:06 - 2013-04-04 23:06 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2013-04-04 23:06 - 2013-04-04 23:06 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2013-04-04 23:06 - 2013-04-04 23:06 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2013-04-04 23:06 - 2013-04-04 23:06 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2013-04-04 23:04 - 2013-04-04 23:04 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-04-04 23:04 - 2013-04-04 23:04 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-04-01 17:17 - 2012-07-17 10:48 - 00000000 ____D C:\Users\Daivd\Documents\my games

2013-04-01 17:16 - 2013-04-01 16:36 - 00000000 ____D C:\Program Files (x86)\BioShock Infinite

2013-04-01 17:11 - 2012-07-17 11:52 - 00320843 ____A C:\Windows\DirectX.log

2013-04-01 17:09 - 2013-04-01 17:09 - 00002235 ____A C:\Users\Public\Desktop\Launch BioShock Infinite.lnk

2013-04-01 17:09 - 2013-04-01 17:09 - 00002200 ____A C:\Users\Public\Desktop\Launch BioShock Infinite Benchmarking Utility.lnk

2013-04-01 16:01 - 2012-07-17 11:31 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2013-04-01 15:59 - 2013-04-01 15:16 - 00000000 ____D C:\Users\Daivd\Desktop\New Folder (3)

2013-04-01 15:15 - 2013-04-01 15:15 - 00000000 ____D C:\Users\Daivd\Desktop\New Folder (2)

2013-04-01 13:27 - 2013-03-23 10:14 - 00000000 ____D C:\ProgramData\WarThunder

2013-04-01 12:13 - 2013-01-28 18:47 - 00000000 ____D C:\ProgramData\HappyCloud

2013-04-01 11:55 - 2013-04-01 11:48 - 00000000 ____D C:\Users\Daivd\Desktop\BioShock_Infinite-FLT

2013-04-01 11:52 - 2012-07-16 07:05 - 00000000 ____D C:\Users\Daivd\Desktop\Games

2013-03-28 16:02 - 2012-07-16 06:01 - 00000000 ____D C:\ProgramData\Xfire

2013-03-28 16:02 - 2012-07-15 14:59 - 00000000 ____D C:\Program Files (x86)\Origin

2013-03-28 15:54 - 2012-07-16 06:01 - 00000000 ____D C:\Program Files (x86)\Xfire

2013-03-27 12:46 - 2013-03-27 12:46 - 00071680 ____A C:\Users\Daivd\Desktop\Queue.xls

2013-03-25 14:43 - 2013-04-01 14:22 - 4247060480 ____A C:\Users\Daivd\Desktop\flt-bina.iso

2013-03-24 08:55 - 2012-08-20 15:28 - 00000000 ____D C:\Windows\SysWOW64\directx

2013-03-24 08:54 - 2012-08-20 15:28 - 00000000 ___HD C:\Windows\msdownld.tmp

2013-03-23 10:14 - 2013-03-23 10:14 - 00000000 ____D C:\Users\Daivd\AppData\Local\WarThunder

2013-03-23 10:12 - 2012-08-19 21:42 - 00001298 ____A C:\Users\Daivd\Desktop\My DAP Downloads.lnk

2013-03-21 20:57 - 2012-08-20 15:28 - 00000000 ____D C:\Users\Daivd\AppData\Roaming\wargaming.net

2013-03-21 19:33 - 2012-07-17 11:34 - 00000000 ____D C:\Games

2013-03-21 08:42 - 2012-07-15 15:00 - 00000000 ____D C:\ProgramData\Origin

2013-03-21 08:41 - 2013-03-21 08:41 - 00000000 ____D C:\Users\Daivd\Documents\EA Games

2013-03-21 08:41 - 2013-03-21 08:41 - 00000000 ____D C:\Users\Daivd\AppData\Local\EA Games

2013-03-20 20:10 - 2013-03-20 20:10 - 00042880 ____A C:\Windows\SysWOW64\xfcodec.dll

2013-03-20 20:10 - 2013-03-20 20:10 - 00028544 ____A C:\Windows\System32\xfcodec64.dll

2013-03-20 19:09 - 2012-07-15 15:00 - 00000000 ____D C:\Program Files (x86)\Origin Games

2013-03-20 19:07 - 2013-03-20 06:23 - 00000000 ____D C:\Users\Daivd\Desktop\signals system

2013-03-19 18:50 - 2012-07-16 03:42 - 00000000 ____D C:\Users\Daivd\AppData\Local\PMB Files

2013-03-19 18:50 - 2012-07-16 03:41 - 00000000 ____D C:\ProgramData\PMB Files

2013-03-19 14:12 - 2013-03-14 17:10 - 00000000 ____D C:\Users\Daivd\AppData\Roaming\.technic

2013-03-19 13:04 - 2013-03-14 16:34 - 02446236 ____A () C:\Users\Daivd\Desktop\TechnicLauncher.exe

2013-03-19 13:01 - 2012-07-16 07:35 - 00000000 ____D C:\Users\Daivd\AppData\Roaming\.minecraft

2013-03-15 15:56 - 2013-03-15 15:56 - 00000926 ____A C:\Users\Public\Desktop\LogMeIn Hamachi.lnk

2013-03-15 15:55 - 2013-03-15 15:55 - 04295168 ____A C:\Users\Daivd\Desktop\hamachi.msi

2013-03-15 15:55 - 2013-03-15 15:55 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

2013-03-15 15:53 - 2013-03-15 15:53 - 00393024 ____A (Softonic ) C:\Users\Daivd\Desktop\SoftonicDownloader_for_hamachi.exe

2013-03-15 15:31 - 2013-03-15 15:31 - 00003363 ____A C:\Windows\SysWOW64\server.log

2013-03-15 15:31 - 2013-03-15 15:31 - 00002515 ____A C:\Windows\SysWOW64\ForgeModLoader-0.log

2013-03-15 15:31 - 2013-03-15 15:31 - 00000202 ____A C:\Windows\SysWOW64\server.properties

2013-03-15 15:31 - 2013-03-15 15:31 - 00000000 ____D C:\Windows\SysWOW64\mods

2013-03-15 15:31 - 2013-03-15 15:31 - 00000000 ____A C:\Windows\SysWOW64\server.log.lck

2013-03-15 15:31 - 2013-03-15 15:31 - 00000000 ____A C:\Windows\SysWOW64\ForgeModLoader-0.log.lck

2013-03-14 17:08 - 2012-07-16 07:27 - 00000000 ____D C:\Users\Daivd\AppData\Roaming\.techniclauncher

2013-03-14 05:37 - 2012-11-29 06:42 - 00000000 ____D C:\Users\Daivd\AppData\Local\Akamai

2013-03-13 23:07 - 2013-02-14 00:34 - 00000127 ____A C:\Windows\System32\MRT.INI

2013-03-13 23:04 - 2012-09-07 21:19 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-03-13 23:04 - 2012-07-15 16:14 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-03-13 09:41 - 2012-07-17 11:30 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-03-13 09:41 - 2012-07-17 11:30 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-03-12 10:01 - 2013-03-12 10:01 - 00000562 ____A C:\Windows\wmsetup.log

2013-03-12 10:01 - 2013-03-12 10:01 - 00000000 ____D C:\Users\Daivd\Documents\DeadIsland

ZeroAccess:

C:\$Recycle.Bin\S-1-5-21-4221051904-712551184-2265908332-1000\$7a6e0f0ca26cd7468ad186046e2d5299

ZeroAccess:

C:\$Recycle.Bin\S-1-5-18\$7a6e0f0ca26cd7468ad186046e2d5299

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-03-30 06:06:55

Restore point made on: 2013-04-01 17:10:23

Restore point made on: 2013-04-04 23:00:29

==================== Memory info ===========================

Percentage of memory in use: 10%

Total physical RAM: 8187.49 MB

Available physical RAM: 7341.56 MB

Total Pagefile: 8185.64 MB

Available Pagefile: 7339.59 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:1397.17 GB) (Free:765.75 GB) NTFS

3 Drive f: (FreeAgent Drive) (Fixed) (Total:298.09 GB) (Free:123.66 GB) NTFS

4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

5 Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 1397 GB 0 B

Disk 1 Online 298 GB 1024 KB

Partitions of Disk 0:

===============

Disk ID: EC7AEC7A

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 1397 GB 101 MB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y NTFS Partition 100 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 1397 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Disk ID: A4B57300

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 298 GB 31 KB

==================================================================================

Disk: 1

Partition 1

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F FreeAgent D NTFS Partition 298 GB Healthy

=========================================================

============================== MBR Partition Table ==================

==============================

Partitions of Disk 0:

===============

Disk ID: EC7AEC7A

Partition 1:

=========

Hex: 8020210007DF130C0008000000200300

Active: YES

Type: 07 (NTFS)

Size: 100 MB

Partition 2:

=========

Hex: 00DF140C07FEFFFF002803000048A5AE

Active: NO

Type: 07 (NTFS)

Size: -698828718080 byte

==============================

Partitions of Disk 1:

===============

Disk ID: A4B57300

Partition 1:

=========

Hex: 0001010007FEFFFF3F00000082D64225

Active: NO

Type: 07 (NTFS)

Size: 298 GB

Last Boot: 2013-04-03 22:00

==================== End Of Log =============================

[Tomk1]

OK... I need a little more information.

Hello im having trouble with an FBI virsus

When you try to boot your system... what happens?

[jonesda]

Windows started up, it took a while for my desktop to show up.... and now there is a white screen. Can not open up task manager or do anything.

[jonesda]

Also when i started up my computer i did so without plugging in the network cable, and i can see my mouse cursor

[Tomk1]

Why do you say it is the FBI virus? Does anything about the FBI show up anywhere?

When did this start happening?

[jonesda]

if i plug in the network cable, it comes up with a warning saying taht this computer has been locked please go to your local store and buy a money pack. has fbi in the screen as well.

[jonesda]

sorry didnt answer all your questions the fbi warning first popped up around 11:00 pm april 10

[jonesda]

and the sum it is asking for is 300

[Tomk1]

I wanted to know because we may have to do a restore to a point before the problem.

Let's give this a try.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

HKU\Daivd\...\Winlogon: [Shell] C:\Users\Daivd\AppData\Roaming\mcafee.ini,explorer.exe
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$7a6e0f0ca26cd7468ad186046e2d5299\n.
C:\$Recycle.Bin\S-1-5-21-4221051904-712551184-2265908332-1000\$7a6e0f0ca26cd7468ad186046e2d5299
C:\$Recycle.Bin\S-1-5-18\$7a6e0f0ca26cd7468ad186046e2d5299

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

[jonesda]

here is the log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2013

Ran by SYSTEM at 2013-04-10 12:04:51 Run:1

Running from F:\

==============================================

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default value was restored successfully .

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}] should be deleted in normal mode (if present).

HKEY_USERS\Daivd\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully.

==== End of Fixlog ====

[jonesda]

this is probably not very important but i will be out for a while and wont be able to post anything back till about 3:30 est.

[Tomk1]

When you get back.

Please try to boot up normally...

If you cannot... please see if you can boot into any of the safe modes. Try safe mode with network first, then safe mode, then safe mode with command prompt.

[jonesda]

I am back, and I am booting up my computer.

[jonesda]

i was able to boot up successfully with no problems. Anything else you want me to do?

[Tomk1]

Yes... more to do.

Your computer appears to have been infected by a backdoor trojan. These programs have the ability to steal passwords and other information from your system. If you use your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

• Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  
• Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  
• Consider what other private information could possibly have been taken from your computer and take appropriate steps
  

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

If you wish to reformat then please let me know in your next response, I'll now continue with instructions for cleaning.

Download ComboFix from here: http://download.blee...Bs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html
  
• Double click on ComboFix.exe & follow the prompts.
  

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

[jonesda]

Will combo fix damage anything on my computer. I have ran combofix before on another computer but that resulted in me being unable to start my computer due to some system files being damage or corrupted not sure which im not very tech savy. and i had to do a complete wipe and rebuild of my computer.

[Tomk1]

Combofix will not corrupt anything on your computer... but it will remove infected files. If a system file is corrupt it will try to replace it. I've never had combofix render a system unbootable... but I know several years ago there was a specific rootkit infection that left systems unbootable if CF ripped it out. I do not believe that you are at risk... but the fact is that there is some risk with any of our tools.

[jonesda]

ok so for the past little while now i have been trying to disable symantec. and well it says its disabled but when i try and run combo fix it says that it is still running. Tried looking this up followed the links but its not working.

[jonesda]

btw i am in safe mode without networking trying to run combofix

[jonesda]

ok after much more effort i was able to disable symantec and run combofix. it is currently running now

[jonesda]

ComboFix 13-04-10.02 - Daivd 04/10/2013 20:52:57.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.8187.6540 [GMT -4:00]

Running from: c:\users\Daivd\Desktop\ComboFix.exe

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\program files (x86)\Savings Sidekick

c:\users\Daivd\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1749031A-E30D-4B58-B70E-EC702C244E0E}.xps

c:\users\Daivd\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll

c:\users\Daivd\AppData\Roaming\Microsoft\Windows\.data

c:\windows\SysWow64\server.log

.

.

((((((((((((((((((((((((( Files Created from 2013-03-11 to 2013-04-11 )))))))))))))))))))))))))))))))

.

.

2013-04-10 09:15 . 2013-04-10 09:15 -------- d-----w- C:\FRST

2013-04-10 04:27 . 2013-04-10 04:27 -------- d-----w- c:\programdata\sve

2013-04-05 07:04 . 2013-04-05 07:04 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-04-02 00:36 . 2013-04-02 01:16 -------- d-----w- c:\program files (x86)\BioShock Infinite

2013-03-23 18:14 . 2013-04-01 21:27 -------- d-----w- c:\programdata\WarThunder

2013-03-23 18:14 . 2013-03-23 18:14 -------- d-----w- c:\users\Daivd\AppData\Local\WarThunder

2013-03-23 18:14 . 2013-04-08 23:53 -------- d-----w- c:\program files (x86)\War Thunder

2013-03-21 16:41 . 2013-03-21 16:41 -------- d-----w- c:\users\Daivd\AppData\Local\EA Games

2013-03-21 04:10 . 2013-03-21 04:10 42880 ----a-w- c:\windows\SysWow64\xfcodec.dll

2013-03-21 04:10 . 2013-03-21 04:10 28544 ----a-w- c:\windows\system32\xfcodec64.dll

2013-03-20 20:31 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-03-15 23:56 . 2013-04-11 01:03 -------- d-----w- c:\users\Daivd\AppData\Local\LogMeIn Hamachi

2013-03-15 23:55 . 2013-03-15 23:55 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2013-03-15 23:31 . 2013-03-15 23:31 -------- d-----w- c:\windows\SysWow64\mods

2013-03-15 01:10 . 2013-03-19 22:12 -------- d-----w- c:\users\Daivd\AppData\Roaming\.technic

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-04 18:50 . 2013-02-07 03:20 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-13 17:41 . 2012-07-17 19:30 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-13 17:41 . 2012-07-17 19:30 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-02-13 01:46 . 2012-08-09 05:59 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2013-02-13 01:46 . 2012-07-17 23:16 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-02-12 05:45 . 2013-03-13 17:14 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-13 17:14 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-13 17:14 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-03-13 17:14 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-03-13 17:14 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-13 17:14 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-02-05 02:49 . 2012-07-16 00:14 70004024 ----a-w- c:\windows\system32\MRT.exe

2013-02-03 18:42 . 2012-07-17 23:16 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}]

2012-08-20 05:41 427688 ----a-w- c:\program files (x86)\DAP\LinkVerifier.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-03-29 1631144]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-17 39408]

"DownloadAccelerator"="c:\program files (x86)\DAP\DAP.EXE" [2012-08-20 3774680]

"Akamai NetSession Interface"="c:\users\Daivd\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-08-10 115560]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"Zboard"="c:\program files (x86)\Ideazon\ZEngine\Zboard.exe" [2011-02-22 182784]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-10-11 336304]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-14 2255360]

.

c:\users\Daivd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2013-3-21 3560832]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-16 1255736]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-14 2466304]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-05 283200]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]

S3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys [2012-08-17 110592]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-04-02 00:00 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-17 17:41]

.

2013-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-17 19:30]

.

2013-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-17 19:30]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-11 8114720]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;<local>

IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm

IE: &Verify with DAP - c:\program files (x86)\DAP\dapverify.htm

IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files (x86)\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files (x86)\DAP\dapie.dll

FF - ProfilePath - c:\users\Daivd\AppData\Roaming\Mozilla\Firefox\Profiles\epeey5gn.default\

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{3bbd3c14-4c16-4989-8366-95bc9179779d} - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

SafeBoot-Symantec Antvirus

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

WebBrowser-{3BBD3C14-4C16-4989-8366-95BC9179779D} - (no file)

HKLM-Run-spupr - c:\users\Daivd\AppData\Roaming\spupr.dll

AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe

AddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe

AddRemove-GOM Player - c:\program files (x86)\GRETECH\GomPlayer\Uninstall.exe

AddRemove-Uplay - c:\program files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe

AddRemove-Xfire - c:\program files (x86)\Xfire\uninst.exe

AddRemove-{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88} - c:\program files (x86)\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\setup.exe

AddRemove-TeamSpeak 3 Client - c:\users\Daivd\AppData\Local\TeamSpeak 3 Client\uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

.

**************************************************************************

.

Completion time: 2013-04-10 21:12:55 - machine was rebooted

ComboFix-quarantined-files.txt 2013-04-11 01:12

.

Pre-Run: 891,991,306,240 bytes free

Post-Run: 892,803,317,760 bytes free

.

- - End Of File - - 6CEECD6489C0B72C67957DB4C9C1C7B0

[Tomk1]

That is looking good.

I'd like to run another program that I don't expect to find much... but we don't want any trace of the backdoor left.

• Download RogueKiller and save it to your desktop.
  
• Quit all other programs
  
• Start RogueKiller.exe
  
• Wait until the Prescan has finished ...
  
• Click on Scan
  
  
• Wait for the end of the scan
  
• A report will be created on your desktop.
  
• Click on the Delete button
  
  
• Next click on the ShortcutsFix
  
  
• another report will be created on your desktop.
  

Please post: All RKreport.txt text files located on your desktop.

[jonesda]

Would it be ok to run this over night real quick and give you a reply in the morning?