Jump to content

Got The FBI Moneypack

Tk4006
 Share

Recommended Posts

Tk4006

Tk4006

Posted
Posted

Can someone please look at my log file below and give me any help safemode does not work. Thanks All

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-07-2013 04
Ran by SYSTEM on 27-07-2013 22:41:16
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor)
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [brStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2011-05-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [454600 2013-02-28] (McAfee, Inc.)
HKU\Default\...\Run: [sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\Run: [sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Public\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation)
HKU\T\...\Run: [sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\T\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\T\AppData\Local\Temp\uslqhyvpxomfggwmb.exe [67584 2013-07-26] () <===== ATTENTION
HKU\T\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation)
HKU\T\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\T\...\Command Processor: "C:\Users\T\AppData\Local\Temp\uslqhyvpxomfggwmb.exe" <===== ATTENTION!
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
ShortcutTarget: HP SimpleSave Monitor.lnk ->  (No File)

==================== Services (Whitelisted) =================

S2 BackupService; C:\Users\T\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [120592 2013-05-22] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [388680 2013-06-15] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-02-28] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-04-03] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-04-03] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-04-03] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [179664 2013-04-03] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309968 2013-04-03] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [516608 2013-04-03] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [772944 2013-04-03] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [337120 2013-02-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95856 2013-02-18] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [342416 2013-04-03] (McAfee, Inc.)
S2 monblanking; C:\Windows\System32\DRIVERS\monblanking.sys [34048 2013-03-13] (Citrix Systems, Inc.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-27 22:41 - 2013-07-27 22:41 - 00000000 ____D C:\FRST
2013-07-27 20:25 - 2013-07-27 20:25 - 65273856 _____ C:\Windows\System32\config\SOFTWARE.bhv
2013-07-27 20:25 - 2013-07-27 20:25 - 20447232 _____ C:\Windows\System32\config\SYSTEM.bhv
2013-07-27 20:25 - 2013-07-27 20:25 - 01310720 _____ C:\Windows\System32\config\DEFAULT.bhv
2013-07-27 20:25 - 2013-07-27 20:25 - 00262144 _____ C:\Windows\System32\config\SECURITY.bhv
2013-07-27 20:25 - 2013-07-27 20:25 - 00262144 _____ C:\Windows\System32\config\SAM.bhv
2013-07-27 19:48 - 2013-07-27 19:48 - 00000000 ____D C:\$Anvi Rescue Disk$
2013-07-26 15:19 - 2013-07-26 15:19 - 00003160 ____N C:\bootsqm.dat
2013-07-26 15:14 - 2013-07-26 15:14 - 01097678 _____ C:\Users\T\AppData\Local\2433f433
2013-07-26 15:14 - 2013-07-26 15:14 - 01097604 _____ C:\Users\T\AppData\Roaming\2433f433
2013-07-26 15:14 - 2013-07-26 15:14 - 01097600 _____ C:\ProgramData\2433f433
2013-07-25 18:29 - 2013-07-25 18:29 - 00000000 ____D C:\Users\T\AppData\Local\{82A1BC79-9150-43F2-ACE8-A9330646AAE4}
2013-07-25 15:52 - 2013-07-26 14:44 - 00001806 _____ C:\Users\Public\Desktop\McAfee Security Center.lnk
2013-07-25 15:52 - 2013-07-26 14:44 - 00001806 _____ C:\ProgramData\Desktop\McAfee Security Center.lnk
2013-07-25 15:52 - 2012-05-28 10:28 - 00197264 _____ (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys
2013-07-25 15:51 - 2013-07-27 20:35 - 00000000 ____D C:\Program Files\McAfee
2013-07-25 15:51 - 2013-07-25 15:51 - 00000000 ____D C:\Program Files\McAfee.com
2013-07-25 15:51 - 2013-07-25 15:51 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2013-07-25 15:51 - 2013-04-03 13:34 - 00182752 _____ (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2013-07-25 15:42 - 2013-07-25 15:42 - 05102984 _____ (McAfee, Inc.) C:\Users\T\Downloads\McAfeeSetup(1).exe
2013-07-24 22:21 - 2013-07-24 22:21 - 00000000 ____D C:\Users\T\AppData\Roaming\McAfee
2013-07-24 22:19 - 2013-07-24 22:19 - 00578640 _____ (McAfee, Inc.) C:\Users\T\Downloads\MVTInstaller.exe
2013-07-24 22:19 - 2013-07-24 22:19 - 00578640 _____ (McAfee, Inc.) C:\Users\T\Downloads\MVTInstaller(2).exe
2013-07-24 22:19 - 2013-07-24 22:19 - 00578640 _____ (McAfee, Inc.) C:\Users\T\Downloads\MVTInstaller(1).exe
2013-07-23 16:53 - 2013-07-23 16:53 - 00000000 ____D C:\Users\T\AppData\Local\{A2FB41DF-4E37-4A20-829B-458A3156E1F0}
2013-07-22 16:30 - 2013-07-23 16:58 - 01049135 _____ C:\Users\T\Documents\13VSC3700.ENV
2013-07-22 09:50 - 2013-07-22 09:50 - 00000000 ____D C:\Users\T\AppData\Local\{9F284BB8-94B5-4154-A440-5AB2CA928516}
2013-07-19 11:55 - 2013-07-19 11:55 - 00000000 ____D C:\Users\T\AppData\Local\{29F8CD13-9144-454D-BF7C-6CDE1B8D723D}
2013-07-18 20:05 - 2013-07-18 20:05 - 00000000 ____D C:\Users\T\AppData\Local\{72C605C0-53C1-47D3-9BB3-B9F4CBE6AB22}
2013-07-16 17:00 - 2013-07-16 17:00 - 00000000 ____D C:\Users\T\AppData\Local\{60953837-00C4-45A0-84D7-24DFD537D5CD}
2013-07-16 16:33 - 2013-07-16 16:37 - 00850362 _____ C:\Users\T\Documents\13VSC0497.ENV
2013-07-15 16:33 - 2013-07-15 16:34 - 00000000 ____D C:\Users\T\AppData\Local\{B7863A29-D7F9-457E-AFFB-F9A4B574A85E}
2013-07-13 11:26 - 2013-07-13 11:26 - 00000000 ____D C:\Users\T\AppData\Local\{1C37073A-8BA0-480B-8D01-CA96180C6E13}
2013-07-13 11:03 - 2013-07-13 11:03 - 00000000 ____D C:\Users\T\AppData\Local\{38FAA561-BA50-4DCF-9567-9192C16EB362}
2013-07-13 10:35 - 2013-07-13 10:35 - 00000000 ____D C:\Users\T\AppData\Local\{8034F250-B4C6-4074-9B59-20F403FC9AB4}
2013-07-11 12:33 - 2013-07-11 12:34 - 00000000 ____D C:\Users\T\AppData\Local\{34E96E0F-99A9-43C8-961E-E055CA857796}
2013-07-11 10:55 - 2013-07-11 10:55 - 00000000 ____D C:\Users\T\AppData\Local\{03E68801-310C-4CF1-9E6C-830669FB784A}
2013-07-10 22:55 - 2013-07-10 22:55 - 00000000 ____D C:\Users\T\AppData\Local\{6A831AA8-8C9E-401A-BDC4-3E86A76BE2D7}
2013-07-10 10:55 - 2013-07-10 10:55 - 00000000 ____D C:\Users\T\AppData\Local\{C3A18543-B8E9-4221-9E69-01C5CE29BA0A}
2013-07-09 22:09 - 2013-06-11 18:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-09 22:09 - 2013-06-11 18:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-09 22:09 - 2013-06-11 18:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-09 22:09 - 2013-06-11 18:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-09 22:09 - 2013-06-11 18:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-09 22:09 - 2013-06-11 18:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-09 22:09 - 2013-06-11 18:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-09 22:09 - 2013-06-11 18:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-09 22:09 - 2013-06-11 18:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-09 22:09 - 2013-06-11 18:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-09 22:09 - 2013-06-11 18:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-09 22:09 - 2013-06-11 18:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-09 22:09 - 2013-06-11 18:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-09 22:09 - 2013-06-11 18:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-09 22:09 - 2013-06-11 18:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-09 22:09 - 2013-06-11 18:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-09 22:09 - 2013-06-11 18:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-09 22:09 - 2013-06-11 18:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-09 22:09 - 2013-06-11 18:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-09 22:09 - 2013-06-11 18:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-09 22:09 - 2013-06-11 18:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-09 22:09 - 2013-06-11 18:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-09 22:09 - 2013-06-11 18:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-09 22:09 - 2013-06-11 18:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-09 22:09 - 2013-06-11 18:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-09 22:09 - 2013-06-11 18:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-09 22:09 - 2013-06-11 18:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-09 22:09 - 2013-06-11 17:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-09 22:09 - 2013-06-11 17:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-09 22:09 - 2013-06-06 22:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-09 22:09 - 2013-06-06 21:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-09 19:24 - 2013-07-09 19:24 - 00000000 ____D C:\Users\T\AppData\Local\{EF31F38A-CAC3-4920-85A0-572B5BFECAC1}
2013-07-09 18:28 - 2013-06-04 01:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-09 18:28 - 2013-06-03 23:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-09 18:28 - 2013-05-06 01:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-09 18:28 - 2013-05-05 23:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-09 18:27 - 2013-06-04 22:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-09 18:25 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-09 18:25 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-05 11:07 - 2013-07-05 11:07 - 00000000 ____D C:\Users\T\AppData\Local\{415DA1C2-B3F3-4758-ADAC-6714912259D0}
2013-07-03 07:57 - 2013-07-03 07:57 - 00000000 ____D C:\Users\T\AppData\Local\{7F022855-EADC-4FAC-A323-042A3614ECBC}
2013-07-02 16:40 - 2013-07-02 16:40 - 01144089 _____ C:\Users\T\Downloads\1695500979
2013-07-02 16:36 - 2013-07-02 16:36 - 00000000 ____D C:\Users\T\AppData\Local\{35F95DDF-D814-415C-A718-5CEA291302CB}
2013-07-01 12:34 - 2013-07-01 12:34 - 00000000 ____D C:\Users\T\AppData\Local\{CE44540F-D8F3-4565-BB20-6CC51F6D109C}
2013-06-30 15:59 - 2013-06-30 15:59 - 00000000 ____D C:\Users\T\AppData\Local\{44B2BB29-5700-4331-A73C-E9EA58A0B7E5}
2013-06-28 15:39 - 2013-06-28 17:39 - 00000000 ____D C:\Users\T\AppData\Local\ACI PDF Printer
2013-06-28 08:03 - 2013-06-28 08:03 - 00000000 ____D C:\Users\T\AppData\Local\{B502142D-ED78-4BEF-8E11-707EF480AFB5}
2013-06-27 14:47 - 2013-06-27 14:47 - 00000000 ____D C:\Users\T\AppData\Local\{FB4E8CE3-75FB-4DF1-A72F-AD01388A4AA8}

==================== One Month Modified Files and Folders =======

2013-07-27 22:41 - 2013-07-27 22:41 - 00000000 ____D C:\FRST
2013-07-27 20:35 - 2013-07-25 15:51 - 00000000 ____D C:\Program Files\McAfee
2013-07-27 20:35 - 2013-06-07 16:53 - 00000000 ____D C:\ProgramData\HPSS
2013-07-27 20:35 - 2013-05-28 17:02 - 00000000 ____D C:\Program Files\DIFX
2013-07-27 20:35 - 2013-05-14 01:26 - 00000000 ____D C:\Program Files (x86)\BDE
2013-07-27 20:35 - 2013-05-14 01:26 - 00000000 ____D C:\Program Files (x86)\ACI
2013-07-27 20:35 - 2013-05-13 09:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-27 20:35 - 2013-05-12 09:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-27 20:35 - 2013-05-12 09:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-27 20:35 - 2013-05-12 09:27 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-07-27 20:35 - 2013-05-12 02:28 - 00000000 ____D C:\Brother
2013-07-27 20:35 - 2013-05-12 02:27 - 00000000 ____D C:\Program Files (x86)\Browny02
2013-07-27 20:35 - 2013-05-12 02:15 - 00000000 ____D C:\ProgramData\Brother
2013-07-27 20:35 - 2013-05-12 01:54 - 00000000 ____D C:\ProgramData\ACI
2013-07-27 20:35 - 2013-05-12 01:45 - 00000000 ____D C:\ApexWin
2013-07-27 20:35 - 2013-05-12 01:16 - 00000000 ____D C:\Program Files\BDE
2013-07-27 20:35 - 2013-05-12 01:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-27 20:35 - 2013-05-12 01:15 - 00000000 ____D C:\Program Files (x86)\ControlCenter4
2013-07-27 20:35 - 2013-05-12 01:14 - 00000000 ____D C:\Program Files (x86)\Brother
2013-07-27 20:35 - 2013-05-12 01:14 - 00000000 ____D C:\Program Files (x86)\ACI32
2013-07-27 20:35 - 2013-05-12 01:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-07-27 20:35 - 2013-05-11 23:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-27 20:35 - 2011-03-02 00:07 - 00000000 ____D C:\Program Files\Realtek
2013-07-27 20:35 - 2011-03-01 23:53 - 00000000 ____D C:\Program Files\Dell Games Folder
2013-07-27 20:35 - 2011-03-01 22:31 - 00000000 ____D C:\Program Files (x86)\TrustedID
2013-07-27 20:35 - 2011-03-01 22:31 - 00000000 ____D C:\Program Files (x86)\Jagex
2013-07-27 20:35 - 2011-03-01 22:30 - 00000000 ____D C:\Program Files\Roxio
2013-07-27 20:35 - 2011-03-01 22:26 - 00000000 ____D C:\ProgramData\McAfee
2013-07-27 20:35 - 2011-03-01 22:26 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-07-27 20:35 - 2011-03-01 22:26 - 00000000 ____D C:\Program Files (x86)\Dell
2013-07-27 20:35 - 2011-03-01 22:24 - 00000000 ____D C:\Program Files\Windows Live
2013-07-27 20:35 - 2011-03-01 22:24 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-07-27 20:35 - 2011-03-01 22:21 - 00000000 ____D C:\Program Files (x86)\eBay
2013-07-27 20:35 - 2011-03-01 22:20 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-27 20:35 - 2011-03-01 22:19 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-07-27 20:35 - 2011-03-01 22:15 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-07-27 20:35 - 2011-03-01 22:10 - 00000000 ____D C:\Program Files\Dell Inc
2013-07-27 20:35 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-27 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-07-27 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-07-27 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-07-27 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-27 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-07-27 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\MSBuild
2013-07-27 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Microsoft Games
2013-07-27 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-07-27 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-07-27 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-07-27 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-07-27 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-27 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-07-27 20:35 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Windows NT
2013-07-27 20:35 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-07-27 20:35 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Services
2013-07-27 20:35 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-27 20:35 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2013-07-27 20:34 - 2013-05-14 01:26 - 00000000 ____D C:\Users\Public\ACI
2013-07-27 20:34 - 2013-05-14 01:23 - 00000000 ____D C:\Users\T\AppData\Local\Cached Installations
2013-07-27 20:34 - 2013-05-13 10:01 - 00000000 ____D C:\Windows\System32\Macromed
2013-07-27 20:34 - 2013-05-13 03:03 - 00000000 ____D C:\Windows\System32\SPReview
2013-07-27 20:34 - 2013-05-13 03:02 - 00000000 ____D C:\Windows\System32\EventProviders
2013-07-27 20:34 - 2013-05-12 03:04 - 00000000 ____D C:\Users\T\AppData\Roaming\ControlCenter4
2013-07-27 20:34 - 2013-05-12 01:48 - 00000000 ____D C:\Windows\Crystal
2013-07-27 20:34 - 2013-05-12 01:29 - 00000000 ____D C:\Windows\SysWOW64\oem
2013-07-27 20:34 - 2013-05-12 01:25 - 00000000 ____D C:\Users\T\AppData\Roaming\HP SimpleSave Application
2013-07-27 20:34 - 2013-05-12 01:05 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-07-27 20:34 - 2013-05-11 23:41 - 00000000 ____D C:\Users\T\AppData\Local\Stardock_Corporation
2013-07-27 20:34 - 2013-05-11 23:37 - 00000000 ___RD C:\Users\T\Desktop\Play Games
2013-07-27 20:34 - 2013-05-11 12:40 - 00000000 ____D C:\Windows\SMINST
2013-07-27 20:34 - 2011-03-02 00:07 - 00000000 ____D C:\Windows\SysWOW64\x64
2013-07-27 20:34 - 2011-03-02 00:07 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-07-27 20:34 - 2011-03-02 00:07 - 00000000 ____D C:\Windows\SysWOW64\Lang
2013-07-27 20:34 - 2011-03-01 23:53 - 00000000 ___RD C:\Users\Default\Desktop\Play Games
2013-07-27 20:34 - 2011-03-01 23:53 - 00000000 ___RD C:\Users\Default User\Desktop\Play Games
2013-07-27 20:34 - 2011-03-01 22:32 - 00000000 __HDC C:\ProgramData\{04A07C23-5821-4F25-BF46-1188636AE238}
2013-07-27 20:34 - 2011-03-01 22:25 - 00000000 ____D C:\Windows\en
2013-07-27 20:34 - 2011-03-01 22:20 - 00000000 ____D C:\ProgramData\Skype
2013-07-27 20:34 - 2011-03-01 22:16 - 00000000 ____D C:\ProgramData\WildTangent
2013-07-27 20:34 - 2011-03-01 22:10 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-07-27 20:34 - 2009-07-14 02:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-27 20:34 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\SysWOW64\winrm
2013-07-27 20:34 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\SysWOW64\WCN
2013-07-27 20:34 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2013-07-27 20:34 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2013-07-27 20:34 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\System32\winrm
2013-07-27 20:34 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\System32\WCN
2013-07-27 20:34 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\System32\slmgr
2013-07-27 20:34 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2013-07-27 20:34 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2013-07-27 20:34 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\WindowsPowerShell
2013-07-27 20:34 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2013-07-27 20:34 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\restore
2013-07-27 20:34 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Performance
2013-07-27 20:34 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-07-27 20:34 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\addins
2013-07-27 20:34 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-07-27 20:34 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\Setup
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Web
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\TAPI
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\uk-UA
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\th-TH
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sppui
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\spp
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Speech
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sl-SI
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ro-RO
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Recovery
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ras
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\NetworkList
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Msdtc
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\IME
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\icsxml
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\hr-HR
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\com
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\bg-BG
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\uk-UA
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\th-TH
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sysprep
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sr-Latn-CS
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sppui
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\spp
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\spool
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Speech
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\SMI
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sl-SI
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sk-SK
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Setup
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ro-RO
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ras
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\oobe
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NetworkList
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\MUI
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Msdtc
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\manifeststore
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\lv-LV
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\lt-LT
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\IME
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\icsxml
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ias
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\hr-HR
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\he-IL
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\et-EE
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Dism
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\com
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\bg-BG
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ar-SA
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Speech
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\servicing
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\security
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\schemas
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Resources
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PLA
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\L2Schemas
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\IME
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Globalization
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Cursors
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Branding
2013-07-27 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-27 20:25 - 2013-07-27 20:25 - 65273856 _____ C:\Windows\System32\config\SOFTWARE.bhv
2013-07-27 20:25 - 2013-07-27 20:25 - 20447232 _____ C:\Windows\System32\config\SYSTEM.bhv
2013-07-27 20:25 - 2013-07-27 20:25 - 01310720 _____ C:\Windows\System32\config\DEFAULT.bhv
2013-07-27 20:25 - 2013-07-27 20:25 - 00262144 _____ C:\Windows\System32\config\SECURITY.bhv
2013-07-27 20:25 - 2013-07-27 20:25 - 00262144 _____ C:\Windows\System32\config\SAM.bhv
2013-07-27 20:25 - 2013-05-11 23:37 - 00000000 ____D C:\users\T
2013-07-27 19:48 - 2013-07-27 19:48 - 00000000 ____D C:\$Anvi Rescue Disk$
2013-07-27 18:36 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-27 18:36 - 2009-07-13 23:51 - 00039659 _____ C:\Windows\setupact.log
2013-07-27 16:05 - 2013-05-13 10:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-26 16:09 - 2011-03-02 00:06 - 00040876 _____ C:\Windows\PFRO.log
2013-07-26 15:19 - 2013-07-26 15:19 - 00003160 ____N C:\bootsqm.dat
2013-07-26 15:14 - 2013-07-26 15:14 - 01097678 _____ C:\Users\T\AppData\Local\2433f433
2013-07-26 15:14 - 2013-07-26 15:14 - 01097604 _____ C:\Users\T\AppData\Roaming\2433f433
2013-07-26 15:14 - 2013-07-26 15:14 - 01097600 _____ C:\ProgramData\2433f433
2013-07-26 14:44 - 2013-07-25 15:52 - 00001806 _____ C:\Users\Public\Desktop\McAfee Security Center.lnk
2013-07-26 14:44 - 2013-07-25 15:52 - 00001806 _____ C:\ProgramData\Desktop\McAfee Security Center.lnk
2013-07-26 06:07 - 2009-07-14 00:10 - 01107870 _____ C:\Windows\WindowsUpdate.log
2013-07-25 19:25 - 2013-05-12 01:14 - 00000000 ____D C:\Appraisals2013
2013-07-25 19:06 - 2013-05-12 02:52 - 00043113 _____ C:\Users\T\Documents\Work Fees.xlsx
2013-07-25 19:05 - 2013-05-12 01:06 - 00000000 ____D C:\Users\T\AppData\Roaming\SoftGrid Client
2013-07-25 19:02 - 2013-05-15 11:50 - 00000077 _____ C:\Windows\SysWOW64\PDFWRITR.INI
2013-07-25 19:02 - 2013-05-15 11:50 - 00000077 _____ C:\Windows\SysWOW64\__PDF.INI
2013-07-25 19:02 - 2009-07-13 21:34 - 00000512 _____ C:\Windows\win.ini
2013-07-25 18:29 - 2013-07-25 18:29 - 00000000 ____D C:\Users\T\AppData\Local\{82A1BC79-9150-43F2-ACE8-A9330646AAE4}
2013-07-25 15:53 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-25 15:53 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-25 15:51 - 2013-07-25 15:51 - 00000000 ____D C:\Program Files\McAfee.com
2013-07-25 15:51 - 2013-07-25 15:51 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2013-07-25 15:50 - 2009-07-14 00:13 - 00727182 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-25 15:46 - 2013-05-11 23:40 - 00000072 _____ C:\Windows\SysWOW64\ToasterLauncherLog.log
2013-07-25 15:46 - 2013-05-11 23:40 - 00000000 ____D C:\Users\T\AppData\Local\SoftThinks
2013-07-25 15:42 - 2013-07-25 15:42 - 05102984 _____ (McAfee, Inc.) C:\Users\T\Downloads\McAfeeSetup(1).exe
2013-07-24 22:21 - 2013-07-24 22:21 - 00000000 ____D C:\Users\T\AppData\Roaming\McAfee
2013-07-24 22:19 - 2013-07-24 22:19 - 00578640 _____ (McAfee, Inc.) C:\Users\T\Downloads\MVTInstaller.exe
2013-07-24 22:19 - 2013-07-24 22:19 - 00578640 _____ (McAfee, Inc.) C:\Users\T\Downloads\MVTInstaller(2).exe
2013-07-24 22:19 - 2013-07-24 22:19 - 00578640 _____ (McAfee, Inc.) C:\Users\T\Downloads\MVTInstaller(1).exe
2013-07-23 16:58 - 2013-07-22 16:30 - 01049135 _____ C:\Users\T\Documents\13VSC3700.ENV
2013-07-23 16:53 - 2013-07-23 16:53 - 00000000 ____D C:\Users\T\AppData\Local\{A2FB41DF-4E37-4A20-829B-458A3156E1F0}
2013-07-22 09:50 - 2013-07-22 09:50 - 00000000 ____D C:\Users\T\AppData\Local\{9F284BB8-94B5-4154-A440-5AB2CA928516}
2013-07-19 11:55 - 2013-07-19 11:55 - 00000000 ____D C:\Users\T\AppData\Local\{29F8CD13-9144-454D-BF7C-6CDE1B8D723D}
2013-07-18 20:05 - 2013-07-18 20:05 - 00000000 ____D C:\Users\T\AppData\Local\{72C605C0-53C1-47D3-9BB3-B9F4CBE6AB22}
2013-07-17 16:15 - 2013-05-12 01:14 - 00000000 ____D C:\Bad Appraisals
2013-07-16 17:00 - 2013-07-16 17:00 - 00000000 ____D C:\Users\T\AppData\Local\{60953837-00C4-45A0-84D7-24DFD537D5CD}
2013-07-16 16:37 - 2013-07-16 16:33 - 00850362 _____ C:\Users\T\Documents\13VSC0497.ENV
2013-07-15 16:34 - 2013-07-15 16:33 - 00000000 ____D C:\Users\T\AppData\Local\{B7863A29-D7F9-457E-AFFB-F9A4B574A85E}
2013-07-13 11:26 - 2013-07-13 11:26 - 00000000 ____D C:\Users\T\AppData\Local\{1C37073A-8BA0-480B-8D01-CA96180C6E13}
2013-07-13 11:03 - 2013-07-13 11:03 - 00000000 ____D C:\Users\T\AppData\Local\{38FAA561-BA50-4DCF-9567-9192C16EB362}
2013-07-13 10:35 - 2013-07-13 10:35 - 00000000 ____D C:\Users\T\AppData\Local\{8034F250-B4C6-4074-9B59-20F403FC9AB4}
2013-07-11 15:25 - 2011-03-01 22:30 - 00000000 ____D C:\ProgramData\Sonic
2013-07-11 12:34 - 2013-07-11 12:33 - 00000000 ____D C:\Users\T\AppData\Local\{34E96E0F-99A9-43C8-961E-E055CA857796}
2013-07-11 10:55 - 2013-07-11 10:55 - 00000000 ____D C:\Users\T\AppData\Local\{03E68801-310C-4CF1-9E6C-830669FB784A}
2013-07-10 22:55 - 2013-07-10 22:55 - 00000000 ____D C:\Users\T\AppData\Local\{6A831AA8-8C9E-401A-BDC4-3E86A76BE2D7}
2013-07-10 10:55 - 2013-07-10 10:55 - 00000000 ____D C:\Users\T\AppData\Local\{C3A18543-B8E9-4221-9E69-01C5CE29BA0A}
2013-07-10 10:23 - 2009-07-13 23:45 - 00323904 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-09 19:24 - 2013-07-09 19:24 - 00000000 ____D C:\Users\T\AppData\Local\{EF31F38A-CAC3-4920-85A0-572B5BFECAC1}
2013-07-05 11:07 - 2013-07-05 11:07 - 00000000 ____D C:\Users\T\AppData\Local\{415DA1C2-B3F3-4758-ADAC-6714912259D0}
2013-07-03 07:57 - 2013-07-03 07:57 - 00000000 ____D C:\Users\T\AppData\Local\{7F022855-EADC-4FAC-A323-042A3614ECBC}
2013-07-02 16:40 - 2013-07-02 16:40 - 01144089 _____ C:\Users\T\Downloads\1695500979
2013-07-02 16:36 - 2013-07-02 16:36 - 00000000 ____D C:\Users\T\AppData\Local\{35F95DDF-D814-415C-A718-5CEA291302CB}
2013-07-01 12:34 - 2013-07-01 12:34 - 00000000 ____D C:\Users\T\AppData\Local\{CE44540F-D8F3-4565-BB20-6CC51F6D109C}
2013-06-30 15:59 - 2013-06-30 15:59 - 00000000 ____D C:\Users\T\AppData\Local\{44B2BB29-5700-4331-A73C-E9EA58A0B7E5}
2013-06-28 17:39 - 2013-06-28 15:39 - 00000000 ____D C:\Users\T\AppData\Local\ACI PDF Printer
2013-06-28 15:39 - 2013-05-28 15:20 - 00000000 ____D C:\Users\T\AppData\Local\{96C5ABB0-BDD9-44BB-A8B7-203F327E8B04}
2013-06-28 08:03 - 2013-06-28 08:03 - 00000000 ____D C:\Users\T\AppData\Local\{B502142D-ED78-4BEF-8E11-707EF480AFB5}
2013-06-27 14:53 - 2013-05-12 02:52 - 00039936 _____ C:\Users\T\Documents\Vendors13.xls
2013-06-27 14:47 - 2013-06-27 14:47 - 00000000 ____D C:\Users\T\AppData\Local\{FB4E8CE3-75FB-4DF1-A72F-AD01388A4AA8}

Files to move or delete:
====================
C:\Users\T\AppData\Local\Temp\uslqhyvpxomfggwmb.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-30 00:00:14
Restore point made on: 2013-07-08 00:00:10
Restore point made on: 2013-07-09 22:04:43
Restore point made on: 2013-07-17 00:00:12
Restore point made on: 2013-07-24 00:08:35

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8156.98 MB
Available physical RAM: 7363.42 MB
Total Pagefile: 8155.13 MB
Available Pagefile: 7355.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.91 GB) (Free:379.6 GB) NTFS (Disk=0 Partition=3)
Drive d: (CDlinux) (CDROM) (Total:0.11 GB) (Free:0 GB) CDFS
Drive e: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive f: (Cruzer) (Removable) (Total:3.74 GB) (Free:3.14 GB) FAT32 (Disk=1 Partition=1)
Drive k: (RECOVERY) (Fixed) (Total:13.81 GB) (Free:6.23 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C648A420)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

LastRegBack: 2013-07-23 00:46

==================== End Of Log ============================

Link to post
Share on other sites
  • Staff
gringo_pr

gringo_pr

Posted
  • Staff
Posted

Hello Tk4006

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

 HKU\T\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\T\AppData\Local\Temp\uslqhyvpxomfggwmb.exe [67584 2013-07-26] () <===== ATTENTIONHKU\T\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTIONHKU\T\...\Command Processor: "C:\Users\T\AppData\Local\Temp\uslqhyvpxomfggwmb.exe" <===== ATTENTION!2013-07-26 15:14 - 2013-07-26 15:14 - 01097678 _____ C:\Users\T\AppData\Local\2433f4332013-07-26 15:14 - 2013-07-26 15:14 - 01097604 _____ C:\Users\T\AppData\Roaming\2433f4332013-07-26 15:14 - 2013-07-26 15:14 - 01097600 _____ C:\ProgramData\2433f433C:\Users\T\AppData\Local\Temp\uslqhyvpxomfggwmb.exeDeleteJunctionsInDirectory: C:\Program Files\Windows DefenderDeleteJunctionsInDirectory: C:\Program Files\Microsoft Security ClientDeleteJunctionsIndirectory: C:\Windows\system64cmd: Dir /b /a:l "C:\Program Files" /s
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST again like we did before but this time press the Fix button just once and wait.

The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo

Link to post
Share on other sites
  • Staff
gringo_pr

gringo_pr

Posted
  • Staff
Posted

Hello Tk4006

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept