Jump to content

FBI / white screen virus

EricS

By EricS
in Resolved Malware Removal Logs

 Share

Recommended Posts

Maniac

Maniac

Posted
Posted

Hello EricS and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
  • One or more of the identified infections is related to a nasty rootkit component which is difficult to remove. Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

    If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

    Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, delete the partition, reformat and reinstall the Operating System.

    Please read:

    Should you decide not to follow this advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, disinfection will require more time and more advanced tools.

    Please let us know how you would like to proceed.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the flashdrive as fixlist.txt

HKU\Eric\...\Winlogon: [shell] C:\Users\Eric\AppData\Roaming\dlc.xmm,explorer.exe <==== ATTENTION

2013-08-29 03:53 - 2013-08-29 06:43 - 00000000 ____D C:\ProgramData\wmsar

2013-08-29 03:50 - 2013-08-29 03:50 - 00200192 _____ C:\ProgramData\ydrym.exe

2013-08-29 03:50 - 2013-08-29 03:50 - 00200192 _____ C:\ProgramData\vvossa.exe

2013-08-29 03:50 - 2013-08-29 03:50 - 00200192 _____ C:\ProgramData\nnan.exe

2013-08-29 03:50 - 2013-08-29 03:50 - 00200192 _____ C:\ProgramData\jamgg.exe

2013-08-29 03:50 - 2013-08-29 03:50 - 00200192 _____ C:\ProgramData\gulqdcn.exe

2013-08-29 03:35 - 2013-08-29 06:54 - 00000000 ____D C:\ProgramData\pwg

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

Link to post
Share on other sites
EricS

EricS

Posted
  • Author
Posted

Done.

 

------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by SYSTEM on 29-08-2013 09:18:45
Running from K:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11786344 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [Carbonite Backup] - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1059472 2012-02-03] (Carbonite, Inc.)
HKLM-x32\...\Run: [Qwest Personal Digital Vault] - "C:\Program Files (x86)\CenturyLink Personal Digital Vault\QwestPersonalDigitalVault.exe" /m [x]
HKLM-x32\...\Run: [sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-07-01] (Sendori, Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478600 2013-05-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-08-05] (RealNetworks, Inc.)
HKU\Eric\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-16] (Google Inc.)
HKU\Eric\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1811880 2013-08-28] (Valve Corporation)
HKU\Eric\...\RunOnce: [Application Restart #1] - C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [383488 2009-07-13] (Microsoft Corporation)
HKU\Eric\...\Winlogon: [shell] C:\Users\Eric\AppData\Roaming\dlc.xmm,explorer.exe <==== ATTENTION 
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
 
==================== Services (Whitelisted) =================
 
S2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.)
S2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2010-10-27] (Hewlett-Packard Company)
S2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)
S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori)
S2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [127784 2009-11-23] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
S3 Alpham1; C:\Windows\System32\DRIVERS\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation)
S3 Alpham2; C:\Windows\System32\DRIVERS\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1309010.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-26] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-26] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-26] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20130828.001\IDSvia64.sys [520280 2013-08-13] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20130828.001\IDSvia64.sys [520280 2013-08-13] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20130829.002\ENG64.SYS [126040 2013-08-28] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20130829.002\ENG64.SYS [126040 2013-08-28] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20130829.002\EX64.SYS [2099288 2013-08-28] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20130829.002\EX64.SYS [2099288 2013-08-28] (Symantec Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1309010.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NAVx64\1309010.00E\SYMDS64.SYS [451192 2011-08-15] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NAVx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-06-14] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NAVx64\1309010.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1309010.00E\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-08-29 03:53 - 2013-08-29 06:43 - 00000000 ____D C:\ProgramData\wmsar
2013-08-29 03:50 - 2013-08-29 03:50 - 00200192 _____ C:\ProgramData\ydrym.exe
2013-08-29 03:50 - 2013-08-29 03:50 - 00200192 _____ C:\ProgramData\vvossa.exe
2013-08-29 03:50 - 2013-08-29 03:50 - 00200192 _____ C:\ProgramData\nnan.exe
2013-08-29 03:50 - 2013-08-29 03:50 - 00200192 _____ C:\ProgramData\jamgg.exe
2013-08-29 03:50 - 2013-08-29 03:50 - 00200192 _____ C:\ProgramData\gulqdcn.exe
2013-08-29 03:35 - 2013-08-29 06:54 - 00000000 ____D C:\ProgramData\pwg
2013-08-28 08:46 - 2013-08-28 08:46 - 17996195 _____ C:\Users\Eric\Downloads\APL23-I5DXX-XX_001 20Aug2013.7z
2013-08-25 06:07 - 2013-08-25 06:07 - 00587160 _____ (Freegies) C:\Users\Eric\Downloads\Freegiez_MineCraft (4).exe
2013-08-25 06:07 - 2013-08-25 06:07 - 00587160 _____ (Freegies) C:\Users\Eric\Downloads\Freegiez_MineCraft (3).exe
2013-08-25 06:06 - 2013-08-25 06:06 - 00587160 _____ (Freegies) C:\Users\Eric\Downloads\Freegiez_MineCraft.exe
2013-08-25 06:06 - 2013-08-25 06:06 - 00587160 _____ (Freegies) C:\Users\Eric\Downloads\Freegiez_MineCraft (2).exe
2013-08-25 06:06 - 2013-08-25 06:06 - 00587160 _____ (Freegies) C:\Users\Eric\Downloads\Freegiez_MineCraft (1).exe
2013-08-18 11:45 - 2013-08-18 11:45 - 25933829 _____ C:\Users\Eric\Desktop\Artmycry finished.psd
2013-08-15 01:09 - 2013-07-25 21:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-15 01:09 - 2013-07-25 21:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-15 01:09 - 2013-07-25 21:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-15 01:09 - 2013-07-25 21:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-15 01:09 - 2013-07-25 21:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-15 01:09 - 2013-07-25 21:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-15 01:09 - 2013-07-25 21:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-15 01:09 - 2013-07-25 21:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-15 01:09 - 2013-07-25 21:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-15 01:09 - 2013-07-25 21:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-15 01:09 - 2013-07-25 21:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-15 01:09 - 2013-07-25 21:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-15 01:09 - 2013-07-25 21:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-15 01:09 - 2013-07-25 21:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-15 01:09 - 2013-07-25 19:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-15 01:09 - 2013-07-25 19:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 01:09 - 2013-07-25 19:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 01:09 - 2013-07-25 19:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 01:09 - 2013-07-25 19:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 01:09 - 2013-07-25 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 01:09 - 2013-07-25 19:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 01:09 - 2013-07-25 19:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 01:09 - 2013-07-25 19:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 01:09 - 2013-07-25 19:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 01:09 - 2013-07-25 19:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 01:09 - 2013-07-25 19:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 01:09 - 2013-07-25 19:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 01:09 - 2013-07-25 18:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 01:09 - 2013-07-25 18:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-15 01:09 - 2013-07-25 17:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 01:08 - 2013-07-25 19:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 01:02 - 2013-08-15 01:02 - 00000000 ____D C:\Windows\System32\MRT
2013-08-14 10:49 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-14 10:49 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 10:49 - 2013-07-18 17:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-14 10:49 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 10:49 - 2013-07-08 21:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-14 10:49 - 2013-07-08 21:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-14 10:49 - 2013-07-08 21:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-14 10:49 - 2013-07-08 21:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-14 10:49 - 2013-07-08 21:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-14 10:49 - 2013-07-08 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 10:49 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 10:49 - 2013-07-08 20:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 10:49 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 10:49 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 10:47 - 2013-07-08 22:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-14 10:47 - 2013-07-08 21:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-08-14 10:47 - 2013-07-08 21:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-08-14 10:47 - 2013-07-08 21:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 10:47 - 2013-07-08 21:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 10:47 - 2013-07-08 20:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 10:47 - 2013-07-08 20:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 10:47 - 2013-07-08 18:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 10:47 - 2013-07-08 18:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 10:47 - 2013-07-08 18:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 10:47 - 2013-07-08 18:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 10:47 - 2013-07-05 22:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-14 10:47 - 2013-06-14 20:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-08-07 15:41 - 2013-08-07 15:41 - 04679400 _____ (Systweak Inc                                                ) C:\Users\Eric\Downloads\rcpsetup_adgorithms_728_90_ag_2.exe
2013-08-05 22:11 - 2013-08-07 16:23 - 00003336 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3547283564-3147896735-2641354149-1001
2013-08-05 22:11 - 2013-08-07 16:23 - 00003200 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3547283564-3147896735-2641354149-1001
2013-08-05 22:11 - 2013-08-05 22:11 - 00000000 ____D C:\Users\Eric\AppData\Roaming\RealNetworks
2013-08-05 22:10 - 2013-08-05 22:10 - 00001275 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-08-05 22:10 - 2013-08-05 22:10 - 00000000 ____D C:\ProgramData\RealNetworks
2013-08-05 22:10 - 2013-08-05 22:10 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-08-05 22:09 - 2013-08-05 22:10 - 00000000 ____D C:\Program Files (x86)\Real
2013-08-05 22:09 - 2013-08-05 22:09 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-08-05 22:09 - 2013-08-05 22:09 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-08-05 22:09 - 2013-08-05 22:09 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-08-05 22:09 - 2013-08-05 22:09 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-08-05 22:08 - 2013-08-06 06:19 - 00000000 ____D C:\Users\Eric\AppData\Roaming\Real
2013-08-05 22:08 - 2013-08-05 22:11 - 00000000 ____D C:\ProgramData\Real
 
==================== One Month Modified Files and Folders =======
 
2013-08-29 07:05 - 2012-01-15 18:22 - 01057084 _____ C:\Windows\WindowsUpdate.log
2013-08-29 06:59 - 2010-11-20 19:47 - 00018912 _____ C:\Windows\PFRO.log
2013-08-29 06:54 - 2013-08-29 03:35 - 00000000 ____D C:\ProgramData\pwg
2013-08-29 06:54 - 2012-11-30 14:29 - 00000000 ____D C:\ProgramData\Sendori
2013-08-29 06:53 - 2012-01-16 00:57 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-29 06:53 - 2012-01-15 17:41 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-29 06:53 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-29 06:53 - 2009-07-13 20:51 - 00015461 _____ C:\Windows\setupact.log
2013-08-29 06:51 - 2012-06-28 20:22 - 00000000 ___HD C:\Users\Eric\AppData\Roaming\WTablet
2013-08-29 06:51 - 2012-01-16 14:34 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-29 06:50 - 2012-01-16 00:57 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-29 06:43 - 2013-08-29 03:53 - 00000000 ____D C:\ProgramData\wmsar
2013-08-29 06:25 - 2012-04-11 06:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-29 03:50 - 2013-08-29 03:50 - 00200192 _____ C:\ProgramData\ydrym.exe
2013-08-29 03:50 - 2013-08-29 03:50 - 00200192 _____ C:\ProgramData\vvossa.exe
2013-08-29 03:50 - 2013-08-29 03:50 - 00200192 _____ C:\ProgramData\nnan.exe
2013-08-29 03:50 - 2013-08-29 03:50 - 00200192 _____ C:\ProgramData\jamgg.exe
2013-08-29 03:50 - 2013-08-29 03:50 - 00200192 _____ C:\ProgramData\gulqdcn.exe
2013-08-28 14:58 - 2012-11-30 14:29 - 00000000 ____D C:\Program Files (x86)\Sendori
2013-08-28 08:46 - 2013-08-28 08:46 - 17996195 _____ C:\Users\Eric\Downloads\APL23-I5DXX-XX_001 20Aug2013.7z
2013-08-27 12:09 - 2009-07-13 21:13 - 00726444 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-26 21:04 - 2012-01-18 14:03 - 00000000 ____D C:\Users\Eric\Desktop\Eric
2013-08-26 09:47 - 2013-02-11 17:42 - 00000000 ____D C:\Users\Eric\Desktop\Eric Expenses
2013-08-25 06:07 - 2013-08-25 06:07 - 00587160 _____ (Freegies) C:\Users\Eric\Downloads\Freegiez_MineCraft (4).exe
2013-08-25 06:07 - 2013-08-25 06:07 - 00587160 _____ (Freegies) C:\Users\Eric\Downloads\Freegiez_MineCraft (3).exe
2013-08-25 06:06 - 2013-08-25 06:06 - 00587160 _____ (Freegies) C:\Users\Eric\Downloads\Freegiez_MineCraft.exe
2013-08-25 06:06 - 2013-08-25 06:06 - 00587160 _____ (Freegies) C:\Users\Eric\Downloads\Freegiez_MineCraft (2).exe
2013-08-25 06:06 - 2013-08-25 06:06 - 00587160 _____ (Freegies) C:\Users\Eric\Downloads\Freegiez_MineCraft (1).exe
2013-08-23 05:22 - 2012-01-16 00:57 - 00000000 ___HD C:\Users\Eric\AppData\Local\Google
2013-08-22 16:53 - 2012-06-13 20:36 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-19 15:53 - 2012-01-15 17:52 - 00000000 ___HD C:\Users\Eric\AppData\Roaming\Adobe
2013-08-18 11:45 - 2013-08-18 11:45 - 25933829 _____ C:\Users\Eric\Desktop\Artmycry finished.psd
2013-08-15 02:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 01:39 - 2009-07-13 20:45 - 00016976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-15 01:39 - 2009-07-13 20:45 - 00016976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-15 01:08 - 2012-01-16 08:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-15 01:03 - 2013-08-15 01:02 - 00000000 ____D C:\Windows\System32\MRT
2013-08-15 01:01 - 2012-01-20 19:39 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-08-12 22:06 - 2012-03-04 11:52 - 00000000 ____D C:\Users\Eric\Desktop\Jessi
2013-08-07 16:23 - 2013-08-05 22:11 - 00003336 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3547283564-3147896735-2641354149-1001
2013-08-07 16:23 - 2013-08-05 22:11 - 00003200 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3547283564-3147896735-2641354149-1001
2013-08-07 15:41 - 2013-08-07 15:41 - 04679400 _____ (Systweak Inc                                                ) C:\Users\Eric\Downloads\rcpsetup_adgorithms_728_90_ag_2.exe
2013-08-06 06:19 - 2013-08-05 22:08 - 00000000 ____D C:\Users\Eric\AppData\Roaming\Real
2013-08-05 22:11 - 2013-08-05 22:11 - 00000000 ____D C:\Users\Eric\AppData\Roaming\RealNetworks
2013-08-05 22:11 - 2013-08-05 22:08 - 00000000 ____D C:\ProgramData\Real
2013-08-05 22:10 - 2013-08-05 22:10 - 00001275 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-08-05 22:10 - 2013-08-05 22:10 - 00000000 ____D C:\ProgramData\RealNetworks
2013-08-05 22:10 - 2013-08-05 22:10 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-08-05 22:10 - 2013-08-05 22:09 - 00000000 ____D C:\Program Files (x86)\Real
2013-08-05 22:09 - 2013-08-05 22:09 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-08-05 22:09 - 2013-08-05 22:09 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-08-05 22:09 - 2013-08-05 22:09 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-08-05 22:09 - 2013-08-05 22:09 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-08-05 22:09 - 2012-09-23 19:43 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2013-08-05 22:09 - 2012-09-23 19:43 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
 
Files to move or delete:
====================
C:\ProgramData\gulqdcn.exe
C:\ProgramData\jamgg.exe
C:\ProgramData\nnan.exe
C:\ProgramData\vvossa.exe
C:\ProgramData\ydrym.exe
C:\Users\Eric\jagex_cl_runescape_LIVE.dat
C:\Users\Eric\random.dat
C:\Users\Eric\AppData\Local\Temp\AskSLib.dll
C:\Users\Eric\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\Eric\AppData\Local\Temp\install_flashplayer11x32ax_chra_aih.exe
C:\Users\Eric\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\Eric\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Eric\AppData\Local\Temp\lowproc.exe
C:\Users\Eric\AppData\Local\Temp\NAV20125.exe
C:\Users\Eric\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Eric\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Eric\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\Eric\AppData\Local\Temp\nvStInst.exe
C:\Users\Eric\AppData\Local\Temp\ose00000.exe
C:\Users\Eric\AppData\Local\Temp\QwrapMar.exe
C:\Users\Eric\AppData\Local\Temp\SetupImgBurn_2.5.7.0.exe
C:\Users\Eric\AppData\Local\Temp\stubhelper.dll
C:\Users\Eric\AppData\Local\Temp\~rnsetup\GEMSETUP\msvcr100.dll
C:\Users\Eric\AppData\Local\Temp\~rnsetup\GEMSETUP\pnrs3260.dll
C:\Users\Eric\AppData\Local\Temp\{E1AD5B8A-CA6C-4505-8200-170B8BBEA49E}\InLib.dll
C:\Users\Eric\AppData\Local\Temp\{D17CBEA3-60A9-4284-88FD-AFB78CFB8AB4}\ISBEW64.exe
C:\Users\Eric\AppData\Local\Temp\{A5F5E0BC-3ADE-449B-A779-1F636A914822}\ISBEW64.exe
C:\Users\Eric\AppData\Local\Temp\{8F07D7A0-5DCC-4793-B821-34EC73A6F288}\ISBEW64.exe
C:\Users\Eric\AppData\Local\Temp\{78F6C028-5987-15E4-2BC0-F6788759E415}\awesomium.dll
C:\Users\Eric\AppData\Local\Temp\{78F6C028-5987-15E4-2BC0-F6788759E415}\icudt.dll
C:\Users\Eric\AppData\Local\Temp\{55470043-4A72-154C-4000-4755724A4C15}\icudt42.dll
C:\Users\Eric\AppData\Local\Temp\{54A97378-31E0-1586-7B73-A954E0318615}\icudt42.dll
C:\Users\Eric\AppData\Local\Temp\UstreamProducer\setup.exe
C:\Users\Eric\AppData\Local\Temp\Setup000004fc\OSETUPUI.DLL
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\setup.exe
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{E1EFF81F-E42D-4D52-8C56-3493C52D5641}\DSETUP.dll
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{E1EFF81F-E42D-4D52-8C56-3493C52D5641}\dsetup32.dll
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{E1EFF81F-E42D-4D52-8C56-3493C52D5641}\DXSETUP.exe
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{E1EFF81F-E42D-4D52-8C56-3493C52D5641}\PRQStarter-1.exe
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{D37C1D8F-C930-4005-BCD8-3715028461C0}\PRQStarter-1.exe
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{D37C1D8F-C930-4005-BCD8-3715028461C0}\vcredist_x86.exe
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{C597C3FC-2110-451E-832E-9352964E56F9}\PRQStarter-1.exe
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{C597C3FC-2110-451E-832E-9352964E56F9}\vcredist_x86.exe
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{C00D1E35-750C-4021-86E0-A088C6678DD9}\DSETUP.dll
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{C00D1E35-750C-4021-86E0-A088C6678DD9}\dsetup32.dll
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{C00D1E35-750C-4021-86E0-A088C6678DD9}\DXSETUP.exe
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{C00D1E35-750C-4021-86E0-A088C6678DD9}\PRQStarter-1.exe
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\NeroBar.exe
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\PRQStarter-1.exe
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{B56633A3-7ADC-4CE5-A320-ACA0B65DA04B}\PRQStarter-1.exe
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{B56633A3-7ADC-4CE5-A320-ACA0B65DA04B}\vcredist_x86.exe
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{A5D3B160-0EA1-4A57-8D82-C53A853AEB07}\DSETUP.dll
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{A5D3B160-0EA1-4A57-8D82-C53A853AEB07}\dsetup32.dll
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{A5D3B160-0EA1-4A57-8D82-C53A853AEB07}\DXSETUP.exe
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{A5D3B160-0EA1-4A57-8D82-C53A853AEB07}\PRQStarter-1.exe
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{A4400125-0F4D-4B79-80B5-D85DADF61F7A}\DSETUP.dll
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{A4400125-0F4D-4B79-80B5-D85DADF61F7A}\dsetup32.dll
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{A4400125-0F4D-4B79-80B5-D85DADF61F7A}\DXSETUP.exe
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{A4400125-0F4D-4B79-80B5-D85DADF61F7A}\PRQStarter-1.exe
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{8D7309F4-C4B6-4408-8DA9-D3B0E7987822}\PRQStarter-1.exe
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{88CDD09D-1B57-4BB4-A192-33BA0CBCB566}\NeroOSValidator.exe
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{6BD3444F-03E6-4E21-BAD0-50E6A5820433}\PRQStarter-1.exe
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{5CCCB5E2-D83C-42AD-B8BA-6C073D804247}\PRQStarter-1.exe
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{3D0986A7-2F13-4AD4-A35F-D167603DB43F}\DSETUP.dll
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{3D0986A7-2F13-4AD4-A35F-D167603DB43F}\dsetup32.dll
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{3D0986A7-2F13-4AD4-A35F-D167603DB43F}\DXSETUP.exe
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{3D0986A7-2F13-4AD4-A35F-D167603DB43F}\PRQStarter-1.exe
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{22AA129A-8E5D-45AE-A3E4-D110703EF141}\PRQStarter-1.exe
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{22AA129A-8E5D-45AE-A3E4-D110703EF141}\WindowsXP-KB942288-v3-x86.exe
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{046FDEE1-7615-4CE7-990D-19D4CC134D5F}\DSETUP.dll
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{046FDEE1-7615-4CE7-990D-19D4CC134D5F}\dsetup32.dll
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{046FDEE1-7615-4CE7-990D-19D4CC134D5F}\DXSETUP.exe
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{046FDEE1-7615-4CE7-990D-19D4CC134D5F}\PRQStarter-1.exe
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\NDP30SP2-KB967328-x86\NDP30SP2-KB967328-x86.exe
C:\Users\Eric\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\NDP30SP2-KB967328-x86\PRQStarter-1.exe
C:\Users\Eric\AppData\Local\Temp\HpUpdate\26593\hpusetup.exe
C:\Users\Eric\AppData\Local\Temp\HpUpdate\26179\GmdClientSetup.exe
C:\Users\Eric\AppData\Local\Temp\HpUpdate\25545\hpusetup.exe
C:\Users\Eric\AppData\Local\Temp\gw2cache-{19AE9639-57FB-1601-3A96-AE19FB570116}\icudt.dll
C:\Users\Eric\AppData\Local\Temp\Epic-a239f34f-0e37-44d0-8669-ebdda9781712\Redist\vcredist_x64_vs2008sp1.exe
C:\Users\Eric\AppData\Local\Temp\Epic-a239f34f-0e37-44d0-8669-ebdda9781712\Redist\vcredist_x86_vs2008sp1.exe
C:\Users\Eric\AppData\Local\Temp\Epic-a239f34f-0e37-44d0-8669-ebdda9781712\Redist\DXRedistCutdown\DSETUP.dll
C:\Users\Eric\AppData\Local\Temp\Epic-a239f34f-0e37-44d0-8669-ebdda9781712\Redist\DXRedistCutdown\dsetup32.dll
C:\Users\Eric\AppData\Local\Temp\Epic-a239f34f-0e37-44d0-8669-ebdda9781712\Redist\DXRedistCutdown\DXSETUP.exe
C:\Users\Eric\AppData\Local\Temp\Epic-a239f34f-0e37-44d0-8669-ebdda9781712\Redist\Binaries\UnSetup.exe
C:\Users\Eric\AppData\Local\Temp\Epic-a239f34f-0e37-44d0-8669-ebdda9781712\Redist\AMD\amdcpusetup.exe
C:\Users\Eric\AppData\Local\Temp\Epic-a239f34f-0e37-44d0-8669-ebdda9781712\Binaries\UnSetup.exe
C:\Users\Eric\AppData\Local\Temp\D39B4B65_3692_4292_833F_2C81D15845EB\advrcntr5.dll
C:\Users\Eric\AppData\Local\Temp\D33B.dir\InstallFlashPlayer.exe
C:\Users\Eric\AppData\Local\Temp\._msigeplugin61\GoogleEarth.exe
C:\Users\Eric\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\earthps.dll
C:\Users\Eric\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\geplugin.exe
C:\Users\Eric\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\ge_expat.dll
C:\Users\Eric\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\googleearth_free.dll
C:\Users\Eric\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\msvcp100.dll
C:\Users\Eric\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\msvcr100.dll
C:\Users\Eric\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\npgeplugin.dll
C:\Users\Eric\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\plugin_ax.dll
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-08-22 22:05:56
Restore point made on: 2013-08-22 22:13:02
Restore point made on: 2013-08-23 18:03:47
Restore point made on: 2013-08-24 18:18:48
Restore point made on: 2013-08-26 21:06:10
Restore point made on: 2013-08-28 10:15:37
Restore point made on: 2013-08-28 12:19:43
Restore point made on: 2013-08-28 13:49:57
Restore point made on: 2013-08-28 15:40:23
Restore point made on: 2013-08-28 17:12:36
Restore point made on: 2013-08-28 20:24:34
Restore point made on: 2013-08-28 21:49:19
Restore point made on: 2013-08-29 03:06:33
Restore point made on: 2013-08-29 06:43:17
 
==================== Memory info =========================== 
 
Percentage of memory in use: 10%
Total physical RAM: 8174.01 MB
Available physical RAM: 7350.97 MB
Total Pagefile: 8172.21 MB
Available Pagefile: 7344.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:1765.16 GB) (Free:1141.63 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:97.66 GB) (Free:80.62 GB) NTFS
Drive k: () (Removable) (Total:7.82 GB) (Free:6.54 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System) (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 0FB51FA1)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-303696827392) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (Size: 8 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=8 GB) - (Type=0B)
 
 
LastRegBack: 2013-08-21 22:44
Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.