Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help With win64/sirefef.al.trojan


  • This topic is locked This topic is locked
24 replies to this topic

#1 HateTrojans

HateTrojans

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 14 August 2012 - 03:17 PM

Hey everyone. I'm not the most savvy with computers so if you could bare with me I'll try my best. I tried to follow all the instructions for the board rules ahead of time, forgive me if I missed something I'll try to amend.

Problem: NOD32 discovered a couple of weeks ago an issue it was unable to clean. I've tried following other guides in safe mode to directly remove the trojan, however nothing has been specific to this issue. What it does I haven't a clue. But when I try to update my clock (usually runs 1-2 minutes ahead) it will say windows had a critical error). It will send me through a loop of starting and restarting my computer after 1 minute with "Windows has encountered a critical problem and will shut down in 1 minute". I fixed this through system restore I guess when I changed the time it went haywire. Furthermore, when I try to delete services.exe from my task manager the same message pops up. I've tried safe mode and it gives me the same issue if I try to delete services.exe. Furthermore, randomly I'll have music playing for ads like jungle.com or other nonsense. There's the problem, let's solve it.

This is where the trojan is located:

C:/Windows/Installer/{00b520a8-9697-e321-8b92-12fdae1b7498}
C;/Windows/system32/service/.exe

NoD32 says unable to clean both.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by Brandon Singh at 16:07:37 on 2012-08-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3691.2196 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Users\Brandon Singh\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "C:\Users\Brandon Singh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [F.lux] "C:\Users\Brandon Singh\Local Settings\Apps\F.lux\flux.exe" /noshow
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ShaPlus Bandwidth Meter] "C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe" /s
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\BRANDO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 64.71.255.198
TCP: Interfaces\{D17EDB67-06DF-4300-B940-3EC5F37E6065} : DhcpNameServer = 64.71.255.198
TCP: Interfaces\{EE597366-7846-4804-ABEB-69967BE386CC} : DhcpNameServer = 64.71.255.198
TCP: Interfaces\{EE597366-7846-4804-ABEB-69967BE386CC}\1393530277962756C6563737 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EE597366-7846-4804-ABEB-69967BE386CC}\355636F6E64602345707 : DhcpNameServer = 192.168.101.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun-x64: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [ShaPlus Bandwidth Meter] "C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe" /s
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brandon Singh\AppData\Roaming\Mozilla\Firefox\Profiles\61lalnrt.default\
FF - prefs.js: browser.startup.homepage - huffingtonpost.com
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Brandon Singh\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Brandon Singh\AppData\Roaming\Mozilla\Firefox\Profiles\61lalnrt.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: C:\Users\Brandon Singh\AppData\Roaming\Mozilla\Firefox\Profiles\61lalnrt.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
S2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
S3 hcwhdpvr;Hauppauge HD PVR Capture Device;C:\Windows\system32\DRIVERS\hcwhdpvr.sys --> C:\Windows\system32\DRIVERS\hcwhdpvr.sys [?]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
.
=============== Created Last 30 ================
.
2012-08-14 16:05:20 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{89477E74-D839-4AB7-816B-604571D2BF65}
2012-08-14 16:05:04 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{9E4C989E-DC4C-4F7D-8868-3D0BD423F1D9}
2012-08-14 03:46:36 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{1C31BCA2-4419-4DA2-A546-9912E7FE4FCE}
2012-08-14 03:46:12 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{F12FD138-68B1-4F61-A954-57E4E8188C96}
2012-08-13 15:45:01 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{7260C03B-4FFE-4C33-B600-FD500B9FF7AE}
2012-08-13 15:44:41 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{C417C41D-0931-430E-98DC-D6DA6E42249A}
2012-08-12 15:32:43 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{85960683-33F6-409B-93FD-0915D85EC0A9}
2012-08-12 15:32:26 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{28A980D8-BBE5-4B5C-9705-5B8AB7DF18C0}
2012-08-11 23:45:34 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{4BB16980-A442-49EC-8899-2F40278E956E}
2012-08-11 23:43:41 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{9FADD6BB-12BE-4550-B31A-ADEAA3EBDB26}
2012-08-11 21:07:32 -------- d-----w- C:\Windows\System32\%LOCALAPPDATA%
2012-08-11 18:28:50 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{86B8C0DE-A6F6-4E08-A2C5-E81D89CAF1EC}
2012-08-11 18:28:27 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{F4A58FBC-46B2-4910-8568-63EB38E40C1F}
2012-08-11 06:28:11 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{2A9D5C37-9906-4388-93C7-AA2A72D8C6D6}
2012-08-11 06:27:48 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{776B019B-5482-4B67-B5DD-DC6154DC8435}
2012-08-10 18:27:32 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{504FD6FF-49C5-400A-B005-8B944F1A4D03}
2012-08-10 18:27:10 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{6BDEE66A-FC51-470E-8A25-8F4F248777EB}
2012-08-10 06:26:40 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{20D9A027-666B-459A-8DC9-3ADD7C740CF4}
2012-08-10 06:26:16 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{A0D99E5C-D7AF-4107-A0EF-8BE4F0793B6A}
2012-08-09 18:26:00 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{A0722A8A-B7CF-463A-B06E-5C4ACB74C4A6}
2012-08-09 18:25:37 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{8B49E841-614F-4DF0-8082-6FAF14ABAE2C}
2012-08-09 06:25:06 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{BB428EAE-2056-4AAC-BBE8-DDE3A140710C}
2012-08-09 06:24:43 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{E19CC841-CB6B-42D1-A1F2-ABD768DD4F8D}
2012-08-08 18:24:43 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{2249E0FC-1FA1-4326-91F1-41022E37C04D}
2012-08-08 06:24:13 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{C7172E09-C61D-4F9B-9315-761AA85E8517}
2012-08-08 06:24:01 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{AFA52416-1E7D-4F18-AEC5-EA625D9C36AC}
2012-08-07 18:23:45 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{A7AC9522-D1B2-4998-BA80-9E4F644B0147}
2012-08-07 18:23:20 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{AEE0CABE-5204-439E-BB95-73CE6F1A9452}
2012-08-07 06:22:51 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{8CBE843E-E04B-45A7-9057-ED12D8918D70}
2012-08-07 06:22:39 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{B9AA0231-E9F0-4873-A16C-3B1100792F51}
2012-08-06 18:22:23 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{98962084-C3D5-4E2A-BD14-B2AE5F7A9F4A}
2012-08-06 18:21:57 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{E8C19011-7192-4D2D-99C6-378E37BF8545}
2012-08-06 06:21:29 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{845BDC6B-658A-4A0C-ADE2-717F201990A9}
2012-08-06 06:21:06 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{AF9A1828-9B42-420E-90F9-D292A3A5A959}
2012-08-05 18:20:48 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{E3573C9D-EC9A-4D62-A278-061DE4C8061B}
2012-08-05 18:20:22 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{D2A08F30-21E8-4528-9DE9-1376ED2C5913}
2012-08-05 06:19:53 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{66C911B8-A007-41AE-8BB4-F4A546377718}
2012-08-05 06:19:30 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{2A9FDD51-8BFB-4F8B-A46F-D37537DCF949}
2012-08-04 18:19:14 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{8CC624CA-FE39-4650-9984-DC30AF63B010}
2012-08-04 18:18:51 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{183F30EF-B484-48A0-B54C-F71CCA0FF388}
2012-08-04 06:18:21 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{30487006-C54F-478A-BD8C-69CE92793277}
2012-08-04 06:17:58 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{D11CA974-ED8F-497A-90D9-4EFBFA20BEEE}
2012-08-03 18:17:31 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{28A05E14-32FF-49DC-95C7-148959E80BB3}
2012-08-03 18:17:17 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{37C25960-E9B0-448D-A46A-6CAFF6113C6F}
2012-08-03 04:52:34 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{3F72323D-78B2-44E3-BEC2-C3D2185926C5}
2012-08-03 04:52:11 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{FEE1D7C6-F23A-4097-8C13-81CC2C4EEC93}
2012-08-02 16:51:42 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{DBA7C4FE-E1E3-44F6-AE36-04EF5020DF2B}
2012-08-02 16:51:18 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{9B9A6BF0-5790-4BAD-AD1F-0F3F16C3E22E}
2012-08-02 04:50:46 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{AF294850-609B-4BE3-B16F-54EF70FECA05}
2012-08-02 04:50:23 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{8AFC92A1-9CB7-4D73-B021-24FCD82D5A10}
2012-08-01 16:50:00 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{D0900CB3-EDBF-4B8C-B9C2-3FC185B91085}
2012-08-01 16:49:44 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{6F561BE5-6E7A-47B1-9172-2E00C98669D8}
2012-08-01 03:42:10 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{040007A9-CEB2-43CA-B360-6D86DA9FEC48}
2012-08-01 03:41:47 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{F9CC22DD-B623-4377-9F87-4957314F7D93}
2012-07-31 15:41:15 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{EA4671D9-2DFB-4FB0-A47B-ADE173658686}
2012-07-31 15:40:57 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{81BAE0D6-C8C6-45B9-930B-CE250156512B}
2012-07-31 03:40:13 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{4C30326D-1019-4908-950E-C4491145BD1A}
2012-07-31 03:39:44 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{0EB8344D-92AF-4030-9748-4D5261141DDF}
2012-07-30 15:39:01 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{DE63CA2C-B6FB-4C76-9BB3-D8703B765615}
2012-07-30 15:38:45 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{3F7B2479-894F-477D-91E7-6DBC8F9C4D35}
2012-07-29 19:18:20 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{EE80BA34-B698-4BAA-917D-6F1433DDB290}
2012-07-29 19:17:57 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{D16C57EF-130D-4B4A-B178-AC7DEC801E86}
2012-07-29 07:17:26 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{F5A332BD-C764-414C-94CC-E6A95A4FCBBF}
2012-07-29 07:17:03 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{ACB87E66-A1ED-4E5D-B5DC-531E86E787D6}
2012-07-28 18:13:21 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{972B0902-405B-4F5D-B596-0A4F374BBAFC}
2012-07-28 18:13:03 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{CCE1E704-F7A7-43E2-8CDB-D11BEB737B8D}
2012-07-28 05:15:53 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{9AD48F2C-357D-4BA1-850A-E60E55C02D9F}
2012-07-28 05:15:30 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{109F72D8-126F-4BDC-B668-EE34DD1DB5B3}
2012-07-28 05:08:34 -------- d-----w- C:\Program Files (x86)\HollywoodMogul3
2012-07-27 17:15:14 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{7FC9091A-0F31-41DE-98DE-FF1D26402209}
2012-07-27 17:14:52 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{253A350B-F174-4E05-9704-473D96F46D20}
2012-07-27 05:14:21 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{F0D7971B-6813-4F2D-845D-C6BADCE8765A}
2012-07-27 05:13:58 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{0AC8C7E0-F6BF-40F4-83A6-E951EE699055}
2012-07-27 01:55:15 -------- d-----w- C:\Users\Brandon Singh\AppData\Roaming\TVSM
2012-07-26 17:13:07 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{3029AD14-DE10-4AA3-84D8-2D57EA07CF40}
2012-07-26 17:12:35 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{169B3210-876C-4D0C-94FF-F9A0FC5441F4}
2012-07-26 05:11:37 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{43811286-BF7E-4424-A30F-C7B74B5CFFC4}
2012-07-26 05:11:07 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{CCA554A9-7546-4938-8BBD-E4595FAFA46C}
2012-07-25 17:10:30 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{808FFC8F-76F8-4FC6-B4FB-775FBBE83153}
2012-07-25 17:10:14 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{4CB52C9B-5F83-420B-A69A-24C2B86E5B18}
2012-07-25 03:33:47 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{D3C043C3-A52B-4C15-8804-69D1179D7E7F}
2012-07-25 03:33:24 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{1231268B-2E7D-4860-AD25-FBE4A66B97E1}
2012-07-24 15:33:01 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{6E591EFC-76CA-41E1-B9E4-E619BF5AC37F}
2012-07-24 15:32:43 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{E695E17B-C1A1-44F1-BAED-274B08EDF688}
2012-07-23 23:27:33 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{2D35A8E7-B5DF-4369-9EE1-48BC415F459A}
2012-07-23 23:27:09 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{14E24BB8-9208-426F-97EA-2AA96E4617CE}
2012-07-23 06:36:34 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{7C22FDB5-2166-477F-ACBE-0F6371C73CAC}
2012-07-23 06:36:11 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{90CC1A5D-E1F2-4050-A87F-BBBF51B4781E}
2012-07-22 22:10:38 -------- d-----w- C:\Program Files\InterActual
2012-07-22 18:35:54 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{8012433F-3FCA-418A-981C-A98383832871}
2012-07-22 18:35:31 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{B16BA616-575A-4B13-B595-93CA7A9D999B}
2012-07-22 06:35:00 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{497C83BA-0D7D-48B6-A31D-F14AA0F049A9}
2012-07-22 06:34:37 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{0F1959C3-3F85-4C28-B53C-C6B34A3272D7}
2012-07-21 18:34:12 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{4884CC5C-B3CC-42B0-BDB0-7C6CC933BA62}
2012-07-21 18:33:58 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{76177441-5367-499E-8084-3361953FDA0B}
2012-07-21 18:03:34 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{C8EE753D-FA34-4906-885D-3212DDBC1BF1}
2012-07-21 06:02:54 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{3B7AD50A-DB1D-41EF-88EA-F4C5CAF4029F}
2012-07-21 06:02:28 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{260608C2-C4CB-475B-886E-09A715E78AEC}
2012-07-20 18:02:11 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{018DF9A7-D4C6-4D8D-9B80-424ACA6329DD}
2012-07-20 18:01:48 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{5B22CC85-9897-40F8-9890-F374BE7D955B}
2012-07-20 06:01:18 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{31D027A3-F00C-46F4-8942-B7F53A9D5CF1}
2012-07-20 06:01:05 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{8CEBD2B9-041C-4F55-9C14-1E3388F7E993}
2012-07-19 17:07:40 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{FC73FE64-E76A-4B7D-BFDF-C28DA32460FA}
2012-07-19 17:07:16 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{F3AE1815-E1F6-4E29-AF1D-76510AE22BA0}
2012-07-19 05:06:46 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{4C18AC29-1ABC-4D5C-85DB-7D25AD596B07}
2012-07-19 05:06:22 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{EA09A5F3-4A2D-46DF-B6A5-9EBD60E705CD}
2012-07-18 17:05:54 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{0142BF31-8330-4A9D-8FE2-5B39BD46F738}
2012-07-18 17:05:27 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{100376E5-27AD-44B4-B15F-31C6D627BD9B}
2012-07-18 06:00:46 328712 ----a-w- C:\Windows\System32\MijFrc.dll
2012-07-18 06:00:46 -------- d-----w- C:\Users\Brandon Singh\AppData\Roaming\MotioninJoy
2012-07-18 06:00:45 115272 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys
2012-07-18 06:00:45 -------- d-----w- C:\Program Files\MotioninJoy
2012-07-18 05:47:47 74960 ----a-w- C:\Windows\System32\drivers\xusb21.sys
2012-07-18 05:47:47 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2012-07-18 05:25:17 91928 ----a-w- C:\Windows\System32\xinput1_3.dll
2012-07-18 05:25:17 68888 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2012-07-18 05:15:24 40960 ----a-r- C:\Users\Brandon Singh\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-07-18 05:15:24 40960 ----a-r- C:\Users\Brandon Singh\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-07-18 05:15:17 -------- d-----w- C:\Program Files (x86)\Project64 1.6
2012-07-18 05:04:53 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{18E9FFA5-93D5-424A-AF1E-5E1BF80D405B}
2012-07-18 05:04:30 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{4CB4AAE1-1115-4CCF-93E4-502E8A9BE684}
2012-07-17 17:04:14 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{25EA62CA-B043-466F-BC23-584103614E61}
2012-07-17 17:03:50 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{CB7A5556-CEA2-44DD-87F6-20A0AD3D200D}
2012-07-17 05:03:21 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{DD12045E-CA0F-4108-B097-5C8CA94AC685}
2012-07-17 05:01:53 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{24C4F9C1-DD44-432E-8009-984A7BA56629}
2012-07-16 17:01:31 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{CD81122C-368A-4A44-926C-3829BD3FB657}
2012-07-16 17:01:06 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{FBBD120E-9F57-4A09-A3FA-2AEFCB359655}
2012-07-16 05:00:35 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{A49C3EA0-5A5D-447A-8AC6-39B0E5EF065E}
2012-07-16 05:00:12 -------- d-----w- C:\Users\Brandon Singh\AppData\Local\{07F1B74B-0AA4-4E40-AD39-6053A77E0912}
.
==================== Find3M ====================
.
2012-08-14 20:04:33 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
2012-08-03 03:33:18 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 03:33:18 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-15 02:18:50 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-07-15 02:18:50 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-15 00:49:28 544008 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-07-15 00:49:28 525576 ----a-w- C:\Windows\System32\deployJava1.dll
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 16:12:49.35 ===============

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:07 PM

Posted 17 August 2012 - 07:38 PM

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 HateTrojans

HateTrojans
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 18 August 2012 - 12:52 AM

FRST.txt

Scan result of Farbar Recovery Scan Tool Version: 15-08-2012
Ran by SYSTEM at 18-08-2012 01:42:22
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-20] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [7466600 2011-12-27] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [2716216 2009-09-29] (ESET)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" [345 2012-08-15] ()
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1167360 2009-08-03] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [ShaPlus Bandwidth Meter] "C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe" /s [x]
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [x]
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup [602624 2009-03-12] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\Brandon Singh\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2011-03-04] (Hewlett-Packard Company)
HKU\Brandon Singh\...\Run: [Google Update] "C:\Users\Brandon Singh\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-05-30] (Google Inc.)
HKU\Brandon Singh\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Brandon Singh\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Brandon Singh\...\Run: [F.lux] "C:\Users\Brandon Singh\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-28] ()
HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 64.71.255.198
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Brandon Singh\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

==================== Services (Whitelisted) ======

2 AMD Reservation Manager; "C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe" [194496 2010-06-17] (Advanced Micro Devices)
2 CronService; "C:\Prey\platform\windows\cronsvc.exe" [19968 2011-02-15] (Fork Ltd.)
3 EhttpSrv; "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [23296 2009-09-29] (ESET)
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [735960 2009-09-29] (ESET)
2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x]

========================== Drivers (Whitelisted) =============

2 eamon; C:\Windows\System32\Drivers\eamon.sys [144824 2009-09-29] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [136584 2009-09-29] (ESET)
2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [123200 2009-09-29] (ESET)
3 hcwhdpvr; C:\Windows\System32\Drivers\hcwhdpvr.sys [189952 2010-06-23] (Hauppauge, Inc.)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-18 01:41 - 2012-08-18 01:42 - 00000000 ____D C:\FRST
2012-08-17 21:22 - 2012-08-17 21:22 - 01442951 ____A (Farbar) C:\Users\Brandon Singh\Downloads\FRST64.exe
2012-08-17 21:06 - 2012-08-17 21:06 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{B8C6A945-3D40-4A7E-B4CF-974E2A0DEE98}
2012-08-17 21:06 - 2012-08-17 21:06 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{22AD5B08-CD45-4687-90EC-CE021C2FCE9E}
2012-08-17 12:33 - 2012-08-17 12:40 - 00000000 ____D C:\Users\Brandon Singh\Downloads\World War Hulk
2012-08-17 10:34 - 2012-08-17 10:35 - 02123728 ____A C:\Users\Brandon Singh\Downloads\tyt-20120816B.m4v.sfk
2012-08-17 10:32 - 2012-08-17 20:36 - 00000000 ____D C:\Users\Brandon Singh\Desktop\Montage Monday
2012-08-17 10:16 - 2012-08-17 10:31 - 508093250 ____A C:\Users\Brandon Singh\Downloads\tyt-20120815B.m4v
2012-08-17 10:15 - 2012-08-17 10:29 - 500822420 ____A C:\Users\Brandon Singh\Downloads\tyt-20120816B.m4v
2012-08-17 09:05 - 2012-08-17 09:05 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{FACC0196-530D-4E6F-93B0-8F74686D1459}
2012-08-17 09:05 - 2012-08-17 09:05 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{592C02A6-4BD3-4B44-A242-04790B397614}
2012-08-17 08:24 - 2012-08-17 04:15 - 578440385 ____A C:\Users\Brandon Singh\Desktop\directors cuy.mp4
2012-08-17 08:24 - 2012-08-17 03:32 - 466763329 ____A C:\Users\Brandon Singh\Desktop\79.mp4
2012-08-17 08:23 - 2012-08-17 04:26 - 574714549 ____A C:\Users\Brandon Singh\Desktop\78.mp4
2012-08-16 21:03 - 2012-08-16 21:03 - 00000000 ____A C:\Users\Brandon Singh\Documents\MOO985E.tmp
2012-08-16 21:03 - 2012-08-16 21:03 - 00000000 ____A C:\Users\Brandon Singh\Documents\MOO5F3F.tmp
2012-08-16 21:03 - 2012-08-16 21:03 - 00000000 ____A C:\Users\Brandon Singh\Desktop\MOO5EE8.tmp
2012-08-16 20:16 - 2012-08-16 20:16 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{1AE50A7E-1EC3-4C48-84EC-D409CD59C40E}
2012-08-16 20:16 - 2012-08-16 20:16 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{133C0893-F1B1-4BF0-B3A5-9758BA8496C0}
2012-08-16 20:15 - 2012-08-16 20:15 - 00000000 ____A C:\Users\Brandon Singh\Documents\MOO603A.tmp
2012-08-16 17:59 - 2012-08-16 18:00 - 00039072 ____A C:\Users\Brandon Singh\Downloads\It Gets Better.mp4-1715714000-282949333-0.sfk
2012-08-16 17:59 - 2012-08-16 18:00 - 00036408 ____A C:\Users\Brandon Singh\Desktop\Response to TYT's Chick-fil-A Stance.mp4-687687000-263596666-0.sfk
2012-08-16 17:59 - 2012-08-16 18:00 - 00033280 ____A C:\Users\Brandon Singh\Downloads\It Gets Better.mp4-1410409000-240907333-0.sfk
2012-08-16 17:59 - 2012-08-16 18:00 - 00030848 ____A C:\Users\Brandon Singh\Downloads\It Gets Better.mp4-1079078000-223223000-0.sfk
2012-08-16 17:12 - 2012-08-16 17:13 - 00031400 ____A C:\Users\Brandon Singh\Downloads\It Gets Better.mp4-7465124333-227227000-0.sfk
2012-08-16 17:12 - 2012-08-16 17:13 - 00031352 ____A C:\Users\Brandon Singh\Downloads\It Gets Better.mp4-6876870000-227227000-0.sfk
2012-08-16 16:23 - 2012-08-17 21:18 - 00000000 ____D C:\Users\Brandon Singh\Desktop\screw you charles carter
2012-08-16 16:13 - 2012-08-16 16:13 - 01705344 ____A C:\Users\Brandon Singh\Desktop\Response to TYT's Chick-fil-A Stance.mp4.sfk
2012-08-16 16:12 - 2012-08-16 16:13 - 01063744 ____A C:\Users\Brandon Singh\Downloads\It Gets Better.mp4.sfk
2012-08-16 15:55 - 2012-08-16 15:56 - 33746524 ____A C:\Users\Brandon Singh\Downloads\It Gets Better.mp4
2012-08-16 15:43 - 2012-08-16 15:44 - 36948456 ____A C:\Users\Brandon Singh\Desktop\Response to TYT's Chick-fil-A Stance.mp4
2012-08-16 08:15 - 2012-08-16 08:15 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{594890D5-7391-41BF-8E2D-6E7FB29F184F}
2012-08-16 08:15 - 2012-08-16 08:15 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{25166E2F-E2D3-454A-805A-17F273E983A0}
2012-08-15 21:58 - 2012-08-16 01:01 - 330848142 ____A C:\Users\Brandon Singh\Desktop\TYTNation Super Mario Brothers Throwback Thursday.mp4
2012-08-15 20:14 - 2012-08-15 20:15 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{649E409C-057F-4CB3-9334-9D14E93D175E}
2012-08-15 20:14 - 2012-08-15 20:14 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{6EB859BC-AEC9-439B-814F-02D0E09C28FD}
2012-08-15 18:16 - 2012-08-15 18:20 - 01871074 ____A C:\Users\Brandon Singh\Desktop\teaser 2.mp4
2012-08-15 17:45 - 2012-08-15 17:45 - 14802564 ____A C:\Users\Brandon Singh\Desktop\fix bteaser.avi
2012-08-15 16:11 - 2012-08-15 16:12 - 00888288 ____A C:\Users\Brandon Singh\Desktop\Super Mario depression.sfk
2012-08-15 14:37 - 2012-08-15 14:47 - 00425568 ____A C:\Users\Brandon Singh\Downloads\The Dream_ Is it Still Alive_.mp4.sfk
2012-08-15 14:35 - 2012-08-15 14:37 - 21558078 ____A C:\Users\Brandon Singh\Downloads\The Dream_ Is it Still Alive_.mp4
2012-08-15 13:45 - 2012-08-15 13:45 - 01916953 ____A C:\Users\Brandon Singh\Downloads\VirtualDub-1.9.11-AMD64.zip
2012-08-15 11:09 - 2012-08-16 16:12 - 00000000 ____D C:\Users\Brandon Singh\Desktop\TT 12 Super Mario
2012-08-15 10:16 - 2012-08-15 10:16 - 00439463 ____A C:\Users\Brandon Singh\Downloads\jnes_1_1.exe
2012-08-15 10:16 - 2012-08-15 10:16 - 00000955 ____A C:\Users\Brandon Singh\Desktop\Jnes.lnk
2012-08-15 10:16 - 2012-08-15 10:16 - 00000000 ____D C:\Program Files (x86)\Jnes
2012-08-15 10:14 - 2012-08-15 10:14 - 00032039 ____A C:\Users\Brandon Singh\Desktop\Super Mario Bros..zip
2012-08-15 08:07 - 2012-08-15 08:07 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{0BD12FE9-C4AA-4C01-B778-967E7AC1E7B2}
2012-08-15 08:06 - 2012-08-15 08:07 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{F6036968-3ED1-42DC-B694-A8177D4A6A51}
2012-08-14 21:15 - 2012-08-14 21:15 - 05735399 ____A C:\Users\Brandon Singh\Desktop\New Super Mario Bros. 2 - Penélope & Mónica Cruz TV ad (Nintendo 3DS).mp4
2012-08-14 20:28 - 2012-04-28 15:24 - 00000000 ____D C:\Users\Brandon Singh\Downloads\Adobe Photoshop CS6 Extended
2012-08-14 20:06 - 2012-08-14 20:06 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{67EA5AB1-2D97-42E0-BA88-A01D3E608DA2}
2012-08-14 20:05 - 2012-08-14 20:06 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{926192B9-0CF1-484B-97D6-7B0DEA5E4F94}
2012-08-14 19:52 - 2012-08-14 20:24 - 1396346733 ____A C:\Users\Brandon Singh\Downloads\Adobe Photoshop CS6 Extended.exe
2012-08-14 14:00 - 2012-08-14 14:02 - 00140800 ____A C:\Users\Brandon Singh\Downloads\[E3 2011] Sly Cooper Thieves In Time Reveal Trailer.mp4.sfk
2012-08-14 13:59 - 2012-08-14 13:59 - 07975849 ____A C:\Users\Brandon Singh\Downloads\[E3 2011] Sly Cooper Thieves In Time Reveal Trailer.mp4
2012-08-14 12:45 - 2012-08-14 13:05 - 00146464 ____A C:\Users\Brandon Singh\Downloads\Sly Cooper Thieves in Time Gamescom 2012 Trailer 720p.mp4.sfk
2012-08-14 12:39 - 2012-08-14 12:39 - 08239408 ____A C:\Users\Brandon Singh\Downloads\Sly Cooper Thieves in Time Gamescom 2012 Trailer 720p.mp4
2012-08-14 11:39 - 2012-08-14 12:22 - 00010420 ____A C:\Users\Brandon Singh\Desktop\Attach.txt
2012-08-14 11:39 - 2012-08-14 12:19 - 00034105 ____A C:\Users\Brandon Singh\Desktop\DDS.txt
2012-08-14 11:30 - 2012-08-14 11:30 - 00607260 ____R (Swearware) C:\Users\Brandon Singh\Downloads\dds.com
2012-08-14 11:30 - 2012-08-14 11:30 - 00000000 ____A C:\Users\Brandon Singh\defogger_reenable
2012-08-14 11:29 - 2012-08-14 11:29 - 00050477 ____A C:\Users\Brandon Singh\Downloads\Defogger.exe
2012-08-14 08:05 - 2012-08-14 08:05 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{9E4C989E-DC4C-4F7D-8868-3D0BD423F1D9}
2012-08-14 08:05 - 2012-08-14 08:05 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{89477E74-D839-4AB7-816B-604571D2BF65}
2012-08-13 23:21 - 2012-08-13 23:21 - 00014488 ____A C:\Users\Brandon Singh\Downloads\hijackthis.log
2012-08-13 23:17 - 2012-08-13 23:17 - 00388608 ____A (Trend Micro Inc.) C:\Users\Brandon Singh\Downloads\HijackThis.exe
2012-08-13 23:08 - 2012-08-13 23:08 - 04589838 ____A (Curio Lab) C:\Users\Brandon Singh\Downloads\ExterminateItSetup.exe
2012-08-13 19:46 - 2012-08-13 19:46 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{F12FD138-68B1-4F61-A954-57E4E8188C96}
2012-08-13 19:46 - 2012-08-13 19:46 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{1C31BCA2-4419-4DA2-A546-9912E7FE4FCE}
2012-08-13 16:41 - 2012-08-13 16:41 - 00082688 ____A C:\Users\Brandon Singh\Downloads\Call of Duty Black Ops commercial with Kobe Bryant and Jimmy Kimmle on PaulGaleNetwork.com.mp4.sfk
2012-08-13 16:40 - 2012-08-13 16:40 - 03859841 ____A C:\Users\Brandon Singh\Downloads\Call of Duty Black Ops commercial with Kobe Bryant and Jimmy Kimmle on PaulGaleNetwork.com.mp4
2012-08-13 09:33 - 2012-08-13 09:33 - 00058816 ____A C:\Users\Brandon Singh\Downloads\bandicam 2012 08 13 13 25 43 806.mp4.sfk
2012-08-13 09:32 - 2012-08-13 09:32 - 02166248 ____A C:\Users\Brandon Singh\Downloads\bandicam 2012 08 13 13 25 43 806.mp4
2012-08-13 09:10 - 2012-08-13 09:10 - 00086336 ____A C:\Users\Brandon Singh\Downloads\NBA All-Star_ Dwight Howard Plays Games Until 5am Every Night, Is Prestige on Call of Duty(1).mp4.sfk
2012-08-13 09:07 - 2012-08-13 09:08 - 03291968 ____A C:\Users\Brandon Singh\Downloads\NBA All-Star_ Dwight Howard Plays Games Until 5am Every Night, Is Prestige on Call of Duty(1).mp4
2012-08-13 08:59 - 2012-08-13 08:59 - 03291968 ____A C:\Users\Brandon Singh\Downloads\NBA All-Star_ Dwight Howard Plays Games Until 5am Every Night, Is Prestige on Call of Duty.mp4
2012-08-13 07:48 - 2012-08-13 00:50 - 452910135 ____A C:\Users\Brandon Singh\Desktop\Montage Monday TYT Gaming.mp4
2012-08-13 07:45 - 2012-08-13 07:45 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{7260C03B-4FFE-4C33-B600-FD500B9FF7AE}
2012-08-13 07:44 - 2012-08-13 07:44 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{C417C41D-0931-430E-98DC-D6DA6E42249A}
2012-08-12 19:48 - 2012-08-17 10:31 - 00000000 ____D C:\Users\Brandon Singh\Desktop\Directors Cut Montage
2012-08-12 14:34 - 2012-08-12 14:35 - 00451200 ____A C:\Users\Brandon Singh\Desktop\Dwight Howard Trade to Lakers!.mp4.sfk
2012-08-12 14:14 - 2012-08-14 12:44 - 00000000 ____D C:\Users\Brandon Singh\Desktop\Dwight Howard TYT Sports paraody
2012-08-12 14:13 - 2012-08-12 14:13 - 21046485 ____A C:\Users\Brandon Singh\Desktop\Dwight Howard Trade to Lakers!.mp4
2012-08-12 13:29 - 2012-08-13 22:09 - 00000000 ____D C:\Users\Brandon Singh\Desktop\Xenoblade Sunday
2012-08-12 13:29 - 2012-08-12 13:29 - 00000000 ____D C:\Users\Brandon Singh\Desktop\Xenoblade Sunday_data
2012-08-12 07:32 - 2012-08-12 07:32 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{85960683-33F6-409B-93FD-0915D85EC0A9}
2012-08-12 07:32 - 2012-08-12 07:32 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{28A980D8-BBE5-4B5C-9705-5B8AB7DF18C0}
2012-08-11 19:11 - 2012-08-11 11:53 - 86337213 ____A C:\Users\Brandon Singh\Desktop\test montage.mp4
2012-08-11 18:38 - 2012-08-11 18:38 - 00275160 ____A C:\Windows\Minidump\081112-43508-01.dmp
2012-08-11 18:37 - 2012-08-11 18:37 - 462295068 ____A C:\Windows\MEMORY.DMP
2012-08-11 15:52 - 2012-08-11 15:52 - 00803584 ____A (Microsoft Corporation) C:\Users\Brandon Singh\Downloads\mssstool64.exe
2012-08-11 15:45 - 2012-08-11 15:45 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{4BB16980-A442-49EC-8899-2F40278E956E}
2012-08-11 15:43 - 2012-08-11 15:45 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{9FADD6BB-12BE-4550-B31A-ADEAA3EBDB26}
2012-08-11 13:07 - 2012-08-11 13:07 - 00000000 ____D C:\Windows\System32\%LOCALAPPDATA%
2012-08-11 10:28 - 2012-08-11 10:29 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{86B8C0DE-A6F6-4E08-A2C5-E81D89CAF1EC}
2012-08-11 10:28 - 2012-08-11 10:28 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{F4A58FBC-46B2-4910-8568-63EB38E40C1F}
2012-08-10 23:21 - 2012-08-10 23:21 - 00000000 ____A C:\Users\Brandon Singh\Desktop\Ana walks off TYT
2012-08-10 22:28 - 2012-08-10 22:28 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{2A9D5C37-9906-4388-93C7-AA2A72D8C6D6}
2012-08-10 22:27 - 2012-08-10 22:28 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{776B019B-5482-4B67-B5DD-DC6154DC8435}
2012-08-10 21:51 - 2012-08-10 21:54 - 00342576 ____A C:\Users\Brandon Singh\Desktop\Modern Jazz Samba.mp3.sfk
2012-08-10 21:51 - 2012-08-10 21:54 - 00250664 ____A C:\Users\Brandon Singh\Desktop\Faster Does It.mp3.sfk
2012-08-10 21:50 - 2012-08-10 21:51 - 00296128 ____A C:\Users\Brandon Singh\Desktop\Cut and Run.mp3.sfk
2012-08-10 21:46 - 2012-08-10 21:49 - 00308728 ____A C:\Users\Brandon Singh\Desktop\RetroFuture Dirty.mp3.sfk
2012-08-10 21:42 - 2012-08-10 21:49 - 00019332 ____A C:\Users\Brandon Singh\Downloads\tyt-20120806B.m4v-6612606000-279612666-0.sfk
2012-08-10 21:42 - 2012-08-10 21:49 - 00018896 ____A C:\Users\Brandon Singh\Downloads\tyt-20120806B.m4v-19798779000-273273000-0.sfk
2012-08-10 21:42 - 2012-08-10 21:49 - 00011216 ____A C:\Users\Brandon Singh\Downloads\tyt-20120806B.m4v-30251888333-161828334-0.sfk
2012-08-10 21:42 - 2012-08-10 21:49 - 00011216 ____A C:\Users\Brandon Singh\Downloads\tyt-20120806B.m4v-12717705000-161828333-0.sfk
2012-08-10 21:42 - 2012-08-10 21:49 - 00009836 ____A C:\Users\Brandon Singh\Downloads\tyt-20120807B.m4v-27216522667-141808333-0.sfk
2012-08-10 21:42 - 2012-08-10 21:49 - 00007816 ____A C:\Users\Brandon Singh\Downloads\tyt-20120806B.m4v-21544189333-112445667-0.sfk
2012-08-10 21:42 - 2012-08-10 21:49 - 00007424 ____A C:\Users\Brandon Singh\Downloads\tyt-20120807B.m4v-5682009666-106773334-0.sfk
2012-08-10 21:42 - 2012-08-10 21:49 - 00004068 ____A C:\Users\Brandon Singh\Downloads\tyt-20120806B.m4v-22240885333-58058000-0.sfk
2012-08-10 21:42 - 2012-08-10 21:49 - 00002732 ____A C:\Users\Brandon Singh\Downloads\tyt-20120806B.m4v-30761397333-38705334-0.sfk
2012-08-10 21:42 - 2012-08-10 21:49 - 00002640 ____A C:\Users\Brandon Singh\Downloads\tyt-20120807B.m4v-22651295334-37370666-0.sfk
2012-08-10 21:21 - 2012-08-10 21:42 - 00008756 ____A C:\Users\Brandon Singh\Downloads\tyt-20120806B.m4v-18050699333-126126000-0.sfk
2012-08-10 21:15 - 2012-08-10 21:18 - 00007768 ____A C:\Users\Brandon Singh\Downloads\tyt-20120806B.m4v-11727382333-111778333-0.sfk
2012-08-10 20:55 - 2012-08-10 21:04 - 00002344 ____A C:\Users\Brandon Singh\Downloads\tyt-20120807B.m4v-27137777333-33033000-0.sfk
2012-08-10 20:41 - 2012-08-10 20:42 - 00006848 ____A C:\Users\Brandon Singh\Downloads\tyt-20120807B.m4v-20073053000-98431667-0.sfk
2012-08-10 20:22 - 2012-08-10 20:25 - 00023104 ____A C:\Users\Brandon Singh\Downloads\tyt-20120807B.m4v-17617600000-334334000-0.sfk
2012-08-10 20:09 - 2012-08-10 20:10 - 00005540 ____A C:\Users\Brandon Singh\Downloads\tyt-20120807B.m4v-15894879000-79412667-0.sfk
2012-08-10 19:55 - 2012-08-10 20:10 - 00037104 ____A C:\Users\Brandon Singh\Downloads\tyt-20120807B.m4v-9234892333-537537000-0.sfk
2012-08-10 19:45 - 2012-08-10 20:10 - 02150736 ____A C:\Users\Brandon Singh\Downloads\tyt-20120806B.m4v.sfk
2012-08-10 19:35 - 2012-08-10 20:10 - 01982996 ____A C:\Users\Brandon Singh\Downloads\tyt-20120807B.m4v.sfk
2012-08-10 19:33 - 2012-08-10 19:45 - 507264492 ____A C:\Users\Brandon Singh\Downloads\tyt-20120806B.m4v
2012-08-10 19:25 - 2012-08-10 19:35 - 466111888 ____A C:\Users\Brandon Singh\Downloads\tyt-20120807B.m4v
2012-08-10 17:06 - 2012-08-10 17:24 - 02328080 ____A C:\Users\Brandon Singh\Downloads\tyt-20120808B.m4v.sfk
2012-08-10 16:52 - 2012-08-10 17:03 - 548447289 ____A C:\Users\Brandon Singh\Downloads\tyt-20120808B.m4v
2012-08-10 15:39 - 2012-08-10 15:41 - 00003332 ____A C:\Users\Brandon Singh\Downloads\Full Clip.m4v-12518839667-47380667-0.sfk
2012-08-10 15:28 - 2012-08-10 15:32 - 00003260 ____A C:\Users\Brandon Singh\Downloads\Full Clip.m4v-10125782334-46379667-0.sfk
2012-08-10 15:13 - 2012-08-10 15:15 - 00020228 ____A C:\Users\Brandon Singh\Downloads\Full Clip.m4v-3495825666-292625667-0.sfk
2012-08-10 15:13 - 2012-08-10 15:15 - 00013564 ____A C:\Users\Brandon Singh\Downloads\Full Clip.m4v-2100431666-195862334-0.sfk
2012-08-10 15:13 - 2012-08-10 15:15 - 00009836 ____A C:\Users\Brandon Singh\Downloads\Full Clip.m4v-4984312666-141808334-0.sfk
2012-08-10 15:13 - 2012-08-10 15:15 - 00004412 ____A C:\Users\Brandon Singh\Downloads\Full Clip.m4v-798464333-63063000-0.sfk
2012-08-10 15:12 - 2012-08-10 15:12 - 00009448 ____A C:\Users\Brandon Singh\Downloads\tyt-20120809B.m4v-8098090000-136136000-0.sfk
2012-08-10 15:12 - 2012-08-10 15:12 - 00009448 ____A C:\Users\Brandon Singh\Downloads\Full Clip.m4v-8098090000-136136000-0.sfk
2012-08-10 15:04 - 2012-08-10 15:10 - 00009836 ____A C:\Users\Brandon Singh\Downloads\tyt-20120809B.m4v-4984312666-141808334-0.sfk
2012-08-10 15:01 - 2012-08-10 15:10 - 00020228 ____A C:\Users\Brandon Singh\Downloads\tyt-20120809B.m4v-3495825666-292625667-0.sfk
2012-08-10 14:51 - 2012-08-10 14:52 - 00013564 ____A C:\Users\Brandon Singh\Downloads\tyt-20120809B.m4v-2100431666-195862334-0.sfk
2012-08-10 14:51 - 2012-08-10 14:52 - 00004412 ____A C:\Users\Brandon Singh\Downloads\tyt-20120809B.m4v-798464333-63063000-0.sfk
2012-08-10 14:09 - 2012-08-16 15:08 - 00000000 ____D C:\Users\Brandon Singh\Desktop\Epic Ana Moment
2012-08-10 13:58 - 2012-08-10 14:06 - 01996208 ____A C:\Users\Brandon Singh\Downloads\Full Clip.m4v.sfk
2012-08-10 13:50 - 2012-08-10 13:58 - 470539900 ____A C:\Users\Brandon Singh\Downloads\Full Clip.m4v
2012-08-10 10:27 - 2012-08-10 10:27 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{6BDEE66A-FC51-470E-8A25-8F4F248777EB}
2012-08-10 10:27 - 2012-08-10 10:27 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{504FD6FF-49C5-400A-B005-8B944F1A4D03}
2012-08-10 08:03 - 2012-08-10 08:20 - 63748716 ____A C:\Users\Brandon Singh\Downloads\Painkiller Already 103 w_Joe Lauzon.MP3.part
2012-08-09 22:26 - 2012-08-09 22:26 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{A0D99E5C-D7AF-4107-A0EF-8BE4F0793B6A}
2012-08-09 22:26 - 2012-08-09 22:26 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{20D9A027-666B-459A-8DC9-3ADD7C740CF4}
2012-08-09 10:26 - 2012-08-09 10:26 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{A0722A8A-B7CF-463A-B06E-5C4ACB74C4A6}
2012-08-09 10:25 - 2012-08-09 10:25 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{8B49E841-614F-4DF0-8082-6FAF14ABAE2C}
2012-08-08 22:45 - 2012-08-08 22:46 - 31190714 ____A C:\Users\Brandon Singh\Downloads\BATMAN # 12.cbr
2012-08-08 22:45 - 2012-08-08 22:46 - 18432687 ____A C:\Users\Brandon Singh\Downloads\Batman_and_Robin_012_2012__Digital__Zone_Empire_.cbr
2012-08-08 22:25 - 2012-08-08 22:25 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{BB428EAE-2056-4AAC-BBE8-DDE3A140710C}
2012-08-08 22:24 - 2012-08-08 22:25 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{E19CC841-CB6B-42D1-A1F2-ABD768DD4F8D}
2012-08-08 19:55 - 2012-08-08 19:56 - 00309992 ____A C:\Users\Brandon Singh\Desktop\Sunshine ver 2.mp3.sfk
2012-08-08 17:29 - 2012-08-08 17:29 - 02498473 ____A C:\Users\Brandon Singh\Downloads\Pokemon (Game Boy) Link Cable Commercial.mp4
2012-08-08 17:29 - 2012-08-08 17:29 - 00041888 ____A C:\Users\Brandon Singh\Downloads\Pokemon (Game Boy) Link Cable Commercial.mp4.sfk
2012-08-08 10:24 - 2012-08-08 10:24 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{2249E0FC-1FA1-4326-91F1-41022E37C04D}
2012-08-08 09:23 - 2012-08-08 09:23 - 00373034 ____A C:\Users\Brandon Singh\Desktop\Pokemon Red.zip
2012-08-08 09:22 - 2012-08-08 13:19 - 00660640 ____A C:\Users\Brandon Singh\Desktop\VisualBoyAdvance-1.8.0-beta3.zip
2012-08-07 22:24 - 2012-08-07 22:24 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{C7172E09-C61D-4F9B-9315-761AA85E8517}
2012-08-07 22:24 - 2012-08-07 22:24 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{AFA52416-1E7D-4F18-AEC5-EA625D9C36AC}
2012-08-07 18:58 - 2012-08-07 18:58 - 00000000 ____A C:\Users\Brandon Singh\Documents\MOO8B85.tmp
2012-08-07 18:58 - 2012-08-07 18:58 - 00000000 ____A C:\Users\Brandon Singh\Documents\MOO8AB7.tmp
2012-08-07 17:36 - 2012-08-07 17:36 - 00238784 ____A C:\Users\Brandon Singh\Downloads\Arma II_ Reinforcements - Debut Trailer.mp4.sfk
2012-08-07 17:35 - 2012-08-07 17:35 - 14691139 ____A C:\Users\Brandon Singh\Downloads\Arma II_ Reinforcements - Debut Trailer.mp4
2012-08-07 16:04 - 2012-08-08 10:30 - 00000000 ____D C:\Users\Brandon Singh\Desktop\Quick Wii U box art
2012-08-07 10:23 - 2012-08-07 10:23 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{AEE0CABE-5204-439E-BB95-73CE6F1A9452}
2012-08-07 10:23 - 2012-08-07 10:23 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{A7AC9522-D1B2-4998-BA80-9E4F644B0147}
2012-08-06 22:22 - 2012-08-06 22:23 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{8CBE843E-E04B-45A7-9057-ED12D8918D70}
2012-08-06 22:22 - 2012-08-06 22:22 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{B9AA0231-E9F0-4873-A16C-3B1100792F51}
2012-08-06 10:22 - 2012-08-06 10:22 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{98962084-C3D5-4E2A-BD14-B2AE5F7A9F4A}
2012-08-06 10:21 - 2012-08-06 10:22 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{E8C19011-7192-4D2D-99C6-378E37BF8545}
2012-08-05 22:21 - 2012-08-05 22:21 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{AF9A1828-9B42-420E-90F9-D292A3A5A959}
2012-08-05 22:21 - 2012-08-05 22:21 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{845BDC6B-658A-4A0C-ADE2-717F201990A9}
2012-08-05 14:20 - 2012-08-05 14:20 - 00228448 ____A C:\Users\Brandon Singh\Downloads\World of Warcraft_ Mists of Pandaria Preview Trailer.mp4.sfk
2012-08-05 14:20 - 2012-08-05 14:20 - 00045568 ____A C:\Users\Brandon Singh\Downloads\World of Warcraft Mr. T Commercial TV ad.mp4.sfk
2012-08-05 14:19 - 2012-08-05 14:19 - 02312882 ____A C:\Users\Brandon Singh\Downloads\World of Warcraft Mr. T Commercial TV ad.mp4
2012-08-05 14:18 - 2012-08-05 14:19 - 15288229 ____A C:\Users\Brandon Singh\Downloads\World of Warcraft_ Mists of Pandaria Preview Trailer.mp4
2012-08-05 12:43 - 2012-08-05 13:51 - 00011760 ____H C:\Users\Brandon Singh\Documents\~WRL1334.tmp
2012-08-05 10:20 - 2012-08-05 10:21 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{E3573C9D-EC9A-4D62-A278-061DE4C8061B}
2012-08-05 10:20 - 2012-08-05 10:20 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{D2A08F30-21E8-4528-9DE9-1376ED2C5913}
2012-08-04 22:19 - 2012-08-04 22:20 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{66C911B8-A007-41AE-8BB4-F4A546377718}
2012-08-04 22:19 - 2012-08-04 22:19 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{2A9FDD51-8BFB-4F8B-A46F-D37537DCF949}
2012-08-04 10:19 - 2012-08-04 10:19 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{8CC624CA-FE39-4650-9984-DC30AF63B010}
2012-08-04 10:18 - 2012-08-04 10:19 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{183F30EF-B484-48A0-B54C-F71CCA0FF388}
2012-08-03 22:18 - 2012-08-03 22:18 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{30487006-C54F-478A-BD8C-69CE92793277}
2012-08-03 22:17 - 2012-08-03 22:18 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{D11CA974-ED8F-497A-90D9-4EFBFA20BEEE}
2012-08-03 10:17 - 2012-08-03 10:17 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{37C25960-E9B0-448D-A46A-6CAFF6113C6F}
2012-08-03 10:17 - 2012-08-03 10:17 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{28A05E14-32FF-49DC-95C7-148959E80BB3}
2012-08-02 20:52 - 2012-08-02 20:52 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{FEE1D7C6-F23A-4097-8C13-81CC2C4EEC93}
2012-08-02 20:52 - 2012-08-02 20:52 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{3F72323D-78B2-44E3-BEC2-C3D2185926C5}
2012-08-02 08:51 - 2012-08-02 08:51 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{DBA7C4FE-E1E3-44F6-AE36-04EF5020DF2B}
2012-08-02 08:51 - 2012-08-02 08:51 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{9B9A6BF0-5790-4BAD-AD1F-0F3F16C3E22E}
2012-08-01 20:50 - 2012-08-01 20:50 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{AF294850-609B-4BE3-B16F-54EF70FECA05}
2012-08-01 20:50 - 2012-08-01 20:50 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{8AFC92A1-9CB7-4D73-B021-24FCD82D5A10}
2012-08-01 20:36 - 2012-08-01 21:01 - 00097856 ____A C:\Users\Brandon Singh\Downloads\Tidus and Yuna laugh...out loud_.mp4.sfk
2012-08-01 20:36 - 2012-08-01 20:36 - 04893669 ____A C:\Users\Brandon Singh\Downloads\Tidus and Yuna laugh...out loud_.mp4
2012-08-01 18:01 - 2012-08-01 19:14 - 20754750 ____A C:\Users\Brandon Singh\Downloads\DC # 12.cbr
2012-08-01 18:01 - 2012-08-01 18:03 - 29263286 ____A C:\Users\Brandon Singh\Downloads\Avengers_Vs_X_Men_009_2012__Digital__Zone_Empire_.cbr
2012-08-01 17:08 - 2012-08-01 17:11 - 01355648 ____A C:\Users\Brandon Singh\Downloads\Let's Play Final Fantasy X - Part 21_ Stadium Attack - Luca Dock.mp4.sfk
2012-08-01 17:06 - 2012-08-01 17:06 - 00000000 ____A C:\Users\Brandon Singh\Documents\16
2012-08-01 17:05 - 2012-08-01 17:07 - 72568732 ____A C:\Users\Brandon Singh\Downloads\Let's Play Final Fantasy X - Part 21_ Stadium Attack - Luca Dock.mp4
2012-08-01 08:50 - 2012-08-01 08:50 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{D0900CB3-EDBF-4B8C-B9C2-3FC185B91085}
2012-08-01 08:49 - 2012-08-01 08:49 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{6F561BE5-6E7A-47B1-9172-2E00C98669D8}
2012-07-31 19:42 - 2012-07-31 19:42 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{040007A9-CEB2-43CA-B360-6D86DA9FEC48}
2012-07-31 19:41 - 2012-07-31 19:42 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{F9CC22DD-B623-4377-9F87-4957314F7D93}
2012-07-31 13:58 - 2012-07-31 13:58 - 00243520 ____A C:\Users\Brandon Singh\Downloads\STAR WARS™_ The Old Republic™ - Character Progression -- Imperial Agent.mp4.sfk
2012-07-31 13:57 - 2012-07-31 13:58 - 14469175 ____A C:\Users\Brandon Singh\Downloads\STAR WARS™_ The Old Republic™ - Character Progression -- Imperial Agent.mp4
2012-07-31 07:41 - 2012-07-31 07:41 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{EA4671D9-2DFB-4FB0-A47B-ADE173658686}
2012-07-31 07:40 - 2012-07-31 07:41 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{81BAE0D6-C8C6-45B9-930B-CE250156512B}
2012-07-30 19:40 - 2012-07-30 19:40 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{4C30326D-1019-4908-950E-C4491145BD1A}
2012-07-30 19:39 - 2012-07-30 19:40 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{0EB8344D-92AF-4030-9748-4D5261141DDF}
2012-07-30 16:11 - 2012-07-30 16:12 - 00142048 ____A C:\Users\Brandon Singh\Downloads\NBA 2K13 Gameplay First Look E3.mp4.sfk
2012-07-30 16:11 - 2012-07-30 16:11 - 07789340 ____A C:\Users\Brandon Singh\Downloads\NBA 2K13 Gameplay First Look E3.mp4
2012-07-30 14:17 - 2012-08-09 18:47 - 00000000 ____D C:\Users\Brandon Singh\Desktop\NBA 2k13
2012-07-30 14:15 - 2012-07-30 14:15 - 00032832 ____A C:\Users\Brandon Singh\Downloads\NBA 2K13 Executive Produced by JAY Z.mp4.sfk
2012-07-30 13:56 - 2012-07-30 13:56 - 01799967 ____A C:\Users\Brandon Singh\Downloads\NBA 2K13 Executive Produced by JAY Z.mp4
2012-07-30 07:39 - 2012-07-30 07:39 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{DE63CA2C-B6FB-4C76-9BB3-D8703B765615}
2012-07-30 07:38 - 2012-07-30 07:38 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{3F7B2479-894F-477D-91E7-6DBC8F9C4D35}
2012-07-29 11:18 - 2012-07-29 11:18 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{EE80BA34-B698-4BAA-917D-6F1433DDB290}
2012-07-29 11:17 - 2012-07-29 11:18 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{D16C57EF-130D-4B4A-B178-AC7DEC801E86}
2012-07-28 23:17 - 2012-07-28 23:17 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{F5A332BD-C764-414C-94CC-E6A95A4FCBBF}
2012-07-28 23:17 - 2012-07-28 23:17 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{ACB87E66-A1ED-4E5D-B5DC-531E86E787D6}
2012-07-28 21:00 - 2012-07-28 21:00 - 00003120 ____A C:\Windows\QX6YTVLJ.ocx
2012-07-28 14:38 - 2012-07-28 14:38 - 00001464 ____A C:\Users\Brandon Singh\Desktop\hm3.exe - Shortcut.lnk
2012-07-28 14:31 - 2012-07-28 14:31 - 00001136 ____A C:\Windows\PFRO.log
2012-07-28 10:13 - 2012-07-28 10:13 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{CCE1E704-F7A7-43E2-8CDB-D11BEB737B8D}
2012-07-28 10:13 - 2012-07-28 10:13 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{972B0902-405B-4F5D-B596-0A4F374BBAFC}
2012-07-27 21:15 - 2012-07-27 21:16 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{9AD48F2C-357D-4BA1-850A-E60E55C02D9F}
2012-07-27 21:15 - 2012-07-27 21:15 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{109F72D8-126F-4BDC-B668-EE34DD1DB5B3}
2012-07-27 21:08 - 2012-07-27 21:09 - 00000000 ____D C:\Program Files (x86)\HollywoodMogul3
2012-07-27 12:12 - 2012-07-27 12:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-07-27 12:12 - 2012-07-27 12:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-07-27 12:10 - 2012-07-27 12:11 - 13085120 ____A (Microsoft Corporation) C:\Users\Brandon Singh\Downloads\Silverlight_x64.exe
2012-07-27 09:15 - 2012-07-27 09:15 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{7FC9091A-0F31-41DE-98DE-FF1D26402209}
2012-07-27 09:14 - 2012-07-27 09:15 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{253A350B-F174-4E05-9704-473D96F46D20}
2012-07-26 21:14 - 2012-07-26 21:14 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{F0D7971B-6813-4F2D-845D-C6BADCE8765A}
2012-07-26 21:13 - 2012-07-26 21:14 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{0AC8C7E0-F6BF-40F4-83A6-E951EE699055}
2012-07-26 18:21 - 2012-07-26 18:21 - 00921654 ____A C:\Users\Brandon Singh\OSDM_Shot120726222115.BMP
2012-07-26 18:21 - 2012-07-26 18:21 - 00921654 ____A C:\Users\Brandon Singh\OSDM_Shot120726222112.BMP
2012-07-26 18:20 - 2012-07-26 18:20 - 00921654 ____A C:\Users\Brandon Singh\OSDM_Shot120726222046.BMP
2012-07-26 18:20 - 2012-07-26 18:20 - 00921654 ____A C:\Users\Brandon Singh\OSDM_Shot120726222043.BMP
2012-07-26 18:20 - 2012-07-26 18:20 - 00921654 ____A C:\Users\Brandon Singh\OSDM_Shot120726222032.BMP
2012-07-26 17:55 - 2012-07-26 17:55 - 00000000 ____D C:\Users\Brandon Singh\AppData\Roaming\TVSM
2012-07-26 17:37 - 2012-07-26 17:38 - 11010890 ____A (Winter Wolves ) C:\Users\Brandon Singh\Downloads\TSMTrial.exe
2012-07-26 17:27 - 2012-07-26 18:16 - 00000000 ____D C:\Users\Brandon Singh\Downloads\PC_TV.GIANT-(rip and direct.play)
2012-07-26 14:22 - 2012-07-26 14:27 - 00000000 ____D C:\Users\Brandon Singh\Desktop\History of Nintendo
2012-07-26 09:13 - 2012-07-26 09:13 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{3029AD14-DE10-4AA3-84D8-2D57EA07CF40}
2012-07-26 09:12 - 2012-07-26 09:13 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{169B3210-876C-4D0C-94FF-F9A0FC5441F4}
2012-07-25 22:22 - 2012-07-25 22:23 - 00000000 ____D C:\Users\Brandon Singh\Downloads\Superman_Birthright_#1-12_(of_12)
2012-07-25 21:42 - 2012-07-25 21:55 - 00000000 ____D C:\Users\Brandon Singh\Downloads\The Reign of Emperor Joker
2012-07-25 21:11 - 2012-07-25 21:11 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{CCA554A9-7546-4938-8BBD-E4595FAFA46C}
2012-07-25 21:11 - 2012-07-25 21:11 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{43811286-BF7E-4424-A30F-C7B74B5CFFC4}
2012-07-25 17:06 - 2012-07-25 17:07 - 12977813 ____A C:\Users\Brandon Singh\Downloads\Amazing_Spider_Man_690_2012_digital_TheGroup_.cbr
2012-07-25 14:44 - 2012-07-25 14:44 - 00000000 ____A C:\Users\Brandon Singh\Documents\6
2012-07-25 10:46 - 2012-07-25 10:48 - 22764325 ____A C:\Users\Brandon Singh\Desktop\Paper Mario.zip
2012-07-25 09:10 - 2012-07-25 09:10 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{808FFC8F-76F8-4FC6-B4FB-775FBBE83153}
2012-07-25 09:10 - 2012-07-25 09:10 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{4CB52C9B-5F83-420B-A69A-24C2B86E5B18}
2012-07-24 19:33 - 2012-07-24 19:33 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{D3C043C3-A52B-4C15-8804-69D1179D7E7F}
2012-07-24 19:33 - 2012-07-24 19:33 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{1231268B-2E7D-4860-AD25-FBE4A66B97E1}
2012-07-24 14:22 - 2012-07-24 14:27 - 00561408 ____A C:\Users\Brandon Singh\Downloads\FINAL FANTASY Versus XIII Trailer 2011.mp4.sfk
2012-07-24 14:21 - 2012-07-24 14:21 - 29805019 ____A C:\Users\Brandon Singh\Downloads\FINAL FANTASY Versus XIII Trailer 2011.mp4
2012-07-24 07:33 - 2012-07-24 07:33 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{6E591EFC-76CA-41E1-B9E4-E619BF5AC37F}
2012-07-24 07:32 - 2012-07-24 07:33 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{E695E17B-C1A1-44F1-BAED-274B08EDF688}
2012-07-23 15:27 - 2012-07-23 15:27 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{2D35A8E7-B5DF-4369-9EE1-48BC415F459A}
2012-07-23 15:27 - 2012-07-23 15:27 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{14E24BB8-9208-426F-97EA-2AA96E4617CE}
2012-07-22 22:36 - 2012-07-22 22:36 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{90CC1A5D-E1F2-4050-A87F-BBBF51B4781E}
2012-07-22 22:36 - 2012-07-22 22:36 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{7C22FDB5-2166-477F-ACBE-0F6371C73CAC}
2012-07-22 14:13 - 2012-07-22 14:13 - 00000000 ____A C:\Windows\iPlayer.INI
2012-07-22 14:10 - 2012-07-22 16:49 - 00000000 ____D C:\Program Files\InterActual
2012-07-22 10:35 - 2012-07-22 10:36 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{8012433F-3FCA-418A-981C-A98383832871}
2012-07-22 10:35 - 2012-07-22 10:35 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{B16BA616-575A-4B13-B595-93CA7A9D999B}
2012-07-22 09:50 - 2012-07-22 09:53 - 00339424 ____A C:\Users\Brandon Singh\Downloads\bandicam 2012 07 22 13 37 31 404.mp4.sfk
2012-07-22 09:48 - 2012-07-22 09:50 - 10872924 ____A C:\Users\Brandon Singh\Downloads\bandicam 2012 07 22 13 37 31 404.mp4
2012-07-21 22:35 - 2012-07-21 22:35 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{497C83BA-0D7D-48B6-A31D-F14AA0F049A9}
2012-07-21 22:34 - 2012-07-21 22:34 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{0F1959C3-3F85-4C28-B53C-C6B34A3272D7}
2012-07-21 19:52 - 2012-07-21 19:52 - 00000000 ____A C:\Users\Brandon Singh\Documents\3
2012-07-21 10:34 - 2012-07-21 10:34 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{4884CC5C-B3CC-42B0-BDB0-7C6CC933BA62}
2012-07-21 10:33 - 2012-07-21 10:34 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{76177441-5367-499E-8084-3361953FDA0B}
2012-07-21 10:03 - 2012-07-21 10:03 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{C8EE753D-FA34-4906-885D-3212DDBC1BF1}
2012-07-20 22:02 - 2012-07-20 22:03 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{3B7AD50A-DB1D-41EF-88EA-F4C5CAF4029F}
2012-07-20 22:02 - 2012-07-20 22:02 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{260608C2-C4CB-475B-886E-09A715E78AEC}
2012-07-20 13:17 - 2012-07-20 13:17 - 00174080 ____A (KeepVid) C:\Users\Brandon Singh\Downloads\KeepVid.exe
2012-07-20 10:02 - 2012-07-20 10:02 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{018DF9A7-D4C6-4D8D-9B80-424ACA6329DD}
2012-07-20 10:01 - 2012-07-20 10:02 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{5B22CC85-9897-40F8-9890-F374BE7D955B}
2012-07-19 22:01 - 2012-07-19 22:01 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{8CEBD2B9-041C-4F55-9C14-1E3388F7E993}
2012-07-19 22:01 - 2012-07-19 22:01 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{31D027A3-F00C-46F4-8942-B7F53A9D5CF1}
2012-07-19 09:26 - 2012-07-19 09:28 - 26023297 ____A C:\Users\Brandon Singh\Downloads\Avengers Vs X-Men 008 (2012) (Digital) (Zone-Empire).cbr
2012-07-19 09:07 - 2012-07-19 09:07 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{FC73FE64-E76A-4B7D-BFDF-C28DA32460FA}
2012-07-19 09:07 - 2012-07-19 09:07 - 00000000 ____D C:\Users\Brandon Singh\AppData\Local\{F3AE1815-E1F6-4E29-AF1D-76510AE22BA0}

============ 3 Months Modified Files ========================

2012-08-17 21:33 - 2012-06-23 11:29 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-17 21:30 - 2012-07-14 16:08 - 00000029 ____A C:\Windows\SysWOW64\TempWmicBatchFile.bat
2012-08-17 21:29 - 2009-07-13 21:13 - 00785326 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-17 21:22 - 2012-08-17 21:22 - 01442951 ____A (Farbar) C:\Users\Brandon Singh\Downloads\FRST64.exe
2012-08-17 21:18 - 2011-05-30 14:15 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2573913704-2678052440-1249604582-1001UA.job
2012-08-17 20:47 - 2012-07-17 08:47 - 00000364 ____A C:\Windows\Tasks\HPCeeScheduleForBrandon Singh.job
2012-08-17 17:31 - 2012-07-12 20:20 - 00015666 ____A C:\Windows\setupact.log
2012-08-17 14:18 - 2011-05-30 14:15 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2573913704-2678052440-1249604582-1001Core.job
2012-08-17 10:35 - 2012-08-17 10:34 - 02123728 ____A C:\Users\Brandon Singh\Downloads\tyt-20120816B.m4v.sfk
2012-08-17 10:31 - 2012-08-17 10:16 - 508093250 ____A C:\Users\Brandon Singh\Downloads\tyt-20120815B.m4v
2012-08-17 10:29 - 2012-08-17 10:15 - 500822420 ____A C:\Users\Brandon Singh\Downloads\tyt-20120816B.m4v
2012-08-17 10:18 - 2012-07-13 08:45 - 00096524 ____A C:\Windows\WindowsUpdate.log
2012-08-17 08:25 - 2011-12-09 15:01 - 04365312 __ASH C:\Users\Brandon Singh\Desktop\Thumbs.db
2012-08-17 04:26 - 2012-08-17 08:23 - 574714549 ____A C:\Users\Brandon Singh\Desktop\78.mp4
2012-08-17 04:15 - 2012-08-17 08:24 - 578440385 ____A C:\Users\Brandon Singh\Desktop\directors cuy.mp4
2012-08-17 03:32 - 2012-08-17 08:24 - 466763329 ____A C:\Users\Brandon Singh\Desktop\79.mp4
2012-08-16 21:03 - 2012-08-16 21:03 - 00000000 ____A C:\Users\Brandon Singh\Documents\MOO985E.tmp
2012-08-16 21:03 - 2012-08-16 21:03 - 00000000 ____A C:\Users\Brandon Singh\Documents\MOO5F3F.tmp
2012-08-16 21:03 - 2012-08-16 21:03 - 00000000 ____A C:\Users\Brandon Singh\Desktop\MOO5EE8.tmp
2012-08-16 20:15 - 2012-08-16 20:15 - 00000000 ____A C:\Users\Brandon Singh\Documents\MOO603A.tmp
2012-08-16 18:00 - 2012-08-16 17:59 - 00039072 ____A C:\Users\Brandon Singh\Downloads\It Gets Better.mp4-1715714000-282949333-0.sfk
2012-08-16 18:00 - 2012-08-16 17:59 - 00036408 ____A C:\Users\Brandon Singh\Desktop\Response to TYT's Chick-fil-A Stance.mp4-687687000-263596666-0.sfk
2012-08-16 18:00 - 2012-08-16 17:59 - 00033280 ____A C:\Users\Brandon Singh\Downloads\It Gets Better.mp4-1410409000-240907333-0.sfk
2012-08-16 18:00 - 2012-08-16 17:59 - 00030848 ____A C:\Users\Brandon Singh\Downloads\It Gets Better.mp4-1079078000-223223000-0.sfk
2012-08-16 17:13 - 2012-08-16 17:12 - 00031400 ____A C:\Users\Brandon Singh\Downloads\It Gets Better.mp4-7465124333-227227000-0.sfk
2012-08-16 17:13 - 2012-08-16 17:12 - 00031352 ____A C:\Users\Brandon Singh\Downloads\It Gets Better.mp4-6876870000-227227000-0.sfk
2012-08-16 16:13 - 2012-08-16 16:13 - 01705344 ____A C:\Users\Brandon Singh\Desktop\Response to TYT's Chick-fil-A Stance.mp4.sfk
2012-08-16 16:13 - 2012-08-16 16:12 - 01063744 ____A C:\Users\Brandon Singh\Downloads\It Gets Better.mp4.sfk
2012-08-16 15:56 - 2012-08-16 15:55 - 33746524 ____A C:\Users\Brandon Singh\Downloads\It Gets Better.mp4
2012-08-16 15:44 - 2012-08-16 15:43 - 36948456 ____A C:\Users\Brandon Singh\Desktop\Response to TYT's Chick-fil-A Stance.mp4
2012-08-16 01:01 - 2012-08-15 21:58 - 330848142 ____A C:\Users\Brandon Singh\Desktop\TYTNation Super Mario Brothers Throwback Thursday.mp4
2012-08-15 18:20 - 2012-08-15 18:16 - 01871074 ____A C:\Users\Brandon Singh\Desktop\teaser 2.mp4
2012-08-15 17:45 - 2012-08-15 17:45 - 14802564 ____A C:\Users\Brandon Singh\Desktop\fix bteaser.avi
2012-08-15 16:12 - 2012-08-15 16:11 - 00888288 ____A C:\Users\Brandon Singh\Desktop\Super Mario depression.sfk
2012-08-15 14:47 - 2012-08-15 14:37 - 00425568 ____A C:\Users\Brandon Singh\Downloads\The Dream_ Is it Still Alive_.mp4.sfk
2012-08-15 14:37 - 2012-08-15 14:35 - 21558078 ____A C:\Users\Brandon Singh\Downloads\The Dream_ Is it Still Alive_.mp4
2012-08-15 13:45 - 2012-08-15 13:45 - 01916953 ____A C:\Users\Brandon Singh\Downloads\VirtualDub-1.9.11-AMD64.zip
2012-08-15 10:16 - 2012-08-15 10:16 - 00439463 ____A C:\Users\Brandon Singh\Downloads\jnes_1_1.exe
2012-08-15 10:16 - 2012-08-15 10:16 - 00000955 ____A C:\Users\Brandon Singh\Desktop\Jnes.lnk
2012-08-15 10:14 - 2012-08-15 10:14 - 00032039 ____A C:\Users\Brandon Singh\Desktop\Super Mario Bros..zip
2012-08-15 07:51 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-15 07:51 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-15 07:44 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-14 23:34 - 2012-05-23 23:18 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-14 23:34 - 2011-05-30 14:58 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-14 21:15 - 2012-08-14 21:15 - 05735399 ____A C:\Users\Brandon Singh\Desktop\New Super Mario Bros. 2 - Penélope & Mónica Cruz TV ad (Nintendo 3DS).mp4
2012-08-14 20:24 - 2012-08-14 19:52 - 1396346733 ____A C:\Users\Brandon Singh\Downloads\Adobe Photoshop CS6 Extended.exe
2012-08-14 14:02 - 2012-08-14 14:00 - 00140800 ____A C:\Users\Brandon Singh\Downloads\[E3 2011] Sly Cooper Thieves In Time Reveal Trailer.mp4.sfk
2012-08-14 13:59 - 2012-08-14 13:59 - 07975849 ____A C:\Users\Brandon Singh\Downloads\[E3 2011] Sly Cooper Thieves In Time Reveal Trailer.mp4
2012-08-14 13:22 - 2011-05-30 14:15 - 00002500 ____A C:\Users\Brandon Singh\Desktop\Google Chrome.lnk
2012-08-14 13:05 - 2012-08-14 12:45 - 00146464 ____A C:\Users\Brandon Singh\Downloads\Sly Cooper Thieves in Time Gamescom 2012 Trailer 720p.mp4.sfk
2012-08-14 12:39 - 2012-08-14 12:39 - 08239408 ____A C:\Users\Brandon Singh\Downloads\Sly Cooper Thieves in Time Gamescom 2012 Trailer 720p.mp4
2012-08-14 12:22 - 2012-08-14 11:39 - 00010420 ____A C:\Users\Brandon Singh\Desktop\Attach.txt
2012-08-14 12:19 - 2012-08-14 11:39 - 00034105 ____A C:\Users\Brandon Singh\Desktop\DDS.txt
2012-08-14 11:30 - 2012-08-14 11:30 - 00607260 ____R (Swearware) C:\Users\Brandon Singh\Downloads\dds.com
2012-08-14 11:30 - 2012-08-14 11:30 - 00000000 ____A C:\Users\Brandon Singh\defogger_reenable
2012-08-14 11:29 - 2012-08-14 11:29 - 00050477 ____A C:\Users\Brandon Singh\Downloads\Defogger.exe
2012-08-13 23:21 - 2012-08-13 23:21 - 00014488 ____A C:\Users\Brandon Singh\Downloads\hijackthis.log
2012-08-13 23:17 - 2012-08-13 23:17 - 00388608 ____A (Trend Micro Inc.) C:\Users\Brandon Singh\Downloads\HijackThis.exe
2012-08-13 23:08 - 2012-08-13 23:08 - 04589838 ____A (Curio Lab) C:\Users\Brandon Singh\Downloads\ExterminateItSetup.exe
2012-08-13 16:41 - 2012-08-13 16:41 - 00082688 ____A C:\Users\Brandon Singh\Downloads\Call of Duty Black Ops commercial with Kobe Bryant and Jimmy Kimmle on PaulGaleNetwork.com.mp4.sfk
2012-08-13 16:40 - 2012-08-13 16:40 - 03859841 ____A C:\Users\Brandon Singh\Downloads\Call of Duty Black Ops commercial with Kobe Bryant and Jimmy Kimmle on PaulGaleNetwork.com.mp4
2012-08-13 09:33 - 2012-08-13 09:33 - 00058816 ____A C:\Users\Brandon Singh\Downloads\bandicam 2012 08 13 13 25 43 806.mp4.sfk
2012-08-13 09:32 - 2012-08-13 09:32 - 02166248 ____A C:\Users\Brandon Singh\Downloads\bandicam 2012 08 13 13 25 43 806.mp4
2012-08-13 09:10 - 2012-08-13 09:10 - 00086336 ____A C:\Users\Brandon Singh\Downloads\NBA All-Star_ Dwight Howard Plays Games Until 5am Every Night, Is Prestige on Call of Duty(1).mp4.sfk
2012-08-13 09:08 - 2012-08-13 09:07 - 03291968 ____A C:\Users\Brandon Singh\Downloads\NBA All-Star_ Dwight Howard Plays Games Until 5am Every Night, Is Prestige on Call of Duty(1).mp4
2012-08-13 08:59 - 2012-08-13 08:59 - 03291968 ____A C:\Users\Brandon Singh\Downloads\NBA All-Star_ Dwight Howard Plays Games Until 5am Every Night, Is Prestige on Call of Duty.mp4
2012-08-13 00:50 - 2012-08-13 07:48 - 452910135 ____A C:\Users\Brandon Singh\Desktop\Montage Monday TYT Gaming.mp4
2012-08-12 14:35 - 2012-08-12 14:34 - 00451200 ____A C:\Users\Brandon Singh\Desktop\Dwight Howard Trade to Lakers!.mp4.sfk
2012-08-12 14:13 - 2012-08-12 14:13 - 21046485 ____A C:\Users\Brandon Singh\Desktop\Dwight Howard Trade to Lakers!.mp4
2012-08-11 18:38 - 2012-08-11 18:38 - 00275160 ____A C:\Windows\Minidump\081112-43508-01.dmp
2012-08-11 18:37 - 2012-08-11 18:37 - 462295068 ____A C:\Windows\MEMORY.DMP
2012-08-11 18:37 - 2009-07-13 21:08 - 00032648 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-11 15:52 - 2012-08-11 15:52 - 00803584 ____A (Microsoft Corporation) C:\Users\Brandon Singh\Downloads\mssstool64.exe
2012-08-11 11:53 - 2012-08-11 19:11 - 86337213 ____A C:\Users\Brandon Singh\Desktop\test montage.mp4
2012-08-10 23:21 - 2012-08-10 23:21 - 00000000 ____A C:\Users\Brandon Singh\Desktop\Ana walks off TYT
2012-08-10 21:54 - 2012-08-10 21:51 - 00342576 ____A C:\Users\Brandon Singh\Desktop\Modern Jazz Samba.mp3.sfk
2012-08-10 21:54 - 2012-08-10 21:51 - 00250664 ____A C:\Users\Brandon Singh\Desktop\Faster Does It.mp3.sfk
2012-08-10 21:51 - 2012-08-10 21:50 - 00296128 ____A C:\Users\Brandon Singh\Desktop\Cut and Run.mp3.sfk
2012-08-10 21:49 - 2012-08-10 21:46 - 00308728 ____A C:\Users\Brandon Singh\Desktop\RetroFuture Dirty.mp3.sfk
2012-08-10 21:49 - 2012-08-10 21:42 - 00019332 ____A C:\Users\Brandon Singh\Downloads\tyt-20120806B.m4v-6612606000-279612666-0.sfk
2012-08-10 21:49 - 2012-08-10 21:42 - 00018896 ____A C:\Users\Brandon Singh\Downloads\tyt-20120806B.m4v-19798779000-273273000-0.sfk
2012-08-10 21:49 - 2012-08-10 21:42 - 00011216 ____A C:\Users\Brandon Singh\Downloads\tyt-20120806B.m4v-30251888333-161828334-0.sfk
2012-08-10 21:49 - 2012-08-10 21:42 - 00011216 ____A C:\Users\Brandon Singh\Downloads\tyt-20120806B.m4v-12717705000-161828333-0.sfk
2012-08-10 21:49 - 2012-08-10 21:42 - 00009836 ____A C:\Users\Brandon Singh\Downloads\tyt-20120807B.m4v-27216522667-141808333-0.sfk
2012-08-10 21:49 - 2012-08-10 21:42 - 00007816 ____A C:\Users\Brandon Singh\Downloads\tyt-20120806B.m4v-21544189333-112445667-0.sfk
2012-08-10 21:49 - 2012-08-10 21:42 - 00007424 ____A C:\Users\Brandon Singh\Downloads\tyt-20120807B.m4v-5682009666-106773334-0.sfk
2012-08-10 21:49 - 2012-08-10 21:42 - 00004068 ____A C:\Users\Brandon Singh\Downloads\tyt-20120806B.m4v-22240885333-58058000-0.sfk
2012-08-10 21:49 - 2012-08-10 21:42 - 00002732 ____A C:\Users\Brandon Singh\Downloads\tyt-20120806B.m4v-30761397333-38705334-0.sfk
2012-08-10 21:49 - 2012-08-10 21:42 - 00002640 ____A C:\Users\Brandon Singh\Downloads\tyt-20120807B.m4v-22651295334-37370666-0.sfk
2012-08-10 21:42 - 2012-08-10 21:21 - 00008756 ____A C:\Users\Brandon Singh\Downloads\tyt-20120806B.m4v-18050699333-126126000-0.sfk
2012-08-10 21:18 - 2012-08-10 21:15 - 00007768 ____A C:\Users\Brandon Singh\Downloads\tyt-20120806B.m4v-11727382333-111778333-0.sfk
2012-08-10 21:04 - 2012-08-10 20:55 - 00002344 ____A C:\Users\Brandon Singh\Downloads\tyt-20120807B.m4v-27137777333-33033000-0.sfk
2012-08-10 20:42 - 2012-08-10 20:41 - 00006848 ____A C:\Users\Brandon Singh\Downloads\tyt-20120807B.m4v-20073053000-98431667-0.sfk
2012-08-10 20:25 - 2012-08-10 20:22 - 00023104 ____A C:\Users\Brandon Singh\Downloads\tyt-20120807B.m4v-17617600000-334334000-0.sfk
2012-08-10 20:10 - 2012-08-10 20:09 - 00005540 ____A C:\Users\Brandon Singh\Downloads\tyt-20120807B.m4v-15894879000-79412667-0.sfk
2012-08-10 20:10 - 2012-08-10 19:55 - 00037104 ____A C:\Users\Brandon Singh\Downloads\tyt-20120807B.m4v-9234892333-537537000-0.sfk
2012-08-10 20:10 - 2012-08-10 19:45 - 02150736 ____A C:\Users\Brandon Singh\Downloads\tyt-20120806B.m4v.sfk
2012-08-10 20:10 - 2012-08-10 19:35 - 01982996 ____A C:\Users\Brandon Singh\Downloads\tyt-20120807B.m4v.sfk
2012-08-10 19:45 - 2012-08-10 19:33 - 507264492 ____A C:\Users\Brandon Singh\Downloads\tyt-20120806B.m4v
2012-08-10 19:35 - 2012-08-10 19:25 - 466111888 ____A C:\Users\Brandon Singh\Downloads\tyt-20120807B.m4v
2012-08-10 17:24 - 2012-08-10 17:06 - 02328080 ____A C:\Users\Brandon Singh\Downloads\tyt-20120808B.m4v.sfk
2012-08-10 17:03 - 2012-08-10 16:52 - 548447289 ____A C:\Users\Brandon Singh\Downloads\tyt-20120808B.m4v
2012-08-10 15:41 - 2012-08-10 15:39 - 00003332 ____A C:\Users\Brandon Singh\Downloads\Full Clip.m4v-12518839667-47380667-0.sfk
2012-08-10 15:32 - 2012-08-10 15:28 - 00003260 ____A C:\Users\Brandon Singh\Downloads\Full Clip.m4v-10125782334-46379667-0.sfk
2012-08-10 15:15 - 2012-08-10 15:13 - 00020228 ____A C:\Users\Brandon Singh\Downloads\Full Clip.m4v-3495825666-292625667-0.sfk
2012-08-10 15:15 - 2012-08-10 15:13 - 00013564 ____A C:\Users\Brandon Singh\Downloads\Full Clip.m4v-2100431666-195862334-0.sfk
2012-08-10 15:15 - 2012-08-10 15:13 - 00009836 ____A C:\Users\Brandon Singh\Downloads\Full Clip.m4v-4984312666-141808334-0.sfk
2012-08-10 15:15 - 2012-08-10 15:13 - 00004412 ____A C:\Users\Brandon Singh\Downloads\Full Clip.m4v-798464333-63063000-0.sfk
2012-08-10 15:12 - 2012-08-10 15:12 - 00009448 ____A C:\Users\Brandon Singh\Downloads\tyt-20120809B.m4v-8098090000-136136000-0.sfk
2012-08-10 15:12 - 2012-08-10 15:12 - 00009448 ____A C:\Users\Brandon Singh\Downloads\Full Clip.m4v-8098090000-136136000-0.sfk
2012-08-10 15:10 - 2012-08-10 15:04 - 00009836 ____A C:\Users\Brandon Singh\Downloads\tyt-20120809B.m4v-4984312666-141808334-0.sfk
2012-08-10 15:10 - 2012-08-10 15:01 - 00020228 ____A C:\Users\Brandon Singh\Downloads\tyt-20120809B.m4v-3495825666-292625667-0.sfk
2012-08-10 14:52 - 2012-08-10 14:51 - 00013564 ____A C:\Users\Brandon Singh\Downloads\tyt-20120809B.m4v-2100431666-195862334-0.sfk
2012-08-10 14:52 - 2012-08-10 14:51 - 00004412 ____A C:\Users\Brandon Singh\Downloads\tyt-20120809B.m4v-798464333-63063000-0.sfk
2012-08-10 14:06 - 2012-08-10 13:58 - 01996208 ____A C:\Users\Brandon Singh\Downloads\Full Clip.m4v.sfk
2012-08-10 13:58 - 2012-08-10 13:50 - 470539900 ____A C:\Users\Brandon Singh\Downloads\Full Clip.m4v
2012-08-10 08:20 - 2012-08-10 08:03 - 63748716 ____A C:\Users\Brandon Singh\Downloads\Painkiller Already 103 w_Joe Lauzon.MP3.part
2012-08-08 22:46 - 2012-08-08 22:45 - 31190714 ____A C:\Users\Brandon Singh\Downloads\BATMAN # 12.cbr
2012-08-08 22:46 - 2012-08-08 22:45 - 18432687 ____A C:\Users\Brandon Singh\Downloads\Batman_and_Robin_012_2012__Digital__Zone_Empire_.cbr
2012-08-08 19:56 - 2012-08-08 19:55 - 00309992 ____A C:\Users\Brandon Singh\Desktop\Sunshine ver 2.mp3.sfk
2012-08-08 17:29 - 2012-08-08 17:29 - 02498473 ____A C:\Users\Brandon Singh\Downloads\Pokemon (Game Boy) Link Cable Commercial.mp4
2012-08-08 17:29 - 2012-08-08 17:29 - 00041888 ____A C:\Users\Brandon Singh\Downloads\Pokemon (Game Boy) Link Cable Commercial.mp4.sfk
2012-08-08 13:19 - 2012-08-08 09:22 - 00660640 ____A C:\Users\Brandon Singh\Desktop\VisualBoyAdvance-1.8.0-beta3.zip
2012-08-08 09:23 - 2012-08-08 09:23 - 00373034 ____A C:\Users\Brandon Singh\Desktop\Pokemon Red.zip
2012-08-07 18:58 - 2012-08-07 18:58 - 00000000 ____A C:\Users\Brandon Singh\Documents\MOO8B85.tmp
2012-08-07 18:58 - 2012-08-07 18:58 - 00000000 ____A C:\Users\Brandon Singh\Documents\MOO8AB7.tmp
2012-08-07 17:36 - 2012-08-07 17:36 - 00238784 ____A C:\Users\Brandon Singh\Downloads\Arma II_ Reinforcements - Debut Trailer.mp4.sfk
2012-08-07 17:35 - 2012-08-07 17:35 - 14691139 ____A C:\Users\Brandon Singh\Downloads\Arma II_ Reinforcements - Debut Trailer.mp4
2012-08-05 14:20 - 2012-08-05 14:20 - 00228448 ____A C:\Users\Brandon Singh\Downloads\World of Warcraft_ Mists of Pandaria Preview Trailer.mp4.sfk
2012-08-05 14:20 - 2012-08-05 14:20 - 00045568 ____A C:\Users\Brandon Singh\Downloads\World of Warcraft Mr. T Commercial TV ad.mp4.sfk
2012-08-05 14:19 - 2012-08-05 14:19 - 02312882 ____A C:\Users\Brandon Singh\Downloads\World of Warcraft Mr. T Commercial TV ad.mp4
2012-08-05 14:19 - 2012-08-05 14:18 - 15288229 ____A C:\Users\Brandon Singh\Downloads\World of Warcraft_ Mists of Pandaria Preview Trailer.mp4
2012-08-05 13:51 - 2012-08-05 12:43 - 00011760 ____H C:\Users\Brandon Singh\Documents\~WRL1334.tmp
2012-08-01 21:01 - 2012-08-01 20:36 - 00097856 ____A C:\Users\Brandon Singh\Downloads\Tidus and Yuna laugh...out loud_.mp4.sfk
2012-08-01 20:36 - 2012-08-01 20:36 - 04893669 ____A C:\Users\Brandon Singh\Downloads\Tidus and Yuna laugh...out loud_.mp4
2012-08-01 19:14 - 2012-08-01 18:01 - 20754750 ____A C:\Users\Brandon Singh\Downloads\DC # 12.cbr
2012-08-01 18:03 - 2012-08-01 18:01 - 29263286 ____A C:\Users\Brandon Singh\Downloads\Avengers_Vs_X_Men_009_2012__Digital__Zone_Empire_.cbr
2012-08-01 17:11 - 2012-08-01 17:08 - 01355648 ____A C:\Users\Brandon Singh\Downloads\Let's Play Final Fantasy X - Part 21_ Stadium Attack - Luca Dock.mp4.sfk
2012-08-01 17:07 - 2012-08-01 17:05 - 72568732 ____A C:\Users\Brandon Singh\Downloads\Let's Play Final Fantasy X - Part 21_ Stadium Attack - Luca Dock.mp4
2012-08-01 17:06 - 2012-08-01 17:06 - 00000000 ____A C:\Users\Brandon Singh\Documents\16
2012-07-31 13:58 - 2012-07-31 13:58 - 00243520 ____A C:\Users\Brandon Singh\Downloads\STAR WARS™_ The Old Republic™ - Character Progression -- Imperial Agent.mp4.sfk
2012-07-31 13:58 - 2012-07-31 13:57 - 14469175 ____A C:\Users\Brandon Singh\Downloads\STAR WARS™_ The Old Republic™ - Character Progression -- Imperial Agent.mp4
2012-07-30 16:12 - 2012-07-30 16:11 - 00142048 ____A C:\Users\Brandon Singh\Downloads\NBA 2K13 Gameplay First Look E3.mp4.sfk
2012-07-30 16:11 - 2012-07-30 16:11 - 07789340 ____A C:\Users\Brandon Singh\Downloads\NBA 2K13 Gameplay First Look E3.mp4
2012-07-30 14:15 - 2012-07-30 14:15 - 00032832 ____A C:\Users\Brandon Singh\Downloads\NBA 2K13 Executive Produced by JAY Z.mp4.sfk
2012-07-30 13:56 - 2012-07-30 13:56 - 01799967 ____A C:\Users\Brandon Singh\Downloads\NBA 2K13 Executive Produced by JAY Z.mp4
2012-07-28 21:00 - 2012-07-28 21:00 - 00003120 ____A C:\Windows\QX6YTVLJ.ocx
2012-07-28 14:38 - 2012-07-28 14:38 - 00001464 ____A C:\Users\Brandon Singh\Desktop\hm3.exe - Shortcut.lnk
2012-07-28 14:31 - 2012-07-28 14:31 - 00001136 ____A C:\Windows\PFRO.log
2012-07-28 13:04 - 2012-02-07 13:28 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-27 12:11 - 2012-07-27 12:10 - 13085120 ____A (Microsoft Corporation) C:\Users\Brandon Singh\Downloads\Silverlight_x64.exe
2012-07-26 18:21 - 2012-07-26 18:21 - 00921654 ____A C:\Users\Brandon Singh\OSDM_Shot120726222115.BMP
2012-07-26 18:21 - 2012-07-26 18:21 - 00921654 ____A C:\Users\Brandon Singh\OSDM_Shot120726222112.BMP
2012-07-26 18:20 - 2012-07-26 18:20 - 00921654 ____A C:\Users\Brandon Singh\OSDM_Shot120726222046.BMP
2012-07-26 18:20 - 2012-07-26 18:20 - 00921654 ____A C:\Users\Brandon Singh\OSDM_Shot120726222043.BMP
2012-07-26 18:20 - 2012-07-26 18:20 - 00921654 ____A C:\Users\Brandon Singh\OSDM_Shot120726222032.BMP
2012-07-26 17:38 - 2012-07-26 17:37 - 11010890 ____A (Winter Wolves ) C:\Users\Brandon Singh\Downloads\TSMTrial.exe
2012-07-25 17:07 - 2012-07-25 17:06 - 12977813 ____A C:\Users\Brandon Singh\Downloads\Amazing_Spider_Man_690_2012_digital_TheGroup_.cbr
2012-07-25 14:44 - 2012-07-25 14:44 - 00000000 ____A C:\Users\Brandon Singh\Documents\6
2012-07-25 10:48 - 2012-07-25 10:46 - 22764325 ____A C:\Users\Brandon Singh\Desktop\Paper Mario.zip
2012-07-24 14:27 - 2012-07-24 14:22 - 00561408 ____A C:\Users\Brandon Singh\Downloads\FINAL FANTASY Versus XIII Trailer 2011.mp4.sfk
2012-07-24 14:21 - 2012-07-24 14:21 - 29805019 ____A C:\Users\Brandon Singh\Downloads\FINAL FANTASY Versus XIII Trailer 2011.mp4
2012-07-22 14:13 - 2012-07-22 14:13 - 00000000 ____A C:\Windows\iPlayer.INI
2012-07-22 09:53 - 2012-07-22 09:50 - 00339424 ____A C:\Users\Brandon Singh\Downloads\bandicam 2012 07 22 13 37 31 404.mp4.sfk
2012-07-22 09:50 - 2012-07-22 09:48 - 10872924 ____A C:\Users\Brandon Singh\Downloads\bandicam 2012 07 22 13 37 31 404.mp4
2012-07-21 19:52 - 2012-07-21 19:52 - 00000000 ____A C:\Users\Brandon Singh\Documents\3
2012-07-20 13:17 - 2012-07-20 13:17 - 00174080 ____A (KeepVid) C:\Users\Brandon Singh\Downloads\KeepVid.exe
2012-07-19 09:28 - 2012-07-19 09:26 - 26023297 ____A C:\Users\Brandon Singh\Downloads\Avengers Vs X-Men 008 (2012) (Digital) (Zone-Empire).cbr
2012-07-18 12:10 - 2012-07-17 22:39 - 00000072 ____A C:\Users\Brandon Singh\Desktop\n64 profile stuff.jsf
2012-07-17 22:00 - 2012-07-17 22:00 - 00000941 ____A C:\Users\Brandon Singh\Desktop\DS3 Tool.lnk
2012-07-17 22:00 - 2012-07-17 22:00 - 00000923 ____A C:\Users\Public\Desktop\DS3 Tool.lnk
2012-07-17 21:50 - 2012-07-17 21:50 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2012-07-17 21:25 - 2012-07-17 21:25 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2012-07-17 21:25 - 2012-07-17 21:24 - 00029483 ____A C:\Windows\DirectX.log
2012-07-17 21:24 - 2012-07-17 21:24 - 07878008 ____A (Microsoft Corporation) C:\Users\Brandon Singh\Downloads\Xbox360_64Eng.exe
2012-07-17 21:19 - 2012-07-17 21:17 - 25927872 ____A C:\Users\Brandon Singh\Desktop\WWF No Mercy.zip
2012-07-17 21:15 - 2012-07-17 21:15 - 00002099 ____A C:\Users\Brandon Singh\Desktop\Project64 1.6.lnk
2012-07-17 21:13 - 2012-07-17 21:13 - 02080797 ____A (Project64 ) C:\Users\Brandon Singh\Downloads\Project64_1.6.exe
2012-07-17 15:52 - 2012-07-17 15:48 - 00633480 ____A C:\Users\Brandon Singh\Downloads\Diablo III Gameplay Preview.mp4.sfk
2012-07-17 15:48 - 2012-07-17 15:47 - 30404643 ____A C:\Users\Brandon Singh\Downloads\Diablo III Gameplay Preview.mp4
2012-07-17 15:03 - 2012-07-17 15:03 - 00182112 ____A C:\Users\Brandon Singh\Downloads\Diablo 3 - Official Trailer (HD).mp4.sfk
2012-07-17 15:02 - 2012-07-17 15:02 - 06711706 ____A C:\Users\Brandon Singh\Downloads\Diablo 3 - Official Trailer (HD).mp4
2012-07-16 15:40 - 2012-07-16 15:40 - 00465920 ____A C:\Users\Brandon Singh\Downloads\Pach-Attack! - It's a Profit Deal!.mp4.sfk
2012-07-16 15:37 - 2012-07-16 15:37 - 20193958 ____A C:\Users\Brandon Singh\Downloads\Pach-Attack! - It's a Profit Deal!.mp4
2012-07-16 09:20 - 2012-07-16 09:20 - 00000000 ____A C:\Users\Brandon Singh\Documents\2
2012-07-15 22:38 - 2012-07-15 22:37 - 22256793 ____A C:\Users\Brandon Singh\Downloads\Wolverine And The X-Men 013 (2012) (Digital) (Zone-Empire).cbr
2012-07-15 14:18 - 2012-07-15 14:18 - 00000000 ____A C:\Users\Brandon Singh\Documents\1
2012-07-15 14:12 - 2012-07-15 14:11 - 00106496 ____A C:\Users\Brandon Singh\Downloads\LEGO Batman 2 _ DC Super Heroes - Official First Look Trailer [HD].mp4.sfk
2012-07-15 14:11 - 2012-07-15 14:10 - 06938534 ____A C:\Users\Brandon Singh\Downloads\LEGO Batman 2 _ DC Super Heroes - Official First Look Trailer [HD].mp4
2012-07-15 11:06 - 2012-07-15 11:06 - 09589993 ____A C:\Users\Brandon Singh\Downloads\BATMAN_ ARKHAM CITY Joker Trailer.mp4
2012-07-15 11:06 - 2012-07-15 11:06 - 00151104 ____A C:\Users\Brandon Singh\Downloads\BATMAN_ ARKHAM CITY Joker Trailer.mp4.sfk
2012-07-14 18:26 - 2011-05-30 14:13 - 00000994 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-07-14 18:25 - 2012-07-14 18:25 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-07-14 18:18 - 2012-07-14 18:19 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-07-14 18:18 - 2012-07-14 18:19 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-07-14 18:18 - 2012-07-14 18:19 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-07-14 18:18 - 2012-07-14 18:19 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-07-14 18:18 - 2011-04-11 11:03 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-07-14 17:53 - 2012-07-14 17:53 - 00341811 ____A () C:\Users\Brandon Singh\Downloads\Everything-1.2.1.371.exe
2012-07-14 17:06 - 2012-07-14 17:06 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-14 16:49 - 2012-07-14 16:49 - 00544008 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-07-14 16:49 - 2012-07-14 16:49 - 00191240 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-07-14 16:49 - 2012-07-14 16:49 - 00172296 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-07-14 16:49 - 2012-07-14 16:49 - 00172296 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-07-14 16:49 - 2011-04-11 11:04 - 00525576 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-07-14 16:06 - 2012-07-14 16:05 - 05650143 ____A C:\Users\Brandon Singh\Downloads\prey-0.5.3-win.exe
2012-07-14 16:03 - 2012-07-14 16:03 - 03281592 ____A (Secunia) C:\Users\Brandon Singh\Downloads\PSISetup.exe
2012-07-14 15:50 - 2012-07-14 15:49 - 00559424 ____A C:\Users\Brandon Singh\Downloads\flux-setup.exe
2012-07-13 12:59 - 2012-07-13 12:59 - 17141127 ____A C:\Users\Brandon Singh\Downloads\Painkiller Already 99w_Ons1augh7 and Izedneck.MP3.part
2012-07-12 20:20 - 2012-07-12 20:20 - 00000000 ____A C:\Windows\setuperr.log
2012-07-12 16:50 - 2011-05-30 14:08 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-07-12 16:49 - 2012-07-12 16:49 - 03889704 ____A (Piriform Ltd) C:\Users\Brandon Singh\Downloads\ccsetup320.exe
2012-07-11 18:43 - 2012-07-11 18:43 - 00081728 ____A C:\Users\Brandon Singh\Downloads\Black Ops - JFK.mp4.sfk
2012-07-11 18:42 - 2012-07-11 18:42 - 04373063 ____A C:\Users\Brandon Singh\Downloads\Black Ops - JFK.mp4
2012-07-11 18:40 - 2012-07-11 18:39 - 00040096 ____A C:\Users\Brandon Singh\Downloads\Call of Duty_ Black Ops - Killing Castro (HD).mp4.sfk
2012-07-11 18:39 - 2012-07-11 18:39 - 01647493 ____A C:\Users\Brandon Singh\Downloads\Call of Duty_ Black Ops - Killing Castro (HD).mp4
2012-07-11 18:36 - 2012-07-11 18:36 - 00084864 ____A C:\Users\Brandon Singh\Downloads\Call Of Duty 4 Nuke.mp4.sfk
2012-07-11 18:35 - 2012-07-11 18:35 - 04863477 ____A C:\Users\Brandon Singh\Downloads\Call Of Duty 4 Nuke.mp4
2012-07-11 18:34 - 2012-07-11 18:32 - 00323648 ____A C:\Users\Brandon Singh\Downloads\Lens of Truth_ Modern Warfare 2 - No Russian Airport Mission.mp4.sfk
2012-07-11 18:31 - 2012-07-11 18:31 - 19276405 ____A C:\Users\Brandon Singh\Downloads\Lens of Truth_ Modern Warfare 2 - No Russian Airport Mission.mp4
2012-07-10 23:00 - 2012-07-10 23:00 - 00000000 ____A C:\Users\Brandon Singh\Documents\MOO3265.tmp
2012-07-09 16:04 - 2012-07-09 15:58 - 00216416 ____A C:\Users\Brandon Singh\Downloads\Halo 2 - Teaser.mp4.sfk
2012-07-09 15:58 - 2012-07-09 15:57 - 09350884 ____A C:\Users\Brandon Singh\Downloads\Halo 2 - Teaser.mp4
2012-07-08 16:10 - 2012-07-08 16:07 - 00435520 ____A C:\Users\Brandon Singh\Downloads\[DB-Z.com] Dragon Ball Z Budokai 3 (DBZ Budokai HD Collection) Gameplay - Part 4 @ Japan Expo 2012.mp4.sfk
2012-07-08 16:07 - 2012-07-08 16:07 - 28827247 ____A C:\Users\Brandon Singh\Downloads\[DB-Z.com] Dragon Ball Z Budokai 3 (DBZ Budokai HD Collection) Gameplay - Part 4 @ Japan Expo 2012.mp4
2012-07-08 15:53 - 2012-07-08 15:53 - 00186912 ____A C:\Users\Brandon Singh\Downloads\[DB-Z.com] Dragon Ball Z Budokai (DBZ Budokai HD Collection) Gameplay - Part 1 @ Japan Expo 2012.mp4.sfk
2012-07-08 15:52 - 2012-07-08 15:52 - 12399476 ____A C:\Users\Brandon Singh\Downloads\[DB-Z.com] Dragon Ball Z Budokai (DBZ Budokai HD Collection) Gameplay - Part 1 @ Japan Expo 2012.mp4
2012-07-08 15:16 - 2012-07-08 15:15 - 00102496 ____A C:\Users\Brandon Singh\Downloads\Dragon Ball Z Budokai HD Collection 1st Trailer (Budokai 1 & 3).mp4.sfk
2012-07-08 15:15 - 2012-07-08 15:15 - 06523017 ____A C:\Users\Brandon Singh\Downloads\Dragon Ball Z Budokai HD Collection 1st Trailer (Budokai 1 & 3).mp4
2012-07-08 14:11 - 2012-07-08 14:10 - 23731022 ____A C:\Users\Brandon Singh\Downloads\Final Fantasy Advent Children - Blue (where's your messiah_).mp4
2012-07-08 08:30 - 2012-07-08 08:30 - 00000000 ____A C:\Users\Brandon Singh\Documents\15
2012-07-06 09:48 - 2012-07-06 09:46 - 72163286 ____A C:\Users\Brandon Singh\Downloads\TFS Bardock Special.mp4
2012-07-06 08:31 - 2012-07-06 08:28 - 113274897 ____A C:\Users\Brandon Singh\Downloads\Batman_-_Earth_One__2012___Hul-konnen-DCP_.cbr
2012-07-03 19:28 - 2012-07-03 19:27 - 00409024 ____A C:\Users\Brandon Singh\Downloads\Romney_ 'Young Voters Have To Vote For Me'.mp4.sfk
2012-07-03 19:27 - 2012-07-03 19:25 - 24150343 ____A C:\Users\Brandon Singh\Downloads\Romney_ 'Young Voters Have To Vote For Me'.mp4
2012-07-03 09:46 - 2011-05-30 18:23 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-01 21:54 - 2012-07-01 21:54 - 00000000 ____A C:\Users\Brandon Singh\Documents\14
2012-07-01 17:52 - 2012-07-01 17:52 - 07467561 ____A C:\Users\Brandon Singh\Downloads\Painkiller Already Ep 34.MP3.part
2012-06-29 11:55 - 2012-06-29 11:50 - 13166035 ____A C:\Users\Brandon Singh\Downloads\Painkiller Already 67 w_ iZedneck and Syndicate (Pre-Show and Post-Show).MP3.part
2012-06-28 11:06 - 2012-06-28 11:06 - 00000000 ____A C:\Users\Brandon Singh\Documents\13
2012-06-28 10:20 - 2012-06-28 10:20 - 00000000 ____A C:\Users\Brandon Singh\Documents\12
2012-06-27 16:48 - 2012-06-27 16:48 - 00000000 ____A C:\Users\Brandon Singh\Documents\11
2012-06-26 15:58 - 2012-06-26 15:52 - 00253952 ____A C:\Users\Brandon Singh\Downloads\Super Smash Bros Brawl U.S. trailer.mp4.sfk
2012-06-26 15:47 - 2012-06-26 15:46 - 14238584 ____A C:\Users\Brandon Singh\Downloads\Super Smash Bros Brawl U.S. trailer.mp4
2012-06-20 19:32 - 2012-06-20 16:08 - 00013266 ____H C:\Users\Brandon Singh\Documents\~WRL1978.tmp
2012-06-19 18:00 - 2012-06-19 18:00 - 00013320 ____H C:\Users\Brandon Singh\Documents\~WRL0003.tmp
2012-06-17 22:16 - 2012-06-17 22:16 - 00000000 ____A C:\Users\Brandon Singh\Documents\MOO1FC0.tmp
2012-06-17 14:16 - 2012-06-17 14:16 - 00000000 ____A C:\Users\Brandon Singh\Documents\MOOB8FF.tmp
2012-06-14 00:25 - 2009-07-13 20:45 - 00415152 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 23:12 - 2011-05-30 19:12 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-13 15:42 - 2012-06-13 15:42 - 00000000 ____A C:\Users\Brandon Singh\Documents\10
2012-06-13 13:45 - 2012-06-13 13:45 - 00000000 ____A C:\Users\Brandon Singh\Documents\9
2012-06-12 17:07 - 2012-06-12 17:07 - 00000000 ____A C:\Users\Brandon Singh\Documents\8
2012-06-11 14:38 - 2012-06-11 14:38 - 00000000 ____A C:\Users\Brandon Singh\Documents\MOO17B6.tmp
2012-06-10 22:35 - 2012-06-10 22:35 - 00000000 ____A C:\Users\Brandon Singh\Documents\MOOACC4.tmp
2012-06-10 22:19 - 2012-06-10 22:19 - 00000000 ____A C:\Users\Brandon Singh\Documents\MOO7C61.tmp
2012-06-10 12:32 - 2012-06-10 12:32 - 00000000 ____A C:\Users\Brandon Singh\Documents\MOOF043.tmp
2012-06-09 12:21 - 2012-06-09 12:21 - 00000000 ____A C:\Users\Brandon Singh\Documents\MOO9BB5.tmp
2012-06-06 14:34 - 2012-06-06 14:23 - 15658241 ____A C:\Users\Brandon Singh\Downloads\Detective_Comics_010__2012___3_covers___digital-TheGroup_.cbr
2012-06-06 11:06 - 2012-06-06 10:51 - 39565760 ____A C:\Users\Brandon Singh\Downloads\Action Comics 10 (2012) (Minutemen-DTs).cbz
2012-06-06 11:03 - 2012-06-06 10:55 - 15647598 ____A C:\Users\Brandon Singh\Downloads\Ultimate_Comics_Spider_Man_011_2012__Digital__Zone_Empire_.cbr
2012-06-06 10:59 - 2012-06-06 10:52 - 18981246 ____A C:\Users\Brandon Singh\Downloads\Avengers_Vs_X-Men_005_%282012%29_%28Digital%29_%28Zone-Empire%29.cbr
2012-06-06 10:55 - 2012-06-06 10:52 - 17305560 ____A C:\Users\Brandon Singh\Downloads\Amazing Spider-Man Movie 01 (of 02) (2012) (Digital) (Spyder-Empire).cbz
2012-06-05 21:55 - 2012-04-05 23:11 - 00054784 __ASH C:\Users\Brandon Singh\Documents\Thumbs.db
2012-06-05 20:52 - 2012-06-05 20:52 - 00000000 ____A C:\Users\Brandon Singh\Documents\7
2012-06-05 19:53 - 2012-06-05 19:45 - 305091123 ____A C:\Users\Brandon Singh\Desktop\Nintendo E3 2012 Press Conference.mp4
2012-06-05 16:30 - 2012-06-05 16:22 - 00642944 ____A C:\Users\Brandon Singh\Downloads\Are Video Games and Gaming Mainstream_ - The Common Room.mp4.sfk
2012-06-05 15:42 - 2012-06-05 15:33 - 41363656 ____A C:\Users\Brandon Singh\Downloads\Are Video Games and Gaming Mainstream_ - The Common Room.mp4
2012-06-05 13:11 - 2012-06-05 13:10 - 01895229 ____A (Vegasaur.com ) C:\Users\Brandon Singh\Downloads\Video4YouTube_Setup_1.1.exe
2012-06-04 12:11 - 2012-06-04 11:52 - 433114647 ____A C:\Users\Brandon Singh\Desktop\LIVE Microsoft E3 Press Conference.mp4
2012-06-03 15:03 - 2012-06-03 15:02 - 02524288 ____A C:\Users\Brandon Singh\Downloads\Nintendo Direct Pre E3 2012.mp4.sfk
2012-06-03 15:00 - 2012-06-03 14:35 - 88149800 ____A C:\Users\Brandon Singh\Downloads\Nintendo Direct Pre E3 2012.mp4
2012-06-03 13:51 - 2012-06-03 13:51 - 00000992 ____A C:\Users\Brandon Singh\Desktop\Bandicam.lnk
2012-06-03 13:11 - 2012-06-03 13:10 - 02609266 ____A C:\Users\Brandon Singh\Downloads\fraps 3.4.7 registered[A4].zip
2012-06-03 12:37 - 2012-06-03 12:30 - 31941457 ____A ( ) C:\Users\Brandon Singh\Downloads\Setup Screen Capturer Recorder 32-bit v0.6.8.exe
2012-06-03 12:18 - 2012-06-03 12:17 - 04472121 ____A (CamStudio Open Source Dev Team ) C:\Users\Brandon Singh\Downloads\CamStudio_Setup_v2.6b_r294_(build_24Oct2010)(1).exe
2012-06-03 12:15 - 2012-06-03 12:12 - 02618976 ____A (CamStudio Open Source Dev Team ) C:\Users\Brandon Singh\Downloads\CamStudio_Setup_v2.6b_r294_(build_24Oct2010).exe
2012-06-02 15:08 - 2012-06-02 15:08 - 00000000 ____A C:\Users\Brandon Singh\Documents\MOO46B4.tmp
2012-06-02 14:19 - 2012-06-19 08:32 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-19 08:32 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-19 08:32 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-19 08:31 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-19 08:31 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-19 08:32 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-19 08:31 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-19 08:31 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-19 08:31 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-31 23:02 - 2012-05-31 23:02 - 00000000 ____A C:\Users\Brandon Singh\Documents\MOOC1F5.tmp
2012-05-26 12:03 - 2012-05-26 12:03 - 00001297 ____A C:\Users\Brandon Singh\Desktop\AVS4YOU Software Navigator.lnk
2012-05-26 11:59 - 2012-05-26 11:52 - 76205639 ____A C:\Users\Brandon Singh\Downloads\AVS Video Converter 8.1.2.510 With Crack Free [DownSoftsFree]{h33t}.rar
2012-05-26 11:11 - 2012-05-26 11:11 - 00431528 ____A (Bandoo Media Inc) C:\Users\Brandon Singh\Downloads\Setup_FreeAVCHDConverter.exe
2012-05-26 11:06 - 2012-05-26 11:06 - 07544791 ____A ( ) C:\Users\Brandon Singh\Downloads\m2ts-converter-82376.exe
2012-05-26 08:50 - 2011-05-30 14:01 - 00000947 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-05-23 14:35 - 2012-05-23 14:35 - 00000000 ____A C:\Users\Brandon Singh\Documents\MOO186E.tmp
2012-05-23 11:43 - 2012-05-23 11:17 - 20182622 ____A C:\Users\Brandon Singh\Downloads\BATMAN INC # 01.cbr
2012-05-23 11:33 - 2012-05-23 11:17 - 24873254 ____A C:\Users\Brandon Singh\Downloads\Superman_009__2012___Digital___Zone-Empire_.cbr
2012-05-22 15:37 - 2012-05-22 15:37 - 00000000 ____A C:\Users\Brandon Singh\Documents\5
2012-05-22 12:10 - 2012-05-22 12:10 - 00000000 ____A C:\Users\Brandon Singh\Documents\4

ZeroAccess:
C:\Windows\Installer\{00b520a8-9697-e321-8b92-12fdae1b7498}
C:\Windows\Installer\{00b520a8-9697-e321-8b92-12fdae1b7498}\@

ZeroAccess:
C:\Users\Brandon Singh\AppData\Local\86f23f1a
C:\Users\Brandon Singh\AppData\Local\86f23f1a\@
C:\Users\Brandon Singh\AppData\Local\86f23f1a\U
C:\Users\Brandon Singh\AppData\Local\86f23f1a\U\80000000.@

ZeroAccess:
C:\Users\Brandon Singh\AppData\Local\{00b520a8-9697-e321-8b92-12fdae1b7498}
C:\Users\Brandon Singh\AppData\Local\{00b520a8-9697-e321-8b92-12fdae1b7498}\@
C:\Users\Brandon Singh\AppData\Local\{00b520a8-9697-e321-8b92-12fdae1b7498}\L
C:\Users\Brandon Singh\AppData\Local\{00b520a8-9697-e321-8b92-12fdae1b7498}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 3690.91 MB
Available physical RAM: 2955.42 MB
Total Pagefile: 3689.05 MB
Available Pagefile: 2952.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:283.46 GB) (Free:71.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:14.34 GB) (Free:1.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: () (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7648 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 283 GB 200 MB
Partition 3 Primary 14 GB 283 GB
Partition 4 Primary 103 MB 297 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 283 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy
C:\HP_TOOLS_mountHPSF\

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 7648 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

==================================================================================

Last Boot: 2012-08-10 12:10

======================= End Of Log ==========================






Search.txt

Farbar Recovery Scan Tool Version: 15-08-2012
Ran by SYSTEM at 2012-08-18 01:50:16
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

Edited by HateTrojans, 18 August 2012 - 01:25 AM.


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:07 PM

Posted 18 August 2012 - 07:32 AM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\Installer\{00b520a8-9697-e321-8b92-12fdae1b7498}
C:\Users\Brandon Singh\AppData\Local\86f23f1a
C:\Users\Brandon Singh\AppData\Local\{00b520a8-9697-e321-8b92-12fdae1b7498}
replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 HateTrojans

HateTrojans
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 18 August 2012 - 12:58 PM

Wish I had the money to pay you, I'll make sure to bookmark if I get paid anytime soon. Scale of 1-10 1 being easily fixable to 10 being crazy infected, how badly infected was I? Looks like there are a lot of deletions.


Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 15-08-2012
Ran by SYSTEM at 2012-08-18 13:28:04 Run:1
Running from H:\

==============================================

C:\Windows\Installer\{00b520a8-9697-e321-8b92-12fdae1b7498} moved successfully.
C:\Users\Brandon Singh\AppData\Local\86f23f1a moved successfully.
C:\Users\Brandon Singh\AppData\Local\{00b520a8-9697-e321-8b92-12fdae1b7498} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====


ComboFix

ComboFix 12-08-17.03 - Brandon Singh 18/08/2012 13:40:51.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3691.2387 [GMT -4:00]
Running from: c:\users\Brandon Singh\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Brandon Singh\Documents\~WRL0003.tmp
c:\users\Brandon Singh\Documents\~WRL1334.tmp
c:\users\Brandon Singh\Documents\~WRL1978.tmp
c:\users\Brandon Singh\Documents\MOO17B6.tmp
c:\users\Brandon Singh\Documents\MOO186E.tmp
c:\users\Brandon Singh\Documents\MOO1FC0.tmp
c:\users\Brandon Singh\Documents\MOO31F4.tmp
c:\users\Brandon Singh\Documents\MOO3265.tmp
c:\users\Brandon Singh\Documents\MOO4608.tmp
c:\users\Brandon Singh\Documents\MOO46B4.tmp
c:\users\Brandon Singh\Documents\MOO48F5.tmp
c:\users\Brandon Singh\Documents\MOO5F3F.tmp
c:\users\Brandon Singh\Documents\MOO603A.tmp
c:\users\Brandon Singh\Documents\MOO7C61.tmp
c:\users\Brandon Singh\Documents\MOO8AB7.tmp
c:\users\Brandon Singh\Documents\MOO8B85.tmp
c:\users\Brandon Singh\Documents\MOO9659.tmp
c:\users\Brandon Singh\Documents\MOO985E.tmp
c:\users\Brandon Singh\Documents\MOO9BB5.tmp
c:\users\Brandon Singh\Documents\MOOA001.tmp
c:\users\Brandon Singh\Documents\MOOACC4.tmp
c:\users\Brandon Singh\Documents\MOOB8FF.tmp
c:\users\Brandon Singh\Documents\MOOC1F5.tmp
c:\users\Brandon Singh\Documents\MOOF043.tmp
c:\users\Brandon Singh\Documents\MOOFAA2.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-18 to 2012-08-18 )))))))))))))))))))))))))))))))
.
.
2012-08-18 09:41 . 2012-08-18 09:42 -------- d-----w- C:\FRST
2012-08-15 18:16 . 2012-08-15 18:16 -------- d-----w- c:\program files (x86)\Jnes
2012-08-11 21:07 . 2012-08-11 21:07 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2012-07-28 05:08 . 2012-07-28 05:09 -------- d-----w- c:\program files (x86)\HollywoodMogul3
2012-07-27 20:12 . 2012-07-27 20:12 -------- d-----w- c:\program files\Microsoft Silverlight
2012-07-27 20:12 . 2012-07-27 20:12 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-07-27 01:55 . 2012-07-27 01:55 -------- d-----w- c:\users\Brandon Singh\AppData\Roaming\TVSM
2012-07-22 22:10 . 2012-07-23 00:49 -------- d-----w- c:\program files\InterActual
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-18 17:57 . 2012-07-15 00:08 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2012-08-15 07:34 . 2012-05-24 07:18 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 07:34 . 2011-05-30 22:58 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-18 05:15 . 2012-07-18 05:15 40960 ----a-r- c:\users\Brandon Singh\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-07-18 05:15 . 2012-07-18 05:15 40960 ----a-r- c:\users\Brandon Singh\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-07-15 02:18 . 2012-07-15 02:19 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-15 02:18 . 2011-04-11 19:03 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-15 00:49 . 2012-07-15 00:49 544008 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-15 00:49 . 2012-07-15 00:49 191240 ----a-w- c:\windows\system32\javaws.exe
2012-07-15 00:49 . 2012-07-15 00:49 172296 ----a-w- c:\windows\system32\javaw.exe
2012-07-15 00:49 . 2012-07-15 00:49 172296 ----a-w- c:\windows\system32\java.exe
2012-07-15 00:49 . 2011-04-11 19:04 525576 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 17:46 . 2011-05-31 02:23 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-14 07:12 . 2011-05-31 03:12 58957832 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-19 16:31 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 16:32 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 16:32 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 16:32 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 16:31 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 16:32 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 16:31 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 16:31 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 16:31 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 04:04 . 2012-06-22 17:56 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3A8BBE4B-EB36-4A14-9822-FDBF709B9AD9}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2736128]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"F.lux"="c:\users\Brandon Singh\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-04 336384]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-08-03 1167360]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\users\Brandon Singh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-5-30 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 hcwhdpvr;Hauppauge HD PVR Capture Device;c:\windows\system32\DRIVERS\hcwhdpvr.sys [2010-06-23 189952]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-11-10 115272]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-31 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-12 77952]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-12 37504]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-29 136584]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-05 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-04 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-09-29 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-29 123200]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-28 1817088]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-05 9359872]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-05 309760]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-02-10 31088]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-12-27 1145448]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 19:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 07:34]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2573913704-2678052440-1249604582-1001Core.job
- c:\users\Brandon Singh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-30 22:15]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2573913704-2678052440-1249604582-1001UA.job
- c:\users\Brandon Singh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-30 22:15]
.
2012-08-18 c:\windows\Tasks\HPCeeScheduleForBrandon Singh.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-27 7466600]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2716216]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 64.71.255.198
FF - ProfilePath - c:\users\Brandon Singh\AppData\Roaming\Mozilla\Firefox\Profiles\61lalnrt.default\
FF - prefs.js: browser.startup.homepage - huffingtonpost.com
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-ShaPlus Bandwidth Meter - c:\program files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
Wow6432Node-HKLM-Run-ArcSoft Connection Service - c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{2EF17083-57D4-4D64-AE4F-55F32A2C4571} - c:\programdata\Codecv\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-08-18 14:09:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-18 18:09
.
Pre-Run: 83,780,194,304 bytes free
Post-Run: 83,828,244,480 bytes free
.
- - End Of File - - A1B8061D599E2281996E93D3C616A386

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:07 PM

Posted 18 August 2012 - 03:51 PM

you were infected with a very nasty infection called zero access, it does have the ability to open a back door and we have no way of knowing if your personal information may have been compromised, so as a precaution, I would change all your on-line passwords using a machine that has never been infected


we just have a few other scans to do to make sure there are no leftovers, please run the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 HateTrojans

HateTrojans
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 18 August 2012 - 07:02 PM

Malware Bytes Log

Brandon Singh :: BRANDON [administrator]

18/08/2012 6:07:43 PM
mbam-log-2012-08-18 (18-07-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200954
Time elapsed: 8 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ESET online is going to take a couple more hours.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:07 PM

Posted 19 August 2012 - 08:51 PM

were you able to complete the ESET scan?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 HateTrojans

HateTrojans
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 19 August 2012 - 09:00 PM

My apologies, no. 6 hours and I got to 30%. Is their an alternative?

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:07 PM

Posted 19 August 2012 - 09:30 PM

there are, but that's the best one

try running the temp file cleaner, then give it another try

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean



NEXT


Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 HateTrojans

HateTrojans
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 19 August 2012 - 10:48 PM

Wow this was quick.

Farbar Service Scanner Version: 06-08-2012
Ran by Brandon Singh (administrator) on 19-08-2012 at 23:48:29
Running from "C:\Users\Brandon Singh\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:07 PM

Posted 20 August 2012 - 07:06 AM

your BITS registry key is missing so we need to replace it or windows updates wont work

please download the attached registry fix and save it to your desktop.Right click and choose to Merge it into your registry (then delete the file as you wont need it again)


[attachment=128897:bits7.reg]


NEXT


Please give ESET on-line scan another try


give it lots of time to finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 HateTrojans

HateTrojans
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 20 August 2012 - 05:13 PM

I merged the file.


Here's the log.

C:\FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan
C:\Users\Brandon\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application
C:\Users\Brandon\Downloads\Setup_FreeAVCHDConverter.exe Win32/Toolbar.SearchSuite application

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:07 PM

Posted 20 August 2012 - 09:18 PM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Users\Brandon\Downloads\iLividSetupV1.exe 
C:\Users\Brandon\Downloads\Setup_FreeAVCHDConverter.exe 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 HateTrojans

HateTrojans
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 21 August 2012 - 01:20 PM

ComboFix 12-08-20.02 - Brandon Singh 21/08/2012 13:47:17.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3691.1875 [GMT -4:00]
Running from: c:\users\Brandon Singh\Desktop\ComboFix.exe
Command switches used :: c:\users\Brandon Singh\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Brandon\Downloads\iLividSetupV1.exe"
"c:\users\Brandon\Downloads\Setup_FreeAVCHDConverter.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Brandon Singh\Documents\MOOC36C.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-21 to 2012-08-21 )))))))))))))))))))))))))))))))
.
.
2012-08-21 18:01 . 2012-08-21 18:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-18 09:41 . 2012-08-18 09:42 -------- d-----w- C:\FRST
2012-08-15 18:16 . 2012-08-15 18:16 -------- d-----w- c:\program files (x86)\Jnes
2012-08-11 21:07 . 2012-08-11 21:07 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2012-07-28 05:08 . 2012-07-28 05:09 -------- d-----w- c:\program files (x86)\HollywoodMogul3
2012-07-27 20:12 . 2012-07-27 20:12 -------- d-----w- c:\program files\Microsoft Silverlight
2012-07-27 20:12 . 2012-07-27 20:12 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-07-27 01:55 . 2012-07-27 01:55 -------- d-----w- c:\users\Brandon Singh\AppData\Roaming\TVSM
2012-07-22 22:10 . 2012-07-23 00:49 -------- d-----w- c:\program files\InterActual
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-21 18:03 . 2012-07-15 00:08 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2012-08-20 05:53 . 2012-08-21 15:05 9309624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F09C3CBB-C472-4D57-9C45-5E95FADCED2F}\mpengine.dll
2012-08-15 07:34 . 2012-05-24 07:18 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 07:34 . 2011-05-30 22:58 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-18 05:15 . 2012-07-18 05:15 40960 ----a-r- c:\users\Brandon Singh\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-07-18 05:15 . 2012-07-18 05:15 40960 ----a-r- c:\users\Brandon Singh\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-07-15 02:18 . 2012-07-15 02:19 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-15 02:18 . 2011-04-11 19:03 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-15 00:49 . 2012-07-15 00:49 544008 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-15 00:49 . 2012-07-15 00:49 191240 ----a-w- c:\windows\system32\javaws.exe
2012-07-15 00:49 . 2012-07-15 00:49 172296 ----a-w- c:\windows\system32\javaw.exe
2012-07-15 00:49 . 2012-07-15 00:49 172296 ----a-w- c:\windows\system32\java.exe
2012-07-15 00:49 . 2011-04-11 19:04 525576 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 17:46 . 2011-05-31 02:23 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-14 07:12 . 2011-05-31 03:12 58957832 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-19 16:31 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 16:32 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 16:32 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 16:32 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 16:31 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 16:32 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 16:31 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 16:31 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 16:31 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 16:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-18_17.58.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-08-21 18:05 64054 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-21 18:05 52680 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-16 12:05 . 2012-08-21 18:05 11770 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2573913704-2678052440-1249604582-1001_UserData.bin
+ 2012-08-21 18:03 . 2012-08-21 18:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-18 17:57 . 2012-08-18 17:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-21 18:03 . 2012-08-21 18:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-18 17:57 . 2012-08-18 17:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-08-21 18:02 393156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-18 17:56 393156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-05-07 14:54 . 2012-08-18 08:01 1829840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-05-07 14:54 . 2012-08-21 18:02 1829840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-05-30 23:02 . 2012-08-21 07:21 2923340 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2573913704-2678052440-1249604582-1001-12288.dat
- 2011-05-30 23:02 . 2012-08-18 05:36 2923340 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2573913704-2678052440-1249604582-1001-12288.dat
+ 2011-05-30 23:02 . 2012-08-21 18:02 45616020 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2573913704-2678052440-1249604582-1001-8192.dat
- 2011-05-30 23:02 . 2012-08-18 17:56 45616020 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2573913704-2678052440-1249604582-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2736128]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"F.lux"="c:\users\Brandon Singh\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-04 336384]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-08-03 1167360]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\users\Brandon Singh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-5-30 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 hcwhdpvr;Hauppauge HD PVR Capture Device;c:\windows\system32\DRIVERS\hcwhdpvr.sys [2010-06-23 189952]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-11-10 115272]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-31 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-12 77952]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-12 37504]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-29 136584]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-05 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-04 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-09-29 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-29 123200]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-28 1817088]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-05 9359872]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-05 309760]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-02-10 31088]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-12-27 1145448]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 19:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 07:34]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2573913704-2678052440-1249604582-1001Core.job
- c:\users\Brandon Singh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-30 22:15]
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2573913704-2678052440-1249604582-1001UA.job
- c:\users\Brandon Singh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-30 22:15]
.
2012-08-21 c:\windows\Tasks\HPCeeScheduleForBrandon Singh.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-27 7466600]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2716216]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 64.71.255.198
FF - ProfilePath - c:\users\Brandon Singh\AppData\Roaming\Mozilla\Firefox\Profiles\61lalnrt.default\
FF - prefs.js: browser.startup.homepage - huffingtonpost.com
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-08-21 14:13:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-21 18:13
ComboFix2.txt 2012-08-18 18:09
.
Pre-Run: 84,410,748,928 bytes free
Post-Run: 84,142,821,376 bytes free
.
- - End Of File - - 4546C09806746A68F44553B542CD945D




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users