Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus, can't run exe's locally either


  • This topic is locked This topic is locked
98 replies to this topic

#1 txag79

txag79

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 27 June 2012 - 04:46 PM

Howdy,

My computer started acting strange this past Monday morning. When I woke it from sleep mode, I had the S.M.A.R.T. HDD issue covering my screen with a multitude of pop-ups. Seems like I got rid of that, but now I cannot even search for files with Google as I get redirected to different ad sites. I have run MalwareBytes, superAntiSpyware, MS Security Essentials and rkill trying with no avail to rid myself of whatever is plaguing me. I even did a system restore to 8 days ago and that did not help either. I also probably screwed up and ran ComboFix before reading all the rules about not running it without being directed to do so. Anyone have any suggestions?

P.S. I am posting this from my laptop as it is not infected. I am able to download files to a flash drive and run them from it on my infected computer.
P.P.S. I have attached the defogger file log as well as the DDS log. Did not do the GMER file log as I am running Win 7 64 bit.

Edit: I am now getting random clips of audio with folks talking about things I have never heard of before.

Thanks

Attached Files


Edited by txag79, 27 June 2012 - 10:14 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:41 PM

Posted 28 June 2012 - 12:10 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 txag79

txag79
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 28 June 2012 - 11:16 AM

Morning Gringo and many thanks for your assistance,

One thing I forgot to add to my post was that I also keep getting a popup that states that Catalyst Control Center is corrupted. {this is my graphics driver suite).

I am running Security check right now and as it was running, a window called "Windows Security Essentials" popped up warning me of infections. I closed the popup with the "X" in the upper right corner.

Below are the results of the security Check scan. I had already run Combofix as noted in my first posting, but did not save anything. I will re-install Combofix over the top of the first install and run it again.

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 26
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
Windows Defender MSMpEng.exe
Microsoft Security Client Antimalware MsMpEng.exe
Acronis TrueImageHome OnlineBackupStandalone TrueImageMonitor.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

Edited by txag79, 28 June 2012 - 11:37 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:41 PM

Posted 28 June 2012 - 11:43 AM

yes rerun it and get me the report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 txag79

txag79
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 28 June 2012 - 12:19 PM

Gringo,

Combofix stated that there was rootkit activity while it was starting to run and needed to reboot, but 1 program needs to close (Combofix). It is now stuck on the window where Windows is waiting for Combofix to close before it can restart. I pressed the "Force restart" button after waiting 15 minutes of nothing happening.

Upon restart, the combofix box with the green typeshowed briefly. The rogue Windows Premium Essentials also popped up and I closed it. Waiting on Combofix to start now, but after 5 minutes it does not appear to be doing anything. Just have the normal desktop screen showing. How long should I wait for Combofix to start again or am I supposed to restart it?

Edited by txag79, 28 June 2012 - 12:41 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:41 PM

Posted 28 June 2012 - 12:56 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 txag79

txag79
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 28 June 2012 - 01:10 PM

Edit: trying from installation disk now. Below is the scan contents

Scan result of Farbar Recovery Scan Tool Version: 28-06-2012
Ran by SYSTEM at 28-06-2012 13:35:58
Running from I:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [415816 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE [4725320 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2412616 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [ROG GameFirst] C:\Program Files\ASUS\ROG GameFirst\cFosSpeed.exe [1257688 2009-07-30] (cFos Software GmbH)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [390728 2010-12-06] (Acronis)
HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r [237693 2009-02-03] (Creative Technology Ltd)
HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-19] ()
HKLM-x32\...\Run: [Cpu Level Up] "C:\Program Files (x86)\ASUS\AI Suite\CPU Level UPEx\CpuLevelUp.exe" -r [1169408 2009-04-07] (ASUSTek)
HKLM-x32\...\Run: [AMBDef] AMBDef.exe [x]
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)
HKLM-x32\...\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{818690C7-8DA5-4623-BBA8-A73CFBD44077}\AMBSPISyncService.exe /StartRunKey [1233199 2008-08-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-05-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2536760 2011-09-22] (Acronis)
HKLM-x32\...\Run: [TrueImageMonitor.exe] "F:\Program Files (x86)\TrueImageMonitor.exe" [x]
HKLM-x32\...\Run: [WindowsSecurity] C:\Users\Richard\AppData\Local\Temp\poxgptiszgci.exe [648192 2012-06-28] (KWorld)
HKU\Guest\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-02-21] (Google Inc.)
HKU\Guest\...\Run: [Google Update] "C:\Users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe" /c [135664 2010-02-25] (Google Inc.)
HKU\Guest\...\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork [1103216 2009-10-27] (IGN Entertainment)
HKU\Guest\...\Run: [BitTorrent DNA] "C:\Program Files (x86)\DNA\btdna.exe" [323392 2010-09-15] (BitTorrent, Inc.)
HKU\Guest\...\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent [x]
HKU\Richard\...\Run: [AtiTrayTools] "C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe" [883200 2010-04-21] (Ray Adams)
HKU\Richard\...\Run: [Google Update] "C:\Users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe" /c [135664 2010-02-25] (Google Inc.)
HKU\Richard\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-02-21] (Google Inc.)
HKU\Richard\...\Run: [WindowsSecurity] C:\Users\Richard\AppData\Local\Temp\poxgptiszgci.exe [648192 2012-06-28] (KWorld)
HKU\Richard\...\Run: [LicenseValidator] C:\Users\Richard\AppData\Roaming\Identities\{236D09FC-B11C-44C3-9F6A-7B4DFAA28CD9}\LicenseValidator.exe [x]
HKU\Richard79\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-02-21] (Google Inc.)
HKU\Richard79\...\Run: [Google Update] "C:\Users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe" /c [135664 2010-02-25] (Google Inc.)
HKU\Richard79\...\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork [1103216 2009-10-27] (IGN Entertainment)
HKU\Richard79\...\Run: [BitTorrent DNA] "C:\Program Files (x86)\DNA\btdna.exe" [323392 2010-09-15] (BitTorrent, Inc.)
HKU\Richard79\...\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent [x]
HKU\Richard79\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2011-06-20] (Hewlett-Packard Company)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Dragon Age II ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\Richard\Start Menu\Programs\Startup\LCDHost.lnk
ShortcutTarget: LCDHost.lnk -> (No File)

==================== Services (Whitelisted) ======

4 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [128752 2010-06-29] (SUPERAntiSpyware.com)
4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [1112240 2010-12-06] (Acronis)
2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2012-06-27] (Acronis)
2 AMService; C:\Users\Richard\AppData\Local\Temp\tazhfruunzkrivz.exe run [66560 2012-06-28] ()
2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04-01] ()
2 cFosSpeedS; "C:\Program Files\ASUS\ROG GameFirst\spd.exe" -service [471256 2009-07-30] (cFos Software GmbH)
4 GameConsoleService; "C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe" [246520 2010-06-18] (WildTangent, Inc.)
3 GSService; "C:\Windows\SysWOW64\GSService.exe" [385024 2010-12-04] ()
4 McciCMService; "C:\Program Files (x86)\Common Files\Motive\McciCMService.exe" [319488 2011-11-10] (Alcatel-Lucent)
4 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2011-11-10] (Alcatel-Lucent)
2 MSSQL$BWDATOOLSET; "C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sBWDATOOLSET [29261152 2011-03-17] (Microsoft Corporation)
4 MSSQLServerADHelper; "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [45408 2008-11-24] (Microsoft Corporation)
2 NetworkLog; C:\Windows\svcs.exe [568304 2012-06-27] ()
3 NisSrv; "C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [288272 2011-04-27] (Microsoft Corporation)
2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2011-08-12] ()
3 SMServer; "C:\Windows\SysWOW64\snmvtsvc.exe" [245760 2010-12-04] (SMServer)
2 SpeedingHDD; C:\Program Files (x86)\SpeedingHDD\XSrvSetup.exe [69632 2009-06-29] ()
3 STSService; "C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe" [385024 2010-12-04] ()

========================== Drivers (Whitelisted) =============

3 afcdp; C:\Windows\System32\Drivers\afcdp.sys [285280 2012-06-27] (Acronis)
1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13368 2009-04-05] ()
3 asusgsb; C:\Windows\System32\Drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.)
3 cFosSpeed; C:\Windows\System32\Drivers\cFosSpeed.sys [1427160 2009-07-30] (cFos Software GmbH)
3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] ()
1 EIO64; C:\Windows\System32\Drivers\EIO64.sys [16384 2011-03-16] (ASUSTeK Computer Inc.)
3 L8042Kbd; C:\Windows\System32\Drivers\L8042Kbd.sys [30736 2009-06-17] (Logitech, Inc.)
3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
1 mbmiodrvr; \??\C:\Windows\syswow64\mbmiodrvr.sys [4608 2004-04-10] (cansoft@livewiredev.com)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
0 pavboot; C:\Windows\System32\drivers\pavboot64.sys [33800 2009-06-30] (Panda Security, S.L.)
3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [19936 2010-04-09] ()
3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [13280 2010-04-09] ()
3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
0 snapman; C:\Windows\System32\Drivers\snapman.sys [277088 2010-12-18] (Acronis)
3 SndTAudio; C:\Windows\System32\Drivers\SndTAudio.sys [34040 2010-12-04] (Windows ® Codename Longhorn DDK provider)
0 speedfan; C:\Windows\SysWow64\speedfan.sys [25280 2010-12-18] (Almico Software)
0 tdrpman273; C:\Windows\System32\DRIVERS\tdrpm273.sys [1263200 2012-06-27] (Acronis)
0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [970336 2012-06-27] (Acronis)
3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [45616 2011-02-17] (Oracle Corporation)
3 VMfilt; C:\Windows\System32\drivers\VMfilt64.sys [25600 2009-07-30] (Creative Technology Ltd.)
3 ALSysIO; \??\C:\Users\Richard\AppData\Local\Temp\ALSysIO64.sys [x]
2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [x]
4 DRIVER_B; \??\C:\Windows\system32\Drivers\DRIVER_BIN64 [x]
2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [x]
3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [x]
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [x]
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-28 09:36 - 2012-06-28 09:36 - 00000332 ____A C:\Start_.cmd
2012-06-28 09:36 - 2012-06-28 09:36 - 00000000 ____D C:\ComboFix
2012-06-28 08:56 - 2012-06-28 09:36 - 00000000 ___SD C:\32788R22FWJFW
2012-06-28 08:41 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-28 08:41 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-28 08:41 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-28 08:41 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-28 08:41 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-28 08:41 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-28 08:41 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-28 08:41 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-28 08:37 - 2012-06-28 07:44 - 04570589 ____R (Swearware) C:\Users\Richard\Desktop\ComboFix.exe
2012-06-28 08:17 - 2012-06-28 08:17 - 00001291 ____A C:\Users\Richard\Desktop\Security Checkup.txt
2012-06-27 19:28 - 2012-06-27 19:28 - 00285280 ____A (Acronis) C:\Windows\System32\Drivers\afcdp.sys
2012-06-27 19:28 - 2012-06-27 19:28 - 00000000 ____D C:\Users\Richard\Application Data\B6501DA0-0590-4EA2-8177-8B966D7D76F3
2012-06-27 19:28 - 2012-06-27 19:28 - 00000000 ____D C:\Users\Richard\AppData\Roaming\B6501DA0-0590-4EA2-8177-8B966D7D76F3
2012-06-27 19:27 - 2012-06-27 19:27 - 00970336 ____A (Acronis) C:\Windows\System32\Drivers\timntr.sys
2012-06-27 19:07 - 2012-06-27 19:07 - 00000000 ____D C:\Users\All Users\ATI
2012-06-27 19:04 - 2012-06-27 19:04 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2012-06-27 19:03 - 2012-06-27 19:06 - 00000000 ____D C:\Program Files\ATI Technologies
2012-06-27 18:40 - 2012-06-27 18:40 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-27 18:29 - 2011-05-24 21:26 - 09359872 ____A (ATI Technologies Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-06-27 18:29 - 2011-05-24 20:53 - 23336960 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-06-27 18:29 - 2011-05-24 20:31 - 17940992 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-06-27 18:29 - 2011-05-24 20:08 - 00166624 ____A C:\Windows\System32\atiapfxx.blb
2012-06-27 18:29 - 2011-05-24 20:07 - 00151552 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-06-27 18:29 - 2011-05-24 20:04 - 00485376 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-06-27 18:29 - 2011-05-24 20:04 - 00462848 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-06-27 18:29 - 2011-05-24 20:03 - 00204288 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-06-27 18:29 - 2011-05-24 20:02 - 00423424 ____A (ATI Technologies, Inc.) C:\Windows\System32\atipdl64.dll
2012-06-27 18:29 - 2011-05-24 20:02 - 00278528 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\Oemdspif.dll
2012-06-27 18:29 - 2011-05-24 20:02 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-06-27 18:29 - 2011-05-24 20:01 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-06-27 18:29 - 2011-05-24 20:01 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-06-27 18:29 - 2011-05-24 20:01 - 00016384 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-06-27 18:29 - 2011-05-24 20:00 - 01113088 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
2012-06-27 18:29 - 2011-05-24 19:59 - 01828864 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
2012-06-27 18:29 - 2011-05-24 19:58 - 04219904 ____A (ATI Technologies Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-06-27 18:29 - 2011-05-24 19:55 - 01127552 ____A C:\Windows\System32\atiumd6a.cap
2012-06-27 18:29 - 2011-05-24 19:49 - 01127552 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-06-27 18:29 - 2011-05-24 19:47 - 08489472 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-06-27 18:29 - 2011-05-24 19:47 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-06-27 18:29 - 2011-05-24 19:47 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-06-27 18:29 - 2011-05-24 19:47 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-06-27 18:29 - 2011-05-24 19:47 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-06-27 18:29 - 2011-05-24 19:43 - 06847488 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-06-27 18:29 - 2011-05-24 19:38 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-06-27 18:29 - 2011-05-24 19:38 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-06-27 18:29 - 2011-05-24 19:38 - 00052736 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-06-27 18:29 - 2011-05-24 19:38 - 00052736 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-06-27 18:29 - 2011-05-24 19:26 - 00366592 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-06-27 18:29 - 2011-05-24 19:26 - 00262144 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-06-27 18:29 - 2011-05-24 19:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-06-27 18:29 - 2011-05-24 19:26 - 00012800 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-06-27 18:29 - 2011-05-24 19:26 - 00012800 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-06-27 18:29 - 2011-05-24 19:25 - 00309760 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-06-27 18:29 - 2011-05-24 19:25 - 00039936 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-06-27 18:29 - 2011-05-24 19:25 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-06-27 18:29 - 2011-05-24 19:24 - 00053248 ____A (ATI Technologies Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-06-27 18:29 - 2011-05-19 01:13 - 00032635 ____A C:\Windows\atiogl.xml
2012-06-27 18:29 - 2011-04-20 09:30 - 00233765 ____A C:\Windows\System32\atiicdxx.dat
2012-06-27 18:29 - 2011-03-30 11:46 - 00114704 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\AtihdW76.sys
2012-06-27 18:29 - 2011-03-17 10:51 - 00003929 ____A C:\Windows\SysWOW64\atipblag.dat
2012-06-27 18:29 - 2011-03-17 10:51 - 00003929 ____A C:\Windows\System32\atipblag.dat
2012-06-27 15:21 - 2012-06-27 15:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-27 15:14 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-27 15:14 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-27 15:14 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-27 15:14 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-27 15:14 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-27 15:14 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-27 15:14 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-27 15:14 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-27 15:14 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-27 15:14 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-27 15:14 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-27 15:14 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-27 15:14 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-27 15:14 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-27 15:14 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-27 15:14 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-27 15:14 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-27 15:14 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-27 15:14 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-27 15:14 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-27 15:14 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-27 15:14 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-27 15:14 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-27 15:14 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-27 15:14 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-27 15:14 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-27 15:14 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-27 15:14 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-27 15:14 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-27 15:13 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-27 15:13 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-27 15:13 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-27 15:13 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-27 15:13 - 2012-03-16 23:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-06-27 15:09 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-27 15:09 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-27 15:09 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-27 15:09 - 2012-03-30 03:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-06-27 13:29 - 2012-06-27 13:29 - 00000000 ____A C:\Users\Richard\defogger_reenable
2012-06-27 12:49 - 2012-06-27 12:49 - 03328512 ____A C:\Windows\SysWOW64\4a29a0e.exe
2012-06-27 12:49 - 2012-06-27 12:49 - 03327488 ____A C:\Windows\SysWOW64\7d46d168.dll
2012-06-27 12:49 - 2012-06-27 12:49 - 01643008 ____A C:\Windows\SysWOW64\a283a345.dll
2012-06-27 12:49 - 2012-06-27 12:49 - 00568304 ____A () C:\Windows\svcs.exe
2012-06-27 12:49 - 2012-06-27 12:49 - 00075106 ____A C:\Windows\SysWOW64\9244ddd3.exe
2012-06-27 12:49 - 2012-06-27 12:49 - 00001125 ____A C:\Users\Richard\Desktop\Continue Funmoods Installation.lnk
2012-06-27 08:57 - 2012-06-27 08:57 - 00046524 ____A C:\Users\Richard\Desktop\DxDiag_6_27_2012.txt
2012-06-27 08:56 - 2012-06-27 08:56 - 00939346 ____A C:\Users\Richard\Desktop\MSinfo.txt
2012-06-27 07:05 - 2012-06-28 09:35 - 00000000 ____D C:\Qoobox
2012-06-27 07:05 - 2012-06-28 09:11 - 00000000 ____D C:\Windows\erdnt
2012-06-27 05:28 - 2012-06-27 05:41 - 00000000 ____D C:\Users\Richard\Application Data\Peturo
2012-06-27 05:28 - 2012-06-27 05:41 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Peturo
2012-06-26 12:17 - 2012-06-28 08:00 - 00000000 ____D C:\Users\Richard\Application Data\TeamViewer
2012-06-26 12:17 - 2012-06-28 08:00 - 00000000 ____D C:\Users\Richard\AppData\Roaming\TeamViewer
2012-06-26 12:17 - 2012-06-26 12:17 - 00000000 ____D C:\Users\Richard\Application Data\Microsoft Corporation
2012-06-26 12:17 - 2012-06-26 12:17 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Microsoft Corporation
2012-06-25 16:09 - 2012-06-27 18:39 - 00000000 ___RD C:\Users\Administrator\Virtual Machines
2012-06-25 11:51 - 2012-06-25 11:51 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-25 11:38 - 2012-06-27 07:05 - 00000000 ____D C:\Users\Richard\Application Data\Masiep
2012-06-25 11:38 - 2012-06-27 07:05 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Masiep
2012-06-25 11:38 - 2012-06-25 11:38 - 00000000 ____D C:\Users\Richard\Application Data\Buecd
2012-06-25 11:38 - 2012-06-25 11:38 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Buecd
2012-06-25 10:02 - 2012-06-25 16:38 - 00000361 ____A C:\rkill.log
2012-06-25 09:27 - 2012-06-27 07:00 - 00000000 ____D C:\Users\Richard\Application Data\Bilu
2012-06-25 09:27 - 2012-06-27 07:00 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Bilu
2012-06-25 09:27 - 2012-06-27 06:56 - 00000000 ____D C:\Users\Richard\Application Data\Enwior
2012-06-25 09:27 - 2012-06-27 06:56 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Enwior
2012-06-25 09:27 - 2012-06-25 09:27 - 00000000 ____D C:\Users\Richard\Application Data\Qemyun
2012-06-25 09:27 - 2012-06-25 09:27 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Qemyun
2012-06-25 07:40 - 2012-06-25 07:40 - 00000152 ___AH C:\Users\All Users\-aj5tQI5QveNeWLr
2012-06-25 07:40 - 2012-06-25 07:40 - 00000000 ___AH C:\Users\All Users\-aj5tQI5QveNeWL
2012-06-20 17:17 - 2012-06-20 17:17 - 00397850 ___AH C:\Users\Richard\Downloads\ATVI_Financial_Model_Q1_CY12_Final.xlsx
2012-06-11 12:14 - 2012-06-27 11:12 - 00000000 ____D C:\Program Files (x86)\WinDirStat
2012-06-08 15:01 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-08 15:01 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-08 15:01 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-08 15:01 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-08 15:00 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-08 15:00 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe


============ 3 Months Modified Files and Folders =============

2012-06-28 13:36 - 2012-06-28 13:35 - 00000000 ____D C:\FRST
2012-06-28 10:23 - 2010-02-21 18:41 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-28 10:22 - 2012-03-29 11:41 - 00002092 ____A C:\Windows\setupact.log
2012-06-28 10:22 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-28 10:01 - 2010-02-21 13:15 - 01914518 ____A C:\Windows\WindowsUpdate.log
2012-06-28 09:58 - 2010-02-21 18:41 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-28 09:40 - 2009-07-13 20:45 - 00015040 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-28 09:40 - 2009-07-13 20:45 - 00015040 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-28 09:36 - 2012-06-28 09:36 - 00000332 ____A C:\Start_.cmd
2012-06-28 09:36 - 2012-06-28 09:36 - 00000000 ____D C:\ComboFix
2012-06-28 09:36 - 2012-06-28 08:56 - 00000000 ___SD C:\32788R22FWJFW
2012-06-28 09:35 - 2012-06-27 07:05 - 00000000 ____D C:\Qoobox
2012-06-28 09:15 - 2010-03-04 00:20 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3920970082-1727570077-1240759191-1000UA.job
2012-06-28 09:11 - 2012-06-27 07:05 - 00000000 ____D C:\Windows\erdnt
2012-06-28 09:08 - 2012-02-28 11:50 - 00000000 ____D C:\Users\Richard\Local Settings\Application Data\{a674bf9e-9156-f048-ebf0-2dda9293f0b1}
2012-06-28 09:08 - 2012-02-28 11:50 - 00000000 ____D C:\Users\Richard\AppData\Local\{a674bf9e-9156-f048-ebf0-2dda9293f0b1}
2012-06-28 08:36 - 2009-07-13 21:13 - 00810054 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-28 08:17 - 2012-06-28 08:17 - 00001291 ____A C:\Users\Richard\Desktop\Security Checkup.txt
2012-06-28 08:00 - 2012-06-26 12:17 - 00000000 ____D C:\Users\Richard\Application Data\TeamViewer
2012-06-28 08:00 - 2012-06-26 12:17 - 00000000 ____D C:\Users\Richard\AppData\Roaming\TeamViewer
2012-06-28 08:00 - 2009-07-13 18:34 - 00000468 ____A C:\Windows\win.ini
2012-06-28 07:44 - 2012-06-28 08:37 - 04570589 ____R (Swearware) C:\Users\Richard\Desktop\ComboFix.exe
2012-06-27 19:28 - 2012-06-27 19:28 - 00285280 ____A (Acronis) C:\Windows\System32\Drivers\afcdp.sys
2012-06-27 19:28 - 2012-06-27 19:28 - 00000000 ____D C:\Users\Richard\Application Data\B6501DA0-0590-4EA2-8177-8B966D7D76F3
2012-06-27 19:28 - 2012-06-27 19:28 - 00000000 ____D C:\Users\Richard\AppData\Roaming\B6501DA0-0590-4EA2-8177-8B966D7D76F3
2012-06-27 19:28 - 2010-12-18 13:54 - 01263200 ____A (Acronis) C:\Windows\System32\Drivers\tdrpm273.sys
2012-06-27 19:27 - 2012-06-27 19:27 - 00970336 ____A (Acronis) C:\Windows\System32\Drivers\timntr.sys
2012-06-27 19:27 - 2010-12-18 13:53 - 00001469 ____A C:\Users\Public\Desktop\Acronis Online Backup.lnk
2012-06-27 19:27 - 2010-12-18 13:53 - 00000668 ____A C:\Users\Public\Desktop\Acronis True Image Home 2011.lnk
2012-06-27 19:07 - 2012-06-27 19:07 - 00000000 ____D C:\Users\All Users\ATI
2012-06-27 19:06 - 2012-06-27 19:03 - 00000000 ____D C:\Program Files\ATI Technologies
2012-06-27 19:06 - 2011-11-14 22:36 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2012-06-27 19:04 - 2012-06-27 19:04 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2012-06-27 18:40 - 2012-06-27 18:40 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-27 18:40 - 2012-03-25 19:14 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-27 18:39 - 2012-06-25 16:09 - 00000000 ___RD C:\Users\Administrator\Virtual Machines
2012-06-27 18:39 - 2010-12-17 12:42 - 00084736 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2012-06-27 18:36 - 2012-04-04 12:05 - 00000000 ___HD C:\Users\All Users\AMD
2012-06-27 17:53 - 2010-04-23 10:01 - 00000000 ____D C:\Users\Richard\Downloads\ASUS 5970 Video Card
2012-06-27 17:17 - 2010-02-22 17:05 - 00000000 ____D C:\Program Files (x86)\Steam
2012-06-27 16:07 - 2012-05-15 09:45 - 00000000 ____D C:\Program Files (x86)\Diablo III
2012-06-27 15:43 - 2009-07-13 20:45 - 00349520 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-27 15:41 - 2012-04-24 07:29 - 00003798 ____A C:\Windows\PFRO.log
2012-06-27 15:41 - 2009-07-13 23:47 - 00000000 ____D C:\Program Files\Windows Journal
2012-06-27 15:27 - 2010-02-22 23:01 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-27 15:22 - 2011-03-15 08:14 - 00002133 ____A C:\Windows\epplauncher.mif
2012-06-27 15:21 - 2012-06-27 15:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-27 15:21 - 2011-03-15 08:13 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-27 15:21 - 2010-02-27 20:36 - 00825966 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-27 15:16 - 2010-02-22 21:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-06-27 13:29 - 2012-06-27 13:29 - 00000000 ____A C:\Users\Richard\defogger_reenable
2012-06-27 13:29 - 2010-02-21 13:16 - 00000000 ____D C:\users\Richard
2012-06-27 12:49 - 2012-06-27 12:49 - 03328512 ____A C:\Windows\SysWOW64\4a29a0e.exe
2012-06-27 12:49 - 2012-06-27 12:49 - 03327488 ____A C:\Windows\SysWOW64\7d46d168.dll
2012-06-27 12:49 - 2012-06-27 12:49 - 01643008 ____A C:\Windows\SysWOW64\a283a345.dll
2012-06-27 12:49 - 2012-06-27 12:49 - 00568304 ____A () C:\Windows\svcs.exe
2012-06-27 12:49 - 2012-06-27 12:49 - 00075106 ____A C:\Windows\SysWOW64\9244ddd3.exe
2012-06-27 12:49 - 2012-06-27 12:49 - 00001125 ____A C:\Users\Richard\Desktop\Continue Funmoods Installation.lnk
2012-06-27 11:57 - 2010-06-25 14:13 - 00000000 ____D C:\Users\Richard\Downloads\CCleaner
2012-06-27 11:54 - 2010-02-25 11:41 - 00000000 ____D C:\users\Richard79
2012-06-27 11:54 - 2010-02-25 11:36 - 00000000 ____D C:\users\Guest
2012-06-27 11:54 - 2010-02-24 08:57 - 00000000 ____D C:\users\Administrator
2012-06-27 11:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\TAPI
2012-06-27 11:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Recovery
2012-06-27 11:46 - 2010-02-22 20:34 - 00000000 ____D C:\Windows\SysWOW64\xlive
2012-06-27 11:46 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2012-06-27 11:46 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-06-27 11:45 - 2010-03-07 00:53 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-06-27 11:44 - 2010-04-21 09:49 - 00000000 ____D C:\Windows\SysWOW64\AGEIA
2012-06-27 11:43 - 2011-10-25 19:51 - 00000000 ____D C:\Windows\SQLTools9_KB2494113_ENU
2012-06-27 11:43 - 2011-10-25 19:50 - 00000000 ____D C:\Windows\SQL9_KB2494113_ENU
2012-06-27 11:43 - 2011-01-25 20:30 - 00000000 ____D C:\Windows\SQLTools9_KB970892_ENU
2012-06-27 11:43 - 2011-01-25 20:29 - 00000000 ____D C:\Windows\SQL9_KB970892_ENU
2012-06-27 11:42 - 2011-02-04 23:13 - 00000000 ____D C:\Windows\pss
2012-06-27 11:42 - 2010-02-21 14:35 - 00000000 ____D C:\Windows\RaidTool
2012-06-27 11:42 - 2009-07-13 23:46 - 00000000 ____D C:\Windows\ShellNew
2012-06-27 11:42 - 2009-07-13 20:45 - 00000000 ____D C:\Windows\Setup
2012-06-27 11:42 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\security
2012-06-27 11:30 - 2010-06-23 15:57 - 00000000 ____D C:\Windows\GameSave Manager
2012-06-27 11:27 - 2012-05-13 21:46 - 00000000 ____D C:\Users\Richard\Downloads\Ventrilo Client VoIP
2012-06-27 11:27 - 2012-03-06 10:02 - 00000000 ____D C:\Users\Richard\Downloads\LCD Host
2012-06-27 11:27 - 2012-01-21 10:39 - 00000000 ____D C:\Users\Richard\Downloads\Sure Thing CD Labeler
2012-06-27 11:27 - 2011-03-20 21:48 - 00000000 ____D C:\Users\Richard\Downloads\Windows Utilities
2012-06-27 11:27 - 2011-03-15 17:29 - 00000000 ____D C:\Users\Richard\Downloads\Windows XP Service Pack 3
2012-06-27 11:27 - 2011-03-15 15:43 - 00000000 ____D C:\Users\Richard\Downloads\Virtual Box -Virtual PC Software
2012-06-27 11:27 - 2011-01-26 19:01 - 00000000 ____D C:\Users\Richard\Downloads\TaxAct Software
2012-06-27 11:27 - 2010-12-06 22:21 - 00000000 ____D C:\Users\Richard\Downloads\MP3 Converter
2012-06-27 11:27 - 2010-11-25 23:10 - 00000000 ____D C:\Windows\1C4551A64743409391E41477CD655043.TMP
2012-06-27 11:27 - 2010-11-23 12:31 - 00000000 ____D C:\Users\Richard\Downloads\Itunes Setup
2012-06-27 11:27 - 2010-09-15 12:00 - 00000000 ____D C:\Users\Richard\Downloads\Jack Robert Sonogram 9-15-10
2012-06-27 11:27 - 2010-08-27 06:27 - 00000000 ____D C:\Users\Richard\Downloads\Utilities
2012-06-27 11:27 - 2010-08-11 10:39 - 00000000 ___RD C:\Users\Richard\Downloads\Lone Star '79
2012-06-27 11:27 - 2010-05-29 14:13 - 00000000 ____D C:\Warcraft III
2012-06-27 11:27 - 2010-03-10 20:04 - 00000000 ____D C:\Users\Richard\Unigine Heaven
2012-06-27 11:27 - 2010-03-10 19:28 - 00000000 ____D C:\Users\Richard\Downloads\Unigine
2012-06-27 11:27 - 2010-03-10 19:17 - 00000000 ____D C:\Users\Richard\Downloads\Stalker benchmark
2012-06-27 11:27 - 2010-02-27 13:34 - 00000000 ____D C:\Users\Richard\Downloads\OCCT Stress Test
2012-06-27 11:27 - 2010-02-24 08:26 - 00000000 ____D C:\Users\Richard\Downloads\MB Utilities
2012-06-27 11:27 - 2010-02-23 09:42 - 00000000 ____D C:\Users\Richard\Downloads\Prime95 test
2012-06-27 11:27 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2012-06-27 11:26 - 2012-04-20 13:31 - 00000000 ____D C:\Users\Richard\Downloads\Diablo 3
2012-06-27 11:26 - 2011-08-14 12:22 - 00000000 ____D C:\Users\Richard\Downloads\Crap
2012-06-27 11:26 - 2011-03-22 19:11 - 00000000 ____D C:\Users\Richard\Downloads\Games
2012-06-27 11:26 - 2011-03-15 22:24 - 00000000 ____D C:\Users\Richard\Downloads\DirectX 7.0
2012-06-27 11:26 - 2011-03-14 09:28 - 00000000 ____D C:\Users\Richard\Downloads\Easy PDF
2012-06-27 11:26 - 2011-02-16 08:15 - 00000000 ____D C:\Users\Richard\Downloads\Draftsight
2012-06-27 11:26 - 2010-09-26 21:12 - 00000000 ____D C:\Users\Richard\Downloads\Everest Utility
2012-06-27 11:26 - 2010-03-20 06:32 - 00000000 ____D C:\Users\Richard\Downloads\Dell D810 laptop
2012-06-27 11:26 - 2010-03-10 18:41 - 00000000 ____D C:\Users\Richard\Downloads\Chess benchmark
2012-06-27 11:26 - 2010-02-28 20:08 - 00000000 ____D C:\Users\Richard\Downloads\G19 keyboard stuff
2012-06-27 11:26 - 2010-02-25 20:26 - 00000000 ____D C:\Users\Richard\Downloads\CPU-Z
2012-06-27 11:26 - 2010-02-24 02:51 - 00000000 ____D C:\Users\Richard\Downloads\ATI Stuff
2012-06-27 11:26 - 2010-02-22 13:33 - 00000000 ____D C:\Users\Richard\Downloads\Fraps
2012-06-27 11:24 - 2012-04-29 14:09 - 00000000 ____D C:\Users\Richard\Documents\StarCraft II
2012-06-27 11:24 - 2011-11-04 06:26 - 00000000 ____D C:\Users\Richard\Documents\My SureThing Projects
2012-06-27 11:24 - 2011-03-30 20:06 - 00000000 ____D C:\Users\Richard\Documents\LCDHost
2012-06-27 11:24 - 2010-12-18 13:42 - 00000000 ____D C:\Users\Richard\Downloads\Acronis True Image Software
2012-06-27 11:24 - 2010-03-20 07:10 - 00000000 ____D C:\Users\Richard\Documents\OnLive
2012-06-27 11:24 - 2010-02-22 14:09 - 00000000 ____D C:\Users\Richard\Documents\Open AL update
2012-06-27 11:23 - 2012-02-04 20:06 - 00000000 ____D C:\Users\Richard\ATI Catalyst 12.1 CAP
2012-06-27 11:23 - 2011-07-21 09:59 - 00000000 ____D C:\Users\Richard\Application Data\RIFT
2012-06-27 11:23 - 2011-07-21 09:59 - 00000000 ____D C:\Users\Richard\AppData\Roaming\RIFT
2012-06-27 11:23 - 2011-01-26 21:38 - 00000000 ____D C:\Users\Richard\Application Data\pdf995
2012-06-27 11:23 - 2011-01-26 21:38 - 00000000 ____D C:\Users\Richard\AppData\Roaming\pdf995
2012-06-27 11:23 - 2011-01-11 09:11 - 00000000 ____D C:\Users\Richard\Documents\CC Cleaner old registry file restore
2012-06-27 11:23 - 2010-06-22 15:45 - 00000000 ____D C:\Users\Richard\Application Data\Rainmeter
2012-06-27 11:23 - 2010-06-22 15:45 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Rainmeter
2012-06-27 11:23 - 2010-03-01 01:22 - 00000000 ____D C:\Users\Richard\Application Data\Ventrilo
2012-06-27 11:23 - 2010-03-01 01:22 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Ventrilo
2012-06-27 11:22 - 2011-03-16 16:09 - 00000000 ____D C:\Users\Richard\Application Data\Bioshock
2012-06-27 11:22 - 2011-03-16 16:09 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Bioshock
2012-06-27 11:22 - 2011-02-01 09:19 - 00000000 ____D C:\Users\Richard\Application Data\GameHouse
2012-06-27 11:22 - 2011-02-01 09:19 - 00000000 ____D C:\Users\Richard\AppData\Roaming\GameHouse
2012-06-27 11:22 - 2010-11-25 21:18 - 00000000 ____D C:\Users\Richard\Application Data\funkitron
2012-06-27 11:22 - 2010-11-25 21:18 - 00000000 ____D C:\Users\Richard\AppData\Roaming\funkitron
2012-06-27 11:22 - 2010-09-15 08:08 - 00000000 ____D C:\Users\Richard\Application Data\DNA
2012-06-27 11:22 - 2010-09-15 08:08 - 00000000 ____D C:\Users\Richard\AppData\Roaming\DNA
2012-06-27 11:22 - 2010-06-23 15:57 - 00000000 ____D C:\Users\Richard\Application Data\GameSave Manager
2012-06-27 11:22 - 2010-06-23 15:57 - 00000000 ____D C:\Users\Richard\AppData\Roaming\GameSave Manager
2012-06-27 11:22 - 2010-03-08 19:21 - 00000000 ____D C:\Users\Richard\Application Data\ArcSoft
2012-06-27 11:22 - 2010-03-08 19:21 - 00000000 ____D C:\Users\Richard\AppData\Roaming\ArcSoft
2012-06-27 11:17 - 2012-03-05 12:57 - 00000000 ____D C:\Users\Richard\Local Settings\Application Data\Black_Tree_Gaming
2012-06-27 11:17 - 2012-03-05 12:57 - 00000000 ____D C:\Users\Richard\AppData\Local\Black_Tree_Gaming
2012-06-27 11:17 - 2012-01-20 12:53 - 00000000 ____D C:\Users\Richard\Local Settings\Application Data\FOMM
2012-06-27 11:17 - 2012-01-20 12:53 - 00000000 ____D C:\Users\Richard\AppData\Local\FOMM
2012-06-27 11:17 - 2011-07-21 09:42 - 00000000 ____D C:\Users\Richard\AppData\Local\Apps\2.0
2012-06-27 11:17 - 2010-11-10 22:14 - 00000000 ____D C:\Users\Richard\Local Settings\Application Data\Downloaded Installations
2012-06-27 11:17 - 2010-11-10 22:14 - 00000000 ____D C:\Users\Richard\AppData\Local\Downloaded Installations
2012-06-27 11:16 - 2011-04-09 12:44 - 00000000 ____D C:\Users\Richard79\AppData\Roaming\Rainmeter
2012-06-27 11:16 - 2011-04-09 12:44 - 00000000 ____D C:\Users\Richard79\AppData\Roaming\DNA
2012-06-27 11:16 - 2011-04-09 12:44 - 00000000 ____D C:\Users\Richard79\AppData\Roaming\ArcSoft
2012-06-27 11:15 - 2012-01-12 10:59 - 00000000 ____D C:\TaxACT 2011
2012-06-27 11:15 - 2011-06-19 21:03 - 00000000 ____D C:\usb_driver
2012-06-27 11:15 - 2011-01-31 16:07 - 00000000 ____D C:\Users\All Users\Nero
2012-06-27 11:15 - 2011-01-27 14:12 - 00000000 ____D C:\Users\All Users\Yahoo! Companion
2012-06-27 11:15 - 2011-01-26 21:29 - 00000000 ____D C:\Users\All Users\pdf995
2012-06-27 11:15 - 2011-01-26 19:05 - 00000000 ____D C:\TaxACT 2010
2012-06-27 11:15 - 2010-12-17 12:46 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\funkitron
2012-06-27 11:15 - 2010-12-17 12:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Rainmeter
2012-06-27 11:15 - 2010-12-17 12:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\DNA
2012-06-27 11:15 - 2010-12-17 12:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ArcSoft
2012-06-27 11:15 - 2010-11-10 23:38 - 00000000 __HDC C:\Users\All Users\{7451F7D5-591C-4490-8D3B-C73A69A0E782}
2012-06-27 11:15 - 2010-11-10 23:26 - 00000000 __HDC C:\Users\All Users\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2012-06-27 11:15 - 2010-05-30 23:22 - 00000000 ____D C:\Users\All Users\WildTangent
2012-06-27 11:15 - 2010-02-24 18:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Bioshock
2012-06-27 11:13 - 2012-03-05 12:57 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2012-06-27 11:13 - 2011-01-24 20:13 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2012-06-27 11:13 - 2010-12-18 12:31 - 00000000 ____D C:\Users\All Users\!SASCORE
2012-06-27 11:13 - 2010-12-18 12:31 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-27 11:13 - 2010-11-23 12:36 - 00000000 ____D C:\Users\All Users\Apple Computer
2012-06-27 11:13 - 2010-05-02 22:39 - 00000000 ____D C:\Program Files\Microsoft Games
2012-06-27 11:13 - 2010-03-08 19:25 - 00000000 ____D C:\Users\All Users\Apple
2012-06-27 11:13 - 2010-02-21 14:30 - 00000000 ____D C:\Users\All Users\Creative
2012-06-27 11:12 - 2012-06-11 12:14 - 00000000 ____D C:\Program Files (x86)\WinDirStat
2012-06-27 11:12 - 2012-01-21 10:40 - 00000000 ____D C:\Program Files (x86)\SureThing CD Labeler 5
2012-06-27 11:12 - 2011-12-13 18:17 - 00000000 ____D C:\Program Files\Common Files\Motive
2012-06-27 11:12 - 2011-08-18 21:22 - 00000000 ____D C:\Program Files (x86)\The Serpent of Isis
2012-06-27 11:12 - 2011-08-18 21:20 - 00000000 ____D C:\Program Files (x86)\Youda Legend - The Curse of the Amsterdam Diamond
2012-06-27 11:12 - 2011-01-27 14:12 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2012-06-27 11:12 - 2010-11-25 21:17 - 00000000 ____D C:\Program Files (x86)\Trinklit Supreme
2012-06-27 11:12 - 2010-11-23 12:36 - 00000000 ____D C:\Program Files\iTunes
2012-06-27 11:12 - 2010-11-23 12:36 - 00000000 ____D C:\Program Files\iPod
2012-06-27 11:12 - 2010-11-23 12:34 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-06-27 11:12 - 2010-11-23 12:34 - 00000000 ____D C:\Program Files\Bonjour
2012-06-27 11:12 - 2010-10-22 19:58 - 00000000 ____D C:\Program Files (x86)\Tibet Quest
2012-06-27 11:12 - 2010-08-03 18:45 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2012-06-27 11:12 - 2010-06-02 16:41 - 00000000 ____D C:\Program Files (x86)\Trial of the Gods - Ariadnes Journey
2012-06-27 11:12 - 2010-05-30 23:22 - 00000000 ____D C:\Program Files (x86)\WildGames
2012-06-27 11:12 - 2010-04-22 18:32 - 00000000 ____D C:\Program Files\7-Zip
2012-06-27 11:12 - 2010-03-10 19:48 - 00000000 ____D C:\Program Files (x86)\Unigine
2012-06-27 11:12 - 2010-03-07 00:53 - 00000000 ____D C:\Program Files (x86)\World of Goo
2012-06-27 11:12 - 2010-02-26 07:14 - 00000000 ____D C:\Program Files\BurnInTest
2012-06-27 11:12 - 2010-02-22 21:41 - 00000000 ____D C:\Program Files (x86)\Windows Live SkyDrive
2012-06-27 11:12 - 2010-02-21 19:58 - 00000000 ____D C:\Program Files\Creative
2012-06-27 11:12 - 2010-02-21 14:25 - 00000000 ____D C:\Program Files (x86)\VIA
2012-06-27 11:12 - 2010-02-21 14:16 - 00000000 ____D C:\Program Files\Google
2012-06-27 11:12 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-06-27 11:11 - 2011-12-01 11:07 - 00000000 ____D C:\Program Files (x86)\Spirent Communications
2012-06-27 11:11 - 2011-05-25 12:11 - 00000000 ____D C:\Program Files (x86)\ROM CHECK FAIL
2012-06-27 11:11 - 2011-03-30 21:16 - 00000000 ____D C:\Program Files (x86)\Season Match - Curse of the Witch Crow
2012-06-27 11:11 - 2010-12-06 22:23 - 00000000 ____D C:\Program Files (x86)\SoundTaxi Media Suite
2012-06-27 11:11 - 2010-12-06 22:22 - 00000000 ____D C:\Program Files (x86)\SoundTaxi
2012-06-27 11:11 - 2010-06-22 15:30 - 00000000 ____D C:\Program Files (x86)\Speccy
2012-06-27 11:11 - 2010-03-07 01:00 - 00000000 ____D C:\Program Files (x86)\Sea Journey
2012-06-27 11:11 - 2010-03-07 00:59 - 00000000 ____D C:\Program Files (x86)\Slingo Supreme
2012-06-27 11:11 - 2010-02-24 11:32 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2012-06-27 11:11 - 2010-02-21 22:10 - 00000000 ____D C:\Program Files (x86)\SpeedingHDD
2012-06-27 11:11 - 2010-02-21 14:33 - 00000000 ____D C:\Program Files (x86)\Realtek
2012-06-27 11:10 - 2011-11-15 13:43 - 00000000 ____D C:\Program Files (x86)\RadeonPro
2012-06-27 11:10 - 2011-09-24 18:49 - 00000000 ____D C:\Program Files (x86)\Peggle Deluxe
2012-06-27 11:10 - 2011-09-11 07:16 - 00000000 ____D C:\Program Files (x86)\Peggle Nights
2012-06-27 11:10 - 2011-08-18 21:22 - 00000000 ____D C:\Program Files (x86)\Pantheon
2012-06-27 11:10 - 2011-01-26 20:55 - 00000000 ____D C:\Program Files (x86)\PDF995
2012-06-27 11:10 - 2010-11-23 12:36 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-06-27 11:10 - 2010-06-22 15:44 - 00000000 ____D C:\Program Files (x86)\Rainmeter
2012-06-27 11:10 - 2010-06-22 15:42 - 00000000 ____D C:\Program Files (x86)\Partition Wizard Home Edition 5.0
2012-06-27 11:10 - 2010-06-08 20:41 - 00000000 ____D C:\Program Files (x86)\Oriental Dreams
2012-06-27 11:10 - 2010-03-07 01:22 - 00000000 ____D C:\Program Files (x86)\Nightfall Mysteries - Curse of the Opera
2012-06-27 11:10 - 2010-03-07 01:17 - 00000000 ____D C:\Program Files (x86)\Mystery Case Files - Dire Grove
2012-06-27 11:10 - 2010-03-07 01:05 - 00000000 ____D C:\Program Files (x86)\Mystery Age - The Imperial Staff
2012-06-27 11:10 - 2010-02-27 13:35 - 00000000 ____D C:\Program Files (x86)\OCCT
2012-06-27 11:10 - 2010-02-24 08:29 - 00000000 ____D C:\Program Files (x86)\Motherboard Monitor 5
2012-06-27 11:10 - 2010-02-22 14:10 - 00000000 ____D C:\Program Files (x86)\OpenAL
2012-06-27 11:09 - 2012-03-14 17:52 - 00000000 ____D C:\Program Files (x86)\LightScribe Diagnostic Utility
2012-06-27 11:09 - 2011-01-24 20:13 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2012-06-27 11:09 - 2010-12-18 13:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-27 11:09 - 2010-09-15 08:00 - 00000000 ____D C:\Program Files (x86)\Logitech
2012-06-27 11:09 - 2010-05-10 16:52 - 00000000 ____D C:\Program Files (x86)\Metasquarer
2012-06-27 11:09 - 2010-03-07 01:01 - 00000000 ____D C:\Program Files (x86)\Liong - The Lost Amulets
2012-06-27 11:09 - 2010-02-22 23:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2012-06-27 11:09 - 2010-02-22 23:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2012-06-27 11:08 - 2012-05-07 05:04 - 00000000 ____D C:\Program Files (x86)\GPU-Z
2012-06-27 11:08 - 2011-12-01 11:07 - 00000000 ____D C:\Program Files (x86)\HTC
2012-06-27 11:08 - 2011-08-17 13:07 - 00000000 ____D C:\Program Files (x86)\Governor of Poker
2012-06-27 11:08 - 2010-11-23 12:36 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-06-27 11:08 - 2010-10-24 22:44 - 00000000 ____D C:\Program Files (x86)\Jewel Quest Heritage
2012-06-27 11:08 - 2010-10-24 15:20 - 00000000 ____D C:\Program Files (x86)\Hidden Expedition - Amazon
2012-06-27 11:08 - 2010-08-27 06:30 - 00000000 ____D C:\Program Files (x86)\InfraRecorder
2012-06-27 11:08 - 2010-07-25 13:51 - 00000000 ____D C:\Program Files (x86)\Hexplore
2012-06-27 11:08 - 2010-02-21 13:57 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-27 11:07 - 2012-02-06 16:50 - 00000000 ____D C:\Program Files (x86)\GameTap Web Player
2012-06-27 11:07 - 2011-08-21 13:11 - 00000000 ____D C:\Program Files (x86)\Elixir of Immortality
2012-06-27 11:07 - 2011-03-14 09:30 - 00000000 ____D C:\Program Files (x86)\FoxTabPDFConverter
2012-06-27 11:07 - 2010-10-24 15:20 - 00000000 ____D C:\Program Files (x86)\Forgotten Riddles - The Moonlight Sonatas
2012-06-27 11:07 - 2010-10-24 15:19 - 00000000 ____D C:\Program Files (x86)\Enlightenus
2012-06-27 11:07 - 2010-06-23 15:57 - 00000000 ____D C:\Program Files (x86)\GameSave Manager
2012-06-27 11:07 - 2010-02-22 13:37 - 00000000 ____D C:\Program Files (x86)\Fraps
2012-06-27 11:07 - 2010-02-21 14:15 - 00000000 ____D C:\Program Files (x86)\Google
2012-06-27 11:06 - 2011-08-11 19:16 - 00000000 ____D C:\Program Files (x86)\DOOM 3
2012-06-27 11:06 - 2010-11-25 22:58 - 00000000 ____D C:\Program Files (x86)\Dragon Age
2012-06-27 11:06 - 2010-10-24 14:42 - 00000000 ____D C:\Program Files (x86)\Dream Chronicles - The Chosen Child
2012-06-27 11:06 - 2010-09-15 08:08 - 00000000 ____D C:\Program Files (x86)\DNA
2012-06-27 11:06 - 2010-05-10 19:19 - 00000000 ____D C:\Program Files (x86)\Download Manager
2012-06-27 11:06 - 2010-03-10 21:00 - 00000000 ____D C:\Program Files (x86)\DOSBox-0.72
2012-06-27 11:05 - 2012-05-12 21:10 - 00000000 ____D C:\Program Files (x86)\Dark Souls
2012-06-27 11:05 - 2011-08-18 21:19 - 00000000 ____D C:\Program Files (x86)\Curse of the Pharaoh - Napoleon's Secret
2012-06-27 11:05 - 2011-03-10 00:37 - 00000000 ____D C:\Program Files (x86)\Cursed House
2012-06-27 11:05 - 2010-08-06 19:32 - 00000000 ____D C:\Program Files (x86)\ConEdit
2012-06-27 11:05 - 2010-07-25 09:52 - 00000000 ____D C:\Program Files (x86)\Deadtime Stories
2012-06-27 11:05 - 2010-02-21 14:30 - 00000000 ____D C:\Program Files (x86)\Creative
2012-06-27 11:04 - 2011-08-18 21:18 - 00000000 ____D C:\Program Files (x86)\Can You See What I See
2012-06-27 11:04 - 2011-08-18 21:17 - 00000000 ____D C:\Program Files (x86)\Call of Atlantis
2012-06-27 11:04 - 2011-08-18 21:16 - 00000000 ____D C:\Program Files (x86)\Azkend
2012-06-27 11:04 - 2011-08-18 18:26 - 00000000 ____D C:\Program Files (x86)\Azada - Ancient Magic
2012-06-27 11:04 - 2011-08-17 21:53 - 00000000 ____D C:\Program Files (x86)\Azada
2012-06-27 11:04 - 2011-07-02 10:32 - 00000000 ____D C:\Program Files (x86)\Cave Story Deluxe
2012-06-27 11:04 - 2011-03-15 09:19 - 00000000 ____D C:\Program Files (x86)\Baldur's Gate 2 Demo
2012-06-27 11:04 - 2010-11-23 12:34 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-06-27 11:04 - 2010-10-24 21:56 - 00000000 ____D C:\Program Files (x86)\Bejeweled 2
2012-06-27 11:04 - 2010-08-26 20:27 - 00000000 ____D C:\Program Files (x86)\CCleaner
2012-06-27 11:04 - 2010-03-11 00:46 - 00000000 ____D C:\Program Files (x86)\Call Of Pripyat Benchmark
2012-06-27 11:04 - 2010-03-06 23:04 - 00000000 ____D C:\Program Files (x86)\bfgclient
2012-06-27 11:04 - 2010-02-22 20:35 - 00000000 ____D C:\Program Files (x86)\BRS
2012-06-27 11:03 - 2012-03-04 18:18 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-06-27 11:03 - 2011-03-10 00:59 - 00000000 ____D C:\Program Files (x86)\Alex Gordon
2012-06-27 11:03 - 2011-01-26 21:29 - 00000000 ____D C:\pdf995
2012-06-27 11:03 - 2010-12-06 21:02 - 00000000 ____D C:\Program Files (x86)\AllMusicConverter Media Suite
2012-06-27 11:03 - 2010-12-06 21:01 - 00000000 ____D C:\Program Files (x86)\AllMusicConverter
2012-06-27 11:03 - 2010-11-23 12:35 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-06-27 11:03 - 2010-07-25 14:50 - 00000000 ____D C:\Hexen II
2012-06-27 11:03 - 2010-04-22 22:11 - 00000000 ____D C:\Oblivion
2012-06-27 11:03 - 2010-04-21 09:49 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2012-06-27 11:03 - 2010-03-06 23:05 - 00000000 ____D C:\Program Files (x86)\Ancient Quest of Saqqarah
2012-06-27 11:03 - 2010-02-21 14:04 - 00000000 ____D C:\Program Files (x86)\ASUS
2012-06-27 11:02 - 2012-05-14 18:06 - 00000000 ____D C:\Diablo
2012-06-27 11:02 - 2010-08-16 13:19 - 00000000 ____D C:\DeusEx
2012-06-27 10:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-06-27 10:48 - 2010-02-21 14:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2012-06-27 10:48 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\SysWOW64\winrm
2012-06-27 10:48 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\SysWOW64\WCN
2012-06-27 10:48 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2012-06-27 10:48 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-06-27 10:48 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2012-06-27 10:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Web
2012-06-27 10:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Vss
2012-06-27 10:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\spp
2012-06-27 10:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Speech
2012-06-27 10:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\NetworkList
2012-06-27 10:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2012-06-27 10:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Msdtc
2012-06-27 10:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2012-06-27 10:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2012-06-27 10:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\IME
2012-06-27 10:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2012-06-27 10:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\com
2012-06-27 10:47 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Performance
2012-06-27 10:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Speech
2012-06-27 10:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\schemas
2012-06-27 10:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Resources
2012-06-27 10:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-06-27 10:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PLA
2012-06-27 10:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\IME
2012-06-27 10:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2012-06-27 10:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Globalization
2012-06-27 10:33 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Branding
2012-06-27 10:24 - 2012-01-20 15:51 - 00000000 ____D C:\Users\Richard\Downloads\nvse_2_beta12
2012-06-27 10:24 - 2011-12-23 11:23 - 00000000 ____D C:\Users\Richard\Downloads\Skyrim
2012-06-27 10:11 - 2010-05-06 08:11 - 00000000 ____D C:\Users\Richard\Downloads\ASUS Motherboard
2012-06-27 10:10 - 2011-11-09 11:09 - 00000000 ____D C:\Users\Richard\Documents\Rockstar Games
2012-06-27 10:10 - 2011-03-22 20:31 - 00000000 ____D C:\Users\Richard\Documents\Warzone 2100 2.3
2012-06-27 10:10 - 2010-02-21 15:46 - 00000000 ____D C:\Users\Richard\Documents\VIA_Audio_V6017430[1]
2012-06-27 10:09 - 2011-12-01 11:09 - 00000000 ____D C:\Users\Richard\Application Data\HTC
2012-06-27 10:09 - 2011-12-01 11:09 - 00000000 ____D C:\Users\Richard\AppData\Roaming\HTC
2012-06-27 10:09 - 2011-11-04 06:26 - 00000000 ____D C:\Users\Richard\Local Settings\Application Data\MicroVision Applications
2012-06-27 10:09 - 2011-11-04 06:26 - 00000000 ____D C:\Users\Richard\AppData\Local\MicroVision Applications
2012-06-27 10:09 - 2011-08-21 12:04 - 00000000 ____D C:\Users\Richard\Application Data\ERS Game Studios
2012-06-27 10:09 - 2011-08-21 12:04 - 00000000 ____D C:\Users\Richard\AppData\Roaming\ERS Game Studios
2012-06-27 10:09 - 2011-08-17 21:54 - 00000000 ____D C:\Users\Richard\Application Data\Big Fish Games
2012-06-27 10:09 - 2011-08-17 21:54 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Big Fish Games
2012-06-27 10:09 - 2011-04-06 20:49 - 00000000 ____D C:\Users\Richard\Documents\Diablo 2
2012-06-27 10:09 - 2011-02-16 08:18 - 00000000 ____D C:\Users\Richard\Application Data\DraftSight
2012-06-27 10:09 - 2011-02-16 08:18 - 00000000 ____D C:\Users\Richard\AppData\Roaming\DraftSight
2012-06-27 10:09 - 2011-02-15 10:44 - 00000000 ____D C:\Users\Richard\Application Data\SUPERAntiSpyware.com
2012-06-27 10:09 - 2011-02-15 10:44 - 00000000 ____D C:\Users\Richard\AppData\Roaming\SUPERAntiSpyware.com
2012-06-27 10:09 - 2011-01-31 19:35 - 00000000 ____D C:\Users\Richard\Application Data\Nero
2012-06-27 10:09 - 2011-01-31 19:35 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Nero
2012-06-27 10:09 - 2011-01-26 21:03 - 00000000 ____D C:\Users\Richard\Application Data\TaxCut
2012-06-27 10:09 - 2011-01-26 21:03 - 00000000 ____D C:\Users\Richard\AppData\Roaming\TaxCut
2012-06-27 10:09 - 2010-06-29 21:04 - 00000000 ____D C:\Users\Richard\Application Data\ERS G-Studio
2012-06-27 10:09 - 2010-06-29 21:04 - 00000000 ____D C:\Users\Richard\AppData\Roaming\ERS G-Studio
2012-06-27 10:09 - 2010-06-22 15:45 - 00000000 ____D C:\Users\Richard\Documents\Rainmeter
2012-06-27 10:09 - 2010-04-21 09:50 - 00000000 ____D C:\Users\Richard\Documents\Eidos
2012-06-27 10:09 - 2010-03-10 19:21 - 00000000 ____D C:\Users\Richard\Documents\POV-Ray
2012-06-27 10:09 - 2010-03-10 19:21 - 00000000 ____D C:\Users\Richard\Application Data\POV-Ray
2012-06-27 10:09 - 2010-03-10 19:21 - 00000000 ____D C:\Users\Richard\AppData\Roaming\POV-Ray
2012-06-27 10:09 - 2010-03-09 13:21 - 00000000 ____D C:\Users\Richard\Local Settings\Application Data\Yahoo!
2012-06-27 10:09 - 2010-03-09 13:21 - 00000000 ____D C:\Users\Richard\AppData\Local\Yahoo!
2012-06-27 10:09 - 2010-02-22 22:19 - 00000000 ____D C:\Users\Richard\Documents\BioWare
2012-06-27 10:09 - 2010-02-22 20:35 - 00000000 ____D C:\Users\Richard\Documents\My Games
2012-06-27 10:09 - 2010-02-21 19:47 - 00000000 ____D C:\Users\Richard\Documents\Captains sound fix
2012-06-27 10:09 - 2010-02-21 14:16 - 00000000 ____D C:\Users\Richard\Application Data\Macromedia
2012-06-27 10:09 - 2010-02-21 14:16 - 00000000 ____D C:\Users\Richard\Application Data\Adobe
2012-06-27 10:09 - 2010-02-21 14:16 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Macromedia
2012-06-27 10:09 - 2010-02-21 14:16 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Adobe
2012-06-27 10:09 - 2010-02-21 13:16 - 00000000 ____D C:\Users\Richard\Local Settings\Application Data\VirtualStore
2012-06-27 10:09 - 2010-02-21 13:16 - 00000000 ____D C:\Users\Richard\AppData\Local\VirtualStore
2012-06-27 10:06 - 2011-07-25 20:48 - 00000000 ____D C:\Users\Public\Documents\Unity Projects
2012-06-27 10:06 - 2011-04-09 12:44 - 00000000 ____D C:\Users\Richard79\Documents\Rainmeter
2012-06-27 10:06 - 2010-10-24 22:45 - 00000000 ____D C:\Users\Public\Documents\bigfish
2012-06-27 10:06 - 2010-06-08 20:55 - 00000000 ____D C:\Users\Richard\Local Settings\Application Data\Adept Studios
2012-06-27 10:06 - 2010-06-08 20:55 - 00000000 ____D C:\Users\Richard\AppData\Local\Adept Studios
2012-06-27 10:06 - 2010-05-02 22:40 - 00000000 ____D C:\Users\Richard\Local Settings\Application Data\Microsoft Games
2012-06-27 10:06 - 2010-05-02 22:40 - 00000000 ____D C:\Users\Richard\AppData\Local\Microsoft Games
2012-06-27 10:06 - 2010-02-25 11:41 - 00000000 ____D C:\Users\Richard79\AppData\Roaming\Macromedia
2012-06-27 10:06 - 2010-02-21 14:51 - 00000000 ____D C:\Users\Richard\Local Settings\Application Data\Google
2012-06-27 10:06 - 2010-02-21 14:51 - 00000000 ____D C:\Users\Richard\AppData\Local\Google
2012-06-27 10:06 - 2010-02-21 14:15 - 00000000 ____D C:\Users\Richard\Local Settings\Application Data\Adobe
2012-06-27 10:06 - 2010-02-21 14:15 - 00000000 ____D C:\Users\Richard\AppData\Local\Adobe
2012-06-27 10:05 - 2011-11-09 09:09 - 00000000 ____D C:\Users\All Users\Rockstar Games
2012-06-27 10:05 - 2011-07-25 20:50 - 00000000 ____D C:\Users\All Users\PACE Anti-Piracy
2012-06-27 10:05 - 2011-01-26 20:53 - 00000000 ____D C:\Users\All Users\TaxCut
2012-06-27 10:05 - 2010-12-18 12:32 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2012-06-27 10:05 - 2010-12-17 14:21 - 00000000 ____D C:\Users\Administrator\Documents\BioWare
2012-06-27 10:05 - 2010-12-17 12:41 - 00000000 ____D C:\Users\Administrator\Documents\Rainmeter
2012-06-27 10:05 - 2010-11-23 12:36 - 00000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-06-27 10:05 - 2010-02-25 11:36 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia
2012-06-27 10:05 - 2010-02-24 18:08 - 00000000 ____D C:\Users\Administrator\Documents\My Games
2012-06-27 10:05 - 2010-02-24 08:57 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2012-06-27 10:05 - 2010-02-21 14:16 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-06-27 10:05 - 2010-02-21 14:16 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-06-27 10:05 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2012-06-27 10:04 - 2012-04-20 19:23 - 00000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-06-27 10:04 - 2012-04-20 13:33 - 00000000 ____D C:\Users\All Users\Battle.net
2012-06-27 10:04 - 2012-02-08 11:25 - 00000000 ____D C:\Program Files\NTCore
2012-06-27 10:04 - 2012-02-06 16:50 - 00000000 ____D C:\Users\All Users\GameTap Web Player
2012-06-27 10:04 - 2011-03-10 00:36 - 00000000 ____D C:\Users\All Users\Big Fish Games
2012-06-27 10:04 - 2010-12-18 13:11 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-27 10:04 - 2010-11-10 22:57 - 00000000 ____D C:\Users\All Users\Electronic Arts
2012-06-27 10:04 - 2010-10-22 20:00 - 00000000 ____D C:\Users\All Users\GameXzone
2012-06-27 10:04 - 2010-06-28 13:22 - 00000000 ____D C:\Users\All Users\Codemasters
2012-06-27 10:04 - 2010-03-10 19:02 - 00000000 ____D C:\Program Files\SiSoftware
2012-06-27 10:04 - 2010-03-08 19:21 - 00000000 ____D C:\Users\All Users\ArcSoft
2012-06-27 10:04 - 2010-02-25 13:52 - 00000000 ___HD C:\Users\All Users\CanonBJ
2012-06-27 10:04 - 2010-02-21 20:39 - 00000000 ____D C:\Users\All Users\Logitech
2012-06-27 10:04 - 2010-02-21 20:38 - 00000000 ____D C:\Users\All Users\LogiShrd
2012-06-27 10:04 - 2010-02-21 14:15 - 00000000 ____D C:\Users\All Users\Google
2012-06-27 10:04 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2012-06-27 10:04 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2012-06-27 10:04 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2012-06-27 10:04 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Windows NT
2012-06-27 10:03 - 2011-03-15 19:46 - 00000000 ____D C:\Program Files (x86)\Windows Virtual PC
2012-06-27 10:03 - 2010-05-30 23:17 - 00000000 ____D C:\Program Files (x86)\WildTangent
2012-06-27 10:03 - 2010-03-10 18:59 - 00000000 ____D C:\Program Files\Java
2012-06-27 10:03 - 2010-02-25 20:27 - 00000000 ____D C:\Program Files\CPUID
2012-06-27 10:03 - 2010-02-22 23:01 - 00000000 ____D C:\Program Files\Microsoft Office
2012-06-27 10:03 - 2010-02-21 20:39 - 00000000 ____D C:\Program Files\Logitech
2012-06-27 10:03 - 2010-02-21 20:39 - 00000000 ____D C:\Program Files\Common Files\Logishrd
2012-06-27 10:03 - 2010-02-21 14:04 - 00000000 ____D C:\Program Files\ASUS
2012-06-27 10:03 - 2010-02-21 13:52 - 00000000 ____D C:\Program Files\ATI
2012-06-27 10:03 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\MSBuild
2012-06-27 10:03 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2012-06-27 10:03 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-06-27 10:03 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2012-06-27 10:03 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2012-06-27 10:03 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-06-27 10:03 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2012-06-27 10:01 - 2011-03-31 12:49 - 00000000 ____D C:\Program Files (x86)\Ray Adams
2012-06-27 10:01 - 2010-12-18 11:58 - 00000000 ____D C:\Program Files (x86)\Panda Security
2012-06-27 10:01 - 2010-07-01 18:57 - 00000000 ____D C:\Program Files (x86)\NifTools
2012-06-27 10:01 - 2010-06-28 15:08 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2012-06-27 10:01 - 2010-02-21 23:52 - 00000000 ____D C:\Program Files (x86)\Runic Games
2012-06-27 10:01 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2012-06-27 10:01 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2012-06-27 10:00 - 2010-09-26 21:18 - 00000000 ____D C:\Program Files (x86)\Lavalys
2012-06-27 10:00 - 2010-03-08 19:21 - 00000000 ____D C:\Program Files (x86)\Kodak
2012-06-27 10:00 - 2010-02-24 05:47 - 00000000 ____D C:\Program Files (x86)\Java
2012-06-27 10:00 - 2010-02-22 20:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-06-27 09:59 - 2010-12-20 17:05 - 00000000 ____D C:\Program Files (x86)\exPressit S.E. 3.0
2012-06-27 09:59 - 2010-09-15 11:53 - 00000000 ____D C:\Program Files (x86)\GEULS
2012-06-27 09:59 - 2010-04-21 09:36 - 00000000 ____D C:\Program Files (x86)\Eidos
2012-06-27 09:59 - 2010-02-24 12:49 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2012-06-27 09:58 - 2011-01-24 20:13 - 00000000 ____D C:\Program Files (x86)\DAODB
2012-06-27 09:58 - 2010-02-21 19:59 - 00000000 ___HD C:\Program Files (x86)\Creative Installation Information
2012-06-27 09:56 - 2011-02-12 19:48 - 00000000 ____D C:\Program Files (x86)\Belarc
2012-06-27 09:55 - 2012-01-20 12:53 - 00000000 ____D C:\Games
2012-06-27 09:55 - 2011-03-16 15:27 - 00000000 ____D C:\Program Files (x86)\2K Games
2012-06-27 09:55 - 2010-12-18 13:52 - 00000000 ____D C:\Program Files (x86)\Acronis
2012-06-27 09:55 - 2010-04-07 07:47 - 00000000 ____D C:\PFiles
2012-06-27 09:55 - 2010-02-22 23:00 - 00000000 __RHD C:\MSOCache
2012-06-27 09:55 - 2010-02-21 14:16 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-06-27 09:53 - 2012-02-20 20:25 - 00000000 ____D C:\AMD
2012-06-27 09:53 - 2010-02-24 02:35 - 00000000 ____D C:\ATI
2012-06-27 08:57 - 2012-06-27 08:57 - 00046524 ____A C:\Users\Richard\Desktop\DxDiag_6_27_2012.txt
2012-06-27 08:56 - 2012-06-27 08:56 - 00939346 ____A C:\Users\Richard\Desktop\MSinfo.txt
2012-06-27 07:05 - 2012-06-25 11:38 - 00000000 ____D C:\Users\Richard\Application Data\Masiep
2012-06-27 07:05 - 2012-06-25 11:38 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Masiep
2012-06-27 07:00 - 2012-06-25 09:27 - 00000000 ____D C:\Users\Richard\Application Data\Bilu
2012-06-27 07:00 - 2012-06-25 09:27 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Bilu
2012-06-27 06:56 - 2012-06-25 09:27 - 00000000 ____D C:\Users\Richard\Application Data\Enwior
2012-06-27 06:56 - 2012-06-25 09:27 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Enwior
2012-06-27 05:41 - 2012-06-27 05:28 - 00000000 ____D C:\Users\Richard\Application Data\Peturo
2012-06-27 05:41 - 2012-06-27 05:28 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Peturo
2012-06-26 12:37 - 2010-12-27 14:56 - 00000000 ___HD C:\Users\Richard\Application Data\Help
2012-06-26 12:37 - 2010-12-27 14:56 - 00000000 ___HD C:\Users\Richard\AppData\Roaming\Help
2012-06-26 12:17 - 2012-06-26 12:17 - 00000000 ____D C:\Users\Richard\Application Data\Microsoft Corporation
2012-06-26 12:17 - 2012-06-26 12:17 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Microsoft Corporation
2012-06-25 16:38 - 2012-06-25 10:02 - 00000361 ____A C:\rkill.log
2012-06-25 12:27 - 2010-03-30 00:16 - 00007675 ___AH C:\Users\Richard\Local Settings\Application Data\Resmon.ResmonCfg
2012-06-25 12:27 - 2010-03-30 00:16 - 00007675 ___AH C:\Users\Richard\AppData\Local\Resmon.ResmonCfg
2012-06-25 11:51 - 2012-06-25 11:51 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-25 11:38 - 2012-06-25 11:38 - 00000000 ____D C:\Users\Richard\Application Data\Buecd
2012-06-25 11:38 - 2012-06-25 11:38 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Buecd
2012-06-25 09:27 - 2012-06-25 09:27 - 00000000 ____D C:\Users\Richard\Application Data\Qemyun
2012-06-25 09:27 - 2012-06-25 09:27 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Qemyun
2012-06-25 07:40 - 2012-06-25 07:40 - 00000152 ___AH C:\Users\All Users\-aj5tQI5QveNeWLr
2012-06-25 07:40 - 2012-06-25 07:40 - 00000000 ___AH C:\Users\All Users\-aj5tQI5QveNeWL
2012-06-25 07:40 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2012-06-20 17:17 - 2012-06-20 17:17 - 00397850 ___AH C:\Users\Richard\Downloads\ATVI_Financial_Model_Q1_CY12_Final.xlsx
2012-06-17 23:20 - 2010-03-04 00:20 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3920970082-1727570077-1240759191-1000Core.job
2012-06-11 12:16 - 2010-03-04 00:22 - 00002416 ____A C:\Users\Richard\Desktop\Google Chrome.lnk
2012-06-11 12:14 - 2011-03-20 21:49 - 00001035 ____A C:\Users\Richard79\Desktop\WinDirStat.lnk
2012-06-11 12:14 - 2011-03-20 21:49 - 00001035 ____A C:\Users\Richard\Desktop\WinDirStat.lnk
2012-06-11 12:14 - 2011-03-20 21:49 - 00001035 ____A C:\Users\Guest\Desktop\WinDirStat.lnk
2012-06-11 12:14 - 2011-03-20 21:49 - 00001035 ____A C:\Users\Administrator\Desktop\WinDirStat.lnk
2012-06-06 11:48 - 2012-04-20 19:23 - 00000000 ___HD C:\Users\Richard\Documents\Diablo III
2012-06-02 14:19 - 2012-06-08 15:01 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-08 15:01 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-08 15:01 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:15 - 2012-06-08 15:01 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 12:19 - 2012-06-08 15:00 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-08 15:00 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-25 07:28 - 2012-05-25 07:28 - 03862112 ____A (Piriform Ltd) C:\Users\Richard\Downloads\ccsetup319.exe
2012-05-25 07:28 - 2011-01-11 08:52 - 00001021 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-05-17 18:47 - 2012-06-27 15:14 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-27 15:14 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-27 15:14 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-27 15:14 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-27 15:14 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-27 15:14 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-27 15:14 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-27 15:14 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-27 15:14 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-27 15:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-27 15:14 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-27 15:14 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-27 15:14 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-27 15:14 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-27 15:14 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-27 15:14 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-27 15:14 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-27 15:14 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-27 15:14 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-27 15:14 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-27 15:14 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-27 15:14 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-27 15:14 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-27 15:14 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-27 15:14 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-27 15:14 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-27 15:14 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-27 15:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-15 09:53 - 2012-05-15 09:45 - 00001193 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-05-14 18:06 - 2012-05-14 18:06 - 00086528 ____A C:\Windows\bnetunin.exe
2012-05-14 18:06 - 2012-05-14 18:06 - 00061440 ____A C:\Windows\diabunin.exe
2012-05-14 17:32 - 2012-06-27 15:14 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 21:12 - 2012-05-12 21:10 - 00001001 ____A C:\Users\Richard\Desktop\Dark Souls.lnk
2012-05-12 18:29 - 2012-05-12 18:29 - 00000000 ___HD C:\Users\Richard\Documents\Amazon MP3 Uploader
2012-05-12 18:29 - 2012-05-12 18:29 - 00000000 ___HD C:\Users\Richard\Application Data\com.amazon.music.uploader
2012-05-12 18:29 - 2012-05-12 18:29 - 00000000 ___HD C:\Users\Richard\AppData\Roaming\com.amazon.music.uploader
2012-05-12 18:29 - 2012-05-12 18:29 - 00000000 ___HD C:\Program Files (x86)\Amazon
2012-05-11 05:01 - 2012-05-11 04:59 - 00000623 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2012-05-10 12:02 - 2012-05-10 12:02 - 01943110 ___AH C:\Users\Richard\Downloads\IMG_0460.MOV
2012-05-07 18:07 - 2012-05-07 18:00 - 00000000 ___HD C:\Users\Richard\Downloads\Windows XP torrent Download
2012-05-07 18:00 - 2012-05-07 18:00 - 00000993 ____A C:\Users\Richard\Desktop\Continue Tube2File installation.lnk
2012-05-07 05:04 - 2012-05-07 05:04 - 00000967 ____A C:\Users\Richard\Desktop\TechPowerUp GPU-Z.lnk
2012-05-05 19:42 - 2010-02-25 10:51 - 00000000 ___HD C:\Users\Richard\Documents\Misc
2012-05-04 03:06 - 2012-06-27 15:13 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-27 15:13 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-27 15:13 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-29 14:14 - 2012-04-29 14:09 - 00000792 ____A C:\Users\Public\Desktop\StarCraft II.lnk
2012-04-29 11:36 - 2012-04-29 11:36 - 03216373 ____A (Blizzard Entertainment) C:\Users\Richard\Downloads\StarCraft_2_NA_en-US.exe
2012-04-29 09:16 - 2010-02-22 13:37 - 00000690 ____A C:\Users\Richard\Desktop\Fraps.lnk
2012-04-27 19:55 - 2012-06-27 15:13 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 19:27 - 2010-02-21 23:55 - 00000000 ___HD C:\Users\Richard\Application Data\runic games
2012-04-26 19:27 - 2010-02-21 23:55 - 00000000 ___HD C:\Users\Richard\AppData\Roaming\runic games
2012-04-26 19:21 - 2010-02-21 23:52 - 00000000 ____D C:\Users\Public\Documents\Runic
2012-04-26 03:47 - 2012-04-26 03:47 - 00071680 ____A (Beepa P/L) C:\Windows\System32\frapsv64.dll
2012-04-26 03:47 - 2012-04-26 03:47 - 00065536 ____A (Beepa P/L) C:\Windows\SysWOW64\frapsvid.dll
2012-04-25 21:41 - 2012-06-27 15:09 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-27 15:09 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-27 15:09 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 07:40 - 2010-02-21 16:54 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-23 16:27 - 2010-03-06 23:04 - 00000000 ____D C:\BigFishGamesCache
2012-04-20 12:41 - 2010-02-21 14:07 - 00000000 ___HD C:\Users\Richard\Documents\ASUS
2012-04-20 12:27 - 2012-04-20 12:27 - 00000000 ___HD C:\Users\Richard\Documents\Aggie Info
2012-04-12 20:06 - 2011-11-13 14:24 - 00000000 ___HD C:\Users\Richard\Local Settings\Application Data\Skyrim
2012-04-12 20:06 - 2011-11-13 14:24 - 00000000 ___HD C:\Users\Richard\AppData\Local\Skyrim
2012-04-11 19:25 - 2012-03-05 12:57 - 00001047 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2012-04-11 17:56 - 2012-04-11 17:56 - 00000806 ____A C:\Users\Richard\Desktop\Fallout Mod Manager.lnk
2012-04-10 12:51 - 2012-04-10 12:50 - 00000000 ___HD C:\Users\Richard\Downloads\Health Insurance Quotes
2012-04-05 19:34 - 2012-04-05 19:34 - 00187392 ____A C:\Windows\System32\clinfo.exe
2012-04-05 19:34 - 2012-04-05 19:34 - 00074752 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-04-05 19:34 - 2012-04-05 19:34 - 00064512 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-04-05 19:33 - 2012-04-05 19:33 - 16457216 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-04-05 19:33 - 2012-04-05 19:33 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-04-05 19:33 - 2012-04-05 19:33 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-04-05 19:32 - 2012-04-05 19:32 - 13007872 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll

ZeroAccess:
C:\Windows\Installer\{a674bf9e-9156-f048-ebf0-2dda9293f0b1}
C:\Windows\Installer\{a674bf9e-9156-f048-ebf0-2dda9293f0b1}\L
C:\Windows\Installer\{a674bf9e-9156-f048-ebf0-2dda9293f0b1}\U

ZeroAccess:
C:\Users\Richard\AppData\Local\{a674bf9e-9156-f048-ebf0-2dda9293f0b1}
C:\Users\Richard\AppData\Local\{a674bf9e-9156-f048-ebf0-2dda9293f0b1}\L
C:\Users\Richard\AppData\Local\{a674bf9e-9156-f048-ebf0-2dda9293f0b1}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8182.05 MB
Available physical RAM: 7332.06 MB
Total Pagefile: 8180.2 MB
Available Pagefile: 7335.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:931.4 GB) (Free:622.54 GB) NTFS
2 Drive d: () (Fixed) (Total:0.1 GB) (Free:0.01 GB) NTFS
3 Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: () (Fixed) (Total:853.29 GB) (Free:580.35 GB) NTFS
5 Drive h: (GRMCPRXFREO_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
6 Drive i: (HP V125W) (Removable) (Total:7.45 GB) (Free:6.91 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (New Volume) (Fixed) (Total:1397.26 GB) (Free:634.01 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 8 MB
Disk 1 Online 1397 GB 0 B
Disk 2 Online 931 GB 78 GB
Disk 3 Online 7643 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB
Partition 3 Primary 1744 KB 931 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 931 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1397 GB 1024 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 Y New Volume NTFS Partition 1397 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 99 MB 1024 KB
Partition 2 Primary 853 GB 101 MB

======================================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D NTFS Partition 99 MB Healthy

======================================================================================================

Disk: 2
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 G NTFS Partition 853 GB Healthy

======================================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7643 MB 31 KB

======================================================================================================

Disk: 3
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I HP V125W FAT32 Removable 7643 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-18 00:48

======================= End Of Log ==========================

Edited by txag79, 28 June 2012 - 01:38 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:41 PM

Posted 28 June 2012 - 01:23 PM

how long has it been that way?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 txag79

txag79
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 28 June 2012 - 01:45 PM

Gringo,

Computer has been really sluggish for a few weeks. Inoperable (for the most part) since this past Tuesday morning.

Edit: What do I need to do now? Still have Farbar recovery tool open.

P.S. Sent a small token to PayPal for you.

Edited by txag79, 28 June 2012 - 01:47 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:41 PM

Posted 28 June 2012 - 02:47 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Windows\Installer\{a674bf9e-9156-f048-ebf0-2dda9293f0b1}
C:\Users\Richard\AppData\Local\{a674bf9e-9156-f048-ebf0-2dda9293f0b1}


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 txag79

txag79
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 28 June 2012 - 02:55 PM

Gringo,

Here it is:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 28-06-2012
Ran by SYSTEM at 2012-06-28 14:52:35 Run:1
Running from I:\

==============================================

C:\Windows\Installer\{a674bf9e-9156-f048-ebf0-2dda9293f0b1} moved successfully.
C:\Users\Richard\AppData\Local\{a674bf9e-9156-f048-ebf0-2dda9293f0b1} moved successfully.

==== End of Fixlog ====

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:41 PM

Posted 28 June 2012 - 02:59 PM

Great - now try and run combofix again for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 txag79

txag79
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 28 June 2012 - 03:01 PM

Gringo,

Rebooted into Win 7 and started the Combofix program. It appeared to start okay, but nothing is happening now. When I ran it yesterday morning (when I was not supposed to), I got a dos box in the upper left corner of the screen where it showed the activity, but do not see that yet today.

Edit: Been 10 minutes now and still no sign that Combofix is actually running.

Edited by txag79, 28 June 2012 - 03:20 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:41 PM

Posted 28 June 2012 - 03:14 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 txag79

txag79
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 28 June 2012 - 03:23 PM

Have rebooted into Safe Mode and will now start ComboFix. Will post results as soon as it is finished or something else happens where it goes dormant again.

Edit: It finally has started scan.

Edited by txag79, 28 June 2012 - 03:45 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users