Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

STOP: C0000135 The program can't start because %hs is missing. Try resintalling the program


  • This topic is locked This topic is locked
12 replies to this topic

#1 quiksilvermp3

quiksilvermp3

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 PM

Posted 02 April 2012 - 01:21 PM

Good Afternoon,

I have student's computer with the STOP code C0000135. FTST log to follow. Thanks in advance for the help.

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 02-04-2012 14:17:42
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11725928 2010-12-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [2186856 2010-12-10] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167960 2011-02-11] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2011-02-11] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [418328 2011-02-11] (Intel Corporation)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-10-08] ()
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2011-01-06] (Acer Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [340336 2010-09-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [407920 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201584 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k [296768 2010-11-11] (NTI Corporation)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1078352 2011-02-23] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1" [0 ] ()
HKLM-x32\...\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [177448 2010-12-09] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-01-12] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [935288 2009-09-04] (Adobe Systems Incorporated)
HKU\xavier\...\Run: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1564C20V05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1 [2547048 2011-03-30] (Hewlett-Packard Co.)
HKU\xavier\...\Run: [Facebook Update] "C:\Users\xavier\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2011-08-17] (Facebook Inc.)
HKU\xavier\...\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized [21975120 2011-08-14] (ooVoo LLC)
HKU\xavier\...\Run: [frostwire pro] "C:\Program Files (x86)\FrostWire Pro\FrostWire.exe" -h [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.146.226.11 192.146.226.40 131.118.254.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [347216 2011-02-23] (Dritek System Inc.)
3 EgisTec Ticket Service; "C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe" [172912 2010-09-27] (Egis Technology Inc. )
2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [868224 2011-01-06] (Acer Incorporated)
2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [13336 2010-09-13] (Intel Corporation)
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\diMaster.dll" /prefetch:1 [309688 2012-01-24] (Symantec Corporation)
2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-11] (NTI Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2011-02-01] (Intel Corporation)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

3 b57xdbd; C:\Windows\System32\Drivers\b57xdbd.sys [67624 2011-01-20] (Broadcom Corporation)
3 b57xdmp; C:\Windows\System32\Drivers\b57xdmp.sys [19496 2011-01-20] (Broadcom Corporation)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [1157240 2012-03-16] (Symantec Corporation)
3 bScsiMSa; C:\Windows\System32\Drivers\bScsiMSa.sys [52264 2011-01-19] (Broadcom Corporation)
3 bScsiSDa; C:\Windows\System32\Drivers\bScsiSDa.sys [85544 2011-01-13] (Broadcom Corporation)
3 BVRPMPR5a64; C:\Windows\System32\Drivers\BVRPMPR5a64.sys [35840 2010-06-21] (Avanquest Software)
1 ccSet_NIS; C:\Windows\System32\drivers\NISx64\1306020.00A\ccSetx64.sys [167048 2011-11-29] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-03] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120324.004\IDSvia64.sys [488568 2012-03-20] (Symantec Corporation)
3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [18432 2010-04-19] (NTI Corporation)
1 SASDIFSV; \??\C:\Users\xavier\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Users\xavier\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SRTSP; C:\Windows\System32\Drivers\NISx64\1306020.00A\SRTSP64.SYS [738936 2012-01-17] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\NISx64\1306020.00A\SRTSPX64.SYS [37496 2012-01-17] (Symantec Corporation)
3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [12288 2009-07-13] (Microsoft Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1306020.00A\SYMDS64.SYS [451192 2011-08-15] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [1092728 2012-01-17] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-03-24] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\NISx64\1306020.00A\Ironx64.SYS [190072 2012-01-17] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [405624 2012-01-17] (Symantec Corporation)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [19192 2010-10-08] (Intel® Corporation)
3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [17408 2010-07-08] (NTI Corporation)
1 klhpddbb; \??\C:\Windows\system32\drivers\klhpddbb.sys [x]
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120328.002\ENG64.SYS [x]
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120328.002\EX64.SYS [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-02 08:56 - 2012-04-02 08:56 - 0001945 ____A C:\Windows\epplauncher.mif
2012-04-02 08:41 - 2012-01-31 04:44 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-04-02 08:39 - 2012-04-02 08:39 - 0756374 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-02 08:39 - 2012-04-02 08:39 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-02 08:38 - 2012-04-02 08:38 - 0000000 ____D C:\Users\xavier\AppData\Roaming\SUPERAntiSpyware.com
2012-04-02 08:38 - 2012-04-02 08:38 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-04-02 08:38 - 2012-04-02 08:38 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-04-02 08:06 - 2009-07-13 17:14 - 0020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-04-02 06:33 - 2012-03-24 07:21 - 0002505 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2012-04-02 06:33 - 2012-03-23 18:43 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-02 06:33 - 2012-02-15 05:35 - 0002018 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-04-02 06:33 - 2012-01-16 11:45 - 0001787 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-02 06:33 - 2011-11-10 07:14 - 0001849 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-04-02 06:33 - 2011-10-11 06:38 - 0001537 ____A C:\Users\Public\Desktop\Norton Bootable Recovery Tool Wizard.LNK
2012-04-02 06:33 - 2011-08-26 18:18 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-04-02 06:33 - 2011-07-09 16:36 - 0002007 ____A C:\Users\Public\Desktop\HP Photo Creations.lnk
2012-04-02 06:33 - 2011-07-09 16:35 - 0002252 ____A C:\Users\Public\Desktop\HP Deskjet 3050A J611 series.lnk
2012-04-02 06:33 - 2011-07-09 16:35 - 0001910 ____A C:\Users\Public\Desktop\HP ePrintCenter - HP Deskjet 3050A J611 series.lnk
2012-04-02 06:33 - 2011-07-09 16:35 - 0001205 ____A C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3050A J611 series.lnk
2012-04-02 06:33 - 2011-06-25 20:25 - 0002102 ____A C:\Users\Public\Desktop\Netflix.lnk
2012-04-02 06:33 - 2011-06-25 20:25 - 0000915 ____A C:\Users\Public\Desktop\Times Reader.lnk
2012-04-02 06:33 - 2011-04-22 02:40 - 0001212 ____A C:\Users\Public\Desktop\NOOK for PC.lnk
2012-04-02 06:33 - 2011-04-22 02:36 - 0002171 ____A C:\Users\Public\Desktop\clear.fi.lnk
2012-04-02 06:33 - 2011-02-25 02:22 - 0002000 ____A C:\Users\Public\Desktop\Norton Online Backup.lnk
2012-04-02 06:33 - 2011-02-25 02:19 - 0002857 ____A C:\Users\Public\Desktop\clear.fi Tutorial.lnk
2012-04-02 06:33 - 2011-02-25 02:01 - 0002004 ____A C:\Users\Public\Desktop\Dolby Setting.lnk
2012-04-02 06:33 - 2009-07-13 20:54 - 0000174 __ASH C:\Users\All Users\Start Menu\Programs\Startup\desktop.ini
2012-04-02 06:25 - 2012-04-02 06:33 - 0002086 ____A C:\Users\xavier\Desktop\unhide.txt
2012-04-02 06:24 - 2012-04-02 06:25 - 0000000 ____D C:\Users\All Users\SUPERSetup
2012-04-02 06:24 - 2012-04-02 06:25 - 0000000 ____D C:\ProgramData\SUPERSetup
2012-04-02 05:56 - 2012-04-02 05:57 - 0088798 ___AH C:\Windows\ntbtlog.txt
2012-03-29 08:25 - 2012-04-02 08:50 - 0000000 ___HD C:\ad53526d93b0bccfe2a3886839fb
2012-03-29 08:20 - 2012-04-02 08:38 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-03-29 08:13 - 2012-04-02 06:43 - 0000168 ____A C:\Users\All Users\~3ZlftRh0Vwdia6r
2012-03-29 08:13 - 2012-04-02 06:43 - 0000168 ____A C:\ProgramData\~3ZlftRh0Vwdia6r
2012-03-29 08:13 - 2012-03-29 08:18 - 0000264 ____A C:\Users\All Users\~3ZlftRh0Vwdia6
2012-03-29 08:13 - 2012-03-29 08:18 - 0000264 ____A C:\ProgramData\~3ZlftRh0Vwdia6
2012-03-29 05:43 - 2012-03-29 05:46 - 0000424 ____A C:\Users\All Users\3ZlftRh0Vwdia6
2012-03-29 05:43 - 2012-03-29 05:46 - 0000424 ____A C:\ProgramData\3ZlftRh0Vwdia6
2012-03-28 19:28 - 2012-03-28 19:28 - 0262144 ____A C:\Windows\Minidump\032812-37315-01.dmp
2012-03-28 19:22 - 2012-03-28 19:22 - 0000000 ____D C:\Windows\system64
2012-03-26 04:17 - 2012-04-02 08:51 - 0000000 ____D C:\Windows\Minidump
2012-03-26 04:17 - 2012-03-28 19:28 - 533139308 ____A C:\Windows\MEMORY.DMP
2012-03-26 04:17 - 2012-03-26 04:17 - 0262144 ____A C:\Windows\Minidump\032612-49717-01.dmp
2012-03-24 16:30 - 2012-03-24 16:30 - 0065536 __ASH C:\Windows\System32\config\components{7849ae32-7491-11e1-a5b4-b870f477968d}.TxR.blf
2012-03-23 18:44 - 2012-04-02 08:18 - 0000000 ____D C:\Users\xavier\AppData\Roaming\Malwarebytes
2012-03-23 18:43 - 2012-04-02 08:15 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-23 18:43 - 2012-04-02 08:15 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-23 18:43 - 2012-03-23 18:43 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-23 18:43 - 2011-12-10 11:24 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-22 18:53 - 2012-03-22 18:53 - 0000129 ____A C:\Windows\System32\MRT.INI
2012-03-22 05:49 - 2012-02-09 22:36 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-22 05:49 - 2012-02-09 21:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-22 05:49 - 2012-01-24 22:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-22 05:49 - 2012-01-24 22:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-22 05:49 - 2012-01-24 22:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-22 05:47 - 2012-02-16 22:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-22 05:47 - 2012-02-16 21:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-22 05:47 - 2012-02-16 20:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-22 05:47 - 2012-02-16 20:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-21 19:34 - 2012-03-21 20:04 - 0014427 ____A C:\Users\xavier\Documents\Bio 112 week 2 (7).docx
2012-03-21 18:20 - 2012-03-21 18:20 - 0010586 ____A C:\Users\xavier\Documents\Transpiration data.xlsx
2012-03-21 10:40 - 2012-03-21 10:41 - 0000000 ____D C:\Users\xavier\AppData\Local\Google
2012-03-21 10:40 - 2012-03-21 10:41 - 0000000 ____D C:\Program Files (x86)\Google
2012-03-21 10:19 - 2012-03-21 19:09 - 0163096 ____A C:\Users\xavier\Documents\bio 112 transpiration lab.docx
2012-03-20 12:08 - 2012-03-20 12:50 - 0017840 ____A C:\Users\xavier\Documents\GRW Annotated Bibliography.docx
2012-03-19 13:48 - 2012-03-19 14:49 - 0014374 ____A C:\Users\xavier\Documents\GRW Home Chapter.docx
2012-03-19 13:48 - 2012-03-19 14:24 - 0014276 ____N C:\Users\xavier\Documents\~WRL0312.tmp
2012-03-19 13:48 - 2012-03-19 13:48 - 0000162 ____A C:\Users\xavier\Documents\~$W Home Chapter.docx
2012-03-19 05:11 - 2012-02-02 20:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-15 20:55 - 2012-03-15 20:56 - 0012731 ____A C:\Users\xavier\Documents\more songs.docx
2012-03-12 19:13 - 2012-03-12 19:13 - 0000000 ____D C:\Users\xavier\Desktop\Scholarship 1
2012-03-11 18:16 - 2012-03-11 18:30 - 0015449 ____A C:\Users\xavier\Documents\Contract Addendum.docx
2012-03-06 17:55 - 2012-03-06 18:02 - 0014330 ____A C:\Users\xavier\Documents\PSYCH EXAM 2.docx
2012-03-06 12:05 - 2012-03-06 12:05 - 7825283 ____A C:\Users\xavier\Desktop\Kelsey Yankee Candle.pdf


============ 3 Months Modified Files and Folders =============

2012-04-02 14:18 - 2012-04-02 14:17 - 0000000 ____D C:\FRST
2012-04-02 10:00 - 2011-04-22 02:10 - 3104722944 __ASH C:\hiberfil.sys
2012-04-02 09:57 - 2011-04-22 02:10 - 0051890 ___AH C:\Windows\PFRO.log
2012-04-02 09:56 - 2011-04-22 02:13 - 1837260 ___AH C:\Windows\WindowsUpdate.log
2012-04-02 09:19 - 2011-08-17 18:14 - 0000932 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-843158847-1354174415-1124025185-1000UA.job
2012-04-02 09:01 - 2011-07-09 16:36 - 0000258 ____A C:\Windows\Tasks\HP Photo Creations Messager.job
2012-04-02 08:58 - 2011-02-25 02:20 - 0000000 ____D C:\Program Files\EgisTec IPS
2012-04-02 08:58 - 2011-02-25 02:20 - 0000000 ____D C:\Program Files (x86)\EgisTec MyWinLocker
2012-04-02 08:58 - 2011-02-25 02:20 - 0000000 ____D C:\Program Files (x86)\EgisTec IPS
2012-04-02 08:58 - 2011-02-25 02:01 - 0000000 ____D C:\Windows\SysWOW64\RTCOM
2012-04-02 08:58 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-04-02 08:58 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Offline Web Pages
2012-04-02 08:58 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-04-02 08:58 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\addins
2012-04-02 08:58 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-04-02 08:58 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-04-02 08:58 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-04-02 08:58 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-04-02 08:58 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-04-02 08:58 - 2009-07-13 19:20 - 0000000 __RSD C:\Windows\Media
2012-04-02 08:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2012-04-02 08:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Recovery
2012-04-02 08:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-04-02 08:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-04-02 08:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\icsxml
2012-04-02 08:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-04-02 08:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-04-02 08:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2012-04-02 08:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-04-02 08:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-04-02 08:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\icsxml
2012-04-02 08:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com
2012-04-02 08:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2012-04-02 08:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2012-04-02 08:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\L2Schemas
2012-04-02 08:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2012-04-02 08:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Cursors
2012-04-02 08:57 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2012-04-02 08:57 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-04-02 08:57 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-TW
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-HK
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-CN
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\uk-UA
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\tr-TR
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\th-TH
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sv-SE
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sl-SI
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sk-SK
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ru-RU
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ro-RO
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pt-PT
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pt-BR
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pl-PL
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\nl-NL
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\nb-NO
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\lv-LV
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\lt-LT
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ko-KR
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ja-JP
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\it-IT
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\hu-HU
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\hr-HR
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\he-IL
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\fr-FR
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\fi-FI
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\et-EE
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\el-GR
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\de-DE
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\bg-BG
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ar-SA
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-TW
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-HK
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-CN
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\uk-UA
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\tr-TR
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\th-TH
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sv-SE
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sr-Latn-CS
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sl-SI
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sk-SK
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ru-RU
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ro-RO
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-PT
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-BR
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pl-PL
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nl-NL
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nb-NO
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\lv-LV
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\lt-LT
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ko-KR
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ja-JP
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\it-IT
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\hu-HU
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\hr-HR
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\he-IL
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fr-FR
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fi-FI
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\et-EE
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\el-GR
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\de-DE
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\bg-BG
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ar-SA
2012-04-02 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-04-02 08:56 - 2012-04-02 08:56 - 0001945 ____A C:\Windows\epplauncher.mif
2012-04-02 08:53 - 2011-02-25 02:25 - 0000000 ____D C:\Windows\SysWOW64\Drivers\nti
2012-04-02 08:53 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\winrm
2012-04-02 08:53 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\WCN
2012-04-02 08:53 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2012-04-02 08:53 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-04-02 08:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-04-02 08:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Msdtc
2012-04-02 08:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\IME
2012-04-02 08:52 - 2011-07-07 18:09 - 0000000 ____D C:\Windows\System32\SPReview
2012-04-02 08:52 - 2011-07-07 15:29 - 0000000 ____D C:\Windows\System32\EventProviders
2012-04-02 08:52 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\winrm
2012-04-02 08:52 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\WCN
2012-04-02 08:52 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\slmgr
2012-04-02 08:52 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2012-04-02 08:52 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Msdtc
2012-04-02 08:52 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\IME
2012-04-02 08:51 - 2012-03-26 04:17 - 0000000 ____D C:\Windows\Minidump
2012-04-02 08:51 - 2012-02-23 10:14 - 0000000 ___SD C:\Users\xavier\Documents\My Data Sources
2012-04-02 08:51 - 2011-10-11 06:37 - 0000000 ____D C:\Windows\System32\Drivers\NBRTWizardx64
2012-04-02 08:51 - 2011-08-28 15:00 - 0000000 ____D C:\Users\xavier\AppData\Roaming\OpenCandy
2012-04-02 08:51 - 2011-08-26 18:18 - 0000000 ____D C:\Users\xavier\AppData\Roaming\Skype
2012-04-02 08:51 - 2011-08-06 18:32 - 0000000 ____D C:\Windows\System32\Drivers\NISx64
2012-04-02 08:51 - 2011-07-08 18:14 - 0000000 ____D C:\Windows\System32\CanonIJ Uninstaller Information
2012-04-02 08:51 - 2011-04-22 03:06 - 0000000 ___HD C:\Windows\NAPP_Dism_Log
2012-04-02 08:51 - 2011-04-22 02:31 - 0000000 ___HD C:\Windows\en
2012-04-02 08:51 - 2011-02-25 02:21 - 0000000 ____D C:\Windows\OEMTemp
2012-04-02 08:51 - 2011-02-25 02:02 - 0000000 ____D C:\Windows\Downloaded Installations
2012-04-02 08:51 - 2009-10-05 12:30 - 0000000 __AHD C:\Windows\DeployWinRE2
2012-04-02 08:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Speech
2012-04-02 08:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\schemas
2012-04-02 08:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Resources
2012-04-02 08:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PLA
2012-04-02 08:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Globalization
2012-04-02 08:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Branding
2012-04-02 08:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-04-02 08:50 - 2012-03-29 08:25 - 0000000 ___HD C:\ad53526d93b0bccfe2a3886839fb
2012-04-02 08:50 - 2011-11-05 10:36 - 0000000 ____D C:\Users\All Users\Yahoo! Companion
2012-04-02 08:50 - 2011-11-05 10:36 - 0000000 ____D C:\ProgramData\Yahoo! Companion
2012-04-02 08:50 - 2011-10-11 06:37 - 0000000 ____D C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2012-04-02 08:50 - 2011-08-28 15:00 - 0000000 ____D C:\Users\All Users\Sendori
2012-04-02 08:50 - 2011-08-28 15:00 - 0000000 ____D C:\ProgramData\Sendori
2012-04-02 08:50 - 2011-08-06 18:33 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-04-02 08:50 - 2011-08-06 18:32 - 0000000 ____D C:\Program Files (x86)\Norton Internet Security
2012-04-02 08:50 - 2011-08-06 18:27 - 0000000 ____D C:\Users\All Users\Norton
2012-04-02 08:50 - 2011-08-06 18:27 - 0000000 ____D C:\ProgramData\Norton
2012-04-02 08:50 - 2011-08-06 18:21 - 0000000 ____D C:\Program Files (x86)\NortonInstaller
2012-04-02 08:50 - 2011-07-09 16:36 - 0000000 ____D C:\Users\All Users\HP Photo Creations
2012-04-02 08:50 - 2011-07-09 16:36 - 0000000 ____D C:\ProgramData\HP Photo Creations
2012-04-02 08:50 - 2011-07-09 16:31 - 0000000 ____D C:\Users\xavier\AppData\Local\HP
2012-04-02 08:50 - 2011-06-26 12:22 - 0000000 ___HD C:\Netgear
2012-04-02 08:50 - 2011-06-25 22:22 - 0000000 ____D C:\Users\xavier\AppData\Local\Microsoft Help
2012-04-02 08:50 - 2011-06-25 21:38 - 0000000 ____D C:\Users\xavier\AppData\Local\Citrix
2012-04-02 08:50 - 2011-06-25 21:38 - 0000000 ____D C:\Users\xavier\AppData\Local\Apps\2.0
2012-04-02 08:50 - 2011-06-25 20:24 - 0000000 ____D C:\Users\xavier\AppData\Local\PowerCinema
2012-04-02 08:50 - 2011-04-22 02:33 - 0000000 ____D C:\Users\All Users\CyberLink
2012-04-02 08:50 - 2011-04-22 02:33 - 0000000 ____D C:\ProgramData\CyberLink
2012-04-02 08:50 - 2011-04-22 02:31 - 0000000 ____D C:\Users\All Users\FLEXnet
2012-04-02 08:50 - 2011-04-22 02:31 - 0000000 ____D C:\ProgramData\FLEXnet
2012-04-02 08:50 - 2011-02-25 02:22 - 0000000 ____D C:\Users\All Users\oem
2012-04-02 08:50 - 2011-02-25 02:22 - 0000000 ____D C:\ProgramData\oem
2012-04-02 08:50 - 2011-02-25 02:21 - 0000000 ____D C:\Program Files (x86)\EgisTec Shredder
2012-04-02 08:50 - 2011-02-25 02:20 - 0000000 ____D C:\Program Files (x86)\EgisTec MyWinLockerSuite
2012-04-02 08:50 - 2011-02-25 02:09 - 0000000 ____D C:\Users\All Users\WildTangent
2012-04-02 08:50 - 2011-02-25 02:09 - 0000000 ____D C:\ProgramData\WildTangent
2012-04-02 08:50 - 2011-02-25 02:09 - 0000000 ____D C:\Program Files (x86)\Acer Games
2012-04-02 08:50 - 2011-02-25 02:00 - 0000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2012-04-02 08:50 - 2011-02-25 01:18 - 0000000 ___HD C:\OEM
2012-04-02 08:50 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Microsoft Games
2012-04-02 08:50 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Windows NT
2012-04-02 08:50 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-04-02 08:50 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files (x86)\Windows NT
2012-04-02 08:44 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-02 08:43 - 2009-07-13 20:45 - 0009920 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-02 08:43 - 2009-07-13 20:45 - 0009920 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-02 08:42 - 2009-07-13 21:13 - 0742528 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-02 08:39 - 2012-04-02 08:39 - 0756374 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-02 08:39 - 2012-04-02 08:39 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-02 08:38 - 2012-04-02 08:38 - 0000000 ____D C:\Users\xavier\AppData\Roaming\SUPERAntiSpyware.com
2012-04-02 08:38 - 2012-04-02 08:38 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-04-02 08:38 - 2012-04-02 08:38 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-04-02 08:38 - 2012-03-29 08:20 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-02 08:18 - 2012-03-23 18:44 - 0000000 ____D C:\Users\xavier\AppData\Roaming\Malwarebytes
2012-04-02 08:18 - 2011-08-28 15:08 - 0000000 ____D C:\Users\xavier\AppData\Roaming\FrostWire
2012-04-02 08:18 - 2011-06-25 20:25 - 0000000 ____D C:\Users\xavier\AppData\Roaming\Macromedia
2012-04-02 08:18 - 2011-06-25 20:25 - 0000000 ____D C:\Users\xavier\AppData\Roaming\Adobe
2012-04-02 08:18 - 2011-06-25 20:24 - 0000000 ____D C:\Users\xavier\AppData\LocalLow
2012-04-02 08:18 - 2011-06-25 20:24 - 0000000 ____D C:\Users\xavier\AppData\Local\VirtualStore
2012-04-02 08:17 - 2011-10-11 06:31 - 0000000 ____D C:\Users\Public\Downloads\Norton
2012-04-02 08:17 - 2011-08-28 14:56 - 0000000 ____D C:\Users\xavier\.frostwire5
2012-04-02 08:17 - 2011-08-17 18:14 - 0000000 ____D C:\Users\xavier\AppData\Local\Facebook
2012-04-02 08:17 - 2011-07-08 10:55 - 0000000 ____D C:\Users\xavier\AppData\Local\Cyberlink
2012-04-02 08:17 - 2011-06-27 09:08 - 0000000 ____D C:\Users\xavier\AppData\Local\Microsoft Games
2012-04-02 08:17 - 2009-07-13 23:44 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-04-02 08:17 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-04-02 08:15 - 2012-03-23 18:43 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-02 08:15 - 2012-03-23 18:43 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-02 08:15 - 2011-08-26 18:17 - 0000000 ____D C:\Users\All Users\Skype
2012-04-02 08:15 - 2011-08-26 18:17 - 0000000 ____D C:\ProgramData\Skype
2012-04-02 08:15 - 2011-08-06 18:21 - 0000000 ____D C:\Users\All Users\NortonInstaller
2012-04-02 08:15 - 2011-08-06 18:21 - 0000000 ____D C:\ProgramData\NortonInstaller
2012-04-02 08:15 - 2011-08-06 17:50 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-04-02 08:15 - 2011-08-06 17:50 - 0000000 ____D C:\Users\All Users\Apple
2012-04-02 08:15 - 2011-08-06 17:50 - 0000000 ____D C:\ProgramData\Apple Computer
2012-04-02 08:15 - 2011-08-06 17:50 - 0000000 ____D C:\ProgramData\Apple
2012-04-02 08:15 - 2011-07-09 16:34 - 0000000 ____D C:\Users\All Users\HP
2012-04-02 08:15 - 2011-07-09 16:34 - 0000000 ____D C:\ProgramData\HP
2012-04-02 08:15 - 2011-07-08 18:14 - 0000000 ____D C:\Users\All Users\CanonBJ
2012-04-02 08:15 - 2011-07-08 18:14 - 0000000 ____D C:\ProgramData\CanonBJ
2012-04-02 08:15 - 2011-06-25 20:25 - 0000000 ____D C:\Users\All Users\OEM_E471269A730D
2012-04-02 08:15 - 2011-06-25 20:25 - 0000000 ____D C:\ProgramData\OEM_E471269A730D
2012-04-02 08:15 - 2011-04-22 02:34 - 0000000 ____D C:\Users\All Users\CLSK
2012-04-02 08:15 - 2011-04-22 02:34 - 0000000 ____D C:\ProgramData\CLSK
2012-04-02 08:15 - 2011-04-22 02:17 - 0000000 ____D C:\Users\All Users\Intel
2012-04-02 08:15 - 2011-04-22 02:17 - 0000000 ____D C:\ProgramData\Intel
2012-04-02 08:15 - 2011-02-25 02:25 - 0000000 ____D C:\Users\All Users\BackupManager
2012-04-02 08:15 - 2011-02-25 02:25 - 0000000 ____D C:\ProgramData\BackupManager
2012-04-02 08:15 - 2011-02-25 02:22 - 0000000 ____D C:\Users\All Users\Symantec
2012-04-02 08:15 - 2011-02-25 02:22 - 0000000 ____D C:\ProgramData\Symantec
2012-04-02 08:15 - 2011-02-25 02:16 - 0000000 ____D C:\Users\All Users\McAfee
2012-04-02 08:15 - 2011-02-25 02:16 - 0000000 ____D C:\ProgramData\McAfee
2012-04-02 08:15 - 2011-02-25 02:15 - 0000000 ____D C:\Users\All Users\Acer
2012-04-02 08:15 - 2011-02-25 02:15 - 0000000 ____D C:\ProgramData\Acer
2012-04-02 08:13 - 2011-02-25 02:18 - 0000000 ____D C:\Program Files (x86)\Acer
2012-04-02 08:06 - 2011-04-22 02:28 - 0000000 ____D C:\Users\All Users\boost_interprocess
2012-04-02 08:06 - 2011-04-22 02:28 - 0000000 ____D C:\ProgramData\boost_interprocess
2012-04-02 08:05 - 2011-06-25 20:40 - 0000000 ____D C:\Users\All Users\clear.fi
2012-04-02 08:05 - 2011-06-25 20:40 - 0000000 ____D C:\ProgramData\clear.fi
2012-04-02 08:05 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-02 08:05 - 2009-07-13 20:51 - 0062191 ____A C:\Windows\setupact.log
2012-04-02 06:43 - 2012-03-29 08:13 - 0000168 ____A C:\Users\All Users\~3ZlftRh0Vwdia6r
2012-04-02 06:43 - 2012-03-29 08:13 - 0000168 ____A C:\ProgramData\~3ZlftRh0Vwdia6r
2012-04-02 06:33 - 2012-04-02 06:25 - 0002086 ____A C:\Users\xavier\Desktop\unhide.txt
2012-04-02 06:25 - 2012-04-02 06:24 - 0000000 ____D C:\Users\All Users\SUPERSetup
2012-04-02 06:25 - 2012-04-02 06:24 - 0000000 ____D C:\ProgramData\SUPERSetup
2012-04-02 05:57 - 2012-04-02 05:56 - 0088798 ___AH C:\Windows\ntbtlog.txt
2012-04-02 05:39 - 2011-06-25 20:24 - 0000000 ____D C:\users\xavier
2012-04-02 05:38 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-03-29 08:18 - 2012-03-29 08:13 - 0000264 ____A C:\Users\All Users\~3ZlftRh0Vwdia6
2012-03-29 08:18 - 2012-03-29 08:13 - 0000264 ____A C:\ProgramData\~3ZlftRh0Vwdia6
2012-03-29 08:08 - 2012-02-17 21:22 - 0000000 ____D C:\Users\xavier\Desktop\YOUTUBE SONGS
2012-03-29 05:46 - 2012-03-29 05:43 - 0000424 ____A C:\Users\All Users\3ZlftRh0Vwdia6
2012-03-29 05:46 - 2012-03-29 05:43 - 0000424 ____A C:\ProgramData\3ZlftRh0Vwdia6
2012-03-28 19:58 - 2011-02-25 02:23 - 0000000 ____D C:\Users\All Users\Adobe
2012-03-28 19:58 - 2011-02-25 02:23 - 0000000 ____D C:\ProgramData\Adobe
2012-03-28 19:28 - 2012-03-28 19:28 - 0262144 ____A C:\Windows\Minidump\032812-37315-01.dmp
2012-03-28 19:28 - 2012-03-26 04:17 - 533139308 ____A C:\Windows\MEMORY.DMP
2012-03-28 19:22 - 2012-03-28 19:22 - 0000000 ____D C:\Windows\system64
2012-03-28 19:07 - 2011-08-17 18:14 - 0000910 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-843158847-1354174415-1124025185-1000Core.job
2012-03-28 18:57 - 2009-07-13 18:34 - 0000855 ____A C:\Windows\System32\Drivers\etc\hosts
2012-03-28 10:13 - 2011-06-27 21:23 - 0000000 ____D C:\Users\xavier\Documents\Outlook Files
2012-03-27 03:56 - 2009-07-13 21:38 - 0067584 ___AS C:\Windows\bootstat(16).dat
2012-03-26 12:21 - 2009-07-13 18:36 - 0624178 ____A C:\Windows\System32\perfh009(19).dat
2012-03-26 04:17 - 2012-03-26 04:17 - 0262144 ____A C:\Windows\Minidump\032612-49717-01.dmp
2012-03-24 16:30 - 2012-03-24 16:30 - 0065536 __ASH C:\Windows\System32\config\components{7849ae32-7491-11e1-a5b4-b870f477968d}.TxR.blf
2012-03-24 07:38 - 2012-03-01 08:58 - 0000000 ____D C:\Users\xavier\Desktop\Bio 112 Stuff
2012-03-24 07:21 - 2012-04-02 06:33 - 0002505 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2012-03-24 05:26 - 2011-08-06 18:33 - 0175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-03-24 05:26 - 2011-08-06 18:33 - 0007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-03-24 05:26 - 2011-08-06 18:33 - 0000854 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.INF
2012-03-23 18:43 - 2012-04-02 06:33 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-03-23 18:43 - 2012-03-23 18:43 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-22 19:02 - 2009-07-13 20:45 - 0427816 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-22 18:53 - 2012-03-22 18:53 - 0000129 ____A C:\Windows\System32\MRT.INI
2012-03-22 18:46 - 2011-06-30 23:13 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-21 20:04 - 2012-03-21 19:34 - 0014427 ____A C:\Users\xavier\Documents\Bio 112 week 2 (7).docx
2012-03-21 19:09 - 2012-03-21 10:19 - 0163096 ____A C:\Users\xavier\Documents\bio 112 transpiration lab.docx
2012-03-21 18:20 - 2012-03-21 18:20 - 0010586 ____A C:\Users\xavier\Documents\Transpiration data.xlsx
2012-03-21 10:41 - 2012-03-21 10:40 - 0000000 ____D C:\Users\xavier\AppData\Local\Google
2012-03-21 10:41 - 2012-03-21 10:40 - 0000000 ____D C:\Program Files (x86)\Google
2012-03-21 09:53 - 2011-06-26 13:58 - 0000000 ____D C:\Users\xavier\AppData\Local\ElevatedDiagnostics
2012-03-21 00:16 - 2011-06-25 22:21 - 0000000 ___RD C:\MSOCache
2012-03-20 21:07 - 2011-10-11 06:31 - 0001299 ____A C:\Users\xavier\Desktop\Norton Installation Files.lnk
2012-03-20 15:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-03-20 12:50 - 2012-03-20 12:08 - 0017840 ____A C:\Users\xavier\Documents\GRW Annotated Bibliography.docx
2012-03-19 14:49 - 2012-03-19 13:48 - 0014374 ____A C:\Users\xavier\Documents\GRW Home Chapter.docx
2012-03-19 14:24 - 2012-03-19 13:48 - 0014276 ____N C:\Users\xavier\Documents\~WRL0312.tmp
2012-03-19 13:48 - 2012-03-19 13:48 - 0000162 ____A C:\Users\xavier\Documents\~$W Home Chapter.docx
2012-03-15 20:56 - 2012-03-15 20:55 - 0012731 ____A C:\Users\xavier\Documents\more songs.docx
2012-03-15 19:58 - 2011-06-25 22:22 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-03-15 19:58 - 2011-06-25 22:22 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-03-12 19:13 - 2012-03-12 19:13 - 0000000 ____D C:\Users\xavier\Desktop\Scholarship 1
2012-03-11 18:30 - 2012-03-11 18:16 - 0015449 ____A C:\Users\xavier\Documents\Contract Addendum.docx
2012-03-06 18:02 - 2012-03-06 17:55 - 0014330 ____A C:\Users\xavier\Documents\PSYCH EXAM 2.docx
2012-03-06 12:05 - 2012-03-06 12:05 - 7825283 ____A C:\Users\xavier\Desktop\Kelsey Yankee Candle.pdf
2012-03-01 08:58 - 2012-02-29 20:46 - 0000000 ____D C:\Users\xavier\Desktop\Scholarships
2012-02-29 19:13 - 2012-02-29 12:25 - 0046789 ____A C:\Users\xavier\Documents\Growth Hormone in Pea Seedlings Lab 4 Report.docx
2012-02-29 19:09 - 2012-02-23 09:46 - 0015260 ____A C:\Users\xavier\Documents\Pea Lab 4 Data.xlsx
2012-02-29 18:11 - 2012-02-22 12:32 - 0014046 ____A C:\Users\xavier\Documents\Hypothesis pre lab 4.docx
2012-02-24 13:50 - 2012-02-24 13:50 - 0002448 ____A C:\{AF6DF787-E0CC-4B12-9094-C14810147609}
2012-02-24 12:31 - 2011-02-25 02:16 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-23 06:29 - 2012-02-22 20:33 - 0036352 ____A C:\Users\xavier\Documents\2012_Tox_pre-lab Xavier.doc
2012-02-22 13:39 - 2012-02-22 11:51 - 0012950 ____A C:\Users\xavier\Documents\songs 2.docx
2012-02-22 13:35 - 2012-02-22 13:35 - 0031744 ____A C:\Users\xavier\Desktop\My resume 2 (REAL).doc
2012-02-22 10:15 - 2012-02-09 11:51 - 0021676 ____A C:\Users\xavier\Documents\Muslims in America post 9 11 grw paper 1.docx
2012-02-21 11:54 - 2012-02-21 11:33 - 0022337 ____A C:\Users\xavier\Desktop\Rough_Draft_Paper_1.docx
2012-02-21 11:08 - 2012-02-07 10:17 - 0013575 ____A C:\Users\xavier\Documents\Resume 2.docx
2012-02-18 12:05 - 2012-02-18 12:05 - 0012754 ____A C:\Users\xavier\Documents\youtube songs.docx
2012-02-16 22:38 - 2012-03-22 05:47 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-22 05:47 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-22 05:47 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-22 05:47 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 08:55 - 2012-02-15 12:32 - 0048877 ____A C:\Users\xavier\Documents\Lab 3 full.docx
2012-02-15 05:35 - 2012-04-02 06:33 - 0002018 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-02-15 05:32 - 2011-06-25 20:27 - 0000174 ___SH C:\Users\xavier\Start Menu\Programs\Startup\desktop.ini
2012-02-15 05:32 - 2011-06-25 20:27 - 0000174 ___SH C:\Users\xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-09 22:36 - 2012-03-22 05:49 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-22 05:49 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 18:33 - 2012-02-09 18:33 - 0012636 ____A C:\Users\xavier\Documents\v day.docx
2012-02-09 10:31 - 2012-02-09 10:27 - 0012655 ____A C:\Users\xavier\Documents\Excel lab 3.xlsx
2012-02-08 21:43 - 2012-02-08 21:32 - 0016822 ____A C:\Users\xavier\Documents\Hypothesis for lab 3.docx
2012-02-08 21:17 - 2012-02-08 21:05 - 0016733 ____A C:\Users\xavier\Documents\Digestion of Wood in Reticulitermes flavipes.docx
2012-02-08 20:50 - 2011-06-25 22:34 - 0001296 ____A C:\Users\xavier\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
2012-02-08 20:50 - 2011-06-25 22:34 - 0001296 ____A C:\Users\xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
2012-02-08 20:24 - 2012-02-08 17:13 - 0015955 ____A C:\Users\xavier\Documents\LAB 2 EXcel.xlsx
2012-02-08 20:10 - 2012-02-08 20:10 - 0022334 ____A C:\Users\xavier\Documents\Lab 2 excel picture.docx
2012-02-07 16:10 - 2012-02-07 16:10 - 0019780 ____A C:\Users\xavier\Desktop\BN_conccentration_revised_1-12.docx
2012-02-07 10:02 - 2011-08-26 18:18 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-02-06 05:17 - 2012-02-05 19:00 - 0016263 ____A C:\Users\xavier\Documents\Muslim class citations.docx
2012-02-02 20:34 - 2012-03-19 05:11 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-31 04:44 - 2012-04-02 08:41 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-29 21:22 - 2012-01-29 21:16 - 0013317 ____A C:\Users\xavier\Documents\v day kelsey.docx
2012-01-24 22:38 - 2012-03-22 05:49 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:38 - 2012-03-22 05:49 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:33 - 2012-03-22 05:49 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-21 17:30 - 2012-01-21 17:16 - 0015381 ____A C:\Users\xavier\Documents\Chuck and Emily.docx
2012-01-20 19:59 - 2012-01-10 17:33 - 0014407 ____A C:\Users\xavier\Documents\Donations.docx
2012-01-17 11:07 - 2011-12-29 11:59 - 0014685 ____A C:\Users\xavier\Documents\songs.docx
2012-01-16 15:51 - 2011-06-27 09:48 - 0000000 ____D C:\Users\xavier\AppData\Roaming\Apple Computer
2012-01-16 11:45 - 2012-04-02 06:33 - 0001787 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-01-16 11:45 - 2012-01-16 11:45 - 0000000 ____D C:\Program Files\iTunes
2012-01-16 11:45 - 2012-01-16 11:45 - 0000000 ____D C:\Program Files\iPod
2012-01-16 11:45 - 2012-01-16 11:45 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-01-16 11:42 - 2012-01-16 11:42 - 0000000 ____D C:\Program Files\Bonjour
2012-01-16 11:42 - 2012-01-16 11:42 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-01-16 00:15 - 2012-01-15 23:12 - 0013263 ____A C:\Users\xavier\Documents\new cars.docx
2012-01-13 20:06 - 2012-02-14 16:46 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k(20).sys
2012-01-04 18:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-01-04 16:00 - 2012-01-04 15:56 - 0013321 ____A C:\Users\xavier\Documents\books.docx
2012-01-04 13:40 - 2012-01-04 13:40 - 0337182 ____A C:\Users\xavier\Desktop\Attachments_2012_01_4.zip
2012-01-04 02:44 - 2012-02-14 16:46 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 02:44 - 2012-02-14 16:46 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-04 00:59 - 2012-02-14 16:46 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-04 00:58 - 2012-02-14 16:46 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 3947.86 MB
Available physical RAM: 3237.48 MB
Total Pagefile: 3946.01 MB
Available Pagefile: 3230.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Acer) (Fixed) (Total:450.65 GB) (Free:389.22 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:1.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (UNTITLED 1) (Removable) (Total:7.2 GB) (Free:7.17 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7391 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 15 GB 1024 KB
Partition 2 Primary 100 MB 15 GB
Partition 3 Primary 450 GB 15 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 15 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Acer NTFS Partition 450 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7391 MB 1024 B

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G UNTITLED 1 FAT32 Removable 7391 MB Healthy

======================================================================================================
==========================================================
TDL4: custom:26000022


==========================================================

Last Boot: 2012-03-30 08:48

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:09 PM

Posted 06 April 2012 - 07:55 PM

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
script removed
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


NEXT



Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Edited by CatByte, 03 July 2012 - 09:36 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 quiksilvermp3

quiksilvermp3
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 PM

Posted 09 April 2012 - 08:30 AM

ComboFix 12-04-09.01 - xavier 04/09/2012 9:14.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.2615 [GMT -4:00]
Running from: c:\users\xavier\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2012-04-09 13:18 . 2012-04-09 13:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-03 16:19 . 2012-04-03 17:58 -------- d-----w- c:\windows\Microsoft Antimalware
2012-04-02 22:17 . 2012-04-02 22:18 -------- d-----w- C:\FRST
2012-04-02 16:39 . 2012-04-02 16:39 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-02 16:38 . 2012-04-02 16:38 -------- d-----w- c:\users\xavier\AppData\Roaming\SUPERAntiSpyware.com
2012-04-02 16:38 . 2012-04-02 16:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-02 14:24 . 2012-04-02 14:25 -------- d-----w- c:\programdata\SUPERSetup
2012-03-29 16:25 . 2012-04-02 16:50 -------- d-----w- C:\ad53526d93b0bccfe2a3886839fb
2012-03-29 16:20 . 2012-04-03 17:59 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-29 03:22 . 2012-03-29 03:22 -------- d-----we c:\windows\system64
2012-03-24 03:55 . 2012-04-09 13:04 -------- d-----w- c:\windows\system32\drivers\NISx64\1306020.00A
2012-03-24 02:44 . 2012-04-03 20:30 -------- d-----w- c:\users\xavier\AppData\Roaming\Malwarebytes
2012-03-24 02:43 . 2012-04-03 21:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-24 02:43 . 2012-04-03 20:27 -------- d-----w- c:\programdata\Malwarebytes
2012-03-24 02:43 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 13:49 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-22 13:49 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-22 13:49 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-22 13:49 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-22 13:49 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-22 13:47 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-22 13:47 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-22 13:47 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-22 13:47 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-21 18:40 . 2012-03-21 18:41 -------- d-----w- c:\users\xavier\AppData\Local\Google
2012-03-21 18:40 . 2012-03-21 18:41 -------- d-----w- c:\program files (x86)\Google
2012-03-19 13:11 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-14 04:06 . 2012-02-15 00:46 3145728 ----a-w- c:\windows\system32\win32k(20).sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-09_12.42.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-25 09:36 . 2012-04-09 13:21 53112 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-09 13:21 31972 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-26 04:25 . 2012-04-09 13:21 13524 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-843158847-1354174415-1124025185-1000_UserData.bin
+ 2011-02-25 09:36 . 2012-04-09 13:21 53112 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-09 13:21 31972 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-26 04:25 . 2012-04-09 13:21 13524 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-843158847-1354174415-1124025185-1000_UserData.bin
- 2011-06-26 04:27 . 2012-04-09 12:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-26 04:27 . 2012-04-09 13:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-26 04:27 . 2012-04-09 12:24 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-06-26 04:27 . 2012-04-09 13:07 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-22 10:37 . 2012-04-09 12:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-22 10:37 . 2012-04-09 13:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-26 04:26 . 2012-04-09 12:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-26 04:26 . 2012-04-09 13:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-22 10:37 . 2012-04-09 12:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-22 10:37 . 2012-04-09 13:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-09 12:41 . 2012-04-09 12:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-09 13:19 . 2012-04-09 13:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-09 13:19 . 2012-04-09 13:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-09 12:41 . 2012-04-09 12:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-09 12:31 624178 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-09 12:46 624178 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-09 12:46 106522 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2012-04-09 12:31 106522 c:\windows\system64\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-09 12:46 624178 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-09 12:31 624178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-09 12:46 106522 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-09 12:31 106522 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-09 12:40 399516 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-09 13:19 399516 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-03-30 2547048]
"Facebook Update"="c:\users\xavier\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-18 137536]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2011-08-14 21975120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-18 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-18 201584]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2010-11-12 296768]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-02-24 1078352]
"MDS_Menu"="c:\program files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2010-12-10 177448]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
c:\users\xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-02-24 347216]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-01-06 868224]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-12 257344]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-843158847-1354174415-1124025185-1000Core.job
- c:\users\xavier\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-18 02:14]
.
2012-03-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-843158847-1354174415-1124025185-1000UA.job
- c:\users\xavier\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-18 02:14]
.
2012-04-09 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-10 2186856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 418328]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-01-06 860040]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.146.226.11 192.146.226.40 131.118.254.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-04-09 09:24:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-09 13:24
ComboFix2.txt 2012-04-09 12:47
.
Pre-Run: 428,267,315,200 bytes free
Post-Run: 428,244,635,648 bytes free
.
- - End Of File - - 217E38427459A84871AE605A1F06EFC1

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:09 PM

Posted 09 April 2012 - 08:48 AM

Hi,

Looks better,

please run the following:

I would like to see a list of installed programs, so please do this:
  • Press the Win key + R to open a run box, then copy/paste the following single-line command into the Run box and click OK:

    C:\Qoobox\Add-Remove Programs.txt

  • A text file should open.
  • Post the contents of that file in your next reply.


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish



NEXT



Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 quiksilvermp3

quiksilvermp3
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 PM

Posted 09 April 2012 - 08:57 AM

18 Wheels of Steel - American Long Haul
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Game Console
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.2 MUI
Agatha Christie - Death on the Nile
Apple Application Support
Apple Software Update
Backup Manager V3
Bejeweled 2 Deluxe
Blackhawk Striker 2
Build-a-lot 2
Chuzzle Deluxe
clear.fi
clear.fi Client
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
eSobi v2
Facebook Video Calling 1.2.0.159
FATE
FrostWire 4.20.9
FrostWire 5.1.4
HP Deskjet 3050A J611 series Help
HP Photo Creations
HP Update
Identity Card
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 26
Jewel Quest - Heritage
Jewel Quest Solitaire 2
John Deere Drive Green
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.60.1.1000
MediaEspresso
Mesh Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MyWinLocker 4
MyWinLocker Suite
NOOK for PC
Norton Bootable Recovery Tool Wizard
Norton Online Backup
NTI Media Maker 9
ooVoo
Penguins!
Plants vs. Zombies
Polar Bowler
Polar Golfer
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Shredder
Skypeô 5.5
Times Reader
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Virtual Villagers 4 - The Tree of Life
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Software Update
Yahoo! Toolbar
Zuma's Revenge

#6 quiksilvermp3

quiksilvermp3
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 PM

Posted 09 April 2012 - 09:06 AM

MBAM log

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.09.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
xavier :: XAVIER-PC [administrator]

4/9/2012 9:58:08 AM
mbam-log-2012-04-09 (09-58-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196638
Time elapsed: 3 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#7 quiksilvermp3

quiksilvermp3
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 PM

Posted 09 April 2012 - 11:09 AM

ESET Scan results

C:\Users\xavier\.frostwire5\updates\frostwire-5.1.4.windows.exe Win32/OpenCandy application deleted - quarantined
C:\Users\xavier\Desktop\frostwire-5.1.3.windows.exe Win32/OpenCandy application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TOGQRX4O\index[3].htm JS/Iframe.CV trojan cleaned by deleting - quarantined

Computer seems to be running a lot quicker. The only thing that is still a problem is that I don't have the menu bar in Task Manager.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:09 PM

Posted 09 April 2012 - 11:20 AM

Hi,

follow the instructions here to restore the menu in task manager

NEXT


Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image Your Java is out of date.
Java™ 6 Update 26 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
An update should begin; > follow the prompts.


NEXT

Please advise if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 quiksilvermp3

quiksilvermp3
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 PM

Posted 09 April 2012 - 01:16 PM

Everything has been taken care off and there are no more outstanding issues.

Thanks for all the help.

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:09 PM

Posted 09 April 2012 - 01:18 PM

Hi

Just some housekeeping to do now,

Please do the following:


You can delete the FRST logs and program from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 quiksilvermp3

quiksilvermp3
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 PM

Posted 09 April 2012 - 01:26 PM

Everything is good. Thank you again for the help.

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:09 PM

Posted 09 April 2012 - 01:31 PM

You are welcome

stay safe :hello:

~CB

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:09 PM

Posted 09 April 2012 - 01:31 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users