Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I've run combofix... here's the log.


  • This topic is locked This topic is locked
24 replies to this topic

#1 horriblechild

horriblechild

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 29 May 2013 - 05:12 PM

Here's the log from combofix.  i don't even know where to start.

 

Attached Files



BC AdBot (Login to Remove)

 


#2 horriblechild

horriblechild
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 29 May 2013 - 08:27 PM

Malwarebytes log is blue

Combofix log is RED

 

 

My computer problems i believe started when I installed webmatrix and all the associated framework.

I've run malwarebytes a few times, as well as sophos virus scanner and hijackthis.

 

 

There is a install shield type of icon that is overlayed on top of a bunch of my desktop icons.

This might be from the first time I ran combofix.  I ran it, but I never sent the log in. So it's never been finished.

 

 

Right now the problems I'm having are permission problems.

The computer won't run things because:

"Windows cannot access the specified device, path or file.  You may not have appropriate permissions to access the item."

 

There is a install shield type of icon that is overlayed on top of a bunch of my desktop icons.

This might be from the first time I ran combofix..

 

Here's the Malwarebytes log that I just ran. ( i ran it in safe mode w/ networking because it won'tlet me run it with a normal start-up)

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.05.29.08
 
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7601.17514
Horriblechild :: HORRIBLELAPTOP [administrator]
 
5/29/2013 4:51:18 PM
mbam-log-2013-05-29 (16-51-18).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 443102
Time elapsed: 1 hour(s), 17 minute(s), 
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
and this is the combofix log from 3 days ago:
 
ComboFix 13-05-24.01 - Horriblechild 05/24/2013  11:21:46.1.8 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4031.2846 [GMT -7:00]
Running from: c:\users\Horriblechild\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWOW64mfc45.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-24 to 2013-05-24  )))))))))))))))))))))))))))))))
.
.
2013-05-24 18:31 . 2013-05-24 18:31 -------- d-----w- c:\users\Horriblechild\AppData\Local\temp
2013-05-24 16:39 . 2013-05-24 16:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-24 16:39 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-24 11:19 . 2013-05-24 11:20 -------- d-s---w- c:\users\Horriblechild\Google Drive
2013-05-22 04:29 . 2013-05-22 04:29 -------- d-----w- c:\users\Horriblechild\AppData\Local\dftmp
2013-05-22 03:00 . 2013-05-22 03:00 -------- d-----w- c:\users\Horriblechild\AppData\Roaming\ImgBurn
2013-05-22 02:57 . 2013-05-22 02:57 -------- d-----w- c:\program files (x86)\ImgBurn
2013-05-22 02:14 . 2013-05-22 02:14 -------- d-----w- c:\users\Horriblechild\AppData\Roaming\PeerNetworking
2013-05-22 01:02 . 2013-05-22 01:02 -------- d-----w- c:\users\Horriblechild\AppData\Roaming\NuGet
2013-05-21 18:33 . 2013-05-22 05:43 -------- d-sh--w- c:\windows\Installer
2013-05-21 09:25 . 2013-05-21 09:20 964552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0BEAD85-162A-44DE-8808-27B0748B5886}\gapaengine.dll
2013-05-21 09:21 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CB38F5D-EB59-43CD-8CAB-A5C05E238089}\mpengine.dll
2013-05-20 22:26 . 2013-05-20 22:26 -------- d-----w- c:\users\Horriblechild\AppData\Local\SlimWare Utilities Inc
2013-05-20 22:26 . 2013-05-20 22:26 -------- d-----w- c:\program files (x86)\SlimCleaner
2013-05-20 22:05 . 2013-05-20 22:05 -------- d-----w- c:\users\Horriblechild\AppData\Roaming\IrfanView
2013-05-20 22:05 . 2013-05-20 22:05 -------- d-----w- c:\program files (x86)\IrfanView
2013-05-20 18:35 . 2013-05-20 18:35 -------- d-----w- c:\users\Horriblechild\AppData\Roaming\SUPERAntiSpyware.com
2013-05-20 18:35 . 2013-05-24 13:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-05-20 18:35 . 2013-05-20 18:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-05-20 13:27 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-20 11:49 . 2013-05-20 11:49 -------- d-----w- C:\AI_RecycleBin
2013-05-18 07:23 . 2013-05-18 07:23 -------- d-----w- c:\users\Public\Recorded TV
2013-05-17 14:45 . 2013-05-24 14:03 -------- dc----w- c:\users\Horriblechild\AppData\Local\MigWiz
2013-05-16 18:29 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-16 18:29 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 18:29 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-16 18:28 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-16 18:28 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-16 18:28 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-16 18:28 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-16 18:28 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-16 18:28 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-16 15:27 . 2013-05-16 15:27 -------- d-----w- c:\program files (x86)\7-Zip
2013-05-14 14:44 . 2013-05-20 06:26 -------- d-----w- c:\users\Horriblechild\AppData\Roaming\Malwarebytes
2013-05-14 14:41 . 2013-05-20 06:21 -------- d-----w- c:\programdata\Malwarebytes
2013-05-14 12:08 . 2013-05-14 12:08 -------- d-----w- c:\programdata\Sophos
2013-05-14 12:08 . 2013-05-14 12:08 73728 ----a-r- c:\users\Horriblechild\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-05-14 12:08 . 2013-05-14 12:08 73728 ----a-r- c:\users\Horriblechild\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-05-14 12:08 . 2013-05-14 12:08 73728 ----a-r- c:\users\Horriblechild\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-05-14 12:08 . 2013-05-14 12:08 -------- d-----w- c:\program files (x86)\Sophos
2013-05-11 21:35 . 2013-05-16 13:10 -------- d-----w- c:\program files (x86)\netcut
2013-05-10 13:59 . 2013-05-20 06:37 -------- d-----w- c:\users\Horriblechild\.android
2013-05-10 13:59 . 2013-05-20 06:32 -------- d-----w- c:\users\Horriblechild\workspace
2013-05-09 22:16 . 2013-05-09 22:16 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-05-09 22:16 . 2013-05-09 22:16 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-05-09 22:16 . 2013-05-09 22:16 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-05-09 22:16 . 2013-05-09 22:16 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-05-09 20:08 . 2013-05-09 20:08 -------- d-----w- c:\users\Horriblechild\AppData\Local\DevelopmentStorage
2013-05-09 19:17 . 2013-05-09 19:18 -------- d-----w- c:\program files (x86)\Windows Azure Tools
2013-05-09 18:57 . 2013-05-09 18:57 -------- d-----w- c:\windows\Migration
2013-05-09 18:54 . 2012-08-21 14:20 46080 ----a-w- c:\windows\SysWow64\ncobjapi.dll
2013-05-09 18:54 . 2012-08-21 13:49 58368 ----a-w- c:\windows\system32\ncobjapi.dll
2013-05-09 18:54 . 2012-08-21 13:12 74240 ----a-w- c:\windows\system32\wbem\NCProv.dll
2013-05-09 18:54 . 2012-08-21 13:32 13824 ----a-w- c:\windows\system32\Register-CimProvider.exe
2013-05-09 18:54 . 2012-08-21 14:01 12800 ----a-w- c:\windows\SysWow64\Register-CimProvider.exe
2013-05-09 18:54 . 2012-08-21 14:59 1536 ----a-w- c:\windows\SysWow64\winrsmgr.dll
2013-05-09 18:54 . 2012-08-21 14:20 1536 ----a-w- c:\windows\system32\winrsmgr.dll
2013-05-09 18:54 . 2012-08-21 13:41 18944 ----a-w- c:\windows\SysWow64\wbem\mofcomp.exe
2013-05-09 18:54 . 2012-08-21 13:14 22528 ----a-w- c:\windows\system32\wbem\mofcomp.exe
2013-05-09 18:54 . 2012-08-21 12:47 23040 ----a-w- c:\windows\system32\winrshost.exe
2013-05-09 18:54 . 2012-07-23 18:16 204105 ----a-w- c:\windows\SysWow64\winrm.vbs
2013-05-09 18:54 . 2012-08-21 14:19 31744 ----a-w- c:\windows\system32\wbem\WinMgmtR.dll
2013-05-09 18:51 . 2013-05-09 18:51 -------- d-----w- c:\program files (x86)\Microsoft Web Tools
2013-05-09 18:46 . 2013-05-09 18:46 -------- d-----w- c:\program files\Microsoft SDKs
2013-05-09 18:45 . 2013-05-09 18:45 -------- d-----w- c:\program files (x86)\iisnode-dev
2013-05-09 18:44 . 2013-05-09 18:44 -------- d-----w- c:\users\Horriblechild\AppData\Roaming\npm
2013-05-09 18:40 . 2013-05-09 18:40 -------- d-----w- c:\program files\runphp
2013-05-09 18:39 . 2013-05-09 18:39 -------- d-----w- c:\program files (x86)\Windows Kits
2013-05-09 18:34 . 2013-05-22 04:39 -------- d-----w- c:\program files (x86)\NuGet
2013-05-09 18:31 . 2013-05-10 10:05 1146048 ----a-w- c:\programdata\Microsoft\VWDExpress\11.0\1033\ResourceCache.dll
2013-05-09 18:28 . 2013-05-09 18:28 -------- d-----w- c:\program files (x86)\Microsoft Help Viewer
2013-05-09 18:27 . 2013-05-09 18:27 -------- d-----w- c:\windows\symbols
2013-05-09 18:25 . 2013-05-22 04:45 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 11.0
2013-05-09 18:24 . 2013-05-09 18:24 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2013-05-09 18:16 . 2013-05-20 06:21 -------- d-----w- c:\programdata\VS
2013-05-09 18:11 . 2013-05-10 10:23 583232 ----a-w- c:\programdata\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll
2013-05-09 18:06 . 2013-05-09 18:06 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2013-05-09 18:06 . 2013-05-09 18:06 -------- d-----w- c:\program files\Microsoft Help Viewer
2013-05-09 18:02 . 2012-06-29 08:22 57288 ----a-w- c:\windows\SysWow64\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2013-05-09 18:02 . 2012-06-29 08:17 86984 ----a-w- c:\windows\system32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2013-05-09 18:02 . 2012-06-29 08:22 82888 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.52.4000.0.dll
2013-05-09 18:02 . 2012-06-29 08:17 88520 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.52.4000.0.dll
2013-05-09 18:01 . 2013-05-09 18:01 -------- d-----w- c:\windows\system32\RsFx
2013-05-09 18:00 . 2013-05-09 18:00 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2013-05-09 18:00 . 2013-05-09 18:00 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2013-05-09 08:32 . 2013-05-09 08:32 -------- d-----w- c:\users\Horriblechild\AppData\Roaming\Microsoft Corporation
2013-05-09 08:31 . 2013-05-09 08:32 -------- d-----w- c:\program files (x86)\Microsoft WebMatrix
2013-05-09 08:31 . 2013-05-09 08:31 -------- d-----w- c:\windows\SysWow64\1033
2013-05-09 08:31 . 2013-05-09 08:31 -------- d-----w- c:\windows\system32\1033
2013-05-09 08:30 . 2013-05-09 08:30 -------- d-----w- c:\program files (x86)\MySQL
2013-05-09 08:30 . 2013-05-09 18:11 -------- d-----w- c:\program files (x86)\IIS
2013-05-09 08:30 . 2013-05-09 08:30 -------- d-----w- c:\program files\IIS
2013-05-09 08:29 . 2013-05-09 18:52 -------- d-----w- c:\program files (x86)\IIS Express
2013-05-09 08:29 . 2013-05-09 08:30 -------- d-----w- c:\program files\IIS Express
2013-05-09 08:29 . 2013-05-09 08:29 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-05-09 08:29 . 2013-05-20 06:36 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2013-05-09 08:29 . 2013-05-09 18:01 -------- d-----w- c:\program files\Microsoft SQL Server
2013-05-09 08:29 . 2013-05-09 17:58 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2013-05-09 08:28 . 2013-05-09 18:36 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
2013-05-09 08:28 . 2013-05-22 04:59 -------- d-----w- c:\programdata\Package Cache
2013-05-09 08:23 . 2013-05-09 08:23 -------- d-----w- c:\program files\Microsoft
2013-05-09 05:22 . 2013-05-09 05:22 -------- d-----w- c:\programdata\Belkin
2013-05-09 04:48 . 2013-05-20 06:36 -------- d-----w- c:\program files (x86)\Belkin
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 21:20 . 2010-04-11 19:06 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-11 22:19 . 2011-03-29 01:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:29 . 2010-03-26 00:42 278800 ----a-w- c:\windows\system32\MpSigStub.exe
2013-04-24 04:28 . 2013-04-17 21:09 905296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-23 12:48 . 2012-05-03 01:40 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-23 12:48 . 2011-07-15 20:20 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-20 05:21 . 2013-01-18 16:29 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2013-04-20 05:21 . 2013-04-20 05:21 770912 ----a-w- c:\windows\SysWow64\Msfdbqp.dll
2013-04-20 05:21 . 2013-04-20 05:21 397152 ----a-w- c:\windows\SysWow64\Msfdbse.dll
2013-04-20 05:21 . 2013-04-20 05:21 189792 ----a-w- c:\windows\SysWow64\SimpleProviders2.dll
2013-04-20 05:21 . 2013-04-20 05:21 253280 ----a-w- c:\windows\SysWow64\MetaStore2.dll
2013-04-20 05:21 . 2013-04-20 05:21 230240 ----a-w- c:\windows\SysWow64\Msfdb.dll
2013-04-20 05:21 . 2013-04-20 05:21 171360 ----a-w- c:\windows\SysWow64\FileSyncProvider2.dll
2013-04-20 05:21 . 2013-04-20 05:22 511328 ----a-w- c:\windows\SysWow64\Synchronization2.dll
2013-04-20 05:21 . 2013-04-20 05:21 156512 ----a-w- c:\windows\SysWow64\FeedSync2.dll
2013-04-16 21:25 . 2013-04-16 21:26 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-16 21:25 . 2012-05-27 00:43 866720 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-04-16 21:25 . 2010-06-21 15:20 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-15 22:36 . 2013-04-15 22:36 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-12 14:45 . 2013-04-24 04:23 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\SysWow64\GPhotos.scr
2013-03-20 08:07 . 2013-04-15 21:40 233472 ----a-w- c:\windows\SysWow64\FsUsbExService.Exe
2013-03-20 08:07 . 2013-04-15 21:40 37344 ----a-w- c:\windows\SysWow64\FsUsbExDisk.Sys
2013-03-20 08:07 . 2013-04-15 21:40 37344 ----a-w- c:\windows\SysWow64\FsUsbExDisk.Sy_
2013-03-19 16:33 . 2013-03-19 16:33 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-03-19 16:33 . 2013-03-19 16:33 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-03-19 16:33 . 2013-03-19 16:33 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-03-19 16:33 . 2013-03-19 16:33 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-03-19 16:33 . 2013-03-19 16:33 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-03-19 16:33 . 2013-03-19 16:33 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-03-19 16:32 . 2013-03-19 16:32 19968 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-03-19 16:32 . 2013-03-19 16:32 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-19 06:04 . 2013-04-10 08:31 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 08:31 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 08:31 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 08:31 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 08:31 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 08:31 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-07 19:21 . 2013-03-07 19:21 38664 ----a-w- c:\windows\system32\drivers\tapSF0901.sys
2013-02-28 13:19 . 2013-02-28 13:19 91264 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2013-02-28 12:03 . 2013-03-13 23:05 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-28 11:38 . 2013-03-13 23:05 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\users\Horriblechild\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\users\Horriblechild\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\users\Horriblechild\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-24 5622512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-05 2446648]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2012-07-26 30752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R2 AVWEBCAM;AV WebCam, WDM Video Capture;c:\windows\system32\DRIVERS\avwebcam.sys [2010-12-03 17152]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
R2 iPodDrv;iPodDrv; [x]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
R3 ALSysIO;ALSysIO;c:\users\HORRIB~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys [2012-07-03 29184]
R3 AndNetGps;LGE AndroidNet USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandnetgps64.sys [2012-07-03 28160]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys [2012-07-03 36352]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys [2012-07-04 103936]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2013-02-22 38080]
R3 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-28 252784]
R3 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-02-22 102936]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS [2013-03-20 37344]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-10-11 44928]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2013-01-31 28160]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-03 22528]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-01-30 19456]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2013-02-22 169288]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2013-02-22 21320]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2013-02-22 188232]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-02-22 203544]
R3 tapSF0901;Spotflux TAP Device Driver;c:\windows\system32\DRIVERS\tapSF0901.sys [2013-03-07 38664]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-01-30 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VCam_WDM;Virtual Webcam 8.0;c:\windows\system32\DRIVERS\VCam_WDM.sys [2012-05-25 104120]
R3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\DRIVERS\lgvzandnetdiag64.sys [2012-03-12 29696]
R3 vzandnetdiag2;LGE AndroidNet for VZW Diagnostics Port;c:\windows\system32\DRIVERS\lgvzandnetdiag264.sys [2012-03-12 29696]
R3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\DRIVERS\lgvzandnetmdm64.sys [2012-03-12 36864]
R3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgvzandnetndis64.sys [2012-03-12 104448]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-31 1255736]
R4 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-02-26 528192]
R4 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2010-07-10 43912]
R4 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2012-09-06 80472]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0153;RsFx0153 Driver;c:\windows\system32\DRIVERS\RsFx0153.sys [2012-06-29 321992]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2012-06-29 441288]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-29 81408]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-05 55808]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-31 236544]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 946688]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-13 14:28]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-13 14:28]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1055503382-879723994-1440896104-1000Core1cb6e9c33fed39d.job
- c:\users\Horriblechild\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-15 20:07]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1055503382-879723994-1440896104-1000UA.job
- c:\users\Horriblechild\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-15 20:07]
.
2013-05-24 c:\windows\Tasks\SlimCleaner Run.job
- c:\program files (x86)\SlimCleaner\SlimCleaner.exe [2013-05-07 21:48]
.
2013-05-22 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 657a0411-6734-4e02-be1b-893ec34e61e3.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-05-21 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c1546937-baae-4dda-8b42-e744304c4791.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopFileLocked]
@="{C253B817-3A00-475f-A5A3-6F2DD704B48D}"
[HKEY_CLASSES_ROOT\CLSID\{C253B817-3A00-475f-A5A3-6F2DD704B48D}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSynced]
@="{19ACC806-F7AA-46AA-A80A-726A07CA6637}"
[HKEY_CLASSES_ROOT\CLSID\{19ACC806-F7AA-46AA-A80A-726A07CA6637}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSyncedCollabs]
@="{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}"
[HKEY_CLASSES_ROOT\CLSID\{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSynced]
@="{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}"
[HKEY_CLASSES_ROOT\CLSID\{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSyncedCollab]
@="{9E48C232-F601-4E41-BB3E-16CBAF317AA4}"
[HKEY_CLASSES_ROOT\CLSID\{9E48C232-F601-4E41-BB3E-16CBAF317AA4}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 162552 ----a-w- c:\users\Horriblechild\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 162552 ----a-w- c:\users\Horriblechild\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 162552 ----a-w- c:\users\Horriblechild\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 162552 ----a-w- c:\users\Horriblechild\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-03 8312352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-18 16414824]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"BoxSyncHelper"="c:\program files\box sync\boxsynchelper.exe" [2013-02-22 393216]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Horriblechild\AppData\Roaming\Mozilla\Firefox\Profiles\d5g8fsdt.default\
FF - ExtSQL: 2013-04-19 01:13; {e968fc70-8f95-4ab9-9e79-304de2a71ee1}; c:\users\Horriblechild\AppData\Roaming\Mozilla\Firefox\Profiles\d5g8fsdt.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
Notify-WB - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1055503382-879723994-1440896104-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1055503382-879723994-1440896104-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-24  11:36:12
ComboFix-quarantined-files.txt  2013-05-24 18:36
.
Pre-Run: 65,933,029,376 bytes free
Post-Run: 66,087,419,904 bytes free
.
- - End Of File - - 47A272FEA61F950D6AF6C26104FA105B
 

 



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:10 PM

Posted 02 June 2013 - 08:57 PM


Hello horriblechild

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe or e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • First Press the Scan button.
  • It will make a log (FRST.txt)
I want you to poste the FRST.txt report into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 horriblechild

horriblechild
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 03 June 2013 - 03:46 AM

OK.

 

I finally got the tool ran;

There's still a bunch of lock icons and stuff on my folders.  And the "install shield" type icon is still there as well.

 

Here's the Log:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2013 03
Ran by SYSTEM on 03-06-2013 01:39:03
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8312352 2009-11-02] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1870120 2009-10-15] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup [16414824 2010-01-17] (NVIDIA Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [BoxSyncHelper] c:\program files\box sync\boxsynchelper.exe [393216 2013-02-21] (Box, Inc.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295736 2011-02-11] (TOSHIBA Corporation)
 
==================== Services (Whitelisted) =================
 
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
S4 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [528192 2013-02-25] (IObit)
S4 atashost; C:\windows\SysWOW64\atashost.exe [43912 2010-07-10] (WebEx Communications, Inc.)
S4 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [80472 2012-09-06] (Microsoft Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S4 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62218696 2012-06-29] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441288 2012-06-29] (Microsoft Corporation)
S3 ACDaemon; 
 
==================== Drivers (Whitelisted) ====================
 
S4 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.)
S4 AndNetGps; C:\Windows\System32\DRIVERS\lgandnetgps64.sys [28160 2012-07-03] (LG Electronics Inc.)
S4 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.)
S4 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [103936 2012-07-04] (LG Electronics Inc.)
S4 AVWEBCAM; C:\Windows\System32\DRIVERS\avwebcam.sys [17152 2010-12-02] (Windows ® Codename Longhorn DDK provider)
S4 ElRawDisk; C:\windows\system32\drivers\ElRawDsk.sys [30752 2012-07-26] (EldoS Corporation)
S4 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] ()
S4 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-10] (ManyCam LLC)
S4 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S4 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [321992 2012-06-29] (Microsoft Corporation)
S4 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S4 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S2 tandpl; C:\Windows\SysWow64\drivers\tandpl.sys [4736 2003-04-18] ()
S4 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [38664 2013-03-07] (Spotflux, Inc)
S4 VCam_WDM; C:\Windows\System32\DRIVERS\VCam_WDM.sys [104120 2012-05-25] (e2eSoft)
S4 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [29696 2012-03-12] (LG Electronics Inc.)
S4 vzandnetdiag2; C:\Windows\System32\DRIVERS\lgvzandnetdiag264.sys [29696 2012-03-12] (LG Electronics Inc.)
S4 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [36864 2012-03-12] (LG Electronics Inc.)
S4 vzandnetndis; C:\Windows\System32\DRIVERS\lgvzandnetndis64.sys [104448 2012-03-12] (LG Electronics Inc.)
S4 ALSysIO; \??\C:\Users\HORRIB~1\AppData\Local\Temp\ALSysIO64.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S4 iPodDrv; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-06-02 21:28 - 2013-06-02 21:28 - 01916716 ____A (Farbar) C:\Users\Horriblechild\Downloads\FRST64.exe
2013-06-02 19:12 - 2013-06-02 19:12 - 00004404 ____A C:\Users\Horriblechild\Desktop\Gringo Instructions.txt
2013-06-02 19:11 - 2013-06-02 19:11 - 00000000 ____A C:\Users\Horriblechild\Desktop\New Text Document.txt
2013-05-29 22:47 - 2013-05-29 22:55 - 1048576000 ____A C:\Users\Horriblechild\Downloads\linuxmint-15-mate-dvd-64bit.iso
2013-05-29 15:44 - 2013-05-29 15:44 - 00000000 ____D C:\Users\Horriblechild\Downloads\GrantPerms64
2013-05-29 14:36 - 2013-05-31 18:10 - 00000000 ____D C:\Users\Horriblechild\Desktop\Good Porn
2013-05-29 14:28 - 2013-05-29 14:28 - 00002170 ____A C:\Users\Horriblechild\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-05-29 14:28 - 2013-05-29 14:28 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2013-05-29 14:26 - 2013-05-29 14:26 - 05555190 ____A C:\Users\Horriblechild\Downloads\tweaking.com_windows_repair_aio_setup.exe
2013-05-29 14:26 - 2013-05-29 14:26 - 00628779 ____A C:\Users\Horriblechild\Downloads\GrantPerms64.zip
2013-05-29 11:32 - 2013-05-29 11:32 - 00000390 ____A C:\Windows\Tasks\WpsUpdateTask_Horriblechild.job
2013-05-29 11:31 - 2013-05-29 11:31 - 00001415 ____A C:\Users\Public\Desktop\Kingsoft Writer.lnk
2013-05-29 11:31 - 2013-05-29 11:31 - 00001415 ____A C:\Users\Public\Desktop\Kingsoft Presentation.lnk
2013-05-29 11:31 - 2013-05-29 11:31 - 00001394 ____A C:\Users\Public\Desktop\Kingsoft Spreadsheets.lnk
2013-05-29 11:31 - 2013-05-29 11:31 - 00000000 ____D C:\Windows\SHELLNEW
2013-05-29 11:31 - 2013-05-29 11:31 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\Kingsoft
2013-05-29 11:31 - 2013-05-29 11:31 - 00000000 ____D C:\ProgramData\Kingsoft
2013-05-29 11:30 - 2013-05-29 11:30 - 00000000 ____D C:\Program Files (x86)\Kingsoft
2013-05-29 11:18 - 2013-05-29 11:18 - 00889480 ____A (CNET Download.com) C:\Users\Horriblechild\Downloads\cbsidlm-cbsi109-Kingsoft_Office_2012-BP-75563178.exe
2013-05-26 05:02 - 2013-05-26 05:02 - 00028943 ____A C:\Users\Horriblechild\Desktop\bookmarks_5_26_13.html
2013-05-25 05:59 - 2013-05-25 06:40 - 3306489856 ____A C:\Users\Horriblechild\Downloads\BT5R3-GNOME-64.iso
2013-05-25 05:52 - 2013-05-25 05:52 - 00000000 ____D C:\Program Files (x86)\LinuxLive USB Creator
2013-05-24 11:59 - 2013-06-02 07:46 - 00000952 ____A C:\Windows\setupact.log
2013-05-24 11:59 - 2013-05-24 11:59 - 00000000 ____A C:\Windows\setuperr.log
2013-05-24 11:58 - 2013-05-29 14:32 - 00001932 ____A C:\Windows\PFRO.log
2013-05-24 11:19 - 2013-05-24 11:44 - 00000000 ____D C:\Users\Horriblechild\Desktop\SysinternalsSuite
2013-05-24 10:19 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2013-05-24 10:19 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2013-05-24 10:19 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-05-24 10:19 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-05-24 10:19 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-05-24 10:19 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2013-05-24 10:19 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2013-05-24 10:19 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2013-05-24 10:16 - 2013-05-24 10:33 - 00000000 ____D C:\Windows\erdnt
2013-05-24 10:12 - 2013-05-24 10:12 - 05070409 ____R (Swearware) C:\Users\Horriblechild\Desktop\ComboFix.exe
2013-05-24 10:11 - 2013-05-24 10:11 - 00050469 ____A C:\Users\Horriblechild\Downloads\how-to-use-combofix.htm
2013-05-24 08:39 - 2013-05-24 08:39 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-24 08:39 - 2013-05-24 08:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-24 08:39 - 2013-04-04 13:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-24 08:31 - 2013-05-24 08:31 - 00000240 ____A C:\Windows\Tasks\SlimCleaner Run.job
2013-05-24 08:20 - 2013-05-24 08:20 - 01181707 ____A C:\Users\Horriblechild\Downloads\F9K1002_WW_5.00.08.bin
2013-05-24 04:19 - 2013-05-24 04:25 - 923795456 ____A C:\Users\Horriblechild\Downloads\linuxmint-14.1-cinnamon-dvd-64bit.iso
2013-05-24 03:19 - 2013-05-24 03:20 - 00000000 ___SD C:\Users\Horriblechild\Google Drive
2013-05-22 04:14 - 2013-05-22 04:15 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\{531C9E97-D63E-4BC0-842B-43CA707F6E02}
2013-05-22 04:14 - 2013-05-22 04:15 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\{531C9E97-D63E-4BC0-842B-43CA707F6E02}
2013-05-21 22:16 - 2013-05-21 22:16 - 00000000 ____D C:\Users\Horriblechild\Documents\WebMatrix Solutions
2013-05-21 20:29 - 2013-05-21 20:29 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\dftmp
2013-05-21 20:29 - 2013-05-21 20:29 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\dftmp
2013-05-21 19:00 - 2013-05-21 19:00 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\ImgBurn
2013-05-21 18:57 - 2013-05-21 18:57 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2013-05-21 18:55 - 2013-05-21 18:56 - 06118990 ____A (LIGHTNING UK!) C:\Users\Horriblechild\Downloads\SetupImgBurn_2.5.7.0.exe
2013-05-21 18:14 - 2013-05-21 18:14 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\PeerNetworking
2013-05-21 18:12 - 2013-05-21 18:12 - 00000000 ____D C:\Users\Horriblechild\Documents\New folder
2013-05-21 17:02 - 2013-05-21 17:02 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\NuGet
2013-05-21 16:30 - 2013-05-21 16:31 - 31037288 ____A (Microsoft Corporation) C:\Users\Horriblechild\Downloads\wlsetup-idcrl.exe
2013-05-21 06:30 - 2013-06-02 22:56 - 00000000 ____D C:\Users\Horriblechild\Desktop\Cloud Storage
2013-05-20 17:22 - 2013-05-21 10:25 - 00000000 ____D C:\Users\Horriblechild\Documents\My Box Files
2013-05-20 16:04 - 2013-05-20 16:04 - 01337448 ____A (Skype Technologies S.A.) C:\Users\Horriblechild\Downloads\SkypeSetup.exe
2013-05-20 14:33 - 2013-05-20 14:33 - 00000605 ____A C:\Users\Horriblechild\Downloads\MyDefrag.debuglog
2013-05-20 14:26 - 2013-05-20 14:26 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2013-05-20 14:26 - 2013-05-20 14:26 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\SlimWare Utilities Inc
2013-05-20 14:26 - 2013-05-20 14:26 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\SlimWare Utilities Inc
2013-05-20 14:26 - 2013-05-20 14:26 - 00000000 ____D C:\Program Files (x86)\SlimCleaner
2013-05-20 14:05 - 2013-05-20 14:05 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\IrfanView
2013-05-20 14:05 - 2013-05-20 14:05 - 00000000 ____D C:\Program Files (x86)\IrfanView
2013-05-20 14:04 - 2013-05-20 14:04 - 01646288 ____A (Irfan Skiljan) C:\Users\Horriblechild\Downloads\iview435_setup.exe
2013-05-20 13:50 - 2013-05-30 02:41 - 00000000 ____D C:\Users\Horriblechild\Desktop\Porn
2013-05-20 10:36 - 2013-05-21 18:36 - 00000526 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 657a0411-6734-4e02-be1b-893ec34e61e3.job
2013-05-20 10:36 - 2013-05-21 01:00 - 00000526 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c1546937-baae-4dda-8b42-e744304c4791.job
2013-05-20 10:35 - 2013-05-24 05:32 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-05-20 10:35 - 2013-05-20 10:35 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\SUPERAntiSpyware.com
2013-05-20 10:35 - 2013-05-20 10:35 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-05-20 04:47 - 2013-05-20 04:47 - 00000000 ____A C:\ProgramData\Sound Effects
2013-05-19 23:19 - 2013-05-19 23:19 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\{AC788E25-B568-49A1-BDB9-6455E77F3C77}
2013-05-19 23:19 - 2013-05-19 23:19 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\{AC788E25-B568-49A1-BDB9-6455E77F3C77}
2013-05-17 23:23 - 2013-05-17 23:23 - 00000000 ____D C:\Users\Public\Recorded TV
2013-05-17 06:45 - 2013-05-24 06:03 - 00000000 ___DC C:\Users\Horriblechild\Local Settings\Application Data\MigWiz
2013-05-17 06:45 - 2013-05-24 06:03 - 00000000 ___DC C:\Users\Horriblechild\AppData\Local\MigWiz
2013-05-17 02:21 - 2013-05-17 02:21 - 00000000 ___AH C:\Users\Horriblechild\Documents\Default.rdp
2013-05-16 12:23 - 2013-05-16 12:24 - 11332176 ____A C:\Users\Horriblechild\Downloads\commandsindemand.zip
2013-05-16 10:29 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-16 10:29 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-16 10:29 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-16 10:28 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-16 10:28 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-16 10:28 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-16 10:28 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-16 10:28 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-16 10:28 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-16 10:28 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-16 10:28 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-16 10:27 - 2013-05-24 12:10 - 00064000 __ASH C:\Users\Horriblechild\Documents\Thumbs.db
2013-05-16 07:27 - 2013-05-16 07:27 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-05-16 07:26 - 2013-05-16 07:26 - 01138397 ____A C:\Users\Horriblechild\Downloads\7z922.exe
2013-05-16 05:46 - 2013-05-16 05:47 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\{504BBA30-1B55-47FA-B0DF-A2B5FCDD0067}
2013-05-16 05:46 - 2013-05-16 05:47 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\{504BBA30-1B55-47FA-B0DF-A2B5FCDD0067}
2013-05-16 05:25 - 2013-05-06 05:39 - 09060352 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 05:25 - 2013-05-06 05:04 - 06033408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-16 05:25 - 2013-04-09 21:51 - 01492992 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 05:25 - 2013-04-09 21:51 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 05:25 - 2013-04-09 21:51 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-16 05:25 - 2013-04-09 21:47 - 00735232 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 05:25 - 2013-04-09 21:47 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-16 05:25 - 2013-04-09 21:46 - 12294656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 05:25 - 2013-04-09 21:46 - 02458112 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 05:25 - 2013-04-09 21:46 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-16 05:25 - 2013-04-09 21:46 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 05:25 - 2013-04-09 21:08 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-16 05:25 - 2013-04-09 21:07 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-16 05:25 - 2013-04-09 21:07 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-16 05:25 - 2013-04-09 21:03 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-16 05:25 - 2013-04-09 21:03 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-16 05:25 - 2013-04-09 21:03 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-16 05:25 - 2013-04-09 21:02 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-16 05:25 - 2013-04-09 21:02 - 02078208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-16 05:25 - 2013-04-09 21:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-16 05:25 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-14 15:51 - 2013-05-14 15:51 - 00059438 ____A C:\Users\Horriblechild\Downloads\user.conf
2013-05-14 06:44 - 2013-05-19 22:26 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\Malwarebytes
2013-05-14 06:41 - 2013-05-19 22:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-14 04:08 - 2013-05-14 04:08 - 00000000 ____D C:\ProgramData\Sophos
2013-05-14 04:08 - 2013-05-14 04:08 - 00000000 ____D C:\Program Files (x86)\Sophos
2013-05-14 02:19 - 2013-05-24 10:55 - 00000000 ____D C:\Users\Horriblechild\Desktop\NewInstalls
2013-05-13 03:47 - 2013-05-19 22:28 - 00000000 ____D C:\Users\Horriblechild\Documents\Fax
2013-05-13 01:23 - 2013-05-13 01:24 - 00000000 ____D C:\Users\Horriblechild\Documents\Ubuntu
2013-05-11 16:21 - 2013-05-11 16:21 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\{BD1B3AE4-1289-418F-A2C8-16DE3FB00855}
2013-05-11 16:21 - 2013-05-11 16:21 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\{BD1B3AE4-1289-418F-A2C8-16DE3FB00855}
2013-05-11 16:20 - 2013-05-11 16:20 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\{D236304E-687C-4E18-9F39-445298A69B3E}
2013-05-11 16:20 - 2013-05-11 16:20 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\{D236304E-687C-4E18-9F39-445298A69B3E}
2013-05-11 13:35 - 2013-05-16 05:10 - 00000000 ____D C:\Program Files (x86)\netcut
2013-05-11 13:18 - 2013-05-11 13:18 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\{2D2243FD-07A2-4EF6-BD6C-891F4C6A4444}
2013-05-11 13:18 - 2013-05-11 13:18 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\{2D2243FD-07A2-4EF6-BD6C-891F4C6A4444}
2013-05-10 06:57 - 2013-05-16 04:38 - 00338944 __ASH C:\Users\Horriblechild\Downloads\Thumbs.db
2013-05-10 06:49 - 2013-05-10 06:49 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\{3B11CD6D-E755-4CB6-AD31-B978F4EF96F1}
2013-05-10 06:49 - 2013-05-10 06:49 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\{3B11CD6D-E755-4CB6-AD31-B978F4EF96F1}
2013-05-10 05:59 - 2013-05-19 22:37 - 00000000 ____D C:\Users\Horriblechild\.android
2013-05-10 05:59 - 2013-05-19 22:32 - 00000000 ____D C:\Users\Horriblechild\workspace
2013-05-09 18:16 - 2013-05-09 18:17 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\{49BA11AE-C54A-4DA8-8DB9-9DB674AF7BF7}
2013-05-09 18:16 - 2013-05-09 18:17 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\{49BA11AE-C54A-4DA8-8DB9-9DB674AF7BF7}
2013-05-09 13:23 - 2013-05-09 15:20 - 00000258 _RASH C:\ProgramData\ntuser.pol
2013-05-09 12:08 - 2013-05-09 12:08 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\DevelopmentStorage
2013-05-09 12:08 - 2013-05-09 12:08 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\DevelopmentStorage
2013-05-09 11:17 - 2013-05-09 11:18 - 00000000 ____D C:\Program Files (x86)\Windows Azure Tools
2013-05-09 10:54 - 2012-08-21 06:59 - 00001536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winrsmgr.dll
2013-05-09 10:54 - 2012-08-21 06:20 - 00046080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncobjapi.dll
2013-05-09 10:54 - 2012-08-21 06:20 - 00001536 ____A (Microsoft Corporation) C:\Windows\System32\winrsmgr.dll
2013-05-09 10:54 - 2012-08-21 06:01 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Register-CimProvider.exe
2013-05-09 10:54 - 2012-08-21 05:49 - 00058368 ____A (Microsoft Corporation) C:\Windows\System32\ncobjapi.dll
2013-05-09 10:54 - 2012-08-21 05:32 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\Register-CimProvider.exe
2013-05-09 10:54 - 2012-08-21 04:47 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\winrshost.exe
2013-05-09 10:54 - 2012-07-23 10:17 - 00004675 ____A C:\Windows\System32\wsmanconfig_schema.xml
2013-05-09 10:54 - 2012-07-23 10:16 - 00204105 ____A C:\Windows\SysWOW64\winrm.vbs
2013-05-09 10:53 - 2012-08-21 06:56 - 00060416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2013-05-09 10:53 - 2012-08-21 06:29 - 00009728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winrssrv.dll
2013-05-09 10:53 - 2012-08-21 06:28 - 00010240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2013-05-09 10:53 - 2012-08-21 06:19 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\WsmRes.dll
2013-05-09 10:53 - 2012-08-21 06:18 - 00089088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mi.dll
2013-05-09 10:53 - 2012-08-21 06:14 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wecapi.dll
2013-05-09 10:53 - 2012-08-21 06:08 - 00083456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wevtfwd.dll
2013-05-09 10:53 - 2012-08-21 05:58 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\winrssrv.dll
2013-05-09 10:53 - 2012-08-21 05:57 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\wsmplpxy.dll
2013-05-09 10:53 - 2012-08-21 05:56 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wecutil.exe
2013-05-09 10:53 - 2012-08-21 05:48 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\mi.dll
2013-05-09 10:53 - 2012-08-21 05:45 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\wecapi.dll
2013-05-09 10:53 - 2012-08-21 05:44 - 00059904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\prvdmofcomp.dll
2013-05-09 10:53 - 2012-08-21 05:43 - 00154112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmitomi.dll
2013-05-09 10:53 - 2012-08-21 05:40 - 00108544 ____A (Microsoft Corporation) C:\Windows\System32\wevtfwd.dll
2013-05-09 10:53 - 2012-08-21 05:36 - 00124416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmidcom.dll
2013-05-09 10:53 - 2012-08-21 05:34 - 00382464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wbemcomn2.dll
2013-05-09 10:53 - 2012-08-21 05:33 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\miutils.dll
2013-05-09 10:53 - 2012-08-21 05:32 - 00021504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WsmAgent.dll
2013-05-09 10:53 - 2012-08-21 05:29 - 00192512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2013-05-09 10:53 - 2012-08-21 05:28 - 00105472 ____A (Microsoft Corporation) C:\Windows\System32\wecutil.exe
2013-05-09 10:53 - 2012-08-21 05:27 - 00189952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll
2013-05-09 10:53 - 2012-08-21 05:26 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\wecsvc.dll
2013-05-09 10:53 - 2012-08-21 05:17 - 00079360 ____A (Microsoft Corporation) C:\Windows\System32\prvdmofcomp.dll
2013-05-09 10:53 - 2012-08-21 05:16 - 00214528 ____A (Microsoft Corporation) C:\Windows\System32\wmitomi.dll
2013-05-09 10:53 - 2012-08-21 05:13 - 00020480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winrshost.exe
2013-05-09 10:53 - 2012-08-21 05:09 - 00160768 ____A (Microsoft Corporation) C:\Windows\System32\wmidcom.dll
2013-05-09 10:53 - 2012-08-21 05:08 - 00494592 ____A (Microsoft Corporation) C:\Windows\System32\wbemcomn2.dll
2013-05-09 10:53 - 2012-08-21 05:07 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\miutils.dll
2013-05-09 10:53 - 2012-08-21 05:06 - 00026112 ____A (Microsoft Corporation) C:\Windows\System32\WsmAgent.dll
2013-05-09 10:53 - 2012-08-21 05:04 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winrs.exe
2013-05-09 10:53 - 2012-08-21 05:03 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\framedynos.dll
2013-05-09 10:53 - 2012-08-21 05:03 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2013-05-09 10:53 - 2012-08-21 05:02 - 00242688 ____A (Microsoft Corporation) C:\Windows\System32\framedyn.dll
2013-05-09 10:53 - 2012-08-21 05:02 - 00227328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2013-05-09 10:53 - 2012-08-21 05:02 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2013-05-09 10:53 - 2012-08-21 05:02 - 00092160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winrscmd.dll
2013-05-09 10:53 - 2012-08-21 04:56 - 00526848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WsmGCDeps.dll
2013-05-09 10:53 - 2012-08-21 04:52 - 02039296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2013-05-09 10:53 - 2012-08-21 04:50 - 00036352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PSModuleDiscoveryProvider.dll
2013-05-09 10:53 - 2012-08-21 04:50 - 00030208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2013-05-09 10:53 - 2012-08-21 04:37 - 00046080 ____A (Microsoft Corporation) C:\Windows\System32\winrs.exe
2013-05-09 10:53 - 2012-08-21 04:36 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\wsmprovhost.exe
2013-05-09 10:53 - 2012-08-21 04:35 - 00157184 ____A (Microsoft Corporation) C:\Windows\System32\WsmAuto.dll
2013-05-09 10:53 - 2012-08-21 04:35 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\winrscmd.dll
2013-05-09 10:53 - 2012-08-21 04:34 - 00309248 ____A (Microsoft Corporation) C:\Windows\System32\WsmWmiPl.dll
2013-05-09 10:53 - 2012-08-21 04:30 - 00042496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pwrshplugin.dll
2013-05-09 10:53 - 2012-08-21 04:26 - 00630784 ____A (Microsoft Corporation) C:\Windows\System32\WsmGCDeps.dll
2013-05-09 10:53 - 2012-08-21 04:24 - 02832384 ____A (Microsoft Corporation) C:\Windows\System32\WsmSvc.dll
2013-05-09 10:53 - 2012-08-21 04:22 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\PSModuleDiscoveryProvider.dll
2013-05-09 10:53 - 2012-08-21 04:22 - 00028672 ____A (Microsoft Corporation) C:\Windows\System32\WSManHTTPConfig.exe
2013-05-09 10:53 - 2012-08-21 04:04 - 00058368 ____A (Microsoft Corporation) C:\Windows\System32\pwrshplugin.dll
2013-05-09 10:53 - 2012-08-21 03:26 - 00056832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2013-05-09 10:53 - 2012-08-21 03:05 - 00066560 ____A (Microsoft Corporation) C:\Windows\System32\WSManMigrationPlugin.dll
2013-05-09 10:53 - 2012-07-23 10:17 - 00204105 ____A C:\Windows\System32\winrm.vbs
2013-05-09 10:53 - 2012-07-23 10:17 - 00004148 ____A C:\Windows\System32\psmodulediscoveryprovider.mof
2013-05-09 10:53 - 2012-07-23 10:16 - 00004675 ____A C:\Windows\SysWOW64\wsmanconfig_schema.xml
2013-05-09 10:51 - 2013-05-09 10:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2013-05-09 10:46 - 2013-05-09 10:46 - 00000000 ____D C:\Program Files\Microsoft SDKs
2013-05-09 10:45 - 2013-05-09 10:45 - 00000000 ____D C:\Program Files (x86)\iisnode-dev
2013-05-09 10:44 - 2013-05-09 10:44 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\npm
2013-05-09 10:40 - 2013-05-09 10:40 - 00000000 ____D C:\Program Files\runphp
2013-05-09 10:39 - 2013-05-09 10:39 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2013-05-09 10:34 - 2013-05-21 20:39 - 00000000 ____D C:\Program Files (x86)\NuGet
2013-05-09 10:31 - 2013-05-21 17:01 - 00000000 ____D C:\Users\Horriblechild\Documents\Visual Studio 2012
2013-05-09 10:28 - 2013-05-09 10:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2013-05-09 10:27 - 2013-05-09 10:27 - 00000000 ____D C:\Windows\symbols
2013-05-09 10:25 - 2013-05-21 20:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0
2013-05-09 10:16 - 2013-05-19 22:21 - 00000000 ____D C:\ProgramData\VS
2013-05-09 10:11 - 2013-05-09 10:11 - 00518963 ____A C:\Users\Horriblechild\Downloads\evan.rodriguez.923
2013-05-09 10:10 - 2013-05-21 19:41 - 00000000 ____D C:\Users\Horriblechild\Documents\Visual Studio 2010
2013-05-09 10:06 - 2013-05-09 10:06 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 10.0
2013-05-09 10:06 - 2013-05-09 10:06 - 00000000 ____D C:\Program Files\Microsoft Help Viewer
2013-05-09 10:02 - 2012-06-29 00:22 - 00082888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr10.52.4000.0.dll
2013-05-09 10:02 - 2012-06-29 00:22 - 00057288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2013-05-09 10:02 - 2012-06-29 00:17 - 00088520 ____A (Microsoft Corporation) C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.52.4000.0.dll
2013-05-09 10:02 - 2012-06-29 00:17 - 00086984 ____A (Microsoft Corporation) C:\Windows\System32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2013-05-09 10:01 - 2013-05-09 10:01 - 00000000 ____D C:\Windows\System32\RsFx
2013-05-09 10:00 - 2013-05-09 10:00 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 9.0
2013-05-09 10:00 - 2013-05-09 10:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2013-05-09 00:32 - 2013-05-19 22:37 - 00000000 ____D C:\Users\Horriblechild\Documents\IISExpress
2013-05-09 00:32 - 2013-05-09 00:32 - 00000000 ____D C:\Users\Horriblechild\Documents\My Web Sites
2013-05-09 00:32 - 2013-05-09 00:32 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\Microsoft Corporation
2013-05-09 00:31 - 2013-05-09 00:32 - 00000000 ____D C:\Program Files (x86)\Microsoft WebMatrix
2013-05-09 00:31 - 2013-05-09 00:31 - 00000000 ____D C:\Windows\SysWOW64\1033
2013-05-09 00:31 - 2013-05-09 00:31 - 00000000 ____D C:\Windows\System32\1033
2013-05-09 00:30 - 2013-05-09 10:11 - 00000000 ____D C:\Program Files (x86)\IIS
2013-05-09 00:30 - 2013-05-09 00:30 - 00000000 ____D C:\Program Files\IIS
2013-05-09 00:30 - 2013-05-09 00:30 - 00000000 ____D C:\Program Files (x86)\MySQL
2013-05-09 00:29 - 2013-05-19 22:36 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2013-05-09 00:29 - 2013-05-09 10:52 - 00000000 ____D C:\Program Files (x86)\IIS Express
2013-05-09 00:29 - 2013-05-09 10:01 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2013-05-09 00:29 - 2013-05-09 09:58 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2013-05-09 00:29 - 2013-05-09 00:30 - 00000000 ____D C:\Program Files\IIS Express
2013-05-09 00:29 - 2013-05-09 00:29 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-05-09 00:28 - 2013-05-21 20:59 - 00000000 ____D C:\ProgramData\Package Cache
2013-05-09 00:28 - 2013-05-09 10:36 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2013-05-09 00:27 - 2013-05-09 01:55 - 00773782 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-05-08 21:22 - 2013-05-08 21:22 - 00000000 ____D C:\ProgramData\Belkin
2013-05-08 20:48 - 2013-05-19 22:36 - 00000000 ____D C:\Program Files (x86)\Belkin
 
==================== One Month Modified Files and Folders =======
 
2013-06-02 22:57 - 2009-07-13 21:13 - 00875328 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-02 22:56 - 2013-05-21 06:30 - 00000000 ____D C:\Users\Horriblechild\Desktop\Cloud Storage
2013-06-02 21:28 - 2013-06-02 21:28 - 01916716 ____A (Farbar) C:\Users\Horriblechild\Downloads\FRST64.exe
2013-06-02 19:12 - 2013-06-02 19:12 - 00004404 ____A C:\Users\Horriblechild\Desktop\Gringo Instructions.txt
2013-06-02 19:11 - 2013-06-02 19:11 - 00000000 ____A C:\Users\Horriblechild\Desktop\New Text Document.txt
2013-06-02 11:42 - 2010-01-14 18:46 - 01624535 ____A C:\Windows\WindowsUpdate.log
2013-06-02 07:53 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-02 07:53 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-02 07:46 - 2013-05-24 11:59 - 00000952 ____A C:\Windows\setupact.log
2013-05-31 18:10 - 2013-05-29 14:36 - 00000000 ____D C:\Users\Horriblechild\Desktop\Good Porn
2013-05-30 03:54 - 2013-02-08 12:35 - 00000000 ____D C:\Users\Horriblechild\Documents\Zoom
2013-05-30 03:49 - 2013-01-15 01:25 - 00000000 ____D C:\Users\Horriblechild\Documents\Youcam
2013-05-30 03:47 - 2011-04-06 16:52 - 00000000 ____D C:\Users\Horriblechild\Desktop\Desktop Folders
2013-05-30 03:47 - 2011-03-14 17:58 - 00000000 ____D C:\Users\Horriblechild\Documents\VIDEO PROJECTS
2013-05-30 03:45 - 2011-04-07 14:41 - 00000000 ____D C:\Users\Horriblechild\Desktop\Slideshow Pics
2013-05-30 02:41 - 2013-05-20 13:50 - 00000000 ____D C:\Users\Horriblechild\Desktop\Porn
2013-05-30 02:30 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-05-29 22:55 - 2013-05-29 22:47 - 1048576000 ____A C:\Users\Horriblechild\Downloads\linuxmint-15-mate-dvd-64bit.iso
2013-05-29 15:44 - 2013-05-29 15:44 - 00000000 ____D C:\Users\Horriblechild\Downloads\GrantPerms64
2013-05-29 14:33 - 2010-03-25 16:28 - 00087176 ____A C:\Users\Horriblechild\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-05-29 14:33 - 2010-03-25 16:28 - 00087176 ____A C:\Users\Horriblechild\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-29 14:32 - 2013-05-24 11:58 - 00001932 ____A C:\Windows\PFRO.log
2013-05-29 14:32 - 2009-07-13 20:45 - 00365024 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-29 14:28 - 2013-05-29 14:28 - 00002170 ____A C:\Users\Horriblechild\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-05-29 14:28 - 2013-05-29 14:28 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2013-05-29 14:26 - 2013-05-29 14:26 - 05555190 ____A C:\Users\Horriblechild\Downloads\tweaking.com_windows_repair_aio_setup.exe
2013-05-29 14:26 - 2013-05-29 14:26 - 00628779 ____A C:\Users\Horriblechild\Downloads\GrantPerms64.zip
2013-05-29 12:16 - 2013-04-24 14:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-29 11:32 - 2013-05-29 11:32 - 00000390 ____A C:\Windows\Tasks\WpsUpdateTask_Horriblechild.job
2013-05-29 11:31 - 2013-05-29 11:31 - 00001415 ____A C:\Users\Public\Desktop\Kingsoft Writer.lnk
2013-05-29 11:31 - 2013-05-29 11:31 - 00001415 ____A C:\Users\Public\Desktop\Kingsoft Presentation.lnk
2013-05-29 11:31 - 2013-05-29 11:31 - 00001394 ____A C:\Users\Public\Desktop\Kingsoft Spreadsheets.lnk
2013-05-29 11:31 - 2013-05-29 11:31 - 00000000 ____D C:\Windows\SHELLNEW
2013-05-29 11:31 - 2013-05-29 11:31 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\Kingsoft
2013-05-29 11:31 - 2013-05-29 11:31 - 00000000 ____D C:\ProgramData\Kingsoft
2013-05-29 11:30 - 2013-05-29 11:30 - 00000000 ____D C:\Program Files (x86)\Kingsoft
2013-05-29 11:18 - 2013-05-29 11:18 - 00889480 ____A (CNET Download.com) C:\Users\Horriblechild\Downloads\cbsidlm-cbsi109-Kingsoft_Office_2012-BP-75563178.exe
2013-05-29 11:12 - 2013-03-13 23:00 - 00000000 ____D C:\Users\Horriblechild\Desktop\JOBHUNT
2013-05-26 05:02 - 2013-05-26 05:02 - 00028943 ____A C:\Users\Horriblechild\Desktop\bookmarks_5_26_13.html
2013-05-25 06:40 - 2013-05-25 05:59 - 3306489856 ____A C:\Users\Horriblechild\Downloads\BT5R3-GNOME-64.iso
2013-05-25 05:52 - 2013-05-25 05:52 - 00000000 ____D C:\Program Files (x86)\LinuxLive USB Creator
2013-05-24 12:10 - 2013-05-16 10:27 - 00064000 __ASH C:\Users\Horriblechild\Documents\Thumbs.db
2013-05-24 11:59 - 2013-05-24 11:59 - 00000000 ____A C:\Windows\setuperr.log
2013-05-24 11:44 - 2013-05-24 11:19 - 00000000 ____D C:\Users\Horriblechild\Desktop\SysinternalsSuite
2013-05-24 10:55 - 2013-05-14 02:19 - 00000000 ____D C:\Users\Horriblechild\Desktop\NewInstalls
2013-05-24 10:33 - 2013-05-24 10:16 - 00000000 ____D C:\Windows\erdnt
2013-05-24 10:32 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2013-05-24 10:12 - 2013-05-24 10:12 - 05070409 ____R (Swearware) C:\Users\Horriblechild\Desktop\ComboFix.exe
2013-05-24 10:11 - 2013-05-24 10:11 - 00050469 ____A C:\Users\Horriblechild\Downloads\how-to-use-combofix.htm
2013-05-24 08:39 - 2013-05-24 08:39 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-24 08:39 - 2013-05-24 08:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-24 08:31 - 2013-05-24 08:31 - 00000240 ____A C:\Windows\Tasks\SlimCleaner Run.job
2013-05-24 08:20 - 2013-05-24 08:20 - 01181707 ____A C:\Users\Horriblechild\Downloads\F9K1002_WW_5.00.08.bin
2013-05-24 06:03 - 2013-05-17 06:45 - 00000000 ___DC C:\Users\Horriblechild\Local Settings\Application Data\MigWiz
2013-05-24 06:03 - 2013-05-17 06:45 - 00000000 ___DC C:\Users\Horriblechild\AppData\Local\MigWiz
2013-05-24 06:03 - 2010-05-13 01:46 - 00000000 ____D C:\Users\Horriblechild\Tracing
2013-05-24 06:02 - 2010-04-14 13:12 - 00000000 ____D C:\Windows\Minidump
2013-05-24 05:32 - 2013-05-20 10:35 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-05-24 04:59 - 2011-08-30 12:57 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\Dropbox
2013-05-24 04:33 - 2011-08-30 12:58 - 00000000 ___RD C:\Users\Horriblechild\Dropbox
2013-05-24 04:25 - 2013-05-24 04:19 - 923795456 ____A C:\Users\Horriblechild\Downloads\linuxmint-14.1-cinnamon-dvd-64bit.iso
2013-05-24 03:20 - 2013-05-24 03:19 - 00000000 ___SD C:\Users\Horriblechild\Google Drive
2013-05-24 03:19 - 2010-03-25 16:27 - 00000000 ____D C:\users\Horriblechild
2013-05-22 04:15 - 2013-05-22 04:14 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\{531C9E97-D63E-4BC0-842B-43CA707F6E02}
2013-05-22 04:15 - 2013-05-22 04:14 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\{531C9E97-D63E-4BC0-842B-43CA707F6E02}
2013-05-21 22:53 - 2013-04-13 06:28 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-21 22:42 - 2010-04-15 12:07 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1055503382-879723994-1440896104-1000UA.job
2013-05-21 22:16 - 2013-05-21 22:16 - 00000000 ____D C:\Users\Horriblechild\Documents\WebMatrix Solutions
2013-05-21 22:05 - 2010-03-25 16:34 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\Toshiba
2013-05-21 21:59 - 2013-04-13 06:28 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-21 21:57 - 2009-12-11 22:22 - 00000000 ____D C:\Program Files\TOSHIBA
2013-05-21 21:57 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-21 21:55 - 2010-03-25 16:29 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\Toshiba
2013-05-21 21:55 - 2010-03-25 16:29 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\Toshiba
2013-05-21 21:55 - 2009-12-11 22:27 - 00000000 ____D C:\ProgramData\Toshiba
2013-05-21 20:59 - 2013-05-09 00:28 - 00000000 ____D C:\ProgramData\Package Cache
2013-05-21 20:45 - 2013-05-09 10:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0
2013-05-21 20:45 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-05-21 20:39 - 2013-05-09 10:34 - 00000000 ____D C:\Program Files (x86)\NuGet
2013-05-21 20:29 - 2013-05-21 20:29 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\dftmp
2013-05-21 20:29 - 2013-05-21 20:29 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\dftmp
2013-05-21 19:41 - 2013-05-09 10:10 - 00000000 ____D C:\Users\Horriblechild\Documents\Visual Studio 2010
2013-05-21 19:00 - 2013-05-21 19:00 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\ImgBurn
2013-05-21 18:57 - 2013-05-21 18:57 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2013-05-21 18:56 - 2013-05-21 18:55 - 06118990 ____A (LIGHTNING UK!) C:\Users\Horriblechild\Downloads\SetupImgBurn_2.5.7.0.exe
2013-05-21 18:38 - 2012-07-30 22:00 - 00000000 ____D C:\Program Files\CCleaner
2013-05-21 18:36 - 2013-05-20 10:36 - 00000526 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 657a0411-6734-4e02-be1b-893ec34e61e3.job
2013-05-21 18:14 - 2013-05-21 18:14 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\PeerNetworking
2013-05-21 18:12 - 2013-05-21 18:12 - 00000000 ____D C:\Users\Horriblechild\Documents\New folder
2013-05-21 17:02 - 2013-05-21 17:02 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\NuGet
2013-05-21 17:01 - 2013-05-09 10:31 - 00000000 ____D C:\Users\Horriblechild\Documents\Visual Studio 2012
2013-05-21 16:38 - 2010-04-10 07:52 - 00010240 ____A C:\Users\Horriblechild\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-21 16:38 - 2010-04-10 07:52 - 00010240 ____A C:\Users\Horriblechild\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-21 16:31 - 2013-05-21 16:30 - 31037288 ____A (Microsoft Corporation) C:\Users\Horriblechild\Downloads\wlsetup-idcrl.exe
2013-05-21 11:03 - 2013-01-17 23:54 - 00000000 ____D C:\Users\Horriblechild\Desktop\Neals contest
2013-05-21 10:28 - 2013-02-07 19:19 - 00047104 __ASH C:\Users\Horriblechild\Thumbs.db
2013-05-21 10:25 - 2013-05-20 17:22 - 00000000 ____D C:\Users\Horriblechild\Documents\My Box Files
2013-05-21 06:47 - 2013-04-13 07:00 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\Box Sync
2013-05-21 06:42 - 2010-10-18 00:12 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1055503382-879723994-1440896104-1000Core1cb6e9c33fed39d.job
2013-05-21 01:00 - 2013-05-20 10:36 - 00000526 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c1546937-baae-4dda-8b42-e744304c4791.job
2013-05-20 16:15 - 2010-06-22 22:41 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\Skype
2013-05-20 16:15 - 2010-06-22 22:25 - 00000000 ____D C:\ProgramData\Skype
2013-05-20 16:04 - 2013-05-20 16:04 - 01337448 ____A (Skype Technologies S.A.) C:\Users\Horriblechild\Downloads\SkypeSetup.exe
2013-05-20 14:33 - 2013-05-20 14:33 - 00000605 ____A C:\Users\Horriblechild\Downloads\MyDefrag.debuglog
2013-05-20 14:30 - 2013-01-15 01:19 - 00000000 ____D C:\ProgramData\install_clap
2013-05-20 14:30 - 2010-03-25 23:13 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\uTorrent
2013-05-20 14:30 - 2009-12-12 14:02 - 00000000 ____D C:\Windows\Panther
2013-05-20 14:26 - 2013-05-20 14:26 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2013-05-20 14:26 - 2013-05-20 14:26 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\SlimWare Utilities Inc
2013-05-20 14:26 - 2013-05-20 14:26 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\SlimWare Utilities Inc
2013-05-20 14:26 - 2013-05-20 14:26 - 00000000 ____D C:\Program Files (x86)\SlimCleaner
2013-05-20 14:05 - 2013-05-20 14:05 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\IrfanView
2013-05-20 14:05 - 2013-05-20 14:05 - 00000000 ____D C:\Program Files (x86)\IrfanView
2013-05-20 14:04 - 2013-05-20 14:04 - 01646288 ____A (Irfan Skiljan) C:\Users\Horriblechild\Downloads\iview435_setup.exe
2013-05-20 13:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-05-20 12:44 - 2010-03-25 23:08 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\Paint.NET
2013-05-20 12:44 - 2010-03-25 23:08 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\Paint.NET
2013-05-20 10:35 - 2013-05-20 10:35 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\SUPERAntiSpyware.com
2013-05-20 10:35 - 2013-05-20 10:35 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-05-20 04:52 - 2012-02-29 17:19 - 00000000 ____D C:\Program Files (x86)\Nikon
2013-05-20 04:48 - 2012-02-29 17:24 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\Nikon
2013-05-20 04:48 - 2012-02-29 17:24 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\Nikon
2013-05-20 04:47 - 2013-05-20 04:47 - 00000000 ____A C:\ProgramData\Sound Effects
2013-05-20 04:47 - 2012-02-29 17:20 - 00000000 ___AH C:\ProgramData\PKP_DLev.DAT
2013-05-20 04:47 - 2012-02-29 17:20 - 00000000 ___AH C:\ProgramData\PKP_DLet.DAT
2013-05-20 04:47 - 2012-02-29 17:20 - 00000000 ___AH C:\ProgramData\PKP_DLes.DAT
2013-05-20 04:47 - 2012-02-29 17:20 - 00000000 ____A C:\Users\Horriblechild\AppData\Roaming\Sounds
2013-05-20 04:47 - 2012-02-29 17:20 - 00000000 ____A C:\Users\Horriblechild\AppData\Roaming\Sound Effects
2013-05-20 04:45 - 2009-12-11 22:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-20 04:43 - 2010-01-14 19:12 - 00000000 ____D C:\Windows\SysWOW64\sda
2013-05-20 04:34 - 2013-01-18 00:24 - 00000000 ____D C:\Program Files (x86)\DebugMode
2013-05-20 03:58 - 2013-01-15 21:13 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\Windows Live
2013-05-20 03:58 - 2013-01-15 21:13 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\Windows Live
2013-05-20 03:53 - 2013-04-18 22:56 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\Spotflux
2013-05-20 01:18 - 2009-07-13 21:08 - 00032622 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-19 23:19 - 2013-05-19 23:19 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\{AC788E25-B568-49A1-BDB9-6455E77F3C77}
2013-05-19 23:19 - 2013-05-19 23:19 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\{AC788E25-B568-49A1-BDB9-6455E77F3C77}
2013-05-19 22:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-05-19 22:37 - 2013-05-10 05:59 - 00000000 ____D C:\Users\Horriblechild\.android
2013-05-19 22:37 - 2013-05-09 00:32 - 00000000 ____D C:\Users\Horriblechild\Documents\IISExpress
2013-05-19 22:37 - 2013-04-18 22:58 - 00000000 ____D C:\Users\Horriblechild\.swt
2013-05-19 22:37 - 2013-04-15 13:37 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\Samsung
2013-05-19 22:37 - 2013-04-15 13:37 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\Samsung
2013-05-19 22:37 - 2013-04-13 06:30 - 00000000 ___SD C:\Users\Horriblechild\Google Drive1
2013-05-19 22:37 - 2013-04-04 20:40 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\Mozilla
2013-05-19 22:37 - 2013-02-08 12:34 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\Zoom
2013-05-19 22:37 - 2013-02-04 20:21 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\Screencast-O-Matic
2013-05-19 22:37 - 2013-02-04 20:21 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\Screencast-O-Matic
2013-05-19 22:37 - 2013-01-29 22:14 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\HandBrake
2013-05-19 22:37 - 2013-01-29 22:14 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\HandBrake
2013-05-19 22:37 - 2013-01-15 21:08 - 00000000 ____D C:\ProgramData\MobilEditMultimediaDLLs
2013-05-19 22:37 - 2013-01-15 21:04 - 00000000 ____D C:\Users\Horriblechild\Documents\MOBILedit!
2013-05-19 22:37 - 2013-01-15 20:24 - 00000000 ____D C:\Users\Public\Documents\MobilEdit!
2013-05-19 22:37 - 2013-01-15 01:26 - 00000000 ____D C:\Users\Public\CyberLink
2013-05-19 22:37 - 2013-01-15 01:25 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\CyberLink
2013-05-19 22:37 - 2013-01-15 01:25 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\CyberLink
2013-05-19 22:37 - 2012-10-02 14:10 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\U3
2013-05-19 22:37 - 2012-07-31 11:44 - 00000000 ____D C:\ProgramData\IObit
2013-05-19 22:37 - 2012-07-30 22:15 - 00000000 ____D C:\ProgramData\iolo
2013-05-19 22:37 - 2011-10-20 17:45 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-05-19 22:37 - 2011-10-20 17:45 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-05-19 22:37 - 2011-10-04 22:39 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\KompoZer
2013-05-19 22:37 - 2011-05-03 20:11 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\Gmote
2013-05-19 22:37 - 2011-05-02 20:30 - 00000000 ____D C:\ProgramData\DivX
2013-05-19 22:37 - 2011-04-07 14:06 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\NCH Software
2013-05-19 22:37 - 2011-03-25 01:27 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\Real
2013-05-19 22:37 - 2011-03-14 17:30 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\ArcSoft
2013-05-19 22:37 - 2011-02-08 00:15 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\Downloaded Installations
2013-05-19 22:37 - 2011-02-08 00:15 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\Downloaded Installations
2013-05-19 22:37 - 2010-07-21 18:36 - 00000000 ___SD C:\Users\Horriblechild\Documents\My Shapes
2013-05-19 22:37 - 2010-05-09 23:16 - 00000000 ____D C:\ProgramData\Yahoo!
2013-05-19 22:37 - 2010-04-15 12:07 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\Apps\2.0
2013-05-19 22:37 - 2010-04-11 22:11 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\Foxit Software
2013-05-19 22:37 - 2010-03-25 22:53 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\Foxit
2013-05-19 22:37 - 2010-03-25 16:51 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-05-19 22:37 - 2010-03-25 16:30 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\Best_Buy®
2013-05-19 22:37 - 2010-03-25 16:30 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\Best_Buy®
2013-05-19 22:37 - 2010-03-25 16:28 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\VirtualStore
2013-05-19 22:37 - 2010-03-25 16:28 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\VirtualStore
2013-05-19 22:37 - 2010-01-14 19:24 - 00000000 ____D C:\ProgramData\Norton
2013-05-19 22:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-05-19 22:36 - 2013-05-09 00:29 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2013-05-19 22:36 - 2013-05-08 20:48 - 00000000 ____D C:\Program Files (x86)\Belkin
2013-05-19 22:36 - 2013-01-15 00:54 - 00000000 ____D C:\ProgramData\CyberLink
2013-05-19 22:36 - 2012-07-31 11:44 - 00000000 ____D C:\Program Files (x86)\IObit
2013-05-19 22:36 - 2012-06-01 03:03 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-05-19 22:36 - 2010-03-26 01:20 - 00000000 ____D C:\ProgramData\avg9
2013-05-19 22:36 - 2010-03-25 16:45 - 00000000 ____D C:\ProgramData\Apple Computer
2013-05-19 22:36 - 2010-03-25 16:44 - 00000000 ____D C:\ProgramData\Apple
2013-05-19 22:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-05-19 22:32 - 2013-05-10 05:59 - 00000000 ____D C:\Users\Horriblechild\workspace
2013-05-19 22:28 - 2013-05-13 03:47 - 00000000 ____D C:\Users\Horriblechild\Documents\Fax
2013-05-19 22:28 - 2013-01-16 00:03 - 00000000 ____D C:\Users\Horriblechild\Documents\Pinnacle VideoSpin
2013-05-19 22:28 - 2013-01-13 17:50 - 00000000 ____D C:\Users\Horriblechild\Documents\Android DEV
2013-05-19 22:27 - 2010-07-06 23:02 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\vlc
2013-05-19 22:26 - 2013-05-14 06:44 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\Malwarebytes
2013-05-19 22:26 - 2013-04-15 13:37 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\Samsung
2013-05-19 22:26 - 2013-01-15 01:11 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\GorMedia
2013-05-19 22:26 - 2012-07-31 11:44 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\IObit
2013-05-19 22:26 - 2010-03-28 21:27 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\OpenOffice.org
2013-05-19 22:26 - 2010-03-25 16:33 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\Adobe
2013-05-19 22:26 - 2010-03-25 16:28 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\Roxio
2013-05-19 22:25 - 2010-03-25 17:28 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\TOSHIBA_Corporation
2013-05-19 22:25 - 2010-03-25 17:28 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\TOSHIBA_Corporation
2013-05-19 22:25 - 2010-03-25 16:34 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\Mozilla
2013-05-19 22:25 - 2010-03-25 16:34 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\Mozilla
2013-05-19 22:23 - 2010-03-29 19:07 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\Microsoft Games
2013-05-19 22:23 - 2010-03-29 19:07 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\Microsoft Games
2013-05-19 22:22 - 2010-03-25 23:11 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\Google
2013-05-19 22:22 - 2010-03-25 23:11 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\Google
2013-05-19 22:21 - 2013-05-14 06:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-19 22:21 - 2013-05-09 10:16 - 00000000 ____D C:\ProgramData\VS
2013-05-19 22:21 - 2013-04-18 22:58 - 00000000 ____D C:\ProgramData\Caphyon
2013-05-19 22:21 - 2013-04-13 06:58 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\Box Sync
2013-05-19 22:21 - 2013-04-13 06:58 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\Box Sync
2013-05-19 22:21 - 2013-01-16 01:06 - 00000000 ____D C:\ProgramData\APN
2013-05-19 22:21 - 2011-05-19 22:02 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\doubleTwist Corporation
2013-05-19 22:21 - 2011-05-19 22:02 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\doubleTwist Corporation
2013-05-19 22:21 - 2011-03-25 01:27 - 00000000 ____D C:\ProgramData\Real
2013-05-19 22:21 - 2011-03-14 17:30 - 00000000 ____D C:\ProgramData\ArcSoft
2013-05-19 22:21 - 2010-03-25 18:04 - 00000000 ____D C:\ProgramData\X-Setup Pro
2013-05-19 22:21 - 2010-01-14 19:24 - 00000000 ____D C:\ProgramData\Uninstall
2013-05-19 22:21 - 2010-01-14 19:23 - 00000000 ____D C:\ProgramData\InstallShield
2013-05-19 22:21 - 2009-12-11 22:27 - 00000000 ____D C:\ProgramData\Adobe
2013-05-19 22:21 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2013-05-19 22:20 - 2013-03-13 23:27 - 00000000 ____D C:\Program Files (x86)\share
2013-05-17 23:23 - 2013-05-17 23:23 - 00000000 ____D C:\Users\Public\Recorded TV
2013-05-17 02:21 - 2013-05-17 02:21 - 00000000 ___AH C:\Users\Horriblechild\Documents\Default.rdp
2013-05-16 14:24 - 2013-04-18 22:57 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-05-16 14:23 - 2013-04-18 22:56 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\.spotflux
2013-05-16 13:31 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-05-16 13:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-05-16 13:25 - 2010-07-21 18:35 - 00000039 ____A C:\Windows\vbaddin.ini
2013-05-16 13:25 - 2010-01-14 18:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-16 13:20 - 2010-04-11 11:06 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-16 12:24 - 2013-05-16 12:23 - 11332176 ____A C:\Users\Horriblechild\Downloads\commandsindemand.zip
2013-05-16 07:27 - 2013-05-16 07:27 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-05-16 07:26 - 2013-05-16 07:26 - 01138397 ____A C:\Users\Horriblechild\Downloads\7z922.exe
2013-05-16 07:13 - 2010-07-06 23:08 - 00000000 ____D C:\ProgramData\WinZip
2013-05-16 05:47 - 2013-05-16 05:46 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\{504BBA30-1B55-47FA-B0DF-A2B5FCDD0067}
2013-05-16 05:47 - 2013-05-16 05:46 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\{504BBA30-1B55-47FA-B0DF-A2B5FCDD0067}
2013-05-16 05:10 - 2013-05-11 13:35 - 00000000 ____D C:\Program Files (x86)\netcut
2013-05-16 04:38 - 2013-05-10 06:57 - 00338944 __ASH C:\Users\Horriblechild\Downloads\Thumbs.db
2013-05-15 22:37 - 2011-05-03 20:10 - 00000000 ___HD C:\Program Files (x86)\InstallJammer Registry
2013-05-15 22:37 - 2010-05-14 11:57 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-05-14 15:51 - 2013-05-14 15:51 - 00059438 ____A C:\Users\Horriblechild\Downloads\user.conf
2013-05-14 04:08 - 2013-05-14 04:08 - 00000000 ____D C:\ProgramData\Sophos
2013-05-14 04:08 - 2013-05-14 04:08 - 00000000 ____D C:\Program Files (x86)\Sophos
2013-05-13 01:24 - 2013-05-13 01:23 - 00000000 ____D C:\Users\Horriblechild\Documents\Ubuntu
2013-05-11 16:21 - 2013-05-11 16:21 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\{BD1B3AE4-1289-418F-A2C8-16DE3FB00855}
2013-05-11 16:21 - 2013-05-11 16:21 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\{BD1B3AE4-1289-418F-A2C8-16DE3FB00855}
2013-05-11 16:20 - 2013-05-11 16:20 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\{D236304E-687C-4E18-9F39-445298A69B3E}
2013-05-11 16:20 - 2013-05-11 16:20 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\{D236304E-687C-4E18-9F39-445298A69B3E}
2013-05-11 13:18 - 2013-05-11 13:18 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\{2D2243FD-07A2-4EF6-BD6C-891F4C6A4444}
2013-05-11 13:18 - 2013-05-11 13:18 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\{2D2243FD-07A2-4EF6-BD6C-891F4C6A4444}
2013-05-10 06:49 - 2013-05-10 06:49 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\{3B11CD6D-E755-4CB6-AD31-B978F4EF96F1}
2013-05-10 06:49 - 2013-05-10 06:49 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\{3B11CD6D-E755-4CB6-AD31-B978F4EF96F1}
2013-05-10 05:34 - 2013-01-18 00:21 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\avidemux
2013-05-10 05:12 - 2013-01-18 06:55 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\MotionDSP
2013-05-10 05:12 - 2013-01-18 06:55 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\MotionDSP
2013-05-10 05:12 - 2013-01-18 06:55 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\MotionDSP
2013-05-09 18:17 - 2013-05-09 18:16 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\{49BA11AE-C54A-4DA8-8DB9-9DB674AF7BF7}
2013-05-09 18:17 - 2013-05-09 18:16 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\{49BA11AE-C54A-4DA8-8DB9-9DB674AF7BF7}
2013-05-09 15:20 - 2013-05-09 13:23 - 00000258 _RASH C:\ProgramData\ntuser.pol
2013-05-09 13:23 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2013-05-09 12:08 - 2013-05-09 12:08 - 00000000 ____D C:\Users\Horriblechild\Local Settings\Application Data\DevelopmentStorage
2013-05-09 12:08 - 2013-05-09 12:08 - 00000000 ____D C:\Users\Horriblechild\AppData\Local\DevelopmentStorage
2013-05-09 11:18 - 2013-05-09 11:17 - 00000000 ____D C:\Program Files (x86)\Windows Azure Tools
2013-05-09 10:52 - 2013-05-09 00:29 - 00000000 ____D C:\Program Files (x86)\IIS Express
2013-05-09 10:51 - 2013-05-09 10:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2013-05-09 10:46 - 2013-05-09 10:46 - 00000000 ____D C:\Program Files\Microsoft SDKs
2013-05-09 10:45 - 2013-05-09 10:45 - 00000000 ____D C:\Program Files (x86)\iisnode-dev
2013-05-09 10:44 - 2013-05-09 10:44 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\npm
2013-05-09 10:40 - 2013-05-09 10:40 - 00000000 ____D C:\Program Files\runphp
2013-05-09 10:39 - 2013-05-09 10:39 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2013-05-09 10:36 - 2013-05-09 00:28 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2013-05-09 10:28 - 2013-05-09 10:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2013-05-09 10:28 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-05-09 10:27 - 2013-05-09 10:27 - 00000000 ____D C:\Windows\symbols
2013-05-09 10:26 - 2009-12-11 22:34 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-05-09 10:11 - 2013-05-09 10:11 - 00518963 ____A C:\Users\Horriblechild\Downloads\evan.rodriguez.923
2013-05-09 10:11 - 2013-05-09 00:30 - 00000000 ____D C:\Program Files (x86)\IIS
2013-05-09 10:06 - 2013-05-09 10:06 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 10.0
2013-05-09 10:06 - 2013-05-09 10:06 - 00000000 ____D C:\Program Files\Microsoft Help Viewer
2013-05-09 10:01 - 2013-05-09 10:01 - 00000000 ____D C:\Windows\System32\RsFx
2013-05-09 10:01 - 2013-05-09 00:29 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2013-05-09 10:00 - 2013-05-09 10:00 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 9.0
2013-05-09 10:00 - 2013-05-09 10:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2013-05-09 09:58 - 2013-05-09 00:29 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2013-05-09 01:55 - 2013-05-09 00:27 - 00773782 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-05-09 00:32 - 2013-05-09 00:32 - 00000000 ____D C:\Users\Horriblechild\Documents\My Web Sites
2013-05-09 00:32 - 2013-05-09 00:32 - 00000000 ____D C:\Users\Horriblechild\AppData\Roaming\Microsoft Corporation
2013-05-09 00:32 - 2013-05-09 00:31 - 00000000 ____D C:\Program Files (x86)\Microsoft WebMatrix
2013-05-09 00:31 - 2013-05-09 00:31 - 00000000 ____D C:\Windows\SysWOW64\1033
2013-05-09 00:31 - 2013-05-09 00:31 - 00000000 ____D C:\Windows\System32\1033
2013-05-09 00:30 - 2013-05-09 00:30 - 00000000 ____D C:\Program Files\IIS
2013-05-09 00:30 - 2013-05-09 00:30 - 00000000 ____D C:\Program Files (x86)\MySQL
2013-05-09 00:30 - 2013-05-09 00:29 - 00000000 ____D C:\Program Files\IIS Express
2013-05-09 00:29 - 2013-05-09 00:29 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-05-08 21:22 - 2013-05-08 21:22 - 00000000 ____D C:\ProgramData\Belkin
2013-05-06 05:39 - 2013-05-16 05:25 - 09060352 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-06 05:04 - 2013-05-16 05:25 - 06033408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 15%
Total physical RAM: 4030.85 MB
Available physical RAM: 3386.98 MB
Total Pagefile: 4029 MB
Available Pagefile: 3367.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive e: () (CDROM) (Total:0.69 GB) (Free:0.28 GB) UDF
Drive f: (Kingston 1.87GB) (Removable) (Total:1.87 GB) (Free:0.88 GB) NTFS (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 31AC024B)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=17)
 
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=07 NTFS)
 
 
Last Boot: 2013-05-15 17:06
 
==================== End Of Log ============================


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:10 PM

Posted 03 June 2013 - 12:26 PM


Hello horriblechild

Don't see anything in there, I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 horriblechild

horriblechild
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 03 June 2013 - 10:44 PM

I downloaded both programs using the links that you had in your instructions,

but I couldn't run them at all.  As soon as they got to the desktop, they had the install shield icon

and when i tried to run them it says I don't have sufficient access, or the path is missing,

 

SO, I switched to safe mode with networking.

I ran tdss, changed parameters, and when it rebooted it came up in normal mode, and tdss did not run.

I went back to safe mode, and when i opened tdss, the parameters were back to default, I selected all of them, starting at the bottom,

and when i got to loaded modules, it did the auto reboot, and i forced it into safe mode, and again, nothing was different from default.

 

I ran tdss> It did not detect anything. 0 threats found.

 

I ran RogueKillerx64 (still in safe mode): i accepted the eula, and hit scan.

then delete, then report.

 

I booted into normalmode, everthing still seems locked down.

 

 

Here's the report:

 

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Horriblechild [Admin rights]
Mode : Remove -- Date : 06/03/2013 20:33:08
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : A3903C60-9366-4737-8B45-71491B09DF1B (cmd.exe /C start /D "C:\windows\TEMP" /B A3903C60-9366-4737-8B45-71491B09DF1B.exe -activeimages -postboot) [x] -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : B33350DC-9B6B-4255-8F8B-3CA0E980ED74 (cmd.exe /C start /D "C:\windows\TEMP" /B B33350DC-9B6B-4255-8F8B-3CA0E980ED74.exe -activeimages -postboot) [x] -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : 5F908E55-D299-4725-B554-633D4A7A9E8A (cmd.exe /C start /D "C:\windows\TEMP" /B 5F908E55-D299-4725-B554-633D4A7A9E8A.exe -activeimages -postboot) [x] -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED] ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++
--- User ---
[MBR] b5507210a52889c2c7446b54eadae934
[BSP] 243743416e46f951508ec056ff5df4eb : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 464784 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 954951680 | Size: 10655 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: Ricoh SD Disk Device +++++
--- User ---
[MBR] 6cbf5e4b95344426554bdef91cd16b2e
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 133 | Size: 946 Mo
Error reading LL1 MBR!
Error reading LL2 MBR!
 
+++++ PhysicalDrive2: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] 7397b0b655afc60943b0dc342da20754
[BSP] ef3177ea6997481f5647d45aa222b26f : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 8064 | Size: 1915 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
 
Finished : << RKreport[2]_D_06032013_02d2033.txt >>
RKreport[1]_S_06032013_02d2031.txt ; RKreport[2]_D_06032013_02d2033.txt


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:10 PM

Posted 03 June 2013 - 11:10 PM




Hello horriblechild

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • •Internet access
    •Windows Update
    •Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
When you are complete please send me both reports

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 horriblechild

horriblechild
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 04 June 2013 - 12:19 AM

I downloaded the programs, and once again i had to go into safe mode to launch them.

 

MBAR updated succesfully, once the scan finished, it said no malware found/ no threats detected.

 

I ran ASW(still in safe mode),

it ran an update from Avast,

and then i did a quick scan. (log attached below)

 

I booted into normal mode, lock icons and install shield icons are still everywhere.

 

here's the log from ASW:

 

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-03 21:44:35
-----------------------------
21:44:35.432    OS Version: Windows x64 6.1.7601 Service Pack 1
21:44:35.432    Number of processors: 8 586 0x1E05
21:44:35.432    ComputerName: HORRIBLELAPTOP  UserName: Horriblechild
21:44:37.148    Initialize success
21:45:30.453    AVAST engine defs: 13060302
21:47:01.979    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:47:01.994    Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
21:47:01.994    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000082
21:47:01.994    Disk 1 Vendor: RICOH 01 Size: 946MB BusType: 0
21:47:02.119    Disk 0 MBR read successfully
21:47:02.119    Disk 0 MBR scan
21:47:02.150    Disk 0 Windows VISTA default MBR code
21:47:02.166    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
21:47:02.181    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       464784 MB offset 3074048
21:47:02.213    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS        10655 MB offset 954951680
21:47:02.369    Disk 0 scanning C:\windows\system32\drivers
21:47:13.819    Service scanning
21:47:51.649    Modules scanning
21:47:51.649    Disk 0 trace - called modules:
21:47:51.680    ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys ACPI.sys iaStor.sys hal.dll 
21:47:51.696    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005b59060]
21:47:51.712    3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8005ad7710]
21:47:51.712    5 thpdrv.sys[fffff88001b37cc0] -> nt!IofCallDriver -> [0xfffffa80058d14a0]
21:47:51.712    7 ACPI.sys[fffff88000f077a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80058d4050]
21:47:52.710    AVAST engine scan C:\windows
21:47:55.627    AVAST engine scan C:\windows\system32
21:52:43.432    AVAST engine scan C:\windows\system32\drivers
21:53:09.125    AVAST engine scan C:\Users\Horriblechild
22:05:58.737    AVAST engine scan C:\ProgramData
22:08:32.319    Scan finished successfully
22:11:56.789    Disk 0 MBR has been saved successfully to "C:\Users\Horriblechild\Desktop\MBR.dat"
22:11:56.789    The log file has been saved successfully to "C:\Users\Horriblechild\Desktop\aswMBR.txt"


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:10 PM

Posted 04 June 2013 - 10:12 AM




HitmanPro

  • Please download HitmanPro.
  • Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).
  • Click on the next button. You must agree with the terms of EULA.
  • Check the box beside "No, I only want to perform a one-time scan to check this computer".
  • Click on the next button.
  • The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
  • When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
  • Click on the next button.
  • Click on the "Export scan results to XML file".
  • Save that file to your desktop and zip and attach it in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 horriblechild

horriblechild
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 04 June 2013 - 06:31 PM

I downloaded the program, but again i couldn't run it.,

So, I ran it in safe mode.

 

I clicked the drop down and selected ignore apply to all.

but when i got to the results page, there was no option to export to xml.

 

I saved the .log file, and i zipped it for you, I think.

Im not sure if it worked or not.



#11 horriblechild

horriblechild
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 04 June 2013 - 06:32 PM

Here's the log.

I zipped it with 7zip.

Attached Files



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:10 PM

Posted 04 June 2013 - 08:01 PM


HitmanPro



  • Please download HitmanPro.







  • Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).
  • Click on the next button. You must agree with the terms of EULA.
  • Check the box beside "No, I only want to perform a one-time scan to check this computer".
  • Click on the next button.
  • The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
  • When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => delete
  • Click on the next button.
  • Click on the "activate free license".and click on OK
  • Click on the next button.
  • Click on the next button.
  • Click on the reboot button.
  • now come back and let me know how things are doing




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 horriblechild

horriblechild
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 04 June 2013 - 11:00 PM

I ran HitmanPro, i set APPLY to ALL to delete.

when it finished it said that malware had been PARTIALLY removed, and to reboot to finish.

When I reooted, I had a strange text screen(kinda like a dos window, but out of focus) that said:

 

#1 fail clarobot...   the message disappeared pretty quick.

 

The system still has locks everywhere.

 

Here's the XML log.

 

 

Attached Files



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:10 PM

Posted 05 June 2013 - 10:36 AM




Download Windows Repair (all in one) from here.

Install the program then run



Go to step 3 and allow it to run SFC
waio%20step3.JPG


On the start repairs tab click start
waiostart%20rep.JPG

Select the following items and tick restart system when finished

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair Hosts File
Remove Policies Set By Infections
Repair Missing Start menu Icons
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Set windows Services To Default
Repair MSI (windows Installer)
Repair File Associations
Repair windows Safe mode

After that come back and tell me if that has made a difference.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 horriblechild

horriblechild
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 05 June 2013 - 04:41 PM

Did you know there was a broken link in your latest directions?

 

I downloaded the program, and as soon as i extracted it, it locked itself and wouldn't let me run it.

 

I went to safe mode, and when i launched the tool,

it gave me a warning:  "SAFE MODE DETECTED- some repairs may not work correctly.

 

i did step 3, and it said to reboot afterwords, so I did.  I let it come up into a normal windows boot, and it let me run the tool from a thumb drive.

I ran it, checking all the boxes you listed, and unchecking the ones that weren't listed, and i checked the box for it to restart when it finished.

 

When the tool finished, it's window closed, but the computer did not restart..

I restarted it manually.

 

The system looks the same.  Still locks everywhere.

Here's the log:

 

 

Starting Repairs...
   Start (6/5/2013 2:13:43 PM)
 
Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (6/5/2013 2:13:43 PM)
   Running Repair Under Current User Account
   Done (6/5/2013 2:13:45 PM)
 
Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (6/5/2013 2:13:46 PM)
   Running Repair Under System Account
   Done (6/5/2013 2:13:48 PM)
 
Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (6/5/2013 2:13:48 PM)
   Running Repair Under System Account
   Done (6/5/2013 2:13:51 PM)
 
Reset File Permissions 01/16
   C:\1cfba417ab6f2e26da48add45b & Sub Folders
   Start (6/5/2013 2:13:51 PM)
   Running Repair Under System Account
   Done (6/5/2013 2:13:53 PM)
 
Reset File Permissions 02/16
   C:\2ca21cb614301cf16965fd7f3e & Sub Folders
   Start (6/5/2013 2:13:53 PM)
   Running Repair Under System Account
   Done (6/5/2013 2:13:56 PM)
 
Reset File Permissions 03/16
   C:\AI_RecycleBin & Sub Folders
   Start (6/5/2013 2:13:56 PM)
   Running Repair Under System Account
   Done (6/5/2013 2:13:58 PM)
 
Reset File Permissions 04/16
   C:\Boot & Sub Folders
   Start (6/5/2013 2:13:58 PM)
   Running Repair Under System Account
   Done (6/5/2013 2:14:01 PM)
 
Reset File Permissions 05/16
   C:\Config.Msi & Sub Folders
   Start (6/5/2013 2:14:01 PM)
   Running Repair Under System Account
   Done (6/5/2013 2:14:04 PM)
 
Reset File Permissions 06/16
   C:\e0984a56c22013057e & Sub Folders
   Start (6/5/2013 2:14:04 PM)
   Running Repair Under System Account
   Done (6/5/2013 2:14:06 PM)
 
Reset File Permissions 07/16
   C:\found.000 & Sub Folders
   Start (6/5/2013 2:14:06 PM)
   Running Repair Under System Account
   Done (6/5/2013 2:14:09 PM)
 
Reset File Permissions 08/16
   C:\FRST & Sub Folders
   Start (6/5/2013 2:14:09 PM)
   Running Repair Under System Account
   Done (6/5/2013 2:14:11 PM)
 
Reset File Permissions 09/16
   C:\Installed by Me & Sub Folders
   Start (6/5/2013 2:14:11 PM)
   Running Repair Under System Account
   Done (6/5/2013 2:14:14 PM)
 
Reset File Permissions 10/16
   C:\MSOCache & Sub Folders
   Start (6/5/2013 2:14:14 PM)
   Running Repair Under System Account
   Done (6/5/2013 2:14:16 PM)
 
Reset File Permissions 11/16
   C:\PFiles & Sub Folders
   Start (6/5/2013 2:14:16 PM)
   Running Repair Under System Account
   Done (6/5/2013 2:14:19 PM)
 
Reset File Permissions 12/16
   C:\Program Files & Sub Folders
   Start (6/5/2013 2:14:19 PM)
   Running Repair Under System Account
   Done (6/5/2013 2:14:21 PM)
 
Reset File Permissions 13/16
   C:\Program Files (x86) & Sub Folders
   Start (6/5/2013 2:14:22 PM)
   Running Repair Under System Account
   Done (6/5/2013 2:14:24 PM)
 
Reset File Permissions 14/16
   C:\ProgramData & Sub Folders
   Start (6/5/2013 2:14:24 PM)
   Running Repair Under System Account
   Done (6/5/2013 2:14:27 PM)
 
Reset File Permissions 15/16
   C:\Qoobox & Sub Folders
   Start (6/5/2013 2:14:27 PM)
   Running Repair Under System Account
   Done (6/5/2013 2:14:29 PM)
 
Reset File Permissions 16/16
   C:\Windows & Sub Folders
   Start (6/5/2013 2:14:29 PM)
   Running Repair Under System Account
   Done (6/5/2013 2:14:32 PM)
 
Reset File Permissions: Cleanup
    & Sub Folders
   Start (6/5/2013 2:14:32 PM)
   Running Repair Under System Account
   Done (6/5/2013 2:14:34 PM)
 
Register System Files
   Start (6/5/2013 2:14:34 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/5/2013 2:14:39 PM)
 
Repair WMI
   Start (6/5/2013 2:14:39 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/5/2013 2:14:44 PM)
 
Repair Windows Firewall
   Start (6/5/2013 2:14:44 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/5/2013 2:14:49 PM)
 
Repair Internet Explorer
   Start (6/5/2013 2:14:49 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/5/2013 2:14:53 PM)
 
Repair Hosts File
   Start (6/5/2013 2:14:54 PM)
   Running Repair Under System Account
   Done (6/5/2013 2:14:56 PM)
 
Remove Policies Set By Infections
   Start (6/5/2013 2:14:56 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/5/2013 2:15:01 PM)
 
Repair Missing Start Menu Icons Removed By Infections
   Start (6/5/2013 2:15:01 PM)
   Running Repair Under System Account
   Done (6/5/2013 2:15:03 PM)
 
Repair Icons
   Start (6/5/2013 2:15:03 PM)
   Running Repair Under System Account
   Done (6/5/2013 2:15:06 PM)
 
Repair Winsock & DNS Cache
   Start (6/5/2013 2:15:06 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/5/2013 2:15:10 PM)
 
Remove Temp Files
   Start (6/5/2013 2:15:11 PM)
   Running Repair Under System Account
   Done (6/5/2013 2:15:13 PM)
 
Repair Proxy Settings
   Start (6/5/2013 2:15:13 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/5/2013 2:15:18 PM)
 
Unhide Non System Files
   Start (6/5/2013 2:15:18 PM)
   C:\ - Total Files Unhidden: 869
   Done (6/5/2013 2:27:42 PM)
 
Repair Windows Updates
   Start (6/5/2013 2:27:43 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/5/2013 2:27:47 PM)
 
Repair MSI (Windows Installer)
   Start (6/5/2013 2:27:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/5/2013 2:27:52 PM)
 
Repair bat Association
   Start (6/5/2013 2:27:52 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/5/2013 2:27:57 PM)
 
Repair cmd Association
   Start (6/5/2013 2:27:57 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/5/2013 2:28:02 PM)
 
Repair com Association
   Start (6/5/2013 2:28:02 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/5/2013 2:28:07 PM)
 
Repair Directory Association
   Start (6/5/2013 2:28:07 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/5/2013 2:28:11 PM)
 
Repair Drive Association
   Start (6/5/2013 2:28:11 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/5/2013 2:28:16 PM)
 
Repair exe Association
   Start (6/5/2013 2:28:16 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/5/2013 2:28:21 PM)
 
Repair Folder Association
   Start (6/5/2013 2:28:21 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/5/2013 2:28:26 PM)
 
Repair inf Association
   Start (6/5/2013 2:28:26 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/5/2013 2:28:30 PM)
 
Repair lnk (Shortcuts) Association
   Start (6/5/2013 2:28:31 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/5/2013 2:28:35 PM)
 
Repair msc Association
   Start (6/5/2013 2:28:35 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/5/2013 2:28:40 PM)
 
Repair reg Association
   Start (6/5/2013 2:28:40 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/5/2013 2:28:45 PM)
 
Repair scr Association
   Start (6/5/2013 2:28:45 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/5/2013 2:28:50 PM)
 
Repair Windows Safe Mode
   Start (6/5/2013 2:28:50 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/5/2013 2:28:54 PM)
 
Repair Print Spooler
   Start (6/5/2013 2:28:55 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/5/2013 2:28:59 PM)
 
Restore Important Windows Services
   Start (6/5/2013 2:28:59 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/5/2013 2:29:04 PM)
 
Set Windows Services To Default Startup
   Start (6/5/2013 2:29:04 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/5/2013 2:29:09 PM)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done (6/5/2013 2:29:09 PM)
   Total Repair Time: 00:15:26
 
 
...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under System Account





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users