hikittie Posted August 25, 2013 ID:720338 Share Posted August 25, 2013 When I start my laptop I have a screen saying my PC is blocked and to pay $300 via MoneyPak. I have tried to boot in safe mode and can not. Can someone please help me remove this virus? I have windows 7 home 64 bit. Link to post Share on other sites More sharing options...
MrCharlie Posted August 25, 2013 ID:720346 Share Posted August 25, 2013 Welcome to the forum, here's how we deal with that malware:Please download Farbar Recovery Scan Tool and save it to a flash drive. Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Plug the flash drive into the infected PC.If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt. If you are using Vista or Windows 7 enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used. To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup Repair System Restore Windows Complete PC Restore Windows Memory Diagnostic Tool Command Prompt Select Command Prompt Once in the Command Prompt:In the command window type in notepad and press Enter.The notepad opens. Under File menu select Open.Select "Computer" and find your flash drive letter and close the notepad.In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive.The tool will start to run.When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.MrC Link to post Share on other sites More sharing options...
hikittie Posted August 25, 2013 Author ID:720368 Share Posted August 25, 2013 Thank you for helping me! I did as you asked & this is the log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2013 02Ran by SYSTEM on 25-08-2013 12:07:52Running from G:\Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-02-19] (Lenovo (Beijing) Limited)HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-02-19] (Lenovo(beijing) Limited)HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-02-19] (Lenovo)Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)HKLM-x32\...\Run: [331BigDog] - C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro)HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)HKLM-x32\...\Run: [VitaKeyTSR] - C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-13] (Egis Technology Inc. )HKLM-x32\...\Run: [PLTSR] - C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-02-19] (Lenovo)HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-24] (CyberLink)HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-24] (CyberLink Corp.)HKLM-x32\...\Run: [updateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)HKLM-x32\...\Run: [updatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2012-10-24] (Kaspersky Lab ZAO)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [ROC_roc_ssl_v12] - "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [x]HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)HKU\Mike\...\Run: [EasyTether] - C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe [48648 2011-05-22] (Mobile Stream)HKU\Mike\...\Run: [PC Speed Boost] - C:\Program Files (x86)\PC Speed Boost\PCSBLauncher.exe [107816 2013-03-15] (PC Speed Boost)HKU\Mike\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6581488 2013-08-15] (SUPERAntiSpyware)HKU\Mike\...\Run: [WRHUZ4gRTR9.exe] - C:\Users\Mike\AppData\Local\YRmcSvB2N\WRHUZ4gRTR9.exe [113664 2013-08-25] (Mzkzc Bxxvsb)HKU\Mike\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTIONHKU\Mike\...\Command Processor: "C:\Users\Mike\AppData\Local\YRmcSvB2N\WRHUZ4gRTR9.exe" <===== ATTENTION!AppInit_DLLs-x32: c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll [2691536 2013-07-26] ()Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilterStartup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnkShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()==================== Services (Whitelisted) =================S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2012-10-24] (Kaspersky Lab ZAO)S2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2847696 2013-07-26] ()S2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )S2 FastFreeConverterUpdt; C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [687104 2012-11-26] ()==================== Drivers (Whitelisted) ====================S3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [20752 2011-05-22] (Mobile Stream)S0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)S1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-10-24] (Kaspersky Lab)S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228224 2010-10-21] (Vimicro Corporation)S3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)S3 BcmSqlStartupSvc;S2 CLKMSVC10_3A60B698;S2 CLKMSVC10_C3B3B687;S2 DriverService;S2 IAStorDataMgrSvc;S2 iATAgentService;S2 idealife Update Service;S3 IGRS;S2 IviRegMgr;S2 nvUpdatusService;S2 Oasis2Service;S2 PCCarerService;S2 ReadyComm.DirectRouter;S2 RichVideo;S2 RtLedService;S2 SeaPort;S2 SoftwareService;S3 SQLWriter;S2 Stereo Service;==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-08-25 08:32 - 2013-08-25 08:32 - 00182272 _____ C:\Users\Mike\AppData\Roaming\ZNwGrG7XUFm2013-08-25 08:32 - 2013-08-25 08:32 - 00182272 _____ C:\Users\Mike\AppData\Local\i6ekHSXj2013-08-25 08:32 - 2013-08-25 08:32 - 00182272 _____ C:\ProgramData\SiU5LTTOH2013-08-25 08:31 - 2013-08-25 08:31 - 00182272 _____ C:\Users\Mike\AppData\Roaming\rp0iC0v212013-08-25 08:31 - 2013-08-25 08:31 - 00182272 _____ C:\Users\Mike\AppData\Local\X8ZEsc7V2kZ2013-08-25 08:31 - 2013-08-25 08:31 - 00182272 _____ C:\ProgramData\YY7xmJFnSL62013-08-25 08:30 - 2013-08-25 08:33 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert2013-08-25 07:58 - 2013-08-25 07:58 - 00182272 _____ C:\Users\Mike\AppData\Roaming\z1Bzgv7QzYq2013-08-25 07:58 - 2013-08-25 07:58 - 00182272 _____ C:\Users\Mike\AppData\Local\xV7u4vqhnX2013-08-25 07:58 - 2013-08-25 07:58 - 00182272 _____ C:\ProgramData\xVhVy6Mp4UW2013-08-25 07:56 - 2013-08-25 07:56 - 00182272 _____ C:\Users\Mike\AppData\Roaming\UVcZ6NsHg2013-08-25 07:56 - 2013-08-25 07:56 - 00182272 _____ C:\Users\Mike\AppData\Local\LRQ1jxOK2013-08-25 07:56 - 2013-08-25 07:56 - 00182272 _____ C:\ProgramData\kI8AF4Q6q2013-08-25 07:50 - 2013-08-25 07:50 - 00182272 _____ C:\Users\Mike\AppData\Roaming\2GcftZ4dwZ02013-08-25 07:50 - 2013-08-25 07:50 - 00182272 _____ C:\Users\Mike\AppData\Local\twieYeW5PTX2013-08-25 07:50 - 2013-08-25 07:50 - 00182272 _____ C:\ProgramData\uCLLdt0lT2013-08-25 07:15 - 2013-08-25 07:15 - 00182272 _____ C:\Users\Mike\AppData\Roaming\hfPHjweYhj2013-08-25 07:15 - 2013-08-25 07:15 - 00182272 _____ C:\Users\Mike\AppData\Local\5SeeZ85Q2013-08-25 07:15 - 2013-08-25 07:15 - 00182272 _____ C:\ProgramData\UpfePDK12Gm2013-08-25 07:03 - 2013-08-25 07:03 - 00182272 _____ C:\Users\Mike\AppData\Roaming\YkZ7YAp7bc2013-08-25 07:03 - 2013-08-25 07:03 - 00182272 _____ C:\Users\Mike\AppData\Local\ZPCuWpqR2013-08-25 07:03 - 2013-08-25 07:03 - 00182272 _____ C:\ProgramData\cYNxDrHp12013-08-25 07:01 - 2013-08-25 07:01 - 00182272 _____ C:\Users\Mike\AppData\Roaming\CFOeFY39waW2013-08-25 07:01 - 2013-08-25 07:01 - 00182272 _____ C:\Users\Mike\AppData\Local\P9sOaZ4h2013-08-25 07:01 - 2013-08-25 07:01 - 00182272 _____ C:\ProgramData\xIYs29uX2013-08-25 06:58 - 2013-08-25 07:00 - 00000000 ____D C:\Users\Mike\AppData\Local\YRmcSvB2N2013-08-25 06:58 - 2013-08-25 06:58 - 00182272 _____ C:\Users\Mike\AppData\Roaming\ummkVB1TA2013-08-25 06:58 - 2013-08-25 06:58 - 00182272 _____ C:\Users\Mike\AppData\Local\3psuP0yog2013-08-25 06:58 - 2013-08-25 06:58 - 00182272 _____ C:\ProgramData\kNqVKUk3K2013-08-25 06:57 - 2013-08-25 06:57 - 00000000 ____D C:\Users\Mike\Documents\ConvertXtoDVD2013-08-25 06:54 - 2013-08-25 06:55 - 00000000 ____D C:\ProgramData\VSO2013-08-25 06:54 - 2013-08-25 06:54 - 00099384 _____ C:\Users\Mike\AppData\Roaming\inst.exe2013-08-25 06:54 - 2013-08-25 06:54 - 00082816 _____ (VSO Software) C:\Users\Mike\AppData\Roaming\pcouffin.sys2013-08-25 06:54 - 2013-08-25 06:54 - 00007859 _____ C:\Users\Mike\AppData\Roaming\pcouffin.cat2013-08-25 06:54 - 2013-08-25 06:54 - 00001232 _____ C:\Users\Mike\Desktop\ConvertXToDVD 5.lnk2013-08-25 06:54 - 2013-08-25 06:54 - 00000055 _____ C:\Users\Mike\AppData\Roaming\pcouffin.log2013-08-25 06:54 - 2013-08-25 06:54 - 00000000 ____D C:\Users\Mike\Documents\PcSetup2013-08-25 06:54 - 2013-08-25 06:54 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Vso2013-08-25 06:54 - 2013-08-25 06:54 - 00000000 ____D C:\Program Files (x86)\VSO2013-08-25 06:53 - 2013-08-25 06:53 - 27940440 _____ (VSO-Software ) C:\Users\Mike\Downloads\vsoConvertXtoDVD5_setup.exe2013-08-21 14:43 - 2013-08-21 14:43 - 00003288 _____ C:\Windows\System32\Tasks\45712013-08-21 14:43 - 2013-08-21 14:43 - 00003194 _____ C:\Windows\System32\Tasks\02013-08-20 22:29 - 2013-08-20 23:30 - 751342272 _____ C:\Users\Mike\Downloads\Barbie presents Thumbelina(2009).avi2013-08-20 22:29 - 2013-08-20 22:53 - 00000000 ____D C:\Users\Mike\Downloads\True Blood Season 52013-08-20 22:29 - 2013-08-20 22:45 - 721751452 _____ C:\Users\Mike\Downloads\My.Little.Pony_.Equestria.Girls.2013.720p.BluRay.x264.YIFY.mp42013-08-20 22:02 - 2013-08-20 22:03 - 00000000 ____D C:\Users\Mike\Downloads\Pirates vol. 2 XxX - Stagnetti's Revenge [DvdRip].avi2013-08-20 21:16 - 2013-08-21 14:25 - 00000000 ____D C:\Users\Mike\Downloads\True Blood Season 42013-08-20 21:11 - 2013-08-20 21:13 - 00000000 ____D C:\Users\Mike\Downloads\Bridesmaids2013-08-20 19:41 - 2013-08-20 19:58 - 738704034 _____ C:\Users\Mike\Downloads\s4a-beautiful.creatures.brrip.xvid.avi2013-08-20 19:18 - 2013-08-20 19:41 - 732458544 _____ C:\Users\Mike\Downloads\The Big Wedding [2013]avi2013-08-20 19:15 - 2013-08-20 19:33 - 794860607 _____ C:\Users\Mike\Downloads\Spring.Breakers.2012.720p.BluRay.x264.YIFY.mp42013-08-15 11:34 - 2013-08-15 11:34 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Movdap2013-08-15 11:34 - 2013-08-15 11:34 - 00000000 ____D C:\Program Files (x86)\Movdap2013-08-15 00:11 - 2013-07-25 21:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-08-15 00:11 - 2013-07-25 21:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-08-15 00:11 - 2013-07-25 21:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2013-08-15 00:11 - 2013-07-25 21:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-08-15 00:11 - 2013-07-25 21:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-08-15 00:11 - 2013-07-25 21:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-08-15 00:11 - 2013-07-25 21:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-08-15 00:11 - 2013-07-25 21:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-08-15 00:11 - 2013-07-25 21:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-08-15 00:11 - 2013-07-25 21:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-08-15 00:11 - 2013-07-25 21:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll2013-08-15 00:11 - 2013-07-25 21:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll2013-08-15 00:11 - 2013-07-25 21:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-08-15 00:11 - 2013-07-25 21:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll2013-08-15 00:11 - 2013-07-25 19:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-08-15 00:11 - 2013-07-25 19:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-08-15 00:11 - 2013-07-25 19:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-08-15 00:11 - 2013-07-25 19:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-08-15 00:11 - 2013-07-25 19:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-08-15 00:11 - 2013-07-25 19:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-08-15 00:11 - 2013-07-25 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-08-15 00:11 - 2013-07-25 19:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-08-15 00:11 - 2013-07-25 19:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-08-15 00:11 - 2013-07-25 19:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-08-15 00:11 - 2013-07-25 19:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-08-15 00:11 - 2013-07-25 19:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-08-15 00:11 - 2013-07-25 19:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-08-15 00:11 - 2013-07-25 19:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-08-15 00:11 - 2013-07-25 18:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-08-15 00:11 - 2013-07-25 18:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe2013-08-15 00:11 - 2013-07-25 17:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-08-15 00:05 - 2013-08-15 00:07 - 00000000 ____D C:\Windows\System32\MRT2013-08-14 20:10 - 2013-08-14 20:45 - 1531953152 _____ C:\Users\Mike\Downloads\santi-sideeffects.brrip.xvid.avi2013-08-14 19:25 - 2013-08-14 20:13 - 1711036854 _____ C:\Users\Mike\Downloads\Oz the Great and Powerful (2013) DVDRip XviD-MAXSPEED www.torentz.3xforum.ro.avi2013-08-14 19:23 - 2013-08-14 20:42 - 1468078080 _____ C:\Users\Mike\Downloads\the canyons.avi2013-08-14 14:32 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL2013-08-14 14:32 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL2013-08-14 14:32 - 2013-07-18 17:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll2013-08-14 14:32 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2013-08-14 14:32 - 2013-07-08 22:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe2013-08-14 14:32 - 2013-07-08 21:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll2013-08-14 14:32 - 2013-07-08 21:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll2013-08-14 14:32 - 2013-07-08 21:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll2013-08-14 14:32 - 2013-07-08 21:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll2013-08-14 14:32 - 2013-07-08 21:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll2013-08-14 14:32 - 2013-07-08 21:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll2013-08-14 14:32 - 2013-07-08 21:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll2013-08-14 14:32 - 2013-07-08 21:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2013-08-14 14:32 - 2013-07-08 21:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2013-08-14 14:32 - 2013-07-08 20:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2013-08-14 14:32 - 2013-07-08 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2013-08-14 14:32 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll2013-08-14 14:32 - 2013-07-08 20:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2013-08-14 14:32 - 2013-07-08 20:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll2013-08-14 14:32 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll2013-08-14 14:32 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll2013-08-14 14:32 - 2013-07-08 18:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2013-08-14 14:32 - 2013-07-08 18:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2013-08-14 14:32 - 2013-07-08 18:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2013-08-14 14:32 - 2013-07-08 18:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2013-08-14 14:32 - 2013-07-05 22:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys2013-08-14 14:32 - 2013-06-14 20:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys2013-08-11 18:34 - 2013-08-11 18:34 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk2013-08-11 18:05 - 2013-08-20 21:10 - 00000000 ____D C:\Users\Mike\AppData\Roaming\BitLord2013-08-11 18:05 - 2013-08-11 18:05 - 00002027 _____ C:\Users\Mike\Desktop\BitLord.lnk2013-08-11 18:05 - 2013-08-11 18:05 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Python-Eggs2013-08-11 18:05 - 2013-08-11 18:05 - 00000000 ____D C:\ProgramData\Symantec2013-08-11 18:05 - 2013-08-11 18:05 - 00000000 ____D C:\ProgramData\Norton2013-08-11 18:04 - 2013-08-25 06:59 - 00000000 ____D C:\Users\Mike\Documents\BitLord2013-08-11 18:03 - 2013-08-11 18:05 - 00000000 ____D C:\Program Files (x86)\BitLord 22013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Windows\SysWOW64\searchplugins2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Windows\SysWOW64\Extensions2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Mozilla2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Babylon2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\ProgramData\BrowserDefender2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\ProgramData\Babylon2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-08-11 17:31 - 2013-04-16 23:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2013-08-11 17:31 - 2013-04-16 22:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll2013-08-10 20:14 - 2013-08-10 20:46 - 00000000 ____D C:\ProgramData\AVG20132013-08-10 20:14 - 2013-08-10 20:14 - 00000000 ___HD C:\$AVG2013-08-10 20:13 - 2013-08-11 11:48 - 00000000 ____D C:\Program Files (x86)\AVG2013-08-10 19:58 - 2013-08-11 17:23 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Search Protection2013-08-10 19:58 - 2013-08-10 19:58 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes2013-08-10 19:57 - 2013-08-11 19:36 - 00000000 ____D C:\Users\Mike\AppData\Roaming\BitTorrent2013-08-10 19:56 - 2013-08-11 11:48 - 00000000 ____D C:\Users\Mike\AppData\Roaming\SUPERAntiSpyware.com2013-08-10 19:55 - 2013-08-15 11:11 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2013-08-10 19:55 - 2013-08-11 17:23 - 00000000 ____D C:\ProgramData\MFAData2013-08-10 19:55 - 2013-08-11 17:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-08-10 19:55 - 2013-08-11 11:48 - 00000000 ____D C:\ProgramData\Malwarebytes2013-08-10 19:55 - 2013-08-10 19:55 - 00000000 ____D C:\Users\Mike\AppData\Local\MFAData2013-08-10 19:55 - 2013-08-10 19:55 - 00000000 ____D C:\Users\Mike\AppData\Local\Avg20132013-08-10 19:55 - 2013-08-10 19:55 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com2013-08-10 19:41 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2013-08-10 19:41 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll==================== One Month Modified Files and Folders =======2013-08-25 12:07 - 2013-08-25 12:07 - 00000000 ____D C:\FRST2013-08-25 08:33 - 2013-08-25 08:30 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert2013-08-25 08:33 - 2012-02-19 18:04 - 00915556 _____ C:\FaceProv.log2013-08-25 08:32 - 2013-08-25 08:32 - 00182272 _____ C:\Users\Mike\AppData\Roaming\ZNwGrG7XUFm2013-08-25 08:32 - 2013-08-25 08:32 - 00182272 _____ C:\Users\Mike\AppData\Local\i6ekHSXj2013-08-25 08:32 - 2013-08-25 08:32 - 00182272 _____ C:\ProgramData\SiU5LTTOH2013-08-25 08:32 - 2013-06-03 19:08 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job2013-08-25 08:32 - 2012-02-19 18:17 - 00373143 _____ C:\Windows\System32\fastboot.set2013-08-25 08:32 - 2012-02-19 18:13 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-08-25 08:32 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-08-25 08:32 - 2009-07-13 20:51 - 00074577 _____ C:\Windows\setupact.log2013-08-25 08:31 - 2013-08-25 08:31 - 00182272 _____ C:\Users\Mike\AppData\Roaming\rp0iC0v212013-08-25 08:31 - 2013-08-25 08:31 - 00182272 _____ C:\Users\Mike\AppData\Local\X8ZEsc7V2kZ2013-08-25 08:31 - 2013-08-25 08:31 - 00182272 _____ C:\ProgramData\YY7xmJFnSL62013-08-25 08:30 - 2012-05-05 12:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-08-25 08:05 - 2009-07-13 20:45 - 00021280 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-08-25 08:05 - 2009-07-13 20:45 - 00021280 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-08-25 08:02 - 2009-07-13 21:13 - 00778834 _____ C:\Windows\System32\PerfStringBackup.INI2013-08-25 08:01 - 2012-02-19 17:24 - 01945740 _____ C:\Windows\WindowsUpdate.log2013-08-25 07:58 - 2013-08-25 07:58 - 00182272 _____ C:\Users\Mike\AppData\Roaming\z1Bzgv7QzYq2013-08-25 07:58 - 2013-08-25 07:58 - 00182272 _____ C:\Users\Mike\AppData\Local\xV7u4vqhnX2013-08-25 07:58 - 2013-08-25 07:58 - 00182272 _____ C:\ProgramData\xVhVy6Mp4UW2013-08-25 07:56 - 2013-08-25 07:56 - 00182272 _____ C:\Users\Mike\AppData\Roaming\UVcZ6NsHg2013-08-25 07:56 - 2013-08-25 07:56 - 00182272 _____ C:\Users\Mike\AppData\Local\LRQ1jxOK2013-08-25 07:56 - 2013-08-25 07:56 - 00182272 _____ C:\ProgramData\kI8AF4Q6q2013-08-25 07:50 - 2013-08-25 07:50 - 00182272 _____ C:\Users\Mike\AppData\Roaming\2GcftZ4dwZ02013-08-25 07:50 - 2013-08-25 07:50 - 00182272 _____ C:\Users\Mike\AppData\Local\twieYeW5PTX2013-08-25 07:50 - 2013-08-25 07:50 - 00182272 _____ C:\ProgramData\uCLLdt0lT2013-08-25 07:15 - 2013-08-25 07:15 - 00182272 _____ C:\Users\Mike\AppData\Roaming\hfPHjweYhj2013-08-25 07:15 - 2013-08-25 07:15 - 00182272 _____ C:\Users\Mike\AppData\Local\5SeeZ85Q2013-08-25 07:15 - 2013-08-25 07:15 - 00182272 _____ C:\ProgramData\UpfePDK12Gm2013-08-25 07:03 - 2013-08-25 07:03 - 00182272 _____ C:\Users\Mike\AppData\Roaming\YkZ7YAp7bc2013-08-25 07:03 - 2013-08-25 07:03 - 00182272 _____ C:\Users\Mike\AppData\Local\ZPCuWpqR2013-08-25 07:03 - 2013-08-25 07:03 - 00182272 _____ C:\ProgramData\cYNxDrHp12013-08-25 07:01 - 2013-08-25 07:01 - 00182272 _____ C:\Users\Mike\AppData\Roaming\CFOeFY39waW2013-08-25 07:01 - 2013-08-25 07:01 - 00182272 _____ C:\Users\Mike\AppData\Local\P9sOaZ4h2013-08-25 07:01 - 2013-08-25 07:01 - 00182272 _____ C:\ProgramData\xIYs29uX2013-08-25 07:00 - 2013-08-25 06:58 - 00000000 ____D C:\Users\Mike\AppData\Local\YRmcSvB2N2013-08-25 06:59 - 2013-08-11 18:04 - 00000000 ____D C:\Users\Mike\Documents\BitLord2013-08-25 06:58 - 2013-08-25 06:58 - 00182272 _____ C:\Users\Mike\AppData\Roaming\ummkVB1TA2013-08-25 06:58 - 2013-08-25 06:58 - 00182272 _____ C:\Users\Mike\AppData\Local\3psuP0yog2013-08-25 06:58 - 2013-08-25 06:58 - 00182272 _____ C:\ProgramData\kNqVKUk3K2013-08-25 06:57 - 2013-08-25 06:57 - 00000000 ____D C:\Users\Mike\Documents\ConvertXtoDVD2013-08-25 06:55 - 2013-08-25 06:54 - 00000000 ____D C:\ProgramData\VSO2013-08-25 06:54 - 2013-08-25 06:54 - 00099384 _____ C:\Users\Mike\AppData\Roaming\inst.exe2013-08-25 06:54 - 2013-08-25 06:54 - 00082816 _____ (VSO Software) C:\Users\Mike\AppData\Roaming\pcouffin.sys2013-08-25 06:54 - 2013-08-25 06:54 - 00007859 _____ C:\Users\Mike\AppData\Roaming\pcouffin.cat2013-08-25 06:54 - 2013-08-25 06:54 - 00001232 _____ C:\Users\Mike\Desktop\ConvertXToDVD 5.lnk2013-08-25 06:54 - 2013-08-25 06:54 - 00000055 _____ C:\Users\Mike\AppData\Roaming\pcouffin.log2013-08-25 06:54 - 2013-08-25 06:54 - 00000000 ____D C:\Users\Mike\Documents\PcSetup2013-08-25 06:54 - 2013-08-25 06:54 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Vso2013-08-25 06:54 - 2013-08-25 06:54 - 00000000 ____D C:\Program Files (x86)\VSO2013-08-25 06:53 - 2013-08-25 06:53 - 27940440 _____ (VSO-Software ) C:\Users\Mike\Downloads\vsoConvertXtoDVD5_setup.exe2013-08-25 06:44 - 2012-02-19 18:04 - 00000000 ____D C:\ProgramData\VeriFace2013-08-25 06:38 - 2012-02-19 18:13 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-08-23 09:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF2013-08-22 21:46 - 2012-11-01 22:31 - 00000000 ____D C:\Users\Mike\AppData\Roaming\vlc2013-08-21 15:21 - 2010-11-20 19:47 - 00023352 _____ C:\Windows\PFRO.log2013-08-21 14:44 - 2013-05-10 10:10 - 00000000 ____D C:\Program Files (x86)\Yahoo!2013-08-21 14:43 - 2013-08-21 14:43 - 00003288 _____ C:\Windows\System32\Tasks\45712013-08-21 14:43 - 2013-08-21 14:43 - 00003194 _____ C:\Windows\System32\Tasks\02013-08-21 14:25 - 2013-08-20 21:16 - 00000000 ____D C:\Users\Mike\Downloads\True Blood Season 42013-08-20 23:30 - 2013-08-20 22:29 - 751342272 _____ C:\Users\Mike\Downloads\Barbie presents Thumbelina(2009).avi2013-08-20 22:53 - 2013-08-20 22:29 - 00000000 ____D C:\Users\Mike\Downloads\True Blood Season 52013-08-20 22:45 - 2013-08-20 22:29 - 721751452 _____ C:\Users\Mike\Downloads\My.Little.Pony_.Equestria.Girls.2013.720p.BluRay.x264.YIFY.mp42013-08-20 22:03 - 2013-08-20 22:02 - 00000000 ____D C:\Users\Mike\Downloads\Pirates vol. 2 XxX - Stagnetti's Revenge [DvdRip].avi2013-08-20 21:13 - 2013-08-20 21:11 - 00000000 ____D C:\Users\Mike\Downloads\Bridesmaids2013-08-20 21:10 - 2013-08-11 18:05 - 00000000 ____D C:\Users\Mike\AppData\Roaming\BitLord2013-08-20 20:28 - 2012-05-05 12:01 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-08-20 20:28 - 2012-05-05 12:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-08-20 20:28 - 2012-05-05 12:01 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2013-08-20 19:58 - 2013-08-20 19:41 - 738704034 _____ C:\Users\Mike\Downloads\s4a-beautiful.creatures.brrip.xvid.avi2013-08-20 19:41 - 2013-08-20 19:18 - 732458544 _____ C:\Users\Mike\Downloads\The Big Wedding [2013]avi2013-08-20 19:33 - 2013-08-20 19:15 - 794860607 _____ C:\Users\Mike\Downloads\Spring.Breakers.2012.720p.BluRay.x264.YIFY.mp42013-08-15 11:34 - 2013-08-15 11:34 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Movdap2013-08-15 11:34 - 2013-08-15 11:34 - 00000000 ____D C:\Program Files (x86)\Movdap2013-08-15 11:11 - 2013-08-10 19:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2013-08-15 01:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache2013-08-15 00:31 - 2011-02-22 03:19 - 00000000 ____D C:\Windows\Panther2013-08-15 00:29 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender2013-08-15 00:29 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender2013-08-15 00:07 - 2013-08-15 00:05 - 00000000 ____D C:\Windows\System32\MRT2013-08-15 00:05 - 2012-05-06 02:51 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe2013-08-15 00:04 - 2012-05-28 07:35 - 00773050 _____ C:\Windows\SysWOW64\PerfStringBackup.INI2013-08-14 20:45 - 2013-08-14 20:10 - 1531953152 _____ C:\Users\Mike\Downloads\santi-sideeffects.brrip.xvid.avi2013-08-14 20:42 - 2013-08-14 19:23 - 1468078080 _____ C:\Users\Mike\Downloads\the canyons.avi2013-08-14 20:13 - 2013-08-14 19:25 - 1711036854 _____ C:\Users\Mike\Downloads\Oz the Great and Powerful (2013) DVDRip XviD-MAXSPEED www.torentz.3xforum.ro.avi2013-08-14 14:26 - 2013-07-11 18:54 - 00000000 ____D C:\Windows\SysWOW64\cache2013-08-11 19:36 - 2013-08-10 19:57 - 00000000 ____D C:\Users\Mike\AppData\Roaming\BitTorrent2013-08-11 18:34 - 2013-08-11 18:34 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk2013-08-11 18:05 - 2013-08-11 18:05 - 00002027 _____ C:\Users\Mike\Desktop\BitLord.lnk2013-08-11 18:05 - 2013-08-11 18:05 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Python-Eggs2013-08-11 18:05 - 2013-08-11 18:05 - 00000000 ____D C:\ProgramData\Symantec2013-08-11 18:05 - 2013-08-11 18:05 - 00000000 ____D C:\ProgramData\Norton2013-08-11 18:05 - 2013-08-11 18:03 - 00000000 ____D C:\Program Files (x86)\BitLord 22013-08-11 18:05 - 2012-05-02 09:44 - 00000000 ____D C:\ProgramData\Kaspersky Lab2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Windows\SysWOW64\searchplugins2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Windows\SysWOW64\Extensions2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Mozilla2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Babylon2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\ProgramData\BrowserDefender2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\ProgramData\Babylon2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-08-11 17:31 - 2013-03-29 19:44 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Skype2013-08-11 17:31 - 2013-03-29 19:44 - 00000000 ____D C:\ProgramData\Skype2013-08-11 17:28 - 2012-06-17 06:32 - 00000000 ____D C:\Users\Mike\AppData\Roaming\uTorrent2013-08-11 17:24 - 2012-05-02 09:06 - 00000000 ____D C:\users\Mike2013-08-11 17:23 - 2013-08-10 19:58 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Search Protection2013-08-11 17:23 - 2013-08-10 19:55 - 00000000 ____D C:\ProgramData\MFAData2013-08-11 17:23 - 2013-08-10 19:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-08-11 17:23 - 2013-05-10 10:10 - 00000000 ____D C:\ProgramData\Yahoo!2013-08-11 17:23 - 2013-04-21 06:57 - 00000000 ____D C:\Program Files\Bonjour2013-08-11 17:23 - 2013-04-21 06:57 - 00000000 ____D C:\Program Files (x86)\Bonjour2013-08-11 17:23 - 2012-11-24 15:36 - 00000000 ____D C:\Program Files (x86)\Free Video Joiner2013-08-11 17:23 - 2012-11-17 17:04 - 00000000 ____D C:\Program Files (x86)\Giganews Accelerator2013-08-11 17:23 - 2012-11-17 15:13 - 00000000 ____D C:\Program Files\Newsbin2013-08-11 17:23 - 2012-10-18 15:03 - 00000000 ____D C:\Program Files (x86)\Mimo2013-08-11 17:23 - 2012-09-21 01:55 - 00000000 ____D C:\Program Files (x86)\Comical2013-08-11 17:23 - 2012-05-02 09:44 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab2013-08-11 17:23 - 2012-05-02 09:07 - 00000000 ____D C:\Users\Mike\AppData\Local\BioExcess2013-08-11 17:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration2013-08-11 11:48 - 2013-08-10 20:13 - 00000000 ____D C:\Program Files (x86)\AVG2013-08-11 11:48 - 2013-08-10 19:56 - 00000000 ____D C:\Users\Mike\AppData\Roaming\SUPERAntiSpyware.com2013-08-11 11:48 - 2013-08-10 19:55 - 00000000 ____D C:\ProgramData\Malwarebytes2013-08-10 20:46 - 2013-08-10 20:14 - 00000000 ____D C:\ProgramData\AVG20132013-08-10 20:14 - 2013-08-10 20:14 - 00000000 ___HD C:\$AVG2013-08-10 19:58 - 2013-08-10 19:58 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes2013-08-10 19:55 - 2013-08-10 19:55 - 00000000 ____D C:\Users\Mike\AppData\Local\MFAData2013-08-10 19:55 - 2013-08-10 19:55 - 00000000 ____D C:\Users\Mike\AppData\Local\Avg20132013-08-10 19:55 - 2013-08-10 19:55 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com2013-08-10 19:47 - 2012-11-17 15:13 - 00000000 ____D C:\Users\Mike\AppData\Local\Newsbin2013-08-04 09:33 - 2012-02-19 18:13 - 00003908 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2013-08-04 09:33 - 2012-02-19 18:13 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCoreFiles to move or delete:====================C:\Users\Mike\AppData\Local\YRmcSvB2N\WRHUZ4gRTR9.exeC:\Users\Mike\AppData\Local\Temp\avguidx.dllC:\Users\Mike\AppData\Local\Temp\FastFreeConverterUpdt_v4.1.exeC:\Users\Mike\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exeC:\Users\Mike\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exeC:\Users\Mike\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exeC:\Users\Mike\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exeC:\Users\Mike\AppData\Local\Temp\MachineIdCreator.exeC:\Users\Mike\AppData\Local\Temp\oi_{F8D3AB6B-30B5-470C-9205-27A827638347}.exeC:\Users\Mike\AppData\Local\Temp\PreferencesJson.exeC:\Users\Mike\AppData\Local\Temp\SetupToparcadehits.exeC:\Users\Mike\AppData\Local\Temp\uninst1.exeC:\Users\Mike\AppData\Local\Temp\UNINSTALL.EXEC:\Users\Mike\AppData\Local\Temp\utt3FB8.tmp.exeC:\Users\Mike\AppData\Local\Temp\uxyyaxmqpjsxdvquuff.dllC:\Users\Mike\AppData\Local\Temp\vlc-2.0.1-win32.exeC:\Users\Mike\AppData\Local\Temp\vlc-2.0.2-win32.exeC:\Users\Mike\AppData\Local\Temp\{6A20E406-08A8-453F-B651-0DDA7A917016}\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}\InstallHelper.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\phonon_backend\phonon_ds94.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\phonon_backend\Microsoft.VC90.CRT\msvcm90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\phonon_backend\Microsoft.VC90.CRT\msvcp90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\phonon_backend\Microsoft.VC90.CRT\msvcr90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\qgif4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\qjpeg4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\qmng4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\qsvg4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\qtiff4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\Microsoft.VC90.CRT\msvcm90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\Microsoft.VC90.CRT\msvcp90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\Microsoft.VC90.CRT\msvcr90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\iconengines\qsvgicon4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\iconengines\Microsoft.VC90.CRT\msvcm90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\iconengines\Microsoft.VC90.CRT\msvcp90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\iconengines\Microsoft.VC90.CRT\msvcr90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\codecs\qcncodecs4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\codecs\qjpcodecs4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\codecs\qkrcodecs4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\codecs\qtwcodecs4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\codecs\Microsoft.VC90.CRT\msvcm90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\codecs\Microsoft.VC90.CRT\msvcp90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\codecs\Microsoft.VC90.CRT\msvcr90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\accessible\qtaccessiblewidgets4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\accessible\Microsoft.VC90.CRT\msvcm90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\accessible\Microsoft.VC90.CRT\msvcp90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\accessible\Microsoft.VC90.CRT\msvcr90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_core.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_gui.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_help.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_multimedia.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_network.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_opengl.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_phonon.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_script.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_scripttools.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_sql.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_svg.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_webkit.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_xml.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_xmlpatterns.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\phonon4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtCore4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtGui4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtHelp4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\qtjambi.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtMultimedia4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtNetwork4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtOpenGL4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtScript4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtScriptTools4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtSql4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtSvg4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtWebKit4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtXml4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtXmlPatterns4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\Microsoft.VC90.CRT\msvcm90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\Microsoft.VC90.CRT\msvcp90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\Microsoft.VC90.CRT\msvcr90.dllC:\Users\Mike\AppData\Local\Temp\mwi2013130657\7za.dllC:\Users\Mike\AppData\Local\Temp\mwi2013130657\setup.exeC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\Setup.exeC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupEngine.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUi.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUtility.exeC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\sqmapi.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3082\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3076\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2070\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2052\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1055\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1053\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1049\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1046\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1045\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1044\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1043\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1042\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1041\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1040\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1038\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1037\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1036\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1035\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1033\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1032\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1031\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1030\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1029\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1028\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1025\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\is1832903999\2351662_Setup.EXEC:\Users\Mike\AppData\Local\Temp\is1832903999\2351696_Setup.EXEC:\Users\Mike\AppData\Local\Temp\is1832903999\DeltaTB.exeC:\Users\Mike\AppData\Local\Temp\is1832903999\nss_handler.exeC:\Users\Mike\AppData\Local\Temp\is1832903999\Setup-D502DD2B71B5.exeC:\Users\Mike\AppData\Local\Temp\is1832903999\SymCCIS.dllC:\Users\Mike\AppData\Local\Temp\is1832903999\Toparcadehits.exeC:\Users\Mike\AppData\Local\Temp\ExtremeFlashPlayer\YahooToolbar\offerbroker.exeC:\Users\Mike\AppData\Local\Temp\ExtremeFlashPlayer\YahooToolbar\YahooChecker.exeC:\Users\Mike\AppData\Local\Temp\ExtremeFlashPlayer\PCSpeedBoost\PCSpeedBoost3.exeC:\Users\Mike\AppData\Local\Temp\ExtremeFlashPlayer\FFC\FastFreeConverter.exeC:\Users\Mike\AppData\Local\Temp\ExtremeFlashPlayer\ExtremeFlashPlayer\Setup_ExtremeFlashPlayer.exeC:\Users\Mike\AppData\Local\Temp\avg_a04940\avg-secure-search-installer.exeC:\Users\Mike\AppData\Local\Temp\avg_a04940\ProgFiles\AVG Secure Search\GenericWndApi.dllC:\Users\Mike\AppData\Local\Temp\avg_a04940\ProgFiles\AVG Secure Search\lip.exeC:\Users\Mike\AppData\Local\Temp\avg_a04940\ProgFiles\AVG Secure Search\PostInstall.exeC:\Users\Mike\AppData\Local\Temp\avg_a04940\ProgFiles\AVG Secure Search\ROC_ssl.exeC:\Users\Mike\AppData\Local\Temp\avg_a04940\ProgFiles\AVG Secure Search\Uninstall.exeC:\Users\Mike\AppData\Local\Temp\avg_a04940\ProgFiles\AVG Secure Search\vprot.exeC:\Users\Mike\AppData\Local\Temp\avg_a04940\ProgFiles\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dllC:\Users\Mike\AppData\Local\Temp\avg_a04940\ConfigFiles\avguidx.dllC:\Users\Mike\AppData\Local\Temp\avg_a04940\ConfigFiles\MachineIdCreator.exeC:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\avgdttbx.dllC:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\DriverInstaller.exeC:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\DriverInstaller_64.exeC:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\npsitesafety.dllC:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\ScriptHelper.exeC:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\SiteSafety.dllC:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\ToolbarUpdater.exeC:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\ViProtocol.dllC:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\BabMaint.exeC:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\BExternal.dllC:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\BUSolForMontiera.dllC:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\BUSolution.dllC:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\ccp.exeC:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\ChromeToolbarSetup.dllC:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\CrxInstaller.dllC:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\GUninstaller.exeC:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\IEHelper.dllC:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\MntrDLLInstall.dllC:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\MyDeltaTB.exeC:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\NTRedirect.dllC:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\Setup.exeC:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\sqlite3.dll==================== Known DLLs (Whitelisted) ==================================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points =========================Restore point made on: 2013-08-23 01:01:40==================== Memory info ===========================Percentage of memory in use: 15%Total physical RAM: 4010.14 MBAvailable physical RAM: 3376.9 MBTotal Pagefile: 4008.34 MBAvailable Pagefile: 3379.99 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.85 MB==================== Drives ================================Drive c: () (Fixed) (Total:421.81 GB) (Free:341.55 GB) NTFSDrive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.8 GB) NTFSDrive g: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FATDrive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFSDrive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 8AEFE21C)Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=422 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)Partition 4: (Not Active) - (Size=15 GB) - (Type=12)========================================================Disk: 1 (Size: 2 GB) (Disk ID: 08619E90)Partition 1: (Active) - (Size=2 GB) - (Type=06)LastRegBack: 2013-08-22 10:17==================== End Of Log ============================ Link to post Share on other sites More sharing options...
MrCharlie Posted August 25, 2013 ID:720395 Share Posted August 25, 2013 OK, here you go......this should get you going: Please download the attached fixlist.txt and copy it to your flashdrive. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system On Vista or Windows 7: Now please enter System Recovery Options. (as you did before) Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply. See if the computer boots normally now and if so..........run MBAR If not...rescan with FRST and post the new log Download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txtTo attach a log if needed: Bottom right corner of this page. New window that comes up. ~~~~~~~~~~~~~~~~~~~~~~~ Note: If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional: Internet access Windows Update Windows Firewall If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder. Just run fixdamage.exe. Verify that they are now functioning normally. MrC Link to post Share on other sites More sharing options...
hikittie Posted August 25, 2013 Author ID:720462 Share Posted August 25, 2013 Here are the logs after running both programs, everything seems to be back to normal. Thank you! Is there anything I should download to prevent this from happening again?system-log.txtmbar-log-2013-08-25 (13-40-20).txtmbar-log-2013-08-25 (14-07-56).txt Link to post Share on other sites More sharing options...
MrCharlie Posted August 25, 2013 ID:720467 Share Posted August 25, 2013 Lets check your computers security before you go and we have a little cleanup to do also: Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.If you get Unsupported operating system. Aborting now, just reboot and try again.A Notepad document should open automatically called checkup.txt.Please Post the contents of that document.Do Not Attach It!!!MrC Link to post Share on other sites More sharing options...
hikittie Posted August 27, 2013 Author ID:721083 Share Posted August 27, 2013 I am having the same MoneyPak virus again before I could even log on to do the steps in the last post. Do I do the same steps as before or something different? Link to post Share on other sites More sharing options...
MrCharlie Posted August 27, 2013 ID:721091 Share Posted August 27, 2013 Yes, I need to see a new FRST log....MrC Link to post Share on other sites More sharing options...
hikittie Posted August 27, 2013 Author ID:721097 Share Posted August 27, 2013 Here is the log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2013 02Ran by SYSTEM on 26-08-2013 20:44:14Running from G:\Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-02-19] (Lenovo (Beijing) Limited)HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-02-19] (Lenovo(beijing) Limited)HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-02-19] (Lenovo)Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)HKLM-x32\...\Run: [331BigDog] - C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro)HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)HKLM-x32\...\Run: [VitaKeyTSR] - C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-13] (Egis Technology Inc. )HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-02-19] (Lenovo)HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-24] (CyberLink)HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-24] (CyberLink Corp.)HKLM-x32\...\Run: [updateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)HKLM-x32\...\Run: [updatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2012-10-24] (Kaspersky Lab ZAO)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [ROC_roc_ssl_v12] - "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [x]HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)HKU\Mike\...\Run: [EasyTether] - C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe [48648 2011-05-22] (Mobile Stream)HKU\Mike\...\Run: [PC Speed Boost] - C:\Program Files (x86)\PC Speed Boost\PCSBLauncher.exe [107816 2013-03-15] (PC Speed Boost)HKU\Mike\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6581488 2013-08-15] (SUPERAntiSpyware)HKU\Mike\...\Run: [p0nTMTTmzy.exe] - C:\Users\Mike\AppData\Local\ioC2Huxm\p0nTMTTmzy.exe [105584 2013-08-26] (Microsoft Corporation)HKU\Mike\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTIONHKU\Mike\...\Command Processor: "C:\Users\Mike\AppData\Local\ioC2Huxm\p0nTMTTmzy.exe" <===== ATTENTION!AppInit_DLLs-x32: c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll [2691536 2013-07-26] ()Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilterStartup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnkShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()==================== Services (Whitelisted) =================S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2012-10-24] (Kaspersky Lab ZAO)S2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2847696 2013-07-26] ()==================== Drivers (Whitelisted) ====================S3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [20752 2011-05-22] (Mobile Stream)S0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)S1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-10-24] (Kaspersky Lab)S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228224 2010-10-21] (Vimicro Corporation)S3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)S3 BcmSqlStartupSvc;S2 CLKMSVC10_3A60B698;S2 CLKMSVC10_C3B3B687;S2 DriverService;S2 IAStorDataMgrSvc;S2 iATAgentService;S2 idealife Update Service;S3 IGRS;S2 IviRegMgr;S2 nvUpdatusService;S2 Oasis2Service;S2 PCCarerService;S2 ReadyComm.DirectRouter;S2 RichVideo;S2 RtLedService;S2 SeaPort;S2 SoftwareService;S3 SQLWriter;S2 Stereo Service;==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-08-26 12:47 - 2013-08-26 12:47 - 00182272 _____ C:\Users\Mike\AppData\Local\caSAXudm2013-08-26 12:47 - 2013-08-26 12:47 - 00182272 _____ C:\ProgramData\X7oXqMGw7v2013-08-26 12:47 - 2013-08-26 12:47 - 00000000 ____D C:\Users\Mike\AppData\Local\ioC2Huxm2013-08-25 14:05 - 2013-08-25 14:06 - 00000000 ____D C:\ProgramData\vsosdk2013-08-25 13:35 - 2013-08-25 14:05 - 1330865137 _____ C:\Users\Mike\Downloads\The Heat 2013 TS x264-THC.mp42013-08-25 13:19 - 2013-08-25 18:16 - 00001057 _____ C:\Users\Mike\AppData\Roaming\vso_ts_preview.xml2013-08-25 13:19 - 2013-08-25 13:19 - 00001232 _____ C:\Users\Mike\Desktop\ConvertXtoDVD 4.lnk2013-08-25 13:19 - 2009-09-02 10:44 - 01184984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc1dmod.dll2013-08-25 13:19 - 2009-09-02 10:44 - 00626688 _____ (On2.com) C:\Windows\SysWOW64\vp7vfw.dll2013-08-25 13:19 - 2009-09-02 10:44 - 00273408 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\Pncrt.dll2013-08-25 13:19 - 2009-09-02 10:44 - 00217127 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\drv43260.dll2013-08-25 13:19 - 2009-09-02 10:44 - 00208935 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\drv33260.dll2013-08-25 13:19 - 2009-09-02 10:44 - 00176165 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\drv23260.dll2013-08-25 13:19 - 2009-09-02 10:44 - 00102439 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\sipr3260.dll2013-08-25 13:19 - 2009-09-02 10:44 - 00065602 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\cook3260.dll2013-08-25 12:07 - 2013-08-25 12:07 - 00000000 ____D C:\FRST2013-08-25 10:38 - 2013-08-25 11:35 - 00000000 ____D C:\Users\Mike\Desktop\mbar2013-08-25 10:38 - 2013-08-25 10:38 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Mike\Downloads\mbar-1.07.0.1005.exe2013-08-25 10:35 - 2013-08-26 09:49 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert2013-08-25 08:32 - 2013-08-25 08:32 - 00182272 _____ C:\Users\Mike\AppData\Roaming\ZNwGrG7XUFm2013-08-25 08:32 - 2013-08-25 08:32 - 00182272 _____ C:\Users\Mike\AppData\Local\i6ekHSXj2013-08-25 08:32 - 2013-08-25 08:32 - 00182272 _____ C:\ProgramData\SiU5LTTOH2013-08-25 08:31 - 2013-08-25 08:31 - 00182272 _____ C:\Users\Mike\AppData\Roaming\rp0iC0v212013-08-25 08:31 - 2013-08-25 08:31 - 00182272 _____ C:\Users\Mike\AppData\Local\X8ZEsc7V2kZ2013-08-25 08:31 - 2013-08-25 08:31 - 00182272 _____ C:\ProgramData\YY7xmJFnSL62013-08-25 07:58 - 2013-08-25 07:58 - 00182272 _____ C:\Users\Mike\AppData\Roaming\z1Bzgv7QzYq2013-08-25 07:58 - 2013-08-25 07:58 - 00182272 _____ C:\Users\Mike\AppData\Local\xV7u4vqhnX2013-08-25 07:58 - 2013-08-25 07:58 - 00182272 _____ C:\ProgramData\xVhVy6Mp4UW2013-08-25 07:56 - 2013-08-25 07:56 - 00182272 _____ C:\Users\Mike\AppData\Roaming\UVcZ6NsHg2013-08-25 07:56 - 2013-08-25 07:56 - 00182272 _____ C:\Users\Mike\AppData\Local\LRQ1jxOK2013-08-25 07:56 - 2013-08-25 07:56 - 00182272 _____ C:\ProgramData\kI8AF4Q6q2013-08-25 07:50 - 2013-08-25 07:50 - 00182272 _____ C:\Users\Mike\AppData\Roaming\2GcftZ4dwZ02013-08-25 07:50 - 2013-08-25 07:50 - 00182272 _____ C:\Users\Mike\AppData\Local\twieYeW5PTX2013-08-25 07:50 - 2013-08-25 07:50 - 00182272 _____ C:\ProgramData\uCLLdt0lT2013-08-25 07:15 - 2013-08-25 07:15 - 00182272 _____ C:\Users\Mike\AppData\Roaming\hfPHjweYhj2013-08-25 07:15 - 2013-08-25 07:15 - 00182272 _____ C:\Users\Mike\AppData\Local\5SeeZ85Q2013-08-25 07:15 - 2013-08-25 07:15 - 00182272 _____ C:\ProgramData\UpfePDK12Gm2013-08-25 07:03 - 2013-08-25 07:03 - 00182272 _____ C:\Users\Mike\AppData\Roaming\YkZ7YAp7bc2013-08-25 07:03 - 2013-08-25 07:03 - 00182272 _____ C:\Users\Mike\AppData\Local\ZPCuWpqR2013-08-25 07:03 - 2013-08-25 07:03 - 00182272 _____ C:\ProgramData\cYNxDrHp12013-08-25 07:01 - 2013-08-25 07:01 - 00182272 _____ C:\Users\Mike\AppData\Roaming\CFOeFY39waW2013-08-25 07:01 - 2013-08-25 07:01 - 00182272 _____ C:\Users\Mike\AppData\Local\P9sOaZ4h2013-08-25 07:01 - 2013-08-25 07:01 - 00182272 _____ C:\ProgramData\xIYs29uX2013-08-25 06:58 - 2013-08-25 11:02 - 00000000 ____D C:\Users\Mike\AppData\Local\YRmcSvB2N2013-08-25 06:58 - 2013-08-25 06:58 - 00182272 _____ C:\Users\Mike\AppData\Roaming\ummkVB1TA2013-08-25 06:58 - 2013-08-25 06:58 - 00182272 _____ C:\Users\Mike\AppData\Local\3psuP0yog2013-08-25 06:58 - 2013-08-25 06:58 - 00182272 _____ C:\ProgramData\kNqVKUk3K2013-08-25 06:57 - 2013-08-25 15:02 - 00000000 ____D C:\Users\Mike\Documents\ConvertXtoDVD2013-08-25 06:54 - 2013-08-25 18:16 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Vso2013-08-25 06:54 - 2013-08-25 06:55 - 00000000 ____D C:\ProgramData\VSO2013-08-25 06:54 - 2013-08-25 06:54 - 00099384 _____ C:\Users\Mike\AppData\Roaming\inst.exe2013-08-25 06:54 - 2013-08-25 06:54 - 00082816 _____ (VSO Software) C:\Users\Mike\AppData\Roaming\pcouffin.sys2013-08-25 06:54 - 2013-08-25 06:54 - 00007859 _____ C:\Users\Mike\AppData\Roaming\pcouffin.cat2013-08-25 06:54 - 2013-08-25 06:54 - 00000055 _____ C:\Users\Mike\AppData\Roaming\pcouffin.log2013-08-25 06:54 - 2013-08-25 06:54 - 00000000 ____D C:\Users\Mike\Documents\PcSetup2013-08-25 06:54 - 2013-08-25 06:54 - 00000000 ____D C:\Program Files (x86)\VSO2013-08-25 06:53 - 2013-08-25 06:53 - 27940440 _____ (VSO-Software ) C:\Users\Mike\Downloads\vsoConvertXtoDVD5_setup.exe2013-08-21 14:43 - 2013-08-21 14:43 - 00003288 _____ C:\Windows\System32\Tasks\45712013-08-21 14:43 - 2013-08-21 14:43 - 00003194 _____ C:\Windows\System32\Tasks\02013-08-20 22:29 - 2013-08-20 23:30 - 751342272 _____ C:\Users\Mike\Downloads\Barbie presents Thumbelina(2009).avi2013-08-20 22:29 - 2013-08-20 22:53 - 00000000 ____D C:\Users\Mike\Downloads\True Blood Season 52013-08-20 22:29 - 2013-08-20 22:45 - 721751452 _____ C:\Users\Mike\Downloads\My.Little.Pony_.Equestria.Girls.2013.720p.BluRay.x264.YIFY.mp42013-08-20 22:02 - 2013-08-20 22:03 - 00000000 ____D C:\Users\Mike\Downloads\Pirates vol. 2 XxX - Stagnetti's Revenge [DvdRip].avi2013-08-20 21:16 - 2013-08-21 14:25 - 00000000 ____D C:\Users\Mike\Downloads\True Blood Season 42013-08-20 21:11 - 2013-08-20 21:13 - 00000000 ____D C:\Users\Mike\Downloads\Bridesmaids2013-08-20 19:41 - 2013-08-20 19:58 - 738704034 _____ C:\Users\Mike\Downloads\s4a-beautiful.creatures.brrip.xvid.avi2013-08-20 19:18 - 2013-08-20 19:41 - 732458544 _____ C:\Users\Mike\Downloads\The Big Wedding [2013]avi2013-08-20 19:15 - 2013-08-20 19:33 - 794860607 _____ C:\Users\Mike\Downloads\Spring.Breakers.2012.720p.BluRay.x264.YIFY.mp42013-08-15 11:34 - 2013-08-25 11:02 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Movdap2013-08-15 11:34 - 2013-08-15 11:34 - 00000000 ____D C:\Program Files (x86)\Movdap2013-08-15 00:11 - 2013-07-25 21:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-08-15 00:11 - 2013-07-25 21:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-08-15 00:11 - 2013-07-25 21:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2013-08-15 00:11 - 2013-07-25 21:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-08-15 00:11 - 2013-07-25 21:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-08-15 00:11 - 2013-07-25 21:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-08-15 00:11 - 2013-07-25 21:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-08-15 00:11 - 2013-07-25 21:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-08-15 00:11 - 2013-07-25 21:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-08-15 00:11 - 2013-07-25 21:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-08-15 00:11 - 2013-07-25 21:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll2013-08-15 00:11 - 2013-07-25 21:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll2013-08-15 00:11 - 2013-07-25 21:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-08-15 00:11 - 2013-07-25 21:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll2013-08-15 00:11 - 2013-07-25 19:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-08-15 00:11 - 2013-07-25 19:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-08-15 00:11 - 2013-07-25 19:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-08-15 00:11 - 2013-07-25 19:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-08-15 00:11 - 2013-07-25 19:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-08-15 00:11 - 2013-07-25 19:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-08-15 00:11 - 2013-07-25 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-08-15 00:11 - 2013-07-25 19:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-08-15 00:11 - 2013-07-25 19:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-08-15 00:11 - 2013-07-25 19:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-08-15 00:11 - 2013-07-25 19:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-08-15 00:11 - 2013-07-25 19:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-08-15 00:11 - 2013-07-25 19:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-08-15 00:11 - 2013-07-25 19:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-08-15 00:11 - 2013-07-25 18:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-08-15 00:11 - 2013-07-25 18:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe2013-08-15 00:11 - 2013-07-25 17:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-08-15 00:05 - 2013-08-15 00:07 - 00000000 ____D C:\Windows\System32\MRT2013-08-14 20:10 - 2013-08-14 20:45 - 1531953152 _____ C:\Users\Mike\Downloads\santi-sideeffects.brrip.xvid.avi2013-08-14 19:25 - 2013-08-14 20:13 - 1711036854 _____ C:\Users\Mike\Downloads\Oz the Great and Powerful (2013) DVDRip XviD-MAXSPEED www.torentz.3xforum.ro.avi2013-08-14 19:23 - 2013-08-14 20:42 - 1468078080 _____ C:\Users\Mike\Downloads\the canyons.avi2013-08-14 14:32 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL2013-08-14 14:32 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL2013-08-14 14:32 - 2013-07-18 17:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll2013-08-14 14:32 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2013-08-14 14:32 - 2013-07-08 22:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe2013-08-14 14:32 - 2013-07-08 21:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll2013-08-14 14:32 - 2013-07-08 21:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll2013-08-14 14:32 - 2013-07-08 21:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll2013-08-14 14:32 - 2013-07-08 21:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll2013-08-14 14:32 - 2013-07-08 21:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll2013-08-14 14:32 - 2013-07-08 21:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll2013-08-14 14:32 - 2013-07-08 21:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll2013-08-14 14:32 - 2013-07-08 21:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2013-08-14 14:32 - 2013-07-08 21:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2013-08-14 14:32 - 2013-07-08 20:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2013-08-14 14:32 - 2013-07-08 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2013-08-14 14:32 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll2013-08-14 14:32 - 2013-07-08 20:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2013-08-14 14:32 - 2013-07-08 20:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll2013-08-14 14:32 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll2013-08-14 14:32 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll2013-08-14 14:32 - 2013-07-08 18:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2013-08-14 14:32 - 2013-07-08 18:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2013-08-14 14:32 - 2013-07-08 18:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2013-08-14 14:32 - 2013-07-08 18:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2013-08-14 14:32 - 2013-07-05 22:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys2013-08-14 14:32 - 2013-06-14 20:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys2013-08-11 18:34 - 2013-08-11 18:34 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk2013-08-11 18:05 - 2013-08-20 21:10 - 00000000 ____D C:\Users\Mike\AppData\Roaming\BitLord2013-08-11 18:05 - 2013-08-11 18:05 - 00002027 _____ C:\Users\Mike\Desktop\BitLord.lnk2013-08-11 18:05 - 2013-08-11 18:05 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Python-Eggs2013-08-11 18:05 - 2013-08-11 18:05 - 00000000 ____D C:\ProgramData\Symantec2013-08-11 18:05 - 2013-08-11 18:05 - 00000000 ____D C:\ProgramData\Norton2013-08-11 18:04 - 2013-08-26 11:42 - 00000000 ____D C:\Users\Mike\Documents\BitLord2013-08-11 18:03 - 2013-08-11 18:05 - 00000000 ____D C:\Program Files (x86)\BitLord 22013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Windows\SysWOW64\searchplugins2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Windows\SysWOW64\Extensions2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Mozilla2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Babylon2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\ProgramData\BrowserDefender2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\ProgramData\Babylon2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-08-11 17:31 - 2013-04-16 23:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2013-08-11 17:31 - 2013-04-16 22:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll2013-08-10 20:14 - 2013-08-10 20:46 - 00000000 ____D C:\ProgramData\AVG20132013-08-10 20:14 - 2013-08-10 20:14 - 00000000 ___HD C:\$AVG2013-08-10 20:13 - 2013-08-11 11:48 - 00000000 ____D C:\Program Files (x86)\AVG2013-08-10 19:58 - 2013-08-11 17:23 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Search Protection2013-08-10 19:58 - 2013-08-10 19:58 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes2013-08-10 19:57 - 2013-08-11 19:36 - 00000000 ____D C:\Users\Mike\AppData\Roaming\BitTorrent2013-08-10 19:56 - 2013-08-11 11:48 - 00000000 ____D C:\Users\Mike\AppData\Roaming\SUPERAntiSpyware.com2013-08-10 19:55 - 2013-08-15 11:11 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2013-08-10 19:55 - 2013-08-11 17:23 - 00000000 ____D C:\ProgramData\MFAData2013-08-10 19:55 - 2013-08-11 17:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-08-10 19:55 - 2013-08-11 11:48 - 00000000 ____D C:\ProgramData\Malwarebytes2013-08-10 19:55 - 2013-08-10 19:55 - 00000000 ____D C:\Users\Mike\AppData\Local\MFAData2013-08-10 19:55 - 2013-08-10 19:55 - 00000000 ____D C:\Users\Mike\AppData\Local\Avg20132013-08-10 19:55 - 2013-08-10 19:55 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com2013-08-10 19:41 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2013-08-10 19:41 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll==================== One Month Modified Files and Folders =======2013-08-26 17:41 - 2012-05-05 12:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-08-26 17:41 - 2012-02-19 18:13 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-08-26 17:41 - 2012-02-19 18:04 - 00926754 _____ C:\FaceProv.log2013-08-26 16:48 - 2012-02-19 18:04 - 00000000 ____D C:\ProgramData\VeriFace2013-08-26 15:38 - 2012-02-19 17:24 - 02033630 _____ C:\Windows\WindowsUpdate.log2013-08-26 12:47 - 2013-08-26 12:47 - 00182272 _____ C:\Users\Mike\AppData\Roaming\th0Pm0BQ2013-08-26 12:47 - 2013-08-26 12:47 - 00182272 _____ C:\Users\Mike\AppData\Local\caSAXudm2013-08-26 12:47 - 2013-08-26 12:47 - 00182272 _____ C:\ProgramData\X7oXqMGw7v2013-08-26 12:47 - 2013-08-26 12:47 - 00000000 ____D C:\Users\Mike\AppData\Local\ioC2Huxm2013-08-26 11:42 - 2013-08-11 18:04 - 00000000 ____D C:\Users\Mike\Documents\BitLord2013-08-26 09:56 - 2009-07-13 20:45 - 00021280 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-08-26 09:56 - 2009-07-13 20:45 - 00021280 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-08-26 09:53 - 2009-07-13 21:13 - 00778834 _____ C:\Windows\System32\PerfStringBackup.INI2013-08-26 09:49 - 2013-08-25 10:35 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert2013-08-26 09:49 - 2013-06-03 19:08 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job2013-08-26 09:49 - 2012-02-19 18:17 - 00409015 _____ C:\Windows\System32\fastboot.set2013-08-26 09:49 - 2012-02-19 18:13 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-08-26 09:49 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-08-26 09:49 - 2009-07-13 20:51 - 00075081 _____ C:\Windows\setupact.log2013-08-26 09:48 - 2010-11-20 19:47 - 00025106 _____ C:\Windows\PFRO.log2013-08-26 09:46 - 2012-05-20 06:21 - 00000000 ____D C:\Users\Mike\AppData\Local\Adobe2013-08-25 20:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF2013-08-25 19:41 - 2012-11-01 22:31 - 00000000 ____D C:\Users\Mike\AppData\Roaming\vlc2013-08-25 18:16 - 2013-08-25 13:19 - 00001057 _____ C:\Users\Mike\AppData\Roaming\vso_ts_preview.xml2013-08-25 18:16 - 2013-08-25 06:54 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Vso2013-08-25 15:02 - 2013-08-25 06:57 - 00000000 ____D C:\Users\Mike\Documents\ConvertXtoDVD2013-08-25 14:06 - 2013-08-25 14:05 - 00000000 ____D C:\ProgramData\vsosdk2013-08-25 14:05 - 2013-08-25 13:35 - 1330865137 _____ C:\Users\Mike\Downloads\The Heat 2013 TS x264-THC.mp42013-08-25 13:19 - 2013-08-25 13:19 - 00001232 _____ C:\Users\Mike\Desktop\ConvertXtoDVD 4.lnk2013-08-25 12:07 - 2013-08-25 12:07 - 00000000 ____D C:\FRST2013-08-25 11:42 - 2012-05-02 09:20 - 00000000 ____D C:\Users\Mike\AppData\Local\EgisTec2013-08-25 11:42 - 2012-02-19 17:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information2013-08-25 11:39 - 2013-05-10 10:10 - 00000002 _____ C:\END2013-08-25 11:35 - 2013-08-25 10:38 - 00000000 ____D C:\Users\Mike\Desktop\mbar2013-08-25 11:02 - 2013-08-25 06:58 - 00000000 ____D C:\Users\Mike\AppData\Local\YRmcSvB2N2013-08-25 11:02 - 2013-08-15 11:34 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Movdap2013-08-25 10:38 - 2013-08-25 10:38 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Mike\Downloads\mbar-1.07.0.1005.exe2013-08-25 08:32 - 2013-08-25 08:32 - 00182272 _____ C:\Users\Mike\AppData\Roaming\ZNwGrG7XUFm2013-08-25 08:32 - 2013-08-25 08:32 - 00182272 _____ C:\Users\Mike\AppData\Local\i6ekHSXj2013-08-25 08:32 - 2013-08-25 08:32 - 00182272 _____ C:\ProgramData\SiU5LTTOH2013-08-25 08:31 - 2013-08-25 08:31 - 00182272 _____ C:\Users\Mike\AppData\Roaming\rp0iC0v212013-08-25 08:31 - 2013-08-25 08:31 - 00182272 _____ C:\Users\Mike\AppData\Local\X8ZEsc7V2kZ2013-08-25 08:31 - 2013-08-25 08:31 - 00182272 _____ C:\ProgramData\YY7xmJFnSL62013-08-25 07:58 - 2013-08-25 07:58 - 00182272 _____ C:\Users\Mike\AppData\Roaming\z1Bzgv7QzYq2013-08-25 07:58 - 2013-08-25 07:58 - 00182272 _____ C:\Users\Mike\AppData\Local\xV7u4vqhnX2013-08-25 07:58 - 2013-08-25 07:58 - 00182272 _____ C:\ProgramData\xVhVy6Mp4UW2013-08-25 07:56 - 2013-08-25 07:56 - 00182272 _____ C:\Users\Mike\AppData\Roaming\UVcZ6NsHg2013-08-25 07:56 - 2013-08-25 07:56 - 00182272 _____ C:\Users\Mike\AppData\Local\LRQ1jxOK2013-08-25 07:56 - 2013-08-25 07:56 - 00182272 _____ C:\ProgramData\kI8AF4Q6q2013-08-25 07:50 - 2013-08-25 07:50 - 00182272 _____ C:\Users\Mike\AppData\Roaming\2GcftZ4dwZ02013-08-25 07:50 - 2013-08-25 07:50 - 00182272 _____ C:\Users\Mike\AppData\Local\twieYeW5PTX2013-08-25 07:50 - 2013-08-25 07:50 - 00182272 _____ C:\ProgramData\uCLLdt0lT2013-08-25 07:15 - 2013-08-25 07:15 - 00182272 _____ C:\Users\Mike\AppData\Roaming\hfPHjweYhj2013-08-25 07:15 - 2013-08-25 07:15 - 00182272 _____ C:\Users\Mike\AppData\Local\5SeeZ85Q2013-08-25 07:15 - 2013-08-25 07:15 - 00182272 _____ C:\ProgramData\UpfePDK12Gm2013-08-25 07:03 - 2013-08-25 07:03 - 00182272 _____ C:\Users\Mike\AppData\Roaming\YkZ7YAp7bc2013-08-25 07:03 - 2013-08-25 07:03 - 00182272 _____ C:\Users\Mike\AppData\Local\ZPCuWpqR2013-08-25 07:03 - 2013-08-25 07:03 - 00182272 _____ C:\ProgramData\cYNxDrHp12013-08-25 07:01 - 2013-08-25 07:01 - 00182272 _____ C:\Users\Mike\AppData\Roaming\CFOeFY39waW2013-08-25 07:01 - 2013-08-25 07:01 - 00182272 _____ C:\Users\Mike\AppData\Local\P9sOaZ4h2013-08-25 07:01 - 2013-08-25 07:01 - 00182272 _____ C:\ProgramData\xIYs29uX2013-08-25 06:58 - 2013-08-25 06:58 - 00182272 _____ C:\Users\Mike\AppData\Roaming\ummkVB1TA2013-08-25 06:58 - 2013-08-25 06:58 - 00182272 _____ C:\Users\Mike\AppData\Local\3psuP0yog2013-08-25 06:58 - 2013-08-25 06:58 - 00182272 _____ C:\ProgramData\kNqVKUk3K2013-08-25 06:55 - 2013-08-25 06:54 - 00000000 ____D C:\ProgramData\VSO2013-08-25 06:54 - 2013-08-25 06:54 - 00099384 _____ C:\Users\Mike\AppData\Roaming\inst.exe2013-08-25 06:54 - 2013-08-25 06:54 - 00082816 _____ (VSO Software) C:\Users\Mike\AppData\Roaming\pcouffin.sys2013-08-25 06:54 - 2013-08-25 06:54 - 00007859 _____ C:\Users\Mike\AppData\Roaming\pcouffin.cat2013-08-25 06:54 - 2013-08-25 06:54 - 00000055 _____ C:\Users\Mike\AppData\Roaming\pcouffin.log2013-08-25 06:54 - 2013-08-25 06:54 - 00000000 ____D C:\Users\Mike\Documents\PcSetup2013-08-25 06:54 - 2013-08-25 06:54 - 00000000 ____D C:\Program Files (x86)\VSO2013-08-25 06:53 - 2013-08-25 06:53 - 27940440 _____ (VSO-Software ) C:\Users\Mike\Downloads\vsoConvertXtoDVD5_setup.exe2013-08-21 14:44 - 2013-05-10 10:10 - 00000000 ____D C:\ProgramData\Yahoo!2013-08-21 14:44 - 2013-05-10 10:10 - 00000000 ____D C:\Program Files (x86)\Yahoo!2013-08-21 14:43 - 2013-08-21 14:43 - 00003288 _____ C:\Windows\System32\Tasks\45712013-08-21 14:43 - 2013-08-21 14:43 - 00003194 _____ C:\Windows\System32\Tasks\02013-08-21 14:25 - 2013-08-20 21:16 - 00000000 ____D C:\Users\Mike\Downloads\True Blood Season 42013-08-20 23:30 - 2013-08-20 22:29 - 751342272 _____ C:\Users\Mike\Downloads\Barbie presents Thumbelina(2009).avi2013-08-20 22:53 - 2013-08-20 22:29 - 00000000 ____D C:\Users\Mike\Downloads\True Blood Season 52013-08-20 22:45 - 2013-08-20 22:29 - 721751452 _____ C:\Users\Mike\Downloads\My.Little.Pony_.Equestria.Girls.2013.720p.BluRay.x264.YIFY.mp42013-08-20 22:03 - 2013-08-20 22:02 - 00000000 ____D C:\Users\Mike\Downloads\Pirates vol. 2 XxX - Stagnetti's Revenge [DvdRip].avi2013-08-20 21:13 - 2013-08-20 21:11 - 00000000 ____D C:\Users\Mike\Downloads\Bridesmaids2013-08-20 21:10 - 2013-08-11 18:05 - 00000000 ____D C:\Users\Mike\AppData\Roaming\BitLord2013-08-20 20:28 - 2012-05-05 12:01 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-08-20 20:28 - 2012-05-05 12:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-08-20 20:28 - 2012-05-05 12:01 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2013-08-20 19:58 - 2013-08-20 19:41 - 738704034 _____ C:\Users\Mike\Downloads\s4a-beautiful.creatures.brrip.xvid.avi2013-08-20 19:41 - 2013-08-20 19:18 - 732458544 _____ C:\Users\Mike\Downloads\The Big Wedding [2013]avi2013-08-20 19:33 - 2013-08-20 19:15 - 794860607 _____ C:\Users\Mike\Downloads\Spring.Breakers.2012.720p.BluRay.x264.YIFY.mp42013-08-15 11:34 - 2013-08-15 11:34 - 00000000 ____D C:\Program Files (x86)\Movdap2013-08-15 11:11 - 2013-08-10 19:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2013-08-15 01:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache2013-08-15 00:31 - 2011-02-22 03:19 - 00000000 ____D C:\Windows\Panther2013-08-15 00:29 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender2013-08-15 00:29 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender2013-08-15 00:07 - 2013-08-15 00:05 - 00000000 ____D C:\Windows\System32\MRT2013-08-15 00:05 - 2012-05-06 02:51 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe2013-08-15 00:04 - 2012-05-28 07:35 - 00773050 _____ C:\Windows\SysWOW64\PerfStringBackup.INI2013-08-14 20:45 - 2013-08-14 20:10 - 1531953152 _____ C:\Users\Mike\Downloads\santi-sideeffects.brrip.xvid.avi2013-08-14 20:42 - 2013-08-14 19:23 - 1468078080 _____ C:\Users\Mike\Downloads\the canyons.avi2013-08-14 20:13 - 2013-08-14 19:25 - 1711036854 _____ C:\Users\Mike\Downloads\Oz the Great and Powerful (2013) DVDRip XviD-MAXSPEED www.torentz.3xforum.ro.avi2013-08-14 14:26 - 2013-07-11 18:54 - 00000000 ____D C:\Windows\SysWOW64\cache2013-08-11 19:36 - 2013-08-10 19:57 - 00000000 ____D C:\Users\Mike\AppData\Roaming\BitTorrent2013-08-11 18:34 - 2013-08-11 18:34 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk2013-08-11 18:05 - 2013-08-11 18:05 - 00002027 _____ C:\Users\Mike\Desktop\BitLord.lnk2013-08-11 18:05 - 2013-08-11 18:05 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Python-Eggs2013-08-11 18:05 - 2013-08-11 18:05 - 00000000 ____D C:\ProgramData\Symantec2013-08-11 18:05 - 2013-08-11 18:05 - 00000000 ____D C:\ProgramData\Norton2013-08-11 18:05 - 2013-08-11 18:03 - 00000000 ____D C:\Program Files (x86)\BitLord 22013-08-11 18:05 - 2012-05-02 09:44 - 00000000 ____D C:\ProgramData\Kaspersky Lab2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Windows\SysWOW64\searchplugins2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Windows\SysWOW64\Extensions2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Mozilla2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Babylon2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\ProgramData\BrowserDefender2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\ProgramData\Babylon2013-08-11 18:02 - 2013-08-11 18:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-08-11 17:31 - 2013-03-29 19:44 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Skype2013-08-11 17:31 - 2013-03-29 19:44 - 00000000 ____D C:\ProgramData\Skype2013-08-11 17:28 - 2012-06-17 06:32 - 00000000 ____D C:\Users\Mike\AppData\Roaming\uTorrent2013-08-11 17:24 - 2012-05-02 09:06 - 00000000 ____D C:\users\Mike2013-08-11 17:23 - 2013-08-10 19:58 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Search Protection2013-08-11 17:23 - 2013-08-10 19:55 - 00000000 ____D C:\ProgramData\MFAData2013-08-11 17:23 - 2013-08-10 19:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-08-11 17:23 - 2013-04-21 06:57 - 00000000 ____D C:\Program Files\Bonjour2013-08-11 17:23 - 2013-04-21 06:57 - 00000000 ____D C:\Program Files (x86)\Bonjour2013-08-11 17:23 - 2012-11-24 15:36 - 00000000 ____D C:\Program Files (x86)\Free Video Joiner2013-08-11 17:23 - 2012-11-17 17:04 - 00000000 ____D C:\Program Files (x86)\Giganews Accelerator2013-08-11 17:23 - 2012-11-17 15:13 - 00000000 ____D C:\Program Files\Newsbin2013-08-11 17:23 - 2012-10-18 15:03 - 00000000 ____D C:\Program Files (x86)\Mimo2013-08-11 17:23 - 2012-09-21 01:55 - 00000000 ____D C:\Program Files (x86)\Comical2013-08-11 17:23 - 2012-05-02 09:44 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab2013-08-11 17:23 - 2012-05-02 09:07 - 00000000 ____D C:\Users\Mike\AppData\Local\BioExcess2013-08-11 17:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration2013-08-11 11:48 - 2013-08-10 20:13 - 00000000 ____D C:\Program Files (x86)\AVG2013-08-11 11:48 - 2013-08-10 19:56 - 00000000 ____D C:\Users\Mike\AppData\Roaming\SUPERAntiSpyware.com2013-08-11 11:48 - 2013-08-10 19:55 - 00000000 ____D C:\ProgramData\Malwarebytes2013-08-10 20:46 - 2013-08-10 20:14 - 00000000 ____D C:\ProgramData\AVG20132013-08-10 20:14 - 2013-08-10 20:14 - 00000000 ___HD C:\$AVG2013-08-10 19:58 - 2013-08-10 19:58 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes2013-08-10 19:55 - 2013-08-10 19:55 - 00000000 ____D C:\Users\Mike\AppData\Local\MFAData2013-08-10 19:55 - 2013-08-10 19:55 - 00000000 ____D C:\Users\Mike\AppData\Local\Avg20132013-08-10 19:55 - 2013-08-10 19:55 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com2013-08-10 19:47 - 2012-11-17 15:13 - 00000000 ____D C:\Users\Mike\AppData\Local\Newsbin2013-08-04 09:33 - 2012-02-19 18:13 - 00003908 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2013-08-04 09:33 - 2012-02-19 18:13 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCoreFiles to move or delete:====================C:\Users\Mike\AppData\Local\ioC2Huxm\p0nTMTTmzy.exeC:\Users\Mike\AppData\Local\Temp\avguidx.dllC:\Users\Mike\AppData\Local\Temp\FastFreeConverterUpdt_v4.1.exeC:\Users\Mike\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exeC:\Users\Mike\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exeC:\Users\Mike\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exeC:\Users\Mike\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exeC:\Users\Mike\AppData\Local\Temp\MachineIdCreator.exeC:\Users\Mike\AppData\Local\Temp\mytiqrndbfpoupnvcqw.dllC:\Users\Mike\AppData\Local\Temp\oi_{F8D3AB6B-30B5-470C-9205-27A827638347}.exeC:\Users\Mike\AppData\Local\Temp\PreferencesJson.exeC:\Users\Mike\AppData\Local\Temp\sqlite3.exeC:\Users\Mike\AppData\Local\Temp\uninst1.exeC:\Users\Mike\AppData\Local\Temp\UNINSTALL.EXEC:\Users\Mike\AppData\Local\Temp\utt3FB8.tmp.exeC:\Users\Mike\AppData\Local\Temp\vlc-2.0.1-win32.exeC:\Users\Mike\AppData\Local\Temp\vlc-2.0.2-win32.exeC:\Users\Mike\AppData\Local\Temp\{6A20E406-08A8-453F-B651-0DDA7A917016}\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}\InstallHelper.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\phonon_backend\phonon_ds94.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\phonon_backend\Microsoft.VC90.CRT\msvcm90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\phonon_backend\Microsoft.VC90.CRT\msvcp90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\phonon_backend\Microsoft.VC90.CRT\msvcr90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\qgif4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\qjpeg4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\qmng4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\qsvg4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\qtiff4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\Microsoft.VC90.CRT\msvcm90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\Microsoft.VC90.CRT\msvcp90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\imageformats\Microsoft.VC90.CRT\msvcr90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\iconengines\qsvgicon4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\iconengines\Microsoft.VC90.CRT\msvcm90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\iconengines\Microsoft.VC90.CRT\msvcp90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\iconengines\Microsoft.VC90.CRT\msvcr90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\codecs\qcncodecs4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\codecs\qjpcodecs4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\codecs\qkrcodecs4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\codecs\qtwcodecs4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\codecs\Microsoft.VC90.CRT\msvcm90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\codecs\Microsoft.VC90.CRT\msvcp90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\codecs\Microsoft.VC90.CRT\msvcr90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\accessible\qtaccessiblewidgets4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\accessible\Microsoft.VC90.CRT\msvcm90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\accessible\Microsoft.VC90.CRT\msvcp90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\plugins\accessible\Microsoft.VC90.CRT\msvcr90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_core.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_gui.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_help.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_multimedia.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_network.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_opengl.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_phonon.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_script.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_scripttools.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_sql.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_svg.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_webkit.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_xml.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\com_trolltech_qt_xmlpatterns.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\phonon4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtCore4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtGui4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtHelp4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\qtjambi.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtMultimedia4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtNetwork4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtOpenGL4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtScript4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtScriptTools4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtSql4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtSvg4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtWebKit4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtXml4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\QtXmlPatterns4.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\Microsoft.VC90.CRT\msvcm90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\Microsoft.VC90.CRT\msvcp90.dllC:\Users\Mike\AppData\Local\Temp\QtJambi_Mike_x86_4.7.2_msvc2008-20110324-1225\lib\Microsoft.VC90.CRT\msvcr90.dllC:\Users\Mike\AppData\Local\Temp\mwi2013130657\7za.dllC:\Users\Mike\AppData\Local\Temp\mwi2013130657\setup.exeC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\Setup.exeC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupEngine.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUi.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUtility.exeC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\sqmapi.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3082\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3076\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2070\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2052\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1055\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1053\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1049\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1046\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1045\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1044\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1043\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1042\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1041\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1040\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1038\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1037\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1036\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1035\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1033\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1032\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1031\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1030\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1029\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1028\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1025\SetupResources.dllC:\Users\Mike\AppData\Local\Temp\is1832903999\2351662_Setup.EXEC:\Users\Mike\AppData\Local\Temp\is1832903999\2351696_Setup.EXEC:\Users\Mike\AppData\Local\Temp\is1832903999\DeltaTB.exeC:\Users\Mike\AppData\Local\Temp\is1832903999\nss_handler.exeC:\Users\Mike\AppData\Local\Temp\is1832903999\Setup-D502DD2B71B5.exeC:\Users\Mike\AppData\Local\Temp\is1832903999\SymCCIS.dllC:\Users\Mike\AppData\Local\Temp\is1832903999\Toparcadehits.exeC:\Users\Mike\AppData\Local\Temp\ExtremeFlashPlayer\YahooToolbar\offerbroker.exeC:\Users\Mike\AppData\Local\Temp\ExtremeFlashPlayer\YahooToolbar\YahooChecker.exeC:\Users\Mike\AppData\Local\Temp\ExtremeFlashPlayer\PCSpeedBoost\PCSpeedBoost3.exeC:\Users\Mike\AppData\Local\Temp\ExtremeFlashPlayer\FFC\FastFreeConverter.exeC:\Users\Mike\AppData\Local\Temp\ExtremeFlashPlayer\ExtremeFlashPlayer\Setup_ExtremeFlashPlayer.exeC:\Users\Mike\AppData\Local\Temp\avg_a04940\avg-secure-search-installer.exeC:\Users\Mike\AppData\Local\Temp\avg_a04940\ProgFiles\AVG Secure Search\GenericWndApi.dllC:\Users\Mike\AppData\Local\Temp\avg_a04940\ProgFiles\AVG Secure Search\lip.exeC:\Users\Mike\AppData\Local\Temp\avg_a04940\ProgFiles\AVG Secure Search\PostInstall.exeC:\Users\Mike\AppData\Local\Temp\avg_a04940\ProgFiles\AVG Secure Search\ROC_ssl.exeC:\Users\Mike\AppData\Local\Temp\avg_a04940\ProgFiles\AVG Secure Search\Uninstall.exeC:\Users\Mike\AppData\Local\Temp\avg_a04940\ProgFiles\AVG Secure Search\vprot.exeC:\Users\Mike\AppData\Local\Temp\avg_a04940\ProgFiles\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dllC:\Users\Mike\AppData\Local\Temp\avg_a04940\ConfigFiles\avguidx.dllC:\Users\Mike\AppData\Local\Temp\avg_a04940\ConfigFiles\MachineIdCreator.exeC:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\avgdttbx.dllC:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\DriverInstaller.exeC:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\DriverInstaller_64.exeC:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\npsitesafety.dllC:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\ScriptHelper.exeC:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\SiteSafety.dllC:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\ToolbarUpdater.exeC:\Users\Mike\AppData\Local\Temp\avg_a04940\CommonFiles\AVG Secure Search\ViProtocol.dllC:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\BabMaint.exeC:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\BExternal.dllC:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\BUSolForMontiera.dllC:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\BUSolution.dllC:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\ccp.exeC:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\ChromeToolbarSetup.dllC:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\CrxInstaller.dllC:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\GUninstaller.exeC:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\IEHelper.dllC:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\MntrDLLInstall.dllC:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\MyDeltaTB.exeC:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\NTRedirect.dllC:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\Setup.exeC:\Users\Mike\AppData\Local\Temp\9A1616C1-BAB0-7891-AE1B-6F305FCBF351\Latest\sqlite3.dll==================== Known DLLs (Whitelisted) ==================================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points =========================Restore point made on: 2013-08-23 01:01:40Restore point made on: 2013-08-25 11:01:50Restore point made on: 2013-08-25 11:41:46==================== Memory info ===========================Percentage of memory in use: 15%Total physical RAM: 4010.14 MBAvailable physical RAM: 3376.14 MBTotal Pagefile: 4008.34 MBAvailable Pagefile: 3369.07 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.86 MB==================== Drives ================================Drive c: () (Fixed) (Total:421.81 GB) (Free:341.75 GB) NTFSDrive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.8 GB) NTFSDrive g: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FATDrive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFSDrive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 8AEFE21C)Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=422 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)Partition 4: (Not Active) - (Size=15 GB) - (Type=12)========================================================Disk: 1 (Size: 2 GB) (Disk ID: 08619E90)Partition 1: (Active) - (Size=2 GB) - (Type=06)LastRegBack: 2013-08-22 10:17==================== End Of Log ============================ Link to post Share on other sites More sharing options...
MrCharlie Posted August 27, 2013 ID:721103 Share Posted August 27, 2013 Please download the attached fixlist.txt and copy it to your flashdrive. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system On Vista or Windows 7: Now please enter System Recovery Options. (as you did before) Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply. See if the computer boots normally now. MrC Link to post Share on other sites More sharing options...
hikittie Posted August 27, 2013 Author ID:721139 Share Posted August 27, 2013 Yes it now boots normally. Here is the fix log: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-08-2013 02Ran by SYSTEM at 2013-08-26 22:34:46 Run:2Running from G:\Boot Mode: Recovery==============================================Content of fixlist:*****************HKU\Mike\...\Run: [p0nTMTTmzy.exe] - C:\Users\Mike\AppData\Local\ioC2Huxm\p0nTMTTmzy.exe [105584 2013-08-26] (Microsoft Corporation)HKU\Mike\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation)HKU\Mike\...\Command Processor: "C:\Users\Mike\AppData\Local\ioC2Huxm\p0nTMTTmzy.exe"C:\Users\Mike\AppData\Local\caSAXudmC:\ProgramData\X7oXqMGw7vC:\Users\Mike\AppData\Local\ioC2HuxmC:\Users\Mike\AppData\Roaming\ZNwGrG7XUFmC:\Users\Mike\AppData\Local\i6ekHSXjC:\ProgramData\SiU5LTTOHC:\Users\Mike\AppData\Roaming\rp0iC0v21C:\Users\Mike\AppData\Local\X8ZEsc7V2kZC:\ProgramData\YY7xmJFnSL6C:\Users\Mike\AppData\Roaming\z1Bzgv7QzYqC:\Users\Mike\AppData\Local\xV7u4vqhnXC:\ProgramData\xVhVy6Mp4UWC:\Users\Mike\AppData\Roaming\UVcZ6NsHgC:\Users\Mike\AppData\Local\LRQ1jxOKC:\ProgramData\kI8AF4Q6qC:\Users\Mike\AppData\Roaming\2GcftZ4dwZ0C:\Users\Mike\AppData\Local\twieYeW5PTXC:\ProgramData\uCLLdt0lTC:\Users\Mike\AppData\Roaming\hfPHjweYhjC:\Users\Mike\AppData\Local\5SeeZ85QC:\ProgramData\UpfePDK12GmC:\Users\Mike\AppData\Roaming\YkZ7YAp7bcC:\Users\Mike\AppData\Local\ZPCuWpqRC:\ProgramData\cYNxDrHp1C:\Users\Mike\AppData\Roaming\CFOeFY39waWC:\Users\Mike\AppData\Local\P9sOaZ4hC:\ProgramData\xIYs29uXC:\Users\Mike\AppData\Local\YRmcSvB2NC:\Users\Mike\AppData\Roaming\ummkVB1TA C:\Users\Mike\AppData\Local\3psuP0yog C:\ProgramData\kNqVKUk3K*****************HKU\Mike\Software\Microsoft\Windows\CurrentVersion\Run\\p0nTMTTmzy.exe => Value deleted successfully.HKU\Mike\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.HKU\Mike\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.C:\Users\Mike\AppData\Local\caSAXudm => Moved successfully.C:\ProgramData\X7oXqMGw7v => Moved successfully.C:\Users\Mike\AppData\Local\ioC2Huxm => Moved successfully.C:\Users\Mike\AppData\Roaming\ZNwGrG7XUFm => Moved successfully.C:\Users\Mike\AppData\Local\i6ekHSXj => Moved successfully.C:\ProgramData\SiU5LTTOH => Moved successfully.C:\Users\Mike\AppData\Roaming\rp0iC0v21 => Moved successfully.C:\Users\Mike\AppData\Local\X8ZEsc7V2kZ => Moved successfully.C:\ProgramData\YY7xmJFnSL6 => Moved successfully.C:\Users\Mike\AppData\Roaming\z1Bzgv7QzYq => Moved successfully.C:\Users\Mike\AppData\Local\xV7u4vqhnX => Moved successfully.C:\ProgramData\xVhVy6Mp4UW => Moved successfully.C:\Users\Mike\AppData\Roaming\UVcZ6NsHg => Moved successfully.C:\Users\Mike\AppData\Local\LRQ1jxOK => Moved successfully.C:\ProgramData\kI8AF4Q6q => Moved successfully.C:\Users\Mike\AppData\Roaming\2GcftZ4dwZ0 => Moved successfully.C:\Users\Mike\AppData\Local\twieYeW5PTX => Moved successfully.C:\ProgramData\uCLLdt0lT => Moved successfully.C:\Users\Mike\AppData\Roaming\hfPHjweYhj => Moved successfully.C:\Users\Mike\AppData\Local\5SeeZ85Q => Moved successfully.C:\ProgramData\UpfePDK12Gm => Moved successfully.C:\Users\Mike\AppData\Roaming\YkZ7YAp7bc => Moved successfully.C:\Users\Mike\AppData\Local\ZPCuWpqR => Moved successfully.C:\ProgramData\cYNxDrHp1 => Moved successfully.C:\Users\Mike\AppData\Roaming\CFOeFY39waW => Moved successfully.C:\Users\Mike\AppData\Local\P9sOaZ4h => Moved successfully.C:\ProgramData\xIYs29uX => Moved successfully.C:\Users\Mike\AppData\Local\YRmcSvB2N => Moved successfully.C:\Users\Mike\AppData\Roaming\ummkVB1TA => Moved successfully.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
MrCharlie Posted August 27, 2013 ID:721242 Share Posted August 27, 2013 Download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txtTo attach a log if needed: Bottom right corner of this page. New window that comes up. ~~~~~~~~~~~~~~~~~~~~~~~ Note: If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional: Internet access Windows Update Windows Firewall If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder. Just run fixdamage.exe. Verify that they are now functioning normally. MrC Link to post Share on other sites More sharing options...
hikittie Posted August 27, 2013 Author ID:721487 Share Posted August 27, 2013 I ran that and no threats were found. Here is the system log: ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1005© Malwarebytes Corporation 2011-2012OS version: 6.1.7601 Windows 7 Service Pack 1 x64Account is AdministrativeInternet Explorer version: 10.0.9200.16660Java version: 1.6.0_37File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.294000 GHzMemory total: 4204937216, free: 2515566592---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1005© Malwarebytes Corporation 2011-2012OS version: 6.1.7601 Windows 7 Service Pack 1 x64Account is AdministrativeInternet Explorer version: 10.0.9200.16660Java version: 1.6.0_37File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.294000 GHzMemory total: 4204937216, free: 2537590784---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1005© Malwarebytes Corporation 2011-2012OS version: 6.1.7601 Windows 7 Service Pack 1 x64Account is AdministrativeInternet Explorer version: 10.0.9200.16660Java version: 1.6.0_37File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.294000 GHzMemory total: 4204937216, free: 2546294784Downloaded database version: v2013.08.25.05Downloaded database version: v2013.08.06.01Initializing...======================------------ Kernel report ------------ 08/25/2013 13:40:16------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\system32\DRIVERS\kl1.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\drivers\compbatt.sys\SystemRoot\system32\drivers\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\DRIVERS\LhdX64.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\drivers\fbfmon.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\EgisTecFF.sys\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys\SystemRoot\system32\DRIVERS\klif.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\kl2.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\klim6.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\termdd.sys\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\drivers\BPntDrv.sys\SystemRoot\system32\drivers\BOOTVID.dll\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\easytthr.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\athrx.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\AcpiVpc.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\klmouflt.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\wmiacpi.sys\SystemRoot\system32\DRIVERS\CompositeBus.sys\SystemRoot\system32\DRIVERS\clwvd.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\system32\DRIVERS\cdfs.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\Drivers\FPSensor.sys\SystemRoot\System32\Drivers\RtsUVStor.sys\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\vm331avs.sys\SystemRoot\System32\Drivers\STREAM.SYS\SystemRoot\System32\Drivers\vmuvcflt.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\WUDFRd.sys\SystemRoot\system32\drivers\spsys.sys\??\C:\windows\system32\drivers\mbamchameleon.sys\??\C:\windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\usp10.dll\Windows\System32\comdlg32.dll\Windows\System32\clbcatq.dll\Windows\System32\ole32.dll\Windows\System32\user32.dll\Windows\System32\iertutil.dll\Windows\System32\imm32.dll\Windows\System32\sechost.dll\Windows\System32\ws2_32.dll\Windows\System32\lpk.dll\Windows\System32\wininet.dll\Windows\System32\setupapi.dll\Windows\System32\kernel32.dll\Windows\System32\shell32.dll\Windows\System32\Wldap32.dll\Windows\System32\nsi.dll\Windows\System32\urlmon.dll\Windows\System32\oleaut32.dll\Windows\System32\msvcrt.dll\Windows\System32\rpcrt4.dll\Windows\System32\psapi.dll\Windows\System32\advapi32.dll\Windows\System32\shlwapi.dll\Windows\System32\msctf.dll\Windows\System32\imagehlp.dll\Windows\System32\difxapi.dll\Windows\System32\gdi32.dll\Windows\System32\normaliz.dll\Windows\System32\devobj.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll\Windows\System32\wintrust.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll\Windows\System32\cfgmgr32.dll\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\KernelBase.dll\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll\Windows\System32\comctl32.dll\Windows\System32\crypt32.dll\Windows\System32\msasn1.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xfffffa8008801060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000007e\Lower Device Object: 0xfffffa8008815b60Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8006641060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8004ad4050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8006641060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8006641ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8006642040, DeviceName: Unknown, DriverName: \Driver\LHDmgr\DevicePointer: 0xfffffa8006641060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8004ad4050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: Unknown, DriverName: \Driver\LHDmgr\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 8AEFE21CPartition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 409600 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 411648 Numsec = 884609024 Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 885020672 Numsec = 60809216 Partition 3 type is Other (0x12) Partition is NOT ACTIVE. Partition starts at LBA: 945829888 Numsec = 30943280Disk Size: 500107862016 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Physical Sector Size: 512Drive: 1, DevicePointer: 0xfffffa8008801060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8008801b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8008801060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8008815b60, DeviceName: \Device\0000007e\, DriverName: \Driver\USBSTOR\------------ End ----------Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 1Scanning MBR on drive 1...Inspecting partition table:MBR Signature: 55AADisk Signature: 8619E90Partition information: Partition 0 type is Other (0x6) Partition is ACTIVE. Partition starts at LBA: 128 Numsec = 3911552 Partition file system is FAT Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 2002780160 bytesSector size: 512 bytesDone!Infected: C:\Users\Mike\AppData\Roaming\Movdap\WebCakeDesktop.exe --> [Adware.WebCake]Infected: C:\Users\Mike\AppData\Local\Temp\SetupToparcadehits.exe --> [Adware.GameVance]Infected: C:\Users\Mike\AppData\Local\Temp\uxyyaxmqpjsxdvquuff.dll --> [Heuristics.Shuriken]Infected: C:\Users\Mike\AppData\Local\YRmcSvB2N\WRHUZ4gRTR9.dll --> [Heuristics.Shuriken]Scan finishedCreating System Restore point...Cleaning up...Removal scheduling successful. System shutdown needed.System shutdown occurred=======================================Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_1_0_128_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...Removal finished---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1005© Malwarebytes Corporation 2011-2012OS version: 6.1.7601 Windows 7 Service Pack 1 x64Account is AdministrativeInternet Explorer version: 10.0.9200.16660Java version: 1.6.0_37File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.294000 GHzMemory total: 4204937216, free: 3096850432=======================================---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1005© Malwarebytes Corporation 2011-2012OS version: 6.1.7601 Windows 7 Service Pack 1 x64Account is AdministrativeInternet Explorer version: 10.0.9200.16660Java version: 1.6.0_37File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.294000 GHzMemory total: 4204937216, free: 2638897152Initializing...======================------------ Kernel report ------------ 08/25/2013 14:07:51------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\System32\drivers\imofugc.sys\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\system32\DRIVERS\kl1.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\drivers\compbatt.sys\SystemRoot\system32\drivers\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\DRIVERS\LhdX64.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\drivers\fbfmon.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\EgisTecFF.sys\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys\SystemRoot\system32\DRIVERS\klif.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\kl2.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\klim6.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\termdd.sys\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\drivers\BPntDrv.sys\SystemRoot\system32\drivers\BOOTVID.dll\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\easytthr.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\athrx.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\AcpiVpc.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\klmouflt.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\wmiacpi.sys\SystemRoot\system32\DRIVERS\CompositeBus.sys\SystemRoot\system32\DRIVERS\clwvd.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\system32\DRIVERS\cdfs.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\Drivers\FPSensor.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\Drivers\RtsUVStor.sys\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\vm331avs.sys\SystemRoot\System32\Drivers\STREAM.SYS\SystemRoot\System32\Drivers\vmuvcflt.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\WUDFRd.sys\SystemRoot\system32\drivers\spsys.sys\??\C:\windows\system32\drivers\mbamchameleon.sys\??\C:\windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\rpcrt4.dll\Windows\System32\urlmon.dll\Windows\System32\shell32.dll\Windows\System32\difxapi.dll\Windows\System32\nsi.dll\Windows\System32\psapi.dll\Windows\System32\wininet.dll\Windows\System32\Wldap32.dll\Windows\System32\iertutil.dll\Windows\System32\imagehlp.dll\Windows\System32\ole32.dll\Windows\System32\user32.dll\Windows\System32\setupapi.dll\Windows\System32\gdi32.dll\Windows\System32\oleaut32.dll\Windows\System32\comdlg32.dll\Windows\System32\advapi32.dll\Windows\System32\msctf.dll\Windows\System32\usp10.dll\Windows\System32\lpk.dll\Windows\System32\clbcatq.dll\Windows\System32\ws2_32.dll\Windows\System32\sechost.dll\Windows\System32\imm32.dll\Windows\System32\normaliz.dll\Windows\System32\msvcrt.dll\Windows\System32\kernel32.dll\Windows\System32\shlwapi.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\cfgmgr32.dll\Windows\System32\comctl32.dll\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\KernelBase.dll\Windows\System32\devobj.dll\Windows\System32\wintrust.dll\Windows\System32\crypt32.dll\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll\Windows\System32\msasn1.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xfffffa8007d5e790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000007d\Lower Device Object: 0xfffffa8007b61b60Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8006660060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8004af3050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8006660060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8006660b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8006661040, DeviceName: Unknown, DriverName: \Driver\LHDmgr\DevicePointer: 0xfffffa8006660060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8004af3050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: Unknown, DriverName: \Driver\LHDmgr\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 8AEFE21CPartition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 409600 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 411648 Numsec = 884609024 Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 885020672 Numsec = 60809216 Partition 3 type is Other (0x12) Partition is NOT ACTIVE. Partition starts at LBA: 945829888 Numsec = 30943280Disk Size: 500107862016 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Physical Sector Size: 512Drive: 1, DevicePointer: 0xfffffa8007d5e790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8007b63b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8007d5e790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8007b61b60, DeviceName: \Device\0000007d\, DriverName: \Driver\USBSTOR\------------ End ----------Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 1Scanning MBR on drive 1...Inspecting partition table:MBR Signature: 55AADisk Signature: 8619E90Partition information: Partition 0 type is Other (0x6) Partition is ACTIVE. Partition starts at LBA: 128 Numsec = 3911552 Partition file system is FAT Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 2002780160 bytesSector size: 512 bytesDone!Scan finished=======================================Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_1_0_128_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...Removal finished---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1005© Malwarebytes Corporation 2011-2012OS version: 6.1.7601 Windows 7 Service Pack 1 x64Account is AdministrativeInternet Explorer version: 10.0.9200.16660Java version: 1.6.0_37File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.294000 GHzMemory total: 4204937216, free: 2934382592Downloaded database version: v2013.08.25.06Downloaded database version: v2013.08.26.01Downloaded database version: v2013.08.26.02Downloaded database version: v2013.08.26.03Downloaded database version: v2013.08.26.04Downloaded database version: v2013.08.26.05Downloaded database version: v2013.08.26.06Downloaded database version: v2013.08.27.01=======================================Initializing...------------ Kernel report ------------ 08/26/2013 23:10:29------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\system32\DRIVERS\kl1.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\drivers\compbatt.sys\SystemRoot\system32\drivers\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\DRIVERS\LhdX64.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\drivers\fbfmon.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys\SystemRoot\system32\DRIVERS\klif.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\kl2.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\klim6.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\termdd.sys\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\drivers\BPntDrv.sys\SystemRoot\system32\drivers\BOOTVID.dll\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\easytthr.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\athrx.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\AcpiVpc.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\klmouflt.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\wmiacpi.sys\SystemRoot\system32\DRIVERS\CompositeBus.sys\SystemRoot\system32\DRIVERS\clwvd.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\vm331avs.sys\SystemRoot\System32\Drivers\STREAM.SYS\SystemRoot\System32\Drivers\vmuvcflt.sys\SystemRoot\System32\Drivers\FPSensor.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\Drivers\RtsUVStor.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\drivers\WudfPf.sys\??\C:\windows\system32\drivers\mbamchameleon.sys\??\C:\windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\ws2_32.dll\Windows\System32\normaliz.dll\Windows\System32\lpk.dll\Windows\System32\gdi32.dll\Windows\System32\kernel32.dll\Windows\System32\user32.dll\Windows\System32\setupapi.dll\Windows\System32\comdlg32.dll\Windows\System32\difxapi.dll\Windows\System32\nsi.dll\Windows\System32\psapi.dll\Windows\System32\msvcrt.dll\Windows\System32\Wldap32.dll\Windows\System32\imm32.dll\Windows\System32\clbcatq.dll\Windows\System32\iertutil.dll\Windows\System32\oleaut32.dll\Windows\System32\shlwapi.dll\Windows\System32\wininet.dll\Windows\System32\urlmon.dll\Windows\System32\shell32.dll\Windows\System32\sechost.dll\Windows\System32\imagehlp.dll\Windows\System32\rpcrt4.dll\Windows\System32\ole32.dll\Windows\System32\msctf.dll\Windows\System32\advapi32.dll\Windows\System32\usp10.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll\Windows\System32\KernelBase.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll\Windows\System32\cfgmgr32.dll\Windows\System32\devobj.dll\Windows\System32\wintrust.dll\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\crypt32.dll\Windows\System32\comctl32.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll\Windows\System32\msasn1.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8006641060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8004ad2050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8006641060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8006642b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8006642040, DeviceName: Unknown, DriverName: \Driver\LHDmgr\DevicePointer: 0xfffffa8006641060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8004ad2050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: Unknown, DriverName: \Driver\LHDmgr\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 8AEFE21CPartition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 409600 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 411648 Numsec = 884609024 Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 885020672 Numsec = 60809216 Partition 3 type is Other (0x12) Partition is NOT ACTIVE. Partition starts at LBA: 945829888 Numsec = 30943280Disk Size: 500107862016 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Scan finished=======================================Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...Removal finished---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1005© Malwarebytes Corporation 2011-2012OS version: 6.1.7601 Windows 7 Service Pack 1 x64Account is AdministrativeInternet Explorer version: 10.0.9200.16660Java version: 1.6.0_37File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.294000 GHzMemory total: 4204937216, free: 2856382464Downloaded database version: v2013.08.27.02Downloaded database version: v2013.08.27.03Downloaded database version: v2013.08.27.04Downloaded database version: v2013.08.27.05Downloaded database version: v2013.08.27.06Downloaded database version: v2013.08.27.07Initializing...======================------------ Kernel report ------------ 08/27/2013 13:37:05------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\system32\DRIVERS\kl1.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\drivers\compbatt.sys\SystemRoot\system32\drivers\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\DRIVERS\LhdX64.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\drivers\fbfmon.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys\SystemRoot\system32\DRIVERS\klif.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\kl2.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\klim6.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\termdd.sys\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\drivers\BPntDrv.sys\SystemRoot\system32\drivers\BOOTVID.dll\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\easytthr.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\athrx.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\AcpiVpc.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\klmouflt.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\wmiacpi.sys\SystemRoot\system32\DRIVERS\CompositeBus.sys\SystemRoot\system32\DRIVERS\clwvd.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\Drivers\FPSensor.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\Drivers\RtsUVStor.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\vm331avs.sys\SystemRoot\System32\Drivers\STREAM.SYS\SystemRoot\System32\Drivers\vmuvcflt.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\System32\ATMFD.DLL\??\C:\windows\system32\drivers\mbamchameleon.sys\??\C:\windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\user32.dll\Windows\System32\sechost.dll\Windows\System32\rpcrt4.dll\Windows\System32\imagehlp.dll\Windows\System32\lpk.dll\Windows\System32\oleaut32.dll\Windows\System32\msvcrt.dll\Windows\System32\advapi32.dll\Windows\System32\shlwapi.dll\Windows\System32\nsi.dll\Windows\System32\urlmon.dll\Windows\System32\ole32.dll\Windows\System32\setupapi.dll\Windows\System32\msctf.dll\Windows\System32\kernel32.dll\Windows\System32\comdlg32.dll\Windows\System32\psapi.dll\Windows\System32\usp10.dll\Windows\System32\shell32.dll\Windows\System32\imm32.dll\Windows\System32\normaliz.dll\Windows\System32\clbcatq.dll\Windows\System32\gdi32.dll\Windows\System32\ws2_32.dll\Windows\System32\difxapi.dll\Windows\System32\iertutil.dll\Windows\System32\wininet.dll\Windows\System32\Wldap32.dll\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll\Windows\System32\crypt32.dll\Windows\System32\cfgmgr32.dll\Windows\System32\comctl32.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\KernelBase.dll\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll\Windows\System32\devobj.dll\Windows\System32\wintrust.dll\Windows\System32\msasn1.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8006660060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8004ae4050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8006660060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8006660b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8006661040, DeviceName: Unknown, DriverName: \Driver\LHDmgr\DevicePointer: 0xfffffa8006660060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8004ae4050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: Unknown, DriverName: \Driver\LHDmgr\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 8AEFE21CPartition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 409600 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 411648 Numsec = 884609024 Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 885020672 Numsec = 60809216 Partition 3 type is Other (0x12) Partition is NOT ACTIVE. Partition starts at LBA: 945829888 Numsec = 30943280Disk Size: 500107862016 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Scan finished=======================================Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...Removal finished Here is the mbar log: Malwarebytes Anti-Rootkit BETA 1.07.0.1005www.malwarebytes.orgDatabase version: v2013.08.27.07Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16660Mike :: LENOVO [administrator]8/27/2013 1:37:09 PMmbar-log-2013-08-27 (13-37-09).txtScan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled:Objects scanned: 237961Time elapsed: 9 minute(s), 41 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)Physical Sectors Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
MrCharlie Posted August 27, 2013 ID:721491 Share Posted August 27, 2013 Items were found by MBAR: Infected: C:\Users\Mike\AppData\Roaming\Movdap\WebCakeDesktop.exe --> [Adware.WebCake]Infected: C:\Users\Mike\AppData\Local\Temp\SetupToparcadehits.exe --> [Adware.GameVance]Infected: C:\Users\Mike\AppData\Local\Temp\uxyyaxmqpjsxdvquuff.dll --> [Heuristics.Shuriken]Infected: C:\Users\Mike\AppData\Local\YRmcSvB2N\WRHUZ4gRTR9.dll --> [Heuristics.Shuriken]Scan finishedCreating System Restore point...Cleaning up...Removal scheduling successful. System shutdown needed.System shutdown occurred -------------------------------------Next:Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop.Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review. ---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
hikittie Posted August 28, 2013 Author ID:721751 Share Posted August 28, 2013 here is the log: ComboFix 13-08-28.02 - Mike 08/28/2013 1:21.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4010.2368 [GMT -5:00]Running from: c:\users\Mike\Downloads\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}AV: Kaspersky Anti-Virus *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\install.exec:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Datac:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferencesc:\users\Mike\AppData\Roaming\inst.exec:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender\Uninstall BrowserDefender.lnkc:\users\Mike\AppData\Roaming\vso_ts_preview.xmlc:\windows\gt.exec:\windows\s.batc:\windows\SysWow64\Cachec:\windows\SysWow64\Cache\014dd27af2a9cf92.fbc:\windows\SysWow64\Cache\26c630d098e22dd5.fbc:\windows\SysWow64\Cache\272512937d9e61a4.fbc:\windows\SysWow64\Cache\287204568329e189.fbc:\windows\SysWow64\Cache\28bc8f716fd76a47.fbc:\windows\SysWow64\Cache\31a0997e9a5b5eb3.fbc:\windows\SysWow64\Cache\32c84fe32bb74d60.fbc:\windows\SysWow64\Cache\3917078cb68ec657.fbc:\windows\SysWow64\Cache\590ba23ce359fd0c.fbc:\windows\SysWow64\Cache\610289e025a3ee9a.fbc:\windows\SysWow64\Cache\6c59ac5e7e7a3ad0.fbc:\windows\SysWow64\Cache\6d03dad1035885d3.fbc:\windows\SysWow64\Cache\95f567698be8a182.fbc:\windows\SysWow64\Cache\ad10a52aff5e038d.fbc:\windows\SysWow64\Cache\c1fa887b03019701.fbc:\windows\SysWow64\Cache\c4d28dca2e7648be.fbc:\windows\SysWow64\Cache\cc19a0aff88a76dd.fbc:\windows\SysWow64\Cache\d201ef9910cd39de.fbc:\windows\SysWow64\Cache\d2e94710a5708128.fbc:\windows\SysWow64\Cache\d79b9dfe81484ec4.fbc:\windows\SysWow64\Cache\f20682c6be234f2a.fbc:\windows\SysWow64\Cache\f998975c9cc711ee.fbc:\windows\version.txtc:\programdata\BrowserDefender . . . . Failed to deletec:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl . . . . Failed to deletec:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll . . . . Failed to deletec:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe . . . . Failed to deletec:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings . . . . Failed to deletec:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm . . . . Failed to deletec:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js . . . . Failed to deletec:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 . . . . Failed to deletec:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 . . . . Failed to deletec:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 . . . . Failed to deletec:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 . . . . Failed to deletec:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 . . . . Failed to deletec:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 . . . . Failed to deletec:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 . . . . Failed to deletec:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 . . . . Failed to deletec:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 . . . . Failed to deletec:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 . . . . Failed to deletec:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 . . . . Failed to deletec:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 . . . . Failed to deletec:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe . . . . Failed to delete.Infected copy of c:\windows\system32\Services.exe was found and disinfectedRestored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_BrowserDefendert..((((((((((((((((((((((((( Files Created from 2013-07-28 to 2013-08-28 )))))))))))))))))))))))))))))))..2013-08-28 06:29 . 2013-08-28 06:29 -------- d-----w- c:\users\Default\AppData\Local\temp2013-08-28 03:43 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B027194F-48D6-45B1-A3C8-B138E81D4AF3}\mpengine.dll2013-08-27 18:48 . 2013-08-27 18:48 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys2013-08-27 18:48 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys2013-08-27 18:48 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys2013-08-27 18:48 . 2013-08-27 18:48 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys2013-08-27 18:48 . 2013-08-27 18:48 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys2013-08-27 18:48 . 2013-05-09 08:59 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys2013-08-27 18:48 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys2013-08-27 18:48 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2013-08-27 18:48 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe2013-08-27 18:47 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr2013-08-27 18:47 . 2013-08-27 18:47 -------- d-----w- c:\program files\AVAST Software2013-08-27 18:45 . 2013-08-27 18:47 -------- d-----w- c:\programdata\AVAST Software2013-08-27 04:10 . 2013-08-27 19:52 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-08-25 22:05 . 2013-08-25 22:06 -------- d-----w- c:\programdata\vsosdk2013-08-25 21:19 . 2009-09-02 18:44 65602 ----a-w- c:\windows\SysWow64\cook3260.dll2013-08-25 21:19 . 2009-09-02 18:44 626688 ----a-w- c:\windows\SysWow64\vp7vfw.dll2013-08-25 21:19 . 2009-09-02 18:44 217127 ----a-w- c:\windows\SysWow64\drv43260.dll2013-08-25 21:19 . 2009-09-02 18:44 208935 ----a-w- c:\windows\SysWow64\drv33260.dll2013-08-25 21:19 . 2009-09-02 18:44 176165 ----a-w- c:\windows\SysWow64\drv23260.dll2013-08-25 21:19 . 2009-09-02 18:44 1184984 ----a-w- c:\windows\SysWow64\wvc1dmod.dll2013-08-25 21:19 . 2009-09-02 18:44 102439 ----a-w- c:\windows\SysWow64\sipr3260.dll2013-08-25 20:07 . 2013-08-25 20:07 -------- d-----w- C:\FRST2013-08-25 14:54 . 2013-08-25 14:54 82816 ----a-w- c:\users\Mike\AppData\Roaming\pcouffin.sys2013-08-25 14:54 . 2013-08-26 02:16 -------- d-----w- c:\users\Mike\AppData\Roaming\Vso2013-08-25 14:54 . 2013-08-25 14:55 -------- d-----w- c:\programdata\VSO2013-08-25 14:54 . 2013-08-25 14:54 -------- d-----w- c:\program files (x86)\VSO2013-08-15 19:34 . 2013-08-25 19:02 -------- d-----w- c:\users\Mike\AppData\Roaming\Movdap2013-08-15 19:34 . 2013-08-15 19:34 -------- d-----w- c:\program files (x86)\Movdap2013-08-15 08:05 . 2013-08-15 08:07 -------- d-----w- c:\windows\system32\MRT2013-08-12 02:08 . 2013-08-21 20:56 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared2013-08-12 02:05 . 2013-08-12 02:05 -------- d-----w- c:\programdata\Symantec2013-08-12 02:05 . 2013-08-12 02:05 -------- d-----w- c:\users\Mike\AppData\Roaming\Python-Eggs2013-08-12 02:05 . 2013-08-12 02:05 -------- d-----w- c:\programdata\Norton2013-08-12 02:05 . 2013-08-21 05:10 -------- d-----w- c:\users\Mike\AppData\Roaming\BitLord2013-08-12 02:03 . 2013-08-12 02:05 -------- d-----w- c:\program files (x86)\BitLord 22013-08-12 02:02 . 2013-08-12 02:02 -------- d-----w- c:\windows\SysWow64\Extensions2013-08-12 02:02 . 2013-08-12 02:02 -------- d-----w- c:\windows\SysWow64\searchplugins2013-08-12 02:02 . 2013-08-12 02:02 -------- d-----w- c:\programdata\BrowserDefender2013-08-12 02:02 . 2013-08-21 22:43 -------- d-----w- c:\programdata\Tarma Installer2013-08-12 02:02 . 2013-08-12 02:02 -------- d-----w- c:\users\Mike\AppData\Roaming\Babylon2013-08-12 02:02 . 2013-08-12 02:02 -------- d-----w- c:\programdata\Babylon2013-08-12 01:33 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll2013-08-12 01:33 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll2013-08-12 01:33 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll2013-08-12 01:33 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll2013-08-12 01:33 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll2013-08-12 01:33 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll2013-08-12 01:33 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll2013-08-12 01:31 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll2013-08-12 01:31 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll2013-08-11 04:14 . 2013-08-11 04:46 -------- d-----w- c:\programdata\AVG20132013-08-11 04:14 . 2013-08-11 04:14 -------- d-----w- C:\$AVG2013-08-11 04:13 . 2013-08-11 04:18 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Avg20132013-08-11 04:13 . 2013-08-11 19:48 -------- d-----w- c:\program files (x86)\AVG2013-08-11 03:58 . 2013-08-11 03:58 -------- d-----w- c:\users\Mike\AppData\Roaming\Malwarebytes2013-08-11 03:58 . 2013-08-12 01:23 -------- d-----w- c:\users\Mike\AppData\Roaming\Search Protection2013-08-11 03:57 . 2013-08-12 03:36 -------- d-----w- c:\users\Mike\AppData\Roaming\BitTorrent2013-08-11 03:56 . 2013-08-11 19:48 -------- d-----w- c:\users\Mike\AppData\Roaming\SUPERAntiSpyware.com2013-08-11 03:55 . 2013-08-15 19:11 -------- d-----w- c:\program files\SUPERAntiSpyware2013-08-11 03:55 . 2013-08-11 03:55 -------- d-----w- c:\programdata\SUPERAntiSpyware.com2013-08-11 03:55 . 2013-08-12 01:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-08-11 03:55 . 2013-08-11 19:48 -------- d-----w- c:\programdata\Malwarebytes2013-08-11 03:55 . 2013-08-12 01:23 -------- d-----w- c:\programdata\MFAData2013-08-11 03:55 . 2013-08-11 03:55 -------- d-----w- c:\users\Mike\AppData\Local\MFAData2013-08-11 03:55 . 2013-08-11 03:55 -------- d-----w- c:\users\Mike\AppData\Local\Avg20132013-08-11 03:41 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll2013-08-11 03:41 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-08-28 06:31 . 2013-08-28 06:31 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B027194F-48D6-45B1-A3C8-B138E81D4AF3}\offreg.dll2013-08-21 04:28 . 2012-05-05 20:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-08-21 04:28 . 2012-05-05 20:01 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-08-15 08:05 . 2012-05-06 10:51 78161360 ----a-w- c:\windows\system32\MRT.exe2013-07-12 08:14 . 2013-07-12 08:14 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2013-07-12 08:14 . 2013-07-12 08:14 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll2013-07-12 08:14 . 2013-07-12 08:14 523264 ----a-w- c:\windows\SysWow64\vbscript.dll2013-07-12 08:14 . 2013-07-12 08:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2013-07-12 08:14 . 2013-07-12 08:14 38400 ----a-w- c:\windows\SysWow64\imgutil.dll2013-07-12 08:14 . 2013-07-12 08:14 226304 ----a-w- c:\windows\system32\elshyph.dll2013-07-12 08:14 . 2013-07-12 08:14 185344 ----a-w- c:\windows\SysWow64\elshyph.dll2013-07-12 08:14 . 2013-07-12 08:14 158720 ----a-w- c:\windows\SysWow64\msls31.dll2013-07-12 08:14 . 2013-07-12 08:14 150528 ----a-w- c:\windows\SysWow64\iexpress.exe2013-07-12 08:14 . 2013-07-12 08:14 138752 ----a-w- c:\windows\SysWow64\wextract.exe2013-07-12 08:14 . 2013-07-12 08:14 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe2013-07-12 08:14 . 2013-07-12 08:14 12800 ----a-w- c:\windows\SysWow64\mshta.exe2013-07-12 08:14 . 2013-07-12 08:14 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2013-07-12 08:14 . 2013-07-12 08:14 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2013-07-12 08:14 . 2013-07-12 08:14 61952 ----a-w- c:\windows\SysWow64\tdc.ocx2013-07-12 08:14 . 2013-07-12 08:14 452096 ----a-w- c:\windows\system32\dxtmsft.dll2013-07-12 08:14 . 2013-07-12 08:14 441856 ----a-w- c:\windows\system32\html.iec2013-07-12 08:14 . 2013-07-12 08:14 361984 ----a-w- c:\windows\SysWow64\html.iec2013-07-12 08:14 . 2013-07-12 08:14 281600 ----a-w- c:\windows\system32\dxtrans.dll2013-07-12 08:14 . 2013-07-12 08:14 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll2013-07-12 08:14 . 2013-07-12 08:14 216064 ----a-w- c:\windows\system32\msls31.dll2013-07-12 08:14 . 2013-07-12 08:14 197120 ----a-w- c:\windows\system32\msrating.dll2013-07-12 08:14 . 2013-07-12 08:14 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl2013-07-12 08:14 . 2013-07-12 08:14 1400416 ----a-w- c:\windows\system32\ieapfltr.dat2013-07-12 08:14 . 2013-07-12 08:14 762368 ----a-w- c:\windows\system32\ieapfltr.dll2013-07-12 08:14 . 2013-07-12 08:14 97280 ----a-w- c:\windows\system32\mshtmled.dll2013-07-12 08:14 . 2013-07-12 08:14 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll2013-07-12 08:14 . 2013-07-12 08:14 81408 ----a-w- c:\windows\system32\icardie.dll2013-07-12 08:14 . 2013-07-12 08:14 599552 ----a-w- c:\windows\system32\vbscript.dll2013-07-12 08:14 . 2013-07-12 08:14 27648 ----a-w- c:\windows\system32\licmgr10.dll2013-07-12 08:14 . 2013-07-12 08:14 270848 ----a-w- c:\windows\system32\iedkcs32.dll2013-07-12 08:14 . 2013-07-12 08:14 247296 ----a-w- c:\windows\system32\webcheck.dll2013-07-12 08:14 . 2013-07-12 08:14 235008 ----a-w- c:\windows\system32\url.dll2013-07-12 08:14 . 2013-07-12 08:14 167424 ----a-w- c:\windows\system32\iexpress.exe2013-07-12 08:14 . 2013-07-12 08:14 1509376 ----a-w- c:\windows\system32\inetcpl.cpl2013-07-12 08:14 . 2013-07-12 08:14 144896 ----a-w- c:\windows\system32\wextract.exe2013-07-12 08:14 . 2013-07-12 08:14 102912 ----a-w- c:\windows\system32\inseng.dll2013-07-12 08:14 . 2013-07-12 08:14 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2013-07-12 08:14 . 2013-07-12 08:14 62976 ----a-w- c:\windows\system32\pngfilt.dll2013-07-12 08:14 . 2013-07-12 08:14 52224 ----a-w- c:\windows\system32\msfeedsbs.dll2013-07-12 08:14 . 2013-07-12 08:14 51200 ----a-w- c:\windows\system32\imgutil.dll2013-07-12 08:14 . 2013-07-12 08:14 48640 ----a-w- c:\windows\system32\mshtmler.dll2013-07-12 08:14 . 2013-07-12 08:14 173568 ----a-w- c:\windows\system32\ieUnatt.exe2013-07-12 08:14 . 2013-07-12 08:14 149504 ----a-w- c:\windows\system32\occache.dll2013-07-12 08:14 . 2013-07-12 08:14 13824 ----a-w- c:\windows\system32\mshta.exe2013-07-12 08:14 . 2013-07-12 08:14 136192 ----a-w- c:\windows\system32\iepeers.dll2013-07-12 08:14 . 2013-07-12 08:14 135680 ----a-w- c:\windows\system32\IEAdvpack.dll2013-07-12 08:14 . 2013-07-12 08:14 12800 ----a-w- c:\windows\system32\msfeedssync.exe2013-07-12 08:14 . 2013-07-12 08:14 77312 ----a-w- c:\windows\system32\tdc.ocx2013-07-12 08:12 . 2013-07-12 08:12 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-07-12 08:12 . 2013-07-12 08:12 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-07-12 08:12 . 2013-07-12 08:12 648192 ----a-w- c:\windows\system32\d3d10level9.dll2013-07-12 08:12 . 2013-07-12 08:12 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll2013-07-12 08:12 . 2013-07-12 08:12 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-07-12 08:12 . 2013-07-12 08:12 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll2013-07-12 08:12 . 2013-07-12 08:12 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-07-12 08:12 . 2013-07-12 08:12 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll2013-07-12 08:12 . 2013-07-12 08:12 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll2013-07-12 08:12 . 2013-07-12 08:12 465920 ----a-w- c:\windows\system32\WMPhoto.dll2013-07-12 08:12 . 2013-07-12 08:12 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll2013-07-12 08:12 . 2013-07-12 08:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll2013-07-12 08:12 . 2013-07-12 08:12 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll2013-07-12 08:12 . 2013-07-12 08:12 3928064 ----a-w- c:\windows\system32\d2d1.dll2013-07-12 08:12 . 2013-07-12 08:12 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll2013-07-12 08:12 . 2013-07-12 08:12 363008 ----a-w- c:\windows\system32\dxgi.dll2013-07-12 08:12 . 2013-07-12 08:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-07-12 08:12 . 2013-07-12 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-07-12 08:12 . 2013-07-12 08:12 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll2013-07-12 08:12 . 2013-07-12 08:12 333312 ----a-w- c:\windows\system32\d3d10_1core.dll2013-07-12 08:12 . 2013-07-12 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll2013-07-12 08:12 . 2013-07-12 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll2013-07-12 08:12 . 2013-07-12 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll2013-07-12 08:12 . 2013-07-12 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll2013-07-12 08:12 . 2013-07-12 08:12 296960 ----a-w- c:\windows\system32\d3d10core.dll2013-07-12 08:12 . 2013-07-12 08:12 293376 ----a-w- c:\windows\SysWow64\dxgi.dll2013-07-12 08:12 . 2013-07-12 08:12 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll2013-07-12 08:12 . 2013-07-12 08:12 2565120 ----a-w- c:\windows\system32\d3d10warp.dll2013-07-12 08:12 . 2013-07-12 08:12 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-07-12 08:12 . 2013-07-12 08:12 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-07-12 08:12 . 2013-07-12 08:12 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll2013-07-12 08:12 . 2013-07-12 08:12 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll2013-07-12 08:12 . 2013-07-12 08:12 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll2013-07-12 08:12 . 2013-07-12 08:12 221184 ----a-w- c:\windows\system32\UIAnimation.dll2013-07-12 08:12 . 2013-07-12 08:12 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll2013-07-12 08:12 . 2013-07-12 08:12 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll2013-07-12 08:12 . 2013-07-12 08:12 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll2013-07-12 08:12 . 2013-07-12 08:12 194560 ----a-w- c:\windows\system32\d3d10_1.dll2013-07-12 08:12 . 2013-07-12 08:12 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll2013-07-12 08:12 . 2013-07-12 08:12 1682432 ----a-w- c:\windows\system32\XpsPrint.dll2013-07-12 08:12 . 2013-07-12 08:12 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll2013-07-12 08:12 . 2013-07-12 08:12 1238528 ----a-w- c:\windows\system32\d3d10.dll2013-07-12 08:12 . 2013-07-12 08:12 1175552 ----a-w- c:\windows\system32\FntCache.dll2013-07-12 08:12 . 2013-07-12 08:12 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll2013-07-12 08:12 . 2013-07-12 08:12 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll2013-07-12 08:12 . 2013-07-12 08:12 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-07-12 08:12 . 2013-07-12 08:12 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"EasyTether"="c:\program files (x86)\Mobile Stream\EasyTether\easytthr.exe" [2011-05-22 48648]"PC Speed Boost"="c:\program files (x86)\PC Speed Boost\PCSBLauncher.exe" [2013-03-16 107816]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-15 6581488].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2010-01-15 536576]"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-11-05 407920]"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-11-05 202096]"VitaKeyTSR"="c:\program files (x86)\EgisTec BioExcess\EgisTSR.exe" [2010-12-13 383344]"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-02-20 329056]"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-24 136488]"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-24 224352]"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2012-10-25 206448]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968].c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Giganews Accelerator.lnk - c:\program files (x86)\Giganews Accelerator\GiganewsAccelerator.exe [2011-4-20 456192].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2011-2-25 15776].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1)"AppInit_DLLs"=c:\progra~3\BROWSE~1\261519~1.190\{C16C1~1\BrowserDefender.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 aswRvrt;aswRvrt; [x]S0 aswVmm;aswVmm; [x]S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]S1 aswSnx;aswSnx; [x]S1 aswSP;aswSP; [x]S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys;c:\windows\SYSNATIVE\DRIVERS\kl2.sys [x]S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]S2 aswFsBlk;aswFsBlk; [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]S2 EgisTec Service;EgisTec Service;c:\program files (x86)\EgisTec BioExcess\EgisService.exe;c:\program files (x86)\EgisTec BioExcess\EgisService.exe [x]S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys;c:\windows\SYSNATIVE\Drivers\FPSensor.sys [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys;c:\windows\SYSNATIVE\DRIVERS\easytthr.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]S3 vmuvcflt;Vimicro USB Camera Filter;c:\windows\system32\Drivers\vmuvcflt.sys;c:\windows\SYSNATIVE\Drivers\vmuvcflt.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-08-21 07:12 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 04:28].2013-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 02:13].2013-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 02:13]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]@="{771C7324-DA80-49D3-8017-753B0AF60951}"[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]2012-02-20 02:04 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418840]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520]"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-02-20 9769888]"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-02-20 5908928]"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-02-20 114688].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 192.168.2.1.- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)Toolbar-Locked - (no file)Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exeHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]@="?????????????????? v1".[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}".[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]@="?????????????????? v2".[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files\AVAST Software\Avast\AvastSvc.exec:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe.**************************************************************************.Completion time: 2013-08-28 01:35:06 - machine was rebootedComboFix-quarantined-files.txt 2013-08-28 06:35.Pre-Run: 369,367,531,520 bytes freePost-Run: 369,382,043,648 bytes free.- - End Of File - - B9DD33CAAFF1990701B14671B6FB829B Link to post Share on other sites More sharing options...
MrCharlie Posted August 28, 2013 ID:721804 Share Posted August 28, 2013 Looks Good...... Lets clean out any adware while you're here: Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.Copy and paste the contents of that logfile in your next reply.A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.If you agree with everything listed to be removed in the folders section........... Double click on AdwCleaner.exe to run the tool again.Click on the Scan button.AdwCleaner will begin to scan your computer like it did before.After the scan has finished...This time click on the Clean button.Press OK when asked to close all programs and follow the onscreen prompts.Press OK again to allow AdwCleaner to restart the computer and complete the removal process.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Then.................. Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report. Make sure that everything is checked, and click Remove Selected. Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
hikittie Posted August 28, 2013 Author ID:721956 Share Posted August 28, 2013 Everything seems to be running good. Here is the log from adw cleaner: # AdwCleaner v3.001 - Report created 28/08/2013 at 11:56:05# Updated 24/08/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Mike - LENOVO# Running from : C:\Users\Mike\Desktop\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\Babylon[!] Folder Deleted : C:\ProgramData\BrowserDefenderFolder Deleted : C:\ProgramData\PartnerFolder Deleted : C:\ProgramData\Tarma InstallerFolder Deleted : C:\Program Files (x86)\MovdapFolder Deleted : C:\Users\Mike\AppData\LocalLow\deltaFolder Deleted : C:\Users\Mike\AppData\Roaming\BabylonFolder Deleted : C:\Users\Mike\AppData\Roaming\MovdapFolder Deleted : C:\Users\Mike\AppData\Roaming\search protectionFolder Deleted : C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefenderFile Deleted : C:\ENDFile Deleted : C:\windows\System32\Tasks\BrowserDefendert***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettingsKey Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}Key Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCSKey Deleted : HKCU\Software\5a53d888b635be44Key Deleted : HKLM\SOFTWARE\5a53d888b635be44Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Deleted : HKCU\Software\APN PIP[#] Key Deleted : HKCU\Software\DataMngr_ToolbarKey Deleted : HKCU\Software\DeltaKey Deleted : HKCU\Software\InstallCoreKey Deleted : HKLM\Software\DataMngrKey Deleted : HKLM\Software\Delta***** [ Browsers ] *****-\\ Internet Explorer v10.0.9200.16660-\\ Google Chrome v29.0.1547.57[ File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\preferences ]Deleted : homepageDeleted : icon_urlDeleted : search_urlDeleted : keywordDeleted : urls_to_restore_on_startup*************************AdwCleaner[R0].txt - [4481 octets] - [28/08/2013 11:44:22]AdwCleaner[s0].txt - [4164 octets] - [28/08/2013 11:56:05]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4224 octets] ########## Here is the log from malawarebytes: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.08.28.05Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16660Mike :: LENOVO [administrator]8/28/2013 12:04:44 PMmbam-log-2013-08-28 (12-04-44).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 223761Time elapsed: 4 minute(s), 17 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 2C:\Users\Mike\Local Settings\Temporary Internet Files\Content.IE5\DFCDIQ4B\pack[1].7z (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.C:\Users\Mike\Local Settings\Temporary Internet Files\Content.IE5\DFCDIQ4B\WebCakesetup[1].exe (PUP.Optional.Yontoo) -> Quarantined and deleted successfully.(end) Link to post Share on other sites More sharing options...
MrCharlie Posted August 28, 2013 ID:721961 Share Posted August 28, 2013 Good...... Lets check your computers security before you go and we have a little cleanup to do also: Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.If you get Unsupported operating system. Aborting now, just reboot and try again.A Notepad document should open automatically called checkup.txt.Please Post the contents of that document.Do Not Attach It!!!MrC Link to post Share on other sites More sharing options...
hikittie Posted August 29, 2013 Author ID:722229 Share Posted August 29, 2013 Ok, here is the log from the security check: Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Kaspersky Anti-Virus Antivirus up to date! (On Access scanning disabled!)`````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 37 Java 7 Update 9 Java version out of Date! Adobe Reader XI Google Chrome 29.0.1547.57 Google Chrome 29.0.1547.62 ````````Process Check: objlist.exe by Laurent```````` Kaspersky Lab Kaspersky Anti-Virus 2012 x64 klwtblfs.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1%````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
MrCharlie Posted August 29, 2013 ID:722355 Share Posted August 29, 2013 Out dated programs on the system are vulnerable to malware.Please update or uninstall them:---------------------------Java™ 6 Update 37 <----please uninstall from your add/remove programsJava 7 Update 9 <-----please update, should be Update 25Java version out of Date! <--------Go to control panel > Java > Update Tab > Update NowUncheck the box to install the Ask toolbar!!! and any other free "stuff".If there's no update tab in Java, uninstall it and Download and install the latest version from HereUncheck the box to install the Ask toolbar!!! and any other free "stuff".-------------------------------A little clean up to do....Please Uninstall ComboFix: (if you used it)Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)---------------------------------If you used FRST:Download the fixlist.txt to the same folder as FRST.Run FRST and click Fix only once and waitThat will delete the quarantine folder created by FRST.-----------------------------If you used DeFogger to disable your CD Emulation drivers, please re-enable them.-------------------------------Please download OTC to your desktop.http://oldtimer.geekstogo.com/OTC.exeDouble-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")Click on the CleanUp! button and follow the prompts.(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)You will be asked to reboot the machine to finish the Cleanup process, choose Yes.After the reboot all the tools we used should be gone.Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.Any other programs or logs you can manually delete.IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.-------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 31, 2013 Root Admin ID:723166 Share Posted August 31, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts