Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

White screen after logging windows 7


  • This topic is locked This topic is locked
10 replies to this topic

#1 nordax

nordax

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 30 April 2013 - 06:28 PM

Mod Edit:Moved to, Virus, Trojan, Spyware, and Malware Removal Logs

, forum for proper assistance~~ boopme

 

Hi, 

 

It seems my windows was infected with the white screen virus. I did google the issue and it brought me to this forum, specifically this http://www.geekstogo.com/forum/topic/327250-white-screen-after-log-in/ .

 

I follows the steps not knowing that you have to get an accustomed fixlist, so I used the fixlist there. I hope that didn't change anything in the frst log.

 

Anyway, I need the proper fixlist to my problem. Here is the frst  log 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-04-2013 01
Ran by SYSTEM on 30-04-2013 21:55:09
Running from F:\
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [2918656 2011-01-12] (ESET)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKU\Bouchaib\...\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot [3519936 2012-10-14] (Tonec Inc.)
HKU\Bouchaib\...\Winlogon: [Shell] explorer.exe,C:\Users\Bouchaib\AppData\Roaming\skype.dat [86016 2011-11-16] () <==== ATTENTION 
Startup: C:ProgramData\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)

==================== Services (Whitelisted) =================

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [42360 2011-01-12] (ESET)
S2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [810144 2011-01-12] (ESET)
S3 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [619872 2010-12-31] ()
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

S2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [170640 2010-12-21] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2010-12-21] (ESET)
S2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [170640 2010-12-21] (ESET)
S3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [34144 2010-12-21] (ESET)
S2 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [50624 2010-12-21] (ESET)
S3 cpuz134; \??\C:\Users\Bouchaib\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\System32\DRIVERS\agrsm64.sys 98022774D9930ECBB292E70DB7601DF6
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsata.sys 7A4B413614C055935567CF88A9734D38
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys E857EEE6B92AAA473EBB3465ADD8F7E7
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 21084CEB85280468C9ACA3C805C0F8CF
C:\Windows\System32\Drivers\BTHUSB.sys 8504842634DD144C075B6B0C982CCEC4
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys CA7720B73446FDDEC5C69519C1174C98
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys 4A6173C2279B498CD8F57CAE504564CB
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\eamonm.sys ACA3FE4F18A945B7BF2618A79F6F670B
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ehdrv.sys 6672438BDCBFD87250D22112D458294D
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\epfw.sys 443805B5B11C859AC8CA35297648FF0C
C:\Windows\System32\DRIVERS\Epfwndis.sys 66E61BC6C9F519A99275EB0F0E530BF4
C:\Windows\System32\DRIVERS\epfwwfp.sys F72C97F3D34EA5EC919C73E3901266BB
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys D3E3F93D67821A2DB2B3D9FAC2DC2064
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iaStorV.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\idmwfp.sys F1458110073AD3B6C5DC3C592A36D1D0
C:\Windows\System32\DRIVERS\igdkmd64.sys C6238C6ABD6AC99F5D152DA4E9439A3D
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 4F4B5FDE429416877DE7143044582EB5
C:\Windows\System32\Drivers\ksecpkg.sys 6F40465A44ECDC1731BEFAFEC5BDD03C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb10.sys F0067552F8F9B33D7C59403AB808A3CB
C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netr28ux.sys 53D7442AA919C91D055DBD44635F32B1
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nvraid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nvstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 90061B1ACFE8CCAA5345750FFE08D8B8
C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys 9706B84DBABFC4B4CA46C5A82B14DFA3
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 447DE7E3DEA39D422C1504F245B668B1
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys ABCB5A38A0D85BDF69B7877E1AD1EED5
C:\Windows\system32\DRIVERS\vms3cap.sys 88AF6E02AB19DF7FD07ECDF9C91E9AF6
C:\Windows\system32\DRIVERS\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SCDEmu.sys 741B338D675FE20B779E7EFFA55032FE
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srvnet.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys DFFBC024DFC7BB05B2129E05CBC7A201
C:\Windows\System32\DRIVERS\vmstorfl.sys FFD7A6F15B14234B5B0E5D49E7961895
C:\Windows\system32\DRIVERS\storvsc.sys 8FCCBEFC5C440B3C23454656E551B09A
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys AC3CC98B1BDB6540021D3FFB105AC2B9
C:\Windows\System32\drivers\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC
C:\Windows\System32\DRIVERS\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 7518F7BCFD4B308ABC9192BACAF6C970
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys C06E6F4679CEB8F430B90A51D76D8D3C
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\system32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbehci.sys CB490987A7F6928A04BB838E3BD8A936
C:\Windows\system32\DRIVERS\usbhub.sys 18124EF0A881A00EE222D02A3EE30270
C:\Windows\system32\DRIVERS\usbohci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vmbus.sys 1501699D7EDA984ABC4155A7DA5738D1
C:\Windows\system32\DRIVERS\VMBusHID.sys AE10C35761889E65A6F7176937C5592C
C:\Windows\System32\DRIVERS\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volsnap.sys 9E425AC5C9A5A973273D169F43B4F5E1
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-04-30 21:30 - 2013-04-30 21:30 - 00000000 ____D C:\FRST
2013-04-30 12:02 - 2013-04-30 12:02 - 00000000 __SHD C:\found.001
2013-04-29 14:38 - 2013-04-29 14:38 - 00000000 __SHD C:\found.000
2013-04-28 07:45 - 2013-04-30 12:52 - 00000004 ____A C:\Users\Bouchaib\AppData\Roaming\skype.ini
2013-04-23 05:19 - 2013-04-23 05:19 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-04-22 15:19 - 2013-04-23 05:19 - 00000000 ____D C:\Users\Bouchaib\AppData\Roaming\Apple Computer
2013-04-22 15:19 - 2013-04-22 15:19 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-04-22 15:19 - 2013-04-22 15:19 - 00000000 ____D C:\Users\Bouchaib\AppData\Local\Apple Computer
2013-04-22 15:19 - 2012-08-21 05:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2013-04-22 15:18 - 2013-04-22 15:19 - 00000000 ____D C:ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-22 15:18 - 2013-04-22 15:18 - 00000000 ____D C:ProgramData\Apple Computer
2013-04-22 15:18 - 2013-04-22 15:18 - 00000000 ____D C:\Program Files\iTunes
2013-04-22 15:18 - 2013-04-22 15:18 - 00000000 ____D C:\Program Files\iPod
2013-04-22 15:18 - 2013-04-22 15:18 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-04-22 15:17 - 2013-04-22 15:17 - 00000000 ____D C:\Users\Bouchaib\AppData\Local\Apple
2013-04-22 15:17 - 2013-04-22 15:17 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-04-22 15:16 - 2013-04-22 15:16 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-04-22 15:16 - 2013-04-22 15:16 - 00000000 ____D C:\Program Files\Bonjour
2013-04-22 15:16 - 2013-04-22 15:16 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-04-22 15:15 - 2013-04-22 15:16 - 00000000 ____D C:ProgramData\Apple
2013-04-22 13:08 - 2013-04-22 13:08 - 00000000 ____A C:\Users\Bouchaib\Downloads\sandwich.htm
2013-04-21 07:43 - 2013-04-21 07:43 - 00002054 ____A C:\Users\Public\Desktop\Foxit Reader.lnk
2013-04-18 02:16 - 2013-04-30 12:51 - 00004020 ____A C:\Windows\setupact.log
2013-04-18 02:16 - 2013-04-18 02:16 - 00000000 ____A C:\Windows\setuperr.log
2013-04-18 02:15 - 2013-04-18 02:19 - 00339152 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-18 02:15 - 2013-04-18 02:15 - 00000320 ____A C:\Windows\PFRO.log
2013-04-17 15:38 - 2009-09-09 22:28 - 00311808 ____A (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2013-04-17 15:38 - 2009-09-09 21:52 - 00257024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2013-04-17 15:36 - 2013-04-17 15:37 - 00441858 ____A C:\Windows\msxml4-KB973688-enu.LOG
2013-04-17 15:33 - 2013-04-17 15:35 - 00442790 ____A C:\Windows\msxml4-KB954430-enu.LOG
2013-04-17 15:30 - 2009-11-25 04:47 - 01942856 ____A (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2013-04-17 15:30 - 2009-11-25 04:47 - 01130824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2013-04-17 15:30 - 2009-11-25 04:47 - 00444752 ____A (Microsoft Corporation) C:\Windows\System32\mscoree.dll
2013-04-17 15:30 - 2009-11-25 04:47 - 00320352 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
2013-04-17 15:30 - 2009-11-25 04:47 - 00297808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2013-04-17 15:30 - 2009-11-25 04:47 - 00295264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2013-04-17 15:30 - 2009-11-25 04:47 - 00109912 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHostProxy.dll
2013-04-17 15:30 - 2009-11-25 04:47 - 00099176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2013-04-17 15:30 - 2009-11-25 04:47 - 00049472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2013-04-17 15:30 - 2009-11-25 04:47 - 00048960 ____A (Microsoft Corporation) C:\Windows\System32\netfxperf.dll
2013-04-17 15:21 - 2013-02-21 22:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-17 15:21 - 2013-02-21 22:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-17 15:21 - 2013-02-21 19:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-17 15:21 - 2013-02-21 19:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-17 15:21 - 2013-02-21 19:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-17 15:21 - 2013-02-21 19:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-17 15:20 - 2013-02-21 22:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-17 15:20 - 2013-02-21 22:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-17 15:20 - 2013-02-21 22:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-17 15:20 - 2013-02-21 22:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-17 15:20 - 2013-02-21 22:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-17 15:20 - 2013-02-21 22:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-17 15:20 - 2013-02-21 22:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-17 15:20 - 2013-02-21 22:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-17 15:20 - 2013-02-21 22:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-17 15:20 - 2013-02-21 22:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-17 15:20 - 2013-02-21 22:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-17 15:20 - 2013-02-21 22:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-17 15:20 - 2013-02-21 22:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-17 15:20 - 2013-02-21 22:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-17 15:20 - 2013-02-21 20:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-17 15:20 - 2013-02-21 19:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-17 15:20 - 2013-02-21 19:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-17 15:20 - 2013-02-21 19:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-17 15:20 - 2013-02-21 19:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-17 15:20 - 2013-02-21 19:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-17 15:20 - 2013-02-21 19:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-17 15:20 - 2013-02-21 19:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-17 15:20 - 2013-02-21 19:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-17 15:20 - 2013-02-21 19:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-17 15:20 - 2013-02-21 19:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-17 15:20 - 2013-02-21 19:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-17 15:18 - 2012-12-16 08:52 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-04-17 15:18 - 2012-12-16 06:40 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-04-17 15:18 - 2012-12-16 06:25 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-04-17 15:18 - 2012-12-16 06:25 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-04-17 15:18 - 2009-10-19 06:46 - 00100864 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-04-17 15:18 - 2009-10-19 06:10 - 00070656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-04-17 15:09 - 2012-09-06 09:38 - 00295792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2013-04-17 15:07 - 2013-03-18 22:19 - 05497688 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-17 15:07 - 2013-03-18 21:54 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-17 15:07 - 2013-03-18 21:06 - 03958120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-04-17 15:07 - 2013-03-18 21:06 - 03902312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-04-17 15:07 - 2013-03-18 20:53 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-04-17 15:07 - 2013-03-18 19:19 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-17 15:01 - 2013-02-12 07:42 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-17 15:01 - 2013-02-12 07:37 - 03138048 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-17 15:01 - 2013-02-12 07:31 - 00158208 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-17 15:01 - 2013-02-12 07:13 - 02691072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-04-17 15:01 - 2013-02-12 07:07 - 00131072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-04-17 15:01 - 2013-02-12 05:59 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-04-17 15:00 - 2012-09-25 14:39 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2013-04-17 15:00 - 2012-09-25 13:55 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-04-17 14:57 - 2013-01-03 21:41 - 01893224 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-04-17 14:57 - 2013-01-03 21:40 - 00287576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-04-17 14:57 - 2013-01-03 21:37 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-04-17 14:57 - 2013-01-03 21:37 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-04-17 14:57 - 2013-01-03 21:37 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-04-17 14:57 - 2013-01-03 21:36 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-04-17 14:57 - 2013-01-03 21:33 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-04-17 14:57 - 2013-01-03 21:30 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-04-17 14:57 - 2013-01-03 21:30 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-04-17 14:57 - 2013-01-03 21:27 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 21:27 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 21:27 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 21:27 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 21:27 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 21:27 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 21:27 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 21:27 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 21:27 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 21:27 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 21:27 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 21:26 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 21:26 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 21:26 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 21:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 21:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 21:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 21:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 21:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 20:51 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-04-17 14:57 - 2013-01-03 20:51 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-04-17 14:57 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-04-17 14:57 - 2013-01-03 20:43 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 20:43 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 19:19 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-04-17 14:57 - 2013-01-03 18:48 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-04-17 14:57 - 2013-01-03 18:48 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-04-17 14:57 - 2013-01-03 18:48 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-04-17 14:57 - 2013-01-03 18:48 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-04-17 14:57 - 2013-01-03 18:43 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 18:43 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 18:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-04-17 14:57 - 2013-01-03 18:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-04-17 14:57 - 2012-11-01 21:30 - 02001408 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-04-17 14:57 - 2012-11-01 21:30 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-04-17 14:57 - 2012-11-01 20:50 - 01388544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-04-17 14:57 - 2012-11-01 20:50 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-04-17 14:56 - 2013-02-28 19:32 - 03150848 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-17 14:56 - 2012-11-08 21:34 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-04-17 14:56 - 2012-11-08 21:34 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-04-17 14:56 - 2012-11-08 20:49 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-04-17 14:56 - 2012-11-08 20:49 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-04-17 14:55 - 2012-11-19 21:55 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-04-17 14:55 - 2012-11-19 21:10 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-04-17 14:55 - 2012-11-01 21:27 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2013-04-17 14:55 - 2012-11-01 20:48 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-04-17 14:55 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-04-17 14:55 - 2012-08-24 09:10 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-04-17 14:55 - 2012-08-10 16:53 - 00714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-04-17 14:55 - 2012-08-10 15:54 - 00541184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-04-17 14:55 - 2012-06-01 21:25 - 01462784 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-04-17 14:55 - 2012-06-01 21:25 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-04-17 14:55 - 2012-06-01 21:25 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-04-17 14:55 - 2012-06-01 20:45 - 01157632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-04-17 14:55 - 2012-06-01 20:45 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-04-17 14:55 - 2012-06-01 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-04-17 14:55 - 2011-04-27 19:58 - 00552448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2013-04-17 14:55 - 2011-04-27 19:58 - 00080384 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\BTHUSB.SYS
2013-04-17 14:11 - 2013-04-30 12:50 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-17 14:11 - 2013-04-27 15:16 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-17 14:11 - 2013-04-17 14:14 - 00000000 ____D C:\Program Files (x86)\Google
2013-04-17 14:10 - 2013-04-17 14:10 - 00084584 ____A C:\Users\Bouchaib\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-17 14:07 - 2013-04-17 14:07 - 00005021 ____A C:\Users\Bouchaib\Documents\favoris_17_04_13.html
2013-04-16 08:01 - 2013-04-16 08:01 - 00000000 ____D C:ProgramData\Ralink
2013-04-16 07:59 - 2013-04-16 07:59 - 00000000 ____D C:ProgramData\Ralink Driver
2013-04-16 07:59 - 2013-04-16 07:59 - 00000000 ____D C:\Windows\System32\RaLanguages
2013-04-16 07:59 - 2013-04-16 07:59 - 00000000 ____D C:\Program Files (x86)\Ralink
2013-04-16 07:59 - 2013-04-16 07:59 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-04-16 07:59 - 2010-12-28 11:55 - 01547616 ____A (Ralink Technology Corp.) C:\Windows\System32\Drivers\netr28ux.sys
2013-04-16 07:59 - 2010-12-28 11:43 - 00327008 ____A (Ralink Technology, Inc.) C:\Windows\System32\RaCoInstx.dll
2013-04-16 07:59 - 2010-12-28 11:43 - 00014051 ___RA C:\Windows\SysWOW64\RaCoInst.dat
2013-04-16 07:59 - 2010-10-01 10:28 - 01112928 ____A (Ralink Technology, Corp.) C:\Windows\SysWOW64\RAIHV.dll
2013-04-16 07:59 - 2010-10-01 10:28 - 01112928 ____A (Ralink Technology, Corp.) C:\Windows\System32\RAIHV.dll
2013-04-16 07:59 - 2010-07-01 09:45 - 00128864 ____A (Ralink Technology, Corp.) C:\Windows\SysWOW64\RAEXTUI.dll
2013-04-16 07:59 - 2010-07-01 09:45 - 00128864 ____A (Ralink Technology, Corp.) C:\Windows\System32\RAEXTUI.dll
2013-04-16 07:59 - 2010-07-01 09:29 - 02399584 ____A (Ralink Technology, Corp.) C:\Windows\System32\RaCertMgr.dll
2013-04-16 07:59 - 2010-07-01 09:29 - 01607008 ____A (Ralink Technology, Corp.) C:\Windows\SysWOW64\RaCertMgr.dll
2013-04-16 07:59 - 2010-06-29 02:35 - 00792416 ____A C:\Windows\SysWOW64\DiagFunc.dll
2013-04-16 07:59 - 2010-06-29 02:35 - 00792416 ____A C:\Windows\System32\DiagFunc.dll
2013-04-16 07:59 - 2010-01-27 04:47 - 00000451 ____A C:\Windows\System32\DiagFunc.ini
2013-04-16 07:59 - 2010-01-27 03:54 - 00000451 ____A C:\Windows\SysWOW64\DiagFunc.ini
2013-04-16 07:59 - 2009-09-03 13:59 - 00000072 ____A C:\Windows\SysWOW64\RaCertMgr.ini
2013-04-16 07:59 - 2009-09-03 13:59 - 00000072 ____A C:\Windows\System32\RaCertMgr.ini
2013-04-16 07:58 - 2013-04-16 07:58 - 00000000 ____D C:\Users\Bouchaib\AppData\Roaming\InstallShield
2013-04-16 07:17 - 2009-04-02 02:27 - 00188416 ____A (Realtek Semiconductor Corp. ) C:\Windows\System32\RTLExtUI.dll
2013-04-16 07:17 - 2009-03-31 06:31 - 00380928 ____A (Realtek) C:\Windows\System32\RtlUI2.exe
2013-04-16 07:17 - 2008-07-01 04:31 - 00614400 ____A (Realtek Semiconductor Corp. ) C:\Windows\System32\Rtlihvs.dll
2013-04-15 09:50 - 2010-01-07 03:20 - 00448512 ____R (Realtek Semiconductor Corporation                           ) C:\Windows\System32\Drivers\rtl8187.sys
2013-04-15 07:11 - 2009-02-04 18:49 - 00451072 ____A C:\Windows\SysWOW64\ISSRemoveSP.exe
2013-04-15 04:50 - 2013-04-27 15:15 - 00001002 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-13 14:56 - 2013-04-13 14:56 - 00000000 ____D C:ProgramData\ESET
2013-04-11 14:44 - 2013-04-11 14:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-06 13:03 - 2013-04-06 13:07 - 00000000 ____D C:\Users\Bouchaib\Downloads\SellYourGF - Inna [hqpdb.com]

==================== One Month Modified Files and Folders =======

2013-04-30 21:30 - 2013-04-30 21:30 - 00000000 ____D C:\FRST
2013-04-30 12:52 - 2013-04-28 07:45 - 00000004 ____A C:\Users\Bouchaib\AppData\Roaming\skype.ini
2013-04-30 12:52 - 2012-08-19 05:12 - 00000000 ____D C:\Users\Bouchaib\AppData\Roaming\DMCache
2013-04-30 12:51 - 2013-04-18 02:16 - 00004020 ____A C:\Windows\setupact.log
2013-04-30 12:50 - 2013-04-17 14:11 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-30 12:50 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-30 12:07 - 2012-08-18 13:04 - 01748220 ____A C:\Windows\WindowsUpdate.log
2013-04-30 12:07 - 2009-07-13 20:45 - 00014192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-30 12:07 - 2009-07-13 20:45 - 00014192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-30 12:02 - 2013-04-30 12:02 - 00000000 __SHD C:\found.001
2013-04-29 14:38 - 2013-04-29 14:38 - 00000000 __SHD C:\found.000
2013-04-27 15:16 - 2013-04-17 14:11 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-27 15:15 - 2013-04-15 04:50 - 00001002 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-27 14:32 - 2012-10-16 12:17 - 00435188 ____A C:\Windows\System32\perfh001.dat
2013-04-27 14:32 - 2012-10-16 12:17 - 00076298 ____A C:\Windows\System32\perfc001.dat
2013-04-27 14:32 - 2012-08-19 14:28 - 00684954 ____A C:\Windows\System32\perfh00C.dat
2013-04-27 14:32 - 2012-08-19 14:28 - 00127070 ____A C:\Windows\System32\perfc00C.dat
2013-04-27 14:32 - 2009-07-13 21:13 - 02024198 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-27 10:24 - 2013-02-10 06:46 - 00000000 ____D C:\Users\Bouchaib\AppData\Roaming\uTorrent
2013-04-24 06:15 - 2010-04-13 03:14 - 00000000 ____D C:\Users\Bouchaib\Desktop\fatiha
2013-04-24 06:12 - 2012-08-19 05:12 - 00000000 ____D C:\Users\Bouchaib\Downloads\Video
2013-04-23 05:19 - 2013-04-23 05:19 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-04-23 05:19 - 2013-04-22 15:19 - 00000000 ____D C:\Users\Bouchaib\AppData\Roaming\Apple Computer
2013-04-22 15:19 - 2013-04-22 15:19 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-04-22 15:19 - 2013-04-22 15:19 - 00000000 ____D C:\Users\Bouchaib\AppData\Local\Apple Computer
2013-04-22 15:19 - 2013-04-22 15:18 - 00000000 ____D C:ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-22 15:18 - 2013-04-22 15:18 - 00000000 ____D C:ProgramData\Apple Computer
2013-04-22 15:18 - 2013-04-22 15:18 - 00000000 ____D C:\Program Files\iTunes
2013-04-22 15:18 - 2013-04-22 15:18 - 00000000 ____D C:\Program Files\iPod
2013-04-22 15:18 - 2013-04-22 15:18 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-04-22 15:17 - 2013-04-22 15:17 - 00000000 ____D C:\Users\Bouchaib\AppData\Local\Apple
2013-04-22 15:17 - 2013-04-22 15:17 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-04-22 15:16 - 2013-04-22 15:16 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-04-22 15:16 - 2013-04-22 15:16 - 00000000 ____D C:\Program Files\Bonjour
2013-04-22 15:16 - 2013-04-22 15:16 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-04-22 15:16 - 2013-04-22 15:15 - 00000000 ____D C:ProgramData\Apple
2013-04-22 13:08 - 2013-04-22 13:08 - 00000000 ____A C:\Users\Bouchaib\Downloads\sandwich.htm
2013-04-21 07:43 - 2013-04-21 07:43 - 00002054 ____A C:\Users\Public\Desktop\Foxit Reader.lnk
2013-04-21 07:43 - 2012-09-15 08:32 - 00000000 ____D C:\Users\Bouchaib\AppData\Roaming\Foxit Software
2013-04-21 06:50 - 2009-07-13 21:08 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-04-18 06:57 - 2012-08-22 15:09 - 00000000 ____D C:\Users\Bouchaib\AppData\Roaming\Media Player Classic
2013-04-18 06:18 - 2012-08-19 05:12 - 00000000 ____D C:\Users\Bouchaib\Downloads\Compressed
2013-04-18 06:16 - 2012-10-14 03:15 - 00000000 ____D C:\Users\Bouchaib\AppData\Roaming\IDM
2013-04-18 02:19 - 2013-04-18 02:15 - 00339152 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-18 02:16 - 2013-04-18 02:16 - 00000000 ____A C:\Windows\setuperr.log
2013-04-18 02:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2013-04-18 02:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\ar-SA
2013-04-18 02:16 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-04-18 02:15 - 2013-04-18 02:15 - 00000320 ____A C:\Windows\PFRO.log
2013-04-17 15:37 - 2013-04-17 15:36 - 00441858 ____A C:\Windows\msxml4-KB973688-enu.LOG
2013-04-17 15:35 - 2013-04-17 15:33 - 00442790 ____A C:\Windows\msxml4-KB954430-enu.LOG
2013-04-17 14:14 - 2013-04-17 14:11 - 00000000 ____D C:\Program Files (x86)\Google
2013-04-17 14:14 - 2012-08-19 05:21 - 00000000 ____D C:\Users\Bouchaib\AppData\Local\Google
2013-04-17 14:11 - 2012-08-19 05:21 - 00000000 ____D C:\Users\Bouchaib\AppData\Local\Deployment
2013-04-17 14:10 - 2013-04-17 14:10 - 00084584 ____A C:\Users\Bouchaib\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-17 14:07 - 2013-04-17 14:07 - 00005021 ____A C:\Users\Bouchaib\Documents\favoris_17_04_13.html
2013-04-17 05:18 - 2012-10-18 14:23 - 00000000 ____D C:\Users\Bouchaib\AppData\Roaming\Skype
2013-04-16 08:01 - 2013-04-16 08:01 - 00000000 ____D C:ProgramData\Ralink
2013-04-16 08:01 - 2013-01-17 14:26 - 00015448 ____A C:\Windows\System32\RaCoInst.log
2013-04-16 07:59 - 2013-04-16 07:59 - 00000000 ____D C:ProgramData\Ralink Driver
2013-04-16 07:59 - 2013-04-16 07:59 - 00000000 ____D C:\Windows\System32\RaLanguages
2013-04-16 07:59 - 2013-04-16 07:59 - 00000000 ____D C:\Program Files (x86)\Ralink
2013-04-16 07:59 - 2013-04-16 07:59 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-04-16 07:59 - 2012-12-18 05:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-04-16 07:58 - 2013-04-16 07:58 - 00000000 ____D C:\Users\Bouchaib\AppData\Roaming\InstallShield
2013-04-16 06:52 - 2012-12-18 05:10 - 00000000 ____D C:\Windows\System32\RtlGina
2013-04-15 10:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-04-15 07:53 - 2012-08-18 15:40 - 00000000 ____D C:\Users\Bouchaib\AppData\Local\VirtualStore
2013-04-15 04:50 - 2012-08-22 11:53 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-04-15 04:50 - 2012-08-22 11:53 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-04-14 15:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-04-13 14:56 - 2013-04-13 14:56 - 00000000 ____D C:ProgramData\ESET
2013-04-13 14:26 - 2013-02-15 13:41 - 00000000 ____D C:\Windows\Minidump
2013-04-12 04:57 - 2012-08-22 11:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-04-11 14:45 - 2013-04-11 14:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-06 13:07 - 2013-04-06 13:03 - 00000000 ____D C:\Users\Bouchaib\Downloads\SellYourGF - Inna [hqpdb.com]
2013-04-01 11:58 - 2012-08-19 10:21 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

Other Malware:
===========
C:\Users\Bouchaib\AppData\Roaming\skype.dat
C:\Users\Bouchaib\AppData\Roaming\skype.ini

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-04-17 15:11:06
Restore point made on: 2013-04-22 15:17:38

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {default}
resumeobject            {917f7baf-e9cb-11e1-b892-c40ad5f07318}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {917f7baf-e9cb-11e1-b892-c40ad5f07318}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {current}
device                  ramdisk=[C:]\Recovery\917f7bb1-e9cb-11e1-b892-c40ad5f07318\Winre.wim,{917f7bb2-e9cb-11e1-b892-c40ad5f07318}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\917f7bb1-e9cb-11e1-b892-c40ad5f07318\Winre.wim,{917f7bb2-e9cb-11e1-b892-c40ad5f07318}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {917f7baf-e9cb-11e1-b892-c40ad5f07318}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {917f7bb2-e9cb-11e1-b892-c40ad5f07318}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\917f7bb1-e9cb-11e1-b892-c40ad5f07318\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 16%
Total physical RAM: 3002.93 MB
Available physical RAM: 2498.52 MB
Total Pagefile: 3001.07 MB
Available Pagefile: 2485.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:58.59 GB) (Free:30.86 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:174.28 GB) (Free:81.14 GB) NTFS (Disk=0 Partition=2)
Drive f: (usb) (Removable) (Total:0.49 GB) (Free:0.22 GB) FAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          232 GB     9 MB         
  Disk 1    Online          497 MB      0 B         

Partitions of Disk 0:
===============

Disk ID: E0DABA0C

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary             58 GB    31 KB
  Partition 0    Extended           174 GB    58 GB
  Partition 2    Logical            174 GB    58 GB

==================================================================================

Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C                NTFS   Partition     58 GB  Healthy            

=========================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     D                NTFS   Partition    174 GB  Healthy            

=========================================================

Partitions of Disk 1:
===============

Disk ID: 00AE707E

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            497 MB    16 KB

==================================================================================

Disk: 1
Partition 1
Type  : 06
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     F   TARASS       FAT    Removable    497 MB  Healthy            

=========================================================
============================== MBR & Partition Table ==================

====================================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: E0DABA0C)
Partition 1: (Active) - (Size=59 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=174 GB) - (Type=OF Extended)

====================================================================
Disk: 1 (Size: 498 MB) (Disk ID: 00AE707E)
Partition 1: (Active) - (Size=498 MB) - (Type=06)


Last Boot: 2013-04-21 10:38

==================== End Of Log ============================

Thanks in advance. 


Edited by boopme, 30 April 2013 - 08:42 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:12 PM

Posted 30 April 2013 - 08:50 PM


Hello nordax

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

 
HKU\Bouchaib\...\Winlogon: [Shell] explorer.exe,C:\Users\Bouchaib\AppData\Roaming\skype.dat [86016 2011-11-16] () <==== ATTENTION
C:\Users\Bouchaib\AppData\Roaming\skype.dat
C:\Users\Bouchaib\AppData\Roaming\skype.ini

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 nordax

nordax
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 01 May 2013 - 08:18 AM

Hi, 

 

I now was able to boot windows without getting the white screen. Thanks. 

 

Here is the fixlog : 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-04-2013 01
Ran by SYSTEM at 2013-05-01 14:10:00 Run:3
Running from F:\
Boot Mode: Recovery
==============================================
 
HKEY_USERS\Bouchaib\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Bouchaib\AppData\Roaming\skype.dat => Moved successfully.
C:\Users\Bouchaib\AppData\Roaming\skype.ini => Moved successfully.
 
==== End of Fixlog ====

 

What should be the next step? 



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:12 PM

Posted 01 May 2013 - 12:48 PM


Hello nordax


These are the programs I would like you to run next, if you have any problems with these just skip it and move on to the next one.


-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 nordax

nordax
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 01 May 2013 - 01:15 PM

Hi, Thank you for replying. 

I run the two tools. here are the logs

 

 

# AdwCleaner v2.300 - Logfile created 05/01/2013 at 19:05:23
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Ultimate  (64 bits)
# User : Bouchaib - BOUCHAIB-PC
# Boot Mode : Normal
# Running from : C:\Users\Bouchaib\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16476
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v20.0.1 (fr)
 
File : C:\Users\Bouchaib\AppData\Roaming\Mozilla\Firefox\Profiles\p0hvx1m7.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v26.0.1410.64
 
File : C:\Users\Bouchaib\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [2371 octets] - [01/05/2013 19:05:24]
 
########## EOF - C:\AdwCleaner[S1].txt - [2431 octets] ##########
 

---------------------------------------------

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Systeme d'exploitation : Windows 7 (6.1.7600 ) 64 bits version
Demarrage : Mode normal
Utilisateur : Bouchaib [Droits d'admin]
Mode : Recherche -- Date : 01/05/2013 19:11:19
| ARK || FAK || MBR |
 
¤¤¤ Processus malicieux : 0 ¤¤¤
 
¤¤¤ Entrees de registre : 3 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
 
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
 
¤¤¤ Driver : [NON CHARGE] ¤¤¤
 
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
 
 
¤¤¤ MBR Verif: ¤¤¤
 
+++++ PhysicalDrive0: ST9250315AS ATA Device +++++
--- User ---
[MBR] 3a48a51de0da21dc7054b4573702ad4c
[BSP] 813301b8e623d4afb74c48a7ef62516d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 60000 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 122881185 | Size: 178464 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Termine : << RKreport[1]_S_01052013_191119.txt >>
RKreport[1]_S_01052013_191119.txt

Edited by nordax, 01 May 2013 - 01:16 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:12 PM

Posted 01 May 2013 - 03:18 PM

Hello nordax

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo

Edited by gringo_pr, 01 May 2013 - 03:18 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 nordax

nordax
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 01 May 2013 - 05:02 PM

Hi, 

I run the combofix w/o issues

The computer seems to be fine. Thanks :) 

 

Here is the log 

 

 

ComboFix 13-05-01.03 - Bouchaib 01/05/2013  22:47:06.1.2 - x64
Microsoft Windows 7 Edition Intégrale   6.1.7600.0.1256.212.1033.18.3003.1578 [GMT 1:00]
Running from: c:\users\Bouchaib\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: Pare-feu personnel d'ESET *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msxml4-KB954430-enu.LOG
c:\windows\msxml4-KB973688-enu.LOG
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-01 to 2013-05-01  )))))))))))))))))))))))))))))))
.
.
2013-05-01 21:53 . 2013-05-01 21:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-01 05:30 . 2013-05-01 05:30 -------- d-----w- C:\FRST
2013-04-30 20:02 . 2013-04-30 20:02 -------- d-----w- C:\found.001
2013-04-29 22:38 . 2013-04-29 22:38 -------- d-----w- C:\found.000
2013-04-22 23:19 . 2013-04-23 13:19 -------- d-----w- c:\users\Bouchaib\AppData\Roaming\Apple Computer
2013-04-22 23:19 . 2013-04-22 23:19 -------- d-----w- c:\users\Bouchaib\AppData\Local\Apple Computer
2013-04-22 23:19 . 2013-04-22 23:19 -------- dc----w- c:\windows\system32\DRVSTORE
2013-04-22 23:19 . 2012-08-21 13:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-04-22 23:18 . 2013-04-22 23:18 -------- d-----w- c:\program files\iPod
2013-04-22 23:18 . 2013-04-22 23:19 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-22 23:18 . 2013-04-22 23:18 -------- d-----w- c:\program files\iTunes
2013-04-22 23:18 . 2013-04-22 23:18 -------- d-----w- c:\program files (x86)\iTunes
2013-04-22 23:18 . 2013-04-22 23:18 -------- d-----w- c:\programdata\Apple Computer
2013-04-22 23:17 . 2013-04-22 23:17 -------- d-----w- c:\users\Bouchaib\AppData\Local\Apple
2013-04-22 23:17 . 2013-04-22 23:17 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-04-22 23:16 . 2013-04-22 23:16 -------- d-----w- c:\program files\Common Files\Apple
2013-04-22 23:16 . 2013-04-22 23:16 -------- d-----w- c:\program files\Bonjour
2013-04-22 23:16 . 2013-04-22 23:16 -------- d-----w- c:\program files (x86)\Bonjour
2013-04-22 23:15 . 2013-04-22 23:18 -------- d-----w- c:\program files (x86)\Common Files\Apple
2013-04-22 23:15 . 2013-04-22 23:16 -------- d-----w- c:\programdata\Apple
2013-04-18 10:16 . 2013-04-18 10:16 -------- d-----w- c:\windows\SysWow64\Wat
2013-04-18 10:16 . 2013-04-18 10:16 -------- d-----w- c:\windows\system32\Wat
2013-04-17 23:38 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2013-04-17 23:38 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2013-04-17 23:37 . 2013-03-19 05:50 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12614CE8-A634-44EF-AEB9-C9AAA1EAF583}\mpengine.dll
2013-04-17 23:30 . 2009-11-25 12:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2013-04-17 23:30 . 2009-11-25 12:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2013-04-17 23:30 . 2009-11-25 12:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2013-04-17 23:30 . 2009-11-25 12:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2013-04-17 23:30 . 2009-11-25 12:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2013-04-17 23:30 . 2009-11-25 12:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2013-04-17 23:30 . 2009-11-25 12:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2013-04-17 23:30 . 2009-11-25 12:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2013-04-17 23:30 . 2009-11-25 12:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2013-04-17 23:30 . 2009-11-25 12:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2013-04-17 23:21 . 2013-02-22 06:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-04-17 23:21 . 2013-02-22 03:31 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-04-17 23:21 . 2013-02-22 06:13 96768 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-17 23:21 . 2013-02-22 07:04 182896 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-04-17 23:21 . 2013-02-22 04:10 149616 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-04-17 23:21 . 2013-02-22 03:34 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-17 23:21 . 2013-02-22 06:18 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-04-17 23:21 . 2013-02-22 03:36 768512 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-04-17 23:21 . 2013-02-22 06:17 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2013-04-17 23:21 . 2013-02-22 03:35 194048 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2013-04-17 23:18 . 2012-12-16 16:52 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-04-17 23:18 . 2012-12-16 14:25 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-04-17 23:18 . 2009-10-19 14:10 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-04-17 23:18 . 2009-10-19 14:46 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-04-17 23:18 . 2012-12-16 14:40 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-04-17 23:18 . 2012-12-16 14:25 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-04-17 23:09 . 2012-09-06 17:38 295792 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-04-17 23:07 . 2013-03-19 06:19 5497688 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-17 23:07 . 2013-03-19 05:06 3958120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-17 23:07 . 2013-03-19 05:06 3902312 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-17 23:07 . 2013-03-19 03:19 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-17 23:07 . 2013-03-19 05:54 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-17 23:07 . 2013-03-19 04:53 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-17 23:01 . 2013-02-12 15:37 3138048 ----a-w- c:\windows\system32\mstscax.dll
2013-04-17 23:01 . 2013-02-12 15:13 2691072 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-04-17 23:01 . 2013-02-12 15:31 158208 ----a-w- c:\windows\system32\aaclient.dll
2013-04-17 23:01 . 2013-02-12 15:07 131072 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-04-17 23:01 . 2013-02-12 15:42 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-17 23:01 . 2013-02-12 13:59 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-04-17 23:00 . 2012-09-25 22:39 95744 ----a-w- c:\windows\system32\synceng.dll
2013-04-17 23:00 . 2012-09-25 21:55 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2013-04-17 22:56 . 2012-11-09 05:34 2048 ----a-w- c:\windows\system32\tzres.dll
2013-04-17 22:56 . 2012-11-09 04:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-04-17 22:56 . 2013-03-01 03:32 3150848 ----a-w- c:\windows\system32\win32k.sys
2013-04-17 22:56 . 2012-11-09 04:49 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-17 22:56 . 2012-11-09 05:34 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-04-17 22:11 . 2013-04-17 22:14 -------- d-----w- c:\program files (x86)\Google
2013-04-16 16:01 . 2013-04-16 16:01 -------- d-----w- c:\programdata\Ralink
2013-04-16 15:58 . 2013-04-16 15:58 -------- d-----w- c:\users\Bouchaib\AppData\Roaming\InstallShield
2013-04-16 15:17 . 2009-04-02 10:27 188416 ----a-w- c:\windows\system32\RTLExtUI.dll
2013-04-16 15:17 . 2009-03-31 14:31 380928 ----a-w- c:\windows\system32\RtlUI2.exe
2013-04-16 15:17 . 2008-07-01 12:31 614400 ----a-w- c:\windows\system32\Rtlihvs.dll
2013-04-15 17:50 . 2010-01-07 11:20 448512 ------r- c:\windows\system32\drivers\rtl8187.sys
2013-04-15 15:11 . 2009-02-05 02:49 451072 ----a-w- c:\windows\SysWow64\ISSRemoveSP.exe
2013-04-15 12:53 . 2013-04-15 12:53 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-15 12:50 . 2012-08-22 19:53 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-15 12:50 . 2012-08-22 19:53 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-01 19:58 . 2012-08-19 18:21 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-12 01:10 . 2012-08-19 13:27 282744 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-10-14 3519936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files (x86)\Ralink\Common\RaUI.exe [2013-4-16 11474272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 cpuz134;cpuz134;c:\users\Bouchaib\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 RaMediaServer;RaMediaServer;c:\program files (x86)\Ralink\Common\RaMediaServer.exe [2010-12-31 619872]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2013-04-17 1255736]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-12-21 50624]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-08-02 158944]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [2010-11-11 451936]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 12:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-17 22:14 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-22 12:50]
.
2012-10-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4083219712-3867686320-4057579389-1000Core.job
- c:\users\Bouchaib\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-22 22:01]
.
2012-10-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4083219712-3867686320-4057579389-1000UA.job
- c:\users\Bouchaib\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-22 22:01]
.
2013-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-17 22:11]
.
2013-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-17 22:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2918656]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
FF - ProfilePath - c:\users\Bouchaib\AppData\Roaming\Mozilla\Firefox\Profiles\p0hvx1m7.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4083219712-3867686320-4057579389-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):46,85,76,26,d1,fa,f9,20,7a,ed,d1,5a,ca,fa,da,67,56,59,9f,b8,ba,
   43,86,c0,61,9a,8a,af,4b,66,70,b2,be,43,1e,e1,93,c9,c2,ab,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-4083219712-3867686320-4057579389-1000_Classes\Wow6432Node\CLSID\{d9f05c4f-da61-4404-a4c0-819bed48dbcc}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000002d
"Therad"=dword:00000015
"SpecVersion"=dword:00000069
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-01  22:56:28
ComboFix-quarantined-files.txt  2013-05-01 21:56
.
Pre-Run: 34 093 289 472 octets libres
Post-Run: 33 708 019 712 octets libres
.
- - End Of File - - 8BACEE60C35B9772113155ECCEFAF8E9


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:12 PM

Posted 02 May 2013 - 07:09 PM


Hello nordax

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:12 PM

Posted 05 May 2013 - 10:13 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:12 PM

Posted 08 May 2013 - 02:47 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:12 PM

Posted 12 May 2013 - 12:12 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users