Jump to content

Corrupted or infected.

dadgumdabit
 Share

Recommended Posts

dadgumdabit

dadgumdabit

Posted
Posted

May have really messed up.  Had used malwarebytes and combofix many years ago to correct issues.

 

Can't load malwarebyes using any of the methods recommeded.  Get falled to load "vbalGrid.com" from vbalsgrid6.exe ocx. . . .  Then get run-time error 372.  I should have came to you at this point.

 

Tried combofix, rkill,  roguekiller, and several other removal tools that I could load.  Not all will.  Normally use Microsoft Security Essentials, but no hits.  Now using trial version of Webroot secureanywhere and Spybot.  I'm getting leaving secure location and unsecure location errors at random.  Can stop program, just close these and program continues.

 

Worse part. got telephone call yesterday.  Heavy Indian(?) accent.ransoming me as microsoft repair. allowed to access computer at first using "abbyy" site.  Smart right?  When he asked about 1 yr program for 199$ I shut off computer and modem.  Ran virus programs, combofix and rkill. Changed all bank and  credit carf acccount passwords.  Still no joy on restoring system.

 

Here are DDS txt, Attach.txt, and last combofix.

 

Thank you.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16496  BrowserJavaVersion: 10.21.2
Run by Calvin at 9:13:01 on 2013-07-26
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8191.6021 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\notepad.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRun: [Crave World Clock] C:\Program Files (x86)\CraveWorldClock14\CWClock.exe
uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
uRun: [spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [1] C:\Users\Calvin\Desktop\bambam\mbam-chameleon.exe /r /p
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.


TCP: NameServer = 192.168.0.1
TCP: Interfaces\{19BCE357-FCC4-4BBA-BF0C-007C39743E8C} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{7F30B669-D53D-460F-9BF6-43D090FBDBB9}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{7F30B669-D53D-460F-9BF6-43D090FBDBB9}\E4564776561627234376 : DHCPNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [MsmqIntCert] regsvr32 /s mqrt.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]
R0 hotcore3;hc3ServiceName;C:\Windows\System32\drivers\hotcore3.sys [2012-2-21 37456]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-12-12 56336]
R0 WRkrn;WRkrn;C:\Windows\System32\drivers\WRkrn.sys [2013-7-24 114184]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-7-4 45856]
R1 StarPortLite;StarPort Storage Controller (Lite);C:\Windows\System32\drivers\StarPortLite.sys [2013-4-7 120704]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2013-7-24 742408]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-21 471144]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-8-18 38456]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-17 171600]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 237056]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-3-28 361984]
S2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
S2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
S2 CLKMSVC10_C6F09094;CyberLink Product - 2010/08/18 00:50:43;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-8-18 245232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2013-6-28 2571704]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]
S2 ftpsvc;Microsoft FTP Service;C:\Windows\System32\svchost.exe -k ftpsvc [2009-7-13 27136]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
S2 KooRaRooMediaServer;KooRaRoo Media Server;C:\Program Files (x86)\KooRaRoo Media\KooRaRooMediaServer.exe [2012-9-21 4958968]
S2 RalinkRegistryWriter;RalinkRegistryWriter;C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [2012-8-20 372736]
S2 RalinkRegistryWriter64;RalinkRegistryWriter64;C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2012-8-20 447488]
S2 RaMediaServer;Ralink UPnP Media Server;C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [2012-8-20 625728]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;"C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe" --> C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [?]
S2 ReimageRealTimeProtection;Reimage Real Time Protection;C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe [2013-7-10 4251496]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-7-21 1817560]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-7-21 1033688]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-7-21 171928]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-9-16 46136]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [2012-3-10 29288]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
S3 AuviUDTV;AuviUDTV ATSC Capture Device;C:\Windows\System32\drivers\AuviUDTV64.sys [2009-11-14 1905664]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2010-12-28 35840]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [2011-10-28 276256]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-19 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 139616]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-26 19456]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-26 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-20 1255736]
S3 WMSVC;Web Management Service;C:\Windows\System32\inetsrv\WMSvc.exe [2009-7-13 10752]
S4 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWow64\CScript.exe "%1" %*
FileExt: .wsf: WSFFile=C:\Windows\SysWow64\CScript.exe "%1" %*
ShellExec: PortraitProfessional.exe: open="C:\Program Files (x86)\Portrait Professional 11 Trial\PortraitProfessionalTrial.exe" /P "%1"
ShellExec: SmartPhotoEditor.exe: open="C:\Program Files (x86)\Smart Photo Editor Trial\SmartPhotoEditorTrial.exe" "%1"
.
=============== Created Last 30 ================
.
2013-07-26 12:58:28 -------- d-sh--w- C:\$RECYCLE.BIN
2013-07-26 07:09:01 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-07-26 06:04:59 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F672A660-02FF-4694-AFAE-F7FDC4798CD3}\mpengine.dll
2013-07-26 04:38:12 -------- d-----w- C:\ProgramData\SUPERSetup
2013-07-25 20:20:47 -------- d-----w- C:\19da729215322cf04a1d
2013-07-25 18:59:33 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-25 14:39:18 -------- d-----w- C:\Users\Calvin\AppData\Roaming\LockHunter
2013-07-25 14:38:19 -------- d-----w- C:\Program Files (x86)\LockHunter
2013-07-25 13:25:26 -------- d-----w- C:\MATS
2013-07-25 04:24:41 -------- d--h--w- C:\Windows\msdownld.tmp
2013-07-25 04:24:35 -------- d-----w- C:\Windows\SysWow64\directx
2013-07-25 03:01:37 -------- d-----w- C:\Program Files (x86)\NoVirusThanks
2013-07-25 02:29:36 -------- d-----w- C:\Windows\System32\msmq
2013-07-25 02:03:19 13824 ----a-w- C:\Windows\System32\ffnd.exe
2013-07-25 00:29:53 -------- d-----w- C:\Users\Calvin\AppData\Roaming\FreeFixer
2013-07-25 00:29:53 -------- d-----w- C:\Users\Calvin\AppData\Local\FreeFixer
2013-07-25 00:29:41 -------- d-----w- C:\Program Files\FreeFixer
2013-07-25 00:03:21 -------- d-----w- C:\Users\Calvin\AppData\Roaming\ParetoLogic
2013-07-25 00:03:12 -------- d-----w- C:\ProgramData\ParetoLogic
2013-07-25 00:03:12 -------- d-----w- C:\Program Files (x86)\ParetoLogic
2013-07-24 23:30:26 -------- d-----w- C:\programs
2013-07-24 21:47:08 -------- d-----w- C:\Users\Calvin\AppData\Roaming\QuickScan
2013-07-24 21:12:45 9842040 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe
2013-07-24 21:12:33 -------- d-----w- C:\Users\Calvin\AppData\Local\lptmp705597785
2013-07-24 20:57:45 151728 ----a-w- C:\Windows\SysWow64\WRusr.dll
2013-07-24 20:57:45 114184 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2013-07-24 20:57:45 104360 ----a-w- C:\Windows\System32\WRusr.dll
2013-07-24 20:57:42 -------- d-----w- C:\Program Files\Webroot
2013-07-24 20:57:38 -------- d-----w- C:\ProgramData\WRData
2013-07-24 19:34:13 98816 ----a-w- C:\Windows\sed.exe
2013-07-24 19:34:13 256000 ----a-w- C:\Windows\PEV.exe
2013-07-24 19:34:13 208896 ----a-w- C:\Windows\MBR.exe
2013-07-24 19:09:35 -------- d-----w- C:\MYBEAR2
2013-07-24 18:51:20 -------- d-----w- C:\Program Files\Reimage
2013-07-24 18:51:17 -------- d-----w- C:\rei
2013-07-24 18:30:27 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-07-24 18:30:25 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2013-07-24 18:30:25 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2013-07-23 17:39:31 -------- d-----w- C:\Users\Calvin\AppData\Roaming\spotmau
2013-07-23 17:38:54 -------- d-----w- C:\ProgramData\TuneUp360
2013-07-23 04:08:26 -------- d-----w- C:\MYBEAR Camo
2013-07-23 02:30:15 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-23 02:23:28 -------- d-----w- C:\MYBEAR
2013-07-22 14:17:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-22 04:12:18 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-07-22 04:11:58 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-07-22 04:11:51 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-22 00:49:19 207968 ----a-w- C:\Windows\System32\drivers\38363099.sys
2013-07-21 21:53:13 -------- d-----w- C:\TDSSKiller_Quarantine
2013-07-21 21:50:43 208216 ----a-w- C:\Windows\System32\drivers\30003090.sys
2013-07-21 19:33:52 -------- d-----w- C:\Users\Calvin\AppData\Roaming\Malwarebytes
2013-07-21 19:16:18 -------- d-----w- C:\ProgramData\Malwarebytes
2013-07-21 17:28:03 972712 ----a-w- C:\Windows\System32\deployJava1.dll
2013-07-21 17:28:03 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-07-21 17:28:00 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-07-18 14:51:03 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{42C251B7-AD65-4BDA-8A0F-8F2B146B649D}\gapaengine.dll
2013-07-17 08:00:32 -------- d-----w- C:\Windows\System32\MRT
2013-07-17 03:50:18 92 ----a-w- C:\Windows\DeleteOnReboot.bat
2013-07-17 03:03:54 -------- d-----w- C:\Windows\ERUNT
2013-07-14 06:49:33 -------- d-----w- C:\Program Files (x86)\Disk Doctors FAT Data Recovery (Demo)
2013-07-14 06:23:19 -------- d-----w- C:\Program Files (x86)\Stellar Phoenix JPEG Repair
2013-07-14 06:09:41 -------- d-----w- C:\Program Files (x86)\Tenorshare Data Recovery Professional
2013-07-14 03:47:11 -------- d-----w- C:\Program Files (x86)\Virtual Console
2013-07-12 04:54:17 -------- d-----w- C:\Windows\SysWow64\spool
2013-07-12 04:52:58 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2013-07-11 23:38:03 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-11 23:38:02 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-11 23:38:02 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-11 23:38:02 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-11 23:38:02 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-11 23:38:00 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-11 23:38:00 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-11 23:37:58 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-11 23:37:58 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-11 23:37:38 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-11 23:37:35 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-11 23:37:35 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-11 23:37:35 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-11 23:37:35 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 23:37:34 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 23:36:50 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-11 23:36:50 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-10 02:58:44 -------- d-----w- C:\Program Files (x86)\PhotoRescue Wizard PC
2013-07-09 17:47:27 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-09 17:47:27 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-04 15:26:28 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-07-04 15:25:41 -------- d-----w- C:\ProgramData\Common Files
2013-07-02 13:27:51 97176 ----a-w- C:\Windows\SysWow64\ElbyCDIO.dll
2013-06-30 07:00:42 192000 ----a-w- C:\Windows\System32\iisRtl.dll
2013-06-30 07:00:41 55296 ----a-w- C:\Windows\System32\admwprox.dll
2013-06-30 07:00:41 154624 ----a-w- C:\Windows\SysWow64\iisRtl.dll
2013-06-30 07:00:40 50688 ----a-w- C:\Windows\SysWow64\admwprox.dll
2013-06-30 07:00:39 60928 ----a-w- C:\Windows\System32\ahadmin.dll
2013-06-30 07:00:39 16896 ----a-w- C:\Windows\System32\iisreset.exe
2013-06-30 07:00:39 15360 ----a-w- C:\Windows\SysWow64\iisreset.exe
2013-06-30 07:00:39 14848 ----a-w- C:\Windows\System32\wamregps.dll
2013-06-30 07:00:38 8192 ----a-w- C:\Windows\SysWow64\iisrstap.dll
2013-06-30 07:00:38 26624 ----a-w- C:\Windows\SysWow64\ahadmin.dll
2013-06-30 07:00:38 11264 ----a-w- C:\Windows\System32\iisrstap.dll
2013-06-30 07:00:38 10752 ----a-w- C:\Windows\SysWow64\wamregps.dll
2013-06-30 05:04:58 -------- d-----w- C:\Program Files (x86)\SDA
2013-06-29 14:40:20 -------- d-----w- C:\ProgramData\Recovery
2013-06-29 14:03:20 -------- d-----w- C:\Windows\SysWow64\BestPractices
2013-06-29 14:03:08 -------- d-----w- C:\Windows\System32\BestPractices
2013-06-29 14:02:57 -------- d-----w- C:\inetpub
2013-06-28 19:39:10 -------- d-----w- C:\Program Files (x86)\CodeMeter
2013-06-28 19:39:03 -------- d-----w- C:\Program Files (x86)\GetData
.
==================== Find3M  ====================
.
2013-06-19 02:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-06-19 02:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-05-29 05:43:16 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-29 05:35:44 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-05-29 05:34:14 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-05-29 05:29:56 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-05-29 05:29:02 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-05-29 05:25:09 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-29 01:50:14 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-29 01:41:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-05-29 01:41:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-29 01:37:15 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-05-29 01:36:09 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-05-29 01:33:22 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-19 11:04:48 142424 ----a-w- C:\Windows\SysWow64\drivers\AnyDVD.sys
2013-05-19 11:04:48 142424 ----a-w- C:\Windows\System32\drivers\AnyDVD.sys
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-05-01 08:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 08:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH:  9:13:08.13 ===============

 

 

 

.

 

Don't know if you need, but here is last Combofix log:

 

ComboFix 13-07-25.02 - Calvin 07/26/2013   2:24.12.6 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8191.7153 [GMT -5:00]
Running from: c:\users\Calvin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-26 to 2013-07-26  )))))))))))))))))))))))))))))))
.
.
2013-07-26 07:33 . 2013-07-26 07:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-26 07:18 . 2013-07-26 07:18 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-07-26 07:09 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-26 06:04 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F672A660-02FF-4694-AFAE-F7FDC4798CD3}\mpengine.dll
2013-07-26 04:38 . 2013-07-26 04:41 -------- d-----w- c:\programdata\SUPERSetup
2013-07-25 20:20 . 2013-07-25 20:20 -------- d-----w- C:\19da729215322cf04a1d
2013-07-25 18:59 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-25 16:29 . 2013-07-25 16:29 -------- d-----w- c:\program files (x86)\Windows Defender
2013-07-25 16:28 . 2013-07-25 16:28 -------- d-----w- c:\program files\Windows Defender
2013-07-25 14:39 . 2013-07-25 14:39 -------- d-----w- c:\users\Calvin\AppData\Roaming\LockHunter
2013-07-25 14:38 . 2013-07-25 14:38 -------- d-----w- c:\program files (x86)\LockHunter
2013-07-25 13:25 . 2013-07-25 13:25 -------- d-----w- C:\MATS
2013-07-25 03:01 . 2013-07-25 03:01 -------- d-----w- c:\program files (x86)\NoVirusThanks
2013-07-25 02:29 . 2013-07-26 07:06 458752 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2013-07-25 02:29 . 2013-07-25 02:29 -------- d-----w- c:\windows\system32\msmq
2013-07-25 02:03 . 2010-03-08 10:10 13824 ----a-w- c:\windows\system32\ffnd.exe
2013-07-25 00:29 . 2013-07-25 02:03 -------- d-----w- c:\users\Calvin\AppData\Roaming\FreeFixer
2013-07-25 00:29 . 2013-07-25 00:32 -------- d-----w- c:\users\Calvin\AppData\Local\FreeFixer
2013-07-25 00:29 . 2013-07-25 00:29 -------- d-----w- c:\program files\FreeFixer
2013-07-25 00:03 . 2013-07-25 00:03 -------- d-----w- c:\users\Calvin\AppData\Roaming\ParetoLogic
2013-07-25 00:03 . 2013-07-26 04:13 -------- d-----w- c:\programdata\ParetoLogic
2013-07-25 00:03 . 2013-07-26 04:13 -------- d-----w- c:\program files (x86)\ParetoLogic
2013-07-24 23:30 . 2013-07-24 23:30 -------- d-----w- C:\programs
2013-07-24 21:47 . 2013-07-24 22:04 -------- d-----w- c:\users\Calvin\AppData\Roaming\QuickScan
2013-07-24 21:12 . 2013-07-24 21:12 9842040 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe
2013-07-24 21:12 . 2013-07-24 21:12 -------- d-----w- c:\users\Calvin\AppData\Local\lptmp705597785
2013-07-24 20:57 . 2013-07-24 20:57 151728 ----a-w- c:\windows\SysWow64\WRusr.dll
2013-07-24 20:57 . 2013-07-24 20:57 114184 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2013-07-24 20:57 . 2013-07-24 20:57 104360 ----a-w- c:\windows\system32\WRusr.dll
2013-07-24 20:57 . 2013-07-24 20:57 -------- d-----w- c:\program files\Webroot
2013-07-24 20:57 . 2013-07-26 05:37 -------- d-----w- c:\programdata\WRData
2013-07-24 18:51 . 2013-07-24 18:51 -------- d-----w- c:\program files\Reimage
2013-07-24 18:51 . 2013-07-24 18:53 -------- d-----w- C:\rei
2013-07-24 18:30 . 2013-07-24 18:30 -------- d-----w- c:\program files (x86)\AMD AVT
2013-07-24 18:30 . 2013-07-26 04:28 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2013-07-24 18:30 . 2013-07-24 18:30 -------- d-----w- c:\program files\Common Files\ATI Technologies
2013-07-23 17:39 . 2013-07-23 17:39 -------- d-----w- c:\users\Calvin\AppData\Roaming\spotmau
2013-07-23 17:38 . 2013-07-24 15:34 -------- d-----w- c:\programdata\TuneUp360
2013-07-23 04:08 . 2013-07-23 04:21 -------- d-----w- C:\MYBEAR Camo
2013-07-23 02:30 . 2013-07-25 16:52 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-23 02:23 . 2013-07-23 04:20 -------- d-----w- C:\MYBEAR
2013-07-22 14:17 . 2013-07-26 07:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-22 04:12 . 2013-07-22 05:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-07-22 04:11 . 2009-01-25 18:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-07-22 04:11 . 2013-07-22 04:14 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-07-22 00:49 . 2013-07-22 00:49 207968 ----a-w- c:\windows\system32\drivers\38363099.sys
2013-07-21 21:53 . 2013-07-24 22:46 -------- d-----w- C:\TDSSKiller_Quarantine
2013-07-21 21:50 . 2013-07-21 21:50 208216 ----a-w- c:\windows\system32\drivers\30003090.sys
2013-07-21 19:33 . 2013-07-21 19:33 -------- d-----w- c:\users\Calvin\AppData\Roaming\Malwarebytes
2013-07-21 19:16 . 2013-07-21 19:16 -------- d-----w- c:\programdata\Malwarebytes
2013-07-21 17:28 . 2013-07-21 17:27 312232 ----a-w- c:\windows\system32\javaws.exe
2013-07-21 17:28 . 2013-07-21 17:27 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-21 17:28 . 2013-07-21 17:27 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-21 17:28 . 2013-07-21 17:27 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-07-21 17:28 . 2013-07-21 17:27 189352 ----a-w- c:\windows\system32\javaw.exe
2013-07-21 17:28 . 2013-07-21 17:27 188840 ----a-w- c:\windows\system32\java.exe
2013-07-18 14:51 . 2013-07-17 02:33 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42C251B7-AD65-4BDA-8A0F-8F2B146B649D}\gapaengine.dll
2013-07-17 08:00 . 2013-07-22 08:05 -------- d-----w- c:\windows\system32\MRT
2013-07-17 03:50 . 2013-07-17 03:50 92 ----a-w- c:\windows\DeleteOnReboot.bat
2013-07-17 03:03 . 2013-07-17 17:39 -------- d-----w- c:\windows\ERUNT
2013-07-14 06:49 . 2013-07-14 14:43 -------- d-----w- c:\program files (x86)\Disk Doctors FAT Data Recovery (Demo)
2013-07-14 06:23 . 2013-07-14 06:23 -------- d-----w- c:\program files (x86)\Stellar Phoenix JPEG Repair
2013-07-14 06:09 . 2013-07-14 06:09 -------- d-----w- c:\program files (x86)\Tenorshare Data Recovery Professional
2013-07-14 03:47 . 2013-07-14 03:47 -------- d-----w- c:\program files (x86)\Virtual Console
2013-07-12 04:54 . 2013-07-12 04:54 -------- d-----w- c:\programdata\HP Product Assistant
2013-07-12 04:54 . 2013-07-12 04:54 -------- d-----w- c:\windows\SysWow64\spool
2013-07-12 04:52 . 2013-07-12 04:52 -------- d-----w- c:\program files (x86)\Common Files\HP
2013-07-11 23:38 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-11 23:38 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-11 23:37 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-11 23:37 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-11 23:37 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-11 23:37 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-11 23:37 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-11 23:37 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-11 23:37 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 23:37 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 23:36 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-11 23:36 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-10 02:58 . 2013-07-11 23:25 -------- d-----w- c:\program files (x86)\PhotoRescue Wizard PC
2013-07-08 05:05 . 2013-07-09 17:29 -------- d-----w- c:\users\DefaultAppPool
2013-07-04 15:26 . 2013-07-04 15:26 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-07-04 15:25 . 2013-07-04 15:25 -------- d-----w- c:\programdata\Common Files
2013-07-02 13:27 . 2013-07-02 13:27 97176 ----a-w- c:\windows\SysWow64\ElbyCDIO.dll
2013-06-30 07:00 . 2012-06-01 05:36 192000 ----a-w- c:\windows\system32\iisRtl.dll
2013-06-30 07:00 . 2012-06-01 05:34 55296 ----a-w- c:\windows\system32\admwprox.dll
2013-06-30 07:00 . 2012-06-01 04:37 154624 ----a-w- c:\windows\SysWow64\iisRtl.dll
2013-06-30 07:00 . 2012-06-01 04:35 50688 ----a-w- c:\windows\SysWow64\admwprox.dll
2013-06-30 07:00 . 2012-06-01 05:39 14848 ----a-w- c:\windows\system32\wamregps.dll
2013-06-30 07:00 . 2012-06-01 05:35 60928 ----a-w- c:\windows\system32\ahadmin.dll
2013-06-30 07:00 . 2012-06-01 05:33 16896 ----a-w- c:\windows\system32\iisreset.exe
2013-06-30 07:00 . 2012-06-01 04:34 15360 ----a-w- c:\windows\SysWow64\iisreset.exe
2013-06-30 07:00 . 2012-06-01 05:36 11264 ----a-w- c:\windows\system32\iisrstap.dll
2013-06-30 07:00 . 2012-06-01 04:40 10752 ----a-w- c:\windows\SysWow64\wamregps.dll
2013-06-30 07:00 . 2012-06-01 04:37 8192 ----a-w- c:\windows\SysWow64\iisrstap.dll
2013-06-30 07:00 . 2012-06-01 04:35 26624 ----a-w- c:\windows\SysWow64\ahadmin.dll
2013-06-30 05:04 . 2013-06-30 05:04 -------- d-----w- c:\program files (x86)\SDA
2013-06-29 14:40 . 2013-06-29 14:40 -------- d-----w- c:\programdata\Recovery
2013-06-29 14:03 . 2013-06-29 14:03 -------- d-----w- c:\windows\SysWow64\BestPractices
2013-06-29 14:03 . 2013-06-29 14:03 -------- d-----w- c:\windows\system32\BestPractices
2013-06-29 14:02 . 2013-07-25 02:25 -------- d-----w- C:\inetpub
2013-06-28 19:39 . 2013-06-28 19:39 -------- d-----w- c:\program files (x86)\CodeMeter
2013-06-28 19:39 . 2013-06-28 19:39 -------- d-----w- c:\program files (x86)\GetData
2013-06-26 21:04 . 2013-07-01 22:18 -------- d-----w- c:\program files\Recuva
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-17 02:33 . 2011-03-25 14:28 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-24 05:57 . 2010-12-22 00:39 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-19 02:50 . 2013-06-19 02:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-19 02:50 . 2010-10-25 03:25 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-05-19 11:04 . 2013-05-19 11:04 142424 ----a-w- c:\windows\SysWow64\drivers\AnyDVD.sys
2013-05-19 11:04 . 2013-05-19 11:04 142424 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2013-05-13 05:51 . 2013-06-24 02:58 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-24 02:58 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-24 02:58 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-24 02:58 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-24 02:58 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-24 02:58 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-24 02:58 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-24 02:58 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-24 02:58 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-24 02:58 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-24 02:59 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-24 02:59 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-24 02:59 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-02 15:29 . 2010-12-18 17:54 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 08:59 . 2013-05-01 08:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 08:59 . 2013-05-01 08:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-10-24 393216]
"Crave World Clock"="c:\program files (x86)\CraveWorldClock14\CWClock.exe" [2011-01-22 2404352]
"CAHeadless"="c:\program files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2012-09-17 840784]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-05-16 3642312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-29 642656]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2013-07-24 742408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
"1"="c:\users\Calvin\Desktop\bambam\mbam-chameleon.exe" [2012-08-15 218184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"AMD AVT"=Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files (x86)\AMD AVT\bin\kdbsync.exe" aml
.
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]
R2 CLKMSVC10_C6F09094;CyberLink Product - 2010/08/18 00:50;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
R2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
R2 KooRaRooMediaServer;KooRaRoo Media Server;c:\program files (x86)\KooRaRoo Media\KooRaRooMediaServer.exe;c:\program files (x86)\KooRaRoo Media\KooRaRooMediaServer.exe [x]
R2 RalinkRegistryWriter64;RalinkRegistryWriter64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [x]
R2 RaMediaServer;Ralink UPnP Media Server;c:\program files (x86)\Ralink\Common\RaMediaServer.exe;c:\program files (x86)\Ralink\Common\RaMediaServer.exe [x]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
R2 ReimageRealTimeProtection;Reimage Real Time Protection;c:\program files\Reimage\Reimage Repair\ReiGuard.exe;c:\program files\Reimage\Reimage Repair\ReiGuard.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe;c:\program files\Webroot\WRSA.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 AuviUDTV;AuviUDTV ATSC Capture Device;c:\windows\system32\DRIVERS\AuviUDTV64.sys;c:\windows\SYSNATIVE\DRIVERS\AuviUDTV64.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 cpuz134;cpuz134;c:\users\Calvin\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Calvin\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys;c:\windows\SYSNATIVE\drivers\DigiartyVirtualCDBus.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 Nbdrv;NetBalancer;c:\windows\system32\DRIVERS\nbdrv.sys;c:\windows\SYSNATIVE\DRIVERS\nbdrv.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WISOVD;WISOVD;c:\program files (x86)\WinISO Computing\WinISO\bin\driver\WISOVD_win7_x64.sys;c:\program files (x86)\WinISO Computing\WinISO\bin\driver\WISOVD_win7_x64.sys [x]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe;c:\windows\SYSNATIVE\inetsrv\wmsvc.exe [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys;c:\windows\SYSNATIVE\DRIVERS\hotcore3.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys;c:\windows\SYSNATIVE\drivers\WRkrn.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys;c:\windows\SYSNATIVE\DRIVERS\StarPortLite.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ    w3svc was
apphost REG_MULTI_SZ    apphostsvc
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-17 18:52 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncExcl]
@="{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}"
[HKEY_CLASSES_ROOT\CLSID\{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}]
2013-07-24 20:57 104360 ----a-w- c:\windows\System32\WRusr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncGreen]
@="{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}"
[HKEY_CLASSES_ROOT\CLSID\{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}]
2013-07-24 20:57 104360 ----a-w- c:\windows\System32\WRusr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncRed]
@="{1914B27A-33C8-46F8-A1C2-F993268D4564}"
[HKEY_CLASSES_ROOT\CLSID\{1914B27A-33C8-46F8-A1C2-F993268D4564}]
2013-07-24 20:57 104360 ----a-w- c:\windows\System32\WRusr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncYellow]
@="{C14874EA-ACE4-4A47-8A81-18C4D1C40868}"
[HKEY_CLASSES_ROOT\CLSID\{C14874EA-ACE4-4A47-8A81-18C4D1C40868}]
2013-07-24 20:57 104360 ----a-w- c:\windows\System32\WRusr.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 1356240]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"MsmqIntCert"="mqrt.dll" [2010-11-20 247808]
.
------- Supplementary Scan -------
.

uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
.
.
------- File Associations -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-mbamchameleon
AddRemove-ExpressZip - c:\program files (x86)\NCH Software\ExpressZip\expresszip.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="PhotoManager10Deluxe.8.alb"
.
[HKEY_USERS\S-1-5-21-683544578-968592212-123672289-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**]%"]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-683544578-968592212-123672289-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**]%"\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-683544578-968592212-123672289-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_%F*ª*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-683544578-968592212-123672289-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_%F*ª*\OpenWithList]
@Class="Shell"
.
Completion time: 2013-07-26  02:34:54
ComboFix-quarantined-files.txt  2013-07-26 07:34
ComboFix2.txt  2013-07-26 06:17
ComboFix3.txt  2013-07-26 03:53
ComboFix4.txt  2013-07-25 17:23
ComboFix5.txt  2013-07-26 07:23
.
Pre-Run: 472,116,224,000 bytes free
Post-Run: 471,680,970,752 bytes free
.
- - End Of File - - F89DB3FACEB090BDFE795F13C4D052FE
C434B8598ECC13398487F2A2D31BC83B
 

Attach (2).7z

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello dadgumdabit and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

    • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
    • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
    • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
    • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
    • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
    • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
    • Please do not run ComboFix without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here . This tool is not for running it all the time. It is a specific and dangerous tool. There is no element of surprise that the situation has gone so far.
      Please download Farbar Recovery Scan Tool and save it to your desktop.
      Note: You need to run the version compatibale with your system.  You can check here if you're not sure if your computer is 32-bit or 64-bit
      • Double-click to run it. When the tool opens click Yes to disclaimer.
      • Press Scan button.
      • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
      • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites
dadgumdabit

dadgumdabit

Posted
  • Author
Posted

Hello dadgumdabit and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
  • Please do not run ComboFix without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here . This tool is not for running it all the time. It is a specific and dangerous tool. There is no element of surprise that the situation has gone so far.

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatibale with your system.  You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  •  

 

Understand.  Wish I had read usage, questions, help first.  I certainly need your help.  I am not a paying customer at this time.  But, still not sure what that means.  Will definitely look at that.  Downloaded FRST(x64)  Log below.  Sorry, not sure how to attach Addition.txt,  Tried to add, but too long file error.  Should I send Addition txt as separate reply?

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2013 01

Ran by Calvin (administrator) on 26-07-2013 16:03:11
Running from C:\Users\Calvin\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Bitsum) C:\Program Files\Process Lasso\processlasso.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Bitsum) C:\Program Files\Process Lasso\processgovernor.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Reflection Software Solutions Pvt. Ltd.) C:\Program Files (x86)\CraveWorldClock14\CWClock.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
(Reflection Software Solutions Pvt. Ltd.) C:\Program Files (x86)\CraveWorldClock14\CWClock.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\HpqSRmon.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\system32\inetsrv\inetinfo.exe
(Programming Sunrise) C:\Program Files (x86)\KooRaRoo Media\KooRaRooMediaServer.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Windows\system32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Reimage®) C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\System32\tcpsvcs.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Microsoft Corporation) C:\Windows\system32\mqtgsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Adobe Systems Incorporated ) C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\32\dynamiclinkmanager.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\32\Adobe QT32 Server.exe
(Google Inc.) C:\Users\Calvin\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [smartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [MsmqIntCert] - regsvr32 /s mqrt.dll [x]
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-10-24] (AMD)
HKCU\...\Run: [Crave World Clock] - C:\Program Files (x86)\CraveWorldClock14\CWClock.exe [2404352 2011-01-22] (Reflection Software Solutions Pvt. Ltd.)
HKCU\...\Run: [CAHeadless] - C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [840784 2012-09-17] (Adobe Systems Incorporated)
HKCU\...\Run: [spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKCU\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [4886136 2011-03-07] (SlySoft, Inc.)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [sDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [WRSVC] - C:\Program Files\Webroot\WRSA.exe [742408 2013-07-24] (Webroot)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centurylink.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {43C866C6-72C9-452B-B459-259BA75F3A3F} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {45F70E13-342C-4518-9A1B-3733E0F1BE22} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM - {D641AE35-4BCA-4705-BA1A-A8577BB2BC1D} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {DF219B41-E001-42CE-8323-27819ACE9F06} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {43C866C6-72C9-452B-B459-259BA75F3A3F} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {45F70E13-342C-4518-9A1B-3733E0F1BE22} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKCU - {43C866C6-72C9-452B-B459-259BA75F3A3F} URL = 
SearchScopes: HKCU - {45F70E13-342C-4518-9A1B-3733E0F1BE22} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKCU - {D641AE35-4BCA-4705-BA1A-A8577BB2BC1D} URL = 
SearchScopes: HKCU - {DF219B41-E001-42CE-8323-27819ACE9F06} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar64.dll ()
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll ()
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll ()
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll ()
DPF: HKLM {615A1925-0E5B-4767-A65E-3165AEAC32A3} http://quickscan.bitdefender.com/qsax/qsax64.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Webroot) - C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.0.15_0
CHR Extension: (Gmail) - C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx
 
==================== Services (Whitelisted) =================
 
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
S2 CLKMSVC10_C6F09094; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [245232 2010-06-29] (CyberLink)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 KooRaRooMediaServer; C:\Program Files (x86)\KooRaRoo Media\KooRaRooMediaServer.exe [4958968 2012-09-17] (Programming Sunrise)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-13] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] ()
R2 ReimageRealTimeProtection; C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe [4251496 2013-07-10] (Reimage®)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)
S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [742408 2013-07-24] (Webroot)
S2 RealNetworks Downloader Resolver Service; "C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe" [x]
S4 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [125512 2010-12-01] (SlySoft, Inc.)
R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [29288 2010-12-24] (Wondershare)
S3 AuviUDTV; C:\Windows\System32\DRIVERS\AuviUDTV64.sys [1905664 2009-11-14] (Auvitek Corp.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-07-04] (AVG Technologies)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [24376 2010-04-27] ()
S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-04-27] ()
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2013-03-08] (Digiarty Software, Inc.)
S3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37456 2012-02-02] (Paragon Software Group)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-13] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-04-07] (Duplex Secure Ltd.)
R1 StarPortLite; C:\Windows\System32\DRIVERS\StarPortLite.sys [120704 2013-02-04] (StarWind Software)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [114184 2013-07-24] (Webroot)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz134; \??\C:\Users\Calvin\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
U4 mbamswissarmy; 
S3 Nbdrv; system32\DRIVERS\nbdrv.sys [x]
S3 WISOVD; \??\C:\Program Files (x86)\WinISO Computing\WinISO\bin\driver\WISOVD_win7_x64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-07-26 15:58 - 2013-07-26 15:58 - 01780233 _____ (Farbar) C:\Users\Calvin\Downloads\FRST64 (1).exe
2013-07-26 15:58 - 2013-07-26 15:58 - 00000000 ____D C:\FRST
2013-07-26 15:55 - 2013-07-26 15:55 - 01780233 _____ (Farbar) C:\Users\Calvin\Downloads\FRST64.exe
2013-07-26 15:11 - 2013-07-26 15:11 - 00002900 _____ C:\Users\Calvin\Desktop\RKreport[0]_S_07262013_151120.txt
2013-07-26 15:08 - 2013-07-26 15:09 - 00001547 _____ C:\Users\Calvin\Desktop\RKreport[0]_SC_07262013_150851.txt
2013-07-26 15:08 - 2013-07-26 15:08 - 00003399 _____ C:\Users\Calvin\Desktop\RKreport[0]_D_07262013_150838.txt
2013-07-26 15:08 - 2013-07-26 15:08 - 00003206 _____ C:\Users\Calvin\Desktop\RKreport[0]_S_07262013_150819.txt
2013-07-26 15:05 - 2013-07-26 15:11 - 00000000 ____D C:\Users\Calvin\Desktop\RK_Quarantine
2013-07-26 15:05 - 2013-07-26 15:05 - 03778560 _____ C:\Users\Calvin\Downloads\RogueKillerX64.exe
2013-07-26 15:04 - 2013-07-26 15:04 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-07-26 15:03 - 2013-07-26 15:03 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Calvin\Downloads\erunt-setup.exe
2013-07-26 14:33 - 2013-07-26 14:33 - 00000634 _____ C:\Users\Calvin\Desktop\JRT.txt
2013-07-26 14:23 - 2013-07-26 14:23 - 00000000 ____H C:\ProgramData\cm-lock
2013-07-26 13:52 - 2013-07-26 13:52 - 00001056 _____ C:\Windows\system32\SettingsFile
2013-07-26 10:58 - 2013-07-26 10:58 - 00000000 ____D C:\Users\Calvin\Documents\ProcAlyzer Dumps
2013-07-26 09:14 - 2013-07-26 09:14 - 00036013 _____ C:\Users\Calvin\Downloads\Attach (2).txt
2013-07-26 09:03 - 2013-07-26 09:03 - 02874022 _____ C:\Users\Calvin\Desktop\webroot log.log
2013-07-26 08:29 - 2013-07-26 08:57 - 00002210 _____ C:\Users\Calvin\Desktop\Rkill.txt
2013-07-26 08:27 - 2013-07-26 08:27 - 00000592 _____ C:\Users\Calvin\Documents\routerlogin.com80 false.crd
2013-07-26 07:51 - 2013-07-26 07:51 - 00688992 _____ (Swearware) C:\Users\Calvin\Downloads\dds.com
2013-07-26 02:34 - 2013-07-26 02:34 - 00027423 _____ C:\ComboFix.txt
2013-07-26 02:10 - 2013-07-26 02:12 - 00000000 ____D C:\Users\Calvin\Desktop\bambam
2013-07-26 02:09 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-26 01:52 - 2013-07-26 01:16 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20130726-015236.backup
2013-07-26 01:42 - 2013-07-26 14:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-25 23:38 - 2013-07-25 23:41 - 00000000 ____D C:\ProgramData\SUPERSetup
2013-07-25 22:51 - 2013-07-26 01:52 - 00448635 ____R C:\Windows\system32\Drivers\etc\hosts.20130726-105436.backup
2013-07-25 15:20 - 2013-07-25 15:20 - 00000000 ____D C:\19da729215322cf04a1d
2013-07-25 13:43 - 2013-07-25 13:43 - 05451264 _____ (TeamViewer GmbH) C:\Users\Calvin\Downloads\TeamViewer_Setup_en.exe
2013-07-25 11:29 - 2013-07-25 11:29 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-25 11:28 - 2013-07-25 11:28 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-25 09:39 - 2013-07-25 09:39 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\LockHunter
2013-07-25 09:38 - 2013-07-25 09:38 - 00000000 ____D C:\Program Files (x86)\LockHunter
2013-07-25 08:25 - 2013-07-25 08:25 - 00000000 ____D C:\MATS
2013-07-25 00:03 - 2013-07-25 00:03 - 00000878 _____ C:\Windows\DXError.log
2013-07-25 00:03 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2013-07-25 00:03 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-07-25 00:03 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-07-25 00:03 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2013-07-25 00:03 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-07-25 00:03 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2013-07-25 00:03 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-07-25 00:03 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2013-07-25 00:03 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2013-07-25 00:03 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2013-07-25 00:03 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-07-25 00:03 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2013-07-25 00:03 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-07-25 00:03 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2013-07-25 00:03 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-07-25 00:03 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2013-07-25 00:03 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-07-25 00:03 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2013-07-25 00:03 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2013-07-25 00:03 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2013-07-25 00:03 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2013-07-25 00:03 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2013-07-25 00:03 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2013-07-25 00:03 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2013-07-25 00:03 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2013-07-25 00:03 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2013-07-25 00:03 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2013-07-25 00:03 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2013-07-25 00:03 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2013-07-25 00:03 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2013-07-25 00:03 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2013-07-25 00:03 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-07-25 00:03 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2013-07-25 00:03 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2013-07-25 00:03 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2013-07-25 00:03 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2013-07-25 00:03 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-07-25 00:03 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2013-07-25 00:03 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-07-25 00:03 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2013-07-25 00:03 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-07-25 00:03 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2013-07-25 00:03 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-07-25 00:03 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2013-07-25 00:03 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-07-25 00:03 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2013-07-25 00:03 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-07-25 00:03 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2013-07-25 00:03 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-07-25 00:03 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2013-07-25 00:03 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-07-25 00:03 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2013-07-25 00:03 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-07-24 23:55 - 2013-07-24 23:55 - 00347424 _____ (Microsoft Corporation) C:\Users\Calvin\Downloads\MicrosoftFixit.malware.FISC.150298156704152533.9.1.Run.exe
2013-07-24 23:25 - 2013-07-24 23:25 - 03086960 _____ C:\Users\Calvin\Downloads\Windows6.0-KB942288-v2-x64.msu
2013-07-24 23:24 - 2013-07-25 00:03 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-07-24 23:24 - 2013-07-24 23:24 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-07-24 23:23 - 2013-07-24 23:24 - 00292184 _____ (Microsoft Corporation) C:\Users\Calvin\Downloads\dxwebsetup.exe
2013-07-24 22:02 - 2013-07-24 22:02 - 00000258 __RSH C:\ProgramData\ntuser.pol
2013-07-24 22:01 - 2013-07-24 22:01 - 00000000 ____D C:\Program Files (x86)\NoVirusThanks
2013-07-24 21:29 - 2013-07-24 21:29 - 00000000 ____D C:\Windows\system32\msmq
2013-07-24 21:03 - 2010-03-08 05:10 - 00013824 _____ (Kephyr) C:\Windows\system32\ffnd.exe
2013-07-24 19:43 - 2013-07-24 19:47 - 105367776 _____ C:\Users\Calvin\Downloads\GL14PROMO3M.exe
2013-07-24 19:39 - 2013-07-24 19:39 - 00973396 _____ C:\Users\Calvin\Downloads\PowerToolV4.3_en.zip
2013-07-24 19:36 - 2013-07-24 19:36 - 05860362 _____ C:\Users\Calvin\Downloads\PCHunter_free.zip
2013-07-24 19:32 - 2013-07-24 19:32 - 01845175 _____ C:\Users\Calvin\Downloads\AntiSpy1.9.zip
2013-07-24 19:29 - 2013-07-24 21:03 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\FreeFixer
2013-07-24 19:29 - 2013-07-24 19:32 - 00000000 ____D C:\Users\Calvin\AppData\Local\FreeFixer
2013-07-24 19:29 - 2013-07-24 19:29 - 02413867 _____ (Kephyr) C:\Users\Calvin\Downloads\freefixersetup.exe
2013-07-24 19:29 - 2013-07-24 19:29 - 00000000 ____D C:\Program Files\FreeFixer
2013-07-24 19:25 - 2013-07-24 19:25 - 02986440 _____ (Symantec Corporation) C:\Users\Calvin\Downloads\NPE.exe
2013-07-24 19:22 - 2013-07-24 19:23 - 19275792 _____ (Bitdefender LLC) C:\Users\Calvin\Downloads\BootkitRemoval_x64.exe
2013-07-24 19:16 - 2013-07-24 19:16 - 00053374 _____ C:\Users\Calvin\Downloads\hdhacker.zip
2013-07-24 19:03 - 2013-07-25 23:13 - 00000000 ____D C:\ProgramData\ParetoLogic
2013-07-24 19:03 - 2013-07-25 23:13 - 00000000 ____D C:\Program Files (x86)\ParetoLogic
2013-07-24 19:03 - 2013-07-24 19:03 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\ParetoLogic
2013-07-24 18:28 - 2013-07-24 21:03 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-07-24 18:07 - 2013-07-24 18:09 - 41943040 _____ C:\Users\Calvin\Downloads\jre-7u25-windows-i586.tar.gz
2013-07-24 16:47 - 2013-07-24 17:04 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\QuickScan
2013-07-24 16:25 - 2013-07-24 16:25 - 00000030 _____ C:\Users\Calvin\AppData\Roaming\mbam.context.scan
2013-07-24 16:12 - 2013-07-24 16:12 - 00000000 ____D C:\Users\Calvin\AppData\Local\lptmp705597785
2013-07-24 15:57 - 2013-07-26 14:18 - 00000000 ____D C:\ProgramData\WRData
2013-07-24 15:57 - 2013-07-26 07:45 - 00000000 ____D C:\Program Files\Webroot
2013-07-24 15:57 - 2013-07-24 15:57 - 00151728 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2013-07-24 15:57 - 2013-07-24 15:57 - 00114184 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2013-07-24 15:57 - 2013-07-24 15:57 - 00104360 _____ (Webroot) C:\Windows\system32\WRusr.dll
2013-07-24 15:56 - 2013-07-24 15:56 - 00742408 _____ (Webroot) C:\Users\Calvin\Downloads\wsainstall.exe
2013-07-24 14:34 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-24 14:34 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-24 14:34 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-24 14:34 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-24 14:34 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-24 14:34 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-24 14:34 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-24 14:34 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-24 14:33 - 2013-07-26 02:34 - 00000000 ____D C:\Qoobox
2013-07-24 14:31 - 2013-07-26 15:12 - 00000000 ____D C:\Users\Calvin\Desktop\sTUFF
2013-07-24 14:28 - 2013-07-25 12:10 - 05093969 ____R (Swearware) C:\Users\Calvin\Desktop\ComboFix.exe
2013-07-24 14:23 - 2013-07-24 14:24 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Calvin\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-24 14:18 - 2013-07-24 14:18 - 00065232 _____ (Malwarebytes) C:\Users\Calvin\Downloads\regassassin-setup-1.03.exe
2013-07-24 14:18 - 2013-07-24 14:18 - 00003172 _____ C:\Windows\System32\Tasks\{96CC43FA-671B-46D6-AD52-263D010B9C2B}
2013-07-24 14:09 - 2013-07-25 11:46 - 00000000 ____D C:\MYBEAR2
2013-07-24 14:08 - 2013-07-24 14:09 - 01440846 _____ C:\Users\Calvin\Downloads\mbam-chameleon-1.62.1.1000 (1).zip
2013-07-24 13:53 - 2013-07-24 13:53 - 00003452 _____ C:\Windows\System32\Tasks\Reimage Reminder
2013-07-24 13:51 - 2013-07-24 13:53 - 00000000 ____D C:\rei
2013-07-24 13:51 - 2013-07-24 13:51 - 00000000 ____D C:\Program Files\Reimage
2013-07-24 13:50 - 2013-07-24 13:53 - 00000162 _____ C:\Windows\Reimage.ini
2013-07-24 13:49 - 2013-07-24 13:49 - 00727952 _____ (Reimage®) C:\Users\Calvin\Downloads\ReimageRepair.exe
2013-07-24 13:30 - 2013-07-24 13:30 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-07-24 13:30 - 2013-07-24 13:30 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-07-24 13:21 - 2013-07-24 13:27 - 141110624 _____ (Advanced Micro Devices, Inc.) C:\Users\Calvin\Downloads\13-4_win7_win8_64_dd_ccc_whql.exe
2013-07-23 12:39 - 2013-07-23 12:39 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\spotmau
2013-07-23 12:38 - 2013-07-24 10:34 - 00000000 ____D C:\ProgramData\TuneUp360
2013-07-22 23:08 - 2013-07-22 23:21 - 00000000 ____D C:\MYBEAR Camo
2013-07-22 22:27 - 2013-07-24 21:07 - 00003356 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-683544578-968592212-123672289-1001
2013-07-22 21:30 - 2013-07-26 15:42 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-22 21:23 - 2013-07-22 23:20 - 00000000 ____D C:\MYBEAR
2013-07-22 19:30 - 2012-08-15 08:48 - 00218184 _____ C:\Users\Calvin\Downloads\winlogon.exe
2013-07-22 19:30 - 2012-08-15 08:48 - 00218184 _____ C:\Users\Calvin\Downloads\svchost.exe
2013-07-22 19:30 - 2012-08-15 08:48 - 00218184 _____ C:\Users\Calvin\Downloads\rundll32.exe
2013-07-22 19:29 - 2012-08-15 08:48 - 00218184 _____ C:\Users\Calvin\Downloads\firefox.scr
2013-07-22 19:29 - 2012-08-15 08:48 - 00218184 _____ C:\Users\Calvin\Downloads\firefox.pif
2013-07-22 19:29 - 2012-08-15 08:48 - 00218184 _____ C:\Users\Calvin\Downloads\firefox.exe
2013-07-22 19:29 - 2012-08-15 08:48 - 00218184 _____ C:\Users\Calvin\Downloads\firefox.com
2013-07-22 19:29 - 2012-03-03 11:32 - 00186068 _____ C:\Users\Calvin\Downloads\chameleon.chm
2013-07-22 19:28 - 2013-07-22 19:31 - 13399154 _____ C:\Users\Calvin\Downloads\mbar-1.06.0.1004.zip
2013-07-22 19:28 - 2013-07-22 19:28 - 01440846 _____ C:\Users\Calvin\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-07-22 19:10 - 2013-07-22 19:19 - 181488040 _____ C:\Users\Calvin\Downloads\EmsisoftEmergencyKit.exe
2013-07-22 09:17 - 2013-07-26 09:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-22 06:44 - 2013-07-22 06:44 - 00000020 _____ C:\Users\Calvin\defogger_reenable
2013-07-22 06:27 - 2013-07-22 06:27 - 01752632 _____ (Safer-Networking Ltd.                                       ) C:\Users\Calvin\Downloads\regalyz-1.6.2.16.exe
2013-07-22 06:26 - 2013-07-22 06:28 - 04333832 _____ (Safer Networking Limited                                    ) C:\Users\Calvin\Downloads\filealyz-2.0.5.57.exe
2013-07-22 00:05 - 2013-07-16 22:27 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20130722-000507.backup
2013-07-21 23:12 - 2013-07-26 10:57 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-21 23:12 - 2013-07-21 23:12 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-21 23:11 - 2013-07-21 23:14 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-21 23:11 - 2009-01-25 13:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-07-21 19:49 - 2013-07-21 19:49 - 00207968 _____ (Kaspersky Lab, GERT) C:\Windows\system32\Drivers\38363099.sys
2013-07-21 19:43 - 2013-07-21 19:43 - 00001154 _____ C:\AdwCleaner[s3].txt
2013-07-21 19:42 - 2013-07-21 19:43 - 00001093 _____ C:\AdwCleaner[R4].txt
2013-07-21 19:41 - 2013-07-21 19:41 - 00001032 _____ C:\AdwCleaner[R3].txt
2013-07-21 19:37 - 2012-08-15 08:48 - 00218184 _____ C:\Users\Calvin\Downloads\iexplore.exe
2013-07-21 18:18 - 2013-07-21 18:21 - 00000000 ____D C:\Users\Calvin\Downloads\files
2013-07-21 16:53 - 2013-07-24 17:46 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-21 16:50 - 2013-07-21 16:50 - 00208216 _____ (Kaspersky Lab, GERT) C:\Windows\system32\Drivers\30003090.sys
2013-07-21 15:53 - 2013-07-21 15:53 - 00326484 _____ C:\Users\Calvin\Downloads\win7-x64-sm-reset.exe
2013-07-21 14:33 - 2013-07-21 14:33 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\Malwarebytes
2013-07-21 14:16 - 2013-07-21 14:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-21 12:28 - 2013-07-21 12:27 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-07-21 12:28 - 2013-07-21 12:27 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-07-21 12:28 - 2013-07-21 12:27 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-21 12:28 - 2013-07-21 12:27 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-21 12:28 - 2013-07-21 12:27 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-21 12:28 - 2013-07-21 12:27 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-07-21 12:24 - 2013-07-21 12:24 - 31714216 _____ (Oracle Corporation) C:\Users\Calvin\Downloads\jre-7u25-windows-i586.exe
2013-07-21 10:44 - 2013-07-21 10:45 - 00160350 _____ C:\Users\Calvin\Downloads\JavaRa.zip
2013-07-18 11:04 - 2013-07-18 11:04 - 00000020 ___SH C:\Users\DefaultAppPool.IIS APPPOOL.000\ntuser.ini
2013-07-18 11:04 - 2013-07-18 11:04 - 00000000 ____D C:\Users\DefaultAppPool.IIS APPPOOL.000
2013-07-18 11:04 - 2012-06-13 03:35 - 00000000 ____D C:\Users\DefaultAppPool.IIS APPPOOL.000\AppData\Roaming\FinalMediaPlayer
2013-07-18 11:04 - 2012-06-13 03:31 - 00000000 ____D C:\Users\DefaultAppPool.IIS APPPOOL.000\AppData\Roaming\thecleaner
2013-07-18 11:04 - 2011-01-22 17:26 - 00000000 ____D C:\Users\DefaultAppPool.IIS APPPOOL.000\AppData\Local\Microsoft Help
2013-07-18 11:04 - 2010-08-18 03:06 - 00000000 ____D C:\Users\DefaultAppPool.IIS APPPOOL.000\AppData\Roaming\Macromedia
2013-07-17 21:03 - 2013-07-17 21:04 - 00000047 _____ C:\Users\Calvin\Documents\tempFolderPath.dat
2013-07-17 18:02 - 2013-07-17 18:02 - 00000000 ____D C:\Users\Calvin\Documents\NewBlueFX
2013-07-17 14:16 - 2013-07-17 14:16 - 01064088 _____ C:\Users\Calvin\Downloads\Setup.exe
2013-07-17 14:07 - 2013-07-17 14:07 - 00000894 _____ C:\Users\Calvin\Desktop\Downloads - Shortcut.lnk
2013-07-17 13:56 - 2013-07-17 13:56 - 00002220 _____ C:\Users\Calvin\Desktop\Google Chrome.lnk
2013-07-17 13:50 - 2013-07-17 13:51 - 00784848 _____ (Google Inc.) C:\Users\Calvin\Downloads\ChromeSetup.exe
2013-07-17 13:27 - 2013-07-17 13:27 - 00001042 _____ C:\AdwCleaner[s2].txt
2013-07-17 13:27 - 2013-07-17 13:27 - 00000983 _____ C:\AdwCleaner[R2].txt
2013-07-17 13:05 - 2013-07-17 13:05 - 00003142 _____ C:\Windows\System32\Tasks\{1411842F-842F-4280-AF89-CC43E4AE3BAA}
2013-07-17 13:01 - 2013-07-17 13:01 - 00559459 _____ (Oleg N. Scherbakov) C:\Users\Calvin\Downloads\JRT (1).exe
2013-07-17 10:25 - 2013-07-17 10:44 - 408982113 _____ C:\Users\Calvin\Downloads\Windows6.1-KB947821-v27-x64.msu
2013-07-17 03:00 - 2013-07-22 03:05 - 00000000 ____D C:\Windows\system32\MRT
2013-07-16 22:50 - 2013-07-16 22:50 - 00006774 _____ C:\AdwCleaner[s1].txt
2013-07-16 22:50 - 2013-07-16 22:50 - 00000092 _____ C:\Windows\DeleteOnReboot.bat
2013-07-16 22:49 - 2013-07-16 22:49 - 00662345 _____ C:\Users\Calvin\Downloads\AdwCleaner.exe
2013-07-16 22:49 - 2013-07-16 22:49 - 00006774 _____ C:\AdwCleaner[R1].txt
2013-07-16 22:09 - 2013-07-18 09:38 - 00000000 ____D C:\Windows\erdnt
2013-07-16 22:03 - 2013-07-17 12:39 - 00000000 ____D C:\Windows\ERUNT
2013-07-16 22:02 - 2013-07-16 22:03 - 00558958 _____ (Oleg N. Scherbakov) C:\Users\Calvin\Downloads\JRT.exe
2013-07-14 01:49 - 2013-07-14 09:43 - 00000000 ____D C:\Program Files (x86)\Disk Doctors FAT Data Recovery (Demo)
2013-07-14 01:48 - 2013-07-14 01:49 - 05296408 _____ (Disk Doctors Labs Inc.                                      ) C:\Users\Calvin\Downloads\fat-data-recovery.exe
2013-07-14 01:23 - 2013-07-14 01:23 - 00000000 ____D C:\Program Files (x86)\Stellar Phoenix JPEG Repair
2013-07-14 01:22 - 2013-07-14 01:22 - 00000001 _____ C:\Users\Calvin\AppData\Local\llftool.4.30.agreement
2013-07-14 01:09 - 2013-07-14 01:09 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tenorshare Data Recovery Professional
2013-07-14 01:09 - 2013-07-14 01:09 - 00000000 ____D C:\Program Files (x86)\Tenorshare Data Recovery Professional
2013-07-13 23:02 - 2013-07-13 23:03 - 08045608 _____ C:\Users\Calvin\Downloads\EasyFATDataRecovery-3.0-Setup.exe
2013-07-13 22:47 - 2013-07-13 22:47 - 00002643 _____ C:\Users\Public\Desktop\Flash Drive Tester v1.14.lnk
2013-07-13 22:47 - 2013-07-13 22:47 - 00000000 ____D C:\Program Files (x86)\Virtual Console
2013-07-13 22:46 - 2013-07-13 22:46 - 00552500 _____ C:\Users\Calvin\Downloads\Flash_Drive_Tester_v114.exe
2013-07-12 20:33 - 2013-07-12 20:33 - 145388814 _____ C:\Users\Calvin\AppData\Local\ACCCx183.zip.aamdownload
2013-07-12 20:33 - 2013-07-12 20:33 - 00001726 _____ C:\Users\Calvin\AppData\Local\ACCCx183.zip.aamdownload.aamd
2013-07-12 10:43 - 2013-07-12 10:45 - 38413115 _____ C:\Users\Calvin\Downloads\LeawoBlurayRipper410.zip
2013-07-12 00:12 - 2013-05-29 01:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 00:12 - 2013-05-29 00:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 00:12 - 2013-05-29 00:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 00:12 - 2013-05-29 00:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 00:12 - 2013-05-29 00:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 00:12 - 2013-05-29 00:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-12 00:12 - 2013-05-29 00:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-12 00:12 - 2013-05-29 00:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 00:12 - 2013-05-29 00:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 00:12 - 2013-05-29 00:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-12 00:12 - 2013-05-29 00:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-12 00:12 - 2013-05-29 00:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 00:12 - 2013-05-29 00:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 00:12 - 2013-05-29 00:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 00:12 - 2013-05-29 00:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-12 00:12 - 2013-05-29 00:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 00:12 - 2013-05-28 20:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 00:12 - 2013-05-28 20:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 00:12 - 2013-05-28 20:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 00:12 - 2013-05-28 20:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-12 00:12 - 2013-05-28 20:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 00:12 - 2013-05-28 20:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 00:12 - 2013-05-28 20:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-12 00:12 - 2013-05-28 20:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 00:12 - 2013-05-28 20:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-12 00:12 - 2013-05-28 20:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-12 00:12 - 2013-05-28 20:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 00:12 - 2013-05-28 20:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 00:12 - 2013-05-28 20:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 00:12 - 2013-05-28 20:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 00:12 - 2013-05-28 20:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-12 00:12 - 2013-05-28 20:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 23:55 - 2013-07-11 23:55 - 00002169 _____ C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
2013-07-11 23:54 - 2013-07-11 23:54 - 00001317 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
2013-07-11 23:54 - 2013-07-11 23:54 - 00000000 ____D C:\Windows\SysWOW64\spool
2013-07-11 23:54 - 2013-07-11 23:54 - 00000000 ____D C:\ProgramData\HP Product Assistant
2013-07-11 23:51 - 2013-07-11 23:59 - 00210859 _____ C:\Windows\hpoins21.dat
2013-07-11 23:51 - 2009-10-07 20:26 - 00005474 ____N C:\Windows\hpomdl21.dat
2013-07-11 21:20 - 2013-07-24 17:50 - 00003378 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-683544578-968592212-123672289-1001
2013-07-11 18:38 - 2013-06-04 01:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 18:38 - 2013-06-03 23:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 18:37 - 2013-06-04 22:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 18:37 - 2013-05-06 01:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 18:37 - 2013-05-05 23:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 18:36 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 18:36 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 11:18 - 2013-07-11 11:22 - 00040305 _____ C:\Users\Calvin\Downloads\HPUSBDisk.zip
2013-07-11 11:08 - 2013-07-11 11:08 - 00098304 _____ (Hewlett-Packard Company) C:\Users\Calvin\Downloads\HPUSBDisk.exe
2013-07-10 13:39 - 2013-07-11 18:25 - 00000000 ____D C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\FinalMediaPlayer
2013-07-10 13:39 - 2013-07-11 18:25 - 00000000 ____D C:\Users\DefaultAppPool.IIS APPPOOL
2013-07-10 13:39 - 2012-06-13 03:31 - 00000000 ____D C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\thecleaner
2013-07-10 13:39 - 2011-01-22 17:26 - 00000000 ____D C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Local\Microsoft Help
2013-07-10 13:39 - 2010-08-18 03:06 - 00000000 ____D C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Macromedia
2013-07-09 21:58 - 2013-07-11 18:25 - 00000000 ____D C:\Program Files (x86)\PhotoRescue Wizard PC
2013-07-09 21:57 - 2013-07-09 21:58 - 03231048 _____ (DataRescue sa/nv                                            ) C:\Users\Calvin\Downloads\setupv3.exe
2013-07-09 21:56 - 2013-07-09 21:56 - 00584600 _____ C:\Users\Calvin\Downloads\cbsidlm-tr1_13-PhotoRescue-SEO-10160919.exe
2013-07-08 00:05 - 2013-07-09 12:29 - 00000000 ____D C:\Users\DefaultAppPool
2013-07-08 00:05 - 2012-06-13 03:31 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\thecleaner
2013-07-08 00:05 - 2011-01-22 17:26 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2013-07-08 00:05 - 2010-08-18 03:06 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2013-07-04 10:26 - 2013-07-04 10:26 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-07-04 10:25 - 2013-07-04 10:23 - 17988944 _____ (Adobe Systems Inc.) C:\Users\Calvin\Downloads\AdobeAIRSetup.exe
2013-07-02 08:27 - 2013-07-02 08:27 - 00097176 ____N (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll
2013-07-01 06:50 - 2013-07-01 23:19 - 00002662 _____ C:\Users\Calvin\photorec.cfg
2013-06-30 16:32 - 2013-06-30 16:32 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UVK - Ultra Virus Killer
2013-06-30 02:00 - 2012-06-01 00:39 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2013-06-30 02:00 - 2012-06-01 00:36 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2013-06-30 02:00 - 2012-06-01 00:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2013-06-30 02:00 - 2012-06-01 00:35 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2013-06-30 02:00 - 2012-06-01 00:34 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2013-06-30 02:00 - 2012-06-01 00:33 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2013-06-30 02:00 - 2012-05-31 23:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2013-06-30 02:00 - 2012-05-31 23:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2013-06-30 02:00 - 2012-05-31 23:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2013-06-30 02:00 - 2012-05-31 23:35 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2013-06-30 02:00 - 2012-05-31 23:35 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2013-06-30 02:00 - 2012-05-31 23:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2013-06-30 00:04 - 2013-06-30 00:04 - 00002088 _____ C:\Users\Public\Desktop\SDFormatter.lnk
2013-06-30 00:04 - 2013-06-30 00:04 - 00000000 ____D C:\Program Files (x86)\SDA
2013-06-30 00:01 - 2013-06-30 00:01 - 06287163 _____ C:\Users\Calvin\Downloads\SDFormatter4exe (1).zip
2013-06-29 23:59 - 2013-06-29 23:59 - 06287163 _____ C:\Users\Calvin\Downloads\SDFormatter4exe.zip
2013-06-29 12:01 - 2013-06-29 12:01 - 03432173 _____ C:\Users\Calvin\Downloads\testdisk-6.13.win (1).zip
2013-06-29 10:18 - 2013-06-29 10:22 - 00009947 _____ C:\Users\Calvin\AppData\ZbThumbnail.info
2013-06-29 09:50 - 2011-05-09 16:13 - 00001409 _____ C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-06-29 09:40 - 2013-06-29 09:40 - 00000000 ____D C:\ProgramData\Recovery
2013-06-29 09:24 - 2013-06-29 09:24 - 00846864 _____ (Microsoft Corporation) C:\Users\Calvin\Downloads\IE10-Windows6.1-en-us (2).exe
2013-06-29 09:04 - 2013-07-25 08:19 - 00068567 _____ C:\Windows\iis7.log
2013-06-29 09:03 - 2013-06-29 09:03 - 00000000 ____D C:\Windows\SysWOW64\BestPractices
2013-06-29 09:03 - 2013-06-29 09:03 - 00000000 ____D C:\Windows\system32\BestPractices
2013-06-29 09:02 - 2013-07-24 21:25 - 00000000 ____D C:\inetpub
2013-06-29 08:02 - 2013-06-29 08:02 - 00846864 _____ (Microsoft Corporation) C:\Users\Calvin\Downloads\IE10-Windows6.1-en-us (1).exe
2013-06-29 07:54 - 2013-06-29 07:54 - 00846864 _____ (Microsoft Corporation) C:\Users\Calvin\Downloads\IE10-Windows6.1-en-us.exe
2013-06-28 14:39 - 2013-06-28 14:39 - 00000000 ____D C:\Program Files (x86)\GetData
2013-06-28 14:39 - 2013-06-28 14:39 - 00000000 ____D C:\Program Files (x86)\CodeMeter
2013-06-28 14:16 - 2013-06-28 14:18 - 32616696 _____ ({code:GDConstant|CompanyName}                               ) C:\Users\Calvin\Downloads\RecoverMyFiles-Setup.exe
2013-06-28 14:12 - 2013-06-28 14:12 - 01117856 _____ C:\Users\Calvin\Downloads\recovermyfilesdatarecoverysoftware-setup.exe
2013-06-26 23:22 - 2013-06-27 20:19 - 00203423 _____ C:\EDPR.log
2013-06-26 23:06 - 2013-06-26 23:07 - 03432173 _____ C:\Users\Calvin\Downloads\testdisk-6.13.win.zip
2013-06-26 22:52 - 2013-06-26 22:52 - 03729500 _____ C:\Users\Calvin\Downloads\testdisk-6.14-WIP.win.zip
2013-06-26 22:31 - 2013-07-17 13:43 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
2013-06-26 22:15 - 2013-06-26 22:15 - 05998352 _____ (EaseUS                                                      ) C:\Users\Calvin\Downloads\drw_free.exe
2013-06-26 22:15 - 2013-06-26 22:15 - 00001222 _____ C:\Users\Public\Desktop\EaseUS Data Recovery Wizard 6.0 .lnk
2013-06-26 16:34 - 2013-06-26 16:45 - 04918176 _____ (SoftOrbits                                                  ) C:\Users\Calvin\Downloads\flashrecovery.exe
2013-06-26 16:04 - 2013-07-01 17:18 - 00000000 ____D C:\Program Files\Recuva
2013-06-26 16:03 - 2013-06-26 16:03 - 02707448 _____ (Piriform Ltd) C:\Users\Calvin\Downloads\rcsetup147_slim.exe
2013-06-26 13:11 - 2013-06-26 13:11 - 01879632 _____ (InstallX, LLC) C:\Users\Calvin\Downloads\freefileviewer_730 (1).exe
2013-06-26 00:33 - 2013-06-28 22:54 - 00000000 ____D C:\Program Files (x86)\PowerDataRecovery
2013-06-26 00:31 - 2013-07-03 10:38 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\Recover Files Platinum
2013-06-26 00:31 - 2013-06-26 00:33 - 05915680 _____ (MiniTool Solution Ltd.                                      ) C:\Users\Calvin\Downloads\pdr6free.exe
2013-06-26 00:31 - 2013-06-26 00:31 - 00000000 ____D C:\Users\Calvin\AppData\Local\Spoon
2013-06-26 00:29 - 2013-06-26 00:29 - 00000000 ____D C:\Windows\Downloaded Installations
2013-06-26 00:27 - 2013-06-26 00:29 - 25374157 _____ (Recover Files, Inc.                                         ) C:\Users\Calvin\Downloads\recover-files-premium-setup.exe
 
==================== One Month Modified Files and Folders =======
 
2013-07-26 15:58 - 2013-07-26 15:58 - 01780233 _____ (Farbar) C:\Users\Calvin\Downloads\FRST64 (1).exe
2013-07-26 15:58 - 2013-07-26 15:58 - 00000000 ____D C:\FRST
2013-07-26 15:55 - 2013-07-26 15:55 - 01780233 _____ (Farbar) C:\Users\Calvin\Downloads\FRST64.exe
2013-07-26 15:42 - 2013-07-22 21:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-26 15:42 - 2013-06-01 08:31 - 00000000 ____D C:\Users\Calvin\Downloads\mbar
2013-07-26 15:12 - 2013-07-24 14:31 - 00000000 ____D C:\Users\Calvin\Desktop\sTUFF
2013-07-26 15:11 - 2013-07-26 15:11 - 00002900 _____ C:\Users\Calvin\Desktop\RKreport[0]_S_07262013_151120.txt
2013-07-26 15:11 - 2013-07-26 15:05 - 00000000 ____D C:\Users\Calvin\Desktop\RK_Quarantine
2013-07-26 15:09 - 2013-07-26 15:08 - 00001547 _____ C:\Users\Calvin\Desktop\RKreport[0]_SC_07262013_150851.txt
2013-07-26 15:08 - 2013-07-26 15:08 - 00003399 _____ C:\Users\Calvin\Desktop\RKreport[0]_D_07262013_150838.txt
2013-07-26 15:08 - 2013-07-26 15:08 - 00003206 _____ C:\Users\Calvin\Desktop\RKreport[0]_S_07262013_150819.txt
2013-07-26 15:05 - 2013-07-26 15:05 - 03778560 _____ C:\Users\Calvin\Downloads\RogueKillerX64.exe
2013-07-26 15:04 - 2013-07-26 15:04 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-07-26 15:03 - 2013-07-26 15:03 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Calvin\Downloads\erunt-setup.exe
2013-07-26 14:33 - 2013-07-26 14:33 - 00000634 _____ C:\Users\Calvin\Desktop\JRT.txt
2013-07-26 14:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-26 14:29 - 2009-07-13 23:45 - 00015792 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-26 14:29 - 2009-07-13 23:45 - 00015792 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-26 14:27 - 2010-08-18 02:39 - 01212411 _____ C:\Windows\WindowsUpdate.log
2013-07-26 14:23 - 2013-07-26 14:23 - 00000000 ____H C:\ProgramData\cm-lock
2013-07-26 14:23 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\inetsrv
2013-07-26 14:22 - 2009-07-13 23:46 - 00031753 _____ C:\Windows\DtcInstall.log
2013-07-26 14:21 - 2013-07-26 01:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-26 14:21 - 2012-09-21 07:53 - 00000000 ____D C:\Users\Public\Documents\KooRaRooMedia
2013-07-26 14:21 - 2012-08-10 12:34 - 00018595 _____ C:\Windows\setupact.log
2013-07-26 14:18 - 2013-07-24 15:57 - 00000000 ____D C:\ProgramData\WRData
2013-07-26 13:52 - 2013-07-26 13:52 - 00001056 _____ C:\Windows\system32\SettingsFile
2013-07-26 11:20 - 2012-12-07 14:08 - 00000000 ____D C:\Program Files (x86)\PhotoMagic
2013-07-26 10:58 - 2013-07-26 10:58 - 00000000 ____D C:\Users\Calvin\Documents\ProcAlyzer Dumps
2013-07-26 10:57 - 2013-07-21 23:12 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-26 10:50 - 2010-08-18 04:39 - 00420308 _____ C:\Windows\PFRO.log
2013-07-26 09:14 - 2013-07-26 09:14 - 00036013 _____ C:\Users\Calvin\Downloads\Attach (2).txt
2013-07-26 09:11 - 2013-07-22 09:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-26 09:03 - 2013-07-26 09:03 - 02874022 _____ C:\Users\Calvin\Desktop\webroot log.log
2013-07-26 08:57 - 2013-07-26 08:29 - 00002210 _____ C:\Users\Calvin\Desktop\Rkill.txt
2013-07-26 08:27 - 2013-07-26 08:27 - 00000592 _____ C:\Users\Calvin\Documents\routerlogin.com80 false.crd
2013-07-26 07:51 - 2013-07-26 07:51 - 00688992 _____ (Swearware) C:\Users\Calvin\Downloads\dds.com
2013-07-26 07:45 - 2013-07-24 15:57 - 00000000 ____D C:\Program Files\Webroot
2013-07-26 02:34 - 2013-07-26 02:34 - 00027423 _____ C:\ComboFix.txt
2013-07-26 02:34 - 2013-07-24 14:33 - 00000000 ____D C:\Qoobox
2013-07-26 02:33 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2013-07-26 02:12 - 2013-07-26 02:10 - 00000000 ____D C:\Users\Calvin\Desktop\bambam
2013-07-26 01:52 - 2013-07-25 22:51 - 00448635 ____R C:\Windows\system32\Drivers\etc\hosts.20130726-105436.backup
2013-07-26 01:16 - 2013-07-26 01:52 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20130726-015236.backup
2013-07-25 23:41 - 2013-07-25 23:38 - 00000000 ____D C:\ProgramData\SUPERSetup
2013-07-25 23:13 - 2013-07-24 19:03 - 00000000 ____D C:\ProgramData\ParetoLogic
2013-07-25 23:13 - 2013-07-24 19:03 - 00000000 ____D C:\Program Files (x86)\ParetoLogic
2013-07-25 20:23 - 2011-01-28 12:17 - 00000000 ____D C:\Program Files (x86)\CraveWorldClock14
2013-07-25 15:20 - 2013-07-25 15:20 - 00000000 ____D C:\19da729215322cf04a1d
2013-07-25 13:43 - 2013-07-25 13:43 - 05451264 _____ (TeamViewer GmbH) C:\Users\Calvin\Downloads\TeamViewer_Setup_en.exe
2013-07-25 13:00 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-07-25 12:10 - 2013-07-24 14:28 - 05093969 ____R (Swearware) C:\Users\Calvin\Desktop\ComboFix.exe
2013-07-25 11:46 - 2013-07-24 14:09 - 00000000 ____D C:\MYBEAR2
2013-07-25 11:29 - 2013-07-25 11:29 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-25 11:28 - 2013-07-25 11:28 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-25 09:39 - 2013-07-25 09:39 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\LockHunter
2013-07-25 09:38 - 2013-07-25 09:38 - 00000000 ____D C:\Program Files (x86)\LockHunter
2013-07-25 09:23 - 2012-12-10 10:21 - 00000000 ____D C:\Program Files (x86)\File Type Assistant
2013-07-25 08:25 - 2013-07-25 08:25 - 00000000 ____D C:\MATS
2013-07-25 08:19 - 2013-06-29 09:04 - 00068567 _____ C:\Windows\iis7.log
2013-07-25 00:03 - 2013-07-25 00:03 - 00000878 _____ C:\Windows\DXError.log
2013-07-25 00:03 - 2013-07-24 23:24 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-07-25 00:03 - 2010-12-18 11:45 - 00058314 _____ C:\Windows\DirectX.log
2013-07-24 23:55 - 2013-07-24 23:55 - 00347424 _____ (Microsoft Corporation) C:\Users\Calvin\Downloads\MicrosoftFixit.malware.FISC.150298156704152533.9.1.Run.exe
2013-07-24 23:25 - 2013-07-24 23:25 - 03086960 _____ C:\Users\Calvin\Downloads\Windows6.0-KB942288-v2-x64.msu
2013-07-24 23:24 - 2013-07-24 23:24 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-07-24 23:24 - 2013-07-24 23:23 - 00292184 _____ (Microsoft Corporation) C:\Users\Calvin\Downloads\dxwebsetup.exe
2013-07-24 22:36 - 2011-08-20 13:11 - 00000000 ____D C:\Users\Calvin\AppData\Local\Google
2013-07-24 22:02 - 2013-07-24 22:02 - 00000258 __RSH C:\ProgramData\ntuser.pol
2013-07-24 22:02 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-07-24 22:01 - 2013-07-24 22:01 - 00000000 ____D C:\Program Files (x86)\NoVirusThanks
2013-07-24 21:50 - 2012-08-10 12:48 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\GlarySoft
2013-07-24 21:43 - 2011-01-10 15:28 - 00000115 _____ C:\Windows\SysWOW64\_WKERNEL.SYL
2013-07-24 21:29 - 2013-07-24 21:29 - 00000000 ____D C:\Windows\system32\msmq
2013-07-24 21:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2013-07-24 21:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-24 21:29 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-24 21:27 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-07-24 21:26 - 2010-12-18 14:05 - 00806922 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-24 21:26 - 2009-07-14 00:13 - 00850476 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-24 21:25 - 2013-06-29 09:02 - 00000000 ____D C:\inetpub
2013-07-24 21:09 - 2012-10-31 16:54 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\Real
2013-07-24 21:07 - 2013-07-22 22:27 - 00003356 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-683544578-968592212-123672289-1001
2013-07-24 21:07 - 2013-05-25 15:38 - 00003224 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-683544578-968592212-123672289-1001
2013-07-24 21:07 - 2012-11-23 14:17 - 00000000 ____D C:\Users\Calvin\Desktop\Video-Media Programs & Rippers
2013-07-24 21:03 - 2013-07-24 19:29 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\FreeFixer
2013-07-24 21:03 - 2013-07-24 18:28 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-07-24 19:47 - 2013-07-24 19:43 - 105367776 _____ C:\Users\Calvin\Downloads\GL14PROMO3M.exe
2013-07-24 19:39 - 2013-07-24 19:39 - 00973396 _____ C:\Users\Calvin\Downloads\PowerToolV4.3_en.zip
2013-07-24 19:36 - 2013-07-24 19:36 - 05860362 _____ C:\Users\Calvin\Downloads\PCHunter_free.zip
2013-07-24 19:35 - 2011-01-06 22:11 - 00000000 ____D C:\Users\Calvin\Downloads\Tools
2013-07-24 19:32 - 2013-07-24 19:32 - 01845175 _____ C:\Users\Calvin\Downloads\AntiSpy1.9.zip
2013-07-24 19:32 - 2013-07-24 19:29 - 00000000 ____D C:\Users\Calvin\AppData\Local\FreeFixer
2013-07-24 19:29 - 2013-07-24 19:29 - 02413867 _____ (Kephyr) C:\Users\Calvin\Downloads\freefixersetup.exe
2013-07-24 19:29 - 2013-07-24 19:29 - 00000000 ____D C:\Program Files\FreeFixer
2013-07-24 19:25 - 2013-07-24 19:25 - 02986440 _____ (Symantec Corporation) C:\Users\Calvin\Downloads\NPE.exe
2013-07-24 19:23 - 2013-07-24 19:22 - 19275792 _____ (Bitdefender LLC) C:\Users\Calvin\Downloads\BootkitRemoval_x64.exe
2013-07-24 19:16 - 2013-07-24 19:16 - 00053374 _____ C:\Users\Calvin\Downloads\hdhacker.zip
2013-07-24 19:03 - 2013-07-24 19:03 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\ParetoLogic
2013-07-24 18:28 - 2012-12-11 11:20 - 00000000 ____D C:\ProgramData\NCH Software
2013-07-24 18:28 - 2012-12-11 11:20 - 00000000 ____D C:\Program Files (x86)\NCH Software
2013-07-24 18:09 - 2013-07-24 18:07 - 41943040 _____ C:\Users\Calvin\Downloads\jre-7u25-windows-i586.tar.gz
2013-07-24 17:50 - 2013-07-11 21:20 - 00003378 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-683544578-968592212-123672289-1001
2013-07-24 17:50 - 2013-01-22 21:36 - 00003246 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-683544578-968592212-123672289-1001
2013-07-24 17:49 - 2009-07-14 00:08 - 00032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-24 17:46 - 2013-07-21 16:53 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-24 17:04 - 2013-07-24 16:47 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\QuickScan
2013-07-24 16:26 - 2011-09-16 09:41 - 00000000 ____D C:\ProgramData\Aiseesoft Studio
2013-07-24 16:25 - 2013-07-24 16:25 - 00000030 _____ C:\Users\Calvin\AppData\Roaming\mbam.context.scan
2013-07-24 16:19 - 2010-12-18 11:42 - 00000000 ____D C:\Users\Calvin
2013-07-24 16:13 - 2011-11-14 18:40 - 00000000 ____D C:\Users\Calvin\AppData\Local\Apple Computer
2013-07-24 16:12 - 2013-07-24 16:12 - 00000000 ____D C:\Users\Calvin\AppData\Local\lptmp705597785
2013-07-24 15:57 - 2013-07-24 15:57 - 00151728 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2013-07-24 15:57 - 2013-07-24 15:57 - 00114184 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2013-07-24 15:57 - 2013-07-24 15:57 - 00104360 _____ (Webroot) C:\Windows\system32\WRusr.dll
2013-07-24 15:56 - 2013-07-24 15:56 - 00742408 _____ (Webroot) C:\Users\Calvin\Downloads\wsainstall.exe
2013-07-24 14:24 - 2013-07-24 14:23 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Calvin\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-24 14:18 - 2013-07-24 14:18 - 00065232 _____ (Malwarebytes) C:\Users\Calvin\Downloads\regassassin-setup-1.03.exe
2013-07-24 14:18 - 2013-07-24 14:18 - 00003172 _____ C:\Windows\System32\Tasks\{96CC43FA-671B-46D6-AD52-263D010B9C2B}
2013-07-24 14:09 - 2013-07-24 14:08 - 01440846 _____ C:\Users\Calvin\Downloads\mbam-chameleon-1.62.1.1000 (1).zip
2013-07-24 13:53 - 2013-07-24 13:53 - 00003452 _____ C:\Windows\System32\Tasks\Reimage Reminder
2013-07-24 13:53 - 2013-07-24 13:51 - 00000000 ____D C:\rei
2013-07-24 13:53 - 2013-07-24 13:50 - 00000162 _____ C:\Windows\Reimage.ini
2013-07-24 13:51 - 2013-07-24 13:51 - 00000000 ____D C:\Program Files\Reimage
2013-07-24 13:49 - 2013-07-24 13:49 - 00727952 _____ (Reimage®) C:\Users\Calvin\Downloads\ReimageRepair.exe
2013-07-24 13:30 - 2013-07-24 13:30 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-07-24 13:30 - 2013-07-24 13:30 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-07-24 13:30 - 2011-09-16 10:34 - 00000000 ____D C:\ProgramData\AMD
2013-07-24 13:27 - 2013-07-24 13:21 - 141110624 _____ (Advanced Micro Devices, Inc.) C:\Users\Calvin\Downloads\13-4_win7_win8_64_dd_ccc_whql.exe
2013-07-24 11:00 - 2010-08-18 02:41 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2013-07-24 10:34 - 2013-07-23 12:38 - 00000000 ____D C:\ProgramData\TuneUp360
2013-07-23 17:40 - 2010-12-18 14:05 - 00001945 _____ C:\Windows\epplauncher.mif
2013-07-23 17:40 - 2010-12-18 14:05 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-23 17:39 - 2012-05-01 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-07-23 12:39 - 2013-07-23 12:39 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\spotmau
2013-07-23 11:32 - 2011-03-18 17:44 - 00000000 ____D C:\Program Files (x86)\Masque IGT Slots Little Green Men
2013-07-22 23:21 - 2013-07-22 23:08 - 00000000 ____D C:\MYBEAR Camo
2013-07-22 23:20 - 2013-07-22 21:23 - 00000000 ____D C:\MYBEAR
2013-07-22 19:31 - 2013-07-22 19:28 - 13399154 _____ C:\Users\Calvin\Downloads\mbar-1.06.0.1004.zip
2013-07-22 19:28 - 2013-07-22 19:28 - 01440846 _____ C:\Users\Calvin\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-07-22 19:19 - 2013-07-22 19:10 - 181488040 _____ C:\Users\Calvin\Downloads\EmsisoftEmergencyKit.exe
2013-07-22 09:26 - 2013-04-24 11:01 - 00000000 ____D C:\Program Files (x86)\Soft Organizer
2013-07-22 08:03 - 2010-12-19 21:49 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-07-22 06:44 - 2013-07-22 06:44 - 00000020 _____ C:\Users\Calvin\defogger_reenable
2013-07-22 06:28 - 2013-07-22 06:26 - 04333832 _____ (Safer Networking Limited                                    ) C:\Users\Calvin\Downloads\filealyz-2.0.5.57.exe
2013-07-22 06:27 - 2013-07-22 06:27 - 01752632 _____ (Safer-Networking Ltd.                                       ) C:\Users\Calvin\Downloads\regalyz-1.6.2.16.exe
2013-07-22 03:05 - 2013-07-17 03:00 - 00000000 ____D C:\Windows\system32\MRT
2013-07-22 00:05 - 2009-07-13 21:34 - 00448635 ____R C:\Windows\system32\Drivers\etc\hosts.20130722-223520.backup
2013-07-21 23:14 - 2013-07-21 23:11 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-21 23:12 - 2013-07-21 23:12 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-21 22:52 - 2012-02-25 17:58 - 00000000 ____D C:\Windows\Minidump
2013-07-21 22:52 - 2010-08-18 04:39 - 00293641 ____N C:\Windows\Minidump\072113-18876-01.dmp
2013-07-21 19:54 - 2012-09-28 09:47 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\ProcessLasso
2013-07-21 19:49 - 2013-07-21 19:49 - 00207968 _____ (Kaspersky Lab, GERT) C:\Windows\system32\Drivers\38363099.sys
2013-07-21 19:43 - 2013-07-21 19:43 - 00001154 _____ C:\AdwCleaner[s3].txt
2013-07-21 19:43 - 2013-07-21 19:42 - 00001093 _____ C:\AdwCleaner[R4].txt
2013-07-21 19:41 - 2013-07-21 19:41 - 00001032 _____ C:\AdwCleaner[R3].txt
2013-07-21 18:26 - 2011-01-19 17:47 - 00000000 ____D C:\Users\Calvin\Downloads\temporary unpack
2013-07-21 18:21 - 2013-07-21 18:18 - 00000000 ____D C:\Users\Calvin\Downloads\files
2013-07-21 17:45 - 2012-11-23 14:09 - 00000000 ____D C:\Users\Calvin\Desktop\Utilities
2013-07-21 16:50 - 2013-07-21 16:50 - 00208216 _____ (Kaspersky Lab, GERT) C:\Windows\system32\Drivers\30003090.sys
2013-07-21 15:53 - 2013-07-21 15:53 - 00326484 _____ C:\Users\Calvin\Downloads\win7-x64-sm-reset.exe
2013-07-21 14:33 - 2013-07-21 14:33 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\Malwarebytes
2013-07-21 14:16 - 2013-07-21 14:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-21 13:11 - 2011-11-21 10:05 - 00000000 ____D C:\Program Files (x86)\Your Uninstaller! 7
2013-07-21 12:27 - 2013-07-21 12:28 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-07-21 12:27 - 2013-07-21 12:28 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-07-21 12:27 - 2013-07-21 12:28 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-21 12:27 - 2013-07-21 12:28 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-21 12:27 - 2013-07-21 12:28 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-21 12:27 - 2013-07-21 12:28 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-07-21 12:24 - 2013-07-21 12:24 - 31714216 _____ (Oracle Corporation) C:\Users\Calvin\Downloads\jre-7u25-windows-i586.exe
2013-07-21 10:49 - 2010-12-18 11:54 - 00000000 ____D C:\Users\Calvin\AppData\Local\VirtualStore
2013-07-21 10:45 - 2013-07-21 10:44 - 00160350 _____ C:\Users\Calvin\Downloads\JavaRa.zip
2013-07-18 22:39 - 2011-02-15 11:19 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\Spider Player
2013-07-18 11:04 - 2013-07-18 11:04 - 00000020 ___SH C:\Users\DefaultAppPool.IIS APPPOOL.000\ntuser.ini
2013-07-18 11:04 - 2013-07-18 11:04 - 00000000 ____D C:\Users\DefaultAppPool.IIS APPPOOL.000
2013-07-18 09:38 - 2013-07-16 22:09 - 00000000 ____D C:\Windows\erdnt
2013-07-18 09:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Msdtc
2013-07-18 09:37 - 2012-01-25 13:31 - 00000000 ____D C:\Program Files (x86)\Glary Utilities
2013-07-18 09:37 - 2010-08-18 02:49 - 00000000 ____D C:\ProgramData\CinemaNow
2013-07-18 09:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-18 09:36 - 2012-10-31 16:46 - 00000000 ____D C:\ProgramData\Real
2013-07-18 09:36 - 2011-08-20 13:16 - 00000000 ____D C:\ProgramData\Adobe
2013-07-17 21:04 - 2013-07-17 21:03 - 00000047 _____ C:\Users\Calvin\Documents\tempFolderPath.dat
2013-07-17 18:02 - 2013-07-17 18:02 - 00000000 ____D C:\Users\Calvin\Documents\NewBlueFX
2013-07-17 18:02 - 2012-12-12 15:27 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-07-17 14:16 - 2013-07-17 14:16 - 01064088 _____ C:\Users\Calvin\Downloads\Setup.exe
2013-07-17 14:07 - 2013-07-17 14:07 - 00000894 _____ C:\Users\Calvin\Desktop\Downloads - Shortcut.lnk
2013-07-17 13:56 - 2013-07-17 13:56 - 00002220 _____ C:\Users\Calvin\Desktop\Google Chrome.lnk
2013-07-17 13:51 - 2013-07-17 13:50 - 00784848 _____ (Google Inc.) C:\Users\Calvin\Downloads\ChromeSetup.exe
2013-07-17 13:43 - 2013-06-26 22:31 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
2013-07-17 13:43 - 2011-12-23 07:48 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-07-17 13:28 - 2011-08-20 13:11 - 00000000 ____D C:\Program Files\Google
2013-07-17 13:28 - 2011-08-20 13:10 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-17 13:27 - 2013-07-17 13:27 - 00001042 _____ C:\AdwCleaner[s2].txt
2013-07-17 13:27 - 2013-07-17 13:27 - 00000983 _____ C:\AdwCleaner[R2].txt
2013-07-17 13:11 - 2012-11-16 13:45 - 00000000 ____D C:\Program Files (x86)\Zoom Player
2013-07-17 13:05 - 2013-07-17 13:05 - 00003142 _____ C:\Windows\System32\Tasks\{1411842F-842F-4280-AF89-CC43E4AE3BAA}
2013-07-17 13:01 - 2013-07-17 13:01 - 00559459 _____ (Oleg N. Scherbakov) C:\Users\Calvin\Downloads\JRT (1).exe
2013-07-17 12:39 - 2013-07-16 22:03 - 00000000 ____D C:\Windows\ERUNT
2013-07-17 12:39 - 2012-02-18 20:56 - 00000000 ____D C:\Program Files\NetBalancer
2013-07-17 12:39 - 2011-01-10 15:28 - 00000000 ____D C:\Program Files (x86)\WinUtilities
2013-07-17 12:39 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-07-17 12:37 - 2009-07-13 22:20 - 00000000 ___RD C:\Users\Default
2013-07-17 10:44 - 2013-07-17 10:25 - 408982113 _____ C:\Users\Calvin\Downloads\Windows6.1-KB947821-v27-x64.msu
2013-07-16 22:50 - 2013-07-16 22:50 - 00006774 _____ C:\AdwCleaner[s1].txt
2013-07-16 22:50 - 2013-07-16 22:50 - 00000092 _____ C:\Windows\DeleteOnReboot.bat
2013-07-16 22:49 - 2013-07-16 22:49 - 00662345 _____ C:\Users\Calvin\Downloads\AdwCleaner.exe
2013-07-16 22:49 - 2013-07-16 22:49 - 00006774 _____ C:\AdwCleaner[R1].txt
2013-07-16 22:27 - 2013-07-22 00:05 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20130722-000507.backup
2013-07-16 22:03 - 2013-07-16 22:02 - 00558958 _____ (Oleg N. Scherbakov) C:\Users\Calvin\Downloads\JRT.exe
2013-07-16 21:21 - 2012-11-16 14:04 - 00012288 ___SH C:\Users\Calvin\AppData\Thumbs.db
2013-07-16 20:51 - 2010-08-18 04:39 - 00287081 _____ C:\Windows\Minidump\071613-393122-01.dmp
2013-07-15 14:47 - 2011-11-30 01:10 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-683544578-968592212-123672289-1001UA
2013-07-15 14:47 - 2011-11-30 01:10 - 00003488 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-683544578-968592212-123672289-1001Core
2013-07-15 14:16 - 2011-08-20 13:11 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-15 14:16 - 2011-08-20 13:11 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-15 14:13 - 2011-02-05 12:00 - 00000083 ___SH C:\ProgramData\.zreglib
2013-07-14 09:43 - 2013-07-14 01:49 - 00000000 ____D C:\Program Files (x86)\Disk Doctors FAT Data Recovery (Demo)
2013-07-14 01:49 - 2013-07-14 01:48 - 05296408 _____ (Disk Doctors Labs Inc.                                      ) C:\Users\Calvin\Downloads\fat-data-recovery.exe
2013-07-14 01:23 - 2013-07-14 01:23 - 00000000 ____D C:\Program Files (x86)\Stellar Phoenix JPEG Repair
2013-07-14 01:22 - 2013-07-14 01:22 - 00000001 _____ C:\Users\Calvin\AppData\Local\llftool.4.30.agreement
2013-07-14 01:22 - 2013-03-30 17:39 - 00000000 ____D C:\Program Files (x86)\HDDGURU LLF Tool
2013-07-14 01:09 - 2013-07-14 01:09 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tenorshare Data Recovery Professional
2013-07-14 01:09 - 2013-07-14 01:09 - 00000000 ____D C:\Program Files (x86)\Tenorshare Data Recovery Professional
2013-07-14 01:05 - 2012-08-23 09:58 - 00000000 ____D C:\Program Files (x86)\iCare Card Recovery Pro
2013-07-14 00:06 - 2012-05-09 08:25 - 00000000 ___SD C:\Users\Calvin\Documents\Sticky Passwords
2013-07-13 23:26 - 2009-07-13 23:45 - 03632144 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 23:03 - 2013-07-13 23:02 - 08045608 _____ C:\Users\Calvin\Downloads\EasyFATDataRecovery-3.0-Setup.exe
2013-07-13 23:03 - 2013-03-15 15:07 - 00000000 ____D C:\Program Files (x86)\MunSoft
2013-07-13 22:55 - 2010-12-18 11:42 - 00219600 _____ C:\Users\Calvin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-13 22:53 - 2011-01-22 10:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-13 22:47 - 2013-07-13 22:47 - 00002643 _____ C:\Users\Public\Desktop\Flash Drive Tester v1.14.lnk
2013-07-13 22:47 - 2013-07-13 22:47 - 00000000 ____D C:\Program Files (x86)\Virtual Console
2013-07-13 22:46 - 2013-07-13 22:46 - 00552500 _____ C:\Users\Calvin\Downloads\Flash_Drive_Tester_v114.exe
2013-07-12 20:33 - 2013-07-12 20:33 - 145388814 _____ C:\Users\Calvin\AppData\Local\ACCCx183.zip.aamdownload
2013-07-12 20:33 - 2013-07-12 20:33 - 00001726 _____ C:\Users\Calvin\AppData\Local\ACCCx183.zip.aamdownload.aamd
2013-07-12 10:45 - 2013-07-12 10:43 - 38413115 _____ C:\Users\Calvin\Downloads\LeawoBlurayRipper410.zip
2013-07-12 07:05 - 2013-03-14 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 07:05 - 2013-03-14 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 07:05 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 23:59 - 2013-07-11 23:51 - 00210859 _____ C:\Windows\hpoins21.dat
2013-07-11 23:59 - 2010-12-19 18:09 - 00115924 _____ C:\ProgramData\hpzinstall.log
2013-07-11 23:59 - 2009-07-13 21:34 - 00000513 _____ C:\Windows\win.ini
2013-07-11 23:55 - 2013-07-11 23:55 - 00002169 _____ C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
2013-07-11 23:54 - 2013-07-11 23:54 - 00001317 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
2013-07-11 23:54 - 2013-07-11 23:54 - 00000000 ____D C:\Windows\SysWOW64\spool
2013-07-11 23:54 - 2013-07-11 23:54 - 00000000 ____D C:\ProgramData\HP Product Assistant
2013-07-11 23:54 - 2010-12-19 18:09 - 00000000 ____D C:\ProgramData\HP
2013-07-11 23:54 - 2010-08-18 02:43 - 00000000 ____D C:\Program Files (x86)\Hp
2013-07-11 18:25 - 2013-07-10 13:39 - 00000000 ____D C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\FinalMediaPlayer
2013-07-11 18:25 - 2013-07-10 13:39 - 00000000 ____D C:\Users\DefaultAppPool.IIS APPPOOL
2013-07-11 18:25 - 2013-07-09 21:58 - 00000000 ____D C:\Program Files (x86)\PhotoRescue Wizard PC
2013-07-11 18:25 - 2010-08-18 03:06 - 00000000 ____D C:\Program Files (x86)\Zinio Reader 4
2013-07-11 11:22 - 2013-07-11 11:18 - 00040305 _____ C:\Users\Calvin\Downloads\HPUSBDisk.zip
2013-07-11 11:08 - 2013-07-11 11:08 - 00098304 _____ (Hewlett-Packard Company) C:\Users\Calvin\Downloads\HPUSBDisk.exe
2013-07-09 21:58 - 2013-07-09 21:57 - 03231048 _____ (DataRescue sa/nv                                            ) C:\Users\Calvin\Downloads\setupv3.exe
2013-07-09 21:56 - 2013-07-09 21:56 - 00584600 _____ C:\Users\Calvin\Downloads\cbsidlm-tr1_13-PhotoRescue-SEO-10160919.exe
2013-07-09 14:59 - 2013-05-30 10:45 - 00000000 ____D C:\Users\Calvin\AppData\Local\Eye-Fi
2013-07-09 13:24 - 2012-06-13 05:55 - 00000000 ____D C:\Windows\pss
2013-07-09 12:29 - 2013-07-08 00:05 - 00000000 ____D C:\Users\DefaultAppPool
2013-07-04 10:26 - 2013-07-04 10:26 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-07-04 10:26 - 2013-05-29 12:47 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\1O1L1I1PtF1F1C1N
2013-07-04 10:23 - 2013-07-04 10:25 - 17988944 _____ (Adobe Systems Inc.) C:\Users\Calvin\Downloads\AdobeAIRSetup.exe
2013-07-03 10:38 - 2013-06-26 00:31 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\Recover Files Platinum
2013-07-02 08:27 - 2013-07-02 08:27 - 00097176 ____N (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll
2013-07-01 23:19 - 2013-07-01 06:50 - 00002662 _____ C:\Users\Calvin\photorec.cfg
2013-07-01 17:18 - 2013-06-26 16:04 - 00000000 ____D C:\Program Files\Recuva
2013-06-30 16:34 - 2012-03-24 09:17 - 00000000 ____D C:\Program Files (x86)\UVK
2013-06-30 16:32 - 2013-06-30 16:32 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UVK - Ultra Virus Killer
2013-06-30 14:41 - 2011-11-20 13:51 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForCalvin
2013-06-30 00:04 - 2013-06-30 00:04 - 00002088 _____ C:\Users\Public\Desktop\SDFormatter.lnk
2013-06-30 00:04 - 2013-06-30 00:04 - 00000000 ____D C:\Program Files (x86)\SDA
2013-06-30 00:03 - 2012-02-28 13:32 - 00000000 ____D C:\Users\Calvin\AppData\Local\Downloaded Installations
2013-06-30 00:01 - 2013-06-30 00:01 - 06287163 _____ C:\Users\Calvin\Downloads\SDFormatter4exe (1).zip
2013-06-29 23:59 - 2013-06-29 23:59 - 06287163 _____ C:\Users\Calvin\Downloads\SDFormatter4exe.zip
2013-06-29 12:40 - 2012-11-23 14:27 - 00000000 ____D C:\Users\Calvin\Desktop\Misc
2013-06-29 12:01 - 2013-06-29 12:01 - 03432173 _____ C:\Users\Calvin\Downloads\testdisk-6.13.win (1).zip
2013-06-29 11:25 - 2013-06-25 10:00 - 00000000 ____D C:\ProgramData\ZoomBrowser
2013-06-29 10:48 - 2013-01-23 18:45 - 00164352 ___SH C:\Users\Calvin\Documents\Thumbs.db
2013-06-29 10:22 - 2013-06-29 10:18 - 00009947 _____ C:\Users\Calvin\AppData\ZbThumbnail.info
2013-06-29 10:18 - 2012-12-08 01:23 - 00005120 _____ C:\Users\Calvin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-29 09:40 - 2013-06-29 09:40 - 00000000 ____D C:\ProgramData\Recovery
2013-06-29 09:25 - 2013-03-23 11:54 - 00010695 _____ C:\Windows\IE10_main.log
2013-06-29 09:24 - 2013-06-29 09:24 - 00846864 _____ (Microsoft Corporation) C:\Users\Calvin\Downloads\IE10-Windows6.1-en-us (2).exe
2013-06-29 09:03 - 2013-06-29 09:03 - 00000000 ____D C:\Windows\SysWOW64\BestPractices
2013-06-29 09:03 - 2013-06-29 09:03 - 00000000 ____D C:\Windows\system32\BestPractices
2013-06-29 08:02 - 2013-06-29 08:02 - 00846864 _____ (Microsoft Corporation) C:\Users\Calvin\Downloads\IE10-Windows6.1-en-us (1).exe
2013-06-29 07:54 - 2013-06-29 07:54 - 00846864 _____ (Microsoft Corporation) C:\Users\Calvin\Downloads\IE10-Windows6.1-en-us.exe
2013-06-29 07:28 - 2011-04-14 14:47 - 00000000 ____D C:\Users\Calvin\Documents\NeoDownloader
2013-06-28 22:54 - 2013-06-26 00:33 - 00000000 ____D C:\Program Files (x86)\PowerDataRecovery
2013-06-28 14:39 - 2013-06-28 14:39 - 00000000 ____D C:\Program Files (x86)\GetData
2013-06-28 14:39 - 2013-06-28 14:39 - 00000000 ____D C:\Program Files (x86)\CodeMeter
2013-06-28 14:18 - 2013-06-28 14:16 - 32616696 _____ ({code:GDConstant|CompanyName}                               ) C:\Users\Calvin\Downloads\RecoverMyFiles-Setup.exe
2013-06-28 14:12 - 2013-06-28 14:12 - 01117856 _____ C:\Users\Calvin\Downloads\recovermyfilesdatarecoverysoftware-setup.exe
2013-06-27 20:19 - 2013-06-26 23:22 - 00203423 _____ C:\EDPR.log
2013-06-26 23:07 - 2013-06-26 23:06 - 03432173 _____ C:\Users\Calvin\Downloads\testdisk-6.13.win.zip
2013-06-26 22:52 - 2013-06-26 22:52 - 03729500 _____ C:\Users\Calvin\Downloads\testdisk-6.14-WIP.win.zip
2013-06-26 22:15 - 2013-06-26 22:15 - 05998352 _____ (EaseUS                                                      ) C:\Users\Calvin\Downloads\drw_free.exe
2013-06-26 22:15 - 2013-06-26 22:15 - 00001222 _____ C:\Users\Public\Desktop\EaseUS Data Recovery Wizard 6.0 .lnk
2013-06-26 22:15 - 2011-04-07 17:49 - 00000000 ____D C:\Program Files (x86)\EASEUS
2013-06-26 16:45 - 2013-06-26 16:34 - 04918176 _____ (SoftOrbits                                                  ) C:\Users\Calvin\Downloads\flashrecovery.exe
2013-06-26 16:03 - 2013-06-26 16:03 - 02707448 _____ (Piriform Ltd) C:\Users\Calvin\Downloads\rcsetup147_slim.exe
2013-06-26 13:13 - 2012-12-10 10:21 - 00000000 ____D C:\Users\Calvin\AppData\Local\FileTypeAssistant
2013-06-26 13:11 - 2013-06-26 13:11 - 01879632 _____ (InstallX, LLC) C:\Users\Calvin\Downloads\freefileviewer_730 (1).exe
2013-06-26 00:33 - 2013-06-26 00:31 - 05915680 _____ (MiniTool Solution Ltd.                                      ) C:\Users\Calvin\Downloads\pdr6free.exe
2013-06-26 00:31 - 2013-06-26 00:31 - 00000000 ____D C:\Users\Calvin\AppData\Local\Spoon
2013-06-26 00:29 - 2013-06-26 00:29 - 00000000 ____D C:\Windows\Downloaded Installations
2013-06-26 00:29 - 2013-06-26 00:27 - 25374157 _____ (Recover Files, Inc.                                         ) C:\Users\Calvin\Downloads\recover-files-premium-setup.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-07-23 00:55
 
==================== End Of Log ============================
 
Thanks Borislav!
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Thanks! :)

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites
dadgumdabit

dadgumdabit

Posted
  • Author
Posted

Whew!  The ESET text.

 

C:\Program Files (x86)\FoxTabVideoConverter\VideoConverter.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
C:\Users\Calvin\AppData\Roaming\1O1L1I1PtF1F1C1N\Adobe AIR Free Download Packages\uninstaller.exe a variant of Win32/InstallCore.AZ application cleaned by deleting - quarantined
C:\Users\Calvin\AppData\Roaming\1O1L1I1PtF1F1C1N\Adobe Reader Free Download Packages\uninstaller.exe a variant of Win32/InstallCore.AZ application cleaned by deleting - quarantined
C:\Users\Calvin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-us.cab Win32/OpenCandy application deleted - quarantined
C:\Users\Calvin\Downloads\cbsidlm-tr1_13-PhotoRescue-SEO-10160919.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\Calvin\Downloads\cbsidlm-tr1_8-Debs_Pro_Karaoke_Player-SEO2-10698384.exe Win32/DownloadAdmin.E application cleaned by deleting - quarantined
C:\Users\Calvin\Downloads\cbsidlm-tr1_8-TriKaraoke_MP3G_Player_Free-SEO2-10806257.exe Win32/DownloadAdmin.E application cleaned by deleting - quarantined
C:\Users\Calvin\Downloads\cnet_bootmed1_64bit_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Calvin\Downloads\cnet_bootmed1_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Calvin\Downloads\cnet_freezonlinetv142_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Calvin\Downloads\Download.exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined
C:\Users\Calvin\Downloads\freefileviewer_730 (1).exe a variant of Win32/InstallIQ.A application cleaned by deleting - quarantined
C:\Users\Calvin\Downloads\freefileviewer_730.exe a variant of Win32/InstallIQ.A application cleaned by deleting - quarantined
C:\Users\Calvin\Downloads\gb3-setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\Calvin\Downloads\imf-setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\Calvin\Downloads\recovermyfilesdatarecoverysoftware-setup.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\Calvin\Downloads\Setup.exe a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined
C:\Users\Calvin\Downloads\WinRARSetup.exe Win32/InstallCore.BL application cleaned by deleting - quarantined
C:\Users\Calvin\Downloads\xtrphogrades5_silver_en.exe a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
C:\Users\Calvin\Downloads\Software\VideoConverterSetup.exe a variant of Win32/SweetIM.B application cleaned by deleting - quarantined
C:\Users\Calvin\Downloads\Tools\cbsidlm-tr1_5-D7-75450656.exe multiple threats cleaned by deleting - quarantined
C:\Users\Calvin\Downloads\Tools\InstallFreeRARExtractFrog.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
 
Thanks.  What's next?
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites
dadgumdabit

dadgumdabit

Posted
  • Author
Posted

Yesterday, before I started using ESET, IE will not start up.  Most sites will load, but not ie, homepage, or messages shut Ie.  I used chrome for the eset and today for the KIS.  I don't know how load directly to the desktop in chrome, so downloading and coping exe file to desktop.  Only way I know. 

 

The only threat so far was a pasta.ipb??  Kaspersky immediately stopped working and new screens came up saying will now clean threat, and will reboot after cleaning.  scanned, said threat removed, and rebooted.  Had to reload and I'm now still in running objects with no  threats showing.   Kaspersky is currenlty saying another 16 hrs to run.  Some files are saying (in objects) file is password protected.  Unless you say I did something wrong,  I'm continuing.

Link to post
Share on other sites
dadgumdabit

dadgumdabit

Posted
  • Author
Posted

For the past 4-5 hours KIS seems stuck on spybot (c:\users\allusers\Spy...\startup.lasshes).  The computer hd seems to be searching, but not change in files, time, or objects completed at 80%.  Should I shut down spybot or keep everything as is?

 

Thanks.

Link to post
Share on other sites
dadgumdabit

dadgumdabit

Posted
  • Author
Posted

Clicked on KIS help, KIS was not responding.  Waited, no change.  Went to resource monitor found a svchost,exe was suspended right with KIS.  Resumed.  KIS was finished 7 hours ago.  Here is list of all malware found.  This did not include the pasta malware earlier, but the program did not as I could see allow me to report on it.

 

Status: Deleted   (events: 9)
7/28/2013 7:07:07 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.c C:\TDSSKiller_Quarantine\21.07.2013_16.50.42\susp0000\svc0000\tsk0000.dta High
7/28/2013 7:07:12 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.c C:\TDSSKiller_Quarantine\21.07.2013_16.50.42\susp0013\svc0000\tsk0000.dta High
7/28/2013 7:07:16 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.c C:\TDSSKiller_Quarantine\21.07.2013_16.50.42\susp0026\svc0000\tsk0000.dta High
7/28/2013 7:07:45 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.c C:\TDSSKiller_Quarantine\21.07.2013_19.49.19\susp0000\svc0000\tsk0000.dta High
7/28/2013 7:08:01 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.c C:\TDSSKiller_Quarantine\21.07.2013_19.54.27\susp0000\svc0000\tsk0000.dta High
7/28/2013 7:08:03 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.c C:\TDSSKiller_Quarantine\21.07.2013_20.00.02\susp0000\svc0000\tsk0000.dta High
7/28/2013 7:08:06 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.c C:\TDSSKiller_Quarantine\24.07.2013_17.35.32\susp0000\svc0000\tsk0000.dta High
7/28/2013 7:08:54 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.c C:\TDSSKiller_Quarantine\24.07.2013_17.40.54\susp0000\svc0000\tsk0000.dta High
7/28/2013 7:08:59 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.c C:\TDSSKiller_Quarantine\24.07.2013_17.45.30\susp0000\svc0000\tsk0000.dta High
 
Thanks.
Link to post
Share on other sites
dadgumdabit

dadgumdabit

Posted
  • Author
Posted

Still the same I think.  IE down, I shut down Webroot and spybot.  Started Microsoft Security Essentials back up and finished the long scan, no hits, but that was the way it was before.

 

What next?

Best regards,

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Still the same I think.  IE down, I shut down Webroot and spybot.  Started Microsoft Security Essentials back up and finished the long scan, no hits, but that was the way it was before.

 

What next?

Best regards,

Internet Explorer is not working? Microsoft Security Essentials not scanning?

I don't understand you.

Link to post
Share on other sites
dadgumdabit

dadgumdabit

Posted
  • Author
Posted

Internet explorer is working, only partially.  When I load ie, I get errors (there is a problem . . .)  twice, and then the bar at the bottom comes up.  IE will not open my home site, my provider.  Will not open my email.  I can open google and most other apps using ie, but not all of them.  I'm still using chrome to send these messages.  MSE scans, but is not finding anything.  One of the original problems with the computer.  And, I still can't load mbam.

 

Sorry if confusing.  Am trying.

 

Thanks.

Link to post
Share on other sites
dadgumdabit

dadgumdabit

Posted
  • Author
Posted

Didn't work.  When I try the fix it, I get Windows installer service could not be accessed.  Did check service was running.  Reset manually, but no change to loading the home, mail or default page.  Just gives error as before.  

 

So, tried deleting IE and reinstalling.  No change from before I could see.  I also deleted mse, then spybot and webroot secureanytime.  At least I tried, through control panel.  Not sure they were deleted.  Then reinstalled MSE an ran scan.  no threats found,

 

Something keeps interfering with the installer service.  Did check it using windows adviser, but seemed ok.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

I would like to know the exactly error of Windows Installer Service. Also:

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
Link to post
Share on other sites
dadgumdabit

dadgumdabit

Posted
  • Author
Posted
Farbar Service Scanner Version: 26-07-2013
Ran by Calvin (administrator) on 31-07-2013 at 08:56:40
Running from "C:\Users\Calvin\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
 
IE:
click on IE (Taskbar)  IE starts up, correct toolbars showing.
Window title on top now: Welcome to centurylink.net
 
1st error:  Internet Explorer has stopped working
A problem caused the program to stop working correctly.  Windows will close the program and notify you if a solution  is available.
Close program
 
2nd error:  Internet Explorer has stopped working
A\Windows is checking for a solution to the problem...
Cancel
 
Bottom after 1st error: centurylink.net is not responding. (my homepage)   Across in same box: Recover webpage.
after clicking recover:  A problem with this webpage caused Internet Explorer to close and reopen the tab.
 
Then continues with toolbars loaded:
 
We were unable to return you to centurylink.net.
Internet Explorer has stopped trying to restore this website. It appears that the website continues to have a problem. What you can do:

* Go to your home page

* Try to return to centurylink.net

More information

 
Window title on top now: Website restore error
 
Now, if I click on any other item on my favorites toolbar, besides default, home, email, and a few others like local weather.  Windows opens as it should.  
 
When I first reinstalled IE9, the second and third time I tried to open, it worked as it should, but then same issue resumed.
 
Java,  Also before I was talking to you, I tried to delete and install java, first using RUJava got error not found I think.  Then when installing.  Can't use already loaded or something like that.
 
I still can't load MBAM
 
Thanks
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.

      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Link to post
Share on other sites
dadgumdabit

dadgumdabit

Posted
  • Author
Posted
Downloaded mbam clean

Do you want to allow .... Yes

This utility will remove all traces... Yes

Need to reboot... Yes

 

Rebooted

 

Startup loaded normally, nothing different.

MSE set to disable realtime protection.

 

mbam setup 175 loaded

Do you want to run... Run

Do you want to allow... Yes

...setup

Accept agreement.

 

Error at installing  c:\...\Programs\Malwarebytes' Anti=Malware.Ink:

CoCreateInstance faild; code 0x80040154.  Class not registered.

 

Error at installing  c:\...\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.Ink.

CoCreateInstance faild; code 0x80040154.  Class not registered

 

Click OK


Error at installing  c:\...\Programs\Malwarebytes' Anti-Malware help.Ink:

CoCreateInstance faild; code 0x80040154.  Class not registered.

 


Click OK


Error at installing  c:\...\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes Anti-Malware.Ink:

CoCreateInstance faild; code 0x80040154.  Class not registered.

 


Click OK


Error at installing  c:\Public\Desktop\Malwarebytes Anti-Malware.Ink:

CoCreateInstance faild; code 0x80040154.  Class not registered.


 



Click OK

 

Completing...Setup Wizard.

Click Finish

 



Run-time error '372': Failed to load control 'vbalGrid' from vbalsgrid6.ocx. Your version of vbalsgrid6.ocx may be outdated. Make sure you are using the version of the control that was provided with your application.

 


Click OK

Run-time error '372': Failed to load control 'vbalGrid' from vbalsgrid6.ocx. Your version of vbalsgrid6.ocx may be outdated. Make sure you are using the version of the control that was provided with your application.

 



Click OK

Run-time error '372': Failed to load control 'vbalGrid' from vbalsgrid6.ocx. Your version of vbalsgrid6.ocx may be outdated. Make sure you are using the version of the control that was provided with your application.

 

End of errors no other loading.

 

Hope this helps.

Link to post
Share on other sites
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept