Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have the google redirect Virus


  • This topic is locked This topic is locked
4 replies to this topic

#1 Von Halford

Von Halford

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 27 October 2012 - 12:59 PM

We are about to perform at the biggest show of our lives, and somehow I ended up getting slapped with the redirect virus. I followed along computers with the same set ups and logs, I went through the steps of checking the DNS, I even flushed them, everything seems to be in order. I ran spybot, removed some toolbars, I tried adwcleaner and combofix I even renamed TDSSKiller and tried that. It's still on my computer.

I ran DDS and here is what I got.. please help me. I can still run basic computer needs but it's really slowing my progress down by redirecting most of my searches

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1
Run by Von Halford at 13:56:50 on 2012-10-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1045 [GMT -4:00]
.
AV: Internet Security Anti-Virus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Internet Security Anti-Spyware *Disabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
FW: Internet Security Firewall *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\dcmsvc\dcmsvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\PROGRAM FILES (X86)\STREAMRIPPER\wstreamripper.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Von Halford\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\VONHAL~1\STARTM~1\Programs\Startup\WARNER~1.LNK - C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: NameServer = 172.16.0.1
TCP: Interfaces\{A35F455B-5668-4676-9BE3-74A32BB9A2C8} : DHCPNameServer = 172.16.0.1
TCP: Interfaces\{A35F455B-5668-4676-9BE3-74A32BB9A2C8}\64C6F6279646163547164756 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{AFB4DB9B-40B1-4E09-BFB1-216761FAD5E8} : DHCPNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Von Halford\AppData\Roaming\Mozilla\Firefox\Profiles\shbushyf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://movies.netflix.com/WiHome
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Von Halford\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Von Halford\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Von Halford\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-09-19 04:04; {cb84136f-9c44-433a-9048-c5cd9df1dc16}; C:\Program Files (x86)\PC Tools Security\BDT\Firefox
FF - ExtSQL: 2012-10-05 10:50; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Von Halford\AppData\Roaming\Mozilla\Firefox\Profiles\shbushyf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-10-13 22:25; {888d99e7-e8b5-46a3-851e-1ec45da1e644}; C:\Users\Von Halford\AppData\Roaming\Mozilla\Firefox\Profiles\shbushyf.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
FF - ExtSQL: 2012-10-14 04:08; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; C:\Users\Von Halford\AppData\Roaming\Mozilla\Firefox\Profiles\shbushyf.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-9-7 8704]
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2010-10-22 73856]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2010-10-22 28800]
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2012-9-19 426616]
R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2012-9-19 453896]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\System32\drivers\pctEFA64.sys [2012-9-19 1096176]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-12-2 55856]
R0 TfFsMon;TfFsMon;C:\Windows\System32\drivers\TfFsMon.sys [2012-9-19 65664]
R0 TFSysMon;TFSysMon;C:\Windows\System32\drivers\TfSysMon.sys [2012-9-19 86216]
R1 pctgntdi;pctgntdi;C:\Windows\System32\drivers\pctgntdi64.sys [2012-9-19 336512]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\System32\drivers\PCTSD64.sys [2012-9-19 251560]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-14 169624]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-4 238080]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-7-4 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2012-9-19 337872]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-2-9 53248]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2012-8-18 386344]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2010-12-2 252416]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-8 2984832]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-3-18 852336]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-2-19 529776]
R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-2-19 386416]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-10-11 46136]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2012-7-4 11922944]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2012-7-4 359936]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-12-2 242720]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-4-7 346144]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-4-8 12032]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-2-8 302448]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-12-2 38456]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-30 116648]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 WCMVCAM;WebcamMax, WDM Video Capture;C:\Windows\System32\drivers\wcmvcam64.sys [2011-6-23 1071032]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 250808]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2012-9-9 19456]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\System32\drivers\lganddiag64.sys [2012-9-9 27648]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\System32\drivers\lgandgps64.sys [2012-9-9 27136]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\System32\drivers\lgandmodem64.sys [2012-9-9 34304]
S3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-1-18 25632]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-1 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-30 116648]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech HD Webcam C525(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 115168]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pctplsg;pctplsg;C:\Windows\System32\drivers\pctplsg64.sys [2012-9-19 92896]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2012-9-19 371472]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2012-9-19 1117144]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-12-2 108400]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-12-2 422768]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-12-2 67952]
S3 TfNetMon;TfNetMon;C:\Windows\System32\drivers\TfNetMon.sys [2012-9-19 41968]
S3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]
S3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-12-2 574320]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-2-19 115568]
S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2010-12-2 1203568]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-27 1255736]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-27 15:50:42 208216 ----a-w- C:\Windows\System32\drivers\66177462.sys
2012-10-27 15:50:40 -------- d-sh--w- C:\$RECYCLE.BIN
2012-10-27 15:41:42 -------- d-----w- C:\Users\Von Halford\AppData\Local\visi_coupon
2012-10-26 19:50:42 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8B75913B-EC87-4F31-BD8D-D7492B1BCFB7}\mpengine.dll
2012-10-26 18:46:47 -------- d-----w- C:\Program Files (x86)\SecurityXploded
2012-10-23 00:04:04 -------- d-----w- C:\Program Files (x86)\Whorld
2012-10-15 00:49:07 -------- d-----w- C:\Users\Von Halford\AppData\Roaming\VST3 Presets
2012-10-11 15:00:05 -------- d-----w- C:\Users\Von Halford\AppData\Local\AMD
2012-10-11 14:37:22 -------- d-----w- C:\ProgramData\AMD
2012-10-11 14:37:19 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-10-11 14:37:15 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-10-11 14:37:07 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2012-10-11 14:37:07 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2012-10-11 14:35:51 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2012-10-11 14:35:48 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-10-11 14:31:53 -------- d-----w- C:\Program Files\ATI Technologies
2012-10-11 14:20:28 -------- d-----w- C:\Program Files\Construct 2
2012-10-10 06:26:10 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-10-10 06:26:08 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-10-10 06:26:07 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-10-10 06:26:05 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-10 06:24:34 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-10 06:24:34 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-10 06:23:32 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 06:23:31 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 06:23:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 06:23:31 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 06:23:31 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 06:23:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-10 05:24:16 -------- d-----w- C:\Users\Von Halford\AppData\Local\{FE7CE452-7A52-43D6-A918-942A5519E93E}
2012-10-09 18:05:43 10220472 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-10-06 07:24:33 -------- d-----w- C:\Program Files (x86)\AC Tool
2012-10-06 06:34:14 -------- d-----w- C:\Program Files\AutoHotkey
2012-10-04 09:21:44 -------- d-----w- C:\Users\Von Halford\AppData\Local\gamemaker_studio
2012-10-04 09:21:43 -------- d-----w- C:\ProgramData\gamemaker_studio
2012-10-04 09:14:01 -------- d-----w- C:\Users\Von Halford\AppData\Local\Reflexion
2012-10-04 09:11:23 -------- d-----w- C:\Users\Von Halford\AppData\Local\Project1
2012-10-04 09:11:15 -------- d-----w- C:\Users\Von Halford\AppData\Local\GameMaker_Player
2012-10-01 00:04:57 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6.2
.
==================== Find3M ====================
.
2012-10-09 18:05:49 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 18:05:49 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 18:05:06 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 16:57:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 15:59:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 15:20:39 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
.
============= FINISH: 13:58:09.17 ===============

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:43 PM

Posted 27 October 2012 - 02:07 PM

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive. (Choose the correct version depending on which architecture operating system you are using. [32bit (x86) or 64 (x64) bit)

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Von Halford

Von Halford
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 27 October 2012 - 02:39 PM

Well I do not have a flash drive so I just ran the program, did the search and got this log


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2012
Ran by Von Halford at 27-10-2012 15:35:57
Running from C:\Users\Von Halford\Downloads
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2012-10-27 15:35 - 2012-10-27 15:35 - 00000000 ____D C:\FRST
2012-10-27 15:34 - 2012-10-27 15:34 - 01459889 ____A (Farbar) C:\Users\Von Halford\Downloads\FRST64.exe
2012-10-27 13:58 - 2012-10-27 13:58 - 00030618 ____A C:\Users\Von Halford\Desktop\dds.txt
2012-10-27 13:58 - 2012-10-27 13:58 - 00009597 ____A C:\Users\Von Halford\Desktop\attach.txt
2012-10-27 13:56 - 2012-10-27 13:56 - 00687724 ____R (Swearware) C:\Users\Von Halford\Downloads\dds.com
2012-10-27 11:52 - 2012-10-27 14:53 - 00001184 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-27 11:52 - 2012-10-27 14:53 - 00001184 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-27 11:52 - 2012-10-27 11:52 - 00000552 ____A C:\Windows\System32\spsys.log
2012-10-27 11:51 - 2012-10-27 11:51 - 00072624 ____A C:\Users\Von Halford\AppData\Local\GDIPFONTCACHEV1.DAT
2012-10-27 11:50 - 2012-10-27 11:50 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\66177462.sys
2012-10-27 11:41 - 2012-10-27 11:41 - 00000000 ____D C:\Users\Von Halford\AppData\Local\visi_coupon
2012-10-27 05:19 - 2012-10-27 05:19 - 00027264 ____A C:\ComboFix.txt
2012-10-27 03:15 - 2012-10-27 03:18 - 43545694 ____A C:\Users\Von Halford\Downloads\MLKDream.wav
2012-10-27 03:13 - 2012-10-27 03:56 - 00000000 ____D C:\Users\Von Halford\Documents\interludes
2012-10-27 02:46 - 2012-10-27 02:47 - 00000000 ____D C:\Users\Von Halford\Documents\tdsskiller
2012-10-27 02:45 - 2012-10-27 02:45 - 02194704 ____A C:\Users\Von Halford\Documents\tdsskiller.zip
2012-10-27 02:30 - 2012-10-27 02:30 - 00001032 ____A C:\AdwCleaner[R1].txt
2012-10-27 02:05 - 2012-10-27 02:05 - 00024419 ____A C:\AdwCleaner[S1].txt
2012-10-27 02:04 - 2012-10-27 02:05 - 00538941 ____A C:\Users\Von Halford\Downloads\adwcleaner.exe
2012-10-27 01:56 - 2012-10-27 01:56 - 00000000 ____D C:\Users\Von Halford\Downloads\Valdi Sabev - Impressions Volume Eight
2012-10-27 01:56 - 2012-10-27 01:56 - 00000000 ____D C:\Users\Von Halford\Downloads\MLKDream_flac
2012-10-27 01:55 - 2012-10-27 01:56 - 06875219 ____A C:\Users\Von Halford\Downloads\Valdi Sabev - Impressions Volume Eight.tar.gz
2012-10-27 01:52 - 2012-10-27 01:55 - 28603533 ____A C:\Users\Von Halford\Downloads\MLKDream_flac.zip
2012-10-26 17:21 - 2012-10-26 17:21 - 00439747 ____A C:\Users\Von Halford\Downloads\m_b.w.v1132.plus9tr.zip
2012-10-26 17:19 - 2012-10-26 17:19 - 00295223 ____A C:\Users\Von Halford\Downloads\MBV1143T8.rar
2012-10-26 17:09 - 2012-10-26 17:10 - 00093877 ____A C:\Users\Von Halford\Downloads\MountAndBladeWarbandSteamv1.154Trainer.zip
2012-10-26 14:46 - 2012-10-26 14:46 - 00001315 ____A C:\Users\Von Halford\Desktop\OperaPasswordDecryptor.lnk
2012-10-26 14:46 - 2012-10-26 14:46 - 00001315 ____A C:\Users\boinc_master\Desktop\OperaPasswordDecryptor.lnk
2012-10-26 14:46 - 2012-10-26 14:46 - 00000000 ____D C:\Program Files (x86)\SecurityXploded
2012-10-26 14:45 - 2012-10-26 14:45 - 01845508 ____A C:\Users\Von Halford\Documents\OperaPasswordDecryptor.zip
2012-10-26 14:45 - 2012-10-26 14:45 - 00000000 ____D C:\Users\Von Halford\Documents\OperaPasswordDecryptor
2012-10-26 12:41 - 2012-10-26 12:48 - 137273314 ____A C:\Users\Von Halford\Downloads\10.25.12 HorusRisingThank You Video Final.mov
2012-10-25 15:44 - 2012-10-25 15:46 - 41313148 ____A C:\Users\Von Halford\Downloads\TYGER STRIKE.wav
2012-10-25 13:24 - 2012-10-25 13:28 - 00000000 ____D C:\Users\Von Halford\Documents\golden pastures
2012-10-25 03:38 - 2012-10-25 03:38 - 00001325 ____A C:\Users\Von Halford\Documents\darkk.txt
2012-10-25 02:39 - 2012-10-27 14:42 - 00000000 ____D C:\Users\Von Halford\Documents\3 Days Of Light Instrumentals
2012-10-24 22:35 - 2012-10-24 22:40 - 64322507 ____A C:\Users\Von Halford\Downloads\Building Wings.zip
2012-10-24 02:04 - 2012-10-24 02:04 - 00000000 ____D C:\Users\Von Halford\Downloads\troxblaps10-21-2012
2012-10-24 01:59 - 2012-10-24 02:03 - 79305059 ____A C:\Users\Von Halford\Downloads\troxblaps10-21-2012.zip
2012-10-23 00:08 - 2012-10-23 00:08 - 00670428 ____A C:\Users\Von Halford\Downloads\Sonique Visuals.rar
2012-10-22 20:04 - 2012-10-22 20:04 - 00002889 ____A C:\Users\Von Halford\Desktop\Whorld.lnk
2012-10-22 20:04 - 2012-10-22 20:04 - 00000000 ____D C:\Program Files (x86)\Whorld
2012-10-22 20:02 - 2012-10-22 20:02 - 00478087 ____A C:\Users\Von Halford\Downloads\whorld-1.7.06-bin.zip
2012-10-22 20:02 - 2012-10-22 20:02 - 00000000 ____D C:\Users\Von Halford\Downloads\whorld-1.7.06-bin
2012-10-22 16:31 - 2012-10-22 16:31 - 00003476 ____A C:\Users\Von Halford\.recently-used.xbel
2012-10-15 02:54 - 2012-10-15 03:37 - 211044819 ____A C:\Users\Von Halford\Downloads\SpiritSide Chats ~ Lets hangout!.flv
2012-10-14 20:49 - 2012-10-14 20:49 - 00000000 ____D C:\Users\Von Halford\AppData\Roaming\VST3 Presets
2012-10-14 13:09 - 2012-06-21 20:53 - 2099010304 ____A C:\Users\Von Halford\Documents\PSO2_SETUP-1.bin
2012-10-14 04:08 - 2012-10-14 04:29 - 237878469 ____A C:\Users\Von Halford\Downloads\thoth on past lives (spirit science retreat).flv
2012-10-13 03:01 - 2012-10-27 14:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-10-11 11:00 - 2012-10-11 11:00 - 00000000 ____D C:\Users\Von Halford\AppData\Local\AMD
2012-10-11 10:59 - 2012-10-11 10:59 - 00000000 ____D C:\Users\All Users\ATI
2012-10-11 10:37 - 2012-10-11 10:58 - 00000000 ____D C:\Users\All Users\AMD
2012-10-11 10:37 - 2012-10-11 10:37 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2012-10-11 10:37 - 2012-10-11 10:37 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2012-10-11 10:37 - 2012-10-11 10:37 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-10-11 10:35 - 2012-10-11 10:35 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2012-10-11 10:35 - 2010-02-18 09:18 - 00046136 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdiox64.sys
2012-10-11 10:34 - 2012-10-11 10:34 - 00016840 ____A C:\Windows\SysWOW64\CCCInstall_201210111034407781.log
2012-10-11 10:31 - 2012-10-11 10:36 - 00000000 ____D C:\Program Files\ATI Technologies
2012-10-11 10:20 - 2012-10-11 10:24 - 00000000 ____D C:\Program Files\Construct 2
2012-10-11 10:20 - 2012-10-11 10:20 - 00000843 ____A C:\Users\Public\Desktop\Construct 2.lnk
2012-10-10 02:26 - 2012-08-31 14:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-10 02:26 - 2012-08-30 14:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-10 02:26 - 2012-08-30 13:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-10 02:26 - 2012-08-30 13:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-10 02:25 - 2012-09-14 15:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-10 02:25 - 2012-09-14 14:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-10 02:25 - 2012-08-24 14:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-10 02:25 - 2012-08-24 12:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-10 02:25 - 2012-08-20 14:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-10 02:25 - 2012-08-20 14:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-10 02:25 - 2012-08-20 14:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-10-10 02:25 - 2012-08-20 14:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-10-10 02:25 - 2012-08-20 14:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-10 02:25 - 2012-08-20 14:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-10-10 02:25 - 2012-08-20 14:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-10-10 02:25 - 2012-08-20 14:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-10 02:25 - 2012-08-20 14:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 14:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 14:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 14:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 14:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 14:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 14:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 14:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 14:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 14:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 14:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 14:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 14:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 14:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 14:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 14:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 14:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 14:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 14:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 14:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 14:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 14:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 14:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 14:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 14:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 14:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 14:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 14:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 13:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-10-10 02:25 - 2012-08-20 13:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-10-10 02:25 - 2012-08-20 13:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-10-10 02:25 - 2012-08-20 13:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-10-10 02:25 - 2012-08-20 13:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-10-10 02:25 - 2012-08-20 13:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 13:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 13:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 13:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 13:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 13:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 13:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 13:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 13:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 13:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 13:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 13:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 13:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 13:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 13:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 13:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 13:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 13:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 13:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 13:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 13:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 13:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 13:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 13:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 11:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-10-10 02:25 - 2012-08-20 11:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-10-10 02:25 - 2012-08-20 11:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 11:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 11:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 02:25 - 2012-08-20 11:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-10 02:24 - 2012-08-10 20:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-10 02:24 - 2012-08-10 19:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-10 02:23 - 2012-06-02 01:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-10 02:23 - 2012-06-02 01:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-10 02:23 - 2012-06-02 01:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-10 02:23 - 2012-06-02 00:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-10 02:23 - 2012-06-02 00:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-10 02:23 - 2012-06-02 00:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-10-10 01:24 - 2012-10-10 01:24 - 00000000 ____D C:\Users\Von Halford\AppData\Local\{FE7CE452-7A52-43D6-A918-942A5519E93E}
2012-10-09 14:05 - 2012-10-09 14:05 - 10220472 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-10-08 12:02 - 2012-10-24 01:48 - 00000000 ____D C:\Users\Von Halford\Documents\Midwest Vanilla
2012-10-06 16:43 - 2012-10-16 17:01 - 00000000 ____D C:\Users\Von Halford\Downloads\Yu Yu Hakusho Complete Blu RAy
2012-10-06 03:24 - 2012-10-06 03:30 - 00000000 ____D C:\Program Files (x86)\AC Tool
2012-10-06 03:23 - 2012-10-06 03:24 - 04505861 ____A C:\Users\Von Halford\Downloads\actoolinstall_540.exe
2012-10-06 02:57 - 2012-10-06 03:04 - 00000049 ____A C:\Users\Von Halford\Documents\AutoHotkeyA32.ahk
2012-10-06 02:44 - 2012-10-06 02:44 - 00000414 ____A C:\Users\Von Halford\Downloads\MyScript.ahk
2012-10-06 02:40 - 2012-10-06 03:19 - 00003512 ____A C:\Users\Von Halford\Downloads\MacroCreator.ini
2012-10-06 02:39 - 2012-10-06 02:39 - 00440320 ____A C:\Users\Von Halford\Downloads\MacroCreator.exe
2012-10-06 02:34 - 2012-10-06 02:45 - 00000414 ____A C:\Users\Von Halford\Documents\AutoHotkey.ahk
2012-10-06 02:34 - 2012-10-06 02:34 - 00000000 ____D C:\Program Files\AutoHotkey
2012-10-06 02:32 - 2012-10-06 02:33 - 02617252 ____A C:\Users\Von Halford\Downloads\AutoHotkey110801_Install.exe
2012-10-04 21:36 - 2012-10-04 21:36 - 01141091 ____A C:\Users\Von Halford\Downloads\blademethenmount1011-ch.zip
2012-10-04 21:36 - 2012-10-04 21:36 - 00000000 ____D C:\Users\Von Halford\Downloads\blademethenmount1011-ch
2012-10-04 05:22 - 2012-10-04 05:22 - 00000000 ____D C:\Users\Von Halford\Documents\GameMaker
2012-10-04 05:21 - 2012-10-04 05:21 - 00000000 ____D C:\Users\Von Halford\AppData\Local\gamemaker_studio
2012-10-04 05:21 - 2012-10-04 05:21 - 00000000 ____D C:\Users\All Users\gamemaker_studio
2012-10-04 05:14 - 2012-10-04 05:21 - 00000000 ____D C:\Users\Von Halford\AppData\Local\Reflexion
2012-10-04 05:11 - 2012-10-04 05:12 - 00000000 ____D C:\Users\Von Halford\AppData\Local\Project1
2012-10-04 05:11 - 2012-10-04 05:11 - 00000000 ____D C:\Users\Von Halford\AppData\Local\GameMaker_Player
2012-09-30 20:05 - 2012-09-30 20:05 - 00000000 ____D C:\Users\Von Halford\Documents\My Cheat Tables
2012-09-30 20:04 - 2012-09-30 20:04 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.2
2012-09-30 19:57 - 2012-09-30 19:57 - 01171959 ____A C:\Users\Von Halford\Downloads\RESIDENT.EVIL.5.DX9.PLUS13TRN.H4X0R.ZIP
2012-09-30 19:57 - 2012-09-30 19:57 - 00000000 ____D C:\Users\Von Halford\Downloads\RESIDENT.EVIL.5.DX9.PLUS13TRN.H4X0R
2012-09-30 19:49 - 2012-09-30 19:49 - 00000000 ____D C:\Users\Von Halford\Downloads\Patch v1.4.1 for RE5 Model Swap Trainer
2012-09-30 19:40 - 2012-09-30 19:49 - 159880415 ____A C:\Users\Von Halford\Downloads\Patch v1.4.1 for RE5 Model Swap Trainer.7z
2012-09-30 19:20 - 2012-09-30 19:20 - 00000000 ____D C:\Users\Von Halford\Downloads\RE5 Model Swap Trainer v6.3
2012-09-30 19:18 - 2012-09-30 19:19 - 02763810 ____A C:\Users\Von Halford\Downloads\RE5 Model Swap Trainer v6.3.zip
2012-09-30 19:12 - 2012-10-27 15:23 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-30 19:12 - 2012-10-27 11:50 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-30 19:12 - 2012-09-30 19:13 - 00000000 ____D C:\Program Files (x86)\Google
2012-09-30 19:12 - 2012-09-30 19:12 - 00739832 ____A (Google Inc.) C:\Users\Von Halford\Downloads\GoogleEarthPluginSetup.exe
2012-09-30 02:45 - 2012-09-30 02:45 - 00000000 ____D C:\Users\Von Halford\Documents\Games for Windows - LIVE Demos
2012-09-29 20:27 - 2012-09-29 20:27 - 01098506 ____A C:\Users\Von Halford\Downloads\Resident Evil 5 DX9 DX10 Trainer +18.zip
2012-09-29 20:27 - 2011-07-27 00:36 - 00000047 ____A C:\Users\Von Halford\Downloads\ignoreme.txt
2012-09-29 20:27 - 2009-09-16 13:19 - 01360384 ____A (CheatHappens) C:\Users\Von Halford\Downloads\Resident Evil 5 Trainer.exe
2012-09-29 20:27 - 2009-09-16 12:32 - 00004643 ____A C:\Users\Von Halford\Downloads\re5-readme.txt
2012-09-29 18:50 - 2012-09-29 19:00 - 120246788 ____A C:\Users\Von Halford\Downloads\millennium_flythru.avi
2012-09-27 05:05 - 2012-01-03 03:03 - 00810496 ____A C:\Windows\System32\xvidcore.dll
2012-09-27 05:05 - 2012-01-03 03:03 - 00183808 ____A C:\Windows\System32\xvidvfw.dll
2012-09-27 05:05 - 2012-01-03 03:03 - 00080896 ____A C:\Windows\System32\ff_vfw.dll
2012-09-27 05:05 - 2012-01-03 03:03 - 00000590 ____A C:\Windows\System32\ff_vfw.dll.manifest
2012-09-27 05:04 - 2012-09-27 05:06 - 00000000 ____D C:\Program Files (x86)\SplitCam
2012-09-27 05:04 - 2012-01-03 03:03 - 00389120 ____A () C:\Windows\SysWOW64\actskn43.ocx
2012-09-27 05:04 - 2012-01-03 03:03 - 00389120 ____A () C:\Windows\System32\actskn43.ocx
2012-09-27 04:58 - 2012-09-27 05:03 - 51827296 ____A (SplitCam Co.) C:\Users\Von Halford\Downloads\SplitCamSetup.exe
2012-09-27 04:56 - 2012-09-27 04:57 - 00587640 ____A C:\Users\Von Halford\Downloads\cbsidlm-tr1_6-SplitCam-10500269.exe
2012-09-27 03:20 - 2012-09-27 03:20 - 00000000 ____D C:\Users\Von Halford\Documents\CAPCOM

==================== 3 Months Modified Files ==================

2012-10-27 15:34 - 2012-10-27 15:34 - 01459889 ____A (Farbar) C:\Users\Von Halford\Downloads\FRST64.exe
2012-10-27 15:23 - 2012-09-30 19:12 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-27 15:05 - 2012-03-30 01:38 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-27 15:02 - 2011-07-24 14:18 - 00000932 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2757976926-771408438-779141436-1005UA.job
2012-10-27 14:53 - 2012-10-27 11:52 - 00001184 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-27 14:53 - 2012-10-27 11:52 - 00001184 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-27 14:42 - 2009-07-13 22:34 - 00000431 ____A C:\Windows\win.ini
2012-10-27 14:42 - 2009-07-13 22:34 - 00000241 ____A C:\Windows\system.ini
2012-10-27 13:58 - 2012-10-27 13:58 - 00030618 ____A C:\Users\Von Halford\Desktop\dds.txt
2012-10-27 13:58 - 2012-10-27 13:58 - 00009597 ____A C:\Users\Von Halford\Desktop\attach.txt
2012-10-27 13:56 - 2012-10-27 13:56 - 00687724 ____R (Swearware) C:\Users\Von Halford\Downloads\dds.com
2012-10-27 11:54 - 2011-01-13 01:59 - 02086839 ____A C:\Windows\WindowsUpdate.log
2012-10-27 11:52 - 2012-10-27 11:52 - 00000552 ____A C:\Windows\System32\spsys.log
2012-10-27 11:51 - 2012-10-27 11:51 - 00072624 ____A C:\Users\Von Halford\AppData\Local\GDIPFONTCACHEV1.DAT
2012-10-27 11:50 - 2012-10-27 11:50 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\66177462.sys
2012-10-27 11:50 - 2012-09-30 19:12 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-27 11:50 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-27 11:50 - 2009-07-14 00:51 - 00113955 ____A C:\Windows\setupact.log
2012-10-27 11:49 - 2010-12-03 00:03 - 00296834 ____A C:\Windows\PFRO.log
2012-10-27 05:19 - 2012-10-27 05:19 - 00027264 ____A C:\ComboFix.txt
2012-10-27 03:18 - 2012-10-27 03:15 - 43545694 ____A C:\Users\Von Halford\Downloads\MLKDream.wav
2012-10-27 03:02 - 2011-07-24 14:18 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2757976926-771408438-779141436-1005Core.job
2012-10-27 02:51 - 2012-09-18 03:04 - 04989309 ____R (Swearware) C:\Users\Von Halford\Downloads\ComboFix.exe
2012-10-27 02:45 - 2012-10-27 02:45 - 02194704 ____A C:\Users\Von Halford\Documents\tdsskiller.zip
2012-10-27 02:30 - 2012-10-27 02:30 - 00001032 ____A C:\AdwCleaner[R1].txt
2012-10-27 02:05 - 2012-10-27 02:05 - 00024419 ____A C:\AdwCleaner[S1].txt
2012-10-27 02:05 - 2012-10-27 02:04 - 00538941 ____A C:\Users\Von Halford\Downloads\adwcleaner.exe
2012-10-27 01:56 - 2012-10-27 01:55 - 06875219 ____A C:\Users\Von Halford\Downloads\Valdi Sabev - Impressions Volume Eight.tar.gz
2012-10-27 01:55 - 2012-10-27 01:52 - 28603533 ____A C:\Users\Von Halford\Downloads\MLKDream_flac.zip
2012-10-26 17:21 - 2012-10-26 17:21 - 00439747 ____A C:\Users\Von Halford\Downloads\m_b.w.v1132.plus9tr.zip
2012-10-26 17:19 - 2012-10-26 17:19 - 00295223 ____A C:\Users\Von Halford\Downloads\MBV1143T8.rar
2012-10-26 17:10 - 2012-10-26 17:09 - 00093877 ____A C:\Users\Von Halford\Downloads\MountAndBladeWarbandSteamv1.154Trainer.zip
2012-10-26 14:46 - 2012-10-26 14:46 - 00001315 ____A C:\Users\Von Halford\Desktop\OperaPasswordDecryptor.lnk
2012-10-26 14:46 - 2012-10-26 14:46 - 00001315 ____A C:\Users\boinc_master\Desktop\OperaPasswordDecryptor.lnk
2012-10-26 14:45 - 2012-10-26 14:45 - 01845508 ____A C:\Users\Von Halford\Documents\OperaPasswordDecryptor.zip
2012-10-26 12:48 - 2012-10-26 12:41 - 137273314 ____A C:\Users\Von Halford\Downloads\10.25.12 HorusRisingThank You Video Final.mov
2012-10-25 15:46 - 2012-10-25 15:44 - 41313148 ____A C:\Users\Von Halford\Downloads\TYGER STRIKE.wav
2012-10-25 03:38 - 2012-10-25 03:38 - 00001325 ____A C:\Users\Von Halford\Documents\darkk.txt
2012-10-24 22:40 - 2012-10-24 22:35 - 64322507 ____A C:\Users\Von Halford\Downloads\Building Wings.zip
2012-10-24 02:03 - 2012-10-24 01:59 - 79305059 ____A C:\Users\Von Halford\Downloads\troxblaps10-21-2012.zip
2012-10-23 00:08 - 2012-10-23 00:08 - 00670428 ____A C:\Users\Von Halford\Downloads\Sonique Visuals.rar
2012-10-22 20:04 - 2012-10-22 20:04 - 00002889 ____A C:\Users\Von Halford\Desktop\Whorld.lnk
2012-10-22 20:02 - 2012-10-22 20:02 - 00478087 ____A C:\Users\Von Halford\Downloads\whorld-1.7.06-bin.zip
2012-10-22 16:31 - 2012-10-22 16:31 - 00003476 ____A C:\Users\Von Halford\.recently-used.xbel
2012-10-22 16:07 - 2012-10-22 16:07 - 00126569 ____A C:\Users\Von Halford\Downloads\PF_Standard_Apparel_Template_13_5x16_5_JPG.zip
2012-10-21 04:55 - 2011-06-18 02:46 - 00016785 ____A C:\test.xml
2012-10-15 03:37 - 2012-10-15 02:54 - 211044819 ____A C:\Users\Von Halford\Downloads\SpiritSide Chats ~ Lets hangout!.flv
2012-10-14 04:29 - 2012-10-14 04:08 - 237878469 ____A C:\Users\Von Halford\Downloads\thoth on past lives (spirit science retreat).flv
2012-10-11 11:02 - 2009-07-14 01:13 - 00727334 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-11 10:35 - 2012-09-19 03:22 - 02265292 ____A C:\Windows\System32\Drivers\Cat.DB
2012-10-11 10:34 - 2012-10-11 10:34 - 00016840 ____A C:\Windows\SysWOW64\CCCInstall_201210111034407781.log
2012-10-11 10:20 - 2012-10-11 10:20 - 00000843 ____A C:\Users\Public\Desktop\Construct 2.lnk
2012-10-10 22:17 - 2012-10-10 22:10 - 42461684 ____A C:\Users\Von Halford\Downloads\Construct2_R95_x86-x64_Amon^Ra.rar
2012-10-10 20:41 - 2012-10-10 20:39 - 13004806 ____A C:\Users\Von Halford\Downloads\Game.Maker.v8.1.135.incl.patch-iOTA.rar
2012-10-10 07:31 - 2009-07-14 01:08 - 00032578 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-10 03:03 - 2011-11-26 13:57 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-09 14:05 - 2012-10-09 14:05 - 10220472 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-10-09 14:05 - 2012-03-30 01:38 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-10-09 14:05 - 2011-05-27 00:13 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-10-06 03:24 - 2012-10-06 03:23 - 04505861 ____A C:\Users\Von Halford\Downloads\actoolinstall_540.exe
2012-10-06 03:19 - 2012-10-06 02:40 - 00003512 ____A C:\Users\Von Halford\Downloads\MacroCreator.ini
2012-10-06 03:04 - 2012-10-06 02:57 - 00000049 ____A C:\Users\Von Halford\Documents\AutoHotkeyA32.ahk
2012-10-06 02:45 - 2012-10-06 02:34 - 00000414 ____A C:\Users\Von Halford\Documents\AutoHotkey.ahk
2012-10-06 02:44 - 2012-10-06 02:44 - 00000414 ____A C:\Users\Von Halford\Downloads\MyScript.ahk
2012-10-06 02:39 - 2012-10-06 02:39 - 00440320 ____A C:\Users\Von Halford\Downloads\MacroCreator.exe
2012-10-06 02:33 - 2012-10-06 02:32 - 02617252 ____A C:\Users\Von Halford\Downloads\AutoHotkey110801_Install.exe
2012-10-04 21:36 - 2012-10-04 21:36 - 01141091 ____A C:\Users\Von Halford\Downloads\blademethenmount1011-ch.zip
2012-09-30 19:57 - 2012-09-30 19:57 - 01171959 ____A C:\Users\Von Halford\Downloads\RESIDENT.EVIL.5.DX9.PLUS13TRN.H4X0R.ZIP
2012-09-30 19:49 - 2012-09-30 19:40 - 159880415 ____A C:\Users\Von Halford\Downloads\Patch v1.4.1 for RE5 Model Swap Trainer.7z
2012-09-30 19:19 - 2012-09-30 19:18 - 02763810 ____A C:\Users\Von Halford\Downloads\RE5 Model Swap Trainer v6.3.zip
2012-09-30 19:12 - 2012-09-30 19:12 - 00739832 ____A (Google Inc.) C:\Users\Von Halford\Downloads\GoogleEarthPluginSetup.exe
2012-09-29 20:27 - 2012-09-29 20:27 - 01098506 ____A C:\Users\Von Halford\Downloads\Resident Evil 5 DX9 DX10 Trainer +18.zip
2012-09-29 19:00 - 2012-09-29 18:50 - 120246788 ____A C:\Users\Von Halford\Downloads\millennium_flythru.avi
2012-09-27 05:03 - 2012-09-27 04:58 - 51827296 ____A (SplitCam Co.) C:\Users\Von Halford\Downloads\SplitCamSetup.exe
2012-09-27 04:58 - 2012-09-07 17:52 - 00018815 ____A C:\Windows\System32\lvcoinst.log
2012-09-27 04:57 - 2012-09-27 04:56 - 00587640 ____A C:\Users\Von Halford\Downloads\cbsidlm-tr1_6-SplitCam-10500269.exe
2012-09-27 03:19 - 2010-12-02 23:23 - 00302501 ____A C:\Windows\DirectX.log
2012-09-24 00:05 - 2012-09-23 23:18 - 191297536 ____A C:\Users\Von Halford\Documents\Untitled_125.mpg
2012-09-24 00:05 - 2012-09-23 23:18 - 01846790 ____A C:\Users\Von Halford\Documents\Untitled_125.mpg.xmpses
2012-09-22 15:02 - 2012-09-22 14:50 - 55977898 ____A C:\Users\Von Halford\Downloads\busdriver.zip
2012-09-20 22:47 - 2012-09-20 22:40 - 130849740 ____A C:\Users\Von Halford\Downloads\FLII.zip
2012-09-19 05:02 - 2012-09-19 05:01 - 00448512 ____A (OldTimer Tools) C:\Users\Von Halford\Downloads\TFC.exe
2012-09-19 05:01 - 2012-09-19 05:01 - 00071398 ____A (jpshortstuff) C:\Users\Von Halford\Downloads\GooredFix.exe
2012-09-19 03:21 - 2012-09-19 03:21 - 04166136 ____A (PC Tools) C:\Users\Von Halford\Downloads\spdoc.exe
2012-09-19 03:20 - 2012-09-19 03:20 - 00201030 ____A C:\Users\Von Halford\Downloads\lspfix.zip
2012-09-19 00:14 - 2012-09-18 00:17 - 1355211470 ____A (Gameforge 4D GmbH ) C:\Users\Von Halford\Downloads\AirRivals_EN_26-03-2012.exe
2012-09-18 16:22 - 2012-09-18 16:22 - 00000165 ____A C:\Windows\wininit.ini
2012-09-18 15:52 - 2012-09-18 15:51 - 16409960 ____A (Safer Networking Limited ) C:\Users\Von Halford\Downloads\spybotsd162.exe
2012-09-18 13:30 - 2012-09-18 13:30 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Von Halford\Downloads\spaghetti.exe
2012-09-18 03:03 - 2012-09-18 03:03 - 00881724 ____A C:\Users\Von Halford\Downloads\SecurityCheck.exe
2012-09-18 00:30 - 2012-09-18 00:29 - 00083621 ____A C:\Users\Von Halford\Documents\NiTrOTech.mid
2012-09-16 20:49 - 2012-09-16 20:33 - 123108812 ____A C:\Users\Von Halford\Downloads\bam.rar
2012-09-14 15:19 - 2012-10-10 02:25 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 14:28 - 2012-10-10 02:25 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-13 11:03 - 2012-09-13 10:59 - 66688656 ____A C:\Users\Von Halford\Downloads\pumpkinFoot - Ear-Play.zip
2012-09-12 23:19 - 2012-09-12 23:19 - 00421874 ____A C:\Users\Von Halford\Downloads\Memo.m4a
2012-09-12 22:05 - 2012-09-07 17:50 - 00007886 ____A C:\Windows\LDPINST.LOG
2012-09-12 22:02 - 2012-09-07 17:48 - 00001584 ____A C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2012-09-12 04:39 - 2012-09-12 03:51 - 259237873 ____A C:\Users\Von Halford\Documents\Horus Rising _ Devonnn Ave and Food for thoth.wmv
2012-09-12 03:22 - 2012-09-12 02:59 - 1451828180 ____A C:\Users\Von Halford\Documents\Horus Rising - Devon Ave and Food For Thoth.avi
2012-09-10 11:15 - 2012-09-10 11:01 - 327346176 ____A C:\Users\Von Halford\Documents\Untitled_1w.mpg
2012-09-10 11:15 - 2012-09-10 11:01 - 03155918 ____A C:\Users\Von Halford\Documents\Untitled_1w.mpg.xmpses
2012-09-10 10:52 - 2012-09-10 10:34 - 274288254 ____A C:\Users\Von Halford\Documents\Untitled.f4v
2012-09-10 10:24 - 2012-09-10 10:10 - 274038265 ____A C:\Users\Von Halford\Documents\Horus Rising Music Vidae.f4v
2012-09-10 01:13 - 2012-09-10 01:13 - 03292550 ____A C:\Users\Von Halford\Documents\Untitled.mpg.xmpses
2012-09-10 01:13 - 2012-09-10 00:44 - 328613888 ____A C:\Users\Von Halford\Documents\Untitled.mpg
2012-09-10 00:33 - 2012-09-10 00:16 - 81042067 ____A C:\Users\Von Halford\Documents\Horus Rising - Devon Ave and Food For Thoth.flv
2012-09-09 20:22 - 2012-09-09 19:53 - 188474783 ____A C:\Users\Von Halford\Documents\New Horus Rising Music Video and 100 Words Afrika Bambaataa Wants You To Look Up.f4v
2012-09-09 19:37 - 2012-09-09 19:18 - 545531904 ____A C:\Users\Von Halford\Documents\Horus Rising - Devon Ave Remix And Food For Thoth ft. Smoke of Oldominion.mpg
2012-09-09 19:10 - 2012-09-09 19:10 - 00003391 ____A C:\Users\Von Halford\Documents\Horus Rising - Food For Thoth.xmp
2012-09-09 17:52 - 2012-09-09 17:24 - 214423552 ____A C:\Users\Von Halford\Documents\Horus Rising - Food For Thoth.mpg
2012-09-09 16:32 - 2012-09-09 16:32 - 10855280 ____A (Acresso Software Inc. ) C:\Users\Von Halford\Downloads\LGUnitedMobileDriver_S4981MAN36AP22_ML_WHQL_Ver_3.6.exe
2012-09-08 16:14 - 2012-09-08 16:14 - 00274000 ____A C:\Windows\Minidump\090812-47174-01.dmp
2012-09-08 16:14 - 2011-09-15 03:30 - 400956689 ____A C:\Windows\MEMORY.DMP
2012-09-07 20:06 - 2012-09-07 19:52 - 111708198 ____A C:\Users\Von Halford\Documents\Welcome To Horus Rising and Friends.f4v
2012-09-07 17:54 - 2012-09-07 17:54 - 00001965 ____A C:\Users\Public\Desktop\Logitech Vid HD.lnk
2012-09-07 04:05 - 2012-09-07 03:52 - 141915568 ____A C:\Users\Von Halford\Downloads\Ice_Cube-I_Am_The_West-iTUNES_BONUS-2010-320kbps.rar
2012-09-07 02:06 - 2012-09-07 02:06 - 00274000 ____A C:\Windows\Minidump\090712-52572-01.dmp
2012-09-06 21:34 - 2012-09-06 19:01 - 73519276 ____A C:\Users\Von Halford\Downloads\patch_aug_9.rar
2012-09-06 13:28 - 2012-09-06 13:12 - 138569437 ____A C:\Users\Von Halford\Downloads\J-Love-Most_Interesting_Man_Alive-2012-NOiR.rar
2012-09-03 22:45 - 2012-09-03 22:37 - 153229322 ____A C:\Users\Von Halford\Downloads\Attack_The_Block-(DatPiff.com).zip
2012-09-01 01:53 - 2012-09-01 01:47 - 31547531 ____A C:\Users\Von Halford\Documents\Von Halford - Once In Full A Blue Moon G.flv
2012-08-31 14:19 - 2012-10-10 02:26 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-30 14:03 - 2012-10-10 02:26 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-30 13:12 - 2012-10-10 02:26 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 13:12 - 2012-10-10 02:26 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-27 03:24 - 2012-08-27 03:18 - 98801370 ____A C:\Users\Von Halford\Downloads\N-H a L (2012).rar
2012-08-25 01:48 - 2012-08-25 01:34 - 185805685 ____A C:\Users\Von Halford\Downloads\504.zip
2012-08-24 14:05 - 2012-10-10 02:25 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 14:05 - 2012-09-21 17:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 14:05 - 2012-09-21 17:22 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 14:05 - 2012-09-21 17:22 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 14:03 - 2012-09-21 17:23 - 09056256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 14:03 - 2012-09-21 17:22 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 14:03 - 2012-09-21 17:22 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 14:03 - 2012-09-21 17:22 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 14:02 - 2012-09-21 17:23 - 12295680 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 14:02 - 2012-09-21 17:22 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 14:02 - 2012-09-21 17:22 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-24 12:57 - 2012-10-10 02:25 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 12:57 - 2012-09-21 17:22 - 06028800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-24 12:57 - 2012-09-21 17:22 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-24 12:57 - 2012-09-21 17:22 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-24 12:57 - 2012-09-21 17:22 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-24 12:57 - 2012-09-21 17:22 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-24 12:57 - 2012-09-21 17:22 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-24 12:56 - 2012-09-21 17:22 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-24 12:56 - 2012-09-21 17:22 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-24 12:56 - 2012-09-21 17:22 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-24 12:56 - 2012-09-21 17:22 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-24 11:59 - 2012-09-21 17:22 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 11:20 - 2012-09-21 17:22 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-22 14:12 - 2012-09-12 02:09 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 14:12 - 2012-09-12 02:09 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 14:12 - 2012-09-12 02:09 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 14:12 - 2012-09-12 02:09 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 17:01 - 2012-09-25 15:27 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-20 21:17 - 2012-08-20 21:12 - 63790777 ____A C:\Users\Von Halford\Downloads\concuss - The Rush Before You Die.zip
2012-08-20 14:48 - 2012-10-10 02:25 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-20 14:48 - 2012-10-10 02:25 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-20 14:48 - 2012-10-10 02:25 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-08-20 14:48 - 2012-10-10 02:25 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-08-20 14:48 - 2012-10-10 02:25 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-20 14:48 - 2012-10-10 02:25 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-08-20 14:48 - 2012-10-10 02:25 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-08-20 14:46 - 2012-10-10 02:25 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-20 14:38 - 2012-10-10 02:25 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 14:38 - 2012-10-10 02:25 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 14:38 - 2012-10-10 02:25 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 14:38 - 2012-10-10 02:25 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 14:38 - 2012-10-10 02:25 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 14:38 - 2012-10-10 02:25 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 14:38 - 2012-10-10 02:25 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 14:38 - 2012-10-10 02:25 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 14:38 - 2012-10-10 02:25 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 14:38 - 2012-10-10 02:25 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 14:38 - 2012-10-10 02:25 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 14:38 - 2012-10-10 02:25 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 14:38 - 2012-10-10 02:25 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 14:38 - 2012-10-10 02:25 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 14:38 - 2012-10-10 02:25 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 14:38 - 2012-10-10 02:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 14:38 - 2012-10-10 02:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 14:38 - 2012-10-10 02:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 14:38 - 2012-10-10 02:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 14:38 - 2012-10-10 02:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 14:38 - 2012-10-10 02:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 14:38 - 2012-10-10 02:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 14:38 - 2012-10-10 02:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 14:38 - 2012-10-10 02:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 14:38 - 2012-10-10 02:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 14:38 - 2012-10-10 02:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 14:38 - 2012-10-10 02:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 14:38 - 2012-10-10 02:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 13:40 - 2012-10-10 02:25 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-08-20 13:38 - 2012-10-10 02:25 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-08-20 13:37 - 2012-10-10 02:25 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-08-20 13:37 - 2012-10-10 02:25 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-08-20 13:37 - 2012-10-10 02:25 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-08-20 13:32 - 2012-10-10 02:25 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 13:32 - 2012-10-10 02:25 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 13:32 - 2012-10-10 02:25 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 13:32 - 2012-10-10 02:25 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 13:32 - 2012-10-10 02:25 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 13:32 - 2012-10-10 02:25 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 13:32 - 2012-10-10 02:25 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 13:32 - 2012-10-10 02:25 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 13:32 - 2012-10-10 02:25 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 13:32 - 2012-10-10 02:25 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 13:32 - 2012-10-10 02:25 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 13:32 - 2012-10-10 02:25 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 13:32 - 2012-10-10 02:25 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 13:32 - 2012-10-10 02:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 13:32 - 2012-10-10 02:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 13:32 - 2012-10-10 02:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 13:32 - 2012-10-10 02:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 13:32 - 2012-10-10 02:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 13:32 - 2012-10-10 02:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 13:32 - 2012-10-10 02:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 13:32 - 2012-10-10 02:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 13:32 - 2012-10-10 02:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 13:32 - 2012-10-10 02:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 13:32 - 2012-10-10 02:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 11:38 - 2012-10-10 02:25 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-08-20 11:38 - 2012-10-10 02:25 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-08-20 11:33 - 2012-10-10 02:25 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 11:33 - 2012-10-10 02:25 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 11:33 - 2012-10-10 02:25 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 11:33 - 2012-10-10 02:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-19 23:24 - 2012-08-19 23:24 - 56524728 ____A C:\Users\Von Halford\Documents\Lyrical Limits.wav
2012-08-18 13:20 - 2009-07-14 00:45 - 00310440 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-18 03:46 - 2012-08-18 03:46 - 00002039 ____A C:\Users\Default\Desktop\CyberLink WaveEditor.lnk
2012-08-18 03:46 - 2012-08-18 03:46 - 00002039 ____A C:\Users\Default User\Desktop\CyberLink WaveEditor.lnk
2012-08-18 03:46 - 2012-08-18 03:46 - 00002039 ____A C:\Users\boinc_master\Desktop\CyberLink WaveEditor.lnk
2012-08-18 03:21 - 2012-08-18 01:56 - 692768034 ____A C:\Users\Von Halford\Downloads\Cyber.Link.Power.Director.Ultra.10.0.0.Build.1129b.Multilingual.rar
2012-08-16 02:39 - 2012-08-16 02:39 - 00786450 ____A C:\Users\Von Halford\Documents\Snapshot _ Q's MST3K Beach & Unforgettable , Heartbound (60, 93q.tga
2012-08-16 02:37 - 2012-08-16 02:37 - 00786450 ____A C:\Users\Von Halford\Documents\Snapshot _ Q's MST3K Beach & Unforgettable , Heartbound (60, 9322.tga
2012-08-16 02:37 - 2012-08-16 02:37 - 00786450 ____A C:\Users\Von Halford\Documents\Snapshot _ Q's MST3K Beach & Unforgettable , Heartbound (60, 93.tga
2012-08-16 00:56 - 2012-08-16 00:56 - 00005580 ____A C:\Users\Von Halford\Desktop\dj playlist.m3u
2012-08-16 00:23 - 2012-08-16 00:22 - 19699822 ____A C:\Users\Von Halford\Downloads\mp3s.zip
2012-08-10 20:56 - 2012-10-10 02:24 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-10 19:56 - 2012-10-10 02:24 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-08-10 00:25 - 2012-08-10 00:25 - 01174104 ____A (AMD Inc.) C:\Users\Von Halford\Downloads\catalyst_mobility_64-bit_util.exe
2012-08-07 16:25 - 2012-08-07 16:19 - 87641247 ____A C:\Users\Von Halford\Downloads\Afrika Bambaataa - Dark Matter - Moving At The Speed Of Light (2004).zip
2012-08-06 00:35 - 2012-08-06 00:35 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-08-06 00:35 - 2012-08-06 00:35 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-08-06 00:29 - 2012-08-06 00:29 - 00893936 ____A (Oracle Corporation) C:\Users\Von Halford\Downloads\jxpiinstall.exe
2012-08-04 02:07 - 2012-08-04 02:07 - 00000884 ____A C:\Users\Public\Desktop\Dolby Axon.lnk
2012-08-04 02:05 - 2012-08-04 02:05 - 09810304 ____A (Dolby Laboratories ) C:\Users\Von Halford\Downloads\DolbyAxonSetup_v1.4.0.2.exe
2012-08-04 00:08 - 2012-08-03 23:58 - 194956679 ____A C:\Users\Von Halford\Downloads\I-Doser (Pack 1).rar
2012-08-03 03:29 - 2012-08-03 03:27 - 28937521 ____A C:\Users\Von Halford\Downloads\Troy K. beats - A Lot Has Gone On.flac
2012-08-02 13:58 - 2012-09-12 02:09 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 12:57 - 2012-09-12 02:09 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-08-02 00:32 - 2012-08-02 00:32 - 79027256 ____A C:\Users\Von Halford\Documents\Horus Rising - Devon Ave Remix.wav
2012-08-01 23:36 - 2012-08-01 23:36 - 00158152 ____A () C:\Users\Von Halford\Downloads\Xerxes_downloader_by_Fonts101.exe
2012-07-30 03:42 - 2012-07-30 03:37 - 97894169 ____A C:\Users\Von Halford\Downloads\Official_Rock_The_Bells_Mixtape_2012-(DatPiff.com).zip

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

Restore point made on: 2012-10-21 03:00:58
Restore point made on: 2012-10-22 20:03:46
Restore point made on: 2012-10-26 15:49:59

==================== Memory info ===========================

Percentage of memory in use: 78%
Total physical RAM: 3834.9 MB
Available physical RAM: 841.2 MB
Total Pagefile: 7667.99 MB
Available Pagefile: 3400.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:586.51 GB) (Free:318.23 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 1024 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 9 GB 1024 KB
Partition 2 Primary 100 MB 9 GB
Partition 3 Primary 586 GB 9 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 Recovery NTFS Partition 9 GB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 586 GB Healthy Boot

=========================================================

Last Boot: 2012-10-27 05:37

==================== End Of Log =============================

Edited by Von Halford, 27 October 2012 - 03:20 PM.


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:43 PM

Posted 27 October 2012 - 04:07 PM

Please run the following

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:43 PM

Posted 04 November 2012 - 02:45 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users