Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AM I infected again??????????


  • Please log in to reply
6 replies to this topic

#1 bombguyrob

bombguyrob

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 16 January 2013 - 11:49 AM

I was in Hotmail a bit ago when all of the sudden something got in my emails contacts list and sent these
http://myrtc.my/691381.php another url also http://olivaresriojanossrl.com.ar/685877.php

I got several hundred postmaster return to sender emails, hotmail kicked me out and locked me out until I could answer the security question. I did , changed my password and am now back in business... what program should I run to see what what hijacked...

thanks

Rob

Edited by bombguyrob, 16 January 2013 - 11:55 AM.


BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:50 AM

Posted 17 January 2013 - 04:53 PM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run, install or uninstall any programs, unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
- Do NOT backup any unknown files ending in .exe, .com, .scr, .pif, and .bat since files of these types are more likely to be infected.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

:step1:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Under Objects to scan, check the boxes next to Verify file digital signatures, Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the full contents of that file in your next reply. - If the log is too long, then split it into multiple posts.


:step2:

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.


:step3:

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the full contents of the log in your next reply.


:step4:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (Only Problems)
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points
NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 bombguyrob

bombguyrob
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 17 January 2013 - 06:01 PM

Thanks be back shortly with results

#4 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:50 AM

Posted 17 January 2013 - 07:37 PM

:thumbsup:

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#5 bombguyrob

bombguyrob
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 17 January 2013 - 08:03 PM

Here ya go
\\\\\\\\\\\\

TDSS LOG

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2013
Ran by Rob at 17-01-2013 20:05:57
Running from C:\Users\Rob\Desktop
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2013-01-17 20:05 - 2013-01-17 20:05 - 00000000 ____D C:\FRST
2013-01-17 20:04 - 2013-01-17 20:04 - 01464233 ____A (Farbar) C:\Users\Rob\Desktop\FRST64.exe
2013-01-17 20:01 - 2013-01-17 20:02 - 00909506 ____A (Farbar) C:\Users\Rob\Downloads\FRST.exe
2013-01-17 20:00 - 2013-01-17 20:00 - 00002678 ____A C:\AdwCleaner[R3].txt
2013-01-17 19:59 - 2013-01-17 19:59 - 00574677 ____A C:\Users\Rob\Desktop\AdwCleaner.exe
2013-01-17 18:04 - 2013-01-17 18:04 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-01-11 21:09 - 2013-01-11 21:11 - 00000000 ____D C:\Users\Rob\Desktop\New folder (2)
2013-01-11 19:12 - 2013-01-17 18:06 - 00000280 ____A C:\Windows\setupact.log
2013-01-11 19:12 - 2013-01-11 19:12 - 00000000 ____A C:\Windows\setuperr.log
2013-01-11 19:11 - 2013-01-17 13:33 - 00002614 ____A C:\Windows\PFRO.log
2013-01-11 19:11 - 2013-01-11 19:12 - 00432904 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-10 12:21 - 2013-01-10 12:21 - 00116856 ____A C:\Users\Rob\AppData\Local\GDIPFONTCACHEV1.DAT
2013-01-09 08:24 - 2012-12-07 08:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2013-01-09 08:24 - 2012-12-07 08:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-01-09 08:24 - 2012-12-07 07:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-01-09 08:24 - 2012-12-07 07:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-01-09 08:24 - 2012-12-07 06:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
2013-01-09 08:24 - 2012-12-07 06:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
2013-01-09 08:24 - 2012-12-07 06:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
2013-01-09 08:24 - 2012-12-07 06:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
2013-01-09 08:24 - 2012-12-07 06:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
2013-01-09 08:24 - 2012-12-07 06:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
2013-01-09 08:24 - 2012-12-07 06:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
2013-01-09 08:24 - 2012-12-07 06:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
2013-01-09 08:24 - 2012-12-07 06:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
2013-01-09 08:24 - 2012-12-07 06:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
2013-01-09 08:24 - 2012-12-07 06:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
2013-01-09 08:24 - 2012-12-07 06:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
2013-01-09 08:24 - 2012-12-07 06:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
2013-01-09 08:24 - 2012-12-07 06:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
2013-01-09 08:24 - 2012-12-07 05:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-01-09 08:24 - 2012-12-07 05:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-01-09 08:24 - 2012-12-07 05:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-01-09 08:24 - 2012-12-07 05:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-01-09 08:24 - 2012-12-07 05:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-01-09 08:24 - 2012-12-07 05:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-01-09 08:24 - 2012-12-07 05:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-01-09 08:24 - 2012-12-07 05:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-01-09 08:24 - 2012-12-07 05:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-01-09 08:24 - 2012-12-07 05:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-01-09 08:24 - 2012-12-07 05:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-01-09 08:24 - 2012-12-07 05:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-01-09 08:24 - 2012-12-07 05:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-01-09 08:24 - 2012-12-07 05:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-01-09 08:24 - 2012-11-22 00:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-01-09 08:24 - 2012-11-21 23:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-01-09 08:24 - 2012-11-20 00:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-01-09 08:24 - 2012-11-19 23:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-01-09 08:24 - 2012-11-09 00:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-01-09 08:24 - 2012-11-08 23:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-01-09 08:24 - 2012-11-01 00:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-01-09 08:24 - 2012-11-01 00:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-01-09 08:24 - 2012-10-31 23:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-01-09 08:24 - 2012-10-31 23:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-01-09 08:23 - 2012-11-30 00:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-01-09 08:23 - 2012-11-30 00:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-01-09 08:23 - 2012-11-30 00:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-01-09 08:23 - 2012-11-30 00:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-01-09 08:23 - 2012-11-30 00:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-01-09 08:23 - 2012-11-30 00:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-01-09 08:23 - 2012-11-30 00:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-01-09 08:23 - 2012-11-30 00:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-01-09 08:23 - 2012-11-30 00:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-01-09 08:23 - 2012-11-30 00:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 08:23 - 2012-11-30 00:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 08:23 - 2012-11-30 00:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 08:23 - 2012-11-30 00:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 08:23 - 2012-11-30 00:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 08:23 - 2012-11-30 00:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 08:23 - 2012-11-30 00:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 08:23 - 2012-11-30 00:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 08:23 - 2012-11-30 00:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 08:23 - 2012-11-30 00:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 08:23 - 2012-11-30 00:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 08:23 - 2012-11-30 00:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 08:23 - 2012-11-30 00:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 08:23 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 08:23 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-01-09 08:23 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 08:23 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 08:23 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-01-09 08:23 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 08:23 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 08:23 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 08:23 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 08:23 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 08:23 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 08:23 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 08:23 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-01-09 08:23 - 2012-11-29 23:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-01-09 08:23 - 2012-11-29 23:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-01-09 08:23 - 2012-11-29 23:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-01-09 08:23 - 2012-11-29 23:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-09 08:23 - 2012-11-29 23:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 08:23 - 2012-11-29 23:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 08:23 - 2012-11-29 23:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 08:23 - 2012-11-29 23:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 08:23 - 2012-11-29 23:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 08:23 - 2012-11-29 23:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 08:23 - 2012-11-29 23:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 08:23 - 2012-11-29 23:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 08:23 - 2012-11-29 23:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 08:23 - 2012-11-29 23:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 08:23 - 2012-11-29 23:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 08:23 - 2012-11-29 23:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 08:23 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-09 08:23 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 08:23 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 08:23 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-09 08:23 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 08:23 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 08:23 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 08:23 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 08:23 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 08:23 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 08:23 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-09 08:23 - 2012-11-29 22:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-01-09 08:23 - 2012-11-29 21:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-01-09 08:23 - 2012-11-29 21:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-01-09 08:23 - 2012-11-29 21:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-01-09 08:23 - 2012-11-29 21:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-01-09 08:23 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-09 08:23 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 08:23 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 08:23 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-09 08:23 - 2012-11-29 18:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
2013-01-09 08:23 - 2012-11-29 18:15 - 00420064 ____A C:\Windows\System32\locale.nls
2013-01-09 08:23 - 2012-11-22 22:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-01-09 08:23 - 2012-11-22 22:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-01-07 22:44 - 2013-01-07 22:44 - 00000922 ____A C:\Users\Public\Desktop\7-zip.lnk
2013-01-07 22:43 - 2013-01-07 22:43 - 00000000 ____D C:\Users\All Users\APN
2013-01-07 22:42 - 2013-01-07 22:42 - 01653440 ____A (W3i, LLC) C:\Users\Rob\Downloads\7zip_installer_d162802.exe
2013-01-05 14:41 - 2013-01-05 14:41 - 00002272 ____A C:\Users\Public\Desktop\HP Deskjet 2050 J510 series.lnk
2013-01-05 14:41 - 2013-01-05 14:41 - 00001194 ____A C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 2050 J510 series.lnk
2013-01-05 14:41 - 2013-01-05 14:41 - 00000057 ____A C:\Users\All Users\Ament.ini
2013-01-04 21:53 - 2013-01-04 21:53 - 00403840 ____A C:\Users\Rob\Desktop\Gap7_Extens_Grids100_Fnl.txt
2013-01-01 20:10 - 2013-01-01 20:10 - 00001979 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-01-01 19:58 - 2013-01-01 19:58 - 01081320 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-01-01 19:58 - 2013-01-01 19:58 - 00959976 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-01-01 19:58 - 2013-01-01 19:58 - 00308200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-01-01 19:58 - 2013-01-01 19:58 - 00188392 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-01-01 19:58 - 2013-01-01 19:58 - 00188392 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-01-01 19:58 - 2013-01-01 19:58 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-01-01 19:46 - 2013-01-01 19:47 - 94750176 ____A (Oracle Corporation) C:\Users\Rob\Desktop\jdk-7u10-windows-x64.exe
2013-01-01 19:25 - 2013-01-01 19:25 - 00448512 ____A (OldTimer Tools) C:\Users\Rob\Desktop\TFC.exe
2013-01-01 18:25 - 2013-01-01 18:25 - 00856731 ____A C:\Users\Rob\Desktop\SecurityCheck.exe
2012-12-29 19:35 - 2012-12-29 19:38 - 00038943 ____A C:\Users\Rob\Downloads\Result.txt
2012-12-29 19:32 - 2012-12-29 19:32 - 00752213 ____A (Farbar) C:\Users\Rob\Downloads\MiniToolBox.exe
2012-12-29 15:15 - 2013-01-17 18:07 - 00000410 ____A C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2012-12-29 15:15 - 2012-12-29 15:15 - 00000000 ____D C:\Users\All Users\PC Optimizer Pro
2012-12-29 15:14 - 2012-12-29 15:14 - 00445494 ____A C:\Users\Rob\Downloads\MiniToolBox.zip
2012-12-29 15:06 - 2012-12-29 17:19 - 00000000 ____D C:\Users\Rob\AppData\Local\Strongvault Online Backup
2012-12-29 15:06 - 2012-12-29 15:19 - 00000000 ____D C:\Users\Rob\AppData\Local\StrongVault
2012-12-29 15:06 - 2012-12-29 15:18 - 00000000 ____D C:\Users\All Users\Strongvault Online Backup
2012-12-29 15:06 - 2012-12-29 15:06 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2012-12-29 15:06 - 2012-12-29 15:06 - 00000000 ____D C:\Users\Rob\AppData\Roaming\Strongvault
2012-12-29 15:06 - 2012-12-29 15:06 - 00000000 ____D C:\Users\Rob\AppData\Local\Stronghold_LLC
2012-12-29 15:06 - 2012-12-29 15:06 - 00000000 ____D C:\Program Files (x86)\Strongvault Online Backup
2012-12-29 15:05 - 2012-12-29 15:05 - 00000000 ____D C:\Users\Rob\AppData\Roaming\DefaultTab
2012-12-29 15:05 - 2012-12-29 15:05 - 00000000 ____D C:\Program Files (x86)\DefaultTab
2012-12-29 12:09 - 2012-12-29 12:09 - 12351992 ____A (Opera Software ASA) C:\Users\Public\Desktop\OperaSetup.exe
2012-12-29 12:09 - 2012-12-29 12:09 - 00000000 ____D C:\Users\Rob\AppData\Roaming\RealNetworks
2012-12-29 12:09 - 2012-12-29 12:09 - 00000000 ____D C:\Users\Rob\AppData\Local\Real
2012-12-29 12:08 - 2012-12-29 12:08 - 00000000 ____D C:\Users\All Users\RealNetworks
2012-12-29 12:08 - 2012-12-29 12:08 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2012-12-29 12:07 - 2012-12-29 12:08 - 00000000 ____D C:\Program Files (x86)\Real
2012-12-29 12:07 - 2012-12-29 12:07 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-12-29 12:07 - 2012-12-29 12:07 - 00201424 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-12-29 12:07 - 2012-12-29 12:07 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-12-29 12:07 - 2012-12-29 12:07 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-12-29 12:06 - 2012-12-29 12:09 - 00000000 ____D C:\Users\Rob\AppData\Roaming\Real
2012-12-29 12:05 - 2012-12-29 12:25 - 00002338 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-12-29 12:03 - 2012-12-29 12:09 - 00000000 ____D C:\Users\All Users\Real
2012-12-29 06:45 - 2012-12-29 06:45 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\72871112.sys
2012-12-29 06:44 - 2012-12-29 11:19 - 00000000 ____D C:\Program Files (x86)\Mozilla FireFox
2012-12-29 06:44 - 2012-12-29 06:44 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Rob\Desktop\tdsskiller.exe
2012-12-29 06:09 - 2012-12-29 06:09 - 00000965 ____A C:\AdwCleaner[S2].txt
2012-12-29 06:08 - 2012-12-29 06:08 - 00000906 ____A C:\AdwCleaner[R2].txt
2012-12-29 06:02 - 2012-12-29 06:02 - 00009744 ____A C:\AdwCleaner[S1].txt
2012-12-29 06:02 - 2012-12-29 06:02 - 00009486 ____A C:\AdwCleaner[R1].txt
2012-12-28 22:53 - 2012-11-14 02:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-28 22:53 - 2012-11-14 01:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-28 22:53 - 2012-11-14 01:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-28 22:53 - 2012-11-14 01:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-28 22:53 - 2012-11-14 01:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-28 22:53 - 2012-11-14 01:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-28 22:53 - 2012-11-14 01:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-28 22:53 - 2012-11-14 00:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-28 22:53 - 2012-11-14 00:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-28 22:53 - 2012-11-14 00:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-28 22:53 - 2012-11-14 00:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-28 22:53 - 2012-11-14 00:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-28 22:53 - 2012-11-14 00:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-28 22:53 - 2012-11-14 00:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-28 22:53 - 2012-11-14 00:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-28 22:53 - 2012-11-14 00:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-28 22:53 - 2012-11-13 21:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-28 22:53 - 2012-11-13 21:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-28 22:53 - 2012-11-13 21:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-12-28 22:53 - 2012-11-13 20:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-12-28 22:53 - 2012-11-13 20:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-28 22:53 - 2012-11-13 20:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-28 22:53 - 2012-11-13 20:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-28 22:53 - 2012-11-13 20:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-28 22:53 - 2012-11-13 20:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-28 22:53 - 2012-11-13 20:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-12-28 22:53 - 2012-11-13 20:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-12-28 22:53 - 2012-11-13 20:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-28 22:53 - 2012-11-13 20:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-28 22:53 - 2012-11-13 20:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-28 22:53 - 2012-11-13 20:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-28 22:53 - 2012-11-13 20:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-28 22:39 - 2012-12-28 22:39 - 00056016 ____A C:\Windows\System32\Drivers\fsbts.sys
2012-12-28 19:15 - 2012-12-28 19:15 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-12-28 19:15 - 2012-12-28 19:15 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-12-28 19:15 - 2012-12-28 19:15 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-12-28 19:15 - 2012-12-28 19:15 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-12-28 19:15 - 2012-12-28 19:15 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-12-28 19:15 - 2012-12-28 19:15 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-12-28 19:15 - 2012-12-28 19:15 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-12-28 19:15 - 2012-12-28 19:15 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-12-28 19:15 - 2012-12-28 19:15 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-12-28 19:15 - 2012-12-28 19:15 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-12-28 19:15 - 2012-12-28 19:15 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-12-28 19:15 - 2012-12-28 19:15 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-12-28 19:15 - 2012-12-28 19:15 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-12-28 19:15 - 2012-12-28 19:15 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-12-28 19:15 - 2012-12-28 19:15 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-12-28 19:15 - 2012-12-28 19:15 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-12-28 19:15 - 2012-12-28 19:15 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-12-28 19:15 - 2012-12-28 19:15 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-12-28 19:15 - 2012-12-28 19:15 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-12-28 19:15 - 2012-12-28 19:15 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-12-28 11:30 - 2012-12-28 11:30 - 00001945 ____A C:\Windows\epplauncher.mif
2012-12-28 11:30 - 2012-12-28 11:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-12-28 11:29 - 2012-12-28 11:30 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-12-28 11:20 - 2013-01-17 18:07 - 00000410 ____A C:\Windows\Tasks\USTechSupport Update Notifier Logon.job
2012-12-28 11:20 - 2013-01-16 22:57 - 00000402 ____A C:\Windows\Tasks\USTechSupport Update Notifier.job
2012-12-28 07:36 - 2012-12-28 07:37 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-28 07:36 - 2012-12-28 07:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-28 07:36 - 2012-12-14 16:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-12-28 00:15 - 2012-12-28 00:15 - 02223693 ____A C:\USTECHSUPPORT_TOOLKIT.EXE
2012-12-27 23:50 - 2012-12-27 23:50 - 00000000 __SHD C:\%APPDATA%
2012-12-27 23:47 - 2012-12-27 23:47 - 00000000 ____D C:\Users\Rob\AppData\Local\Adobe
2012-12-27 23:08 - 2012-12-27 23:08 - 00001471 ____A C:\Users\Rob\Desktop\Internet Explorer.lnk
2012-12-27 22:46 - 2012-12-27 22:46 - 00001111 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-12-27 22:32 - 2012-12-27 22:33 - 47194112 ____A C:\Windows\sectest.db
2012-12-27 21:42 - 2012-12-27 21:42 - 00000000 ____D C:\Users\Rob\AppData\Roaming\BlueSprig
2012-12-27 21:42 - 2012-12-27 21:42 - 00000000 ____D C:\Program Files (x86)\BlueSprig
2012-12-27 21:13 - 2012-12-29 15:16 - 00000000 __SHD C:\vseqrntn.bin
2012-12-27 21:07 - 2013-01-11 19:06 - 00000450 ____A C:\Windows\Tasks\USTSPCO-USTSPCOOneClickCare.job
2012-12-27 21:07 - 2012-12-27 21:07 - 00000000 ____D C:\Users\Rob\AppData\Roaming\USTechSupport
2012-12-27 21:07 - 2012-10-05 07:56 - 00019336 ____A (CyberDefender, (www.cyberdefender.com)) C:\Windows\System32\roboot64.exe
2012-12-27 21:06 - 2012-12-28 11:20 - 00000000 ____D C:\Users\All Users\USTechSupport
2012-12-27 21:06 - 2012-12-27 21:06 - 00001872 ____A C:\Users\Public\Desktop\CyberDefender PC Optimizer.lnk
2012-12-27 21:06 - 2012-12-27 21:06 - 00000000 ____D C:\Program Files (x86)\USTechSupport
2012-12-27 20:57 - 2012-12-27 20:57 - 00000085 ____A C:\Windows\AuthentiumException.ini
2012-12-27 20:55 - 2013-01-17 19:47 - 00021199 ____A C:\CDAVFSuser.log
2012-12-27 20:55 - 2013-01-17 17:24 - 00024710 ____A C:\CDAVFSuserBackup.log
2012-12-27 20:55 - 2012-12-27 20:58 - 00000057 ____A C:\Windows\av_affiliate.ini
2012-12-27 20:55 - 2012-12-27 20:58 - 00000057 ____A C:\Windows\as_affiliate.ini
2012-12-27 20:50 - 2012-12-27 21:05 - 00000000 ____D C:\Users\Rob\AppData\Local\USTechSupport Internet Security
2012-12-27 20:50 - 2012-12-27 20:50 - 00483414 ____A C:\cybdefauth_i.log
2012-12-27 20:50 - 2012-12-27 20:50 - 00078376 ____A (CyberDefender Corp.) C:\Windows\System32\Drivers\CDAVFS.sys
2012-12-27 20:50 - 2012-12-27 20:50 - 00002328 ____R C:\Users\Rob\Desktop\Early Detection Center.lnk
2012-12-27 20:50 - 2012-12-27 20:50 - 00000258 ____R C:\Users\Rob\Desktop\Live PC Help.url
2012-12-27 20:50 - 2012-12-27 20:50 - 00000000 ____D C:\Program Files\Common Files\Authentium
2012-12-27 20:49 - 2013-01-17 18:07 - 00064046 ____A C:\USTSInstallInfo.log
2012-12-27 20:49 - 2012-12-27 20:50 - 00000114 ____A C:\USTSWebInstaller.log
2012-12-27 18:56 - 2012-12-27 18:56 - 00001228 ____A C:\Users\Rob\Desktop\Revo Uninstaller.lnk
2012-12-27 18:56 - 2012-12-27 18:56 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2012-12-27 18:55 - 2012-12-27 18:55 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Rob\Downloads\revosetup.exe
2012-12-27 18:55 - 2012-12-27 18:55 - 00000064 ____A C:\Windows\GPlrLanc.dat
2012-12-27 18:54 - 2012-12-27 18:55 - 00000000 ____D C:\Program Files (x86)\Coupon Companion Plugin
2012-12-27 18:54 - 2012-12-27 18:54 - 00000000 ____D C:\Users\Rob\AppData\Local\Coupon Companion Plugin
2012-12-27 18:42 - 2012-12-27 18:42 - 00000971 ____A C:\Users\rob2\Desktop\SpeedFan.lnk
2012-12-27 18:42 - 2012-12-27 18:42 - 00000971 ____A C:\Users\Guest\Desktop\SpeedFan.lnk
2012-12-27 18:42 - 2012-12-27 18:42 - 00000045 ____A C:\Windows\SysWOW64\initdebug.nfo
2012-12-27 18:42 - 2012-12-27 18:42 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2012-12-27 18:42 - 2012-12-27 18:42 - 00000000 ____A C:\initdebug.nfo
2012-12-27 17:43 - 2012-12-27 17:43 - 00072028 ____A C:\Users\All Users\1356648203.bdinstall.bin
2012-12-27 17:43 - 2012-12-27 17:43 - 00021541 ____A C:\Users\All Users\1356648201.bdinstall.bin
2012-12-27 17:16 - 2012-12-27 17:45 - 00000000 ____D C:\Tools
2012-12-27 16:35 - 2012-12-27 16:35 - 00000000 ____D C:\Users\rob2\AppData\Roaming\Macromedia
2012-12-27 16:32 - 2012-12-27 16:34 - 00000000 ____D C:\Users\rob2\AppData\Roaming\Google
2012-12-27 16:32 - 2012-12-27 16:32 - 00116856 ____A C:\Users\rob2\AppData\Local\GDIPFONTCACHEV1.DAT
2012-12-27 16:32 - 2012-12-27 16:32 - 00001413 ____A C:\Users\rob2\Desktop\Internet Explorer (64-bit).lnk
2012-12-27 16:32 - 2012-12-27 16:32 - 00000000 ____D C:\Users\rob2\AppData\Roaming\Apple Computer
2012-12-27 16:32 - 2012-12-27 16:32 - 00000000 ____D C:\Users\rob2\AppData\Roaming\Adobe
2012-12-27 16:32 - 2012-12-27 16:32 - 00000000 ____D C:\Users\rob2\AppData\Roaming\Ad-Aware Antivirus
2012-12-27 16:32 - 2012-12-27 16:32 - 00000000 ____D C:\Users\rob2\AppData\Local\Hewlett-Packard
2012-12-27 16:32 - 2012-12-27 16:32 - 00000000 ____D C:\Users\rob2\AppData\Local\Google
2012-12-27 16:32 - 2012-12-27 16:32 - 00000000 ____A C:\Users\rob2\AppData\Local\QSwitch.txt
2012-12-27 16:32 - 2012-12-27 16:32 - 00000000 ____A C:\Users\rob2\AppData\Local\DSwitch.txt
2012-12-27 16:32 - 2012-12-27 16:32 - 00000000 ____A C:\Users\rob2\AppData\Local\AtStart.txt
2012-12-27 16:31 - 2012-12-27 16:31 - 00000020 __ASH C:\Users\rob2\ntuser.ini
2012-12-27 16:31 - 2012-12-27 16:31 - 00000000 ____D C:\users\rob2
2012-12-27 16:31 - 2011-10-19 18:46 - 00000000 ____D C:\Users\rob2\AppData\Local\Microsoft Help
2012-12-27 16:16 - 2013-01-17 19:01 - 01848947 ____A C:\Windows\WindowsUpdate.log
2012-12-27 16:13 - 2012-12-27 16:14 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Ad-Aware Antivirus
2012-12-27 15:15 - 2012-12-29 14:55 - 00003073 ____A C:\121227-000662.zip
2012-12-27 14:58 - 2012-12-27 14:58 - 00000000 ____D C:\Windows\ERUNT
2012-12-27 14:52 - 2012-12-27 14:52 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-12-27 14:32 - 2012-12-27 14:32 - 00000000 ____D C:\Users\Rob\AppData\Roaming\Malwarebytes
2012-12-27 14:31 - 2012-12-27 14:31 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-27 13:40 - 2012-12-27 13:40 - 00000000 RASHD C:\OSTCS
2012-12-27 13:07 - 2012-12-29 21:53 - 00000000 ____D C:\Users\Rob\AppData\Local\LogMeIn Rescue Applet
2012-12-27 09:51 - 2012-12-27 09:51 - 00022933 ____A C:\Users\All Users\1356619891.bdinstall.bin
2012-12-27 09:36 - 2012-12-27 09:36 - 00041204 ____A C:\Users\All Users\1356618862.bdinstall.bin
2012-12-27 09:27 - 2012-12-27 09:28 - 00000000 ____D C:\Users\Rob\AppData\Local\{FC9F801E-9FC5-45EE-AA5F-5E4176018AA6}
2012-12-27 09:26 - 2012-12-27 09:26 - 00041684 ____A C:\Users\All Users\1356618234.bdinstall.bin
2012-12-27 09:23 - 2012-12-27 09:23 - 00021573 ____A C:\Users\All Users\1356618232.bdinstall.bin
2012-12-27 08:52 - 2012-12-27 08:52 - 00159099 ____A C:\Users\All Users\1356616166.bdinstall.bin
2012-12-27 08:50 - 2012-12-27 08:50 - 00000000 ____D C:\Users\Rob\AppData\Roaming\QuickScan
2012-12-27 08:48 - 2012-12-27 08:48 - 09158120 ____A C:\Users\Rob\Downloads\Antivirus_Free_Edition_x64.exe
2012-12-27 08:48 - 2012-12-27 08:48 - 00162208 ____A C:\Users\Rob\Downloads\Antivirus_Free_Edition.exe
2012-12-26 23:18 - 2012-12-26 23:19 - 22854032 ____A (SUPERAntiSpyware.com) C:\Users\Rob\Downloads\SUPERAntiSpyware.exe
2012-12-26 21:27 - 2012-12-26 21:27 - 00000000 ____D C:\Users\Rob\AppData\Local\{D8FD7DF5-AFAA-4604-A247-40E2D158D76B}
2012-12-26 19:50 - 2012-12-26 21:23 - 00000000 ____D C:\Users\All Users\AVG2013
2012-12-26 19:50 - 2012-12-26 19:50 - 00000000 ___HD C:\$AVG
2012-12-26 19:46 - 2012-12-26 19:52 - 00000000 ____D C:\Users\Rob\AppData\Local\Avg2013
2012-12-26 18:59 - 2012-12-29 18:39 - 00000000 ____D C:\Windows\pss
2012-12-26 10:25 - 2012-12-26 10:25 - 00000000 ____D C:\Users\Rob\AppData\Local\{F30C2D42-26E5-4A85-A36A-2E63C8E0730A}
2012-12-26 06:44 - 2012-12-26 06:44 - 00000000 ____D C:\Users\Rob\AppData\Local\Macromedia
2012-12-25 10:24 - 2012-12-25 22:25 - 00000000 ____D C:\Users\Rob\AppData\Local\{7DDE2CFA-E7A2-4CC2-8EAC-3D5F4CE72572}
2012-12-24 15:55 - 2012-12-17 06:43 - 00038096 ____A (GFI Software) C:\Windows\System32\Drivers\gfiark.sys
2012-12-24 10:04 - 2012-12-24 10:04 - 00000000 ____D C:\Users\Rob\AppData\Local\{CAFEE33B-5C33-4177-913B-15FCDE39167D}
2012-12-23 17:58 - 2012-12-23 17:58 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Opera
2012-12-23 17:58 - 2012-12-23 17:58 - 00000000 ____D C:\Users\Guest\AppData\Local\Opera
2012-12-22 19:48 - 2012-12-26 21:30 - 00000000 ____D C:\Users\Rob\AppData\Roaming\Opera
2012-12-22 19:48 - 2012-12-26 21:30 - 00000000 ____D C:\Users\Rob\AppData\Local\Opera
2012-12-22 19:48 - 2012-12-26 21:30 - 00000000 ____D C:\Program Files (x86)\Opera
2012-12-22 19:47 - 2012-12-22 19:47 - 12774200 ____A (Opera Software ASA) C:\Users\Rob\Downloads\Opera_1212_int_Setup.exe
2012-12-22 19:45 - 2012-12-23 08:43 - 00000000 ____D C:\Users\Rob\AppData\Local\{581C84B8-F339-4D36-9D75-21207ECB3C94}
2012-12-22 18:54 - 2012-12-22 18:54 - 00000000 ____D C:\Users\Rob\AppData\Local\Dagardi
2012-12-22 18:40 - 2012-12-29 11:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-12-22 18:40 - 2012-12-22 18:40 - 00000000 ____D C:\Users\Rob\AppData\Local\Mozilla
2012-12-22 18:40 - 2012-12-22 18:40 - 00000000 ____D C:\Users\All Users\Mozilla
2012-12-22 18:39 - 2012-12-22 18:39 - 19381840 ____A (Mozilla) C:\Users\Rob\Downloads\Firefox Setup 17.0.1.exe
2012-12-22 07:45 - 2012-12-22 07:45 - 00000000 ____D C:\Users\Rob\AppData\Local\{23A6F913-104C-4AD7-B507-BEF3E55DF99D}
2012-12-21 10:12 - 2012-12-21 10:12 - 00000000 ____D C:\Users\Rob\AppData\Local\{DA9AF6F3-A796-4780-95FA-AC36E7FC1AF5}
2012-12-21 09:23 - 2012-12-16 12:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-21 09:23 - 2012-12-16 09:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-21 09:23 - 2012-12-16 09:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-21 09:23 - 2012-12-16 09:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-19 19:02 - 2012-12-19 19:02 - 00002091 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-12-19 06:51 - 2012-12-20 22:11 - 00000000 ____D C:\Users\Rob\AppData\Local\{1E8958A1-CA63-4FA4-A352-9C549B564774}
2012-12-19 06:44 - 2012-12-26 21:20 - 00000000 ____D C:\Users\All Users\Package Cache
2012-12-19 06:44 - 2012-12-26 21:20 - 00000000 ____D C:\Program Files\Mobile Stream
2012-12-19 06:44 - 2012-10-28 14:22 - 00020784 ____A (Mobile Stream) C:\Windows\System32\Drivers\easytthr.sys
2012-12-19 06:42 - 2012-12-19 07:37 - 05942928 ____A (Mobile Stream) C:\Users\Rob\Desktop\easytether.exe
2012-12-19 06:42 - 2012-12-19 06:59 - 00000000 ____D C:\Users\Rob\Desktop\Easy tether

==================== One Month Modified Files and Folders =======

2013-01-17 20:05 - 2013-01-17 20:05 - 00000000 ____D C:\FRST
2013-01-17 20:04 - 2013-01-17 20:04 - 01464233 ____A (Farbar) C:\Users\Rob\Desktop\FRST64.exe
2013-01-17 20:02 - 2013-01-17 20:01 - 00909506 ____A (Farbar) C:\Users\Rob\Downloads\FRST.exe
2013-01-17 20:00 - 2013-01-17 20:00 - 00002678 ____A C:\AdwCleaner[R3].txt
2013-01-17 19:59 - 2013-01-17 19:59 - 00574677 ____A C:\Users\Rob\Desktop\AdwCleaner.exe
2013-01-17 19:48 - 2012-12-27 16:16 - 01848947 ____A C:\Windows\WindowsUpdate.log
2013-01-17 19:47 - 2012-12-27 20:55 - 00021199 ____A C:\CDAVFSuser.log
2013-01-17 19:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\tracing
2013-01-17 19:23 - 2012-03-12 19:05 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-17 19:22 - 2012-06-12 23:10 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-17 18:14 - 2009-07-13 23:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-17 18:14 - 2009-07-13 23:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-17 18:11 - 2009-07-14 00:13 - 00814830 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-17 18:07 - 2012-12-29 15:15 - 00000410 ____A C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2013-01-17 18:07 - 2012-12-28 11:20 - 00000410 ____A C:\Windows\Tasks\USTechSupport Update Notifier Logon.job
2013-01-17 18:07 - 2012-12-27 20:49 - 00064046 ____A C:\USTSInstallInfo.log
2013-01-17 18:07 - 2012-03-12 19:05 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-17 18:06 - 2013-01-11 19:12 - 00000280 ____A C:\Windows\setupact.log
2013-01-17 18:06 - 2011-09-06 21:44 - 00065536 _____ C:\Windows\System32\Ikeext.etl
2013-01-17 18:06 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-17 18:04 - 2013-01-17 18:04 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-01-17 17:24 - 2012-12-27 20:55 - 00024710 ____A C:\CDAVFSuserBackup.log
2013-01-17 13:33 - 2013-01-11 19:11 - 00002614 ____A C:\Windows\PFRO.log
2013-01-17 12:10 - 2012-02-19 16:56 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-01-16 22:57 - 2012-12-28 11:20 - 00000402 ____A C:\Windows\Tasks\USTechSupport Update Notifier.job
2013-01-16 19:31 - 2012-10-16 13:22 - 00000000 ____D C:\Users\Rob\AppData\Local\PokerStars.NET
2013-01-16 17:10 - 2011-01-22 16:31 - 00000000 ____D C:\Users\All Users\CanonIJ
2013-01-16 17:10 - 2011-01-22 15:21 - 00000000 ____D C:\Users\All Users\CanonIJPLM
2013-01-16 14:26 - 2012-06-10 11:53 - 00014882 ____A C:\Windows\sp321544.dat
2013-01-15 17:34 - 2012-06-07 20:10 - 00000324 ____A C:\Windows\Tasks\HPCeeScheduleForRob.job
2013-01-11 21:11 - 2013-01-11 21:09 - 00000000 ____D C:\Users\Rob\Desktop\New folder (2)
2013-01-11 21:11 - 2012-10-18 13:30 - 00000000 ____D C:\Users\Rob\Desktop\Quantico Maps
2013-01-11 19:12 - 2013-01-11 19:12 - 00000000 ____A C:\Windows\setuperr.log
2013-01-11 19:12 - 2013-01-11 19:11 - 00432904 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-11 19:11 - 2012-06-07 00:30 - 00000532 ____A C:\Windows\System32\ASOROSet.bin
2013-01-11 19:11 - 2009-07-13 21:34 - 87556096 ____A C:\Windows\System32\config\SOFTWARE.bak
2013-01-11 19:11 - 2009-07-13 21:34 - 00028672 ____A C:\Windows\System32\config\SECURITY.bak
2013-01-11 19:06 - 2012-12-27 21:07 - 00000450 ____A C:\Windows\Tasks\USTSPCO-USTSPCOOneClickCare.job
2013-01-11 19:06 - 2009-07-13 21:34 - 00094208 ____A C:\Windows\System32\config\SAM.bak
2013-01-10 12:21 - 2013-01-10 12:21 - 00116856 ____A C:\Users\Rob\AppData\Local\GDIPFONTCACHEV1.DAT
2013-01-10 12:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-01-10 09:27 - 2011-01-19 23:29 - 00809046 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-01-10 09:19 - 2010-10-12 19:24 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-01-07 22:44 - 2013-01-07 22:44 - 00000922 ____A C:\Users\Public\Desktop\7-zip.lnk
2013-01-07 22:43 - 2013-01-07 22:43 - 00000000 ____D C:\Users\All Users\APN
2013-01-07 22:42 - 2013-01-07 22:42 - 01653440 ____A (W3i, LLC) C:\Users\Rob\Downloads\7zip_installer_d162802.exe
2013-01-06 22:40 - 2010-10-21 21:02 - 00000000 ____D C:\Users\Rob\AppData\Local\CrashDumps
2013-01-05 14:41 - 2013-01-05 14:41 - 00002272 ____A C:\Users\Public\Desktop\HP Deskjet 2050 J510 series.lnk
2013-01-05 14:41 - 2013-01-05 14:41 - 00001194 ____A C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 2050 J510 series.lnk
2013-01-05 14:41 - 2013-01-05 14:41 - 00000057 ____A C:\Users\All Users\Ament.ini
2013-01-05 14:41 - 2012-10-01 17:26 - 00000000 ____D C:\Users\Rob\AppData\Local\HP
2013-01-05 14:41 - 2012-10-01 17:26 - 00000000 ____D C:\Program Files\HP
2013-01-05 14:41 - 2010-08-27 19:36 - 00000000 ____D C:\Users\All Users\HP
2013-01-05 14:41 - 2010-01-09 20:16 - 00000000 ____D C:\Program Files (x86)\HP
2013-01-04 21:53 - 2013-01-04 21:53 - 00403840 ____A C:\Users\Rob\Desktop\Gap7_Extens_Grids100_Fnl.txt
2013-01-01 20:10 - 2013-01-01 20:10 - 00001979 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-01-01 20:10 - 2010-01-09 19:39 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-01-01 20:09 - 2010-01-09 19:40 - 00000000 ____D C:\Users\All Users\Adobe
2013-01-01 19:58 - 2013-01-01 19:58 - 01081320 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-01-01 19:58 - 2013-01-01 19:58 - 00959976 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-01-01 19:58 - 2013-01-01 19:58 - 00308200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-01-01 19:58 - 2013-01-01 19:58 - 00188392 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-01-01 19:58 - 2013-01-01 19:58 - 00188392 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-01-01 19:58 - 2013-01-01 19:58 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-01-01 19:58 - 2010-01-09 20:48 - 00000000 ____D C:\Program Files\Java
2013-01-01 19:47 - 2013-01-01 19:46 - 94750176 ____A (Oracle Corporation) C:\Users\Rob\Desktop\jdk-7u10-windows-x64.exe
2013-01-01 19:25 - 2013-01-01 19:25 - 00448512 ____A (OldTimer Tools) C:\Users\Rob\Desktop\TFC.exe
2013-01-01 18:25 - 2013-01-01 18:25 - 00856731 ____A C:\Users\Rob\Desktop\SecurityCheck.exe
2012-12-30 12:19 - 2009-09-06 20:57 - 00000000 ____D C:\Windows\Panther
2012-12-29 21:53 - 2012-12-27 13:07 - 00000000 ____D C:\Users\Rob\AppData\Local\LogMeIn Rescue Applet
2012-12-29 19:38 - 2012-12-29 19:35 - 00038943 ____A C:\Users\Rob\Downloads\Result.txt
2012-12-29 19:32 - 2012-12-29 19:32 - 00752213 ____A (Farbar) C:\Users\Rob\Downloads\MiniToolBox.exe
2012-12-29 18:39 - 2012-12-26 18:59 - 00000000 ____D C:\Windows\pss
2012-12-29 17:19 - 2012-12-29 15:06 - 00000000 ____D C:\Users\Rob\AppData\Local\Strongvault Online Backup
2012-12-29 15:19 - 2012-12-29 15:06 - 00000000 ____D C:\Users\Rob\AppData\Local\StrongVault
2012-12-29 15:18 - 2012-12-29 15:06 - 00000000 ____D C:\Users\All Users\Strongvault Online Backup
2012-12-29 15:18 - 2012-02-18 20:32 - 00000000 ____D C:\Users\Public\Documents\Verizon_Android
2012-12-29 15:16 - 2012-12-27 21:13 - 00000000 __SHD C:\vseqrntn.bin
2012-12-29 15:15 - 2012-12-29 15:15 - 00000000 ____D C:\Users\All Users\PC Optimizer Pro
2012-12-29 15:14 - 2012-12-29 15:14 - 00445494 ____A C:\Users\Rob\Downloads\MiniToolBox.zip
2012-12-29 15:06 - 2012-12-29 15:06 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2012-12-29 15:06 - 2012-12-29 15:06 - 00000000 ____D C:\Users\Rob\AppData\Roaming\Strongvault
2012-12-29 15:06 - 2012-12-29 15:06 - 00000000 ____D C:\Users\Rob\AppData\Local\Stronghold_LLC
2012-12-29 15:06 - 2012-12-29 15:06 - 00000000 ____D C:\Program Files (x86)\Strongvault Online Backup
2012-12-29 15:05 - 2012-12-29 15:05 - 00000000 ____D C:\Users\Rob\AppData\Roaming\DefaultTab
2012-12-29 15:05 - 2012-12-29 15:05 - 00000000 ____D C:\Program Files (x86)\DefaultTab
2012-12-29 15:05 - 2010-10-24 21:48 - 00000000 ____D C:\Users\All Users\Yahoo! Companion
2012-12-29 14:55 - 2012-12-27 15:15 - 00003073 ____A C:\121227-000662.zip
2012-12-29 12:25 - 2012-12-29 12:05 - 00002338 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-12-29 12:09 - 2012-12-29 12:09 - 12351992 ____A (Opera Software ASA) C:\Users\Public\Desktop\OperaSetup.exe
2012-12-29 12:09 - 2012-12-29 12:09 - 00000000 ____D C:\Users\Rob\AppData\Roaming\RealNetworks
2012-12-29 12:09 - 2012-12-29 12:09 - 00000000 ____D C:\Users\Rob\AppData\Local\Real
2012-12-29 12:09 - 2012-12-29 12:06 - 00000000 ____D C:\Users\Rob\AppData\Roaming\Real
2012-12-29 12:09 - 2012-12-29 12:03 - 00000000 ____D C:\Users\All Users\Real
2012-12-29 12:09 - 2010-08-10 21:42 - 00000000 ____D C:\Users\Rob\AppData\Local\Google
2012-12-29 12:08 - 2012-12-29 12:08 - 00000000 ____D C:\Users\All Users\RealNetworks
2012-12-29 12:08 - 2012-12-29 12:08 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2012-12-29 12:08 - 2012-12-29 12:07 - 00000000 ____D C:\Program Files (x86)\Real
2012-12-29 12:07 - 2012-12-29 12:07 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-12-29 12:07 - 2012-12-29 12:07 - 00201424 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-12-29 12:07 - 2012-12-29 12:07 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-12-29 12:07 - 2012-12-29 12:07 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-12-29 12:06 - 2010-08-10 21:40 - 00000000 ____D C:\Program Files (x86)\Google
2012-12-29 11:30 - 2012-12-22 18:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-12-29 11:19 - 2012-12-29 06:44 - 00000000 ____D C:\Program Files (x86)\Mozilla FireFox
2012-12-29 06:45 - 2012-12-29 06:45 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\72871112.sys
2012-12-29 06:44 - 2012-12-29 06:44 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Rob\Desktop\tdsskiller.exe
2012-12-29 06:09 - 2012-12-29 06:09 - 00000965 ____A C:\AdwCleaner[S2].txt
2012-12-29 06:08 - 2012-12-29 06:08 - 00000906 ____A C:\AdwCleaner[R2].txt
2012-12-29 06:02 - 2012-12-29 06:02 - 00009744 ____A C:\AdwCleaner[S1].txt
2012-12-29 06:02 - 2012-12-29 06:02 - 00009486 ____A C:\AdwCleaner[R1].txt
2012-12-28 22:40 - 2010-01-09 18:07 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-12-28 22:39 - 2012-12-28 22:39 - 00056016 ____A C:\Windows\System32\Drivers\fsbts.sys
2012-12-28 19:16 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-12-28 19:15 - 2012-12-28 19:15 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-12-28 19:15 - 2012-12-28 19:15 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-12-28 19:15 - 2012-12-28 19:15 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-12-28 19:15 - 2012-12-28 19:15 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-12-28 19:15 - 2012-12-28 19:15 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-12-28 19:15 - 2012-12-28 19:15 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-12-28 19:15 - 2012-12-28 19:15 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-12-28 19:15 - 2012-12-28 19:15 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-12-28 19:15 - 2012-12-28 19:15 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-12-28 19:15 - 2012-12-28 19:15 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-12-28 19:15 - 2012-12-28 19:15 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-12-28 19:15 - 2012-12-28 19:15 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-12-28 19:15 - 2012-12-28 19:15 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-12-28 19:15 - 2012-12-28 19:15 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-12-28 19:15 - 2012-12-28 19:15 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-12-28 19:15 - 2012-12-28 19:15 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-12-28 19:15 - 2012-12-28 19:15 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-12-28 19:15 - 2012-12-28 19:15 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-12-28 19:15 - 2012-12-28 19:15 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-12-28 19:15 - 2012-12-28 19:15 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-12-28 19:15 - 2012-12-28 19:15 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-12-28 11:30 - 2012-12-28 11:30 - 00001945 ____A C:\Windows\epplauncher.mif
2012-12-28 11:30 - 2012-12-28 11:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-12-28 11:30 - 2012-12-28 11:29 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-12-28 11:20 - 2012-12-27 21:06 - 00000000 ____D C:\Users\All Users\USTechSupport
2012-12-28 11:20 - 2009-07-13 21:34 - 00000610 ____A C:\Windows\win.ini
2012-12-28 07:37 - 2012-12-28 07:36 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-28 07:37 - 2012-12-28 07:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-28 00:15 - 2012-12-28 00:15 - 02223693 ____A C:\USTECHSUPPORT_TOOLKIT.EXE
2012-12-27 23:50 - 2012-12-27 23:50 - 00000000 __SHD C:\%APPDATA%
2012-12-27 23:47 - 2012-12-27 23:47 - 00000000 ____D C:\Users\Rob\AppData\Local\Adobe
2012-12-27 23:08 - 2012-12-27 23:08 - 00001471 ____A C:\Users\Rob\Desktop\Internet Explorer.lnk
2012-12-27 22:46 - 2012-12-27 22:46 - 00001111 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-12-27 22:33 - 2012-12-27 22:32 - 47194112 ____A C:\Windows\sectest.db
2012-12-27 21:42 - 2012-12-27 21:42 - 00000000 ____D C:\Users\Rob\AppData\Roaming\BlueSprig
2012-12-27 21:42 - 2012-12-27 21:42 - 00000000 ____D C:\Program Files (x86)\BlueSprig
2012-12-27 21:07 - 2012-12-27 21:07 - 00000000 ____D C:\Users\Rob\AppData\Roaming\USTechSupport
2012-12-27 21:06 - 2012-12-27 21:06 - 00001872 ____A C:\Users\Public\Desktop\CyberDefender PC Optimizer.lnk
2012-12-27 21:06 - 2012-12-27 21:06 - 00000000 ____D C:\Program Files (x86)\USTechSupport
2012-12-27 21:06 - 2012-06-05 22:16 - 00001252 ____A C:\Users\Public\Desktop\Live PC Help.lnk
2012-12-27 21:05 - 2012-12-27 20:50 - 00000000 ____D C:\Users\Rob\AppData\Local\USTechSupport Internet Security
2012-12-27 20:58 - 2012-12-27 20:55 - 00000057 ____A C:\Windows\av_affiliate.ini
2012-12-27 20:58 - 2012-12-27 20:55 - 00000057 ____A C:\Windows\as_affiliate.ini
2012-12-27 20:57 - 2012-12-27 20:57 - 00000085 ____A C:\Windows\AuthentiumException.ini
2012-12-27 20:50 - 2012-12-27 20:50 - 00483414 ____A C:\cybdefauth_i.log
2012-12-27 20:50 - 2012-12-27 20:50 - 00078376 ____A (CyberDefender Corp.) C:\Windows\System32\Drivers\CDAVFS.sys
2012-12-27 20:50 - 2012-12-27 20:50 - 00002328 ____R C:\Users\Rob\Desktop\Early Detection Center.lnk
2012-12-27 20:50 - 2012-12-27 20:50 - 00000258 ____R C:\Users\Rob\Desktop\Live PC Help.url
2012-12-27 20:50 - 2012-12-27 20:50 - 00000000 ____D C:\Program Files\Common Files\Authentium
2012-12-27 20:50 - 2012-12-27 20:49 - 00000114 ____A C:\USTSWebInstaller.log
2012-12-27 20:40 - 2010-07-29 21:10 - 00000000 ____D C:\Users\Rob\Tracing
2012-12-27 18:56 - 2012-12-27 18:56 - 00001228 ____A C:\Users\Rob\Desktop\Revo Uninstaller.lnk
2012-12-27 18:56 - 2012-12-27 18:56 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2012-12-27 18:55 - 2012-12-27 18:55 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Rob\Downloads\revosetup.exe
2012-12-27 18:55 - 2012-12-27 18:55 - 00000064 ____A C:\Windows\GPlrLanc.dat
2012-12-27 18:55 - 2012-12-27 18:54 - 00000000 ____D C:\Program Files (x86)\Coupon Companion Plugin
2012-12-27 18:54 - 2012-12-27 18:54 - 00000000 ____D C:\Users\Rob\AppData\Local\Coupon Companion Plugin
2012-12-27 18:42 - 2012-12-27 18:42 - 00000971 ____A C:\Users\rob2\Desktop\SpeedFan.lnk
2012-12-27 18:42 - 2012-12-27 18:42 - 00000971 ____A C:\Users\Guest\Desktop\SpeedFan.lnk
2012-12-27 18:42 - 2012-12-27 18:42 - 00000045 ____A C:\Windows\SysWOW64\initdebug.nfo
2012-12-27 18:42 - 2012-12-27 18:42 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2012-12-27 18:42 - 2012-12-27 18:42 - 00000000 ____A C:\initdebug.nfo
2012-12-27 17:45 - 2012-12-27 17:16 - 00000000 ____D C:\Tools
2012-12-27 17:43 - 2012-12-27 17:43 - 00072028 ____A C:\Users\All Users\1356648203.bdinstall.bin
2012-12-27 17:43 - 2012-12-27 17:43 - 00021541 ____A C:\Users\All Users\1356648201.bdinstall.bin
2012-12-27 17:13 - 2011-05-06 04:37 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-12-27 17:13 - 2011-05-06 04:37 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-12-27 17:10 - 2012-06-05 22:16 - 00000000 ____D C:\Users\Rob\AppData\Roaming\CyberDefender
2012-12-27 17:10 - 2012-06-05 22:16 - 00000000 ____D C:\Program Files (x86)\CyberDefender
2012-12-27 17:10 - 2012-06-03 14:46 - 00000000 ____D C:\Users\All Users\CyberDefender
2012-12-27 16:35 - 2012-12-27 16:35 - 00000000 ____D C:\Users\rob2\AppData\Roaming\Macromedia
2012-12-27 16:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF
2012-12-27 16:34 - 2012-12-27 16:32 - 00000000 ____D C:\Users\rob2\AppData\Roaming\Google
2012-12-27 16:32 - 2012-12-27 16:32 - 00116856 ____A C:\Users\rob2\AppData\Local\GDIPFONTCACHEV1.DAT
2012-12-27 16:32 - 2012-12-27 16:32 - 00001413 ____A C:\Users\rob2\Desktop\Internet Explorer (64-bit).lnk
2012-12-27 16:32 - 2012-12-27 16:32 - 00000000 ____D C:\Users\rob2\AppData\Roaming\Apple Computer
2012-12-27 16:32 - 2012-12-27 16:32 - 00000000 ____D C:\Users\rob2\AppData\Roaming\Adobe
2012-12-27 16:32 - 2012-12-27 16:32 - 00000000 ____D C:\Users\rob2\AppData\Roaming\Ad-Aware Antivirus
2012-12-27 16:32 - 2012-12-27 16:32 - 00000000 ____D C:\Users\rob2\AppData\Local\Hewlett-Packard
2012-12-27 16:32 - 2012-12-27 16:32 - 00000000 ____D C:\Users\rob2\AppData\Local\Google
2012-12-27 16:32 - 2012-12-27 16:32 - 00000000 ____A C:\Users\rob2\AppData\Local\QSwitch.txt
2012-12-27 16:32 - 2012-12-27 16:32 - 00000000 ____A C:\Users\rob2\AppData\Local\DSwitch.txt
2012-12-27 16:32 - 2012-12-27 16:32 - 00000000 ____A C:\Users\rob2\AppData\Local\AtStart.txt
2012-12-27 16:32 - 2010-12-28 15:37 - 00000504 ____A C:\Users\All Users\FastPics.log
2012-12-27 16:31 - 2012-12-27 16:31 - 00000020 __ASH C:\Users\rob2\ntuser.ini
2012-12-27 16:31 - 2012-12-27 16:31 - 00000000 ____D C:\users\rob2
2012-12-27 16:14 - 2012-12-27 16:13 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Ad-Aware Antivirus
2012-12-27 15:30 - 2012-07-08 18:15 - 00000000 ____D C:\Users\Rob\AppData\Roaming\Free Download Manager
2012-12-27 14:58 - 2012-12-27 14:58 - 00000000 ____D C:\Windows\ERUNT
2012-12-27 14:52 - 2012-12-27 14:52 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-12-27 14:32 - 2012-12-27 14:32 - 00000000 ____D C:\Users\Rob\AppData\Roaming\Malwarebytes
2012-12-27 14:31 - 2012-12-27 14:31 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-27 13:40 - 2012-12-27 13:40 - 00000000 RASHD C:\OSTCS
2012-12-27 12:27 - 2010-10-16 10:43 - 00000000 ____D C:\Users\Rob\AppData\Local\VTShared
2012-12-27 12:16 - 2009-12-04 21:46 - 00000000 ____D C:\ComboFix(2)
2012-12-27 09:51 - 2012-12-27 09:51 - 00022933 ____A C:\Users\All Users\1356619891.bdinstall.bin
2012-12-27 09:36 - 2012-12-27 09:36 - 00041204 ____A C:\Users\All Users\1356618862.bdinstall.bin
2012-12-27 09:28 - 2012-12-27 09:27 - 00000000 ____D C:\Users\Rob\AppData\Local\{FC9F801E-9FC5-45EE-AA5F-5E4176018AA6}
2012-12-27 09:26 - 2012-12-27 09:26 - 00041684 ____A C:\Users\All Users\1356618234.bdinstall.bin
2012-12-27 09:23 - 2012-12-27 09:23 - 00021573 ____A C:\Users\All Users\1356618232.bdinstall.bin
2012-12-27 08:52 - 2012-12-27 08:52 - 00159099 ____A C:\Users\All Users\1356616166.bdinstall.bin
2012-12-27 08:50 - 2012-12-27 08:50 - 00000000 ____D C:\Users\Rob\AppData\Roaming\QuickScan
2012-12-27 08:48 - 2012-12-27 08:48 - 09158120 ____A C:\Users\Rob\Downloads\Antivirus_Free_Edition_x64.exe
2012-12-27 08:48 - 2012-12-27 08:48 - 00162208 ____A C:\Users\Rob\Downloads\Antivirus_Free_Edition.exe
2012-12-26 23:19 - 2012-12-26 23:18 - 22854032 ____A (SUPERAntiSpyware.com) C:\Users\Rob\Downloads\SUPERAntiSpyware.exe
2012-12-26 22:41 - 2009-07-14 00:08 - 00032568 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-26 21:30 - 2012-12-22 19:48 - 00000000 ____D C:\Users\Rob\AppData\Roaming\Opera
2012-12-26 21:30 - 2012-12-22 19:48 - 00000000 ____D C:\Users\Rob\AppData\Local\Opera
2012-12-26 21:30 - 2012-12-22 19:48 - 00000000 ____D C:\Program Files (x86)\Opera
2012-12-26 21:27 - 2012-12-26 21:27 - 00000000 ____D C:\Users\Rob\AppData\Local\{D8FD7DF5-AFAA-4604-A247-40E2D158D76B}
2012-12-26 21:24 - 2010-07-29 20:59 - 00000000 ____D C:\users\Rob
2012-12-26 21:23 - 2012-12-26 19:50 - 00000000 ____D C:\Users\All Users\AVG2013
2012-12-26 21:23 - 2012-11-20 16:52 - 00000000 ____D C:\Program Files (x86)\Soda PDF 2012
2012-12-26 21:22 - 2012-11-04 21:46 - 00000000 ____D C:\Users\All Users\MFAData
2012-12-26 21:22 - 2012-07-26 17:55 - 00000000 ____D C:\users\Guest
2012-12-26 21:22 - 2012-06-19 18:26 - 00000000 ____D C:\Users\Rob\AppData\Local\Update Wicken Defender
2012-12-26 21:22 - 2012-06-15 18:13 - 00000000 ____D C:\Users\Rob\Downloads\eex
2012-12-26 21:22 - 2012-06-07 20:53 - 00000000 ___SD C:\Users\Rob\Documents\My Data Sources
2012-12-26 21:22 - 2012-05-29 09:14 - 00000000 ____D C:\Users\Rob\Documents\uxo stuff
2012-12-26 21:22 - 2012-05-29 09:14 - 00000000 ____D C:\Users\Rob\Documents\Flashdrive 1 contents
2012-12-26 21:22 - 2012-02-19 17:32 - 00000000 ____D C:\Users\Rob\Documents\SharePod_3.98[1]
2012-12-26 21:22 - 2011-03-12 09:28 - 00000000 ____D C:\Users\Rob\Documents\keyfinderthing3[1]
2012-12-26 21:22 - 2010-12-28 15:37 - 00000000 ____D C:\Program Files (x86)\Lexmark Z2300 Series
2012-12-26 21:22 - 2010-07-30 10:24 - 00000000 __RSD C:\Users\Rob\Documents\My Stationery
2012-12-26 21:22 - 2010-06-10 00:57 - 00000000 ____D C:\Users\Rob\Documents\Pazera_Free_MP4_to_AVI_Converter
2012-12-26 21:22 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2012-12-26 21:21 - 2010-10-25 09:18 - 00000000 ____D C:\Users\Rob\Documents\Sniper - Ghost Warrior
2012-12-26 21:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2012-12-26 21:20 - 2012-12-19 06:44 - 00000000 ____D C:\Users\All Users\Package Cache
2012-12-26 21:20 - 2012-12-19 06:44 - 00000000 ____D C:\Program Files\Mobile Stream
2012-12-26 21:20 - 2012-11-27 10:06 - 00000000 ____D C:\pkg-vc10
2012-12-26 21:20 - 2010-01-09 19:05 - 00000000 __RHD C:\MSOCache
2012-12-26 19:52 - 2012-12-26 19:46 - 00000000 ____D C:\Users\Rob\AppData\Local\Avg2013
2012-12-26 19:50 - 2012-12-26 19:50 - 00000000 ___HD C:\$AVG
2012-12-26 10:25 - 2012-12-26 10:25 - 00000000 ____D C:\Users\Rob\AppData\Local\{F30C2D42-26E5-4A85-A36A-2E63C8E0730A}
2012-12-26 06:44 - 2012-12-26 06:44 - 00000000 ____D C:\Users\Rob\AppData\Local\Macromedia
2012-12-25 22:25 - 2012-12-25 10:24 - 00000000 ____D C:\Users\Rob\AppData\Local\{7DDE2CFA-E7A2-4CC2-8EAC-3D5F4CE72572}
2012-12-24 15:48 - 2011-05-26 21:32 - 00000000 ____D C:\Users\Rob\AppData\Local\Downloaded Installations
2012-12-24 11:30 - 2012-10-16 13:22 - 00000000 ____D C:\Program Files (x86)\PokerStars.NET
2012-12-24 10:11 - 2012-06-12 23:10 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-12-24 10:11 - 2012-01-26 01:38 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-12-24 10:04 - 2012-12-24 10:04 - 00000000 ____D C:\Users\Rob\AppData\Local\{CAFEE33B-5C33-4177-913B-15FCDE39167D}
2012-12-23 17:58 - 2012-12-23 17:58 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Opera
2012-12-23 17:58 - 2012-12-23 17:58 - 00000000 ____D C:\Users\Guest\AppData\Local\Opera
2012-12-23 08:43 - 2012-12-22 19:45 - 00000000 ____D C:\Users\Rob\AppData\Local\{581C84B8-F339-4D36-9D75-21207ECB3C94}
2012-12-22 19:47 - 2012-12-22 19:47 - 12774200 ____A (Opera Software ASA) C:\Users\Rob\Downloads\Opera_1212_int_Setup.exe
2012-12-22 18:54 - 2012-12-22 18:54 - 00000000 ____D C:\Users\Rob\AppData\Local\Dagardi
2012-12-22 18:41 - 2011-04-05 12:35 - 00000000 ____D C:\Users\Rob\AppData\Roaming\Mozilla
2012-12-22 18:40 - 2012-12-22 18:40 - 00000000 ____D C:\Users\Rob\AppData\Local\Mozilla
2012-12-22 18:40 - 2012-12-22 18:40 - 00000000 ____D C:\Users\All Users\Mozilla
2012-12-22 18:39 - 2012-12-22 18:39 - 19381840 ____A (Mozilla) C:\Users\Rob\Downloads\Firefox Setup 17.0.1.exe
2012-12-22 07:45 - 2012-12-22 07:45 - 00000000 ____D C:\Users\Rob\AppData\Local\{23A6F913-104C-4AD7-B507-BEF3E55DF99D}
2012-12-21 10:12 - 2012-12-21 10:12 - 00000000 ____D C:\Users\Rob\AppData\Local\{DA9AF6F3-A796-4780-95FA-AC36E7FC1AF5}
2012-12-20 22:11 - 2012-12-19 06:51 - 00000000 ____D C:\Users\Rob\AppData\Local\{1E8958A1-CA63-4FA4-A352-9C549B564774}
2012-12-19 19:02 - 2012-12-19 19:02 - 00002091 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-12-19 07:37 - 2012-12-19 06:42 - 05942928 ____A (Mobile Stream) C:\Users\Rob\Desktop\easytether.exe
2012-12-19 06:59 - 2012-12-19 06:42 - 00000000 ____D C:\Users\Rob\Desktop\Easy tether
2012-12-18 18:51 - 2012-12-14 16:27 - 00000000 ____D C:\Users\Rob\AppData\Local\{15E9FBCC-2D85-469B-8C14-9F7C46A0BB01}

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 38%
Total physical RAM: 3894.87 MB
Available physical RAM: 2399.76 MB
Total Pagefile: 153893.06 MB
Available Pagefile: 152366.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:452.28 GB) (Free:209.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (RECOVERY) (Fixed) (Total:13.18 GB) (Free:2.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 452 GB 200 MB
Partition 3 Primary 13 GB 452 GB
Partition 4 Primary 103 MB 465 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM NTFS Partition 199 MB Healthy System (partition with boot components)

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 452 GB Healthy Boot

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D RECOVERY NTFS Partition 13 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E HP_TOOLS FAT32 Partition 103 MB Healthy

=========================================================

Last Boot: 2013-01-14 20:45

==================== End Of Log =============================
*************************

AdwCleaner[R1].txt - [9486 octets] - [29/12/2012 06:02:01]
AdwCleaner[R2].txt - [906 octets] - [29/12/2012 06:08:08]
AdwCleaner[R3].txt - [2430 octets] - [17/01/2013 20:00:25]
AdwCleaner[S1].txt - [9744 octets] - [29/12/2012 06:02:44]
AdwCleaner[S2].txt - [965 octets] - [29/12/2012 06:09:11]

########## EOF - C:\AdwCleaner[R3].txt - [2609 octets] ##########
///////////////////////////////////////////////////////////////////////

Edited by bombguyrob, 17 January 2013 - 08:22 PM.


#6 bombguyrob

bombguyrob
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 17 January 2013 - 08:11 PM

FARBAR SVC
//////////////

Farbar Service Scanner Version: 16-01-2013
Ran by Rob (administrator) on 17-01-2013 at 20:10:17
Running from "C:\Users\Rob\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#7 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:50 AM

Posted 18 January 2013 - 07:23 AM

Hi

:step1:

You posted an FRST log instead of TDSSkiller log requested.

A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the full contents of that file in your next reply. - If the log is too long, then split it into multiple posts.


:step2:

The Minitoolbox and Adwcleaner logs are also not posted. Please post these in your next reply.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users