Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C0000135 The program can't start because %hs is missing//AVG not Installed


  • This topic is locked This topic is locked
20 replies to this topic

#1 bkajiki

bkajiki

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico
  • Local time:07:18 PM

Posted 12 May 2012 - 02:44 PM

Greetings,

I would kindly like to thank the community here at Bleeping Computer, for the help I am about to receive from the current members. Two nights ago, I was having troubles with a Virus. I have a Windows 7 64bit Home Edition. I used a Anti Virus tool remover called PC Spyware Doctor with Antivirus; I downloaded the program, it found a few trojans the program prompted for me to restart my computer to remove the virus. After upon of doing so my computer began doing a constant boot loop (I am going to be thorough of the symptoms so possibly other users who have this issue will find this website and forum) I tried loading in safe mode the loading of the files would stop at CLASSPNP.SYS. I then moved forward to trying to boot in to Safe Mode with Networking, No dice I received the same out come. I then tried "Repair Computer" After several attempts it would prompt me the message "Repair computer failed to automatically fix..etc" I tried my luck with System Restore, but I had no System Restore points, which I found very odd. Once rebooted I hit F8 and used the tool, that would stop the computer from automatically rebooting so I could see the BSOD. The following error I received was this: STOP: C0000135 The program can't start because %hs is missing. Try resintalling the program . I then stumbled upon some recent threads from this forum, I then used the FRST64 tool which was recommended Refrence thread.

I'm not sure if the Anti Virus tool removal I used was a fake, and possible corrupted my computer. I followed the steps on how to use the FRST64 in the link I provided above. Below is the results I received from the scan. I'm hoping the kind members and staff of BleepingComputer can help me with this problem, I'm really not too sure on what to do next. I'll currently be going to work here shortly within the hour. I apologize if I will be unable to respond the next few hours!

Scan result of Farbar Recovery Scan Tool Version: 11-05-2012
Ran by SYSTEM at 12-05-2012 14:11:21
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12459112 2012-03-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r [237693 2009-02-03] (Creative Technology Ltd)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-03-22] (Nullsoft, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1398440 2011-12-14] (Ask)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Driver Genius] [x]
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60 [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI [2670520 2012-04-23] (PC Tools)
Tcpip\Parameters: [DhcpNameServer] 68.28.169.132 68.28.168.132
SubSystems: [Windows] ATTENTION! ====> ZeroAccess

==================== Services (Whitelisted) ======

2 AfterFLICS v3; C:\Program Files (x86)\AFLICS\AfterFLICS.exe [135170 2011-04-14] ()
2 Autodesk Licensing Service; "C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe" [79360 2011-05-30] (Autodesk)
2 Browser Defender Update Service; "C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe" [575416 2012-04-13] (Threat Expert Ltd.)
2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-12-29] (Creative Technology Ltd)
2 DCPFLICS; C:\Program Files (x86)\DCPFLICS\DCPFLICS.exe [139268 2006-12-01] ()
2 FastUserSwitchingCompatibility; C:\Windows\System32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
2 FastUserSwitchingCompatibility; C:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [13592 2012-02-01] (Intel Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 mi-raysat_3dsMax2009_64; "C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe" [65536 2008-03-09] ()
2 mi-raysat_3dsmax2013_64; "C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe" [86016 2011-09-14] ()
2 sdAuxService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [402336 2012-04-23] (PC Tools)
2 sdCoreService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [1118648 2012-04-23] (PC Tools)
3 ThreatFire; C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [71008 2012-04-23] (PC Tools)
2 tgsrvc_smartagent; C:\Windows\System32\z800mdfl.dll [x]

========================== Drivers (Whitelisted) =============

3 61883; C:\Windows\System32\Drivers\61883.sys [60288 2009-07-13] (Microsoft Corporation)
3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [11174400 2012-04-05] (Advanced Micro Devices, Inc.)
3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [343040 2012-04-05] (Advanced Micro Devices, Inc.)
3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [20752 2011-05-22] (Mobile Stream)
3 johci; C:\Windows\System32\Drivers\johci.sys [26200 2011-11-30] (JMicron Technology Corp.)
0 JRAID; C:\Windows\System32\Drivers\JRAID.sys [120920 2011-05-19] (JMicron Technology Corp.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 netr7364; C:\Windows\System32\Drivers\netr7364.sys [707072 2009-06-10] (Ralink Technology, Corp.)
3 PCTBD; C:\Windows\System32\Drivers\PCTBD64.sys [85192 2012-04-13] (PC Tools)
0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [426616 2012-04-23] (PC Tools)
0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [453896 2012-02-28] (PC Tools)
0 pctEFA; C:\Windows\System32\drivers\pctEFA64.sys [1096176 2012-02-28] (PC Tools)
1 pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi64.sys [341168 2012-04-23] (PC Tools)
3 pctplsg; \??\C:\Windows\System32\drivers\pctplsg64.sys [92896 2012-04-23] (PC Tools)
1 PCTSD; C:\Windows\System32\Drivers\PCTSD64.sys [251528 2012-04-23] (PC Tools)
3 ssadbus; C:\Windows\System32\Drivers\ssadbus.sys [157672 2011-05-13] (MCCI Corporation)
3 t3; C:\Windows\System32\Drivers\t3.sys [639512 2009-05-05] (Creative Technology Ltd.)
0 TfFsMon; C:\Windows\System32\Drivers\TfFsMon.sys [65664 2012-04-23] (PC Tools)
3 TfNetMon; C:\Windows\System32\Drivers\TfNetMon.sys [41968 2012-04-23] (PC Tools)
0 TFSysMon; C:\Windows\System32\Drivers\TFSysMon.sys [706776 2012-04-23] (PC Tools)

========================== NetSvcs (Whitelisted) ===========
NETSVC: tgsrvc_smartagent

============ One Month Created Files and Folders ==============

2012-05-12 14:11 - 2012-05-12 14:11 - 0000000 ____D C:\FRST
2012-05-11 01:04 - 2012-05-11 01:04 - 536870912 __ASH C:\WinPEpge.sys
2012-05-11 01:03 - 2012-05-11 01:03 - 0000000 ____D C:\$WINDOWS.~BT
2012-05-10 19:31 - 2012-04-23 11:11 - 0706776 ____S (PC Tools) C:\Windows\System32\Drivers\TfSysMon.sys
2012-05-10 19:31 - 2012-04-23 11:11 - 0065664 ____S (PC Tools) C:\Windows\System32\Drivers\TfFsMon.sys
2012-05-10 19:31 - 2012-04-23 11:11 - 0041968 ____S (PC Tools) C:\Windows\System32\Drivers\TfNetMon.sys
2012-05-10 19:20 - 2012-05-10 19:20 - 0002271 ____A C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
2012-05-10 19:20 - 2012-04-23 12:18 - 0092896 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
2012-05-10 19:20 - 2012-04-23 12:17 - 0014776 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix64.sys
2012-05-10 19:20 - 2012-04-23 12:12 - 0341168 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
2012-05-10 19:20 - 2012-04-23 12:12 - 0145432 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
2012-05-10 19:20 - 2012-04-13 12:28 - 2271160 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
2012-05-10 19:20 - 2012-04-13 12:28 - 1681336 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
2012-05-10 19:20 - 2012-04-13 12:28 - 0767928 ____A C:\Windows\BDTSupport.dll
2012-05-10 19:20 - 2012-04-13 12:28 - 0149432 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
2012-05-10 19:20 - 2012-04-13 12:28 - 0085192 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD64.sys
2012-05-10 19:20 - 2012-04-13 11:55 - 0003488 ____A C:\Windows\UDB.zip
2012-05-10 19:20 - 2012-04-13 11:55 - 0000882 ____A C:\Windows\RegSDImport.xml
2012-05-10 19:20 - 2012-04-13 11:55 - 0000879 ____A C:\Windows\RegISSImport.xml
2012-05-10 19:20 - 2012-04-13 11:55 - 0000131 ____A C:\Windows\IDB.zip
2012-05-10 19:14 - 2012-04-23 10:36 - 0426616 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore64.sys
2012-05-10 19:14 - 2012-02-28 09:43 - 1096176 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA64.sys
2012-05-10 19:14 - 2012-02-28 09:43 - 0453896 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS64.sys
2012-05-10 19:11 - 2012-05-10 19:12 - 4183024 ____A (PC Tools) C:\Users\OB\Downloads\sdasetup.exe
2012-05-10 18:39 - 2012-05-10 18:39 - 0065536 __ASH C:\Windows\System32\config\components{3e109613-1c5d-11e1-91f4-a4badbf97ea5}.TxR.blf
2012-05-10 10:31 - 2012-05-10 10:31 - 0031232 ____A C:\Users\OB\Downloads\Rentals Available.doc
2012-05-10 10:25 - 2012-05-10 10:25 - 0022748 ____A C:\Users\OB\Downloads\4HSIS2A4RG1RV0EYCXW_SSPUSADV.pdf
2012-05-07 15:08 - 2012-05-07 15:28 - 34654699 ____A C:\Users\OB\Downloads\PC_Tools_Spyware_Doctor_7.0.0.514.rar
2012-05-07 11:09 - 2012-05-07 11:09 - 0001146 ____A C:\Users\OB\Desktop\FL Studio 10.lnk
2012-05-07 11:09 - 2009-09-15 01:14 - 1554944 ____A (HMS http://hp.vector.co.jp/authors/VA012897/) C:\Windows\SysWOW64\vorbis.acm
2012-05-07 11:07 - 2012-05-07 11:09 - 0000000 ____D C:\Program Files (x86)\Image-Line
2012-05-07 10:58 - 2012-02-16 11:42 - 0676968 ____A (Realtek ) C:\Windows\System32\Drivers\Rt64win7.sys
2012-05-07 10:58 - 2012-02-16 11:42 - 0107624 ____A (Realtek Semiconductor Corporation) C:\Windows\System32\RTNUninst64.dll
2012-05-07 10:58 - 2012-02-16 11:42 - 0074344 ____A (Realtek Semiconductor Corporation) C:\Windows\System32\RtNicProp64.dll
2012-05-07 10:37 - 2012-05-07 10:42 - 36356792 ____A (Microsoft Corporation) C:\Users\OB\Downloads\BOIE9_ENUS_WIN764.EXE
2012-05-07 10:37 - 2012-05-07 10:42 - 0009013 ____A C:\Windows\IE9_main.log
2012-05-07 10:37 - 2012-05-07 10:37 - 0543024 ____A (Microsoft Corporation) C:\Users\OB\Downloads\IE9-Windows7-x64-enu.exe
2012-05-07 08:53 - 2012-05-07 10:59 - 0000000 ____D C:\Windows\RaidTool
2012-05-07 08:53 - 2012-05-07 10:58 - 0000000 ____D C:\Windows\SysWOW64\sda
2012-05-07 08:53 - 2010-09-07 15:40 - 1976920 ____A (JMicron Technology Corp.) C:\Windows\SysWOW64\xRaidSetup.exe
2012-05-07 08:53 - 2010-09-07 15:40 - 0162392 ____A (JMicron Technology Corp.) C:\Windows\SysWOW64\xRaidAPI.dll
2012-05-07 08:52 - 2012-05-07 08:52 - 0000000 ____D C:\Program Files (x86)\JMicron
2012-05-07 08:51 - 2012-05-11 19:11 - 1871054 ____A C:\Windows\ntbtlog.txt
2012-05-07 08:48 - 2012-05-07 08:48 - 0000000 ____D C:\Users\OB\AppData\Roaming\Intel Corporation
2012-05-07 08:48 - 2011-11-30 13:53 - 0026200 ____A (JMicron Technology Corp.) C:\Windows\System32\Drivers\johci.sys
2012-05-07 08:48 - 2011-05-19 13:55 - 0120920 ____A (JMicron Technology Corp.) C:\Windows\System32\Drivers\jraid.sys
2012-05-07 08:44 - 2012-01-16 09:06 - 0053248 ____A (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2012-05-07 08:43 - 2012-05-07 08:44 - 0000000 ____D C:\Program Files (x86)\Intel
2012-05-07 08:43 - 2012-02-01 14:16 - 0568600 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStor.sys
2012-05-07 08:42 - 2012-05-07 08:42 - 0000000 ____D C:\Windows\SysWOW64\RTCOM
2012-05-07 08:42 - 2012-05-07 08:42 - 0000000 ____D C:\Program Files\Realtek
2012-05-07 08:42 - 2012-03-27 17:16 - 0272629 ____A C:\Windows\System32\Drivers\RTAIODAT.DAT
2012-05-07 08:42 - 2012-03-27 15:03 - 4015592 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2012-05-07 08:42 - 2012-03-20 08:47 - 3608680 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
2012-05-07 08:42 - 2012-03-19 17:01 - 0102504 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll
2012-05-07 08:42 - 2012-03-16 14:25 - 2670696 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
2012-05-07 08:42 - 2012-03-13 09:21 - 1251432 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
2012-05-07 08:42 - 2012-03-08 09:47 - 0202336 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll
2012-05-07 08:42 - 2012-03-08 09:47 - 0108640 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAR64.dll
2012-05-07 08:42 - 2012-03-07 09:09 - 0824424 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
2012-05-07 08:42 - 2012-02-29 15:59 - 0626264 ____A (Creative Technology Ltd.) C:\Windows\System32\MBTHX64.dll
2012-05-07 08:42 - 2012-02-29 15:59 - 0561752 ____A (Creative Technology Ltd.) C:\Windows\SysWOW64\MBTHX32.dll
2012-05-07 08:42 - 2012-02-21 17:45 - 2605400 ____A (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib.dll
2012-05-07 08:42 - 2012-02-21 12:26 - 2528832 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll
2012-05-07 08:42 - 2012-02-13 20:35 - 0978776 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPOShell64.dll
2012-05-07 08:42 - 2011-12-20 13:32 - 0331880 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll
2012-05-07 08:42 - 2011-12-18 15:58 - 2131288 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioEQ.dll
2012-05-07 08:42 - 2011-12-16 12:57 - 0894040 ____A (Creative Technology Ltd.) C:\Windows\System32\MBAPO64.dll
2012-05-07 08:42 - 2011-12-16 12:57 - 0750680 ____A (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2012-05-07 08:42 - 2011-12-13 14:58 - 1560168 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl
2012-05-07 08:42 - 2011-12-13 09:01 - 1698408 ____A (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2012-05-07 08:42 - 2011-11-22 14:28 - 0014952 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoLDR64.dll
2012-05-07 08:42 - 2010-11-08 05:31 - 0375128 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP64A.dll
2012-05-07 08:42 - 2010-11-08 05:31 - 0310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT64.dll
2012-05-07 08:42 - 2010-11-08 05:31 - 0310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA64.dll
2012-05-07 08:42 - 2010-11-08 05:31 - 0204120 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED64A.dll
2012-05-07 08:42 - 2010-11-08 05:31 - 0101208 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL64A.dll
2012-05-07 08:42 - 2010-11-08 05:31 - 0078680 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG64A.dll
2012-05-07 08:42 - 2010-11-03 16:30 - 0149608 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCfg64.dll
2012-05-07 08:42 - 2010-09-27 07:34 - 0318808 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO20.dll
2012-05-07 08:42 - 2010-07-02 17:40 - 0080984 ____A (Creative Technology Ltd.) C:\Windows\System32\MBWrp64.dll
2012-05-07 08:42 - 2009-11-24 07:55 - 0518896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSX64.dll
2012-05-07 08:42 - 2009-11-24 07:55 - 0211184 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSH64.dll
2012-05-07 08:42 - 2009-11-24 07:55 - 0198896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSHP64.dll
2012-05-07 08:42 - 2009-11-24 07:55 - 0155888 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSWOW64.dll
2012-05-07 08:41 - 2012-05-10 21:25 - 0007906 ____A C:\Windows\PFRO.log
2012-05-07 08:37 - 2012-05-07 10:58 - 0000000 ____D C:\Program Files (x86)\Realtek
2012-05-07 08:37 - 2010-10-29 21:11 - 9888360 ____A (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsUStoricon.dll
2012-05-07 08:37 - 2010-10-29 21:11 - 0422504 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtsUStor.dll
2012-05-07 08:37 - 2010-10-29 21:11 - 0250984 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RtsUStor.sys
2012-05-07 08:17 - 2012-05-07 08:17 - 0000000 ____D C:\Users\Public\Documents\DriverGenius
2012-05-07 08:16 - 2012-05-07 08:16 - 0001207 ____A C:\Users\OB\Desktop\Driver Genius Professional Edition.lnk
2012-05-07 08:16 - 2012-05-07 08:16 - 0000000 ____D C:\Program Files (x86)\Driver-Soft
2012-05-07 07:58 - 2012-05-07 08:17 - 0000000 ____D C:\Users\All Users\DriverGenius
2012-05-07 07:58 - 2012-05-07 08:17 - 0000000 ____D C:\ProgramData\DriverGenius
2012-05-07 07:35 - 2012-05-07 07:35 - 0001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-05-07 07:35 - 2012-05-07 07:35 - 0000000 ____D C:\Users\OB\AppData\Local\Mozilla
2012-05-07 07:35 - 2012-05-07 07:35 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-07 07:35 - 2012-05-07 07:35 - 0000000 ____D C:\ProgramData\Mozilla
2012-05-07 07:35 - 2012-05-07 07:35 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-07 07:35 - 2012-05-07 07:35 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-07 07:29 - 2012-05-07 07:35 - 16339280 ____A (Mozilla) C:\Users\OB\Downloads\Firefox Setup 12.0.exe
2012-05-06 20:32 - 2012-05-10 19:00 - 0004047 ____A C:\Windows\setupact.log
2012-05-06 20:32 - 2012-05-06 20:32 - 0000000 ____A C:\Windows\setuperr.log
2012-05-05 23:07 - 2012-05-10 19:20 - 0000000 ____D C:\Program Files (x86)\PC Tools
2012-05-05 23:00 - 2012-05-05 23:00 - 8769696 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-05 22:45 - 2012-05-11 19:09 - 1983606 ____A C:\Windows\System32\Drivers\Cat.DB
2012-05-05 22:45 - 2012-04-23 12:18 - 0251528 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-05-05 22:43 - 2012-05-10 19:31 - 0000000 ____D C:\Users\All Users\PC Tools
2012-05-05 22:43 - 2012-05-10 19:31 - 0000000 ____D C:\ProgramData\PC Tools
2012-05-05 22:43 - 2012-05-05 22:43 - 0000000 ____D C:\Users\OB\AppData\Roaming\TestApp
2012-05-05 15:47 - 2012-05-10 19:00 - 0001848 ____A C:\AFlics.log
2012-05-05 15:47 - 2012-05-05 15:49 - 0000000 ____D C:\Program Files (x86)\AFLICS
2012-05-05 15:46 - 2012-05-05 15:44 - 9738101 ____A C:\Users\OB\Desktop\SitniSati Afterburn v4.0.d for 3DSmax 2012 x32x64.rar
2012-05-05 15:46 - 2012-05-03 22:26 - 55644319 ____A C:\Users\OB\Documents\Heavy.rar
2012-05-05 15:46 - 2012-05-03 22:23 - 3562629 ____A C:\Users\OB\Documents\_fys_sinfulkitten_s_sound_pack.zip
2012-05-05 15:46 - 2012-05-03 22:16 - 0817400 ____A C:\Users\OB\Documents\21st_century_gun_sounds.pk3.zip
2012-05-05 13:20 - 2012-05-05 13:20 - 0001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-05 13:20 - 2012-05-05 13:20 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-05 13:20 - 2012-04-04 13:56 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-05-05 13:18 - 2012-05-05 13:20 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\OB\Downloads\mbam-setup-1.61.0.1400.exe
2012-05-04 18:27 - 2012-05-04 18:27 - 0002708 ____A C:\Users\OB\AppData\Local\Temp2.html
2012-05-03 20:50 - 2012-05-03 20:52 - 1360942070 ____A C:\Users\OB\Documents\MuzzleFlashCompfinish.avi
2012-05-02 20:15 - 2012-05-03 20:43 - 0000000 ____D C:\Users\OB\Documents\Adobe After Effects Auto-Save
2012-05-02 09:43 - 2012-05-02 09:43 - 0036868 ____A C:\Program Files (x86)\uninst-Particular.exe
2012-05-02 09:43 - 2012-05-02 09:43 - 0000000 ____D C:\Program Files (x86)\Trapcode
2012-05-02 09:43 - 2012-05-02 09:43 - 0000000 ____D C:\Presets
2012-05-02 09:42 - 2012-05-03 20:53 - 0397423 ____A C:\Users\OB\Documents\POVMuzzleCOmp.aep
2012-05-02 08:57 - 2012-05-03 21:26 - 0000000 ____D C:\Users\OB\Documents\Payback
2012-05-01 22:53 - 2012-05-08 10:30 - 0000000 ____D C:\Users\OB\Documents\Original Music
2012-05-01 22:10 - 2012-05-01 22:45 - 852116547 ____A C:\Users\OB\Documents\sitroom.mov
2012-05-01 22:10 - 2012-05-01 22:10 - 0000286 ____A C:\Users\OB\Documents\sitroom.mov.#res
2012-05-01 21:14 - 2012-05-07 07:21 - 0041752 ____A C:\Users\OB\Documents\Payback.veg
2012-05-01 21:14 - 2012-05-07 07:20 - 0041752 ____A C:\Users\OB\Documents\Payback.veg.bak
2012-05-01 21:03 - 2012-05-01 21:03 - 0243872 ____A C:\Users\OB\Documents\Earthcomp2180.aep
2012-05-01 21:01 - 2012-05-01 21:02 - 2488383842 ____A C:\Users\OB\Documents\EarthSattelite.avi
2012-05-01 18:23 - 2012-05-01 20:22 - 1357229148 ____A C:\Users\OB\Documents\earthani.mov
2012-05-01 18:23 - 2012-05-01 18:23 - 0000286 ____A C:\Users\OB\Documents\earthani.mov.#res
2012-05-01 18:23 - 2012-05-01 18:23 - 0000000 ____A C:\Users\OB\Documents\QTimeTmp.AVI
2012-04-30 19:51 - 2012-05-01 08:42 - 0089282 ____A C:\Users\OB\Documents\EarthZoom.aep
2012-04-30 11:45 - 2012-05-01 08:52 - 0000000 ____D C:\Users\OB\Documents\EarthImages
2012-04-30 11:30 - 2012-04-30 11:30 - 0002212 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-04-29 18:13 - 2012-04-29 18:13 - 0000000 ____D C:\Program Files (x86)\Auslogics
2012-04-29 18:05 - 2012-05-10 19:01 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-29 18:00 - 2012-05-07 11:16 - 0000000 ____D C:\Users\OB\AppData\Roaming\Auslogics
2012-04-29 17:59 - 2012-04-29 18:13 - 0001239 ____A C:\Users\OB\Desktop\Auslogics BoostSpeed.lnk
2012-04-27 23:23 - 2012-04-27 23:36 - 0000000 ____D C:\Program Files (x86)\RegistryNuke 2012
2012-04-27 19:52 - 2012-04-28 02:58 - 0000000 __SHD C:\Users\All Users\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-04-27 19:52 - 2012-04-28 02:58 - 0000000 __SHD C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-04-27 19:52 - 2012-04-28 02:54 - 0000000 ____D C:\Users\All Users\TuneUp Software
2012-04-27 19:52 - 2012-04-28 02:54 - 0000000 ____D C:\ProgramData\TuneUp Software
2012-04-27 19:52 - 2012-04-28 02:21 - 0000000 ____D C:\Program Files (x86)\TuneUp Utilities 2012
2012-04-27 19:52 - 2012-04-27 19:52 - 0000000 ____D C:\Users\OB\AppData\Roaming\TuneUp Software
2012-04-27 19:43 - 2012-04-27 19:52 - 33925520 ____A (TuneUp Software) C:\Users\OB\Downloads\TuneUpUtilities2012_en-US.exe
2012-04-27 19:30 - 2012-04-27 19:31 - 0026448 ____A C:\Windows\diagwrn.xml
2012-04-27 19:30 - 2012-04-27 19:31 - 0001908 ____A C:\Windows\diagerr.xml
2012-04-27 18:22 - 2012-04-27 18:22 - 0000000 ____D C:\Windows\system64
2012-04-27 16:22 - 2012-05-10 17:56 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-27 16:22 - 2012-05-09 15:48 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-27 16:22 - 2012-04-28 02:56 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-27 15:48 - 2012-04-28 02:52 - 0000000 ____D C:\Program Files (x86)\DLLSuite
2012-04-27 10:46 - 2012-04-27 10:04 - 1944379 ____A C:\Users\OB\Documents\memtestresults.jpg
2012-04-27 10:43 - 2012-04-27 10:43 - 0001814 ____A C:\Users\OB\Documents\dump.txt
2012-04-26 22:53 - 2012-04-26 22:53 - 0127860 ____A C:\Users\OB\Downloads\memtest86+-4.20.usb.installer.zip
2012-04-26 22:49 - 2012-05-08 11:12 - 0062212 ____A C:\Users\OB\Downloads\bluescreenview.zip
2012-04-26 22:35 - 2012-04-27 10:08 - 0026981 ____A C:\Users\OB\AppData\Local\Temp20.html
2012-04-26 22:30 - 2012-05-04 18:27 - 0001955 ____A C:\Users\OB\AppData\Local\Temp1.html
2012-04-26 22:30 - 2012-05-04 18:26 - 0000000 ____D C:\Program Files\WhoCrashed
2012-04-25 10:02 - 2012-04-28 02:58 - 0000000 ____D C:\Program Files (x86)\AMD APP
2012-04-25 10:02 - 2012-04-28 02:51 - 0000000 ____D C:\Program Files (x86)\AMD AVT
2012-04-25 10:02 - 2012-04-25 10:02 - 0000000 ____D C:\Users\All Users\ATI
2012-04-25 10:02 - 2012-04-25 10:02 - 0000000 ____D C:\Users\All Users\AMD
2012-04-25 10:02 - 2012-04-25 10:02 - 0000000 ____D C:\ProgramData\ATI
2012-04-25 10:02 - 2012-04-25 10:02 - 0000000 ____D C:\ProgramData\AMD
2012-04-25 09:31 - 2012-04-25 09:57 - 160889928 ____A (Advanced Micro Devices, Inc.) C:\Users\OB\Downloads\12-4_vista_win7_64_dd_ccc.exe
2012-04-25 09:16 - 2012-04-28 02:58 - 0000000 ____D C:\Users\All Users\FLEXnet
2012-04-25 09:16 - 2012-04-28 02:58 - 0000000 ____D C:\ProgramData\FLEXnet
2012-04-25 01:19 - 2012-04-28 02:54 - 0000000 ____D C:\Program Files\Common Files\Macrovision Shared
2012-04-25 01:18 - 2012-04-25 01:18 - 0001966 ____A C:\Users\Public\Desktop\Autodesk 3ds Max 2013 64-bit.lnk
2012-04-25 01:11 - 2012-04-27 10:16 - 0773030 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-22 21:07 - 2012-04-23 09:17 - 0000000 ____D C:\Autodesk
2012-04-22 18:45 - 2012-05-10 17:01 - 0000000 ____D C:\Windows\Minidump
2012-04-20 21:39 - 2012-04-20 21:39 - 1700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2012-04-20 21:38 - 2012-05-07 11:09 - 0000000 ____D C:\Program Files (x86)\Vstplugins
2012-04-20 21:38 - 2012-04-23 09:18 - 0000000 ____D C:\Program Files (x86)\Outsim
2012-04-20 21:38 - 2012-04-20 21:38 - 0000000 ____D C:\Users\OB\Documents\Image-Line
2012-04-20 21:38 - 2006-06-20 00:56 - 0225280 ____A (Propellerhead Software AB) C:\Windows\SysWOW64\rewire.dll
2012-04-19 20:08 - 2012-04-19 20:08 - 0080672 ____A C:\Users\OB\Documents\FirstPOVmuzzleTest.aep
2012-04-19 19:58 - 2012-04-19 19:58 - 421520744 ____A C:\Users\OB\Documents\2012-04-19_18-45-30_336_1.avi
2012-04-19 19:57 - 2012-04-19 19:57 - 29786432 ____A C:\Users\OB\Documents\2012-04-19_18-45-30_336_1.mov
2012-04-19 19:52 - 2012-04-19 19:53 - 90775252 ____A C:\Users\OB\Documents\2012-04-19_18-45-30_336.avi
2012-04-19 16:49 - 2012-04-19 16:46 - 12308805 ____A C:\Users\OB\Documents\2012-04-19_18-45-30_336.3gp
2012-04-18 17:04 - 2012-04-18 17:04 - 0001064 ____A C:\Users\OB\Desktop\Portable After Effects CS4 - Shortcut.lnk
2012-04-18 17:02 - 2012-05-02 10:08 - 0000000 ____D C:\Adobe CS4
2012-04-13 23:07 - 2012-04-18 17:21 - 37053704 ____A C:\Users\OB\Documents\ImprovednukeMT.avi
2012-04-13 21:58 - 2012-04-13 21:58 - 0000034 ____A C:\Users\OB\Documents\Untitled.avi.sfl
2012-04-13 21:54 - 2012-04-13 21:58 - 1401312256 ____A C:\Users\OB\Documents\Untitled.avi
2012-04-13 21:48 - 2012-04-13 21:50 - 0123905 ____A C:\Users\OB\Documents\retry.ms
2012-04-13 21:40 - 2012-04-13 21:40 - 8788703 ____A C:\Users\OB\Documents\Untitled.mov
2012-04-13 21:19 - 2012-04-13 21:29 - 0000000 ____A C:\Users\OB\Documents\NewMotionTrack.ms
2012-04-13 20:17 - 2012-04-18 17:07 - 25079188 ____A C:\Users\OB\Documents\LCView.mp4
2012-04-13 00:14 - 2012-03-05 22:53 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-13 00:14 - 2012-03-05 21:59 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-13 00:14 - 2012-03-05 21:59 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-13 00:14 - 2012-02-27 23:34 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-13 00:14 - 2012-02-27 23:02 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-13 00:14 - 2012-02-27 22:56 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-13 00:14 - 2012-02-27 22:50 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-13 00:14 - 2012-02-27 22:49 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-13 00:14 - 2012-02-27 22:48 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-13 00:14 - 2012-02-27 22:48 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-13 00:14 - 2012-02-27 22:47 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-13 00:14 - 2012-02-27 22:45 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-13 00:14 - 2012-02-27 22:43 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-13 00:14 - 2012-02-27 22:43 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-13 00:14 - 2012-02-27 22:42 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-13 00:14 - 2012-02-27 22:39 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-13 00:14 - 2012-02-27 17:52 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-13 00:14 - 2012-02-27 17:27 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-13 00:14 - 2012-02-27 17:18 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-13 00:14 - 2012-02-27 17:12 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-13 00:14 - 2012-02-27 17:11 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-13 00:14 - 2012-02-27 17:11 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-13 00:14 - 2012-02-27 17:09 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-13 00:14 - 2012-02-27 17:08 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-13 00:14 - 2012-02-27 17:06 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-13 00:14 - 2012-02-27 17:04 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-13 00:14 - 2012-02-27 17:03 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-13 00:14 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-13 00:14 - 2012-02-27 16:59 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-12 14:51 - 2012-04-12 14:51 - 0058196 ____A C:\Users\OB\Documents\Untitled Project.ban
2012-04-12 14:44 - 2012-04-12 14:58 - 0064359 ____A C:\Users\OB\Documents\Untitled Project.ms
2012-04-12 14:42 - 2012-04-12 14:43 - 0064444 ____A C:\Users\OB\Documents\Abomb.ms
2012-04-12 14:33 - 2012-04-13 21:40 - 0000034 ____A C:\Users\OB\Documents\Untitled.mov.sfl
2012-04-12 14:33 - 2012-04-12 14:33 - 8696071 ____A C:\Users\OB\Documents\RPABMB.mov
2012-04-12 14:29 - 2012-04-14 05:37 - 0000000 ____D C:\Users\OB\Documents\CellPhoneFootage
2012-04-12 14:28 - 2012-04-12 14:28 - 0000000 ____D C:\Users\OB\AppData\Local\MPlayer

============ 3 Months Modified Files and Folders =============

2012-05-12 14:11 - 2012-05-12 14:11 - 0000000 ____D C:\FRST
2012-05-12 01:47 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2012-05-11 19:11 - 2012-05-07 08:51 - 1871054 ____A C:\Windows\ntbtlog.txt
2012-05-11 19:10 - 2011-05-24 16:09 - 2140381184 __ASH C:\hiberfil.sys
2012-05-11 19:10 - 2009-07-13 20:45 - 0233576 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-11 19:09 - 2012-05-05 22:45 - 1983606 ____A C:\Windows\System32\Drivers\Cat.DB
2012-05-11 13:04 - 2011-12-08 17:46 - 0000000 ____D C:\All Ripped Applications
2012-05-11 01:04 - 2012-05-11 01:04 - 536870912 __ASH C:\WinPEpge.sys
2012-05-11 01:03 - 2012-05-11 01:03 - 0000000 ____D C:\$WINDOWS.~BT
2012-05-10 21:25 - 2012-05-07 08:41 - 0007906 ____A C:\Windows\PFRO.log
2012-05-10 21:23 - 2011-05-30 17:14 - 0000000 ____D C:\3ds Max
2012-05-10 21:23 - 2011-05-24 16:12 - 2004491 ____A C:\Windows\WindowsUpdate.log
2012-05-10 21:23 - 2010-09-18 22:46 - 0000000 ____D C:\hhproxy
2012-05-10 19:39 - 2009-07-13 21:13 - 0779306 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-10 19:34 - 2009-07-13 21:08 - 0032586 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-10 19:34 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-10 19:31 - 2012-05-05 22:43 - 0000000 ____D C:\Users\All Users\PC Tools
2012-05-10 19:31 - 2012-05-05 22:43 - 0000000 ____D C:\ProgramData\PC Tools
2012-05-10 19:20 - 2012-05-10 19:20 - 0002271 ____A C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
2012-05-10 19:20 - 2012-05-05 23:07 - 0000000 ____D C:\Program Files (x86)\PC Tools
2012-05-10 19:12 - 2012-05-10 19:11 - 4183024 ____A (PC Tools) C:\Users\OB\Downloads\sdasetup.exe
2012-05-10 19:07 - 2009-07-13 20:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-10 19:07 - 2009-07-13 20:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-10 19:01 - 2012-04-29 18:05 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-05-10 19:00 - 2012-05-06 20:32 - 0004047 ____A C:\Windows\setupact.log
2012-05-10 19:00 - 2012-05-05 15:47 - 0001848 ____A C:\AFlics.log
2012-05-10 19:00 - 2011-09-16 16:27 - 0000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-05-10 18:39 - 2012-05-10 18:39 - 0065536 __ASH C:\Windows\System32\config\components{3e109613-1c5d-11e1-91f4-a4badbf97ea5}.TxR.blf
2012-05-10 18:00 - 2011-09-16 16:27 - 0000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-05-10 17:56 - 2012-04-27 16:22 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-10 17:01 - 2012-04-22 18:45 - 0000000 ____D C:\Windows\Minidump
2012-05-10 17:01 - 2011-05-24 16:09 - 0285492 ____N C:\Windows\Minidump\051012-14180-01.dmp
2012-05-10 10:31 - 2012-05-10 10:31 - 0031232 ____A C:\Users\OB\Downloads\Rentals Available.doc
2012-05-10 10:25 - 2012-05-10 10:25 - 0022748 ____A C:\Users\OB\Downloads\4HSIS2A4RG1RV0EYCXW_SSPUSADV.pdf
2012-05-09 23:05 - 2011-05-24 16:09 - 0285492 ____N C:\Windows\Minidump\051012-14008-01.dmp
2012-05-09 21:47 - 2011-05-24 16:09 - 0285492 ____N C:\Windows\Minidump\050912-14289-01.dmp
2012-05-09 20:28 - 2011-05-24 16:09 - 0285492 ____N C:\Windows\Minidump\050912-14617-01.dmp
2012-05-09 19:10 - 2011-05-24 16:09 - 0286132 ____N C:\Windows\Minidump\050912-15912-01.dmp
2012-05-09 15:48 - 2012-04-27 16:22 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-09 15:48 - 2011-06-05 13:45 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-09 13:04 - 2011-05-24 16:09 - 0286516 ____N C:\Windows\Minidump\050912-14820-01.dmp
2012-05-09 11:12 - 2011-05-24 16:09 - 0285996 ____N C:\Windows\Minidump\050912-17924-01.dmp
2012-05-08 16:24 - 2011-05-24 16:09 - 0285812 ____N C:\Windows\Minidump\050812-14242-01.dmp
2012-05-08 15:03 - 2011-05-24 16:09 - 0285492 ____N C:\Windows\Minidump\050812-14476-01.dmp
2012-05-08 13:45 - 2011-05-24 16:09 - 0285492 ____N C:\Windows\Minidump\050812-14258-01.dmp
2012-05-08 12:27 - 2011-05-24 16:09 - 0286452 ____N C:\Windows\Minidump\050812-16130-01.dmp
2012-05-08 11:12 - 2012-04-26 22:49 - 0062212 ____A C:\Users\OB\Downloads\bluescreenview.zip
2012-05-08 11:04 - 2011-05-24 16:09 - 0286004 ____N C:\Windows\Minidump\050812-13962-01.dmp
2012-05-08 10:30 - 2012-05-01 22:53 - 0000000 ____D C:\Users\OB\Documents\Original Music
2012-05-07 22:38 - 2011-05-24 16:09 - 0285492 ____N C:\Windows\Minidump\050812-14040-01.dmp
2012-05-07 19:44 - 2011-05-24 16:09 - 0285492 ____N C:\Windows\Minidump\050712-14196-01.dmp
2012-05-07 17:47 - 2011-05-24 16:09 - 0285876 ____N C:\Windows\Minidump\050712-14040-01.dmp
2012-05-07 15:28 - 2012-05-07 15:08 - 34654699 ____A C:\Users\OB\Downloads\PC_Tools_Spyware_Doctor_7.0.0.514.rar
2012-05-07 13:59 - 2011-05-24 16:09 - 0287092 ____N C:\Windows\Minidump\050712-15912-01.dmp
2012-05-07 11:16 - 2012-04-29 18:00 - 0000000 ____D C:\Users\OB\AppData\Roaming\Auslogics
2012-05-07 11:09 - 2012-05-07 11:09 - 0001146 ____A C:\Users\OB\Desktop\FL Studio 10.lnk
2012-05-07 11:09 - 2012-05-07 11:07 - 0000000 ____D C:\Program Files (x86)\Image-Line
2012-05-07 11:09 - 2012-04-20 21:38 - 0000000 ____D C:\Program Files (x86)\Vstplugins
2012-05-07 10:59 - 2012-05-07 08:53 - 0000000 ____D C:\Windows\RaidTool
2012-05-07 10:58 - 2012-05-07 08:53 - 0000000 ____D C:\Windows\SysWOW64\sda
2012-05-07 10:58 - 2012-05-07 08:37 - 0000000 ____D C:\Program Files (x86)\Realtek
2012-05-07 10:58 - 2011-05-30 22:52 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-05-07 10:42 - 2012-05-07 10:37 - 36356792 ____A (Microsoft Corporation) C:\Users\OB\Downloads\BOIE9_ENUS_WIN764.EXE
2012-05-07 10:42 - 2012-05-07 10:37 - 0009013 ____A C:\Windows\IE9_main.log
2012-05-07 10:42 - 2012-02-10 15:01 - 0000000 ___HD C:\Windows\msdownld.tmp
2012-05-07 10:37 - 2012-05-07 10:37 - 0543024 ____A (Microsoft Corporation) C:\Users\OB\Downloads\IE9-Windows7-x64-enu.exe
2012-05-07 10:25 - 2011-05-24 16:09 - 0285492 ____N C:\Windows\Minidump\050712-19562-01.dmp
2012-05-07 08:52 - 2012-05-07 08:52 - 0000000 ____D C:\Program Files (x86)\JMicron
2012-05-07 08:51 - 2011-05-24 16:09 - 0285932 ____N C:\Windows\Minidump\050712-23634-01.dmp
2012-05-07 08:48 - 2012-05-07 08:48 - 0000000 ____D C:\Users\OB\AppData\Roaming\Intel Corporation
2012-05-07 08:44 - 2012-05-07 08:43 - 0000000 ____D C:\Program Files (x86)\Intel
2012-05-07 08:42 - 2012-05-07 08:42 - 0000000 ____D C:\Windows\SysWOW64\RTCOM
2012-05-07 08:42 - 2012-05-07 08:42 - 0000000 ____D C:\Program Files\Realtek
2012-05-07 08:17 - 2012-05-07 08:17 - 0000000 ____D C:\Users\Public\Documents\DriverGenius
2012-05-07 08:17 - 2012-05-07 07:58 - 0000000 ____D C:\Users\All Users\DriverGenius
2012-05-07 08:17 - 2012-05-07 07:58 - 0000000 ____D C:\ProgramData\DriverGenius
2012-05-07 08:16 - 2012-05-07 08:16 - 0001207 ____A C:\Users\OB\Desktop\Driver Genius Professional Edition.lnk
2012-05-07 08:16 - 2012-05-07 08:16 - 0000000 ____D C:\Program Files (x86)\Driver-Soft
2012-05-07 07:35 - 2012-05-07 07:35 - 0001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-05-07 07:35 - 2012-05-07 07:35 - 0000000 ____D C:\Users\OB\AppData\Local\Mozilla
2012-05-07 07:35 - 2012-05-07 07:35 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-07 07:35 - 2012-05-07 07:35 - 0000000 ____D C:\ProgramData\Mozilla
2012-05-07 07:35 - 2012-05-07 07:35 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-07 07:35 - 2012-05-07 07:35 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-07 07:35 - 2012-05-07 07:29 - 16339280 ____A (Mozilla) C:\Users\OB\Downloads\Firefox Setup 12.0.exe
2012-05-07 07:35 - 2011-12-26 01:55 - 0000000 ____D C:\Users\OB\AppData\Roaming\Mozilla
2012-05-07 07:21 - 2012-05-01 21:14 - 0041752 ____A C:\Users\OB\Documents\Payback.veg
2012-05-07 07:20 - 2012-05-01 21:14 - 0041752 ____A C:\Users\OB\Documents\Payback.veg.bak
2012-05-06 20:32 - 2012-05-06 20:32 - 0000000 ____A C:\Windows\setuperr.log
2012-05-05 23:00 - 2012-05-05 23:00 - 8769696 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-05 22:43 - 2012-05-05 22:43 - 0000000 ____D C:\Users\OB\AppData\Roaming\TestApp
2012-05-05 15:49 - 2012-05-05 15:47 - 0000000 ____D C:\Program Files (x86)\AFLICS
2012-05-05 15:44 - 2012-05-05 15:46 - 9738101 ____A C:\Users\OB\Desktop\SitniSati Afterburn v4.0.d for 3DSmax 2012 x32x64.rar
2012-05-05 13:20 - 2012-05-05 13:20 - 0001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-05 13:20 - 2012-05-05 13:20 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-05 13:20 - 2012-05-05 13:18 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\OB\Downloads\mbam-setup-1.61.0.1400.exe
2012-05-04 18:27 - 2012-05-04 18:27 - 0002708 ____A C:\Users\OB\AppData\Local\Temp2.html
2012-05-04 18:27 - 2012-04-26 22:30 - 0001955 ____A C:\Users\OB\AppData\Local\Temp1.html
2012-05-04 18:26 - 2012-04-26 22:30 - 0000000 ____D C:\Program Files\WhoCrashed
2012-05-03 22:26 - 2012-05-05 15:46 - 55644319 ____A C:\Users\OB\Documents\Heavy.rar
2012-05-03 22:23 - 2012-05-05 15:46 - 3562629 ____A C:\Users\OB\Documents\_fys_sinfulkitten_s_sound_pack.zip
2012-05-03 22:16 - 2012-05-05 15:46 - 0817400 ____A C:\Users\OB\Documents\21st_century_gun_sounds.pk3.zip
2012-05-03 21:35 - 2011-12-15 15:47 - 0000000 ____D C:\Users\OB\Documents\OFX Presets
2012-05-03 21:28 - 2012-02-10 15:13 - 0000000 ____D C:\Users\OB\.3gpplayer
2012-05-03 21:26 - 2012-05-02 08:57 - 0000000 ____D C:\Users\OB\Documents\Payback
2012-05-03 20:53 - 2012-05-02 09:42 - 0397423 ____A C:\Users\OB\Documents\POVMuzzleCOmp.aep
2012-05-03 20:52 - 2012-05-03 20:50 - 1360942070 ____A C:\Users\OB\Documents\MuzzleFlashCompfinish.avi
2012-05-03 20:43 - 2012-05-02 20:15 - 0000000 ____D C:\Users\OB\Documents\Adobe After Effects Auto-Save
2012-05-03 09:44 - 2011-09-16 16:27 - 0000000 ____D C:\Program Files\Google
2012-05-03 09:44 - 2011-09-16 16:27 - 0000000 ____D C:\Program Files (x86)\Google
2012-05-02 21:36 - 2011-09-16 16:27 - 0000000 ____D C:\Users\OB\AppData\Local\Google
2012-05-02 10:08 - 2012-04-18 17:02 - 0000000 ____D C:\Adobe CS4
2012-05-02 09:43 - 2012-05-02 09:43 - 0036868 ____A C:\Program Files (x86)\uninst-Particular.exe
2012-05-02 09:43 - 2012-05-02 09:43 - 0000000 ____D C:\Program Files (x86)\Trapcode
2012-05-02 09:43 - 2012-05-02 09:43 - 0000000 ____D C:\Presets
2012-05-01 22:45 - 2012-05-01 22:10 - 852116547 ____A C:\Users\OB\Documents\sitroom.mov
2012-05-01 22:10 - 2012-05-01 22:10 - 0000286 ____A C:\Users\OB\Documents\sitroom.mov.#res
2012-05-01 21:03 - 2012-05-01 21:03 - 0243872 ____A C:\Users\OB\Documents\Earthcomp2180.aep
2012-05-01 21:02 - 2012-05-01 21:01 - 2488383842 ____A C:\Users\OB\Documents\EarthSattelite.avi
2012-05-01 20:22 - 2012-05-01 18:23 - 1357229148 ____A C:\Users\OB\Documents\earthani.mov
2012-05-01 18:23 - 2012-05-01 18:23 - 0000286 ____A C:\Users\OB\Documents\earthani.mov.#res
2012-05-01 18:23 - 2012-05-01 18:23 - 0000000 ____A C:\Users\OB\Documents\QTimeTmp.AVI
2012-05-01 18:12 - 2011-05-30 22:37 - 0000000 ____D C:\Users\OB\Documents\3dsmax
2012-05-01 08:52 - 2012-04-30 11:45 - 0000000 ____D C:\Users\OB\Documents\EarthImages
2012-05-01 08:42 - 2012-04-30 19:51 - 0089282 ____A C:\Users\OB\Documents\EarthZoom.aep
2012-04-30 11:31 - 2011-05-24 16:31 - 0000000 ____D C:\Users\OB\AppData\LocalLow
2012-04-30 11:30 - 2012-04-30 11:30 - 0002212 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-04-29 18:38 - 2011-05-30 21:12 - 0000000 ____D C:\Users\OB\AppData\Local\Autodesk
2012-04-29 18:21 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-04-29 18:13 - 2012-04-29 18:13 - 0000000 ____D C:\Program Files (x86)\Auslogics
2012-04-29 18:13 - 2012-04-29 17:59 - 0001239 ____A C:\Users\OB\Desktop\Auslogics BoostSpeed.lnk
2012-04-28 09:54 - 2011-05-24 16:31 - 0000000 ____D C:\users\OB
2012-04-28 09:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-28 02:58 - 2012-04-27 19:52 - 0000000 __SHD C:\Users\All Users\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-04-28 02:58 - 2012-04-27 19:52 - 0000000 __SHD C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-04-28 02:58 - 2012-04-25 10:02 - 0000000 ____D C:\Program Files (x86)\AMD APP
2012-04-28 02:58 - 2012-04-25 09:16 - 0000000 ____D C:\Users\All Users\FLEXnet
2012-04-28 02:58 - 2012-04-25 09:16 - 0000000 ____D C:\ProgramData\FLEXnet
2012-04-28 02:58 - 2011-12-23 00:16 - 0000000 ____D C:\Users\All Users\e-onsoftware
2012-04-28 02:58 - 2011-12-23 00:16 - 0000000 ____D C:\ProgramData\e-onsoftware
2012-04-28 02:58 - 2011-06-07 08:32 - 0000000 ____D C:\Users\OB\AppData\Roaming\Winamp
2012-04-28 02:58 - 2011-06-05 13:45 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-04-28 02:58 - 2011-05-30 21:11 - 0000000 ____D C:\Program Files\Common Files\Autodesk Shared
2012-04-28 02:58 - 2011-05-30 17:43 - 0000000 ____D C:\Program Files (x86)\DAEMON Tools Toolbar
2012-04-28 02:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-04-28 02:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-04-28 02:57 - 2012-01-07 00:17 - 0000000 ____D C:\Program Files (x86)\SlySoft
2012-04-28 02:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-28 02:56 - 2012-04-27 16:22 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-28 02:54 - 2012-04-27 19:52 - 0000000 ____D C:\Users\All Users\TuneUp Software
2012-04-28 02:54 - 2012-04-27 19:52 - 0000000 ____D C:\ProgramData\TuneUp Software
2012-04-28 02:54 - 2012-04-25 01:19 - 0000000 ____D C:\Program Files\Common Files\Macrovision Shared
2012-04-28 02:54 - 2011-05-30 17:01 - 0000000 ____D C:\Program Files\Autodesk
2012-04-28 02:52 - 2012-04-27 15:48 - 0000000 ____D C:\Program Files (x86)\DLLSuite
2012-04-28 02:52 - 2011-05-30 19:04 - 0000000 ____D C:\Program Files (x86)\Autodesk
2012-04-28 02:51 - 2012-04-25 10:02 - 0000000 ____D C:\Program Files (x86)\AMD AVT
2012-04-28 02:51 - 2010-10-21 05:22 - 0000000 ____D C:\AMD
2012-04-28 02:21 - 2012-04-27 19:52 - 0000000 ____D C:\Program Files (x86)\TuneUp Utilities 2012
2012-04-27 23:36 - 2012-04-27 23:23 - 0000000 ____D C:\Program Files (x86)\RegistryNuke 2012
2012-04-27 19:52 - 2012-04-27 19:52 - 0000000 ____D C:\Users\OB\AppData\Roaming\TuneUp Software
2012-04-27 19:52 - 2012-04-27 19:43 - 33925520 ____A (TuneUp Software) C:\Users\OB\Downloads\TuneUpUtilities2012_en-US.exe
2012-04-27 19:31 - 2012-04-27 19:30 - 0026448 ____A C:\Windows\diagwrn.xml
2012-04-27 19:31 - 2012-04-27 19:30 - 0001908 ____A C:\Windows\diagerr.xml
2012-04-27 18:22 - 2012-04-27 18:22 - 0000000 ____D C:\Windows\system64
2012-04-27 10:43 - 2012-04-27 10:43 - 0001814 ____A C:\Users\OB\Documents\dump.txt
2012-04-27 10:16 - 2012-04-25 01:11 - 0773030 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-27 10:08 - 2012-04-26 22:35 - 0026981 ____A C:\Users\OB\AppData\Local\Temp20.html
2012-04-27 10:07 - 2011-12-09 10:00 - 0000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-04-27 10:04 - 2012-04-27 10:46 - 1944379 ____A C:\Users\OB\Documents\memtestresults.jpg
2012-04-26 22:53 - 2012-04-26 22:53 - 0127860 ____A C:\Users\OB\Downloads\memtest86+-4.20.usb.installer.zip
2012-04-26 22:07 - 2011-05-30 22:52 - 0000000 ____D C:\Program Files (x86)\DCPFLICS
2012-04-26 16:36 - 2009-07-13 18:34 - 0000466 ____A C:\Windows\win.ini
2012-04-25 10:02 - 2012-04-25 10:02 - 0000000 ____D C:\Users\All Users\ATI
2012-04-25 10:02 - 2012-04-25 10:02 - 0000000 ____D C:\Users\All Users\AMD
2012-04-25 10:02 - 2012-04-25 10:02 - 0000000 ____D C:\ProgramData\ATI
2012-04-25 10:02 - 2012-04-25 10:02 - 0000000 ____D C:\ProgramData\AMD
2012-04-25 10:01 - 2011-05-30 18:49 - 0000000 ____D C:\Program Files\ATI Technologies
2012-04-25 09:57 - 2012-04-25 09:31 - 160889928 ____A (Advanced Micro Devices, Inc.) C:\Users\OB\Downloads\12-4_vista_win7_64_dd_ccc.exe
2012-04-25 09:16 - 2011-05-30 22:37 - 0000000 ____D C:\Users\OB\AppData\Roaming\Autodesk
2012-04-25 09:16 - 2011-05-30 21:11 - 0000000 ____D C:\Users\All Users\Autodesk
2012-04-25 09:16 - 2011-05-30 21:11 - 0000000 ____D C:\ProgramData\Autodesk
2012-04-25 01:18 - 2012-04-25 01:18 - 0001966 ____A C:\Users\Public\Desktop\Autodesk 3ds Max 2013 64-bit.lnk
2012-04-25 01:16 - 2009-07-13 18:34 - 0017832 ____A C:\Windows\System32\Drivers\etc\services
2012-04-23 12:18 - 2012-05-10 19:20 - 0092896 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
2012-04-23 12:18 - 2012-05-05 22:45 - 0251528 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-04-23 12:17 - 2012-05-10 19:20 - 0014776 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix64.sys
2012-04-23 12:12 - 2012-05-10 19:20 - 0341168 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
2012-04-23 12:12 - 2012-05-10 19:20 - 0145432 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
2012-04-23 11:11 - 2012-05-10 19:31 - 0706776 ____S (PC Tools) C:\Windows\System32\Drivers\TfSysMon.sys
2012-04-23 11:11 - 2012-05-10 19:31 - 0065664 ____S (PC Tools) C:\Windows\System32\Drivers\TfFsMon.sys
2012-04-23 11:11 - 2012-05-10 19:31 - 0041968 ____S (PC Tools) C:\Windows\System32\Drivers\TfNetMon.sys
2012-04-23 10:36 - 2012-05-10 19:14 - 0426616 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore64.sys
2012-04-23 09:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-04-23 09:18 - 2012-04-20 21:38 - 0000000 ____D C:\Program Files (x86)\Outsim
2012-04-23 09:18 - 2011-12-01 11:45 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-23 09:18 - 2011-12-01 11:45 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-23 09:17 - 2012-04-22 21:07 - 0000000 ____D C:\Autodesk
2012-04-20 21:39 - 2012-04-20 21:39 - 1700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2012-04-20 21:38 - 2012-04-20 21:38 - 0000000 ____D C:\Users\OB\Documents\Image-Line
2012-04-19 20:08 - 2012-04-19 20:08 - 0080672 ____A C:\Users\OB\Documents\FirstPOVmuzzleTest.aep
2012-04-19 19:58 - 2012-04-19 19:58 - 421520744 ____A C:\Users\OB\Documents\2012-04-19_18-45-30_336_1.avi
2012-04-19 19:57 - 2012-04-19 19:57 - 29786432 ____A C:\Users\OB\Documents\2012-04-19_18-45-30_336_1.mov
2012-04-19 19:53 - 2012-04-19 19:52 - 90775252 ____A C:\Users\OB\Documents\2012-04-19_18-45-30_336.avi
2012-04-19 16:46 - 2012-04-19 16:49 - 12308805 ____A C:\Users\OB\Documents\2012-04-19_18-45-30_336.3gp
2012-04-18 17:21 - 2012-04-13 23:07 - 37053704 ____A C:\Users\OB\Documents\ImprovednukeMT.avi
2012-04-18 17:07 - 2012-04-13 20:17 - 25079188 ____A C:\Users\OB\Documents\LCView.mp4
2012-04-18 17:04 - 2012-04-18 17:04 - 0001064 ____A C:\Users\OB\Desktop\Portable After Effects CS4 - Shortcut.lnk
2012-04-14 05:37 - 2012-04-12 14:29 - 0000000 ____D C:\Users\OB\Documents\CellPhoneFootage
2012-04-13 21:58 - 2012-04-13 21:58 - 0000034 ____A C:\Users\OB\Documents\Untitled.avi.sfl
2012-04-13 21:58 - 2012-04-13 21:54 - 1401312256 ____A C:\Users\OB\Documents\Untitled.avi
2012-04-13 21:50 - 2012-04-13 21:48 - 0123905 ____A C:\Users\OB\Documents\retry.ms
2012-04-13 21:40 - 2012-04-13 21:40 - 8788703 ____A C:\Users\OB\Documents\Untitled.mov
2012-04-13 21:40 - 2012-04-12 14:33 - 0000034 ____A C:\Users\OB\Documents\Untitled.mov.sfl
2012-04-13 21:29 - 2012-04-13 21:19 - 0000000 ____A C:\Users\OB\Documents\NewMotionTrack.ms
2012-04-13 12:28 - 2012-05-10 19:20 - 2271160 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
2012-04-13 12:28 - 2012-05-10 19:20 - 1681336 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
2012-04-13 12:28 - 2012-05-10 19:20 - 0767928 ____A C:\Windows\BDTSupport.dll
2012-04-13 12:28 - 2012-05-10 19:20 - 0149432 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
2012-04-13 12:28 - 2012-05-10 19:20 - 0085192 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD64.sys
2012-04-13 11:55 - 2012-05-10 19:20 - 0003488 ____A C:\Windows\UDB.zip
2012-04-13 11:55 - 2012-05-10 19:20 - 0000882 ____A C:\Windows\RegSDImport.xml
2012-04-13 11:55 - 2012-05-10 19:20 - 0000879 ____A C:\Windows\RegISSImport.xml
2012-04-13 11:55 - 2012-05-10 19:20 - 0000131 ____A C:\Windows\IDB.zip
2012-04-13 11:03 - 2012-02-26 14:00 - 0000000 ____D C:\Users\OB\AppData\Roaming\Apple Computer
2012-04-13 00:13 - 2011-06-17 10:23 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-12 14:58 - 2012-04-12 14:44 - 0064359 ____A C:\Users\OB\Documents\Untitled Project.ms
2012-04-12 14:51 - 2012-04-12 14:51 - 0058196 ____A C:\Users\OB\Documents\Untitled Project.ban
2012-04-12 14:43 - 2012-04-12 14:42 - 0064444 ____A C:\Users\OB\Documents\Abomb.ms
2012-04-12 14:33 - 2012-04-12 14:33 - 8696071 ____A C:\Users\OB\Documents\RPABMB.mov
2012-04-12 14:28 - 2012-04-12 14:28 - 0000000 ____D C:\Users\OB\AppData\Local\MPlayer
2012-04-11 21:58 - 2011-10-02 13:27 - 0000000 ____D C:\Program Files (x86)\EA GAMES
2012-04-11 10:22 - 2012-04-11 00:00 - 0000000 ____D C:\Users\OB\Documents\ActionEssentials2
2012-04-11 10:21 - 2012-04-10 23:48 - 0000000 ____D C:\Users\OB\Documents\ExternalHDD Backup
2012-04-08 21:20 - 2011-06-16 19:12 - 0000000 ____D C:\Users\OB\AppData\Local\ArmA 2 OA
2012-04-06 16:57 - 2012-04-06 16:38 - 120613685 ____A C:\Users\OB\Downloads\11.+Muzzle_Flashes.rar.zlpr9ma.partial
2012-04-05 21:22 - 2012-04-05 21:22 - 11174400 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-04-05 20:34 - 2012-04-05 20:34 - 0187392 ____A C:\Windows\System32\clinfo.exe
2012-04-05 20:34 - 2012-04-05 20:34 - 0074752 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-04-05 20:34 - 2012-04-05 20:34 - 0064512 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-04-05 20:33 - 2012-04-05 20:33 - 16457216 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-04-05 20:33 - 2012-04-05 20:33 - 0063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-04-05 20:33 - 2012-04-05 20:33 - 0056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-04-05 20:32 - 2012-04-05 20:32 - 13007872 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-04-05 20:32 - 2012-04-05 20:32 - 0054784 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-04-05 20:32 - 2012-04-05 20:32 - 0050176 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-04-05 18:23 - 2012-04-05 18:23 - 0245896 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-04-05 18:23 - 2012-04-05 18:23 - 0245896 ____A C:\Windows\System32\atiapfxx.blb
2012-04-05 18:22 - 2012-04-05 18:22 - 0159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-04-05 18:21 - 2011-04-19 18:09 - 0909312 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-04-05 18:20 - 2011-04-19 18:07 - 1067520 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-04-05 18:16 - 2012-04-05 18:16 - 0503808 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-04-05 18:16 - 2012-04-05 18:16 - 0442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-04-05 18:16 - 2012-04-05 18:16 - 0236544 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-04-05 18:14 - 2012-04-05 18:14 - 0120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 0059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 0043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 0021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-04-05 18:13 - 2011-04-19 17:59 - 6800896 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-04-05 18:10 - 2012-04-05 18:10 - 26181632 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-04-05 18:00 - 2011-04-19 17:27 - 0064000 ____A (AMD) C:\Windows\System32\coinst.dll
2012-04-05 17:54 - 2011-04-19 17:49 - 7479296 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-04-05 17:50 - 2012-04-05 17:50 - 19753984 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-04-05 17:35 - 2012-04-05 17:35 - 1120768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
2012-04-05 17:34 - 2012-04-05 17:34 - 6203392 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-04-05 17:34 - 2012-04-05 17:34 - 4731904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-04-05 17:34 - 2012-04-05 17:34 - 1831424 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 0051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 0046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 0044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 0044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-04-05 17:29 - 2012-04-05 17:29 - 2631008 ____A C:\Windows\System32\atiumd6a.cap
2012-04-05 17:29 - 2012-04-05 17:29 - 16090624 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-04-05 17:29 - 2012-04-05 17:29 - 0204952 ____A C:\Windows\SysWOW64\ativvsvl.dat
2012-04-05 17:29 - 2012-04-05 17:29 - 0204952 ____A C:\Windows\System32\ativvsvl.dat
2012-04-05 17:29 - 2012-04-05 17:29 - 0157144 ____A C:\Windows\SysWOW64\ativvsva.dat
2012-04-05 17:29 - 2012-04-05 17:29 - 0157144 ____A C:\Windows\System32\ativvsva.dat
2012-04-05 17:25 - 2012-04-05 17:25 - 13764096 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-04-05 17:23 - 2012-04-05 17:23 - 7431680 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-04-05 17:22 - 2012-04-05 17:22 - 4795904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-04-05 17:21 - 2012-04-05 17:21 - 2664704 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-04-05 17:11 - 2012-04-05 17:11 - 0514560 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 0360448 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 0041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 0017408 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 0014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 0014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-04-05 17:10 - 2012-04-05 17:10 - 0343040 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-04-05 17:10 - 2012-04-05 17:10 - 0033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-04-05 17:09 - 2012-04-05 17:09 - 0053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-04-05 17:09 - 2012-04-05 17:09 - 0032256 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-04-05 17:09 - 2011-04-19 17:21 - 0054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-04-05 17:09 - 2011-04-19 17:21 - 0044544 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-04-05 17:09 - 2011-04-19 17:21 - 0041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 0054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 0054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 0053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 0053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-04-04 13:56 - 2012-05-05 13:20 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-31 23:02 - 2012-03-31 23:02 - 0022670 ____A C:\Users\OB\Documents\HIBH38L74RGCHAXCIXJAG_SSPUSADV.pdf
2012-03-29 01:12 - 2011-11-15 12:10 - 0012754 ____A C:\Users\OB\Desktop\hs_err_pid3384.log
2012-03-27 17:16 - 2012-05-07 08:42 - 0272629 ____A C:\Windows\System32\Drivers\RTAIODAT.DAT
2012-03-27 15:03 - 2012-05-07 08:42 - 4015592 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2012-03-24 00:38 - 2012-03-24 00:38 - 0022628 ____A C:\Users\OB\Documents\3-16-12bc.pdf
2012-03-24 00:37 - 2012-03-24 00:37 - 0022632 ____A C:\Users\OB\Documents\3-9-12bc.pdf
2012-03-24 00:35 - 2012-03-24 00:35 - 0022624 ____A C:\Users\OB\Documents\3-2-12bc.pdf
2012-03-24 00:34 - 2012-03-24 00:34 - 0022594 ____A C:\Users\OB\Documents\2-24-12bc.pdf
2012-03-24 00:34 - 2012-03-24 00:34 - 0000000 ____D C:\Users\OB\AppData\Roaming\Go PDF Reader
2012-03-24 00:28 - 2012-03-24 00:28 - 0000000 ____D C:\Program Files (x86)\Go PDF Reader
2012-03-24 00:16 - 2012-03-24 00:16 - 0022621 ____A C:\Users\OB\Desktop\MICYD4L14RGHUQMQKSWFA_SSPUSADV.pdf
2012-03-24 00:15 - 2012-03-24 00:15 - 0022621 ____A C:\Users\OB\Downloads\HRVKOIL14RGQARBVGQQ_SSPUSADV.pdf
2012-03-24 00:12 - 2012-03-24 00:12 - 0022710 ____A C:\Users\OB\Documents\bc1.pdf
2012-03-22 19:54 - 2012-03-22 19:53 - 39026412 ____A C:\Users\OB\Documents\CH 2-2011-12-15-11-03-58.avi
2012-03-22 19:53 - 2012-03-22 19:53 - 34420864 ____A C:\Users\OB\Documents\CH10-2011-12-15-11-03-58.avi
2012-03-22 19:45 - 2012-03-22 19:45 - 0000000 ____D C:\Program Files (x86)\SuperPlay
2012-03-20 10:54 - 2012-03-20 10:50 - 40232068 ____A C:\Users\OB\Downloads\10262001_George_W_Bush_signs_the_Patriot_Act.mp4
2012-03-20 10:37 - 2012-03-20 10:37 - 0000000 ____D C:\Users\OB\AppData\Local\Apple Computer
2012-03-20 10:36 - 2012-03-20 10:36 - 3304964 ____A C:\Users\OB\Downloads\WTC_World_Trade_Center_Crash.mp4
2012-03-20 08:47 - 2012-05-07 08:42 - 3608680 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
2012-03-19 17:01 - 2012-05-07 08:42 - 0102504 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll
2012-03-17 12:07 - 2012-03-17 12:06 - 6863131 ____A C:\Users\OB\Downloads\Rage Against The Machine - Testify (Live SWU Music and Arts Festival,Brazil 2010)-[www_flv2mp3_com].mp3
2012-03-16 14:25 - 2012-05-07 08:42 - 2670696 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
2012-03-13 09:21 - 2012-05-07 08:42 - 1251432 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
2012-03-09 12:07 - 2012-03-09 12:07 - 0029184 ____A C:\Windows\System32\kdbsdk64.dll
2012-03-09 12:06 - 2012-03-09 12:06 - 0024576 ____A C:\Windows\SysWOW64\kdbsdk32.dll
2012-03-08 09:47 - 2012-05-07 08:42 - 0202336 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll
2012-03-08 09:47 - 2012-05-07 08:42 - 0108640 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAR64.dll
2012-03-07 09:09 - 2012-05-07 08:42 - 0824424 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
2012-03-05 22:53 - 2012-04-13 00:14 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-05 21:59 - 2012-04-13 00:14 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-05 21:59 - 2012-04-13 00:14 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-05 14:15 - 2012-03-05 14:15 - 0038159 ____A C:\Windows\atiogl.xml
2012-03-02 17:48 - 2011-08-22 20:37 - 0002768 ____A C:\Users\OB\Documents\Register Vegas Pro.htm
2012-03-02 17:45 - 2011-08-22 20:35 - 0000000 ____D C:\Users\OB\AppData\Roaming\Sony
2012-03-02 17:45 - 2011-08-22 20:32 - 0000000 ____D C:\Program Files (x86)\Sony
2012-03-01 10:58 - 2012-03-01 10:58 - 0000000 ____D C:\Windows\SysWOW64\spool
2012-02-29 22:46 - 2012-04-11 23:00 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:38 - 2012-04-11 23:00 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:33 - 2012-04-11 23:00 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:28 - 2012-04-11 23:00 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:37 - 2012-04-11 23:00 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:33 - 2012-04-11 23:00 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:29 - 2012-04-11 23:00 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-29 15:59 - 2012-05-07 08:42 - 0626264 ____A (Creative Technology Ltd.) C:\Windows\System32\MBTHX64.dll
2012-02-29 15:59 - 2012-05-07 08:42 - 0561752 ____A (Creative Technology Ltd.) C:\Windows\SysWOW64\MBTHX32.dll
2012-02-28 09:43 - 2012-05-10 19:14 - 1096176 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA64.sys
2012-02-28 09:43 - 2012-05-10 19:14 - 0453896 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS64.sys
2012-02-27 23:34 - 2012-04-13 00:14 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-04-13 00:14 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-04-13 00:14 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-04-13 00:14 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-04-13 00:14 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-04-13 00:14 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-04-13 00:14 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-04-13 00:14 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-04-13 00:14 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-04-13 00:14 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-04-13 00:14 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-04-13 00:14 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-04-13 00:14 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 17:52 - 2012-04-13 00:14 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-04-13 00:14 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-04-13 00:14 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-04-13 00:14 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-04-13 00:14 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-04-13 00:14 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-04-13 00:14 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-04-13 00:14 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-04-13 00:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-04-13 00:14 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-04-13 00:14 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-04-13 00:14 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-04-13 00:14 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-24 13:28 - 2012-02-24 13:26 - 0138578 ____A C:\Users\OB\Documents\A 357.mp4
2012-02-24 13:19 - 2012-02-24 13:01 - 0040363 ____A C:\Users\OB\Documents\A Pearl 357.mp4
2012-02-24 13:11 - 2012-02-24 13:11 - 0001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-02-24 13:11 - 2012-02-24 13:11 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-02-24 13:11 - 2012-02-24 13:11 - 0000000 ____D C:\ProgramData\Apple Computer
2012-02-24 13:11 - 2012-02-24 13:11 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-02-24 13:07 - 2012-02-24 13:07 - 0000000 ____D C:\Users\OB\AppData\Local\Apple
2012-02-24 13:07 - 2012-02-24 13:07 - 0000000 ____D C:\Users\All Users\Apple
2012-02-24 13:07 - 2012-02-24 13:07 - 0000000 ____D C:\ProgramData\Apple
2012-02-24 13:07 - 2012-02-24 13:07 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-02-24 12:56 - 2012-02-24 12:45 - 140605365 ____A C:\Users\OB\Documents\Untitled.wmv
2012-02-24 12:22 - 2012-02-24 12:20 - 0689056 ____A C:\Users\OB\Documents\355 - Clip 001.avi.sfk
2012-02-24 12:20 - 2012-02-24 12:12 - 1745690624 ____A C:\Users\OB\Documents\355 - Clip 001.avi
2012-02-24 12:20 - 2011-12-09 16:50 - 0006320 ____A C:\Users\OB\Documents\Default.sfvidcap
2012-02-23 08:18 - 2011-06-05 13:41 - 0279656 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-23 04:32 - 2012-02-23 04:32 - 0095760 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\AtihdW76.sys
2012-02-22 20:34 - 2012-02-22 20:33 - 0003681 ____A C:\Users\OB\Documents\BethMar2012Resume.rtf
2012-02-21 17:45 - 2012-05-07 08:42 - 2605400 ____A (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib.dll
2012-02-21 12:26 - 2012-05-07 08:42 - 2528832 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll
2012-02-16 22:38 - 2012-03-14 15:30 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:39 - 2011-06-18 22:53 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-16 21:34 - 2012-03-14 15:30 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-14 15:30 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-14 15:30 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 11:42 - 2012-05-07 10:58 - 0676968 ____A (Realtek ) C:\Windows\System32\Drivers\Rt64win7.sys
2012-02-16 11:42 - 2012-05-07 10:58 - 0107624 ____A (Realtek Semiconductor Corporation) C:\Windows\System32\RTNUninst64.dll
2012-02-16 11:42 - 2012-05-07 10:58 - 0074344 ____A (Realtek Semiconductor Corporation) C:\Windows\System32\RtNicProp64.dll
2012-02-15 02:22 - 2011-05-24 16:32 - 0000174 ___SH C:\Users\OB\Start Menu\Programs\Startup\desktop.ini
2012-02-15 02:22 - 2011-05-24 16:32 - 0000174 ___SH C:\Users\OB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-13 20:35 - 2012-05-07 08:42 - 0978776 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPOShell64.dll
2012-02-13 15:39 - 2011-06-10 21:52 - 0000000 ____D C:\Users\OB\AppData\Local\Microsoft Games

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 8182.97 MB
Available physical RAM: 7093.63 MB
Total Pagefile: 8181.12 MB
Available Pagefile: 7090.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:689.47 GB) (Free:515.35 GB) NTFS
2 Drive e: (WIN_7_HOMEPREMIUM) (CDROM) (Total:5.75 GB) (Free:0 GB) UDF
3 Drive f: (MULTIBOOT) (Removable) (Total:7.47 GB) (Free:7.47 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (RECOVERY) (Fixed) (Total:9.12 GB) (Free:3.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 Online 7663 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 9 GB 40 MB
Partition 3 Primary 689 GB 9 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 9 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 689 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 7663 MB 0 B

======================================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================
==========================================================
TDL4: custom:26000022 <===== ATTENTION!


==========================================================

Last Boot: 2012-05-09 11:01

======================= End Of Log ==========================



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:18 PM

Posted 12 May 2012 - 03:09 PM

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
cmd: bootrec /FixMbr
cmd: bootrec /fixboot
TDL4: custom:26000022 <===== ATTENTION!
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 bkajiki

bkajiki
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico
  • Local time:07:18 PM

Posted 12 May 2012 - 04:14 PM

I'll be sure to try this, as soon as I get home from work. Much appreciation CatByte..thanks for the speedy reply, I'll post my results when I get home.

-Thanks..

#4 bkajiki

bkajiki
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico
  • Local time:07:18 PM

Posted 12 May 2012 - 09:07 PM

CatByte,

Wow..beyond awesome it booted up right away. Continuing on with the next step with combo fix. Here are the logs from the fixlog...down below.

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 11-05-2012
Ran by SYSTEM at 2012-05-12 21:00:14 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.

========= bootrec /FixMbr =========

 ■T h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


========= bootrec /fixboot =========

 ■T h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


The operation completed successfully.
The operation completed successfully.

==== End of Fixlog ====



#5 bkajiki

bkajiki
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico
  • Local time:07:18 PM

Posted 12 May 2012 - 09:37 PM

Hey there CatByte just finished doing the ComboFix run, it BSOD'ed me in Normal Windows so I booted in safe mode everything ran smoothly here are the log files:

ComboFix 12-05-12.01 - OB 05/12/2012 21:20:06.1.8 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.7036 [GMT -6:00]
Running from: I:\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\svchost.exe
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\SET7426.tmp
c:\windows\SysWow64\SET7536.tmp
c:\windows\SysWow64\SET7619.tmp
c:\windows\SysWow64\tmp7F7B.tmp
c:\windows\SysWow64\tmp8037.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-13 to 2012-05-13 )))))))))))))))))))))))))))))))
.
.
2012-05-13 03:23 . 2012-05-13 03:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-12 22:11 . 2012-05-12 22:12 -------- d-----w- C:\FRST
2012-05-11 09:04 . 2012-05-11 09:04 536870912 --sha-w- C:\WinPEpge.sys
2012-05-11 09:03 . 2012-05-11 09:03 -------- d-----w- C:\$WINDOWS.~BT
2012-05-11 03:31 . 2012-04-23 19:11 706776 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2012-05-11 03:31 . 2012-04-23 19:11 65664 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2012-05-11 03:31 . 2012-04-23 19:11 41968 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2012-05-11 03:20 . 2012-04-13 20:28 85192 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-05-11 03:20 . 2012-04-13 20:28 149432 ----a-w- c:\windows\SGDetectionTool.dll
2012-05-11 03:20 . 2012-04-13 20:28 2271160 ----a-w- c:\windows\PCTBDCore.dll
2012-05-11 03:20 . 2012-04-13 20:28 1681336 ----a-w- c:\windows\PCTBDRes.dll
2012-05-11 03:20 . 2012-04-13 20:28 767928 ----a-w- c:\windows\BDTSupport.dll
2012-05-11 03:20 . 2012-04-23 20:12 145432 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-05-11 03:20 . 2012-04-23 20:12 341168 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-05-11 03:20 . 2012-04-23 20:17 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2012-05-11 03:20 . 2012-04-23 20:18 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2012-05-11 03:14 . 2012-02-28 17:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-05-11 03:14 . 2012-02-28 17:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-05-11 03:14 . 2012-04-23 18:36 426616 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2012-05-07 19:09 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2012-05-07 19:07 . 2012-05-07 19:09 -------- d-----w- c:\program files (x86)\Image-Line
2012-05-07 18:58 . 2012-02-16 19:42 74344 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-05-07 18:58 . 2012-02-16 19:42 676968 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-05-07 18:58 . 2012-02-16 19:42 107624 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-05-07 16:56 . 2012-05-07 16:56 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-05-07 16:53 . 2012-05-07 18:58 -------- d-----w- c:\windows\SysWow64\sda
2012-05-07 16:53 . 2010-09-07 23:40 1976920 ----a-w- c:\windows\SysWow64\xRaidSetup.exe
2012-05-07 16:53 . 2010-09-07 23:40 162392 ----a-w- c:\windows\SysWow64\xRaidAPI.dll
2012-05-07 16:53 . 2012-05-07 18:59 -------- d-----w- c:\windows\RaidTool
2012-05-07 16:52 . 2012-05-07 16:52 -------- d-----w- c:\program files (x86)\JMicron
2012-05-07 16:48 . 2012-05-07 16:48 -------- d-----w- c:\users\OB\AppData\Roaming\Intel Corporation
2012-05-07 16:48 . 2011-05-19 21:55 120920 ----a-w- c:\windows\system32\drivers\jraid.sys
2012-05-07 16:48 . 2011-11-30 21:53 26200 ----a-w- c:\windows\system32\drivers\johci.sys
2012-05-07 16:44 . 2012-01-16 17:06 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-05-07 16:43 . 2012-02-01 22:16 568600 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-05-07 16:43 . 2012-05-07 16:44 -------- d-----w- c:\program files (x86)\Intel
2012-05-07 16:39 . 2012-05-07 16:39 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2012-05-07 16:39 . 2005-04-04 05:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2012-05-07 16:39 . 2005-04-04 05:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2012-05-07 16:39 . 2005-04-04 05:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2012-05-07 16:39 . 2005-04-04 05:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2012-05-07 16:39 . 2005-04-04 05:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2012-05-07 16:39 . 2005-04-04 04:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2012-05-07 16:39 . 2012-05-07 16:39 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2012-05-07 16:37 . 2012-05-07 18:58 -------- d-----w- c:\program files (x86)\Realtek
2012-05-07 16:37 . 2010-10-30 05:11 9888360 ----a-w- c:\windows\SysWow64\RtsUStoricon.dll
2012-05-07 16:37 . 2010-10-30 05:11 422504 ----a-w- c:\windows\system32\RtsUStor.dll
2012-05-07 16:37 . 2010-10-30 05:11 250984 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2012-05-07 16:16 . 2012-05-07 16:16 -------- d-----w- c:\program files (x86)\Driver-Soft
2012-05-07 15:58 . 2012-05-07 16:17 -------- d-----w- c:\programdata\DriverGenius
2012-05-07 15:35 . 2012-05-07 15:35 -------- d-----w- c:\users\OB\AppData\Local\Mozilla
2012-05-07 15:35 . 2012-05-07 15:35 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-06 07:07 . 2012-05-11 03:20 -------- d-----w- c:\program files (x86)\PC Tools
2012-05-06 07:00 . 2012-05-06 07:00 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-06 06:45 . 2012-05-11 03:21 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-05-06 06:45 . 2012-04-23 20:18 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-05-06 06:43 . 2012-05-11 03:31 -------- d-----w- c:\programdata\PC Tools
2012-05-06 06:43 . 2012-05-06 06:43 -------- d-----w- c:\users\OB\AppData\Roaming\TestApp
2012-05-05 23:47 . 2012-05-05 23:49 -------- d-----w- c:\program files (x86)\AFLICS
2012-05-05 21:20 . 2012-05-05 21:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-05 21:20 . 2012-04-04 21:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-02 17:43 . 2012-05-02 17:43 36868 ----a-w- c:\program files (x86)\uninst-Particular.exe
2012-05-02 17:43 . 2012-05-02 17:43 -------- d-----w- C:\Presets
2012-05-02 17:43 . 2012-05-02 17:43 -------- d-----w- c:\program files (x86)\Trapcode
2012-04-30 02:13 . 2012-04-30 02:13 -------- d-----w- c:\program files (x86)\Auslogics
2012-04-30 02:00 . 2012-05-07 19:16 -------- d-----w- c:\users\OB\AppData\Roaming\Auslogics
2012-04-28 07:23 . 2012-04-28 07:36 -------- d-----w- c:\program files (x86)\RegistryNuke 2012
2012-04-28 03:52 . 2012-04-28 03:52 -------- d-----w- c:\users\OB\AppData\Roaming\TuneUp Software
2012-04-28 03:52 . 2012-04-28 10:21 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
2012-04-28 03:52 . 2012-04-28 10:54 -------- d-----w- c:\programdata\TuneUp Software
2012-04-28 03:52 . 2012-04-28 10:58 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-04-28 03:52 . 2012-04-28 03:52 -------- d--h--w- c:\programdata\Common Files
2012-04-28 02:22 . 2012-04-28 02:22 -------- d-----we c:\windows\system64
2012-04-28 00:22 . 2012-05-09 23:48 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-28 00:22 . 2012-04-28 10:56 -------- d-----w- c:\windows\system32\Macromed
2012-04-27 23:48 . 2012-04-28 10:52 -------- d-----w- c:\program files (x86)\DLLSuite
2012-04-27 19:40 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48D8D698-EF9B-424A-8B32-250DE5196B15}\mpengine.dll
2012-04-27 06:30 . 2012-05-05 02:26 -------- d-----w- c:\program files\WhoCrashed
2012-04-25 18:02 . 2012-04-25 18:02 -------- d-----w- c:\programdata\ATI
2012-04-25 18:02 . 2012-04-28 10:51 -------- d-----w- c:\program files (x86)\AMD AVT
2012-04-25 18:02 . 2012-04-25 18:02 -------- d-----w- c:\programdata\AMD
2012-04-25 18:02 . 2012-04-28 10:58 -------- d-----w- c:\program files (x86)\AMD APP
2012-04-25 17:16 . 2012-04-28 10:58 -------- d-----w- c:\programdata\FLEXnet
2012-04-25 09:19 . 2012-04-28 10:54 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-04-23 05:07 . 2012-04-23 17:17 -------- d-----w- C:\Autodesk
2012-04-21 05:39 . 2012-04-21 05:39 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-04-21 05:38 . 2012-05-07 19:09 -------- d-----w- c:\program files (x86)\Vstplugins
2012-04-21 05:38 . 2006-06-20 08:56 225280 ----a-w- c:\windows\SysWow64\rewire.dll
2012-04-21 05:38 . 2012-04-23 17:18 -------- d-----w- c:\program files (x86)\Outsim
2012-04-19 01:02 . 2012-05-02 18:08 -------- d-----w- C:\Adobe CS4
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 23:48 . 2011-06-05 21:45 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-13 19:55 . 2012-05-11 03:20 3488 ----a-w- c:\windows\UDB.zip
2012-04-13 19:55 . 2012-05-11 03:20 131 ----a-w- c:\windows\IDB.zip
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 04:34 . 2012-04-06 04:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 04:34 . 2012-04-06 04:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 04:34 . 2012-04-06 04:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 04:33 . 2012-04-06 04:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 04:33 . 2012-04-06 04:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 04:33 . 2012-04-06 04:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 04:32 . 2012-04-06 04:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 04:32 . 2012-04-06 04:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-06 04:32 . 2012-04-06 04:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2011-04-20 02:09 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2011-04-20 02:07 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2011-04-20 01:59 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-04-20 01:27 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2011-04-20 01:49 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-04-20 01:21 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2011-04-20 01:21 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2011-04-20 01:21 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-03-09 20:07 . 2012-03-09 20:07 29184 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-03-09 20:06 . 2012-03-09 20:06 24576 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-03-06 02:10 . 2011-10-05 16:12 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-03-06 02:08 . 2011-10-03 10:57 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-03-06 02:06 . 2011-10-03 10:52 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-03-06 02:05 . 2011-10-03 10:52 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-01 06:46 . 2012-04-12 07:00 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 07:00 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 07:00 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 07:00 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 07:00 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 07:00 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 07:00 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-27 20:37 . 2011-10-03 10:58 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-02-27 20:35 . 2011-10-05 16:11 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-02-27 20:29 . 2011-10-05 16:06 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-02-27 20:29 . 2011-10-06 15:30 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-02-23 16:18 . 2011-06-05 21:41 279656 ----a-w- c:\windows\system32\MpSigStub.exe
2012-02-23 12:32 . 2012-02-23 12:32 95760 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2012-02-17 06:38 . 2012-03-14 23:30 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 23:30 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 23:30 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 23:30 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-12-14 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-02-03 237693]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-03-22 74752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-12-14 1398440]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-10-9 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AfterFLICS v3;AfterFLICS v3;c:\program files (x86)\AFLICS\AfterFLICS.exe [2011-04-15 135170]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-04-13 575416]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 136176]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2008-03-10 65536]
R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-09-15 86016]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 257696]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-06-01 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-06-01 79360]
R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-25 1432400]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-04-23 402336]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 23:48]
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 00:27]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 00:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-27 12459112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
tgsrvc_smartagent
.
------- Supplementary Scan -------
.
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 68.28.169.132 68.28.168.132
FF - ProfilePath - c:\users\OB\AppData\Roaming\Mozilla\Firefox\Profiles\0g1inbii.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Driver Genius - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-12 21:25:22
ComboFix-quarantined-files.txt 2012-05-13 03:25
.
Pre-Run: 553,106,530,304 bytes free
Post-Run: 552,957,050,880 bytes free
.
- - End Of File - - 5024C982718AB2D1A591154A8CE57DDB



#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:18 PM

Posted 12 May 2012 - 09:45 PM

Hi,

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 bkajiki

bkajiki
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico
  • Local time:07:18 PM

Posted 12 May 2012 - 10:09 PM

I will follow the steps above; I'm currently trying to run in windows in Normal mode, but I keep receiving constant BSOD's intervals of 4mins or less Safe Mode keeps it from crashing 'as much' here are the dump files

==================================================
Dump File : 051212-20155-01.dmp
Crash Time : 5/12/2012 10:01:43 PM
Bug Check String : INVALID_KERNEL_HANDLE
Bug Check Code : 0x00000093
Parameter 1 : 00000000`000001d4
Parameter 2 : fffff8a0`00001700
Parameter 3 : fffff8a0`00003750
Parameter 4 : 00000000`00000001
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7cc80
File Description : NT Kernel & System
Product Name : Microsoft« Windows« Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17790 (win7sp1_gdr.120305-1505)
Processor : x64
Crash Address : ntoskrnl.exe+7cc80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\051212-20155-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 285,748
==================================================



#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:18 PM

Posted 12 May 2012 - 10:10 PM

ok, run it in safe mode until we remove all the malware

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 bkajiki

bkajiki
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico
  • Local time:07:18 PM

Posted 12 May 2012 - 11:33 PM

Results from the Online Scanner

C:\Users\OB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D4UGNPD7\ImageMan DLL Suite 6.04.zip_setup[1].exe a variant of Win32/DownloadGuru application cleaned by deleting - quarantined

C:\Users\OB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GE0NJF1I\82[1].htm HTML/Iframe.B.Gen virus deleted - quarantined


C:\Users\OB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D4UGNPD7\ImageMan DLL Suite 6.04.zip_setup[1].exe a variant of Win32/DownloadGuru application cleaned by deleting - quarantined

C:\Users\OB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GE0NJF1I\82[1].htm HTML/Iframe.B.Gen virus deleted - quarantined



#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:18 PM

Posted 13 May 2012 - 08:45 AM

Hi,

Please re-run ComboFix, allow it to update if it asks to do so, try running it in normal mode

(make sure all other windows are closed)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 bkajiki

bkajiki
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico
  • Local time:07:18 PM

Posted 13 May 2012 - 12:16 PM

Alrighty, Did as you asked; here are the log files from combo fix. Currently letting my computer sit idly. However this is not relevant, but I have the SWAT song stuck in my head while I await. Dun...Nun Nun Nun.

ComboFix 12-05-13.03 - OB 05/13/2012 12:03:58.2.8 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.7192 [GMT -6:00]
Running from: c:\users\OB\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-13 to 2012-05-13 )))))))))))))))))))))))))))))))
.
.
2012-05-13 18:08 . 2012-05-13 18:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-13 05:47 . 2012-05-13 05:47 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48D8D698-EF9B-424A-8B32-250DE5196B15}\offreg.dll
2012-05-12 22:11 . 2012-05-12 22:12 -------- d-----w- C:\FRST
2012-05-11 09:04 . 2012-05-11 09:04 536870912 --sha-w- C:\WinPEpge.sys
2012-05-11 09:03 . 2012-05-11 09:03 -------- d-----w- C:\$WINDOWS.~BT
2012-05-11 03:31 . 2012-04-23 19:11 706776 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2012-05-11 03:31 . 2012-04-23 19:11 65664 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2012-05-11 03:31 . 2012-04-23 19:11 41968 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2012-05-11 03:20 . 2012-04-13 20:28 85192 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-05-11 03:20 . 2012-04-13 20:28 149432 ----a-w- c:\windows\SGDetectionTool.dll
2012-05-11 03:20 . 2012-04-13 20:28 2271160 ----a-w- c:\windows\PCTBDCore.dll
2012-05-11 03:20 . 2012-04-13 20:28 1681336 ----a-w- c:\windows\PCTBDRes.dll
2012-05-11 03:20 . 2012-04-13 20:28 767928 ----a-w- c:\windows\BDTSupport.dll
2012-05-11 03:20 . 2012-04-23 20:12 145432 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-05-11 03:20 . 2012-04-23 20:12 341168 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-05-11 03:20 . 2012-04-23 20:17 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2012-05-11 03:20 . 2012-04-23 20:18 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2012-05-11 03:14 . 2012-02-28 17:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-05-11 03:14 . 2012-02-28 17:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-05-11 03:14 . 2012-04-23 18:36 426616 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2012-05-07 19:09 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2012-05-07 19:07 . 2012-05-07 19:09 -------- d-----w- c:\program files (x86)\Image-Line
2012-05-07 18:58 . 2012-02-16 19:42 74344 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-05-07 18:58 . 2012-02-16 19:42 676968 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-05-07 18:58 . 2012-02-16 19:42 107624 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-05-07 16:56 . 2012-05-07 16:56 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-05-07 16:53 . 2012-05-07 18:58 -------- d-----w- c:\windows\SysWow64\sda
2012-05-07 16:53 . 2010-09-07 23:40 1976920 ----a-w- c:\windows\SysWow64\xRaidSetup.exe
2012-05-07 16:53 . 2010-09-07 23:40 162392 ----a-w- c:\windows\SysWow64\xRaidAPI.dll
2012-05-07 16:53 . 2012-05-07 18:59 -------- d-----w- c:\windows\RaidTool
2012-05-07 16:52 . 2012-05-07 16:52 -------- d-----w- c:\program files (x86)\JMicron
2012-05-07 16:48 . 2012-05-07 16:48 -------- d-----w- c:\users\OB\AppData\Roaming\Intel Corporation
2012-05-07 16:48 . 2011-05-19 21:55 120920 ----a-w- c:\windows\system32\drivers\jraid.sys
2012-05-07 16:48 . 2011-11-30 21:53 26200 ----a-w- c:\windows\system32\drivers\johci.sys
2012-05-07 16:44 . 2012-01-16 17:06 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-05-07 16:43 . 2012-02-01 22:16 568600 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-05-07 16:43 . 2012-05-07 16:44 -------- d-----w- c:\program files (x86)\Intel
2012-05-07 16:39 . 2012-05-07 16:39 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2012-05-07 16:39 . 2005-04-04 05:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2012-05-07 16:39 . 2005-04-04 05:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2012-05-07 16:39 . 2005-04-04 05:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2012-05-07 16:39 . 2005-04-04 05:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2012-05-07 16:39 . 2005-04-04 05:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2012-05-07 16:39 . 2005-04-04 04:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2012-05-07 16:39 . 2012-05-07 16:39 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2012-05-07 16:37 . 2012-05-07 18:58 -------- d-----w- c:\program files (x86)\Realtek
2012-05-07 16:37 . 2010-10-30 05:11 9888360 ----a-w- c:\windows\SysWow64\RtsUStoricon.dll
2012-05-07 16:37 . 2010-10-30 05:11 422504 ----a-w- c:\windows\system32\RtsUStor.dll
2012-05-07 16:37 . 2010-10-30 05:11 250984 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2012-05-07 16:16 . 2012-05-07 16:16 -------- d-----w- c:\program files (x86)\Driver-Soft
2012-05-07 15:58 . 2012-05-07 16:17 -------- d-----w- c:\programdata\DriverGenius
2012-05-07 15:35 . 2012-05-07 15:35 -------- d-----w- c:\users\OB\AppData\Local\Mozilla
2012-05-07 15:35 . 2012-05-07 15:35 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-06 07:07 . 2012-05-11 03:20 -------- d-----w- c:\program files (x86)\PC Tools
2012-05-06 07:00 . 2012-05-06 07:00 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-06 06:45 . 2012-05-11 03:21 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-05-06 06:45 . 2012-04-23 20:18 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-05-06 06:43 . 2012-05-11 03:31 -------- d-----w- c:\programdata\PC Tools
2012-05-06 06:43 . 2012-05-06 06:43 -------- d-----w- c:\users\OB\AppData\Roaming\TestApp
2012-05-05 23:47 . 2012-05-05 23:49 -------- d-----w- c:\program files (x86)\AFLICS
2012-05-05 21:20 . 2012-05-05 21:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-05 21:20 . 2012-04-04 21:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-02 17:43 . 2012-05-02 17:43 36868 ----a-w- c:\program files (x86)\uninst-Particular.exe
2012-05-02 17:43 . 2012-05-02 17:43 -------- d-----w- C:\Presets
2012-05-02 17:43 . 2012-05-02 17:43 -------- d-----w- c:\program files (x86)\Trapcode
2012-04-30 02:13 . 2012-04-30 02:13 -------- d-----w- c:\program files (x86)\Auslogics
2012-04-30 02:00 . 2012-05-07 19:16 -------- d-----w- c:\users\OB\AppData\Roaming\Auslogics
2012-04-28 07:23 . 2012-04-28 07:36 -------- d-----w- c:\program files (x86)\RegistryNuke 2012
2012-04-28 03:52 . 2012-04-28 03:52 -------- d-----w- c:\users\OB\AppData\Roaming\TuneUp Software
2012-04-28 03:52 . 2012-04-28 10:21 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
2012-04-28 03:52 . 2012-04-28 10:54 -------- d-----w- c:\programdata\TuneUp Software
2012-04-28 03:52 . 2012-04-28 10:58 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-04-28 03:52 . 2012-04-28 03:52 -------- d--h--w- c:\programdata\Common Files
2012-04-28 02:22 . 2012-04-28 02:22 -------- d-----we c:\windows\system64
2012-04-28 00:22 . 2012-05-09 23:48 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-28 00:22 . 2012-04-28 10:56 -------- d-----w- c:\windows\system32\Macromed
2012-04-27 23:48 . 2012-04-28 10:52 -------- d-----w- c:\program files (x86)\DLLSuite
2012-04-27 19:40 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48D8D698-EF9B-424A-8B32-250DE5196B15}\mpengine.dll
2012-04-27 06:30 . 2012-05-13 04:02 -------- d-----w- c:\program files\WhoCrashed
2012-04-25 18:02 . 2012-04-25 18:02 -------- d-----w- c:\programdata\ATI
2012-04-25 18:02 . 2012-04-28 10:51 -------- d-----w- c:\program files (x86)\AMD AVT
2012-04-25 18:02 . 2012-04-25 18:02 -------- d-----w- c:\programdata\AMD
2012-04-25 18:02 . 2012-04-28 10:58 -------- d-----w- c:\program files (x86)\AMD APP
2012-04-25 17:16 . 2012-04-28 10:58 -------- d-----w- c:\programdata\FLEXnet
2012-04-25 09:19 . 2012-04-28 10:54 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-04-23 05:07 . 2012-04-23 17:17 -------- d-----w- C:\Autodesk
2012-04-21 05:39 . 2012-04-21 05:39 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-04-21 05:38 . 2012-05-07 19:09 -------- d-----w- c:\program files (x86)\Vstplugins
2012-04-21 05:38 . 2006-06-20 08:56 225280 ----a-w- c:\windows\SysWow64\rewire.dll
2012-04-21 05:38 . 2012-04-23 17:18 -------- d-----w- c:\program files (x86)\Outsim
2012-04-19 01:02 . 2012-05-02 18:08 -------- d-----w- C:\Adobe CS4
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 23:48 . 2011-06-05 21:45 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-13 19:55 . 2012-05-11 03:20 3488 ----a-w- c:\windows\UDB.zip
2012-04-13 19:55 . 2012-05-11 03:20 131 ----a-w- c:\windows\IDB.zip
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 04:34 . 2012-04-06 04:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 04:34 . 2012-04-06 04:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 04:34 . 2012-04-06 04:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 04:33 . 2012-04-06 04:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 04:33 . 2012-04-06 04:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 04:33 . 2012-04-06 04:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 04:32 . 2012-04-06 04:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 04:32 . 2012-04-06 04:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-06 04:32 . 2012-04-06 04:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2011-04-20 02:09 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2011-04-20 02:07 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2011-04-20 01:59 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-04-20 01:27 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2011-04-20 01:49 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-04-20 01:21 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2011-04-20 01:21 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2011-04-20 01:21 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-03-09 20:07 . 2012-03-09 20:07 29184 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-03-09 20:06 . 2012-03-09 20:06 24576 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-03-06 06:53 . 2012-04-13 08:14 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-06 05:59 . 2012-04-13 08:14 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59 . 2012-04-13 08:14 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-06 02:10 . 2011-10-05 16:12 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-03-06 02:08 . 2011-10-03 10:57 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-03-06 02:06 . 2011-10-03 10:52 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-03-06 02:05 . 2011-10-03 10:52 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-01 06:46 . 2012-04-12 07:00 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 07:00 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 07:00 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 07:00 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 07:00 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 07:00 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 07:00 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-13 08:14 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-13 08:14 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-13 08:14 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-13 08:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-13 08:14 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-13 08:14 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-13 08:14 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-13 08:14 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-27 20:37 . 2011-10-03 10:58 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-02-27 20:35 . 2011-10-05 16:11 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-02-27 20:29 . 2011-10-05 16:06 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-02-27 20:29 . 2011-10-06 15:30 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-02-23 16:18 . 2011-06-05 21:41 279656 ----a-w- c:\windows\system32\MpSigStub.exe
2012-02-23 12:32 . 2012-02-23 12:32 95760 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2012-02-17 06:38 . 2012-03-14 23:30 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 23:30 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 23:30 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 23:30 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-13_03.24.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-04-22 21:41 . 2012-05-11 01:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-04-22 21:41 . 2012-05-13 04:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-05-13 04:21 . 2012-05-13 04:21 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012051220120513\index.dat
- 2012-04-22 21:29 . 2012-05-11 03:11 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-04-22 21:29 . 2012-05-13 18:01 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-05-30 23:00 . 2012-05-13 05:34 41132 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-13 05:34 27508 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-30 23:00 . 2012-05-13 05:34 41132 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-13 05:34 27508 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-30 22:14 . 2012-05-13 05:34 6992 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-973895058-1017737059-816850509-1000_UserData.bin
+ 2011-05-30 22:14 . 2012-05-13 05:34 6992 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-973895058-1017737059-816850509-1000_UserData.bin
- 2012-05-13 03:02 . 2012-05-13 03:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-13 05:31 . 2012-05-13 05:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-13 03:02 . 2012-05-13 03:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-13 05:31 . 2012-05-13 05:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-22 21:28 . 2012-05-11 03:21 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-04-22 21:28 . 2012-05-13 18:01 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-05-13 18:03 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-13 03:18 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 02:36 . 2012-05-13 03:22 660296 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-13 18:02 660296 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2012-05-13 03:22 121224 c:\windows\system64\perfc009.dat
+ 2009-07-14 02:36 . 2012-05-13 18:02 121224 c:\windows\system64\perfc009.dat
+ 2009-07-14 02:36 . 2012-05-13 18:02 660296 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-13 03:22 660296 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-13 18:02 121224 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-13 03:22 121224 c:\windows\system32\perfc009.dat
- 2009-07-14 04:54 . 2012-05-13 03:18 3080192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-13 18:03 3080192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-13 18:03 12140544 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-13 03:18 12140544 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-12-14 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-02-03 237693]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-03-22 74752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-12-14 1398440]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-10-9 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
R2 AfterFLICS v3;AfterFLICS v3;c:\program files (x86)\AFLICS\AfterFLICS.exe [2011-04-15 135170]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-04-13 575416]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 136176]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2008-03-10 65536]
R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-09-15 86016]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 257696]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-06-01 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-06-01 79360]
R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-25 1432400]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-04-23 402336]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 23:48]
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 00:27]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 00:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-27 12459112]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
tgsrvc_smartagent
.
------- Supplementary Scan -------
.
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 68.28.169.132 68.28.168.132
FF - ProfilePath - c:\users\OB\AppData\Roaming\Mozilla\Firefox\Profiles\0g1inbii.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-13 12:09:34
ComboFix-quarantined-files.txt 2012-05-13 18:09
ComboFix2.txt 2012-05-13 03:25
.
Pre-Run: 552,990,834,688 bytes free
Post-Run: 552,920,215,552 bytes free
.
- - End Of File - - 6E7952459BEB727B8AA4CAD01F1E0F0D



#12 bkajiki

bkajiki
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico
  • Local time:07:18 PM

Posted 13 May 2012 - 12:32 PM

BSOD'ed twice, intervals are about the same 4minutes...here are the dump files.

==================================================
Dump File : 051312-51948-01.dmp
Crash Time : 5/13/2012 12:17:42 PM
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`0b8f4b30
Parameter 3 : fffffa80`0b8f4e10
Parameter 4 : fffff800`033d3660
Caused By Driver : HIDCLASS.SYS
Caused By Address : HIDCLASS.SYS+3370b30
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\051312-51948-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 285,876
==================================================


==================================================
Dump File : 051312-38735-01.dmp
Crash Time : 5/13/2012 11:29:21 PM
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`0bbf0b30
Parameter 3 : fffffa80`0bbf0e10
Parameter 4 : fffff800`03387660
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7cc80
File Description : NT Kernel & System
Product Name : Microsoft« Windows« Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17790 (win7sp1_gdr.120305-1505)
Processor : x64
Crash Address : ntoskrnl.exe+7cc80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\051312-38735-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 286,196
==================================================



#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:18 PM

Posted 13 May 2012 - 12:35 PM

did you recently upgrade to Win7 from Vista, and did you have issues doing so? as this folder is usually created when things don't go well

C:\$WINDOWS.~BT

there are also a large number of drivers installed that don't have files, did you uninstall a lot of programs lately?

I would like to check the integrity of the HD as well as your file system, please run the following:

  • Go to Start and type in cmd
  • Right-click on the cmd icon above, and click Run As Administrator
  • Type in chkdsk /R to the command window that appears, and press enter
  • Agree to the prompt, then reboot your system
Note: Upon Reboot(Restart), CHKDSK will start and carry out the repairs required.



NEXT



  • Go to Start and type in cmd
  • Right-click on the cmd icon above, and click Run As Administrator
  • At the command prompt, type sfc /scannow, and then press ENTER.
    Note This command may take several minutes to finish. You may be prompted to provide Windows installation source files when you run the sfc /scannow command.
  • At the command prompt, type exit, and then press ENTER to close the command prompt.


let me know how the computer is running now

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 bkajiki

bkajiki
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico
  • Local time:07:18 PM

Posted 13 May 2012 - 01:33 PM

CatByte,

I was unable to do this process. I'm currently at work. As soon as I get home this evening I'll do the steps above. Most appreciated for the help. I'll update you as soon as possible.

-Thanks.

Also, no this computer was never upgraded from Vista to W7. The OS that is currently on the computer is the one it came with. I have uninstalled a few programs, if this is any correlation I didn't start receiving BSoD's until I installed a trial version of FL Studio 10 this past April. I'm assuming the driver that was installed from FL Studio made it all...whacky.

Edited by bkajiki, 13 May 2012 - 01:37 PM.


#15 bkajiki

bkajiki
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico
  • Local time:07:18 PM

Posted 14 May 2012 - 03:47 AM

CatByte I would like to thank you.

I was able to get my computer back and running (Currently posting from the once infected computer) I did the steps above, I noticed an improvement in speed, my computer was really bogged down at that time before the chkdsk /R but I was receiving the BSoD with the same amount of intervals, I tried clearing up drivers I no longer used. I did registry clean and fix with Bootspeed. After restarting I was still receiving the same BSOD. I came across a program called TDSSKiller by Kaspersky and it found error's in my 'rootkit area' is what it showed in the scanner after the final results. I restarted my computer its been about an hour now, and no BSoD's

For obvious reasons there is no way I would of gotten this far without your help CatByte. Your knowledge is formidable and beyond any others I've seen in a while. You have true talent, and I really want to say thank you for the quick thorough replies I received. your a great member of the BleepingComputer.com website and I am thankfully gratitude by your service.

-Brandon




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users