Jump to content

FBI Moneypack Malware


Recommended Posts

So I'm playing Civ 5 and I get this pop-up saying I owe the FBI 300 dollars to unlock my computer. I attempt to restart in safe mode and it works, but I'm unsure how to rid myself of this problem.. I would greatly appreciate any help you could offer to remove this =\
Side note: I didn't have my system restore set up. I did try that.

Link to post
Share on other sites

Welcome to the forum, here's how we deal with that malware:

  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flash drive into the infected PC.

  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:

    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.

    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

    To enter System Recovery Options by using Windows installation disc:

    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
      • Startup Repair

        System Restore

        Windows Complete PC Restore

        Windows Memory Diagnostic Tool

        Command Prompt

        Select Command Prompt

        Once in the Command Prompt:

    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter

      Note: Replace letter e with the drive letter of your flash drive.

    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
MrC
Link to post
Share on other sites

I'm assuming this is from the torrent of Civ 5 I got the other day. That's removed ASAP. I greatly appreciate your help in this matter.
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-05-2013 (ATTENTION: FRST version is 113 days old)
Ran by SYSTEM on 06-09-2013 17:18:22
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2327952 2010-07-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2011-01-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe" [83232 2013-07-22] (Sendori, Inc.)
HKLM-x32\...\Run: [searchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
HKU\fbwuser\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\fbwuser\...\Policies\system: [WallpaperStyle] 2
HKU\Guest\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Guest\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\Guest\...\Policies\system: [WallpaperStyle] 2
HKU\laptop\...\Run: [searchProtect] C:\Users\laptop\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)
HKU\laptop\...\Policies\system: [WallpaperStyle] 2
Startup: C:\Users\laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
 
==================== Services (Whitelisted) =================
 
S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-22] (Sendori, Inc.)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [97056 2013-05-07] (Conduit)
S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [852264 2013-08-16] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-08-12] ()
S2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [555304 2013-08-16] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.)
S2 NWVZHelper; C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [270848 2010-06-14] (Novatel Wireless Inc.)
S2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-22] (sendori)
S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-22] (Sendori)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
S3 Atc002; C:\Windows\System32\DRIVERS\l260x64.sys [34304 2009-06-10] (Atheros Communications, Inc.)
S3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [58368 2009-06-24] (Atheros Communications, Inc.)
S3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
S1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-08-12] (AnchorFree Inc.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-08-12] (Anchorfree Inc.)
S1 ElbyCDIO; System32\Drivers\ElbyCDIO.sys [x]
S3 PTDUBus; system32\DRIVERS\PTDUBus.sys [x]
S3 PTDUMdm; system32\DRIVERS\PTDUMdm.sys [x]
S3 PTDUVsp; system32\DRIVERS\PTDUVsp.sys [x]
S3 PTDUWFLT; system32\DRIVERS\PTDUWFLT.sys [x]
S3 PTDUWWAN; system32\DRIVERS\PTDUWWAN.sys [x]
S3 SMNDIS5; \??\C:\PROGRA~2\VERIZO~1\VZACCE~1\SMNDIS5.SYS [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-06 17:18 - 2013-09-06 17:18 - 00000000 ____D C:\FRST
2013-09-06 11:35 - 2013-09-06 11:35 - 00000000 ____D C:\ProgramData\cffay
2013-09-06 11:32 - 2013-09-06 11:32 - 00086528 ____A (Ahead Software AG) C:\Windows\SysWOW64\oeha.tmp
2013-09-03 01:18 - 2013-09-03 01:18 - 00000000 ____D C:\Users\laptop\AppData\Roaming\LolClient
2013-09-03 00:12 - 2008-07-12 04:18 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-09-03 00:12 - 2008-07-12 04:18 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-09-03 00:11 - 2013-09-03 00:11 - 00001613 ____A C:\Users\Public\Desktop\Play League of Legends.lnk
2013-09-03 00:11 - 2013-09-03 00:11 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-09-03 00:11 - 2013-09-03 00:11 - 00000000 ____D C:\Riot Games
2013-09-03 00:11 - 2008-07-12 04:18 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-09-03 00:10 - 2013-09-03 03:26 - 00000000 ____D C:\Users\laptop\AppData\Local\PMB Files
2013-09-03 00:10 - 2013-09-03 03:26 - 00000000 ____D C:\ProgramData\PMB Files
2013-09-03 00:10 - 2013-09-03 00:10 - 00000000 ____D C:\Users\laptop\AppData\Roaming\Riot Games
2013-09-03 00:10 - 2013-09-03 00:10 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-09-03 00:09 - 2013-09-03 00:09 - 32229024 ____A (Riot Games) C:\Users\laptop\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe
2013-09-02 04:30 - 2013-09-02 04:30 - 00835560 ____A C:\Windows\Minidump\090213-19812-01.dmp
2013-09-02 03:27 - 2013-09-02 03:31 - 00000000 ____D C:\Program Files (x86)\The Mighty Quest For Epic Loot
2013-09-02 03:27 - 2013-09-02 03:27 - 00001358 ____A C:\Users\Public\Desktop\The Mighty Quest For Epic Loot.lnk
2013-09-02 03:26 - 2013-09-02 03:27 - 27987776 ____A (                                                            ) C:\Users\laptop\Downloads\MightyQuestSetup_213647.exe
2013-09-02 03:25 - 2013-08-12 15:07 - 00046792 ____A (AnchorFree Inc.) C:\Windows\System32\Drivers\hssdrv6.sys
2013-09-02 03:24 - 2013-09-02 03:24 - 00000020 __ASH C:\Users\fbwuser\ntuser.ini
2013-09-02 03:24 - 2010-02-23 03:48 - 00000000 ____D C:\Users\fbwuser\AppData\Local\Microsoft Help
2013-09-02 02:52 - 2013-09-02 02:52 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-09-02 02:52 - 2013-05-07 22:10 - 00770384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-09-02 02:52 - 2013-05-07 22:10 - 00421200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-09-02 02:51 - 2013-09-02 02:52 - 00000000 ____D C:\Users\laptop\AppData\Roaming\SearchProtect
2013-09-02 02:51 - 2013-09-02 02:51 - 03517176 ____A C:\Users\laptop\Downloads\flv_runner_b2_t1_Wrapper.exe
2013-09-02 02:51 - 2013-09-02 02:51 - 00000000 ____D C:\Users\laptop\AppData\Local\CRE
2013-09-02 02:47 - 2013-09-02 03:25 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield
2013-09-02 02:47 - 2013-09-02 02:47 - 00000000 ____D C:\ProgramData\Hotspot Shield
2013-09-02 02:47 - 2013-09-02 02:47 - 00000000 ____D C:\Program Files (x86)\iVIDI.org plugin
2013-09-02 02:47 - 2013-07-22 14:12 - 00325920 ____A (Sendori) C:\Windows\SysWOW64\Sendori.dll
2013-09-02 02:46 - 2013-09-06 11:32 - 00000000 ____D C:\ProgramData\Sendori
2013-09-02 02:46 - 2013-09-02 02:47 - 00000000 ____D C:\Program Files (x86)\Sendori
2013-09-02 02:46 - 2013-09-02 02:46 - 06684200 ____A C:\Users\laptop\Downloads\Dungeon_Keeper_3-_War_for_the_Overworld_Bedrock_Beta_0.1.2_-TVD.exe
2013-09-02 02:46 - 2013-09-02 02:46 - 00000000 ____D C:\Users\laptop\AppData\Roaming\Unitech LLC
2013-09-02 02:46 - 2013-09-02 02:46 - 00000000 ____D C:\Program Files (x86)\Unitech LLC
2013-09-02 02:07 - 2013-09-02 02:07 - 05667608 ____A C:\Users\Guest\Downloads\Dungeon_Keeper_3-_War_for_the_Overworld_Bedrock_Beta_0.1.2_-TVD.exe
2013-09-02 01:38 - 2013-09-02 01:38 - 27987776 ____A (                                                            ) C:\Users\Guest\Downloads\MightyQuestSetup_213647.exe
2013-09-01 23:40 - 2013-09-01 23:40 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2013-09-01 02:28 - 2013-09-01 02:28 - 00000000 ____D C:\Users\Guest\Documents\My Games
2013-09-01 02:28 - 2013-09-01 02:28 - 00000000 ____D C:\Users\Guest\AppData\Local\My Games
2013-09-01 01:55 - 2013-09-01 01:55 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Hewlett-Packard
2013-09-01 01:54 - 2013-09-01 01:54 - 00084632 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-01 01:53 - 2013-09-01 01:53 - 00000000 ____D C:\Users\Guest\AppData\Local\Hewlett-Packard
2013-08-28 18:42 - 2013-08-28 18:42 - 00292184 ____A (Microsoft Corporation) C:\Users\laptop\Downloads\dxwebsetup (1).exe
2013-08-28 18:42 - 2013-08-28 18:42 - 00000000 ____D C:\Users\laptop\AppData\Local\My Games
2013-08-28 18:38 - 2010-06-02 00:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-08-28 18:38 - 2010-06-02 00:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2013-08-28 18:38 - 2010-06-02 00:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2013-08-28 18:38 - 2010-06-02 00:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-08-28 18:37 - 2010-06-02 00:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-08-28 18:37 - 2010-06-02 00:55 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2013-08-28 18:37 - 2010-05-26 07:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2013-08-28 18:37 - 2010-05-26 07:41 - 02401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2013-08-28 18:37 - 2010-05-26 07:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-08-28 18:37 - 2010-05-26 07:41 - 01998168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-08-28 18:37 - 2010-05-26 07:41 - 01907552 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2013-08-28 18:37 - 2010-05-26 07:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-08-28 18:37 - 2010-05-26 07:41 - 00511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2013-08-28 18:37 - 2010-05-26 07:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-08-28 18:37 - 2010-05-26 07:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2013-08-28 18:37 - 2010-05-26 07:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-08-28 18:37 - 2010-02-04 06:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2013-08-28 18:37 - 2010-02-04 06:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-08-28 18:37 - 2010-02-04 06:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-08-28 18:37 - 2010-02-04 06:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2013-08-28 18:37 - 2010-02-04 06:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2013-08-28 18:37 - 2010-02-04 06:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-08-28 18:37 - 2010-02-04 06:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2013-08-28 18:37 - 2010-02-04 06:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-08-28 18:37 - 2009-09-04 13:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2013-08-28 18:37 - 2009-09-04 13:44 - 00515416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2013-08-28 18:37 - 2009-09-04 13:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-08-28 18:37 - 2009-09-04 13:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2013-08-28 18:37 - 2009-09-04 13:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2013-08-28 18:37 - 2009-09-04 13:44 - 00069464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-08-28 18:37 - 2009-09-04 13:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2013-08-28 18:37 - 2009-09-04 13:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-08-28 18:37 - 2009-09-04 13:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2013-08-28 18:37 - 2009-09-04 13:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2013-08-28 18:37 - 2009-09-04 13:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-08-28 18:37 - 2009-09-04 13:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-08-28 18:37 - 2009-09-04 13:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2013-08-28 18:37 - 2009-09-04 13:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-08-28 18:37 - 2009-09-04 13:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2013-08-28 18:37 - 2009-09-04 13:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-08-28 18:37 - 2008-10-27 06:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2013-08-28 18:37 - 2008-10-27 06:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-08-28 18:37 - 2008-10-27 06:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-08-28 18:37 - 2008-10-27 06:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2013-08-28 18:37 - 2008-10-27 06:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2013-08-28 18:37 - 2008-10-27 06:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-08-28 18:37 - 2008-10-27 06:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2013-08-28 18:37 - 2008-10-27 06:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-08-28 18:37 - 2008-07-31 06:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-08-28 18:37 - 2008-07-31 06:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2013-08-28 18:37 - 2008-07-31 06:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2013-08-28 18:37 - 2008-07-31 06:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-08-28 18:37 - 2008-07-31 06:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2013-08-28 18:37 - 2008-07-31 06:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-08-28 18:36 - 2013-08-28 18:37 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-08-28 18:36 - 2013-08-28 18:36 - 00292184 ____A (Microsoft Corporation) C:\Users\laptop\Downloads\dxwebsetup.exe
2013-08-28 18:36 - 2013-08-28 18:36 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-08-28 18:33 - 2013-09-03 01:55 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-08-28 18:33 - 2013-08-28 18:33 - 00001047 ____A C:\Users\laptop\Desktop\MyPC Backup.lnk
2013-08-28 18:32 - 2013-08-28 18:32 - 01116952 ____A C:\Users\laptop\Downloads\directx 9 redistributable setup.exe
2013-08-28 18:32 - 2013-08-28 18:32 - 01116952 ____A C:\Users\laptop\Downloads\directx 9 redistributable setup (1).exe
2013-08-28 18:19 - 2013-08-28 18:18 - 02292806 ____A C:\Users\laptop\Desktop\Windows 7 Loader.exe
2013-08-28 18:18 - 2013-08-28 18:18 - 02292806 ____A C:\Users\laptop\Downloads\Windows 7 Loader.exe
2013-08-28 17:59 - 2013-08-28 17:59 - 00001093 ____A C:\Users\Public\Desktop\Sid Meier's Civilization V.lnk
2013-08-28 17:41 - 2013-08-28 17:41 - 00000000 ____D C:\Users\laptop\AppData\Roaming\ParetoLogic
2013-08-28 17:41 - 2013-08-28 17:41 - 00000000 ____D C:\Users\laptop\AppData\Roaming\DriverCure
2013-08-28 17:40 - 2013-08-28 18:15 - 00000000 ____D C:\ProgramData\ParetoLogic
2013-08-28 17:40 - 2013-08-28 17:40 - 06463152 ____A (ParetoLogic, Inc.) C:\Users\laptop\Downloads\RegCureProSetup_bing.exe
2013-08-28 17:24 - 2013-09-06 11:29 - 00000000 ____D C:\Program Files (x86)\Sid Meier's Civilization V
2013-08-28 16:50 - 2013-08-28 16:54 - 00000000 ____D C:\Users\laptop\Downloads\Sid.Meiers.Civilization.V.GOTY-SiMON
2013-08-28 16:44 - 2013-08-28 16:44 - 00000000 ____A C:\install.rdf
2013-08-28 16:21 - 2013-08-28 16:21 - 00000000 ____D C:\ProgramData\3DMGAME
2013-08-28 16:16 - 2013-08-28 16:16 - 00001210 ____A C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2013-08-28 16:15 - 2013-08-28 16:15 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2013-08-28 16:14 - 2013-08-28 16:14 - 01588760 ____A C:\Users\laptop\Downloads\SetupVirtualCloneDrive5460.exe
2013-08-28 16:09 - 2013-07-31 07:09 - 3071617024 ____A C:\Users\laptop\Desktop\Sid.Meiers.Civilization.V.GOTY-SiMON.iso
2013-08-28 15:59 - 2013-08-28 15:59 - 00000000 __SHD C:\found.001
2013-08-28 15:52 - 2013-08-28 15:52 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-08-28 15:47 - 2013-08-28 15:50 - 86989752 ____A (Intel Corporation) C:\Users\laptop\Downloads\Win7Vista_64_152258.exe
2013-08-28 15:28 - 2013-08-28 15:28 - 00000853 ____A C:\Users\laptop\Desktop\µTorrent.lnk
2013-08-28 15:27 - 2013-09-02 02:52 - 00000000 ____D C:\Users\laptop\AppData\Roaming\uTorrent
2013-08-28 15:27 - 2013-08-28 15:27 - 01130576 ____A (BitTorrent Inc.) C:\Users\laptop\Downloads\utorrent.exe
2013-08-28 15:26 - 2013-08-28 15:26 - 00002255 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-28 15:24 - 2013-09-06 11:29 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-28 15:24 - 2013-09-06 11:28 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-28 15:24 - 2013-08-28 15:24 - 00784880 ____A (Google Inc.) C:\Users\laptop\Downloads\ChromeSetup.exe
2013-08-12 15:10 - 2013-08-12 15:10 - 00042184 ____A (Anchorfree Inc.) C:\Windows\System32\Drivers\taphss6.sys
 
==================== One Month Modified Files and Folders =======
 
2013-09-06 17:18 - 2013-09-06 17:18 - 00000000 ____D C:\FRST
2013-09-06 11:54 - 2009-11-13 17:01 - 01948390 ____A C:\Windows\WindowsUpdate.log
2013-09-06 11:46 - 2009-11-13 17:24 - 00424566 ____A C:\Windows\PFRO.log
2013-09-06 11:35 - 2013-09-06 11:35 - 00000000 ____D C:\ProgramData\cffay
2013-09-06 11:32 - 2013-09-06 11:32 - 00086528 ____A (Ahead Software AG) C:\Windows\SysWOW64\oeha.tmp
2013-09-06 11:32 - 2013-09-02 02:46 - 00000000 ____D C:\ProgramData\Sendori
2013-09-06 11:29 - 2013-08-28 17:24 - 00000000 ____D C:\Program Files (x86)\Sid Meier's Civilization V
2013-09-06 11:29 - 2013-08-28 15:24 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-06 11:29 - 2010-06-17 12:49 - 00065536 _____ C:\Windows\System32\Ikeext.etl
2013-09-06 11:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2013-09-06 11:28 - 2013-08-28 15:24 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-06 11:28 - 2011-06-05 18:15 - 00008605 ____A C:\Windows\setupact.log
2013-09-06 11:28 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-09-05 14:24 - 2009-07-13 20:45 - 00025888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-05 14:24 - 2009-07-13 20:45 - 00025888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-05 11:59 - 2010-01-06 14:28 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-09-05 11:58 - 2011-02-24 14:54 - 00001854 ____A C:\Users\laptop\AppData\Roaming\GhostObjGAFix.xml
2013-09-03 03:26 - 2013-09-03 00:10 - 00000000 ____D C:\Users\laptop\AppData\Local\PMB Files
2013-09-03 03:26 - 2013-09-03 00:10 - 00000000 ____D C:\ProgramData\PMB Files
2013-09-03 01:55 - 2013-08-28 18:33 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-09-03 01:18 - 2013-09-03 01:18 - 00000000 ____D C:\Users\laptop\AppData\Roaming\LolClient
2013-09-03 00:11 - 2013-09-03 00:11 - 00001613 ____A C:\Users\Public\Desktop\Play League of Legends.lnk
2013-09-03 00:11 - 2013-09-03 00:11 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-09-03 00:11 - 2013-09-03 00:11 - 00000000 ____D C:\Riot Games
2013-09-03 00:10 - 2013-09-03 00:10 - 00000000 ____D C:\Users\laptop\AppData\Roaming\Riot Games
2013-09-03 00:10 - 2013-09-03 00:10 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-09-03 00:09 - 2013-09-03 00:09 - 32229024 ____A (Riot Games) C:\Users\laptop\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe
2013-09-02 04:30 - 2013-09-02 04:30 - 00835560 ____A C:\Windows\Minidump\090213-19812-01.dmp
2013-09-02 04:30 - 2011-06-05 18:15 - 475561996 ____A C:\Windows\MEMORY.DMP
2013-09-02 04:30 - 2011-01-10 16:42 - 00000000 ____D C:\Windows\Minidump
2013-09-02 03:31 - 2013-09-02 03:27 - 00000000 ____D C:\Program Files (x86)\The Mighty Quest For Epic Loot
2013-09-02 03:27 - 2013-09-02 03:27 - 00001358 ____A C:\Users\Public\Desktop\The Mighty Quest For Epic Loot.lnk
2013-09-02 03:27 - 2013-09-02 03:26 - 27987776 ____A (                                                            ) C:\Users\laptop\Downloads\MightyQuestSetup_213647.exe
2013-09-02 03:25 - 2013-09-02 02:47 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield
2013-09-02 03:24 - 2013-09-02 03:24 - 00000020 __ASH C:\Users\fbwuser\ntuser.ini
2013-09-02 02:52 - 2013-09-02 02:52 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-09-02 02:52 - 2013-09-02 02:51 - 00000000 ____D C:\Users\laptop\AppData\Roaming\SearchProtect
2013-09-02 02:52 - 2013-08-28 15:27 - 00000000 ____D C:\Users\laptop\AppData\Roaming\uTorrent
2013-09-02 02:52 - 2010-09-29 11:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-02 02:51 - 2013-09-02 02:51 - 03517176 ____A C:\Users\laptop\Downloads\flv_runner_b2_t1_Wrapper.exe
2013-09-02 02:51 - 2013-09-02 02:51 - 00000000 ____D C:\Users\laptop\AppData\Local\CRE
2013-09-02 02:47 - 2013-09-02 02:47 - 00000000 ____D C:\ProgramData\Hotspot Shield
2013-09-02 02:47 - 2013-09-02 02:47 - 00000000 ____D C:\Program Files (x86)\iVIDI.org plugin
2013-09-02 02:47 - 2013-09-02 02:46 - 00000000 ____D C:\Program Files (x86)\Sendori
2013-09-02 02:46 - 2013-09-02 02:46 - 06684200 ____A C:\Users\laptop\Downloads\Dungeon_Keeper_3-_War_for_the_Overworld_Bedrock_Beta_0.1.2_-TVD.exe
2013-09-02 02:46 - 2013-09-02 02:46 - 00000000 ____D C:\Users\laptop\AppData\Roaming\Unitech LLC
2013-09-02 02:46 - 2013-09-02 02:46 - 00000000 ____D C:\Program Files (x86)\Unitech LLC
2013-09-02 02:46 - 2011-02-08 20:30 - 00000000 ____D C:\Users\laptop\AppData\Roaming\OpenCandy
2013-09-02 02:07 - 2013-09-02 02:07 - 05667608 ____A C:\Users\Guest\Downloads\Dungeon_Keeper_3-_War_for_the_Overworld_Bedrock_Beta_0.1.2_-TVD.exe
2013-09-02 01:38 - 2013-09-02 01:38 - 27987776 ____A (                                                            ) C:\Users\Guest\Downloads\MightyQuestSetup_213647.exe
2013-09-01 23:40 - 2013-09-01 23:40 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2013-09-01 02:28 - 2013-09-01 02:28 - 00000000 ____D C:\Users\Guest\Documents\My Games
2013-09-01 02:28 - 2013-09-01 02:28 - 00000000 ____D C:\Users\Guest\AppData\Local\My Games
2013-09-01 01:55 - 2013-09-01 01:55 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Hewlett-Packard
2013-09-01 01:54 - 2013-09-01 01:54 - 00084632 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-01 01:53 - 2013-09-01 01:53 - 00000000 ____D C:\Users\Guest\AppData\Local\Hewlett-Packard
2013-09-01 01:52 - 2011-03-04 09:03 - 00000000 ____D C:\users\Guest
2013-08-28 18:42 - 2013-08-28 18:42 - 00292184 ____A (Microsoft Corporation) C:\Users\laptop\Downloads\dxwebsetup (1).exe
2013-08-28 18:42 - 2013-08-28 18:42 - 00000000 ____D C:\Users\laptop\AppData\Local\My Games
2013-08-28 18:42 - 2010-08-05 14:55 - 00000000 ____D C:\Users\laptop\Documents\My Games
2013-08-28 18:38 - 2013-08-28 18:36 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-08-28 18:37 - 2013-08-28 18:36 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-08-28 18:36 - 2013-08-28 18:36 - 00292184 ____A (Microsoft Corporation) C:\Users\laptop\Downloads\dxwebsetup.exe
2013-08-28 18:33 - 2013-08-28 18:33 - 00001047 ____A C:\Users\laptop\Desktop\MyPC Backup.lnk
2013-08-28 18:32 - 2013-08-28 18:32 - 01116952 ____A C:\Users\laptop\Downloads\directx 9 redistributable setup.exe
2013-08-28 18:32 - 2013-08-28 18:32 - 01116952 ____A C:\Users\laptop\Downloads\directx 9 redistributable setup (1).exe
2013-08-28 18:18 - 2013-08-28 18:19 - 02292806 ____A C:\Users\laptop\Desktop\Windows 7 Loader.exe
2013-08-28 18:18 - 2013-08-28 18:18 - 02292806 ____A C:\Users\laptop\Downloads\Windows 7 Loader.exe
2013-08-28 18:15 - 2013-08-28 17:40 - 00000000 ____D C:\ProgramData\ParetoLogic
2013-08-28 18:06 - 2010-12-10 05:22 - 00000000 ____D C:\Program Files (x86)\Spyware Doctor
2013-08-28 18:06 - 2009-12-30 20:01 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-28 17:59 - 2013-08-28 17:59 - 00001093 ____A C:\Users\Public\Desktop\Sid Meier's Civilization V.lnk
2013-08-28 17:41 - 2013-08-28 17:41 - 00000000 ____D C:\Users\laptop\AppData\Roaming\ParetoLogic
2013-08-28 17:41 - 2013-08-28 17:41 - 00000000 ____D C:\Users\laptop\AppData\Roaming\DriverCure
2013-08-28 17:40 - 2013-08-28 17:40 - 06463152 ____A (ParetoLogic, Inc.) C:\Users\laptop\Downloads\RegCureProSetup_bing.exe
2013-08-28 16:54 - 2013-08-28 16:50 - 00000000 ____D C:\Users\laptop\Downloads\Sid.Meiers.Civilization.V.GOTY-SiMON
2013-08-28 16:46 - 2010-12-10 05:22 - 00000000 ____D C:\ProgramData\PC Tools
2013-08-28 16:44 - 2013-08-28 16:44 - 00000000 ____A C:\install.rdf
2013-08-28 16:43 - 2009-08-24 10:02 - 00000000 ____D C:\Program Files (x86)\CyberLink
2013-08-28 16:43 - 2009-08-24 08:28 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-28 16:38 - 2009-08-24 10:02 - 00000000 ____D C:\ProgramData\CyberLink
2013-08-28 16:33 - 2011-04-27 15:41 - 00000000 ____D C:\Users\laptop\AppData\Local\Conduit
2013-08-28 16:33 - 2009-12-30 21:21 - 00000000 ____D C:\Users\laptop\AppData\Local\Google
2013-08-28 16:33 - 2009-12-30 20:01 - 00000000 ____D C:\ProgramData\Google
2013-08-28 16:21 - 2013-08-28 16:21 - 00000000 ____D C:\ProgramData\3DMGAME
2013-08-28 16:16 - 2013-08-28 16:16 - 00001210 ____A C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2013-08-28 16:15 - 2013-08-28 16:15 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2013-08-28 16:14 - 2013-08-28 16:14 - 01588760 ____A C:\Users\laptop\Downloads\SetupVirtualCloneDrive5460.exe
2013-08-28 16:12 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2013-08-28 16:04 - 2009-11-13 17:25 - 00015318 ____A C:\Windows\System32\results.xml
2013-08-28 15:59 - 2013-08-28 15:59 - 00000000 __SHD C:\found.001
2013-08-28 15:52 - 2013-08-28 15:52 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-08-28 15:52 - 2011-03-04 08:39 - 01711478 ____A C:\Windows\System32\Drivers\Cat.DB
2013-08-28 15:52 - 2009-11-13 17:00 - 00000000 ____D C:\Program Files (x86)\Intel
2013-08-28 15:51 - 2009-11-13 17:00 - 00000000 ____D C:\Intel
2013-08-28 15:50 - 2013-08-28 15:47 - 86989752 ____A (Intel Corporation) C:\Users\laptop\Downloads\Win7Vista_64_152258.exe
2013-08-28 15:47 - 2010-01-16 10:31 - 00000000 ____D C:\Users\laptop\AppData\Roaming\Skype
2013-08-28 15:46 - 2011-01-18 17:40 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2013-08-28 15:41 - 2009-12-15 18:05 - 00000000 ____D C:\Users\laptop\AppData\Roaming\WildTangent
2013-08-28 15:41 - 2009-08-24 09:10 - 00000000 ____D C:\Program Files (x86)\HP Games
2013-08-28 15:28 - 2013-08-28 15:28 - 00000853 ____A C:\Users\laptop\Desktop\µTorrent.lnk
2013-08-28 15:27 - 2013-08-28 15:27 - 01130576 ____A (BitTorrent Inc.) C:\Users\laptop\Downloads\utorrent.exe
2013-08-28 15:26 - 2013-08-28 15:26 - 00002255 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-28 15:24 - 2013-08-28 15:24 - 00784880 ____A (Google Inc.) C:\Users\laptop\Downloads\ChromeSetup.exe
2013-08-12 15:10 - 2013-08-12 15:10 - 00042184 ____A (Anchorfree Inc.) C:\Windows\System32\Drivers\taphss6.sys
2013-08-12 15:07 - 2013-09-02 03:25 - 00046792 ____A (AnchorFree Inc.) C:\Windows\System32\Drivers\hssdrv6.sys
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 13%
Total physical RAM: 5814.7 MB
Available physical RAM: 5023.95 MB
Total Pagefile: 5812.85 MB
Available Pagefile: 5016.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:216.86 GB) (Free:149.69 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:15.83 GB) (Free:2.59 GB) NTFS (Disk=0 Partition=3) ==>[system with boot components (obtained from reading drive)]
Drive h: () (Removable) (Total:7.45 GB) (Free:5.54 GB) FAT32 (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: B25F934C)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=217 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)
 
 
Last Boot: 2013-09-03 00:42
 
==================== End Of Log ============================
Link to post
Share on other sites

Here is the Log you requested.
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-09-2013
Ran by SYSTEM on MININT-IPJKBTA on 06-09-2013 19:05:36
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [intelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2011-01-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-07-22] (Sendori, Inc.)
HKLM-x32\...\Run: [searchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
HKU\fbwuser\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
HKU\fbwuser\...\Policies\system: [WallpaperStyle] 2
HKU\Guest\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
HKU\Guest\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\Guest\...\Policies\system: [WallpaperStyle] 2
HKU\laptop\...\Run: [searchProtect] - C:\Users\laptop\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)
HKU\laptop\...\Policies\system: [WallpaperStyle] 2
Startup: C:\Users\laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
 
==================== Services (Whitelisted) =================
 
S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-22] (Sendori, Inc.)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [97056 2013-05-07] (Conduit)
S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [852264 2013-08-16] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-08-12] ()
S2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [555304 2013-08-16] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.)
S2 NWVZHelper; C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [270848 2010-06-14] (Novatel Wireless Inc.)
S2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-22] (sendori)
S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-22] (Sendori)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
S3 Atc002; C:\Windows\System32\DRIVERS\l260x64.sys [34304 2009-06-10] (Atheros Communications, Inc.)
S3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [58368 2009-06-24] (Atheros Communications, Inc.)
S3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
S1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-08-12] (AnchorFree Inc.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-08-12] (Anchorfree Inc.)
S3 PTDUBus; system32\DRIVERS\PTDUBus.sys [x]
S3 PTDUMdm; system32\DRIVERS\PTDUMdm.sys [x]
S3 PTDUVsp; system32\DRIVERS\PTDUVsp.sys [x]
S3 PTDUWFLT; system32\DRIVERS\PTDUWFLT.sys [x]
S3 PTDUWWAN; system32\DRIVERS\PTDUWWAN.sys [x]
S3 SMNDIS5; \??\C:\PROGRA~2\VERIZO~1\VZACCE~1\SMNDIS5.SYS [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-06 11:35 - 2013-09-06 11:35 - 00000000 ____D C:\ProgramData\cffay
2013-09-06 11:32 - 2013-09-06 11:32 - 00086528 _____ (Ahead Software AG) C:\Windows\SysWOW64\oeha.tmp
2013-09-03 01:18 - 2013-09-03 01:18 - 00000000 ____D C:\Users\laptop\AppData\Roaming\LolClient
2013-09-03 00:12 - 2008-07-12 04:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-09-03 00:12 - 2008-07-12 04:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-09-03 00:11 - 2013-09-03 00:11 - 00001613 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
2013-09-03 00:11 - 2013-09-03 00:11 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-09-03 00:11 - 2013-09-03 00:11 - 00000000 ____D C:\Riot Games
2013-09-03 00:11 - 2008-07-12 04:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-09-03 00:10 - 2013-09-03 03:26 - 00000000 ____D C:\Users\laptop\AppData\Local\PMB Files
2013-09-03 00:10 - 2013-09-03 03:26 - 00000000 ____D C:\ProgramData\PMB Files
2013-09-03 00:10 - 2013-09-03 00:10 - 00000000 ____D C:\Users\laptop\AppData\Roaming\Riot Games
2013-09-03 00:10 - 2013-09-03 00:10 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-09-03 00:09 - 2013-09-03 00:09 - 32229024 _____ (Riot Games) C:\Users\laptop\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe
2013-09-02 04:30 - 2013-09-02 04:30 - 00835560 _____ C:\Windows\Minidump\090213-19812-01.dmp
2013-09-02 03:27 - 2013-09-02 03:31 - 00000000 ____D C:\Program Files (x86)\The Mighty Quest For Epic Loot
2013-09-02 03:27 - 2013-09-02 03:27 - 00001358 _____ C:\Users\Public\Desktop\The Mighty Quest For Epic Loot.lnk
2013-09-02 03:26 - 2013-09-02 03:27 - 27987776 _____ (                                                            ) C:\Users\laptop\Downloads\MightyQuestSetup_213647.exe
2013-09-02 03:25 - 2013-08-12 15:07 - 00046792 _____ (AnchorFree Inc.) C:\Windows\System32\Drivers\hssdrv6.sys
2013-09-02 03:24 - 2013-09-02 03:24 - 00000020 ___SH C:\Users\fbwuser\ntuser.ini
2013-09-02 03:24 - 2010-02-23 03:48 - 00000000 ____D C:\Users\fbwuser\AppData\Local\Microsoft Help
2013-09-02 02:52 - 2013-09-02 02:52 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-09-02 02:52 - 2013-05-07 22:10 - 00770384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-09-02 02:52 - 2013-05-07 22:10 - 00421200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-09-02 02:51 - 2013-09-02 02:52 - 00000000 ____D C:\Users\laptop\AppData\Roaming\SearchProtect
2013-09-02 02:51 - 2013-09-02 02:51 - 03517176 _____ C:\Users\laptop\Downloads\flv_runner_b2_t1_Wrapper.exe
2013-09-02 02:51 - 2013-09-02 02:51 - 00000000 ____D C:\Users\laptop\AppData\Local\CRE
2013-09-02 02:47 - 2013-09-02 03:25 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield
2013-09-02 02:47 - 2013-09-02 02:47 - 00000000 ____D C:\ProgramData\Hotspot Shield
2013-09-02 02:47 - 2013-09-02 02:47 - 00000000 ____D C:\Program Files (x86)\iVIDI.org plugin
2013-09-02 02:47 - 2013-07-22 14:12 - 00325920 _____ (Sendori) C:\Windows\SysWOW64\Sendori.dll
2013-09-02 02:46 - 2013-09-06 11:32 - 00000000 ____D C:\ProgramData\Sendori
2013-09-02 02:46 - 2013-09-02 02:47 - 00000000 ____D C:\Program Files (x86)\Sendori
2013-09-02 02:46 - 2013-09-02 02:46 - 06684200 _____ C:\Users\laptop\Downloads\Dungeon_Keeper_3-_War_for_the_Overworld_Bedrock_Beta_0.1.2_-TVD.exe
2013-09-02 02:46 - 2013-09-02 02:46 - 00000000 ____D C:\Users\laptop\AppData\Roaming\Unitech LLC
2013-09-02 02:46 - 2013-09-02 02:46 - 00000000 ____D C:\Program Files (x86)\Unitech LLC
2013-09-02 02:07 - 2013-09-02 02:07 - 05667608 _____ C:\Users\Guest\Downloads\Dungeon_Keeper_3-_War_for_the_Overworld_Bedrock_Beta_0.1.2_-TVD.exe
2013-09-02 01:38 - 2013-09-02 01:38 - 27987776 _____ (                                                            ) C:\Users\Guest\Downloads\MightyQuestSetup_213647.exe
2013-09-01 23:40 - 2013-09-01 23:40 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2013-09-01 02:28 - 2013-09-01 02:28 - 00000000 ____D C:\Users\Guest\Documents\My Games
2013-09-01 02:28 - 2013-09-01 02:28 - 00000000 ____D C:\Users\Guest\AppData\Local\My Games
2013-09-01 01:55 - 2013-09-01 01:55 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Hewlett-Packard
2013-09-01 01:54 - 2013-09-01 01:54 - 00084632 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-01 01:53 - 2013-09-01 01:53 - 00000000 ____D C:\Users\Guest\AppData\Local\Hewlett-Packard
2013-08-28 18:42 - 2013-08-28 18:42 - 00292184 _____ (Microsoft Corporation) C:\Users\laptop\Downloads\dxwebsetup (1).exe
2013-08-28 18:42 - 2013-08-28 18:42 - 00000000 ____D C:\Users\laptop\AppData\Local\My Games
2013-08-28 18:38 - 2010-06-02 00:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-08-28 18:38 - 2010-06-02 00:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2013-08-28 18:38 - 2010-06-02 00:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2013-08-28 18:38 - 2010-06-02 00:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-08-28 18:37 - 2010-06-02 00:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-08-28 18:37 - 2010-06-02 00:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2013-08-28 18:37 - 2010-05-26 07:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2013-08-28 18:37 - 2010-05-26 07:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2013-08-28 18:37 - 2010-05-26 07:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-08-28 18:37 - 2010-05-26 07:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-08-28 18:37 - 2010-05-26 07:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2013-08-28 18:37 - 2010-05-26 07:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-08-28 18:37 - 2010-05-26 07:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2013-08-28 18:37 - 2010-05-26 07:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-08-28 18:37 - 2010-05-26 07:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2013-08-28 18:37 - 2010-05-26 07:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-08-28 18:37 - 2010-02-04 06:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2013-08-28 18:37 - 2010-02-04 06:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-08-28 18:37 - 2010-02-04 06:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-08-28 18:37 - 2010-02-04 06:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2013-08-28 18:37 - 2010-02-04 06:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2013-08-28 18:37 - 2010-02-04 06:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-08-28 18:37 - 2010-02-04 06:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2013-08-28 18:37 - 2010-02-04 06:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-08-28 18:37 - 2009-09-04 13:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2013-08-28 18:37 - 2009-09-04 13:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2013-08-28 18:37 - 2009-09-04 13:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-08-28 18:37 - 2009-09-04 13:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2013-08-28 18:37 - 2009-09-04 13:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2013-08-28 18:37 - 2009-09-04 13:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-08-28 18:37 - 2009-09-04 13:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2013-08-28 18:37 - 2009-09-04 13:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-08-28 18:37 - 2009-09-04 13:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2013-08-28 18:37 - 2009-09-04 13:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2013-08-28 18:37 - 2009-09-04 13:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-08-28 18:37 - 2009-09-04 13:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-08-28 18:37 - 2009-09-04 13:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2013-08-28 18:37 - 2009-09-04 13:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-08-28 18:37 - 2009-09-04 13:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2013-08-28 18:37 - 2009-09-04 13:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-08-28 18:37 - 2008-10-27 06:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2013-08-28 18:37 - 2008-10-27 06:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-08-28 18:37 - 2008-10-27 06:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-08-28 18:37 - 2008-10-27 06:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2013-08-28 18:37 - 2008-10-27 06:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2013-08-28 18:37 - 2008-10-27 06:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-08-28 18:37 - 2008-10-27 06:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2013-08-28 18:37 - 2008-10-27 06:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-08-28 18:37 - 2008-07-31 06:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-08-28 18:37 - 2008-07-31 06:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2013-08-28 18:37 - 2008-07-31 06:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2013-08-28 18:37 - 2008-07-31 06:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-08-28 18:37 - 2008-07-31 06:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2013-08-28 18:37 - 2008-07-31 06:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-08-28 18:36 - 2013-08-28 18:38 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-08-28 18:36 - 2013-08-28 18:37 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-08-28 18:36 - 2013-08-28 18:36 - 00292184 _____ (Microsoft Corporation) C:\Users\laptop\Downloads\dxwebsetup.exe
2013-08-28 18:33 - 2013-09-03 01:55 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-08-28 18:33 - 2013-08-28 18:33 - 00001047 _____ C:\Users\laptop\Desktop\MyPC Backup.lnk
2013-08-28 18:32 - 2013-08-28 18:32 - 01116952 _____ C:\Users\laptop\Downloads\directx 9 redistributable setup.exe
2013-08-28 18:32 - 2013-08-28 18:32 - 01116952 _____ C:\Users\laptop\Downloads\directx 9 redistributable setup (1).exe
2013-08-28 18:19 - 2013-08-28 18:18 - 02292806 _____ C:\Users\laptop\Desktop\Windows 7 Loader.exe
2013-08-28 18:18 - 2013-08-28 18:18 - 02292806 _____ C:\Users\laptop\Downloads\Windows 7 Loader.exe
2013-08-28 17:59 - 2013-08-28 17:59 - 00001093 _____ C:\Users\Public\Desktop\Sid Meier's Civilization V.lnk
2013-08-28 17:41 - 2013-08-28 17:41 - 00000000 ____D C:\Users\laptop\AppData\Roaming\ParetoLogic
2013-08-28 17:41 - 2013-08-28 17:41 - 00000000 ____D C:\Users\laptop\AppData\Roaming\DriverCure
2013-08-28 17:40 - 2013-08-28 18:15 - 00000000 ____D C:\ProgramData\ParetoLogic
2013-08-28 17:40 - 2013-08-28 17:40 - 06463152 _____ (ParetoLogic, Inc.) C:\Users\laptop\Downloads\RegCureProSetup_bing.exe
2013-08-28 17:24 - 2013-09-06 11:29 - 00000000 ____D C:\Program Files (x86)\Sid Meier's Civilization V
2013-08-28 16:50 - 2013-08-28 16:54 - 00000000 ____D C:\Users\laptop\Downloads\Sid.Meiers.Civilization.V.GOTY-SiMON
2013-08-28 16:44 - 2013-08-28 16:44 - 00000000 _____ C:\install.rdf
2013-08-28 16:21 - 2013-08-28 16:21 - 00000000 ____D C:\ProgramData\3DMGAME
2013-08-28 16:16 - 2013-08-28 16:16 - 00001210 _____ C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2013-08-28 16:15 - 2013-08-28 16:15 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2013-08-28 16:14 - 2013-08-28 16:14 - 01588760 _____ C:\Users\laptop\Downloads\SetupVirtualCloneDrive5460.exe
2013-08-28 16:09 - 2013-07-31 07:09 - 3071617024 _____ C:\Users\laptop\Desktop\Sid.Meiers.Civilization.V.GOTY-SiMON.iso
2013-08-28 15:59 - 2013-08-28 15:59 - 00000000 __SHD C:\found.001
2013-08-28 15:52 - 2013-08-28 15:52 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-08-28 15:47 - 2013-08-28 15:50 - 86989752 _____ (Intel Corporation) C:\Users\laptop\Downloads\Win7Vista_64_152258.exe
2013-08-28 15:28 - 2013-08-28 15:28 - 00000853 _____ C:\Users\laptop\Desktop\µTorrent.lnk
2013-08-28 15:27 - 2013-09-02 02:52 - 00000000 ____D C:\Users\laptop\AppData\Roaming\uTorrent
2013-08-28 15:27 - 2013-08-28 15:27 - 01130576 _____ (BitTorrent Inc.) C:\Users\laptop\Downloads\utorrent.exe
2013-08-28 15:26 - 2013-08-28 15:26 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-28 15:24 - 2013-09-06 11:29 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-28 15:24 - 2013-09-06 11:28 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-28 15:24 - 2013-08-28 15:24 - 00784880 _____ (Google Inc.) C:\Users\laptop\Downloads\ChromeSetup.exe
2013-08-28 15:24 - 2013-08-28 15:24 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-28 15:24 - 2013-08-28 15:24 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-12 15:10 - 2013-08-12 15:10 - 00042184 _____ (Anchorfree Inc.) C:\Windows\System32\Drivers\taphss6.sys
 
==================== One Month Modified Files and Folders =======
 
2013-09-06 17:18 - 2013-09-06 17:18 - 00000000 ____D C:\FRST
2013-09-06 11:54 - 2009-11-13 17:01 - 01948390 _____ C:\Windows\WindowsUpdate.log
2013-09-06 11:46 - 2009-11-13 17:24 - 00424566 _____ C:\Windows\PFRO.log
2013-09-06 11:35 - 2013-09-06 11:35 - 00000000 ____D C:\ProgramData\cffay
2013-09-06 11:32 - 2013-09-06 11:32 - 00086528 _____ (Ahead Software AG) C:\Windows\SysWOW64\oeha.tmp
2013-09-06 11:32 - 2013-09-02 02:46 - 00000000 ____D C:\ProgramData\Sendori
2013-09-06 11:29 - 2013-08-28 17:24 - 00000000 ____D C:\Program Files (x86)\Sid Meier's Civilization V
2013-09-06 11:29 - 2013-08-28 15:24 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-06 11:29 - 2010-06-17 12:49 - 00065536 _____ C:\Windows\System32\Ikeext.etl
2013-09-06 11:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2013-09-06 11:28 - 2013-08-28 15:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-06 11:28 - 2011-06-05 18:15 - 00008605 _____ C:\Windows\setupact.log
2013-09-06 11:28 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-05 14:24 - 2009-12-16 01:34 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{89C9F72E-3221-448D-A22A-F3AAE7373B5B}
2013-09-05 14:24 - 2009-07-13 20:45 - 00025888 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-05 14:24 - 2009-07-13 20:45 - 00025888 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-05 11:59 - 2010-01-06 14:28 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-09-05 11:58 - 2011-02-24 14:54 - 00001854 _____ C:\Users\laptop\AppData\Roaming\GhostObjGAFix.xml
2013-09-03 03:26 - 2013-09-03 00:10 - 00000000 ____D C:\Users\laptop\AppData\Local\PMB Files
2013-09-03 03:26 - 2013-09-03 00:10 - 00000000 ____D C:\ProgramData\PMB Files
2013-09-03 01:55 - 2013-08-28 18:33 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-09-03 01:18 - 2013-09-03 01:18 - 00000000 ____D C:\Users\laptop\AppData\Roaming\LolClient
2013-09-03 00:49 - 2009-12-15 18:03 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-09-03 00:11 - 2013-09-03 00:11 - 00001613 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
2013-09-03 00:11 - 2013-09-03 00:11 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-09-03 00:11 - 2013-09-03 00:11 - 00000000 ____D C:\Riot Games
2013-09-03 00:10 - 2013-09-03 00:10 - 00000000 ____D C:\Users\laptop\AppData\Roaming\Riot Games
2013-09-03 00:10 - 2013-09-03 00:10 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-09-03 00:09 - 2013-09-03 00:09 - 32229024 _____ (Riot Games) C:\Users\laptop\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe
2013-09-02 04:30 - 2013-09-02 04:30 - 00835560 _____ C:\Windows\Minidump\090213-19812-01.dmp
2013-09-02 04:30 - 2011-06-05 18:15 - 475561996 _____ C:\Windows\MEMORY.DMP
2013-09-02 04:30 - 2011-01-10 16:42 - 00000000 ____D C:\Windows\Minidump
2013-09-02 03:31 - 2013-09-02 03:27 - 00000000 ____D C:\Program Files (x86)\The Mighty Quest For Epic Loot
2013-09-02 03:27 - 2013-09-02 03:27 - 00001358 _____ C:\Users\Public\Desktop\The Mighty Quest For Epic Loot.lnk
2013-09-02 03:27 - 2013-09-02 03:26 - 27987776 _____ (                                                            ) C:\Users\laptop\Downloads\MightyQuestSetup_213647.exe
2013-09-02 03:25 - 2013-09-02 02:47 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield
2013-09-02 03:24 - 2013-09-02 03:24 - 00000020 ___SH C:\Users\fbwuser\ntuser.ini
2013-09-02 02:52 - 2013-09-02 02:52 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-09-02 02:52 - 2013-09-02 02:51 - 00000000 ____D C:\Users\laptop\AppData\Roaming\SearchProtect
2013-09-02 02:52 - 2013-08-28 15:27 - 00000000 ____D C:\Users\laptop\AppData\Roaming\uTorrent
2013-09-02 02:52 - 2010-09-29 11:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-02 02:51 - 2013-09-02 02:51 - 03517176 _____ C:\Users\laptop\Downloads\flv_runner_b2_t1_Wrapper.exe
2013-09-02 02:51 - 2013-09-02 02:51 - 00000000 ____D C:\Users\laptop\AppData\Local\CRE
2013-09-02 02:47 - 2013-09-02 02:47 - 00000000 ____D C:\ProgramData\Hotspot Shield
2013-09-02 02:47 - 2013-09-02 02:47 - 00000000 ____D C:\Program Files (x86)\iVIDI.org plugin
2013-09-02 02:47 - 2013-09-02 02:46 - 00000000 ____D C:\Program Files (x86)\Sendori
2013-09-02 02:46 - 2013-09-02 02:46 - 06684200 _____ C:\Users\laptop\Downloads\Dungeon_Keeper_3-_War_for_the_Overworld_Bedrock_Beta_0.1.2_-TVD.exe
2013-09-02 02:46 - 2013-09-02 02:46 - 00000000 ____D C:\Users\laptop\AppData\Roaming\Unitech LLC
2013-09-02 02:46 - 2013-09-02 02:46 - 00000000 ____D C:\Program Files (x86)\Unitech LLC
2013-09-02 02:46 - 2011-02-08 20:30 - 00000000 ____D C:\Users\laptop\AppData\Roaming\OpenCandy
2013-09-02 02:07 - 2013-09-02 02:07 - 05667608 _____ C:\Users\Guest\Downloads\Dungeon_Keeper_3-_War_for_the_Overworld_Bedrock_Beta_0.1.2_-TVD.exe
2013-09-02 01:38 - 2013-09-02 01:38 - 27987776 _____ (                                                            ) C:\Users\Guest\Downloads\MightyQuestSetup_213647.exe
2013-09-01 23:40 - 2013-09-01 23:40 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2013-09-01 02:28 - 2013-09-01 02:28 - 00000000 ____D C:\Users\Guest\Documents\My Games
2013-09-01 02:28 - 2013-09-01 02:28 - 00000000 ____D C:\Users\Guest\AppData\Local\My Games
2013-09-01 01:55 - 2013-09-01 01:55 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Hewlett-Packard
2013-09-01 01:54 - 2013-09-01 01:54 - 00084632 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-01 01:53 - 2013-09-01 01:53 - 00000000 ____D C:\Users\Guest\AppData\Local\Hewlett-Packard
2013-09-01 01:52 - 2011-03-04 09:03 - 00000000 ____D C:\users\Guest
2013-08-28 18:42 - 2013-08-28 18:42 - 00292184 _____ (Microsoft Corporation) C:\Users\laptop\Downloads\dxwebsetup (1).exe
2013-08-28 18:42 - 2013-08-28 18:42 - 00000000 ____D C:\Users\laptop\AppData\Local\My Games
2013-08-28 18:42 - 2010-08-05 14:55 - 00000000 ____D C:\Users\laptop\Documents\My Games
2013-08-28 18:38 - 2013-08-28 18:36 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-08-28 18:37 - 2013-08-28 18:36 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-08-28 18:36 - 2013-08-28 18:36 - 00292184 _____ (Microsoft Corporation) C:\Users\laptop\Downloads\dxwebsetup.exe
2013-08-28 18:33 - 2013-08-28 18:33 - 00001047 _____ C:\Users\laptop\Desktop\MyPC Backup.lnk
2013-08-28 18:32 - 2013-08-28 18:32 - 01116952 _____ C:\Users\laptop\Downloads\directx 9 redistributable setup.exe
2013-08-28 18:32 - 2013-08-28 18:32 - 01116952 _____ C:\Users\laptop\Downloads\directx 9 redistributable setup (1).exe
2013-08-28 18:18 - 2013-08-28 18:19 - 02292806 _____ C:\Users\laptop\Desktop\Windows 7 Loader.exe
2013-08-28 18:18 - 2013-08-28 18:18 - 02292806 _____ C:\Users\laptop\Downloads\Windows 7 Loader.exe
2013-08-28 18:15 - 2013-08-28 17:40 - 00000000 ____D C:\ProgramData\ParetoLogic
2013-08-28 18:06 - 2010-12-10 05:22 - 00000000 ____D C:\Program Files (x86)\Spyware Doctor
2013-08-28 18:06 - 2009-12-30 20:01 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-28 17:59 - 2013-08-28 17:59 - 00001093 _____ C:\Users\Public\Desktop\Sid Meier's Civilization V.lnk
2013-08-28 17:41 - 2013-08-28 17:41 - 00000000 ____D C:\Users\laptop\AppData\Roaming\ParetoLogic
2013-08-28 17:41 - 2013-08-28 17:41 - 00000000 ____D C:\Users\laptop\AppData\Roaming\DriverCure
2013-08-28 17:40 - 2013-08-28 17:40 - 06463152 _____ (ParetoLogic, Inc.) C:\Users\laptop\Downloads\RegCureProSetup_bing.exe
2013-08-28 16:54 - 2013-08-28 16:50 - 00000000 ____D C:\Users\laptop\Downloads\Sid.Meiers.Civilization.V.GOTY-SiMON
2013-08-28 16:46 - 2010-12-10 05:22 - 00000000 ____D C:\ProgramData\PC Tools
2013-08-28 16:44 - 2013-08-28 16:44 - 00000000 _____ C:\install.rdf
2013-08-28 16:43 - 2009-08-24 10:02 - 00000000 ____D C:\Program Files (x86)\CyberLink
2013-08-28 16:43 - 2009-08-24 08:28 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-28 16:38 - 2009-08-24 10:02 - 00000000 ____D C:\ProgramData\CyberLink
2013-08-28 16:33 - 2011-04-27 15:41 - 00000000 ____D C:\Users\laptop\AppData\Local\Conduit
2013-08-28 16:33 - 2009-12-30 21:21 - 00000000 ____D C:\Users\laptop\AppData\Local\Google
2013-08-28 16:33 - 2009-12-30 20:01 - 00000000 ____D C:\ProgramData\Google
2013-08-28 16:21 - 2013-08-28 16:21 - 00000000 ____D C:\ProgramData\3DMGAME
2013-08-28 16:16 - 2013-08-28 16:16 - 00001210 _____ C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2013-08-28 16:15 - 2013-08-28 16:15 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2013-08-28 16:14 - 2013-08-28 16:14 - 01588760 _____ C:\Users\laptop\Downloads\SetupVirtualCloneDrive5460.exe
2013-08-28 16:12 - 2009-07-13 21:13 - 00726316 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-28 16:04 - 2009-11-13 17:25 - 00015318 _____ C:\Windows\System32\results.xml
2013-08-28 15:59 - 2013-08-28 15:59 - 00000000 __SHD C:\found.001
2013-08-28 15:52 - 2013-08-28 15:52 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-08-28 15:52 - 2011-03-04 08:39 - 01711478 _____ C:\Windows\System32\Drivers\Cat.DB
2013-08-28 15:52 - 2009-11-13 17:00 - 00000000 ____D C:\Program Files (x86)\Intel
2013-08-28 15:51 - 2009-11-13 17:00 - 00000000 ____D C:\Intel
2013-08-28 15:50 - 2013-08-28 15:47 - 86989752 _____ (Intel Corporation) C:\Users\laptop\Downloads\Win7Vista_64_152258.exe
2013-08-28 15:47 - 2010-01-16 10:31 - 00000000 ____D C:\Users\laptop\AppData\Roaming\Skype
2013-08-28 15:46 - 2011-01-18 17:40 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2013-08-28 15:41 - 2009-12-15 18:05 - 00000000 ____D C:\Users\laptop\AppData\Roaming\WildTangent
2013-08-28 15:41 - 2009-08-24 09:10 - 00000000 ____D C:\Program Files (x86)\HP Games
2013-08-28 15:28 - 2013-08-28 15:28 - 00000853 _____ C:\Users\laptop\Desktop\µTorrent.lnk
2013-08-28 15:27 - 2013-08-28 15:27 - 01130576 _____ (BitTorrent Inc.) C:\Users\laptop\Downloads\utorrent.exe
2013-08-28 15:26 - 2013-08-28 15:26 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-28 15:24 - 2013-08-28 15:24 - 00784880 _____ (Google Inc.) C:\Users\laptop\Downloads\ChromeSetup.exe
2013-08-28 15:24 - 2013-08-28 15:24 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-28 15:24 - 2013-08-28 15:24 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-12 15:10 - 2013-08-12 15:10 - 00042184 _____ (Anchorfree Inc.) C:\Windows\System32\Drivers\taphss6.sys
2013-08-12 15:07 - 2013-09-02 03:25 - 00046792 _____ (AnchorFree Inc.) C:\Windows\System32\Drivers\hssdrv6.sys
 
Files to move or delete:
====================
C:\Users\Guest\AppData\Local\Temp\nsf2978.tmp\InstallerStuff.dll
C:\Users\Guest\AppData\Local\Temp\nsf2978.tmp\OCSetupHlp.dll
C:\Users\laptop\AppData\Local\Temp\AskSLib.dll
C:\Users\laptop\AppData\Local\Temp\BackupSetup.exe
C:\Users\laptop\AppData\Local\Temp\DSETUP.dll
C:\Users\laptop\AppData\Local\Temp\dsetup32.dll
C:\Users\laptop\AppData\Local\Temp\DXSETUP.exe
C:\Users\laptop\AppData\Local\Temp\eject.exe
C:\Users\laptop\AppData\Local\Temp\flv_runner.exe
C:\Users\laptop\AppData\Local\Temp\nsa41D3.exe
C:\Users\laptop\AppData\Local\Temp\nsf59B9.exe
C:\Users\laptop\AppData\Local\Temp\setup.exe
C:\Users\laptop\AppData\Local\Temp\SkypeSetup.exe
C:\Users\laptop\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\laptop\AppData\Local\Temp\tbCou0.dll
C:\Users\laptop\AppData\Local\Temp\tbPage.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\DIFxAPI.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Setup.exe
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\x64\DIFxAPI.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\x64\Drv64.exe
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\MediaSDK\SNB\x64\libmfxhw64-s1.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\MediaSDK\SNB\x64\mfx_mft_h264vd_64.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\MediaSDK\SNB\x64\mfx_mft_h264ve_64.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\MediaSDK\SNB\x64\mfx_mft_mp2vd_64.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\MediaSDK\SNB\x64\mfx_mft_vc1vd_64.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\MediaSDK\SNB\x64\mfx_mft_vpp_64.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\MediaSDK\SNB\win32\libmfxhw32-s1.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\MediaSDK\SNB\win32\mfx_mft_h264vd_32.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\MediaSDK\SNB\win32\mfx_mft_h264ve_32.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\MediaSDK\SNB\win32\mfx_mft_mp2vd_32.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\MediaSDK\SNB\win32\mfx_mft_vc1vd_32.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\MediaSDK\SNB\win32\mfx_mft_vpp_32.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\MediaSDK\ILK\x64\libmfxhw64-i1.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\MediaSDK\ILK\x64\mfx_mft_h264vd_64.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\MediaSDK\ILK\x64\mfx_mft_mp2vd_64.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\MediaSDK\ILK\x64\mfx_mft_vc1vd_64.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\MediaSDK\ILK\x64\mfx_mft_vpp_64.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\MediaSDK\ILK\win32\libmfxhw32-i1.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\MediaSDK\ILK\win32\mfx_mft_h264vd_32.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\MediaSDK\ILK\win32\mfx_mft_mp2vd_32.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\MediaSDK\ILK\win32\mfx_mft_vc1vd_32.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\MediaSDK\ILK\win32\mfx_mft_vpp_32.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Intel Control Center\SetupICC.exe
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\ibxHDMI\IntcDAuC.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\difx32.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\difx64.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\difx64.exe
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\gfxSrvc.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\GfxUI.exe
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\hccutils.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\hkcmd.exe
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\IccLibDll_x64.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\ig4icd32.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\ig4icd64.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\igd10umd32.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\igd10umd64.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\igdde32.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\igdde64.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\igdumd32.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\igdumd64.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\igdumdx32.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\igfxcmjit32.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\igfxcmjit64.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\igfxcmrt32.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\igfxcmrt64.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\igfxdev.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\IGFXDEVLib.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\igfxdo.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\igfxdv32.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\igfxexps.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\igfxexps32.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\igfxext.exe
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\igfxpers.exe
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\igfxpph.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\igfxress.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\igfxsrvc.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\igfxsrvc.exe
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\igfxTMM.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\igfxtray.exe
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\iglhcp32.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\iglhcp64.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\iglhsip32.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\iglhsip64.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\igxpco64.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\igxpun.exe
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\MediaSDK\SNB\x64\libmfxhw64-s1.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\MediaSDK\SNB\x64\mfx_mft_h264vd_64.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\MediaSDK\SNB\x64\mfx_mft_h264ve_64.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\MediaSDK\SNB\x64\mfx_mft_mp2vd_64.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\MediaSDK\SNB\x64\mfx_mft_vc1vd_64.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\MediaSDK\SNB\x64\mfx_mft_vpp_64.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\MediaSDK\SNB\win32\libmfxhw32-s1.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\MediaSDK\SNB\win32\mfx_mft_h264vd_32.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\MediaSDK\SNB\win32\mfx_mft_h264ve_32.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\MediaSDK\SNB\win32\mfx_mft_mp2vd_32.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\MediaSDK\SNB\win32\mfx_mft_vc1vd_32.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\MediaSDK\SNB\win32\mfx_mft_vpp_32.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\MediaSDK\ILK\x64\libmfxhw64-i1.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\MediaSDK\ILK\x64\mfx_mft_h264vd_64.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\MediaSDK\ILK\x64\mfx_mft_mp2vd_64.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\MediaSDK\ILK\x64\mfx_mft_vc1vd_64.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\MediaSDK\ILK\x64\mfx_mft_vpp_64.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\MediaSDK\ILK\win32\libmfxhw32-i1.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\MediaSDK\ILK\win32\mfx_mft_h264vd_32.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\MediaSDK\ILK\win32\mfx_mft_mp2vd_32.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\MediaSDK\ILK\win32\mfx_mft_vc1vd_32.dll
C:\Users\laptop\AppData\Local\Temp\pft9160~tmp\Graphics\MediaSDK\ILK\win32\mfx_mft_vpp_32.dll
C:\Users\laptop\AppData\Local\Temp\CT3307014\spch.exe
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 13%
Total physical RAM: 5814.7 MB
Available physical RAM: 5019.8 MB
Total Pagefile: 5812.85 MB
Available Pagefile: 5015.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:216.86 GB) (Free:149.69 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:15.83 GB) (Free:2.59 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive h: () (Removable) (Total:7.45 GB) (Free:5.54 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: B25F934C)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=217 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)
 
 
LastRegBack: 2013-09-03 00:42
 
==================== End Of Log ============================
Link to post
Share on other sites

I'm not seeing much...give this a try:

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots normally now....MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.