Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows wont boot... frst already ran HELP


  • This topic is locked This topic is locked
17 replies to this topic

#1 kingen501

kingen501

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 19 March 2013 - 03:41 AM

I regret the shortness of my message but i am posting this from my phone since it is my only device at the moment. Any help is appreciated.


It started with the redirect virus. then i ran malware, rootkits, and anything else I could find. Then I heard about hitman pro three. Ran then re-booted and windows wont open. Tried restore, dell factory restore, and repair. Nothing worked.
Then i found this wonderful place (bleepingcomputers) and found someone with an issue similar to mine. Ran frst and the fix log for the other member. Computer booted a little farther then got the (Stop c1000135 missing software error) Can anyone help. im including the scan log from farbar.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 7 days old)
Ran by SYSTEM at 20-03-2013 05:28:07
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2122536 2010-05-07] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-13] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3203440 2010-04-06] (Dell Inc.)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash [1449984 2010-10-03] (Intel® Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [487562 2010-08-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot [3926528 2010-08-23] (Dell, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-03-07] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [DATAMNGR] C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE [1115568 2011-02-08] (iMesh, Inc)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4767304 2013-02-28] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Administrator\...\Run: [Best Buy pc app] C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms [x]
HKU\Owner\...\Run: [limewire plus] "C:\Program Files (x86)\Limewire Plus\limewire.exe" -h [x]
HKU\Owner\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-04-04] (Google Inc.)
HKU\Owner\...\Run: [ampmdm] C:\Program Files (x86)\Altnet Music Plugin\AMPMDM.exe [490568 2011-11-24] (Airarena Pty Ltd.)
HKU\Owner\...\Run: [Shop To Win] C:\Program Files (x86)\Shop To Win\ShopToWin.exe [2231808 2012-07-05] (Jackpot Rewards)
HKU\Owner\...\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window [1274832 2013-02-28] (Google Inc.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-10] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ===================

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [45248 2013-02-28] (AVAST Software)
2 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [136912 2013-02-28] (AVAST Software)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [x]

==================== Drivers (Whitelisted) =====================

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33472 2013-02-28] (AVAST Software)
1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [127208 2013-02-28] (AVAST Software)
1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22664 2013-02-28] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [80888 2013-02-28] (AVAST Software)
0 aswNdis; C:\Windows\System32\Drivers\aswNdis.sys [12368 2013-02-18] (ALWIL Software)
0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [263168 2013-02-28] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [71064 2013-02-28] (AVAST Software)
0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65408 2013-02-28] ()
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025880 2013-02-28] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [377992 2013-02-28] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [68992 2013-02-28] (AVAST Software)
0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177672 2013-02-28] ()
3 DroidCam; C:\Windows\System32\Drivers\DroidCam.sys [25216 2013-03-06] (Dev47Apps)
0 Partizan; C:\Windows\SysWow64\Drivers\Partizan.sys [35816 2013-03-07] (Greatis Software)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-03-20 04:20 - 2013-03-20 04:20 - 00000000 __SHD C:\found.000
2013-03-19 07:41 - 2013-03-19 07:41 - 00000000 ____D C:\FRST
2013-03-16 09:27 - 2013-03-16 09:27 - 00000000 ____D C:\Emergency
2013-03-16 09:09 - 2013-03-19 06:18 - 00000000 ____D C:\Windows\SMINST
2013-03-11 15:24 - 2013-03-20 01:44 - 00000000 ____D C:\Program Files (x86)\Pas
2013-03-11 15:22 - 2013-03-11 15:23 - 02586112 ____A C:\Users\Owner\Downloads\IPCamAdapter.msi
2013-03-08 19:13 - 2013-03-08 19:12 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-03-08 19:12 - 2013-03-08 19:12 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-03-08 19:12 - 2013-03-08 19:12 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-03-08 19:12 - 2013-03-08 19:12 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-03-08 19:08 - 2013-03-08 19:08 - 00896928 ____A (Oracle Corporation) C:\Users\Owner\Downloads\chromeinstall-7u17.exe
2013-03-07 19:03 - 2013-03-07 19:02 - 00544688 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2013-03-07 19:03 - 2013-03-07 19:02 - 00193968 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2013-03-07 19:03 - 2013-03-07 19:02 - 00172976 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2013-03-07 19:03 - 2013-03-07 19:02 - 00172976 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2013-03-07 00:51 - 2013-03-20 06:23 - 00000250 ____A C:\Windows\SysWOW64\PARTIZAN.TXT
2013-03-07 00:51 - 2013-03-11 14:33 - 00000224 ____A C:\Windows\setupact.log
2013-03-07 00:51 - 2013-03-07 00:51 - 00275040 ____A C:\Windows\System32\FNTCACHE.DAT
2013-03-07 00:51 - 2013-03-07 00:51 - 00000878 ____A C:\Windows\PFRO.log
2013-03-07 00:51 - 2013-03-07 00:51 - 00000000 ____A C:\Windows\setuperr.log
2013-03-07 00:49 - 2013-03-07 00:49 - 00040208 ____A (Greatis Software) C:\Windows\System32\Partizan.exe
2013-03-07 00:39 - 2013-03-07 00:39 - 00035816 ____A (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2013-03-07 00:38 - 2013-03-20 01:44 - 00000000 ____D C:\Users\Owner\Documents\RegRun2
2013-03-07 00:38 - 2013-03-20 01:44 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2013-03-07 00:38 - 2013-03-07 00:38 - 00000002 RASHOT C:\Windows\winstart.bat
2013-03-07 00:38 - 2013-03-07 00:38 - 00000002 RASHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2013-03-07 00:38 - 2013-03-05 19:34 - 00012800 ____A (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2013-03-07 00:21 - 2013-03-20 01:44 - 00000000 ____D C:\Program Files\CCleaner
2013-03-07 00:20 - 2013-03-07 00:20 - 04190272 ____A (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup328.exe
2013-03-06 20:34 - 2013-03-20 01:43 - 00000000 ____D C:\Program Files (x86)\DroidCam
2013-03-06 20:34 - 2013-03-06 20:34 - 00025216 ____A (Dev47Apps) C:\Windows\System32\Drivers\droidcam.sys
2013-03-06 20:07 - 2013-03-20 01:47 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-03-06 20:06 - 2013-03-06 20:07 - 07781072 ____A (Adobe Systems Inc.) C:\Users\Owner\Downloads\Shockwave_Installer_Slim.exe
2013-03-06 01:53 - 2013-03-20 01:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\dvdcss
2013-03-05 20:23 - 2013-03-20 01:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-05 20:21 - 2013-03-05 20:22 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.70.0.1100.exe
2013-03-05 19:46 - 2013-03-20 01:44 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-03-05 19:06 - 2013-03-20 01:44 - 00000000 ____D C:\Users\Owner\Downloads\Tommy Boy 1995 DvDrip[Eng]-greenbud1969
2013-03-01 13:27 - 2013-03-20 01:44 - 00000000 ____D C:\Users\Owner\Downloads\Flight (2012)
2013-02-28 18:46 - 2013-03-20 01:44 - 00000000 ____D C:\Users\Owner\Downloads\Seven.Psychopaths.2012.720p.BRRip.x264.AC3-JYK
2013-02-28 16:06 - 2013-02-28 03:36 - 00263168 ____A (AVAST Software) C:\Windows\System32\Drivers\aswNdis2.sys
2013-02-28 16:06 - 2013-02-28 03:36 - 00177672 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-02-28 16:06 - 2013-02-28 03:36 - 00127208 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFW.sys
2013-02-28 16:06 - 2013-02-28 03:36 - 00065408 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-02-28 16:06 - 2013-02-28 03:36 - 00022664 ____A (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2013-02-28 16:06 - 2013-02-18 03:41 - 00012368 ____A (ALWIL Software) C:\Windows\System32\Drivers\aswNdis.sys
2013-02-28 15:44 - 2013-02-28 15:44 - 00001960 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-02-28 15:44 - 2013-02-28 15:44 - 00001960 ____A C:\ProgramData\Desktop\avast! Internet Security.lnk
2013-02-28 15:26 - 2013-03-20 01:44 - 00000000 ____D C:\Users\Owner\Downloads\Indiana Jones And The Temple Of Doom (1984) [1080p]
2013-02-28 01:45 - 2013-03-20 01:44 - 00000000 ____D C:\Users\Owner\Downloads\Indiana Jones and the Last Crusade (1989) [1080p]
2013-02-26 13:47 - 2013-03-20 01:44 - 00000000 ____D C:\ProgramData\AVAST Software
2013-02-26 13:47 - 2013-03-20 01:44 - 00000000 ____D C:\ProgramData\Application Data\AVAST Software
2013-02-26 13:47 - 2013-03-20 00:19 - 00000000 ____D C:\Program Files\AVAST Software
2013-02-26 13:47 - 2013-02-28 03:36 - 01025880 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-02-26 13:47 - 2013-02-28 03:36 - 00377992 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-02-26 13:47 - 2013-02-28 03:36 - 00080888 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-02-26 13:47 - 2013-02-28 03:36 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-02-26 13:47 - 2013-02-28 03:36 - 00068992 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-02-26 13:47 - 2013-02-28 03:36 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-02-26 13:47 - 2013-02-28 03:36 - 00033472 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-02-26 13:47 - 2013-02-28 03:35 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-02-26 13:47 - 2012-10-30 18:50 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2013-02-26 13:41 - 2013-02-26 13:46 - 97565024 ____A C:\Users\Owner\Downloads\avast_free_antivirus_setup.exe
2013-02-22 02:57 - 2013-03-20 01:44 - 00000000 ____D C:\Program Files\Alwil Software

==================== One Month Modified Files and Folders =======

2013-03-20 06:23 - 2013-03-07 00:51 - 00000250 ____A C:\Windows\SysWOW64\PARTIZAN.TXT
2013-03-20 05:28 - 2011-04-01 19:26 - 00000000 ____D C:\users\Owner
2013-03-20 04:20 - 2013-03-20 04:20 - 00000000 __SHD C:\found.000
2013-03-20 01:58 - 2013-01-14 05:35 - 00000000 ____D C:\Program Files (x86)\Movie DVD Maker
2013-03-20 01:55 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-03-20 01:55 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-03-20 01:55 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-03-20 01:55 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-03-20 01:55 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-03-20 01:55 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sppui
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ras
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\icsxml
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\com
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sppui
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Setup
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ras
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\oobe
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Msdtc
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\icsxml
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Dism
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\com
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\servicing
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Cursors
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-03-20 01:54 - 2009-07-14 02:45 - 00000000 ____D C:\Windows\ShellNew
2013-03-20 01:54 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2013-03-20 01:54 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-03-20 01:54 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\addins
2013-03-20 01:54 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-03-20 01:54 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-03-20 01:54 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-03-20 01:54 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\TAPI
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\uk-UA
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\th-TH
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sl-SI
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ro-RO
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Recovery
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\hr-HR
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\bg-BG
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\uk-UA
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\th-TH
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sysprep
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sr-Latn-CS
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sl-SI
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sk-SK
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ro-RO
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\manifeststore
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\lv-LV
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\lt-LT
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ias
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\hr-HR
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\he-IL
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\et-EE
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\bg-BG
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ar-SA
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\L2Schemas
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\IME
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Services
2013-03-20 01:47 - 2013-03-06 20:07 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-03-20 01:47 - 2012-02-24 22:55 - 00000000 ____D C:\Windows\System32\Macromed
2013-03-20 01:47 - 2011-07-23 23:24 - 00000000 ____D C:\Windows\SysWOW64\spool
2013-03-20 01:47 - 2011-04-01 23:03 - 00000000 ____D C:\Windows\System32\SPReview
2013-03-20 01:47 - 2011-04-01 22:25 - 00000000 ____D C:\Windows\System32\EventProviders
2013-03-20 01:47 - 2010-11-27 14:45 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-03-20 01:47 - 2010-11-27 14:45 - 00000000 ____D C:\Windows\System32\SRSLabs
2013-03-20 01:47 - 2010-11-27 12:53 - 00000000 ____D C:\Windows\SysWOW64\Atheros_L1e
2013-03-20 01:47 - 2010-11-27 12:50 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-03-20 01:47 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\SysWOW64\winrm
2013-03-20 01:47 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\SysWOW64\WCN
2013-03-20 01:47 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2013-03-20 01:47 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2013-03-20 01:47 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\System32\winrm
2013-03-20 01:47 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\System32\WCN
2013-03-20 01:47 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\System32\slmgr
2013-03-20 01:47 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2013-03-20 01:47 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2013-03-20 01:47 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\WindowsPowerShell
2013-03-20 01:47 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\restore
2013-03-20 01:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\spp
2013-03-20 01:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Speech
2013-03-20 01:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\NetworkList
2013-03-20 01:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2013-03-20 01:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Msdtc
2013-03-20 01:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\IME
2013-03-20 01:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\spp
2013-03-20 01:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\spool
2013-03-20 01:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Speech
2013-03-20 01:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\SMI
2013-03-20 01:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF
2013-03-20 01:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\MUI
2013-03-20 01:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\IME
2013-03-20 01:46 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\Setup
2013-03-20 01:45 - 2011-07-23 23:22 - 00000000 ____D C:\Windows\hpoj4500g510n-z
2013-03-20 01:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\security
2013-03-20 01:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\schemas
2013-03-20 01:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Resources
2013-03-20 01:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PLA
2013-03-20 01:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help
2013-03-20 01:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Globalization
2013-03-20 01:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Branding
2013-03-20 01:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-03-20 01:44 - 2013-03-11 15:24 - 00000000 ____D C:\Program Files (x86)\Pas
2013-03-20 01:44 - 2013-03-07 00:38 - 00000000 ____D C:\Users\Owner\Documents\RegRun2
2013-03-20 01:44 - 2013-03-07 00:38 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2013-03-20 01:44 - 2013-03-07 00:21 - 00000000 ____D C:\Program Files\CCleaner
2013-03-20 01:44 - 2013-03-06 01:53 - 00000000 ____D C:\Users\Owner\AppData\Roaming\dvdcss
2013-03-20 01:44 - 2013-03-05 19:46 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-03-20 01:44 - 2013-03-05 19:06 - 00000000 ____D C:\Users\Owner\Downloads\Tommy Boy 1995 DvDrip[Eng]-greenbud1969
2013-03-20 01:44 - 2013-03-01 13:27 - 00000000 ____D C:\Users\Owner\Downloads\Flight (2012)
2013-03-20 01:44 - 2013-02-28 18:46 - 00000000 ____D C:\Users\Owner\Downloads\Seven.Psychopaths.2012.720p.BRRip.x264.AC3-JYK
2013-03-20 01:44 - 2013-02-28 15:26 - 00000000 ____D C:\Users\Owner\Downloads\Indiana Jones And The Temple Of Doom (1984) [1080p]
2013-03-20 01:44 - 2013-02-28 01:45 - 00000000 ____D C:\Users\Owner\Downloads\Indiana Jones and the Last Crusade (1989) [1080p]
2013-03-20 01:44 - 2013-02-26 13:47 - 00000000 ____D C:\ProgramData\AVAST Software
2013-03-20 01:44 - 2013-02-26 13:47 - 00000000 ____D C:\ProgramData\Application Data\AVAST Software
2013-03-20 01:44 - 2013-02-22 02:57 - 00000000 ____D C:\Program Files\Alwil Software
2013-03-20 01:44 - 2013-02-07 00:48 - 00000000 ____D C:\Users\Owner\Downloads\The.Hobbit.2012.DVDScr.XVID.AC3.HQ.Hive-CM8
2013-03-20 01:44 - 2013-02-04 21:40 - 00000000 ____D C:\Users\Owner\Downloads\Pitch Perfect 2012 DVDRip XviD-SPARKS
2013-03-20 01:44 - 2013-01-14 05:34 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-03-20 01:44 - 2013-01-14 05:33 - 00000000 ____D C:\Users\Owner\AppData\Roaming\WinRARPackages
2013-03-20 01:44 - 2013-01-14 05:33 - 00000000 ____D C:\Users\Owner\AppData\Local\couponamazing
2013-03-20 01:44 - 2012-12-05 18:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-03-20 01:44 - 2012-12-05 18:10 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes
2013-03-20 01:44 - 2012-11-19 15:50 - 00000000 ____D C:\Users\Owner\Desktop\Movies
2013-03-20 01:44 - 2012-11-15 21:08 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2013-03-20 01:44 - 2012-11-15 21:05 - 00000000 ____D C:\Users\Owner\Downloads\vlc-2.0.4-win32
2013-03-20 01:44 - 2012-10-23 20:32 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Shop to Win 30
2013-03-20 01:44 - 2012-10-23 20:32 - 00000000 ____D C:\Users\Owner\AppData\Roaming\QwiklinxForChrome
2013-03-20 01:44 - 2012-10-23 20:32 - 00000000 ____D C:\Program Files (x86)\Shop To Win
2013-03-20 01:44 - 2012-10-23 20:32 - 00000000 ____D C:\Program Files (x86)\QwiklinxForChrome
2013-03-20 01:44 - 2012-08-01 23:04 - 00000000 ____D C:\Users\Owner\AppData\Roaming\BitTorrent
2013-03-20 01:44 - 2012-02-27 18:36 - 00000000 ____D C:\Program Files (x86)\VideoBuzz
2013-03-20 01:44 - 2012-02-27 18:14 - 00000000 ____D C:\ProgramData\Norton
2013-03-20 01:44 - 2012-02-27 18:14 - 00000000 ____D C:\ProgramData\Application Data\Norton
2013-03-20 01:44 - 2012-02-27 18:14 - 00000000 ____D C:\Program Files (x86)\Music Oasis
2013-03-20 01:44 - 2012-02-24 18:13 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Mozilla
2013-03-20 01:44 - 2012-02-06 18:12 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Azureus
2013-03-20 01:44 - 2012-02-06 18:11 - 00000000 ____D C:\Users\Owner\.frostwire5
2013-03-20 01:44 - 2012-02-06 18:07 - 00000000 ____D C:\Users\Owner\AppData\Local\getdislike
2013-03-20 01:44 - 2012-02-06 18:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-03-20 01:44 - 2011-11-02 23:27 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SoftGrid Client
2013-03-20 01:44 - 2011-11-02 23:26 - 00000000 ____D C:\Program Files\Microsoft Office
2013-03-20 01:44 - 2011-07-23 23:26 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-03-20 01:44 - 2011-07-23 23:26 - 00000000 ____D C:\ProgramData\Application Data\Yahoo! Companion
2013-03-20 01:44 - 2011-07-23 23:26 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-03-20 01:44 - 2011-07-23 23:24 - 00000000 ____D C:\ProgramData\HP Product Assistant
2013-03-20 01:44 - 2011-07-23 23:24 - 00000000 ____D C:\ProgramData\Application Data\HP Product Assistant
2013-03-20 01:44 - 2011-07-23 22:20 - 00000000 ____D C:\ProgramData\HP
2013-03-20 01:44 - 2011-07-23 22:20 - 00000000 ____D C:\ProgramData\Application Data\HP
2013-03-20 01:44 - 2011-05-24 13:59 - 00000000 ____D C:\Program Files\Dell Support Center
2013-03-20 01:44 - 2011-04-20 11:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\PCDr
2013-03-20 01:44 - 2011-04-20 11:00 - 00000000 ____D C:\ProgramData\PCDr
2013-03-20 01:44 - 2011-04-20 11:00 - 00000000 ____D C:\ProgramData\Application Data\PCDr
2013-03-20 01:44 - 2011-04-04 17:52 - 00000000 ___HD C:\Users\Owner\AppData\Local\Google
2013-03-20 01:44 - 2011-04-04 17:52 - 00000000 ____D C:\Program Files\Google
2013-03-20 01:44 - 2011-04-04 17:51 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-03-20 01:44 - 2011-04-04 17:51 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2013-03-20 01:44 - 2011-04-04 17:51 - 00000000 ____D C:\ProgramData\Skype
2013-03-20 01:44 - 2011-04-04 17:51 - 00000000 ____D C:\ProgramData\Google
2013-03-20 01:44 - 2011-04-04 17:51 - 00000000 ____D C:\ProgramData\Application Data\Skype
2013-03-20 01:44 - 2011-04-04 17:51 - 00000000 ____D C:\ProgramData\Application Data\Google
2013-03-20 01:44 - 2011-04-02 23:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\LimeWire
2013-03-20 01:44 - 2011-04-02 22:52 - 00000000 ____D C:\ProgramData\Application Data\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2013-03-20 01:44 - 2011-04-02 22:52 - 00000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2013-03-20 01:44 - 2011-04-02 22:52 - 00000000 ____D C:\Program Files\iTunes
2013-03-20 01:44 - 2011-04-02 22:52 - 00000000 ____D C:\Program Files\iPod
2013-03-20 01:44 - 2011-04-02 22:51 - 00000000 ____D C:\ProgramData\Application Data\Apple Computer
2013-03-20 01:44 - 2011-04-02 22:51 - 00000000 ____D C:\ProgramData\Apple Computer
2013-03-20 01:44 - 2011-04-02 22:51 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-03-20 01:44 - 2011-04-02 22:51 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-03-20 01:44 - 2011-04-02 22:50 - 00000000 ____D C:\ProgramData\Application Data\Apple
2013-03-20 01:44 - 2011-04-02 22:50 - 00000000 ____D C:\ProgramData\Apple
2013-03-20 01:44 - 2011-04-02 22:50 - 00000000 ____D C:\Program Files\Bonjour
2013-03-20 01:44 - 2011-04-02 22:08 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2013-03-20 01:44 - 2011-04-02 22:08 - 00000000 ____D C:\ProgramData\Application Data\Kaspersky Lab Setup Files
2013-03-20 01:44 - 2011-04-02 22:06 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Macrovision
2013-03-20 01:44 - 2011-04-02 21:52 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Macromedia
2013-03-20 01:44 - 2011-04-02 21:52 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Adobe
2013-03-20 01:44 - 2011-04-02 21:42 - 00000000 ____D C:\Users\Owner\Desktop\My Shared Folder
2013-03-20 01:44 - 2011-04-01 19:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Roxio
2013-03-20 01:44 - 2011-04-01 19:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Intel
2013-03-20 01:44 - 2011-04-01 19:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Creative
2013-03-20 01:44 - 2011-04-01 19:41 - 00000000 ____D C:\Users\Owner\AppData\Local\Stardock_Corporation
2013-03-20 01:44 - 2010-11-27 14:45 - 00000000 ____D C:\Program Files\Realtek
2013-03-20 01:44 - 2010-11-27 13:30 - 00000000 ____D C:\Program Files (x86)\System Registration
2013-03-20 01:44 - 2010-11-27 13:17 - 00000000 __HDC C:\ProgramData\Application Data\{7B344F95-C8A2-414E-BF1A-2D2F08D3D6B2}
2013-03-20 01:44 - 2010-11-27 13:17 - 00000000 __HDC C:\ProgramData\{7B344F95-C8A2-414E-BF1A-2D2F08D3D6B2}
2013-03-20 01:44 - 2010-11-27 13:17 - 00000000 ____D C:\ProgramData\Best Buy pc app
2013-03-20 01:44 - 2010-11-27 13:17 - 00000000 ____D C:\ProgramData\Application Data\Best Buy pc app
2013-03-20 01:44 - 2010-11-27 13:13 - 00000000 __HDC C:\ProgramData\Application Data\{04A07C23-5821-4F25-BF46-1188636AE238}
2013-03-20 01:44 - 2010-11-27 13:13 - 00000000 __HDC C:\ProgramData\{04A07C23-5821-4F25-BF46-1188636AE238}
2013-03-20 01:44 - 2010-11-27 13:06 - 00000000 ____D C:\Program Files (x86)\Windows Live SkyDrive
2013-03-20 01:44 - 2010-11-27 13:05 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-03-20 01:44 - 2010-11-27 12:56 - 00000000 ____D C:\ProgramData\Intel
2013-03-20 01:44 - 2010-11-27 12:56 - 00000000 ____D C:\ProgramData\Application Data\Intel
2013-03-20 01:44 - 2010-11-27 12:52 - 00000000 ____D C:\Program Files\Dell Inc
2013-03-20 01:44 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-03-20 01:44 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\MSBuild
2013-03-20 01:44 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Microsoft Games
2013-03-20 01:44 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-03-20 01:44 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Windows NT
2013-03-20 01:44 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-03-20 01:44 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2013-03-20 01:43 - 2013-03-06 20:34 - 00000000 ____D C:\Program Files (x86)\DroidCam
2013-03-20 01:43 - 2013-03-05 20:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-20 01:43 - 2012-12-05 16:57 - 00000000 ____D C:\Program Files (x86)\DownloadManager
2013-03-20 01:43 - 2012-03-20 15:50 - 00000000 ____D C:\Program Files (x86)\Altnet Music Plugin
2013-03-20 01:43 - 2012-02-27 18:35 - 00000000 ____D C:\Program Files (x86)\Driver-Soft
2013-03-20 01:43 - 2012-02-27 18:13 - 00000000 ____D C:\Program Files (x86)\Free Offers from Freeze.com
2013-03-20 01:43 - 2012-02-13 21:02 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-03-20 01:43 - 2012-02-06 18:10 - 00000000 ____D C:\Program Files (x86)\FrostWire 5
2013-03-20 01:43 - 2012-01-06 19:16 - 00000000 ____D C:\Program Files (x86)\iMesh Applications
2013-03-20 01:43 - 2011-11-02 23:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-03-20 01:43 - 2011-07-23 23:20 - 00000000 ____D C:\Program Files (x86)\HP
2013-03-20 01:43 - 2011-06-21 14:27 - 00000000 ____D C:\Program Files (x86)\Apex Fitness
2013-03-20 01:43 - 2011-05-29 10:21 - 00000000 ____D C:\Program Files (x86)\Boingo
2013-03-20 01:43 - 2011-04-04 17:51 - 00000000 ____D C:\Program Files (x86)\Google
2013-03-20 01:43 - 2011-04-02 22:52 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-03-20 01:43 - 2011-04-02 22:50 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-03-20 01:43 - 2010-11-27 14:15 - 00000000 ____D C:\DELL
2013-03-20 01:43 - 2010-11-27 13:27 - 00000000 ____D C:\Program Files (x86)\Creative
2013-03-20 01:43 - 2010-11-27 13:26 - 00000000 ____D C:\Program Files (x86)\Creative Live! Cam
2013-03-20 01:43 - 2010-11-27 13:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-03-20 01:43 - 2010-11-27 13:21 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-03-20 01:43 - 2010-11-27 13:10 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-03-20 01:43 - 2010-11-27 13:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-03-20 01:43 - 2010-11-27 12:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-03-20 01:43 - 2010-11-27 12:52 - 00000000 ____D C:\Program Files (x86)\Java
2013-03-20 01:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-03-20 00:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Web
2013-03-20 00:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Vss
2013-03-20 00:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NetworkList
2013-03-20 00:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Speech
2013-03-20 00:32 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Performance
2013-03-20 00:23 - 2012-02-27 18:36 - 00000000 ____D C:\Users\Default\Application Data\Macromedia
2013-03-20 00:23 - 2012-02-27 18:36 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-03-20 00:23 - 2012-02-27 18:36 - 00000000 ____D C:\Users\Default User\Application Data\Macromedia
2013-03-20 00:23 - 2012-02-27 18:36 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-03-20 00:23 - 2011-04-21 21:53 - 00000000 ___HD C:\Users\Owner\AppData\Local\Adobe
2013-03-20 00:23 - 2011-04-03 20:35 - 00000000 ____D C:\Users\Owner\AppData\Local\Microsoft Games
2013-03-20 00:23 - 2011-04-01 19:41 - 00000000 ____D C:\Users\Owner\AppData\Local\Apps\2.0
2013-03-20 00:23 - 2010-11-27 13:25 - 00000000 ____D C:\ProgramData\Uninstall
2013-03-20 00:23 - 2010-11-27 13:25 - 00000000 ____D C:\ProgramData\Application Data\Uninstall
2013-03-20 00:23 - 2009-07-13 22:20 - 00000000 __RHD C:\users\Default
2013-03-20 00:22 - 2010-11-27 13:25 - 00000000 ____D C:\ProgramData\Macrovision
2013-03-20 00:22 - 2010-11-27 13:25 - 00000000 ____D C:\ProgramData\Application Data\Macrovision
2013-03-20 00:22 - 2010-11-27 13:17 - 00000000 ____D C:\ProgramData\McAfee
2013-03-20 00:22 - 2010-11-27 13:17 - 00000000 ____D C:\ProgramData\Application Data\McAfee
2013-03-20 00:22 - 2010-11-27 12:56 - 00000000 ____D C:\ProgramData\Dell
2013-03-20 00:22 - 2010-11-27 12:56 - 00000000 ____D C:\ProgramData\Application Data\Dell
2013-03-20 00:21 - 2010-11-27 14:41 - 00000000 ____D C:\Program Files\Synaptics
2013-03-20 00:21 - 2010-11-27 13:00 - 00000000 ____D C:\Program Files\WIDCOMM
2013-03-20 00:21 - 2010-11-27 12:56 - 00000000 ____D C:\Program Files\Intel
2013-03-20 00:21 - 2010-11-27 12:52 - 00000000 ____D C:\Program Files\Java
2013-03-20 00:20 - 2010-11-27 12:56 - 00000000 ____D C:\Program Files\Dell
2013-03-20 00:20 - 2010-11-27 12:56 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-03-20 00:20 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2013-03-20 00:19 - 2013-02-26 13:47 - 00000000 ____D C:\Program Files\AVAST Software
2013-03-20 00:19 - 2010-11-27 13:25 - 00000000 ____D C:\Program Files (x86)\Roxio
2013-03-20 00:19 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-03-20 00:18 - 2010-11-27 13:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2013-03-20 00:18 - 2010-11-27 13:07 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-03-20 00:17 - 2010-11-27 14:44 - 00000000 ____D C:\Program Files (x86)\Intel
2013-03-20 00:16 - 2010-11-27 13:30 - 00000000 ____D C:\Program Files (x86)\Dell
2013-03-20 00:15 - 2010-11-27 13:11 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-03-20 00:15 - 2010-11-27 12:56 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-03-19 07:41 - 2013-03-19 07:41 - 00000000 ____D C:\FRST
2013-03-19 06:19 - 2010-11-27 14:28 - 00000000 ____D C:\PostVistaPE
2013-03-19 06:19 - 2010-11-27 13:33 - 00000000 ____D C:\Users\Administrator\Application Data\Creative
2013-03-19 06:19 - 2010-11-27 13:33 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Creative
2013-03-19 06:19 - 2010-11-27 13:17 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
2013-03-19 06:19 - 2010-11-27 13:17 - 00000000 ____D C:\Program Files\mcafee
2013-03-19 06:19 - 2010-11-27 13:17 - 00000000 ____D C:\Program Files\Common Files\mcafee
2013-03-19 06:19 - 2010-11-27 13:13 - 00000000 ____D C:\Users\Administrator\Local Settings\Stardock_Corporation
2013-03-19 06:19 - 2010-11-27 13:13 - 00000000 ____D C:\Users\Administrator\Local Settings\Application Data\Stardock_Corporation
2013-03-19 06:19 - 2010-11-27 13:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\Stardock_Corporation
2013-03-19 06:19 - 2009-07-14 02:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-03-19 06:19 - 2009-07-14 00:08 - 00000000 ____D C:\users\Administrator
2013-03-19 06:18 - 2013-03-16 09:09 - 00000000 ____D C:\Windows\SMINST
2013-03-16 09:27 - 2013-03-16 09:27 - 00000000 ____D C:\Emergency
2013-03-11 15:42 - 2011-04-04 17:52 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-03-11 15:42 - 2011-04-04 17:52 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-03-11 15:23 - 2013-03-11 15:22 - 02586112 ____A C:\Users\Owner\Downloads\IPCamAdapter.msi
2013-03-11 15:22 - 2012-12-03 22:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-03-11 15:04 - 2009-07-14 00:10 - 01690141 ____A C:\Windows\WindowsUpdate.log
2013-03-11 14:42 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-03-11 14:42 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-03-11 14:39 - 2009-07-14 00:13 - 00727398 ____A C:\Windows\System32\PerfStringBackup.INI
2013-03-11 14:34 - 2010-11-27 13:02 - 00000050 ____A C:\Windows\System32\SupplicantTest.log
2013-03-11 14:33 - 2013-03-07 00:51 - 00000224 ____A C:\Windows\setupact.log
2013-03-11 14:33 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-03-08 19:12 - 2013-03-08 19:13 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-03-08 19:12 - 2013-03-08 19:12 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-03-08 19:12 - 2013-03-08 19:12 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-03-08 19:12 - 2013-03-08 19:12 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-03-08 19:12 - 2012-12-02 21:34 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-03-08 19:12 - 2010-11-27 12:52 - 00782240 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-03-08 19:08 - 2013-03-08 19:08 - 00896928 ____A (Oracle Corporation) C:\Users\Owner\Downloads\chromeinstall-7u17.exe
2013-03-07 19:02 - 2013-03-07 19:03 - 00544688 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2013-03-07 19:02 - 2013-03-07 19:03 - 00193968 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2013-03-07 19:02 - 2013-03-07 19:03 - 00172976 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2013-03-07 19:02 - 2013-03-07 19:03 - 00172976 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2013-03-07 19:02 - 2010-11-27 12:52 - 00526256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2013-03-07 00:51 - 2013-03-07 00:51 - 00275040 ____A C:\Windows\System32\FNTCACHE.DAT
2013-03-07 00:51 - 2013-03-07 00:51 - 00000878 ____A C:\Windows\PFRO.log
2013-03-07 00:51 - 2013-03-07 00:51 - 00000000 ____A C:\Windows\setuperr.log
2013-03-07 00:49 - 2013-03-07 00:49 - 00040208 ____A (Greatis Software) C:\Windows\System32\Partizan.exe
2013-03-07 00:39 - 2013-03-07 00:39 - 00035816 ____A (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2013-03-07 00:38 - 2013-03-07 00:38 - 00000002 RASHOT C:\Windows\winstart.bat
2013-03-07 00:38 - 2013-03-07 00:38 - 00000002 RASHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2013-03-07 00:20 - 2013-03-07 00:20 - 04190272 ____A (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup328.exe
2013-03-06 20:34 - 2013-03-06 20:34 - 00025216 ____A (Dev47Apps) C:\Windows\System32\Drivers\droidcam.sys
2013-03-06 20:07 - 2013-03-06 20:06 - 07781072 ____A (Adobe Systems Inc.) C:\Users\Owner\Downloads\Shockwave_Installer_Slim.exe
2013-03-06 19:39 - 2011-06-14 19:32 - 00005120 ____A C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-03-05 20:22 - 2013-03-05 20:21 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.70.0.1100.exe
2013-03-05 19:34 - 2013-03-07 00:38 - 00012800 ____A (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2013-02-28 15:44 - 2013-02-28 15:44 - 00001960 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-02-28 15:44 - 2013-02-28 15:44 - 00001960 ____A C:\ProgramData\Desktop\avast! Internet Security.lnk
2013-02-28 03:36 - 2013-02-28 16:06 - 00263168 ____A (AVAST Software) C:\Windows\System32\Drivers\aswNdis2.sys
2013-02-28 03:36 - 2013-02-28 16:06 - 00177672 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-02-28 03:36 - 2013-02-28 16:06 - 00127208 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFW.sys
2013-02-28 03:36 - 2013-02-28 16:06 - 00065408 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-02-28 03:36 - 2013-02-28 16:06 - 00022664 ____A (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2013-02-28 03:36 - 2013-02-26 13:47 - 01025880 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-02-28 03:36 - 2013-02-26 13:47 - 00377992 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-02-28 03:36 - 2013-02-26 13:47 - 00080888 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-02-28 03:36 - 2013-02-26 13:47 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-02-28 03:36 - 2013-02-26 13:47 - 00068992 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-02-28 03:36 - 2013-02-26 13:47 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-02-28 03:36 - 2013-02-26 13:47 - 00033472 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-02-28 03:35 - 2013-02-26 13:47 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-02-26 17:22 - 2012-12-03 23:22 - 16473456 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-02-26 17:22 - 2012-12-03 22:52 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-02-26 17:22 - 2012-01-16 20:08 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-02-26 13:46 - 2013-02-26 13:41 - 97565024 ____A C:\Users\Owner\Downloads\avast_free_antivirus_setup.exe
2013-02-26 13:35 - 2012-10-19 23:25 - 00002257 ____A C:\Users\Owner\Desktop\Google Chrome.lnk
2013-02-18 03:41 - 2013-02-28 16:06 - 00012368 ____A (ALWIL Software) C:\Windows\System32\Drivers\aswNdis.sys

==================== Known DLLs (Whitelisted) =================

C:\Windows\System32\LPK.dll IS MISSING MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-03-06 20:35:13
Restore point made on: 2013-03-07 00:48:14
Restore point made on: 2013-03-08 19:12:09
Restore point made on: 2013-03-11 15:23:51
Restore point made on: 2013-03-11 15:46:39

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3892.52 MB
Available physical RAM: 3274.92 MB
Total Pagefile: 3890.67 MB
Available Pagefile: 3306.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:451 GB) (Free:328.5 GB) NTFS
3 Drive e: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
4 Drive f: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 13 MB
Disk 1 No Media 0 B 0 B
Disk 2 Online 1910 MB 0 B

Partitions of Disk 0:
===============

Disk ID: 07F2837E

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 101 MB 31 KB
Partition 2 Primary 14 GB 101 MB
Partition 3 Primary 450 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 101 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 F RECOVERY NTFS Partition 14 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 450 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Disk ID: 00000000

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1909 MB 1024 KB

==================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E FAT32 Removable 1909 MB Healthy

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 07F2837E

Partition 1:
=========
Hex: 00010100DEFE3F0C3F0000008E2F0300
Active: NO
Type: DE
Size: 102 MB

Partition 2:
=========
Hex: 8000010D07FEFFFFCD2F030000C0D401
Active: YES
Type: 07 (NTFS)
Size: 15 GB

Partition 3:
=========
Hex: 00FEFFFF07FEFFFFCDEFD70163F85F38
Active: NO
Type: 07 (NTFS)
Size: 451 GB

==============================
Partitions of Disk 2:
===============
Disk ID: 00000000

Partition 1:
=========
Hex: 80FFFFFF0CFFFFFF0008000000A83B00
Active: YES
Type: 0C
Size: 2 GB


Last Boot: 2010-11-27 14:43

==================== End Of Log =============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 7 days old)
Ran by SYSTEM at 20-03-2013 05:28:07
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2122536 2010-05-07] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-13] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3203440 2010-04-06] (Dell Inc.)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash [1449984 2010-10-03] (Intel® Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [487562 2010-08-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot [3926528 2010-08-23] (Dell, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-03-07] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [DATAMNGR] C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE [1115568 2011-02-08] (iMesh, Inc)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4767304 2013-02-28] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Administrator\...\Run: [Best Buy pc app] C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms [x]
HKU\Owner\...\Run: [limewire plus] "C:\Program Files (x86)\Limewire Plus\limewire.exe" -h [x]
HKU\Owner\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-04-04] (Google Inc.)
HKU\Owner\...\Run: [ampmdm] C:\Program Files (x86)\Altnet Music Plugin\AMPMDM.exe [490568 2011-11-24] (Airarena Pty Ltd.)
HKU\Owner\...\Run: [Shop To Win] C:\Program Files (x86)\Shop To Win\ShopToWin.exe [2231808 2012-07-05] (Jackpot Rewards)
HKU\Owner\...\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window [1274832 2013-02-28] (Google Inc.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-10] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ===================

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [45248 2013-02-28] (AVAST Software)
2 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [136912 2013-02-28] (AVAST Software)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [x]

==================== Drivers (Whitelisted) =====================

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33472 2013-02-28] (AVAST Software)
1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [127208 2013-02-28] (AVAST Software)
1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22664 2013-02-28] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [80888 2013-02-28] (AVAST Software)
0 aswNdis; C:\Windows\System32\Drivers\aswNdis.sys [12368 2013-02-18] (ALWIL Software)
0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [263168 2013-02-28] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [71064 2013-02-28] (AVAST Software)
0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65408 2013-02-28] ()
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025880 2013-02-28] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [377992 2013-02-28] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [68992 2013-02-28] (AVAST Software)
0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177672 2013-02-28] ()
3 DroidCam; C:\Windows\System32\Drivers\DroidCam.sys [25216 2013-03-06] (Dev47Apps)
0 Partizan; C:\Windows\SysWow64\Drivers\Partizan.sys [35816 2013-03-07] (Greatis Software)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-03-20 04:20 - 2013-03-20 04:20 - 00000000 __SHD C:\found.000
2013-03-19 07:41 - 2013-03-19 07:41 - 00000000 ____D C:\FRST
2013-03-16 09:27 - 2013-03-16 09:27 - 00000000 ____D C:\Emergency
2013-03-16 09:09 - 2013-03-19 06:18 - 00000000 ____D C:\Windows\SMINST
2013-03-11 15:24 - 2013-03-20 01:44 - 00000000 ____D C:\Program Files (x86)\Pas
2013-03-11 15:22 - 2013-03-11 15:23 - 02586112 ____A C:\Users\Owner\Downloads\IPCamAdapter.msi
2013-03-08 19:13 - 2013-03-08 19:12 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-03-08 19:12 - 2013-03-08 19:12 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-03-08 19:12 - 2013-03-08 19:12 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-03-08 19:12 - 2013-03-08 19:12 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-03-08 19:08 - 2013-03-08 19:08 - 00896928 ____A (Oracle Corporation) C:\Users\Owner\Downloads\chromeinstall-7u17.exe
2013-03-07 19:03 - 2013-03-07 19:02 - 00544688 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2013-03-07 19:03 - 2013-03-07 19:02 - 00193968 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2013-03-07 19:03 - 2013-03-07 19:02 - 00172976 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2013-03-07 19:03 - 2013-03-07 19:02 - 00172976 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2013-03-07 00:51 - 2013-03-20 06:23 - 00000250 ____A C:\Windows\SysWOW64\PARTIZAN.TXT
2013-03-07 00:51 - 2013-03-11 14:33 - 00000224 ____A C:\Windows\setupact.log
2013-03-07 00:51 - 2013-03-07 00:51 - 00275040 ____A C:\Windows\System32\FNTCACHE.DAT
2013-03-07 00:51 - 2013-03-07 00:51 - 00000878 ____A C:\Windows\PFRO.log
2013-03-07 00:51 - 2013-03-07 00:51 - 00000000 ____A C:\Windows\setuperr.log
2013-03-07 00:49 - 2013-03-07 00:49 - 00040208 ____A (Greatis Software) C:\Windows\System32\Partizan.exe
2013-03-07 00:39 - 2013-03-07 00:39 - 00035816 ____A (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2013-03-07 00:38 - 2013-03-20 01:44 - 00000000 ____D C:\Users\Owner\Documents\RegRun2
2013-03-07 00:38 - 2013-03-20 01:44 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2013-03-07 00:38 - 2013-03-07 00:38 - 00000002 RASHOT C:\Windows\winstart.bat
2013-03-07 00:38 - 2013-03-07 00:38 - 00000002 RASHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2013-03-07 00:38 - 2013-03-05 19:34 - 00012800 ____A (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2013-03-07 00:21 - 2013-03-20 01:44 - 00000000 ____D C:\Program Files\CCleaner
2013-03-07 00:20 - 2013-03-07 00:20 - 04190272 ____A (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup328.exe
2013-03-06 20:34 - 2013-03-20 01:43 - 00000000 ____D C:\Program Files (x86)\DroidCam
2013-03-06 20:34 - 2013-03-06 20:34 - 00025216 ____A (Dev47Apps) C:\Windows\System32\Drivers\droidcam.sys
2013-03-06 20:07 - 2013-03-20 01:47 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-03-06 20:06 - 2013-03-06 20:07 - 07781072 ____A (Adobe Systems Inc.) C:\Users\Owner\Downloads\Shockwave_Installer_Slim.exe
2013-03-06 01:53 - 2013-03-20 01:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\dvdcss
2013-03-05 20:23 - 2013-03-20 01:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-05 20:21 - 2013-03-05 20:22 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.70.0.1100.exe
2013-03-05 19:46 - 2013-03-20 01:44 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-03-05 19:06 - 2013-03-20 01:44 - 00000000 ____D C:\Users\Owner\Downloads\Tommy Boy 1995 DvDrip[Eng]-greenbud1969
2013-03-01 13:27 - 2013-03-20 01:44 - 00000000 ____D C:\Users\Owner\Downloads\Flight (2012)
2013-02-28 18:46 - 2013-03-20 01:44 - 00000000 ____D C:\Users\Owner\Downloads\Seven.Psychopaths.2012.720p.BRRip.x264.AC3-JYK
2013-02-28 16:06 - 2013-02-28 03:36 - 00263168 ____A (AVAST Software) C:\Windows\System32\Drivers\aswNdis2.sys
2013-02-28 16:06 - 2013-02-28 03:36 - 00177672 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-02-28 16:06 - 2013-02-28 03:36 - 00127208 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFW.sys
2013-02-28 16:06 - 2013-02-28 03:36 - 00065408 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-02-28 16:06 - 2013-02-28 03:36 - 00022664 ____A (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2013-02-28 16:06 - 2013-02-18 03:41 - 00012368 ____A (ALWIL Software) C:\Windows\System32\Drivers\aswNdis.sys
2013-02-28 15:44 - 2013-02-28 15:44 - 00001960 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-02-28 15:44 - 2013-02-28 15:44 - 00001960 ____A C:\ProgramData\Desktop\avast! Internet Security.lnk
2013-02-28 15:26 - 2013-03-20 01:44 - 00000000 ____D C:\Users\Owner\Downloads\Indiana Jones And The Temple Of Doom (1984) [1080p]
2013-02-28 01:45 - 2013-03-20 01:44 - 00000000 ____D C:\Users\Owner\Downloads\Indiana Jones and the Last Crusade (1989) [1080p]
2013-02-26 13:47 - 2013-03-20 01:44 - 00000000 ____D C:\ProgramData\AVAST Software
2013-02-26 13:47 - 2013-03-20 01:44 - 00000000 ____D C:\ProgramData\Application Data\AVAST Software
2013-02-26 13:47 - 2013-03-20 00:19 - 00000000 ____D C:\Program Files\AVAST Software
2013-02-26 13:47 - 2013-02-28 03:36 - 01025880 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-02-26 13:47 - 2013-02-28 03:36 - 00377992 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-02-26 13:47 - 2013-02-28 03:36 - 00080888 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-02-26 13:47 - 2013-02-28 03:36 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-02-26 13:47 - 2013-02-28 03:36 - 00068992 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-02-26 13:47 - 2013-02-28 03:36 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-02-26 13:47 - 2013-02-28 03:36 - 00033472 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-02-26 13:47 - 2013-02-28 03:35 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-02-26 13:47 - 2012-10-30 18:50 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2013-02-26 13:41 - 2013-02-26 13:46 - 97565024 ____A C:\Users\Owner\Downloads\avast_free_antivirus_setup.exe
2013-02-22 02:57 - 2013-03-20 01:44 - 00000000 ____D C:\Program Files\Alwil Software

==================== One Month Modified Files and Folders =======

2013-03-20 06:23 - 2013-03-07 00:51 - 00000250 ____A C:\Windows\SysWOW64\PARTIZAN.TXT
2013-03-20 05:28 - 2011-04-01 19:26 - 00000000 ____D C:\users\Owner
2013-03-20 04:20 - 2013-03-20 04:20 - 00000000 __SHD C:\found.000
2013-03-20 01:58 - 2013-01-14 05:35 - 00000000 ____D C:\Program Files (x86)\Movie DVD Maker
2013-03-20 01:55 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-03-20 01:55 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-03-20 01:55 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-03-20 01:55 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-03-20 01:55 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-03-20 01:55 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sppui
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ras
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\icsxml
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\com
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sppui
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Setup
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ras
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\oobe
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Msdtc
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\icsxml
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Dism
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\com
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\servicing
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Cursors
2013-03-20 01:55 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-03-20 01:54 - 2009-07-14 02:45 - 00000000 ____D C:\Windows\ShellNew
2013-03-20 01:54 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2013-03-20 01:54 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-03-20 01:54 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\addins
2013-03-20 01:54 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-03-20 01:54 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-03-20 01:54 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-03-20 01:54 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\TAPI
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\uk-UA
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\th-TH
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sl-SI
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ro-RO
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Recovery
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\hr-HR
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\bg-BG
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\uk-UA
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\th-TH
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sysprep
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sr-Latn-CS
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sl-SI
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sk-SK
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ro-RO
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\manifeststore
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\lv-LV
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\lt-LT
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ias
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\hr-HR
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\he-IL
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\et-EE
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\bg-BG
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ar-SA
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\L2Schemas
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\IME
2013-03-20 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Services
2013-03-20 01:47 - 2013-03-06 20:07 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-03-20 01:47 - 2012-02-24 22:55 - 00000000 ____D C:\Windows\System32\Macromed
2013-03-20 01:47 - 2011-07-23 23:24 - 00000000 ____D C:\Windows\SysWOW64\spool
2013-03-20 01:47 - 2011-04-01 23:03 - 00000000 ____D C:\Windows\System32\SPReview
2013-03-20 01:47 - 2011-04-01 22:25 - 00000000 ____D C:\Windows\System32\EventProviders
2013-03-20 01:47 - 2010-11-27 14:45 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-03-20 01:47 - 2010-11-27 14:45 - 00000000 ____D C:\Windows\System32\SRSLabs
2013-03-20 01:47 - 2010-11-27 12:53 - 00000000 ____D C:\Windows\SysWOW64\Atheros_L1e
2013-03-20 01:47 - 2010-11-27 12:50 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-03-20 01:47 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\SysWOW64\winrm
2013-03-20 01:47 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\SysWOW64\WCN
2013-03-20 01:47 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2013-03-20 01:47 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2013-03-20 01:47 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\System32\winrm
2013-03-20 01:47 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\System32\WCN
2013-03-20 01:47 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\System32\slmgr
2013-03-20 01:47 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2013-03-20 01:47 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2013-03-20 01:47 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\WindowsPowerShell
2013-03-20 01:47 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\restore
2013-03-20 01:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\spp
2013-03-20 01:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Speech
2013-03-20 01:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\NetworkList
2013-03-20 01:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2013-03-20 01:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Msdtc
2013-03-20 01:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\IME
2013-03-20 01:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\spp
2013-03-20 01:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\spool
2013-03-20 01:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Speech
2013-03-20 01:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\SMI
2013-03-20 01:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF
2013-03-20 01:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\MUI
2013-03-20 01:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\IME
2013-03-20 01:46 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\Setup
2013-03-20 01:45 - 2011-07-23 23:22 - 00000000 ____D C:\Windows\hpoj4500g510n-z
2013-03-20 01:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\security
2013-03-20 01:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\schemas
2013-03-20 01:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Resources
2013-03-20 01:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PLA
2013-03-20 01:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help
2013-03-20 01:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Globalization
2013-03-20 01:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Branding
2013-03-20 01:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-03-20 01:44 - 2013-03-11 15:24 - 00000000 ____D C:\Program Files (x86)\Pas
2013-03-20 01:44 - 2013-03-07 00:38 - 00000000 ____D C:\Users\Owner\Documents\RegRun2
2013-03-20 01:44 - 2013-03-07 00:38 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2013-03-20 01:44 - 2013-03-07 00:21 - 00000000 ____D C:\Program Files\CCleaner
2013-03-20 01:44 - 2013-03-06 01:53 - 00000000 ____D C:\Users\Owner\AppData\Roaming\dvdcss
2013-03-20 01:44 - 2013-03-05 19:46 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-03-20 01:44 - 2013-03-05 19:06 - 00000000 ____D C:\Users\Owner\Downloads\Tommy Boy 1995 DvDrip[Eng]-greenbud1969
2013-03-20 01:44 - 2013-03-01 13:27 - 00000000 ____D C:\Users\Owner\Downloads\Flight (2012)
2013-03-20 01:44 - 2013-02-28 18:46 - 00000000 ____D C:\Users\Owner\Downloads\Seven.Psychopaths.2012.720p.BRRip.x264.AC3-JYK
2013-03-20 01:44 - 2013-02-28 15:26 - 00000000 ____D C:\Users\Owner\Downloads\Indiana Jones And The Temple Of Doom (1984) [1080p]
2013-03-20 01:44 - 2013-02-28 01:45 - 00000000 ____D C:\Users\Owner\Downloads\Indiana Jones and the Last Crusade (1989) [1080p]
2013-03-20 01:44 - 2013-02-26 13:47 - 00000000 ____D C:\ProgramData\AVAST Software
2013-03-20 01:44 - 2013-02-26 13:47 - 00000000 ____D C:\ProgramData\Application Data\AVAST Software
2013-03-20 01:44 - 2013-02-22 02:57 - 00000000 ____D C:\Program Files\Alwil Software
2013-03-20 01:44 - 2013-02-07 00:48 - 00000000 ____D C:\Users\Owner\Downloads\The.Hobbit.2012.DVDScr.XVID.AC3.HQ.Hive-CM8
2013-03-20 01:44 - 2013-02-04 21:40 - 00000000 ____D C:\Users\Owner\Downloads\Pitch Perfect 2012 DVDRip XviD-SPARKS
2013-03-20 01:44 - 2013-01-14 05:34 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-03-20 01:44 - 2013-01-14 05:33 - 00000000 ____D C:\Users\Owner\AppData\Roaming\WinRARPackages
2013-03-20 01:44 - 2013-01-14 05:33 - 00000000 ____D C:\Users\Owner\AppData\Local\couponamazing
2013-03-20 01:44 - 2012-12-05 18:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-03-20 01:44 - 2012-12-05 18:10 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes
2013-03-20 01:44 - 2012-11-19 15:50 - 00000000 ____D C:\Users\Owner\Desktop\Movies
2013-03-20 01:44 - 2012-11-15 21:08 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2013-03-20 01:44 - 2012-11-15 21:05 - 00000000 ____D C:\Users\Owner\Downloads\vlc-2.0.4-win32
2013-03-20 01:44 - 2012-10-23 20:32 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Shop to Win 30
2013-03-20 01:44 - 2012-10-23 20:32 - 00000000 ____D C:\Users\Owner\AppData\Roaming\QwiklinxForChrome
2013-03-20 01:44 - 2012-10-23 20:32 - 00000000 ____D C:\Program Files (x86)\Shop To Win
2013-03-20 01:44 - 2012-10-23 20:32 - 00000000 ____D C:\Program Files (x86)\QwiklinxForChrome
2013-03-20 01:44 - 2012-08-01 23:04 - 00000000 ____D C:\Users\Owner\AppData\Roaming\BitTorrent
2013-03-20 01:44 - 2012-02-27 18:36 - 00000000 ____D C:\Program Files (x86)\VideoBuzz
2013-03-20 01:44 - 2012-02-27 18:14 - 00000000 ____D C:\ProgramData\Norton
2013-03-20 01:44 - 2012-02-27 18:14 - 00000000 ____D C:\ProgramData\Application Data\Norton
2013-03-20 01:44 - 2012-02-27 18:14 - 00000000 ____D C:\Program Files (x86)\Music Oasis
2013-03-20 01:44 - 2012-02-24 18:13 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Mozilla
2013-03-20 01:44 - 2012-02-06 18:12 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Azureus
2013-03-20 01:44 - 2012-02-06 18:11 - 00000000 ____D C:\Users\Owner\.frostwire5
2013-03-20 01:44 - 2012-02-06 18:07 - 00000000 ____D C:\Users\Owner\AppData\Local\getdislike
2013-03-20 01:44 - 2012-02-06 18:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-03-20 01:44 - 2011-11-02 23:27 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SoftGrid Client
2013-03-20 01:44 - 2011-11-02 23:26 - 00000000 ____D C:\Program Files\Microsoft Office
2013-03-20 01:44 - 2011-07-23 23:26 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-03-20 01:44 - 2011-07-23 23:26 - 00000000 ____D C:\ProgramData\Application Data\Yahoo! Companion
2013-03-20 01:44 - 2011-07-23 23:26 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-03-20 01:44 - 2011-07-23 23:24 - 00000000 ____D C:\ProgramData\HP Product Assistant
2013-03-20 01:44 - 2011-07-23 23:24 - 00000000 ____D C:\ProgramData\Application Data\HP Product Assistant
2013-03-20 01:44 - 2011-07-23 22:20 - 00000000 ____D C:\ProgramData\HP
2013-03-20 01:44 - 2011-07-23 22:20 - 00000000 ____D C:\ProgramData\Application Data\HP
2013-03-20 01:44 - 2011-05-24 13:59 - 00000000 ____D C:\Program Files\Dell Support Center
2013-03-20 01:44 - 2011-04-20 11:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\PCDr
2013-03-20 01:44 - 2011-04-20 11:00 - 00000000 ____D C:\ProgramData\PCDr
2013-03-20 01:44 - 2011-04-20 11:00 - 00000000 ____D C:\ProgramData\Application Data\PCDr
2013-03-20 01:44 - 2011-04-04 17:52 - 00000000 ___HD C:\Users\Owner\AppData\Local\Google
2013-03-20 01:44 - 2011-04-04 17:52 - 00000000 ____D C:\Program Files\Google
2013-03-20 01:44 - 2011-04-04 17:51 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-03-20 01:44 - 2011-04-04 17:51 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2013-03-20 01:44 - 2011-04-04 17:51 - 00000000 ____D C:\ProgramData\Skype
2013-03-20 01:44 - 2011-04-04 17:51 - 00000000 ____D C:\ProgramData\Google
2013-03-20 01:44 - 2011-04-04 17:51 - 00000000 ____D C:\ProgramData\Application Data\Skype
2013-03-20 01:44 - 2011-04-04 17:51 - 00000000 ____D C:\ProgramData\Application Data\Google
2013-03-20 01:44 - 2011-04-02 23:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\LimeWire
2013-03-20 01:44 - 2011-04-02 22:52 - 00000000 ____D C:\ProgramData\Application Data\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2013-03-20 01:44 - 2011-04-02 22:52 - 00000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2013-03-20 01:44 - 2011-04-02 22:52 - 00000000 ____D C:\Program Files\iTunes
2013-03-20 01:44 - 2011-04-02 22:52 - 00000000 ____D C:\Program Files\iPod
2013-03-20 01:44 - 2011-04-02 22:51 - 00000000 ____D C:\ProgramData\Application Data\Apple Computer
2013-03-20 01:44 - 2011-04-02 22:51 - 00000000 ____D C:\ProgramData\Apple Computer
2013-03-20 01:44 - 2011-04-02 22:51 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-03-20 01:44 - 2011-04-02 22:51 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-03-20 01:44 - 2011-04-02 22:50 - 00000000 ____D C:\ProgramData\Application Data\Apple
2013-03-20 01:44 - 2011-04-02 22:50 - 00000000 ____D C:\ProgramData\Apple
2013-03-20 01:44 - 2011-04-02 22:50 - 00000000 ____D C:\Program Files\Bonjour
2013-03-20 01:44 - 2011-04-02 22:08 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2013-03-20 01:44 - 2011-04-02 22:08 - 00000000 ____D C:\ProgramData\Application Data\Kaspersky Lab Setup Files
2013-03-20 01:44 - 2011-04-02 22:06 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Macrovision
2013-03-20 01:44 - 2011-04-02 21:52 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Macromedia
2013-03-20 01:44 - 2011-04-02 21:52 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Adobe
2013-03-20 01:44 - 2011-04-02 21:42 - 00000000 ____D C:\Users\Owner\Desktop\My Shared Folder
2013-03-20 01:44 - 2011-04-01 19:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Roxio
2013-03-20 01:44 - 2011-04-01 19:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Intel
2013-03-20 01:44 - 2011-04-01 19:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Creative
2013-03-20 01:44 - 2011-04-01 19:41 - 00000000 ____D C:\Users\Owner\AppData\Local\Stardock_Corporation
2013-03-20 01:44 - 2010-11-27 14:45 - 00000000 ____D C:\Program Files\Realtek
2013-03-20 01:44 - 2010-11-27 13:30 - 00000000 ____D C:\Program Files (x86)\System Registration
2013-03-20 01:44 - 2010-11-27 13:17 - 00000000 __HDC C:\ProgramData\Application Data\{7B344F95-C8A2-414E-BF1A-2D2F08D3D6B2}
2013-03-20 01:44 - 2010-11-27 13:17 - 00000000 __HDC C:\ProgramData\{7B344F95-C8A2-414E-BF1A-2D2F08D3D6B2}
2013-03-20 01:44 - 2010-11-27 13:17 - 00000000 ____D C:\ProgramData\Best Buy pc app
2013-03-20 01:44 - 2010-11-27 13:17 - 00000000 ____D C:\ProgramData\Application Data\Best Buy pc app
2013-03-20 01:44 - 2010-11-27 13:13 - 00000000 __HDC C:\ProgramData\Application Data\{04A07C23-5821-4F25-BF46-1188636AE238}
2013-03-20 01:44 - 2010-11-27 13:13 - 00000000 __HDC C:\ProgramData\{04A07C23-5821-4F25-BF46-1188636AE238}
2013-03-20 01:44 - 2010-11-27 13:06 - 00000000 ____D C:\Program Files (x86)\Windows Live SkyDrive
2013-03-20 01:44 - 2010-11-27 13:05 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-03-20 01:44 - 2010-11-27 12:56 - 00000000 ____D C:\ProgramData\Intel
2013-03-20 01:44 - 2010-11-27 12:56 - 00000000 ____D C:\ProgramData\Application Data\Intel
2013-03-20 01:44 - 2010-11-27 12:52 - 00000000 ____D C:\Program Files\Dell Inc
2013-03-20 01:44 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-03-20 01:44 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\MSBuild
2013-03-20 01:44 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Microsoft Games
2013-03-20 01:44 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-03-20 01:44 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Windows NT
2013-03-20 01:44 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-03-20 01:44 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2013-03-20 01:43 - 2013-03-06 20:34 - 00000000 ____D C:\Program Files (x86)\DroidCam
2013-03-20 01:43 - 2013-03-05 20:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-20 01:43 - 2012-12-05 16:57 - 00000000 ____D C:\Program Files (x86)\DownloadManager
2013-03-20 01:43 - 2012-03-20 15:50 - 00000000 ____D C:\Program Files (x86)\Altnet Music Plugin
2013-03-20 01:43 - 2012-02-27 18:35 - 00000000 ____D C:\Program Files (x86)\Driver-Soft
2013-03-20 01:43 - 2012-02-27 18:13 - 00000000 ____D C:\Program Files (x86)\Free Offers from Freeze.com
2013-03-20 01:43 - 2012-02-13 21:02 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-03-20 01:43 - 2012-02-06 18:10 - 00000000 ____D C:\Program Files (x86)\FrostWire 5
2013-03-20 01:43 - 2012-01-06 19:16 - 00000000 ____D C:\Program Files (x86)\iMesh Applications
2013-03-20 01:43 - 2011-11-02 23:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-03-20 01:43 - 2011-07-23 23:20 - 00000000 ____D C:\Program Files (x86)\HP
2013-03-20 01:43 - 2011-06-21 14:27 - 00000000 ____D C:\Program Files (x86)\Apex Fitness
2013-03-20 01:43 - 2011-05-29 10:21 - 00000000 ____D C:\Program Files (x86)\Boingo
2013-03-20 01:43 - 2011-04-04 17:51 - 00000000 ____D C:\Program Files (x86)\Google
2013-03-20 01:43 - 2011-04-02 22:52 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-03-20 01:43 - 2011-04-02 22:50 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-03-20 01:43 - 2010-11-27 14:15 - 00000000 ____D C:\DELL
2013-03-20 01:43 - 2010-11-27 13:27 - 00000000 ____D C:\Program Files (x86)\Creative
2013-03-20 01:43 - 2010-11-27 13:26 - 00000000 ____D C:\Program Files (x86)\Creative Live! Cam
2013-03-20 01:43 - 2010-11-27 13:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-03-20 01:43 - 2010-11-27 13:21 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-03-20 01:43 - 2010-11-27 13:10 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-03-20 01:43 - 2010-11-27 13:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-03-20 01:43 - 2010-11-27 12:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-03-20 01:43 - 2010-11-27 12:52 - 00000000 ____D C:\Program Files (x86)\Java
2013-03-20 01:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-03-20 00:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Web
2013-03-20 00:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Vss
2013-03-20 00:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NetworkList
2013-03-20 00:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Speech
2013-03-20 00:32 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Performance
2013-03-20 00:23 - 2012-02-27 18:36 - 00000000 ____D C:\Users\Default\Application Data\Macromedia
2013-03-20 00:23 - 2012-02-27 18:36 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-03-20 00:23 - 2012-02-27 18:36 - 00000000 ____D C:\Users\Default User\Application Data\Macromedia
2013-03-20 00:23 - 2012-02-27 18:36 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-03-20 00:23 - 2011-04-21 21:53 - 00000000 ___HD C:\Users\Owner\AppData\Local\Adobe
2013-03-20 00:23 - 2011-04-03 20:35 - 00000000 ____D C:\Users\Owner\AppData\Local\Microsoft Games
2013-03-20 00:23 - 2011-04-01 19:41 - 00000000 ____D C:\Users\Owner\AppData\Local\Apps\2.0
2013-03-20 00:23 - 2010-11-27 13:25 - 00000000 ____D C:\ProgramData\Uninstall
2013-03-20 00:23 - 2010-11-27 13:25 - 00000000 ____D C:\ProgramData\Application Data\Uninstall
2013-03-20 00:23 - 2009-07-13 22:20 - 00000000 __RHD C:\users\Default
2013-03-20 00:22 - 2010-11-27 13:25 - 00000000 ____D C:\ProgramData\Macrovision
2013-03-20 00:22 - 2010-11-27 13:25 - 00000000 ____D C:\ProgramData\Application Data\Macrovision
2013-03-20 00:22 - 2010-11-27 13:17 - 00000000 ____D C:\ProgramData\McAfee
2013-03-20 00:22 - 2010-11-27 13:17 - 00000000 ____D C:\ProgramData\Application Data\McAfee
2013-03-20 00:22 - 2010-11-27 12:56 - 00000000 ____D C:\ProgramData\Dell
2013-03-20 00:22 - 2010-11-27 12:56 - 00000000 ____D C:\ProgramData\Application Data\Dell
2013-03-20 00:21 - 2010-11-27 14:41 - 00000000 ____D C:\Program Files\Synaptics
2013-03-20 00:21 - 2010-11-27 13:00 - 00000000 ____D C:\Program Files\WIDCOMM
2013-03-20 00:21 - 2010-11-27 12:56 - 00000000 ____D C:\Program Files\Intel
2013-03-20 00:21 - 2010-11-27 12:52 - 00000000 ____D C:\Program Files\Java
2013-03-20 00:20 - 2010-11-27 12:56 - 00000000 ____D C:\Program Files\Dell
2013-03-20 00:20 - 2010-11-27 12:56 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-03-20 00:20 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2013-03-20 00:19 - 2013-02-26 13:47 - 00000000 ____D C:\Program Files\AVAST Software
2013-03-20 00:19 - 2010-11-27 13:25 - 00000000 ____D C:\Program Files (x86)\Roxio
2013-03-20 00:19 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-03-20 00:18 - 2010-11-27 13:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2013-03-20 00:18 - 2010-11-27 13:07 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-03-20 00:17 - 2010-11-27 14:44 - 00000000 ____D C:\Program Files (x86)\Intel
2013-03-20 00:16 - 2010-11-27 13:30 - 00000000 ____D C:\Program Files (x86)\Dell
2013-03-20 00:15 - 2010-11-27 13:11 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-03-20 00:15 - 2010-11-27 12:56 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-03-19 07:41 - 2013-03-19 07:41 - 00000000 ____D C:\FRST
2013-03-19 06:19 - 2010-11-27 14:28 - 00000000 ____D C:\PostVistaPE
2013-03-19 06:19 - 2010-11-27 13:33 - 00000000 ____D C:\Users\Administrator\Application Data\Creative
2013-03-19 06:19 - 2010-11-27 13:33 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Creative
2013-03-19 06:19 - 2010-11-27 13:17 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
2013-03-19 06:19 - 2010-11-27 13:17 - 00000000 ____D C:\Program Files\mcafee
2013-03-19 06:19 - 2010-11-27 13:17 - 00000000 ____D C:\Program Files\Common Files\mcafee
2013-03-19 06:19 - 2010-11-27 13:13 - 00000000 ____D C:\Users\Administrator\Local Settings\Stardock_Corporation
2013-03-19 06:19 - 2010-11-27 13:13 - 00000000 ____D C:\Users\Administrator\Local Settings\Application Data\Stardock_Corporation
2013-03-19 06:19 - 2010-11-27 13:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\Stardock_Corporation
2013-03-19 06:19 - 2009-07-14 02:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-03-19 06:19 - 2009-07-14 00:08 - 00000000 ____D C:\users\Administrator
2013-03-19 06:18 - 2013-03-16 09:09 - 00000000 ____D C:\Windows\SMINST
2013-03-16 09:27 - 2013-03-16 09:27 - 00000000 ____D C:\Emergency
2013-03-11 15:42 - 2011-04-04 17:52 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-03-11 15:42 - 2011-04-04 17:52 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-03-11 15:23 - 2013-03-11 15:22 - 02586112 ____A C:\Users\Owner\Downloads\IPCamAdapter.msi
2013-03-11 15:22 - 2012-12-03 22:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-03-11 15:04 - 2009-07-14 00:10 - 01690141 ____A C:\Windows\WindowsUpdate.log
2013-03-11 14:42 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-03-11 14:42 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-03-11 14:39 - 2009-07-14 00:13 - 00727398 ____A C:\Windows\System32\PerfStringBackup.INI
2013-03-11 14:34 - 2010-11-27 13:02 - 00000050 ____A C:\Windows\System32\SupplicantTest.log
2013-03-11 14:33 - 2013-03-07 00:51 - 00000224 ____A C:\Windows\setupact.log
2013-03-11 14:33 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-03-08 19:12 - 2013-03-08 19:13 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-03-08 19:12 - 2013-03-08 19:12 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-03-08 19:12 - 2013-03-08 19:12 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-03-08 19:12 - 2013-03-08 19:12 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-03-08 19:12 - 2012-12-02 21:34 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-03-08 19:12 - 2010-11-27 12:52 - 00782240 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-03-08 19:08 - 2013-03-08 19:08 - 00896928 ____A (Oracle Corporation) C:\Users\Owner\Downloads\chromeinstall-7u17.exe
2013-03-07 19:02 - 2013-03-07 19:03 - 00544688 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2013-03-07 19:02 - 2013-03-07 19:03 - 00193968 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2013-03-07 19:02 - 2013-03-07 19:03 - 00172976 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2013-03-07 19:02 - 2013-03-07 19:03 - 00172976 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2013-03-07 19:02 - 2010-11-27 12:52 - 00526256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2013-03-07 00:51 - 2013-03-07 00:51 - 00275040 ____A C:\Windows\System32\FNTCACHE.DAT
2013-03-07 00:51 - 2013-03-07 00:51 - 00000878 ____A C:\Windows\PFRO.log
2013-03-07 00:51 - 2013-03-07 00:51 - 00000000 ____A C:\Windows\setuperr.log
2013-03-07 00:49 - 2013-03-07 00:49 - 00040208 ____A (Greatis Software) C:\Windows\System32\Partizan.exe
2013-03-07 00:39 - 2013-03-07 00:39 - 00035816 ____A (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2013-03-07 00:38 - 2013-03-07 00:38 - 00000002 RASHOT C:\Windows\winstart.bat
2013-03-07 00:38 - 2013-03-07 00:38 - 00000002 RASHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2013-03-07 00:20 - 2013-03-07 00:20 - 04190272 ____A (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup328.exe
2013-03-06 20:34 - 2013-03-06 20:34 - 00025216 ____A (Dev47Apps) C:\Windows\System32\Drivers\droidcam.sys
2013-03-06 20:07 - 2013-03-06 20:06 - 07781072 ____A (Adobe Systems Inc.) C:\Users\Owner\Downloads\Shockwave_Installer_Slim.exe
2013-03-06 19:39 - 2011-06-14 19:32 - 00005120 ____A C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-03-05 20:22 - 2013-03-05 20:21 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.70.0.1100.exe
2013-03-05 19:34 - 2013-03-07 00:38 - 00012800 ____A (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2013-02-28 15:44 - 2013-02-28 15:44 - 00001960 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-02-28 15:44 - 2013-02-28 15:44 - 00001960 ____A C:\ProgramData\Desktop\avast! Internet Security.lnk
2013-02-28 03:36 - 2013-02-28 16:06 - 00263168 ____A (AVAST Software) C:\Windows\System32\Drivers\aswNdis2.sys
2013-02-28 03:36 - 2013-02-28 16:06 - 00177672 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-02-28 03:36 - 2013-02-28 16:06 - 00127208 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFW.sys
2013-02-28 03:36 - 2013-02-28 16:06 - 00065408 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-02-28 03:36 - 2013-02-28 16:06 - 00022664 ____A (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2013-02-28 03:36 - 2013-02-26 13:47 - 01025880 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-02-28 03:36 - 2013-02-26 13:47 - 00377992 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-02-28 03:36 - 2013-02-26 13:47 - 00080888 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-02-28 03:36 - 2013-02-26 13:47 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-02-28 03:36 - 2013-02-26 13:47 - 00068992 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-02-28 03:36 - 2013-02-26 13:47 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-02-28 03:36 - 2013-02-26 13:47 - 00033472 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-02-28 03:35 - 2013-02-26 13:47 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-02-26 17:22 - 2012-12-03 23:22 - 16473456 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-02-26 17:22 - 2012-12-03 22:52 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-02-26 17:22 - 2012-01-16 20:08 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-02-26 13:46 - 2013-02-26 13:41 - 97565024 ____A C:\Users\Owner\Downloads\avast_free_antivirus_setup.exe
2013-02-26 13:35 - 2012-10-19 23:25 - 00002257 ____A C:\Users\Owner\Desktop\Google Chrome.lnk
2013-02-18 03:41 - 2013-02-28 16:06 - 00012368 ____A (ALWIL Software) C:\Windows\System32\Drivers\aswNdis.sys

==================== Known DLLs (Whitelisted) =================

C:\Windows\System32\LPK.dll IS MISSING MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-03-06 20:35:13
Restore point made on: 2013-03-07 00:48:14
Restore point made on: 2013-03-08 19:12:09
Restore point made on: 2013-03-11 15:23:51
Restore point made on: 2013-03-11 15:46:39

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3892.52 MB
Available physical RAM: 3274.92 MB
Total Pagefile: 3890.67 MB
Available Pagefile: 3306.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:451 GB) (Free:328.5 GB) NTFS
3 Drive e: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
4 Drive f: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 13 MB
Disk 1 No Media 0 B 0 B
Disk 2 Online 1910 MB 0 B

Partitions of Disk 0:
===============

Disk ID: 07F2837E

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 101 MB 31 KB
Partition 2 Primary 14 GB 101 MB
Partition 3 Primary 450 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 101 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 F RECOVERY NTFS Partition 14 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 450 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Disk ID: 00000000

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1909 MB 1024 KB

==================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E FAT32 Removable 1909 MB Healthy

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 07F2837E

Partition 1:
=========
Hex: 00010100DEFE3F0C3F0000008E2F0300
Active: NO
Type: DE
Size: 102 MB

Partition 2:
=========
Hex: 8000010D07FEFFFFCD2F030000C0D401
Active: YES
Type: 07 (NTFS)
Size: 15 GB

Partition 3:
=========
Hex: 00FEFFFF07FEFFFFCDEFD70163F85F38
Active: NO
Type: 07 (NTFS)
Size: 451 GB

==============================
Partitions of Disk 2:
===============
Disk ID: 00000000

Partition 1:
=========
Hex: 80FFFFFF0CFFFFFF0008000000A83B00
Active: YES
Type: 0C
Size: 2 GB


Last Boot: 2010-11-27 14:43

==================== End Of Log =============================


Edited by hamluis, 19 March 2013 - 11:14 AM.
Moved from Win7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 kingen501

kingen501
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 19 March 2013 - 01:04 PM

i hope this is helpful

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:47 PM

Posted 20 March 2013 - 08:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Continue if you can.
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  • Please post the logs and let me know what problem persists.


#4 kingen501

kingen501
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 20 March 2013 - 11:30 AM

would that I could. windows WONT boot. blue screen that says c0000135 stop missing %hs. my original post i ran frst scan and posted the log. posted it twice on accident. again i am typing all this in my phone so i am sorry for any confusion. i think its a kernel issue. please help

Edited by kingen501, 20 March 2013 - 11:48 AM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:47 PM

Posted 20 March 2013 - 01:26 PM

Preferably from a clean computer, I need you to download: gparted-live-0.10.0-3.iso (115.1 MB) and this one,
Windows 7 64-Bit (x64) Recovery Environment

Create a bootable CD, 1 for Gparted and 1 for the Windows 7 Recovery Environment, from the ISO images. You can use ImgBurn do this.


This will help you burning the iso image(s) to a CD.
http://www.imgburn.com/index.php?act=screenshots#isowrite
==
Now boot off of the newly created Gparted CD.
 
gpartedsplash.th.png
You should be here...
Press ENTER
 
gpartedkeymaps.png
By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER.
 
gpartedlanguage.th.png
Choose your language and press ENTER. English is default [33]
 
gpartedgui.th.png
Again, press ENTER
 
You will now be taken to the main GUI screen below
gpartedo.th.png
 
I would like to see that last screen.
 
To do print screen follow these steps:
 
    * Press Alt and Print Screen button on your keyboard
    * Open Paint program
    * From the menu choose Edit then Paste
    * Now save the picture and attach it here for me to review.
 
Exit all programs.

#6 kingen501

kingen501
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 20 March 2013 - 01:39 PM

I do not have access to a computer. I onlu have my phone a usb cable and a flash drive. I can download from my phone to my flash drive. I'm downloading the gpart iso to my phone as we speak. I appreciate your patients. also the download failed

#7 kingen501

kingen501
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 20 March 2013 - 01:40 PM

says gart iso can not be found. found the newest version and downloaded it. any way to use these files via usb. ill look around and see what I can find

Edited by kingen501, 20 March 2013 - 03:28 PM.


#8 kingen501

kingen501
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 20 March 2013 - 04:24 PM

oh and i can boot into recovery mode. i can load files via usb with the command promt. this should open up our options

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:47 PM

Posted 21 March 2013 - 07:44 AM

Not sure if this will make a difference but these must be removed.

If you can Open the task manager (CTRL+ALT+DEL)

Stop these processes
DATAMNGR
Best Buy pc app
limewire plus
Shop To Win

Exit.

Boot to safe mode
How to boot to Safe Mode, Vista - Windows 7
http://www.computerhope.com/issues/chsafe.htm#03

Delete these folders in bold.
C:\PROGRA~2\IMESHA~1
C:\Program Files (x86)\Shop To Win
C:\ProgramData\Best Buy pc app

Delete these files in bold.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
===

Download this tool and copy it to the problem computer. Run it in safe mode if you can.OTL_Main_Tutorial.gif
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Select All Users.
    • Under the Custom Scan box paste this text in bold in
  • netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop



    Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    Post both logs.


#10 kingen501

kingen501
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 21 March 2013 - 02:29 PM

finally got the computer to boot. woohoo! found the datamanger procees and shot to win. no limewire or bestbuy on the process tab in task manager. also zero internet connection and it keeps asking "Trayapp disk" . i hope this info is useful

#11 kingen501

kingen501
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 21 March 2013 - 04:12 PM

fixed it!!!!! I appreciate the effort nasdaq. this site is great and has helped a lot. I feel like more questions should be asked at the beginning. copy and paste answers may be fast, but not very affective.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:47 PM

Posted 22 March 2013 - 09:06 AM

It would be wise of you to run these tools.

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  • ===

    Third party programs if not up to date can be an open door for an infection.

    Please run this security check for my review.

    Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    ===


#13 kingen501

kingen501
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 22 March 2013 - 03:40 PM

# AdwCleaner v2.115 - Logfile created 03/22/2013 at 13:33:04
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Downloads\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\user.js
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\iMesh Applications\Mediabar
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\Program Files (x86)\Shop To Win
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Owner\AppData\LocalLow\mediabarim
Folder Deleted : C:\Users\Owner\Documents\ShopToWin
 
***** [Registry] *****
 
Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll
Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Qwiklinx
Key Deleted : HKCU\Software\ShopToWin
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dnfaglepmjgohnkcoieaijlheabmcdeo
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iMesh 1 MediaBar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Shop To Win]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16470
 
[OK] Registry is clean.
 
-\\ Google Chrome v25.0.1364.172
 
File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [7990 octets] - [22/03/2013 13:29:39]
AdwCleaner[S1].txt - [7801 octets] - [22/03/2013 13:33:04]
 
########## EOF - C:\AdwCleaner[S1].txt - [7861 octets] ##########


#14 kingen501

kingen501
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 22 March 2013 - 03:47 PM

 Results of screen317's Security Check version 0.99.61  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.70.0.1100  
 Java™ 6 Update 37  
 Java 7 Update 17  
 Adobe Flash Player 11.6.602.180  
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome 25.0.1364.152  
 Google Chrome 25.0.1364.172  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log`````````````````````` 


#15 kingen501

kingen501
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 22 March 2013 - 03:49 PM

also on start up it asks me to install the "appTray" disc.  works for a while then says hp cue status root has stopped.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users