Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI virus


  • This topic is locked This topic is locked
12 replies to this topic

#1 dirtywaterdesign

dirtywaterdesign

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 22 August 2013 - 02:29 PM

Let me know if there is anything else needed!

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013 02
Ran by SYSTEM on 22-08-2013 12:21:59
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11075176 2010-07-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [92968 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [IntelWirelessWiMAX] - C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1449984 2010-09-01] (Intel® Corporation)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4156 2010-04-16] ()
HKLM\...\Run: [THXCfg64] - C:\Windows\system32\THXCfg64.dll [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [Setwallpaper] - c:\programdata\SetWallpaper.cmd [x]
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] - C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [ASUS Screen Saver Protector] - C:\Windows\AsScrPro.exe [3058304 2011-03-17] (ASUS)
HKLM-x32\...\Run: [THX TruStudio NB Settings] - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [905216 2010-09-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [CPMonitor] - C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe [84464 2010-10-15] ()
HKLM-x32\...\Run: [SessionLogon] - C:\ExpressGateUtil\SessionLogon.exe [x]
HKLM-x32\...\Run: [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-12] ()
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [Carbonite Backup] - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1066504 2013-06-13] (Carbonite, Inc.)
HKU\user\...\Run: [AdobeBridge] -  [x]
HKU\user\...\Run: [Hudl Mercury] - C:\Program Files (x86)\Hudl Mercury\HudlMercury.exe [3395736 2013-06-13] (Agile Sports Technologies)
HKU\user\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKU\user\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKU\user\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.)
HKU\user\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\user\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-04-05] ()
HKU\user\...\Run: [GoogleDriveSync] - "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [x]
HKU\user\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [825808 2013-05-28] (Google Inc.)
HKU\user\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-08-11] (Google Inc.)
HKU\user\...\Run: [Creative Tech Update] - C:\Users\user\AppData\Local\Creative Tech\idqbe32.dll [536576 2013-08-17] ()
HKU\user\...\Run: [Adobe CSS5.1 Manager] - C:\Users\user\AppData\Local\6aaa808b-7eaf-45ee-923f-c91c42a93278ad\aaabeafeefccaad.exe [118784 2013-08-20] () <===== ATTENTION
HKU\user\...\Winlogon: [Shell] explorer.exe,C:\Users\user\AppData\Roaming\skype.dat [163840 2013-07-08] (SmartWall Software Int) <==== ATTENTION
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Services (Whitelisted) =================

S2 Carbonite-Mirror-Image-Svc; C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe [6443072 2013-04-18] (Carbonite, Inc.)
S2 KjsUpdateService2; C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe [12800 2011-08-03] (Kinetic Jump Software, LLC)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [120592 2013-05-22] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [384048 2013-02-25] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-20] ()

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [81984 2010-10-28] (Fresco Logic)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-07-28] (CACE Technologies, Inc.)
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
S3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-22 09:21 - 2013-08-22 09:21 - 00000000 __SHD C:\found.001
2013-08-20 20:19 - 2013-08-20 20:19 - 00000000 __SHD C:\found.000
2013-08-20 17:32 - 2013-08-22 09:07 - 00000004 _____ C:\Users\user\AppData\Roaming\skype.ini
2013-08-20 17:29 - 2013-08-20 17:52 - 00000326 ____H C:\Windows\Tasks\{5F8777A3-4037-44DB-8151-4AFEE1F266D4}.job
2013-08-20 17:29 - 2013-08-20 17:29 - 00003066 _____ C:\Windows\System32\Tasks\{5F8777A3-4037-44DB-8151-4AFEE1F266D4}
2013-08-20 17:29 - 2013-08-20 17:29 - 00000767 _____ C:\Users\user\Desktop\Internet Security 2013.lnk
2013-08-20 17:29 - 2013-08-20 17:29 - 00000000 ____D C:\Users\user\AppData\Local\6aaa808b-7eaf-45ee-923f-c91c42a93278ad
2013-08-20 17:28 - 2013-08-20 17:28 - 00163840 _____ (SmartWall Software Int) C:\Users\user\flashplayer.exe
2013-08-20 17:28 - 2013-08-20 17:28 - 00000000 _____ C:\Users\user\firefox.exe
2013-08-20 17:28 - 2013-08-20 17:28 - 00000000 _____ C:\Users\user\acrobatreader.exe
2013-08-20 13:38 - 2013-08-20 13:38 - 00000000 ____D C:\Users\user\Desktop\Job_124073
2013-08-20 13:37 - 2013-08-20 13:38 - 08411359 _____ C:\Users\user\Desktop\Job_124073.zip
2013-08-18 19:27 - 2013-08-18 19:27 - 00000000 _____ C:\Users\user\chrome.exe
2013-08-18 19:27 - 2013-08-18 19:27 - 00000000 _____ C:\Users\user\acrobat.exe
2013-08-18 18:37 - 2013-08-18 18:37 - 00000000 _____ C:\Users\user\vlcplayer.exe
2013-08-18 18:37 - 2013-08-18 18:37 - 00000000 _____ C:\Users\user\spoolsv.exe
2013-08-18 18:37 - 2013-08-18 18:37 - 00000000 _____ C:\Users\user\opera.exe
2013-08-18 18:37 - 2013-08-18 18:37 - 00000000 _____ C:\Users\user\msconfig.exe
2013-08-17 10:41 - 2013-08-17 10:42 - 00000000 ____D C:\Users\user\Desktop\yellow jacketjpg
2013-08-17 09:51 - 2013-08-17 11:04 - 00000000 ____D C:\Users\user\AppData\Local\Creative Tech
2013-08-15 15:11 - 2013-08-15 15:11 - 00002134 _____ C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2013-08-14 18:01 - 2013-08-14 18:01 - 34475458 _____ C:\Users\user\Desktop\football.psd
2013-08-14 17:55 - 2013-07-25 21:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-14 17:55 - 2013-07-25 21:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-14 17:55 - 2013-07-25 21:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-14 17:55 - 2013-07-25 21:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-14 17:55 - 2013-07-25 21:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-14 17:55 - 2013-07-25 21:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-14 17:55 - 2013-07-25 21:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-14 17:55 - 2013-07-25 21:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-14 17:55 - 2013-07-25 21:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-14 17:55 - 2013-07-25 21:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-14 17:55 - 2013-07-25 21:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-14 17:55 - 2013-07-25 21:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-14 17:55 - 2013-07-25 21:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-14 17:55 - 2013-07-25 21:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-14 17:55 - 2013-07-25 19:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-14 17:55 - 2013-07-25 19:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 17:55 - 2013-07-25 19:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 17:55 - 2013-07-25 19:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 17:55 - 2013-07-25 19:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 17:55 - 2013-07-25 19:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 17:55 - 2013-07-25 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 17:55 - 2013-07-25 19:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 17:55 - 2013-07-25 19:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 17:55 - 2013-07-25 19:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 17:55 - 2013-07-25 19:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 17:55 - 2013-07-25 19:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 17:55 - 2013-07-25 19:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 17:55 - 2013-07-25 19:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 17:55 - 2013-07-25 18:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 17:55 - 2013-07-25 18:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-14 17:55 - 2013-07-25 17:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 17:43 - 2013-08-14 17:44 - 27253370 _____ C:\Users\user\Downloads\img3209_1.psd
2013-08-13 17:14 - 2013-07-08 21:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-13 17:14 - 2013-07-08 21:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-13 17:14 - 2013-07-08 21:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-13 17:14 - 2013-07-08 21:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-13 17:14 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-13 17:14 - 2013-07-08 20:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-13 17:14 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-13 17:14 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-13 17:14 - 2013-07-05 22:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-13 17:13 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-13 17:13 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-13 17:13 - 2013-07-18 17:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-13 17:13 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-13 17:13 - 2013-07-08 22:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-13 17:13 - 2013-07-08 21:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-08-13 17:13 - 2013-07-08 21:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-08-13 17:13 - 2013-07-08 21:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-13 17:13 - 2013-07-08 21:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-13 17:13 - 2013-07-08 21:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-13 17:13 - 2013-07-08 20:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-13 17:13 - 2013-07-08 20:53 - 00163840 _____ (SmartWall Software Int) C:\Users\user\AppData\Roaming\skype.dat
2013-08-13 17:13 - 2013-07-08 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-13 17:13 - 2013-07-08 20:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-13 17:13 - 2013-07-08 18:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-13 17:12 - 2013-07-08 18:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-13 17:12 - 2013-07-08 18:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-13 17:12 - 2013-07-08 18:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-13 17:12 - 2013-06-14 20:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-08-11 18:50 - 2013-08-12 18:20 - 00002872 _____ C:\Windows\System32\TmInstall.log
2013-08-11 18:50 - 2013-08-11 18:50 - 00004280 _____ C:\Windows\SysWOW64\TmInstall.log
2013-08-11 17:34 - 2013-08-11 17:34 - 07390146 _____ C:\Users\user\Downloads\file1.cr2
2013-08-11 14:41 - 2013-08-11 14:46 - 00000000 ____D C:\Users\user\AppData\Roaming\Google
2013-08-11 14:40 - 2013-08-11 14:41 - 00000000 ____D C:\ProgramData\Google
2013-08-06 18:19 - 2013-05-02 01:06 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-08-06 18:11 - 2013-08-22 09:10 - 00001830 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2013-08-06 18:10 - 2013-08-06 18:10 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-08-06 18:10 - 2013-08-06 18:10 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2013-08-06 18:10 - 2013-02-19 12:59 - 00070112 _____ (McAfee, Inc.) C:\Windows\System32\Drivers\cfwids.sys
2013-08-06 18:10 - 2013-02-19 12:55 - 00106552 _____ (McAfee, Inc.) C:\Windows\System32\Drivers\mferkdet.sys
2013-08-06 18:10 - 2013-02-19 12:55 - 00010728 _____ (McAfee, Inc.) C:\Windows\System32\Drivers\mfeclnk.sys
2013-08-06 18:10 - 2013-02-19 12:53 - 00515968 _____ (McAfee, Inc.) C:\Windows\System32\Drivers\mfefirek.sys
2013-08-06 18:10 - 2013-02-19 12:53 - 00309840 _____ (McAfee, Inc.) C:\Windows\System32\Drivers\mfeavfk.sys
2013-08-06 18:10 - 2012-04-20 15:40 - 00196440 _____ (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys
2013-08-06 18:09 - 2013-08-20 17:52 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-08-06 18:09 - 2013-08-10 13:45 - 00000000 ____D C:\Program Files\McAfee
2013-08-06 18:09 - 2013-08-06 18:09 - 00000000 ____D C:\Program Files\McAfee.com
2013-08-06 18:02 - 2013-02-19 12:56 - 00182752 _____ (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2013-08-06 17:16 - 2013-08-06 17:29 - 00000000 ____D C:\Program Files\stinger
2013-08-06 17:16 - 2013-08-06 17:16 - 00262144 _____ C:\Windows\System32\config\ELAM
2013-08-06 17:16 - 2013-08-06 17:16 - 00000000 ____D C:\Stinger_Quarantine
2013-08-05 17:38 - 2013-08-12 18:28 - 00000000 ____D C:\Program Files (x86)\Total Recall Software
2013-08-05 17:38 - 2013-08-05 17:38 - 00001202 _____ C:\Users\user\Desktop\Total Recall Data Recovery Software.lnk
2013-08-01 18:47 - 2013-08-01 18:47 - 21021771 _____ C:\Users\user\Desktop\videoFileNo74508.wmv
2013-08-01 18:45 - 2008-10-04 07:57 - 15161638 _____ C:\Users\user\Desktop\videoFileNo74508.flv
2013-08-01 18:44 - 2013-08-01 18:45 - 12151220 _____ C:\Users\user\Desktop\videoFileNo74437.flv.part
2013-08-01 18:44 - 2013-08-01 18:44 - 00000002 ___SH C:\Users\user\AppData\Roaming\evf9
2013-08-01 18:40 - 2013-08-01 18:47 - 00000000 ____D C:\ZillaTube
2013-08-01 18:40 - 2013-08-01 18:40 - 00000620 _____ C:\Users\user\Desktop\ZillaTube.lnk
2013-08-01 18:40 - 2013-08-01 18:40 - 00000615 _____ C:\Users\user\Desktop\DemoHelp.lnk
2013-08-01 18:40 - 2013-08-01 18:40 - 00000591 _____ C:\Users\user\Desktop\HelpCHM.lnk
2013-08-01 18:39 - 2013-08-01 18:40 - 37872383 _____ C:\Users\user\Downloads\ZillaTubeSetup.exe
2013-07-31 21:45 - 2013-07-31 21:45 - 00084613 _____ C:\Users\user\Desktop\Staff Development smee.pptx
2013-07-30 18:07 - 2013-07-30 18:07 - 00000000 ____D C:\Program Files (x86)\Cricut-Craft Room
2013-07-24 13:47 - 2013-07-24 13:47 - 00061440 _____ C:\Users\user\Documents\BIRTHDAY.lbl

==================== One Month Modified Files and Folders =======

2013-08-22 12:21 - 2013-08-22 12:21 - 00000000 ____D C:\FRST
2013-08-22 09:21 - 2013-08-22 09:21 - 00000000 __SHD C:\found.001
2013-08-22 09:10 - 2013-08-06 18:11 - 00001830 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2013-08-22 09:09 - 2011-03-17 21:05 - 01134290 _____ C:\Windows\WindowsUpdate.log
2013-08-22 09:07 - 2013-08-20 17:32 - 00000004 _____ C:\Users\user\AppData\Roaming\skype.ini
2013-08-22 09:07 - 2011-03-17 22:03 - 00045056 _____ C:\Windows\System32\acovcnt.exe
2013-08-22 09:06 - 2012-08-26 19:36 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-22 09:06 - 2011-03-17 21:50 - 00000050 _____ C:\Windows\System32\SupplicantTest.log
2013-08-22 09:06 - 2011-03-17 21:43 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-22 09:05 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-22 09:05 - 2009-07-13 20:51 - 00085146 _____ C:\Windows\setupact.log
2013-08-22 09:04 - 2009-07-13 20:45 - 00010240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-22 09:04 - 2009-07-13 20:45 - 00010240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-20 20:19 - 2013-08-20 20:19 - 00000000 __SHD C:\found.000
2013-08-20 17:52 - 2013-08-20 17:29 - 00000326 ____H C:\Windows\Tasks\{5F8777A3-4037-44DB-8151-4AFEE1F266D4}.job
2013-08-20 17:52 - 2013-08-06 18:09 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-08-20 17:51 - 2011-03-17 21:27 - 00522668 _____ C:\Windows\PFRO.log
2013-08-20 17:29 - 2013-08-20 17:29 - 00003066 _____ C:\Windows\System32\Tasks\{5F8777A3-4037-44DB-8151-4AFEE1F266D4}
2013-08-20 17:29 - 2013-08-20 17:29 - 00000767 _____ C:\Users\user\Desktop\Internet Security 2013.lnk
2013-08-20 17:29 - 2013-08-20 17:29 - 00000000 ____D C:\Users\user\AppData\Local\6aaa808b-7eaf-45ee-923f-c91c42a93278ad
2013-08-20 17:28 - 2013-08-20 17:28 - 00163840 _____ (SmartWall Software Int) C:\Users\user\flashplayer.exe
2013-08-20 17:28 - 2013-08-20 17:28 - 00000000 _____ C:\Users\user\firefox.exe
2013-08-20 17:28 - 2013-08-20 17:28 - 00000000 _____ C:\Users\user\acrobatreader.exe
2013-08-20 17:20 - 2012-08-26 19:36 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-20 16:58 - 2012-08-26 19:35 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-20 15:57 - 2012-07-10 18:41 - 00097008 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-20 15:57 - 2009-07-13 20:45 - 04923352 _____ C:\Windows\System32\FNTCACHE.DAT
2013-08-20 13:38 - 2013-08-20 13:38 - 00000000 ____D C:\Users\user\Desktop\Job_124073
2013-08-20 13:38 - 2013-08-20 13:37 - 08411359 _____ C:\Users\user\Desktop\Job_124073.zip
2013-08-20 13:21 - 2009-07-13 21:08 - 00032592 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-18 19:27 - 2013-08-18 19:27 - 00000000 _____ C:\Users\user\chrome.exe
2013-08-18 19:27 - 2013-08-18 19:27 - 00000000 _____ C:\Users\user\acrobat.exe
2013-08-18 18:37 - 2013-08-18 18:37 - 00000000 _____ C:\Users\user\vlcplayer.exe
2013-08-18 18:37 - 2013-08-18 18:37 - 00000000 _____ C:\Users\user\spoolsv.exe
2013-08-18 18:37 - 2013-08-18 18:37 - 00000000 _____ C:\Users\user\opera.exe
2013-08-18 18:37 - 2013-08-18 18:37 - 00000000 _____ C:\Users\user\msconfig.exe
2013-08-17 11:04 - 2013-08-17 09:51 - 00000000 ____D C:\Users\user\AppData\Local\Creative Tech
2013-08-17 10:42 - 2013-08-17 10:41 - 00000000 ____D C:\Users\user\Desktop\yellow jacketjpg
2013-08-17 09:51 - 2012-12-03 07:31 - 00000000 ____D C:\Users\user\AppData\Local\{82DE7734-C61E-4139-824F-355BA749AE93}
2013-08-15 15:17 - 2013-02-23 06:39 - 00000000 ____D C:\Program Files\Carbonite
2013-08-15 15:11 - 2013-08-15 15:11 - 00002134 _____ C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2013-08-15 15:11 - 2013-02-23 06:39 - 00004140 _____ C:\Windows\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}
2013-08-15 15:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 13:58 - 2012-12-06 11:04 - 00000000 ____D C:\ProgramData\CCSTransfer
2013-08-14 18:01 - 2013-08-14 18:01 - 34475458 _____ C:\Users\user\Desktop\football.psd
2013-08-14 17:55 - 2012-08-20 05:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-14 17:51 - 2009-07-13 21:13 - 00808584 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-14 17:47 - 2013-07-15 02:09 - 00000000 ____D C:\Windows\System32\MRT
2013-08-14 17:44 - 2013-08-14 17:43 - 27253370 _____ C:\Users\user\Downloads\img3209_1.psd
2013-08-14 17:42 - 2012-10-27 20:11 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-08-14 17:41 - 2012-08-26 19:36 - 00000000 ____D C:\Users\user\AppData\Local\Google
2013-08-12 18:28 - 2013-08-05 17:38 - 00000000 ____D C:\Program Files (x86)\Total Recall Software
2013-08-12 18:20 - 2013-08-11 18:50 - 00002872 _____ C:\Windows\System32\TmInstall.log
2013-08-11 18:57 - 2013-01-28 10:41 - 00000000 ____D C:\Users\user\.RichmondProLabSchoolSports
2013-08-11 18:50 - 2013-08-11 18:50 - 00004280 _____ C:\Windows\SysWOW64\TmInstall.log
2013-08-11 18:50 - 2011-03-17 21:23 - 00000000 ____D C:\ProgramData\Trend Micro
2013-08-11 17:34 - 2013-08-11 17:34 - 07390146 _____ C:\Users\user\Downloads\file1.cr2
2013-08-11 14:46 - 2013-08-11 14:41 - 00000000 ____D C:\Users\user\AppData\Roaming\Google
2013-08-11 14:41 - 2013-08-11 14:40 - 00000000 ____D C:\ProgramData\Google
2013-08-11 14:41 - 2012-08-26 19:36 - 00000000 ____D C:\Program Files\Google
2013-08-11 14:41 - 2012-08-26 19:35 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-11 14:41 - 2012-07-13 16:33 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2013-08-11 14:40 - 2012-08-26 19:35 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-11 14:40 - 2012-08-26 19:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-11 14:40 - 2012-08-26 19:35 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-10 13:45 - 2013-08-06 18:09 - 00000000 ____D C:\Program Files\McAfee
2013-08-09 19:59 - 2012-08-09 14:51 - 00000000 ____D C:\ProgramData\McAfee
2013-08-06 18:10 - 2013-08-06 18:10 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-08-06 18:10 - 2013-08-06 18:10 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2013-08-06 18:09 - 2013-08-06 18:09 - 00000000 ____D C:\Program Files\McAfee.com
2013-08-06 17:29 - 2013-08-06 17:16 - 00000000 ____D C:\Program Files\stinger
2013-08-06 17:16 - 2013-08-06 17:16 - 00262144 _____ C:\Windows\System32\config\ELAM
2013-08-06 17:16 - 2013-08-06 17:16 - 00000000 ____D C:\Stinger_Quarantine
2013-08-06 15:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-08-05 17:38 - 2013-08-05 17:38 - 00001202 _____ C:\Users\user\Desktop\Total Recall Data Recovery Software.lnk
2013-08-04 15:16 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-08-01 18:47 - 2013-08-01 18:47 - 21021771 _____ C:\Users\user\Desktop\videoFileNo74508.wmv
2013-08-01 18:47 - 2013-08-01 18:40 - 00000000 ____D C:\ZillaTube
2013-08-01 18:45 - 2013-08-01 18:44 - 12151220 _____ C:\Users\user\Desktop\videoFileNo74437.flv.part
2013-08-01 18:44 - 2013-08-01 18:44 - 00000002 ___SH C:\Users\user\AppData\Roaming\evf9
2013-08-01 18:44 - 2012-08-02 18:55 - 00000006 ___SH C:\Users\user\AppData\Roaming\date
2013-08-01 18:44 - 2012-08-02 18:55 - 00000000 ____D C:\Users\user\AppData\Roaming\MozillaControl
2013-08-01 18:40 - 2013-08-01 18:40 - 00000620 _____ C:\Users\user\Desktop\ZillaTube.lnk
2013-08-01 18:40 - 2013-08-01 18:40 - 00000615 _____ C:\Users\user\Desktop\DemoHelp.lnk
2013-08-01 18:40 - 2013-08-01 18:40 - 00000591 _____ C:\Users\user\Desktop\HelpCHM.lnk
2013-08-01 18:40 - 2013-08-01 18:39 - 37872383 _____ C:\Users\user\Downloads\ZillaTubeSetup.exe
2013-07-31 21:45 - 2013-07-31 21:45 - 00084613 _____ C:\Users\user\Desktop\Staff Development smee.pptx
2013-07-30 18:07 - 2013-07-30 18:07 - 00000000 ____D C:\Program Files (x86)\Cricut-Craft Room
2013-07-30 18:07 - 2013-04-04 10:57 - 00000963 _____ C:\Users\Public\Desktop\Cricut-Craft Room.lnk
2013-07-25 21:13 - 2013-08-14 17:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-25 21:13 - 2013-08-14 17:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-25 21:13 - 2013-08-14 17:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-25 21:12 - 2013-08-14 17:55 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-25 21:12 - 2013-08-14 17:55 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-25 21:12 - 2013-08-14 17:55 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-25 21:12 - 2013-08-14 17:55 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-25 21:12 - 2013-08-14 17:55 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-25 21:12 - 2013-08-14 17:55 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-25 21:12 - 2013-08-14 17:55 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-25 21:12 - 2013-08-14 17:55 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-25 21:12 - 2013-08-14 17:55 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-25 21:12 - 2013-08-14 17:55 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-25 21:12 - 2013-08-14 17:55 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-25 19:35 - 2013-08-14 17:55 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-25 19:13 - 2013-08-14 17:55 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-25 19:13 - 2013-08-14 17:55 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-25 19:12 - 2013-08-14 17:55 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-25 19:12 - 2013-08-14 17:55 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-25 19:12 - 2013-08-14 17:55 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-25 19:12 - 2013-08-14 17:55 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-25 19:12 - 2013-08-14 17:55 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-25 19:12 - 2013-08-14 17:55 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-25 19:12 - 2013-08-14 17:55 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-25 19:12 - 2013-08-14 17:55 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-25 19:12 - 2013-08-14 17:55 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-25 19:11 - 2013-08-14 17:55 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-25 19:11 - 2013-08-14 17:55 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-25 18:49 - 2013-08-14 17:55 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-25 18:39 - 2013-08-14 17:55 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-25 17:59 - 2013-08-14 17:55 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 15:11 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-07-25 01:25 - 2013-08-13 17:13 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-25 00:57 - 2013-08-13 17:13 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-24 13:47 - 2013-07-24 13:47 - 00061440 _____ C:\Users\user\Documents\BIRTHDAY.lbl

Files to move or delete:
====================
C:\Users\user\AppData\Local\6aaa808b-7eaf-45ee-923f-c91c42a93278ad\aaabeafeefccaad.exe
C:\Users\user\acrobat.exe
C:\Users\user\acrobatreader.exe
C:\Users\user\chrome.exe
C:\Users\user\firefox.exe
C:\Users\user\flashplayer.exe
C:\Users\user\g2ax_customer_downloadhelper_win32_x86.exe
C:\Users\user\msconfig.exe
C:\Users\user\opera.exe
C:\Users\user\spoolsv.exe
C:\Users\user\vlcplayer.exe
C:\Users\user\AppData\Roaming\skype.dat
C:\Users\user\AppData\Roaming\skype.ini
C:\Windows\Tasks\{5F8777A3-4037-44DB-8151-4AFEE1F266D4}.job

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8169.17 MB
Available physical RAM: 7366.59 MB
Total Pagefile: 8167.32 MB
Available Pagefile: 7366.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:174.66 GB) (Free:13.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:502.49 GB) (Free:239.1 GB) NTFS
Drive f: () (Removable) (Total:3.91 GB) (Free:3.86 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=21 GB) - (Type=1C)
Partition 2: (Active) - (Size=175 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=502 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: 91F72D24)
Partition 1: (Active) - (Size=4 GB) - (Type=07 NTFS)


LastRegBack: 2013-08-15 15:03

==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:13 PM

Posted 22 August 2013 - 02:46 PM

Hello,

 

Welcome to the forum.


Please download Attached File  fixlist.txt   1.45KB   6 downloads
Save it to your flash drive.
Boot to System Recovery Options and select "Command Prompt".

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

Also please restart, let it boot normally and tell me how it went.

 

We are not done yet.



#3 dirtywaterdesign

dirtywaterdesign
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 22 August 2013 - 02:59 PM

Everything went normal at boot other than extended load time once the desktop was up.

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-08-2013 02
Ran by SYSTEM at 2013-08-22 12:51:31 Run:1
Running from F:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [Setwallpaper] - c:\programdata\SetWallpaper.cmd [x]
HKU\user\...\Run: [AdobeBridge] -  [x]
HKU\user\...\Run: [Creative Tech Update] - C:\Users\user\AppData\Local\Creative Tech\idqbe32.dll [536576 2013-08-17] ()
C:\Users\user\AppData\Local\Creative Tech\idqbe32.dll
HKU\user\...\Run: [Adobe CSS5.1 Manager] - C:\Users\user\AppData\Local\6aaa808b-7eaf-45ee-923f-c91c42a93278ad\aaabeafeefccaad.exe [118784 2013-08-20] () <===== ATTENTION
C:\Users\user\AppData\Local\6aaa808b-7eaf-45ee-923f-c91c42a93278ad\aaabeafeefccaad.exe
HKU\user\...\Winlogon: [Shell] explorer.exe,C:\Users\user\AppData\Roaming\skype.dat [163840 2013-07-08] (SmartWall Software Int) <==== ATTENTION
2013-08-20 17:29 - 2013-08-20 17:29 - 00003066 _____ C:\Windows\System32\Tasks\{5F8777A3-4037-44DB-8151-4AFEE1F266D4}
2013-08-20 17:29 - 2013-08-20 17:29 - 00000767 _____ C:\Users\user\Desktop\Internet Security 2013.lnk
2013-08-20 17:29 - 2013-08-20 17:29 - 00000000 ____D C:\Users\user\AppData\Local\6aaa808b-7eaf-45ee-923f-c91c42a93278ad
C:\Users\user\acrobat.exe
C:\Users\user\acrobatreader.exe
C:\Users\user\chrome.exe
C:\Users\user\firefox.exe
C:\Users\user\flashplayer.exe
C:\Users\user\g2ax_customer_downloadhelper_win32_x86.exe
C:\Users\user\msconfig.exe
C:\Users\user\opera.exe
C:\Users\user\spoolsv.exe
C:\Users\user\vlcplayer.exe
C:\Users\user\AppData\Roaming\skype.dat
C:\Users\user\AppData\Roaming\skype.ini
C:\Windows\Tasks\{5F8777A3-4037-44DB-8151-4AFEE1F266D4}.job
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Setwallpaper => Value deleted successfully.
HKU\user\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully.
HKU\user\Software\Microsoft\Windows\CurrentVersion\Run\\Creative Tech Update => Value deleted successfully.
C:\Users\user\AppData\Local\Creative Tech\idqbe32.dll => Moved successfully.
HKU\user\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager => Value deleted successfully.
C:\Users\user\AppData\Local\6aaa808b-7eaf-45ee-923f-c91c42a93278ad\aaabeafeefccaad.exe => Moved successfully.
HKU\user\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Windows\System32\Tasks\{5F8777A3-4037-44DB-8151-4AFEE1F266D4} => Moved successfully.
C:\Users\user\Desktop\Internet Security 2013.lnk => Moved successfully.
C:\Users\user\AppData\Local\6aaa808b-7eaf-45ee-923f-c91c42a93278ad => Moved successfully.
C:\Users\user\acrobat.exe => Moved successfully.
C:\Users\user\acrobatreader.exe => Moved successfully.
C:\Users\user\chrome.exe => Moved successfully.
C:\Users\user\firefox.exe => Moved successfully.
C:\Users\user\flashplayer.exe => Moved successfully.
C:\Users\user\g2ax_customer_downloadhelper_win32_x86.exe => Moved successfully.
C:\Users\user\msconfig.exe => Moved successfully.
C:\Users\user\opera.exe => Moved successfully.
C:\Users\user\spoolsv.exe => Moved successfully.
C:\Users\user\vlcplayer.exe => Moved successfully.
C:\Users\user\AppData\Roaming\skype.dat => Moved successfully.
C:\Users\user\AppData\Roaming\skype.ini => Moved successfully.
C:\Windows\Tasks\{5F8777A3-4037-44DB-8151-4AFEE1F266D4}.job => Moved successfully.

==== End of Fixlog ====



#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:13 PM

Posted 22 August 2013 - 03:17 PM

Great. :thumbup2:

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 



#5 dirtywaterdesign

dirtywaterdesign
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 22 August 2013 - 03:33 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013 02
Ran by user (administrator) on 22-08-2013 13:23:17
Running from C:\Users\user\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
(Kinetic Jump Software, LLC) C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\ExpressGateUtil\VAWinService.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Agile Sports Technologies) C:\Program Files (x86)\Hudl Mercury\HudlMercury.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUS) C:\Program Files (x86)\Asus\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\Asus\Wireless Console 3\wcourier.exe
(ASUS) C:\Windows\AsScrPro.exe
() C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
() C:\Program Files (x86)\CCSTransfer\CCSTransfer.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Asus\Wireless Console 3\WimaxConsole.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Core\mchost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11075176 2010-07-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [92968 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [IntelWirelessWiMAX] - C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1449984 2010-09-01] (Intel® Corporation)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4156 2010-04-16] ()
HKLM\...\Run: [THXCfg64] - C:\Windows\system32\THXCfg64.dll [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKCU\...\Run: [Hudl Mercury] - C:\Program Files (x86)\Hudl Mercury\HudlMercury.exe [3395736 2013-06-13] (Agile Sports Technologies)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\user\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-04-05] ()
HKCU\...\Run: [GoogleDriveSync] - "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [x]
HKCU\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [825808 2013-05-28] (Google Inc.)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-08-11] (Google Inc.)
MountPoints2: {618c9485-2958-11e2-91de-bcaec5629e3f} - F:\LaunchU3.exe
MountPoints2: {e18d3c84-6a25-11e2-88e2-bcaec5629e3f} - F:\LaunchU3.exe
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] - C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [ASUS Screen Saver Protector] - C:\Windows\AsScrPro.exe [3058304 2011-03-17] (ASUS)
HKLM-x32\...\Run: [THX TruStudio NB Settings] - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [905216 2010-09-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [CPMonitor] - C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe [84464 2010-10-15] ()
HKLM-x32\...\Run: [SessionLogon] - C:\ExpressGateUtil\SessionLogon.exe [x]
HKLM-x32\...\Run: [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-12] ()
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [Carbonite Backup] - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1066504 2013-06-13] (Carbonite, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CCS Uploader.lnk
ShortcutTarget: CCS Uploader.lnk -> C:\Program Files (x86)\CCSTransfer\CCSTransfer.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
URLSearchHook: (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
SearchScopes: HKCU - DefaultScope {3F1BCF7A-CE91-48DF-9E13-6AA2F9DF40E2} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0EBEAE32-0DC8-4C2D-9DF9-709ABCD82E5D} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=F56D9A9C-6C59-4A32-976F-C7F95A3D494A&apn_sauid=89FE24D8-E91D-4C87-A8DD-19B3ADD9148A
SearchScopes: HKCU - {3F1BCF7A-CE91-48DF-9E13-6AA2F9DF40E2} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {6B22469F-5A3B-4A97-A174-32A00697C289} URL = http://us.yhs4.search.yahoo.com/yhs/search?p={searchTerms}&ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,20130624,0,0,6,7635
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
BHO-x32: SelectionLinks - {D9C8D61C-A7E4-4CA2-8427-CCAF098EB352} - C:\Program Files (x86)\OApps\SelectionLinks.dll (SelectionLinks)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {62AEFF80-16AD-4AC4-B812-E70EB5F37301} http://www.zenfolio.com/zf/code/upload-ie-win-x86.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (SiteAdvisor) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0
CHR Extension: (Select Links App) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkejnnbeggknmchlgbeoicdlghhcdpdo\4.3_0
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM-x32\...\Chrome\Extension: [mkejnnbeggknmchlgbeoicdlghhcdpdo] - C:\Program Files (x86)\OApps\chrome-sl.crx

==================== Services (Whitelisted) =================

R2 Carbonite-Mirror-Image-Svc; C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe [6443072 2013-04-18] (Carbonite, Inc.)
R2 KjsUpdateService2; C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe [12800 2011-08-03] (Kinetic Jump Software, LLC)
R2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [120592 2013-05-22] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [384048 2013-02-25] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-20] ()

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [81984 2010-10-28] (Fresco Logic)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-07-28] (CACE Technologies, Inc.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
U3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-22 13:23 - 2013-08-22 12:22 - 01576476 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2013-08-22 13:21 - 2013-08-22 13:21 - 00000000 ____D C:\FRST
2013-08-22 10:21 - 2013-08-22 10:21 - 00000000 __SHD C:\found.001
2013-08-20 21:19 - 2013-08-20 21:19 - 00000000 __SHD C:\found.000
2013-08-20 14:38 - 2013-08-20 14:38 - 00000000 ____D C:\Users\user\Desktop\Job_124073
2013-08-20 14:37 - 2013-08-20 14:38 - 08411359 _____ C:\Users\user\Desktop\Job_124073.zip
2013-08-17 11:41 - 2013-08-17 11:42 - 00000000 ____D C:\Users\user\Desktop\yellow jacketjpg
2013-08-17 10:51 - 2013-08-22 13:51 - 00000000 ____D C:\Users\user\AppData\Local\Creative Tech
2013-08-15 16:11 - 2013-08-15 16:11 - 00002134 _____ C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2013-08-14 19:01 - 2013-08-14 19:01 - 34475458 _____ C:\Users\user\Desktop\football.psd
2013-08-14 18:55 - 2013-07-25 22:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 18:55 - 2013-07-25 22:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 18:55 - 2013-07-25 22:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 18:55 - 2013-07-25 22:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 18:55 - 2013-07-25 22:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 18:55 - 2013-07-25 22:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 18:55 - 2013-07-25 22:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 18:55 - 2013-07-25 22:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 18:55 - 2013-07-25 22:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 18:55 - 2013-07-25 22:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 18:55 - 2013-07-25 22:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 18:55 - 2013-07-25 22:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 18:55 - 2013-07-25 22:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 18:55 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 18:55 - 2013-07-25 20:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 18:55 - 2013-07-25 20:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 18:55 - 2013-07-25 20:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 18:55 - 2013-07-25 20:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 18:55 - 2013-07-25 20:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 18:55 - 2013-07-25 20:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 18:55 - 2013-07-25 20:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 18:55 - 2013-07-25 20:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 18:55 - 2013-07-25 20:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 18:55 - 2013-07-25 20:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 18:55 - 2013-07-25 20:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 18:55 - 2013-07-25 20:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 18:55 - 2013-07-25 20:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 18:55 - 2013-07-25 20:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 18:55 - 2013-07-25 19:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 18:55 - 2013-07-25 19:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 18:55 - 2013-07-25 18:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 18:43 - 2013-08-14 18:44 - 27253370 _____ C:\Users\user\Downloads\img3209_1.psd
2013-08-13 18:14 - 2013-07-08 22:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-13 18:14 - 2013-07-08 22:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-13 18:14 - 2013-07-08 22:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-13 18:14 - 2013-07-08 22:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-13 18:14 - 2013-07-08 21:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-13 18:14 - 2013-07-08 21:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-13 18:14 - 2013-07-08 21:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-13 18:14 - 2013-07-08 21:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-13 18:14 - 2013-07-05 23:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-13 18:13 - 2013-07-25 02:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-13 18:13 - 2013-07-25 01:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-13 18:13 - 2013-07-18 18:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-13 18:13 - 2013-07-18 18:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-13 18:13 - 2013-07-08 23:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-13 18:13 - 2013-07-08 22:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-13 18:13 - 2013-07-08 22:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-13 18:13 - 2013-07-08 22:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-13 18:13 - 2013-07-08 22:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-13 18:13 - 2013-07-08 22:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-13 18:13 - 2013-07-08 21:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-13 18:13 - 2013-07-08 21:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-13 18:13 - 2013-07-08 21:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-13 18:13 - 2013-07-08 19:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-13 18:12 - 2013-07-08 19:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-13 18:12 - 2013-07-08 19:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-13 18:12 - 2013-07-08 19:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-13 18:12 - 2013-06-14 21:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-11 19:50 - 2013-08-12 19:20 - 00002872 _____ C:\Windows\system32\TmInstall.log
2013-08-11 19:50 - 2013-08-11 19:50 - 00004280 _____ C:\Windows\SysWOW64\TmInstall.log
2013-08-11 18:34 - 2013-08-11 18:34 - 07390146 _____ C:\Users\user\Downloads\file1.cr2
2013-08-11 15:41 - 2013-08-11 15:46 - 00000000 ____D C:\Users\user\AppData\Roaming\Google
2013-08-11 15:40 - 2013-08-11 15:41 - 00000000 ____D C:\ProgramData\Google
2013-08-06 19:19 - 2013-05-02 02:06 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-08-06 19:11 - 2013-08-22 13:00 - 00001830 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2013-08-06 19:10 - 2013-08-06 19:10 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-08-06 19:10 - 2013-08-06 19:10 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2013-08-06 19:10 - 2013-02-19 13:59 - 00070112 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\cfwids.sys
2013-08-06 19:10 - 2013-02-19 13:55 - 00106552 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mferkdet.sys
2013-08-06 19:10 - 2013-02-19 13:55 - 00010728 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeclnk.sys
2013-08-06 19:10 - 2013-02-19 13:53 - 00515968 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfefirek.sys
2013-08-06 19:10 - 2013-02-19 13:53 - 00309840 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys
2013-08-06 19:10 - 2012-04-20 16:40 - 00196440 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2013-08-06 19:09 - 2013-08-20 18:52 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-08-06 19:09 - 2013-08-10 14:45 - 00000000 ____D C:\Program Files\McAfee
2013-08-06 19:09 - 2013-08-06 19:09 - 00000000 ____D C:\Program Files\McAfee.com
2013-08-06 19:02 - 2013-02-19 13:56 - 00182752 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2013-08-06 18:16 - 2013-08-06 18:29 - 00000000 ____D C:\Program Files\stinger
2013-08-06 18:16 - 2013-08-06 18:16 - 00262144 _____ C:\Windows\system32\config\ELAM
2013-08-06 18:16 - 2013-08-06 18:16 - 00000000 ____D C:\Stinger_Quarantine
2013-08-05 18:38 - 2013-08-12 19:28 - 00000000 ____D C:\Program Files (x86)\Total Recall Software
2013-08-05 18:38 - 2013-08-05 18:38 - 00001202 _____ C:\Users\user\Desktop\Total Recall Data Recovery Software.lnk
2013-08-01 19:47 - 2013-08-01 19:47 - 21021771 _____ C:\Users\user\Desktop\videoFileNo74508.wmv
2013-08-01 19:45 - 2008-10-04 08:57 - 15161638 _____ C:\Users\user\Desktop\videoFileNo74508.flv
2013-08-01 19:44 - 2013-08-01 19:45 - 12151220 _____ C:\Users\user\Desktop\videoFileNo74437.flv.part
2013-08-01 19:44 - 2013-08-01 19:44 - 00000002 ___SH C:\Users\user\AppData\Roaming\evf9
2013-08-01 19:40 - 2013-08-01 19:47 - 00000000 ____D C:\ZillaTube
2013-08-01 19:40 - 2013-08-01 19:40 - 00000620 _____ C:\Users\user\Desktop\ZillaTube.lnk
2013-08-01 19:40 - 2013-08-01 19:40 - 00000615 _____ C:\Users\user\Desktop\DemoHelp.lnk
2013-08-01 19:40 - 2013-08-01 19:40 - 00000591 _____ C:\Users\user\Desktop\HelpCHM.lnk
2013-08-01 19:40 - 2013-08-01 19:40 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZillaTube
2013-08-01 19:39 - 2013-08-01 19:40 - 37872383 _____ C:\Users\user\Downloads\ZillaTubeSetup.exe
2013-07-31 22:45 - 2013-07-31 22:45 - 00084613 _____ C:\Users\user\Desktop\Staff Development smee.pptx
2013-07-30 19:07 - 2013-07-30 19:07 - 00000000 ____D C:\Program Files (x86)\Cricut-Craft Room
2013-07-24 14:47 - 2013-07-24 14:47 - 00061440 _____ C:\Users\user\Documents\BIRTHDAY.lbl

==================== One Month Modified Files and Folders =======

2013-08-22 13:22 - 2009-07-13 21:51 - 00085996 _____ C:\Windows\setupact.log
2013-08-22 13:21 - 2013-08-22 13:21 - 00000000 ____D C:\FRST
2013-08-22 13:00 - 2013-08-06 19:11 - 00001830 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2013-08-22 12:53 - 2012-08-26 20:36 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-22 12:53 - 2011-03-17 22:50 - 00000050 _____ C:\Windows\system32\SupplicantTest.log
2013-08-22 12:53 - 2011-03-17 22:43 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-22 12:53 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-22 12:22 - 2013-08-22 13:23 - 01576476 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2013-08-22 10:21 - 2013-08-22 10:21 - 00000000 __SHD C:\found.001
2013-08-22 10:09 - 2011-03-17 22:05 - 01138642 _____ C:\Windows\WindowsUpdate.log
2013-08-22 10:07 - 2011-03-17 23:03 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-08-22 10:04 - 2009-07-13 21:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-22 10:04 - 2009-07-13 21:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-20 21:19 - 2013-08-20 21:19 - 00000000 __SHD C:\found.000
2013-08-20 18:52 - 2013-08-06 19:09 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-08-20 18:51 - 2011-03-17 22:27 - 00522668 _____ C:\Windows\PFRO.log
2013-08-20 18:20 - 2012-08-26 20:36 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-20 17:58 - 2012-08-26 20:35 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-20 16:57 - 2012-07-10 19:41 - 00097008 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-20 16:57 - 2009-07-13 21:45 - 04923352 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-20 14:38 - 2013-08-20 14:38 - 00000000 ____D C:\Users\user\Desktop\Job_124073
2013-08-20 14:38 - 2013-08-20 14:37 - 08411359 _____ C:\Users\user\Desktop\Job_124073.zip
2013-08-20 14:21 - 2009-07-13 22:08 - 00032592 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-17 11:42 - 2013-08-17 11:41 - 00000000 ____D C:\Users\user\Desktop\yellow jacketjpg
2013-08-17 10:51 - 2012-12-03 08:31 - 00000000 ____D C:\Users\user\AppData\Local\{82DE7734-C61E-4139-824F-355BA749AE93}
2013-08-15 16:17 - 2013-02-23 07:39 - 00000000 ____D C:\Program Files\Carbonite
2013-08-15 16:11 - 2013-08-15 16:11 - 00002134 _____ C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2013-08-15 16:11 - 2013-02-23 07:39 - 00004140 _____ C:\Windows\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}
2013-08-15 16:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 14:58 - 2012-12-06 12:04 - 00000000 ____D C:\ProgramData\CCSTransfer
2013-08-14 19:01 - 2013-08-14 19:01 - 34475458 _____ C:\Users\user\Desktop\football.psd
2013-08-14 18:55 - 2012-08-20 06:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-14 18:51 - 2009-07-13 22:13 - 00808584 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-14 18:47 - 2013-07-15 03:09 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 18:44 - 2013-08-14 18:43 - 27253370 _____ C:\Users\user\Downloads\img3209_1.psd
2013-08-14 18:42 - 2012-10-27 21:11 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 18:41 - 2012-08-26 20:36 - 00000000 ____D C:\Users\user\AppData\Local\Google
2013-08-12 19:28 - 2013-08-05 18:38 - 00000000 ____D C:\Program Files (x86)\Total Recall Software
2013-08-12 19:20 - 2013-08-11 19:50 - 00002872 _____ C:\Windows\system32\TmInstall.log
2013-08-11 19:57 - 2013-01-28 11:41 - 00000000 ____D C:\Users\user\.RichmondProLabSchoolSports
2013-08-11 19:50 - 2013-08-11 19:50 - 00004280 _____ C:\Windows\SysWOW64\TmInstall.log
2013-08-11 19:50 - 2011-03-17 22:23 - 00000000 ____D C:\ProgramData\Trend Micro
2013-08-11 18:34 - 2013-08-11 18:34 - 07390146 _____ C:\Users\user\Downloads\file1.cr2
2013-08-11 15:46 - 2013-08-11 15:41 - 00000000 ____D C:\Users\user\AppData\Roaming\Google
2013-08-11 15:41 - 2013-08-11 15:40 - 00000000 ____D C:\ProgramData\Google
2013-08-11 15:41 - 2012-08-26 20:36 - 00000000 ____D C:\Program Files\Google
2013-08-11 15:41 - 2012-08-26 20:35 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-11 15:41 - 2012-07-13 17:33 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2013-08-11 15:40 - 2012-08-26 20:35 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-11 15:40 - 2012-08-26 20:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-11 15:40 - 2012-08-26 20:35 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-10 14:45 - 2013-08-06 19:09 - 00000000 ____D C:\Program Files\McAfee
2013-08-09 20:59 - 2012-08-09 15:51 - 00000000 ____D C:\ProgramData\McAfee
2013-08-06 19:10 - 2013-08-06 19:10 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-08-06 19:10 - 2013-08-06 19:10 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2013-08-06 19:09 - 2013-08-06 19:09 - 00000000 ____D C:\Program Files\McAfee.com
2013-08-06 18:29 - 2013-08-06 18:16 - 00000000 ____D C:\Program Files\stinger
2013-08-06 18:16 - 2013-08-06 18:16 - 00262144 _____ C:\Windows\system32\config\ELAM
2013-08-06 18:16 - 2013-08-06 18:16 - 00000000 ____D C:\Stinger_Quarantine
2013-08-06 16:30 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-05 18:38 - 2013-08-05 18:38 - 00001202 _____ C:\Users\user\Desktop\Total Recall Data Recovery Software.lnk
2013-08-04 16:16 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-08-01 19:47 - 2013-08-01 19:47 - 21021771 _____ C:\Users\user\Desktop\videoFileNo74508.wmv
2013-08-01 19:47 - 2013-08-01 19:40 - 00000000 ____D C:\ZillaTube
2013-08-01 19:45 - 2013-08-01 19:44 - 12151220 _____ C:\Users\user\Desktop\videoFileNo74437.flv.part
2013-08-01 19:44 - 2013-08-01 19:44 - 00000002 ___SH C:\Users\user\AppData\Roaming\evf9
2013-08-01 19:44 - 2012-08-02 19:55 - 00000006 ___SH C:\Users\user\AppData\Roaming\date
2013-08-01 19:44 - 2012-08-02 19:55 - 00000000 ____D C:\Users\user\AppData\Roaming\MozillaControl
2013-08-01 19:40 - 2013-08-01 19:40 - 00000620 _____ C:\Users\user\Desktop\ZillaTube.lnk
2013-08-01 19:40 - 2013-08-01 19:40 - 00000615 _____ C:\Users\user\Desktop\DemoHelp.lnk
2013-08-01 19:40 - 2013-08-01 19:40 - 00000591 _____ C:\Users\user\Desktop\HelpCHM.lnk
2013-08-01 19:40 - 2013-08-01 19:40 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZillaTube
2013-08-01 19:40 - 2013-08-01 19:39 - 37872383 _____ C:\Users\user\Downloads\ZillaTubeSetup.exe
2013-07-31 22:45 - 2013-07-31 22:45 - 00084613 _____ C:\Users\user\Desktop\Staff Development smee.pptx
2013-07-30 19:07 - 2013-07-30 19:07 - 00000000 ____D C:\Program Files (x86)\Cricut-Craft Room
2013-07-30 19:07 - 2013-04-04 11:57 - 00000963 _____ C:\Users\Public\Desktop\Cricut-Craft Room.lnk
2013-07-25 22:13 - 2013-08-14 18:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-25 22:13 - 2013-08-14 18:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-25 22:13 - 2013-08-14 18:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-25 22:12 - 2013-08-14 18:55 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-25 22:12 - 2013-08-14 18:55 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-25 22:12 - 2013-08-14 18:55 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-25 22:12 - 2013-08-14 18:55 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-25 22:12 - 2013-08-14 18:55 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-25 22:12 - 2013-08-14 18:55 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-25 22:12 - 2013-08-14 18:55 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-25 22:12 - 2013-08-14 18:55 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-25 22:12 - 2013-08-14 18:55 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-25 22:12 - 2013-08-14 18:55 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-25 22:12 - 2013-08-14 18:55 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-25 20:35 - 2013-08-14 18:55 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-25 20:13 - 2013-08-14 18:55 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-25 20:13 - 2013-08-14 18:55 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-25 20:12 - 2013-08-14 18:55 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-25 20:12 - 2013-08-14 18:55 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-25 20:12 - 2013-08-14 18:55 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-25 20:12 - 2013-08-14 18:55 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-25 20:12 - 2013-08-14 18:55 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-25 20:12 - 2013-08-14 18:55 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-25 20:12 - 2013-08-14 18:55 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-25 20:12 - 2013-08-14 18:55 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-25 20:12 - 2013-08-14 18:55 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-25 20:11 - 2013-08-14 18:55 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-25 20:11 - 2013-08-14 18:55 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-25 19:49 - 2013-08-14 18:55 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-25 19:39 - 2013-08-14 18:55 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-25 18:59 - 2013-08-14 18:55 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 16:11 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-07-25 02:25 - 2013-08-13 18:13 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 01:57 - 2013-08-13 18:13 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-24 14:47 - 2013-07-24 14:47 - 00061440 _____ C:\Users\user\Documents\BIRTHDAY.lbl

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-15 16:03

==================== End Of Log ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2013 02
Ran by user at 2013-08-22 13:30:18
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Adobe AIR (x32 Version: 3.4.0.2540)
Adobe Community Help (x32 Version: 3.5.23)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Media Player (x32 Version: 1.8)
Adobe Photoshop CS5 (x32 Version: 12.0)
Adobe Photoshop Lightroom 3.6 64-bit (Version: 3.6.1)
Adobe Reader X (10.1.4) (x32 Version: 10.1.4)
Amazon MP3 Downloader 1.0.18 (HKCU Version: 1.0.18)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
AppLifeSetup (x32 Version: 1.0.0)
ASUS AI Recovery (x32 Version: 1.0.12)
ASUS LifeFrame3 (x32 Version: 3.0.20)
ASUS Live Update (x32 Version: 3.0.6)
ASUS Power4Gear Hybrid (Version: 1.1.42)
ASUS SmartLogon (x32 Version: 1.0.0009)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0031)
ASUS Virtual Camera (x32 Version: 1.0.20)
Asus_G73_Screensaver (x32 Version: 1.0.0001)
AsusVibe2.0 (x32 Version: 2.0.3.585)
ATK Package (x32 Version: 1.0.0007)
AviSynth 2.5 (x32)
AVS Update Manager 1.0 (x32)
AVS Video Converter 8 (x32)
AVS4YOU Software Navigator 1.4 (x32)
Best Buy pc app (Version: 3.2.2.1)
Best Buy pc app (x32 Version: 3.2.2.1)
Bonjour (Version: 3.0.0.10)
Camera Window DVC (x32 Version: 5.1)
Camera Window MC (x32 Version: 5.1)
Canon Camera Support Core Library (x32 Version: 7.2.0.4)
Canon Camera WIA Driver (x32 Version: 5.6)
Canon Camera Window DVC for ZoomBrowser EX (x32 Version: 5.1)
Canon Camera Window for ZoomBrowser EX (x32 Version: 5.1)
Canon EOS Kiss_N REBEL_XT 350D WIA Driver (x32 Version: 5.6)
Canon PhotoRecord (x32 Version: 02.02.01000)
Canon RAW Image Task for ZoomBrowser EX (x32 Version: 2.0)
Canon RemoteCapture Task for ZoomBrowser EX (x32 Version: 1.1)
Canon Utilities Digital Photo Professional 3.11 (x32 Version: 3.11.31.0)
Canon Utilities EOS Capture 1.3 (x32 Version: 1.3)
Canon Utilities PhotoStitch 3.1 (x32 Version: 3.1.14)
Canon ZoomBrowser EX (x32 Version: 5.00.0000)
Carbonite (x32 Version: 5.4.7 build 3239 (Jun-13-2013))
Carbonite Mirror Image (64-bit) (Version: 5.1.13813.2115)
CCSUploader 3.0.1.5 (x32)
Cricut ™ Driver v2.01 (x32 Version: 2.01)
Cricut Craft Room® (x32 Version: 1.0.183)
Cricut Craft Room® (x32 Version: v1.0 build-183)
CyberLink Power2Go (x32 Version: 6.1.3602c)
D3DX10 (x32 Version: 15.4.2368.0902)
DirectX 9 Runtime (x32 Version: 1.00.0000)
Documents To Go Desktop for iOS (x32 Version: 4.0001.010)
dows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (04/10/2012 2.08.24) (Version: 04/10/2012 2.08.24)
Elecard MPEG-2 Decoder Pack G4 (x32 Version: 1.3.2.111007)
ExpressGate Cloud (x32 Version: 2.1.81.393)
Fresco Logic USB3.0 Host Controller (Version: 3.0.108.16)
Google Chrome (x32 Version: 27.0.1453.110)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.153)
Hudl Mercury (x32 Version: 1.2.4)
iCloud (Version: 2.1.2.8)
Intel PROSet Wireless
Intel WiMAX Tutorial (Version: 1.5.3.1)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 7.0.0.1118)
Intel® Turbo Boost Technology Monitor (Version: 1.0.400.4)
Intel® PROSet/Wireless WiMAX Software (Version: 2.03.2000)
iTunes (Version: 11.0.4.4)
Java Auto Updater (x32 Version: 2.1.6.0)
Java™ 7 Update 5 (x32 Version: 7.0.50)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
McAfee AntiVirus Plus (x32 Version: 11.6.511)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Web Publishing Wizard 1.52 (x32)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
Nuance PDF Reader (x32 Version: 6.00.0041)
NVIDIA Display Control Panel (Version: 6.14.12.6114)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6114)
PD360 Express Beta 1 (x32 Version: 1)
PD360 Express Beta 1 (x32 Version: Beta 1)
PDF Settings CS5 (x32 Version: 10.0)
photoFXlab (64 bit) (Version: 1.1.2)
PhotoStitch (x32 Version: 3.1.14)
QuickTime (x32 Version: 7.74.80.86)
RAW Image Task 2.0 (x32 Version: 2.0)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.21.531.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6162)
Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7600.10001)
RemoteCapture Task 1.1 (x32 Version: 1.1)
Roxio AACS Certificate (x32 Version: 1.0.0)
Roxio Activation Module (x32 Version: 1.0)
Roxio CinePlayer (x32 Version: 5.6)
Roxio CinePlayer (x32 Version: 5.6.221.0)
SelectionLinks (x32 Version: 1.0)
Shared C Run-time for x64 (Version: 10.0.0)
Shockwave (x32)
Synaptics Pointing Device Driver (Version: 15.1.18.0)
Synctunes Desktop (x32 Version: 1.0.9)
The Print Shop Deluxe 15 EEV (x32)
THX TruStudio (x32 Version: TAMB-AUS1D-2-LB R04)
Topaz Adjust 5 (64-bit) (x32 Version: 5.0.0)
Topaz Adjust 5 (x32 Version: 5.0.0)
Topaz B&W Effects (64-bit) (x32 Version: 1.1.0)
Topaz B&W Effects (x32 Version: 1.1.0)
Topaz Clarity (x32 Version: 1.0.0)
Topaz Detail 3 (x32 Version: 3.0.0)
Topaz Fusion Express 2 (64-bit) (x32 Version: 2.1.1)
Topaz Fusion Express 2 (x32 Version: 2.1.1)
Topaz InFocus (x32 Version: 1.0.0)
Topaz Lens Effects (64-bit) (x32 Version: 1.2.0)
Topaz Lens Effects (x32 Version: 1.2.0)
Topaz Simplify 3 (64-bit) (x32 Version: 3.0.2)
Topaz Simplify 3 (x32 Version: 3.0.2)
TopazSoftwareManager (x32 Version: 1.2.4)
Total Recall Data Recovery Software 2.1.20 (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (04/10/2012 2.08.24) (Version: 04/10/2012 2.08.24)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinFlash (x32 Version: 2.31.0)
WinPcap 4.1.2 (x32 Version: 4.1.0.2001)
Wireless Console 3 (x32 Version: 3.0.19)
Zenfolio Uploader (x32)
ZillaTube 5.8.0 (x32 Version: 5.8.0)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0EE08B03-5A11-4DE2-A1DD-5CB87E8EF815} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-11] (Adobe Systems Incorporated)
Task: {20B1775E-A22E-498A-97A4-91CD914E36DA} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-11-10] (ASUS)
Task: {32E00D5F-19C4-4EFB-82F4-0DEC0371B90B} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe No File
Task: {334FEA68-A86A-48DC-BBC0-55731E889F97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-26] (Google Inc.)
Task: {345267C4-7E86-4C07-91C0-66A207ADB4AE} - System32\Tasks\{6F0CE637-DFE6-4AAC-9847-3A87B15781E2} => C:\Program Files (x86)\PD360Express\PD360Express.exe [2012-07-13] ()
Task: {45EDF95B-CAEC-4A07-ABCA-D1571809A9B2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-26] (Google Inc.)
Task: {466E450A-BFAD-4F02-B228-F5B0DB608A9F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {551F7B17-FEF2-4914-972E-F25C66F8378F} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {6152A5B6-6A15-46C9-92A3-622D4DE07D91} - \{5F8777A3-4037-44DB-8151-4AFEE1F266D4} No Task File
Task: {82814164-0C52-49E4-96F6-8F476478638A} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {855C6ABA-6A42-4D7F-9566-285ACFA40980} - System32\Tasks\AdobeAAMUpdater-1.0-user-PC-user => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {87BAED51-7CB8-40C6-B908-E5CC8EE5C6FE} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {930DFD4B-E2C8-4A8A-BC6E-8A4C51681899} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2011-08-31] (ASUSTeK Computer Inc.)
Task: {947240AC-AF8B-49ED-A1E1-FDBEAAA72D33} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {D72B586C-665D-467C-A522-11DF464A4605} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {E81A731D-2D25-4B83-8552-93FCB8D16D04} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/22/2013 00:56:50 PM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3796 (0xed4)

Thread address : 0x00000000776E12FA

Thread message :

 Build VSCORE.15.1.0.520 / 5500.1093
 Object being scanned = \Device\HarddiskVolume2\Windows\system32\en-US\mprmsg.dll.mui
 by C:\Windows\system32\svchost.exe
 4(0)(0)
 4(0)(0)
 7200(0)(0)
 7595(0)(0)
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)

Error: (08/22/2013 00:56:50 PM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3788 (0xecc)

Thread address : 0x00000000776E12FA

Thread message :

 Build VSCORE.15.1.0.520 / 5500.1093
 Object being scanned = \Device\HarddiskVolume2\Windows\system32\ESENT.dll
 by C:\Windows\system32\svchost.exe
 4(0)(0)
 4(0)(0)
 7200(0)(0)
 7595(0)(0)
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)

Error: (08/22/2013 00:56:50 PM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3780 (0xec4)

Thread address : 0x00000000776E12FA

Thread message :

 Build VSCORE.15.1.0.520 / 5500.1093
 Object being scanned = \Device\HarddiskVolume2\Windows\system32\sfc_os.DLL
 by C:\Windows\system32\rundll32.exe
 4(0)(0)
 4(0)(0)
 7200(0)(0)
 7595(0)(0)
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)

Error: (08/22/2013 00:56:50 PM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3772 (0xebc)

Thread address : 0x00000000776E12FA

Thread message :

 Build VSCORE.15.1.0.520 / 5500.1093
 Object being scanned = \Device\HarddiskVolume2\Windows\system32\sfc.dll
 by C:\Windows\system32\rundll32.exe
 4(0)(0)
 4(0)(0)
 7200(0)(0)
 7595(0)(0)
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)

Error: (08/22/2013 00:56:50 PM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3784 (0xec8)

Thread address : 0x00000000776E12FA

Thread message :

 Build VSCORE.15.1.0.520 / 5500.1093
 Object being scanned = \Device\HarddiskVolume2\Windows\System32\dinotify.exe
 by C:\Windows\system32\rundll32.exe
 4(0)(0)
 4(0)(0)
 7200(0)(0)
 7595(0)(0)
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)

Error: (08/22/2013 00:56:50 PM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3768 (0xeb8)

Thread address : 0x00000000776E12FA

Thread message :

 Build VSCORE.15.1.0.520 / 5500.1093
 Object being scanned = \Device\HarddiskVolume2\Windows\system32\NLAapi.dll
 by C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
 4(0)(0)
 4(0)(0)
 7200(0)(0)
 7595(0)(0)
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)

Error: (08/22/2013 00:56:50 PM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3764 (0xeb4)

Thread address : 0x00000000776E12FA

Thread message :

 Build VSCORE.15.1.0.520 / 5500.1093
 Object being scanned = \Device\HarddiskVolume2\Windows\system32\napinsp.dll
 by C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
 4(0)(0)
 4(0)(0)
 7200(0)(0)
 7595(0)(0)
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)

Error: (08/22/2013 00:56:50 PM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3736 (0xe98)

Thread address : 0x00000000776E12FA

Thread message :

 Build VSCORE.15.1.0.520 / 5500.1093
 Object being scanned = \Device\HarddiskVolume2\Windows\SYSTEM32\sechost.dll
 by C:\Windows\System32\dinotify.exe
 4(0)(0)
 4(0)(0)
 7200(0)(0)
 7595(0)(0)
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)

Error: (08/22/2013 00:56:50 PM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3756 (0xeac)

Thread address : 0x00000000776E12FA

Thread message :

 Build VSCORE.15.1.0.520 / 5500.1093
 Object being scanned = \Device\HarddiskVolume2\Windows\System32\pnpui.dll
 by C:\Windows\System32\dinotify.exe
 4(0)(0)
 4(0)(0)
 7200(0)(0)
 7595(0)(0)
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)

Error: (08/22/2013 00:56:50 PM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3752 (0xea8)

Thread address : 0x00000000776E12FA

Thread message :

 Build VSCORE.15.1.0.520 / 5500.1093
 Object being scanned = \Device\HarddiskVolume2\Program Files (x86)\Broderbund\The Print Shop\ps.exe
 by C:\Windows\Explorer.EXE
 4(0)(0)
 4(0)(0)
 7200(0)(0)
 7595(0)(0)
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)


System errors:
=============
Error: (08/22/2013 01:22:25 PM) (Source: Application Popup) (User: )
Description: Driver USB returned invalid ID for a child device (fbf12ce1d42302).

Error: (08/22/2013 00:58:24 PM) (Source: DCOM) (User: )
Description: {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A}

Error: (08/22/2013 00:56:55 PM) (Source: Service Control Manager) (User: )
Description: The McAfee McShield service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (08/22/2013 00:56:15 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (08/22/2013 00:56:15 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (08/22/2013 00:56:15 PM) (Source: DCOM) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/22/2013 00:55:58 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/22/2013 00:55:58 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (08/22/2013 00:53:07 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:10:22 AM on ‎8/‎22/‎2013 was unexpected.

Error: (08/22/2013 10:10:07 AM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 21%
Total physical RAM: 8169.17 MB
Available physical RAM: 6440.69 MB
Total Pagefile: 16336.52 MB
Available Pagefile: 13741.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:174.66 GB) (Free:13.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:502.49 GB) (Free:239.1 GB) NTFS
Drive f: () (Removable) (Total:3.91 GB) (Free:3.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=21 GB) - (Type=1C)
Partition 2: (Active) - (Size=175 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=502 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: 91F72D24)
Partition 1: (Active) - (Size=4 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:13 PM

Posted 22 August 2013 - 03:45 PM

  1. Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Note: If the tool warned you about the outdated version please download and run the updated version.
     
  2. Please download AdwCleaner and save it to your desktop.
    • Close all open programs.
    • Double click on AdwCleaner.exe to run it.
    • Click on Delete and confirm the prompt.
    • After it is finished the computer will be restarted. A text file will open after the restart.
    • Please post the content of that log to your reply.
    • A copy of the log will be saved at C:\AdwCleaner[S1].txt.

Attached Files



#7 dirtywaterdesign

dirtywaterdesign
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 22 August 2013 - 10:20 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-08-2013 02
Ran by user at 2013-08-22 19:50:25 Run:2
Running from C:\Users\user\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {6152A5B6-6A15-46C9-92A3-622D4DE07D91} - \{5F8777A3-4037-44DB-8151-4AFEE1F266D4} No Task File
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6152A5B6-6A15-46C9-92A3-622D4DE07D91} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5F8777A3-4037-44DB-8151-4AFEE1F266D4} => Key deleted successfully.

==== End of Fixlog ====

 

 

 

# AdwCleaner v3.000 - Report created 22/08/2013 at 20:09:38
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : user - USER-PC
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\users\user\AppData\Local\PackageAware
Folder Deleted : C:\users\user\AppData\Local\Temp\AirInstaller

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

-\\ Google Chrome v27.0.1453.110

[ File : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [5888 octets] - [22/08/2013 19:53:31]
AdwCleaner[R1].txt - [5948 octets] - [22/08/2013 20:06:50]
AdwCleaner[S0].txt - [5962 octets] - [22/08/2013 20:09:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6022 octets] ##########



#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:13 PM

Posted 23 August 2013 - 01:42 AM

Please download Malwarebytes' Anti-Malware from one of these locations:
malwarebytes.org
majorgeeks.com

  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

 



#9 dirtywaterdesign

dirtywaterdesign
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 23 August 2013 - 06:39 AM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.23.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
user :: USER-PC [administrator]

8/23/2013 3:40:20 AM
mbam-log-2013-08-23 (03-40-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230024
Time elapsed: 13 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:13 PM

Posted 23 August 2013 - 09:19 AM

Looks good.

  1. This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar or any other program uncheck the box next to it.
    • Run CCleaner. Under Application tab all the boxes should be checked except any option to remove saved passwords.
    • Click Run Cleaner.
    • Close CCleaner.
  2. Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
    You may download both x32 and x64 versions of Java from http://www.java.com/en/download/manual.jsp

    Uninstall the following older Java:

    Java™ 7 Update 5

    Then install the downloaded Java versions.
     

  3. Please run FRST64, click Scan and post FRST.txt to your reply. It will make only one log this time.
     

  4. Also tell me how is the computer running.



#11 dirtywaterdesign

dirtywaterdesign
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 23 August 2013 - 03:17 PM

Laptop is running great. Thanks so much for your time and dedication to this!!

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013 02
Ran by user (administrator) on 23-08-2013 13:14:15
Running from C:\Users\user\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
(Kinetic Jump Software, LLC) C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\ExpressGateUtil\VAWinService.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Agile Sports Technologies) C:\Program Files (x86)\Hudl Mercury\HudlMercury.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\user\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
() C:\Program Files (x86)\CCSTransfer\CCSTransfer.exe
(ASUS) C:\Program Files (x86)\Asus\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\Asus\Wireless Console 3\wcourier.exe
(ASUS) C:\Windows\AsScrPro.exe
() C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
() C:\ExpressGateUtil\VAWinAgent.exe
() C:\Program Files (x86)\Asus\Wireless Console 3\WimaxConsole.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11075176 2010-07-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [92968 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [IntelWirelessWiMAX] - C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1449984 2010-09-01] (Intel® Corporation)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4156 2010-04-16] ()
HKLM\...\Run: [THXCfg64] - C:\Windows\system32\THXCfg64.dll [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKCU\...\Run: [Hudl Mercury] - C:\Program Files (x86)\Hudl Mercury\HudlMercury.exe [3395736 2013-06-13] (Agile Sports Technologies)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\user\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-04-05] ()
HKCU\...\Run: [GoogleDriveSync] - "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [x]
HKCU\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [825808 2013-05-28] (Google Inc.)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-08-11] (Google Inc.)
MountPoints2: {618c9485-2958-11e2-91de-bcaec5629e3f} - F:\LaunchU3.exe
MountPoints2: {e18d3c84-6a25-11e2-88e2-bcaec5629e3f} - F:\LaunchU3.exe
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] - C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [ASUS Screen Saver Protector] - C:\Windows\AsScrPro.exe [3058304 2011-03-17] (ASUS)
HKLM-x32\...\Run: [THX TruStudio NB Settings] - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [905216 2010-09-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [CPMonitor] - C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe [84464 2010-10-15] ()
HKLM-x32\...\Run: [SessionLogon] - C:\ExpressGateUtil\SessionLogon.exe [x]
HKLM-x32\...\Run: [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-12] ()
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [Carbonite Backup] - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1066504 2013-06-13] (Carbonite, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CCS Uploader.lnk
ShortcutTarget: CCS Uploader.lnk -> C:\Program Files (x86)\CCSTransfer\CCSTransfer.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
URLSearchHook: (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0EBEAE32-0DC8-4C2D-9DF9-709ABCD82E5D} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=F56D9A9C-6C59-4A32-976F-C7F95A3D494A&apn_sauid=89FE24D8-E91D-4C87-A8DD-19B3ADD9148A
SearchScopes: HKCU - {3F1BCF7A-CE91-48DF-9E13-6AA2F9DF40E2} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {6B22469F-5A3B-4A97-A174-32A00697C289} URL = http://us.yhs4.search.yahoo.com/yhs/search?p={searchTerms}&ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,20130624,0,0,6,7635
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
BHO-x32: SelectionLinks - {D9C8D61C-A7E4-4CA2-8427-CCAF098EB352} - C:\Program Files (x86)\OApps\SelectionLinks.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {62AEFF80-16AD-4AC4-B812-E70EB5F37301} http://www.zenfolio.com/zf/code/upload-ie-win-x86.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM-x32\...\Chrome\Extension: [mkejnnbeggknmchlgbeoicdlghhcdpdo] - C:\Program Files (x86)\OApps\chrome-sl.crx

==================== Services (Whitelisted) =================

R2 Carbonite-Mirror-Image-Svc; C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe [6443072 2013-04-18] (Carbonite, Inc.)
R2 KjsUpdateService2; C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe [12800 2011-08-03] (Kinetic Jump Software, LLC)
R2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [120592 2013-05-22] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [384048 2013-02-25] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-20] ()

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [81984 2010-10-28] (Fresco Logic)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-07-28] (CACE Technologies, Inc.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
U3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-23 13:08 - 2013-08-23 13:08 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-23 13:08 - 2013-08-23 13:08 - 00000000 ____D C:\Program Files\CCleaner
2013-08-23 12:49 - 2013-08-23 12:49 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-23 12:49 - 2013-08-23 12:49 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-23 12:49 - 2013-08-23 12:49 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-23 12:49 - 2013-08-23 12:49 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-23 04:33 - 2013-08-23 04:33 - 00003288 ____N C:\bootsqm.dat
2013-08-23 03:37 - 2013-08-23 03:37 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-23 03:37 - 2013-08-23 03:37 - 00000000 ____D C:\Users\user\AppData\Roaming\Malwarebytes
2013-08-23 03:37 - 2013-08-23 03:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-23 03:37 - 2013-08-23 03:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-23 03:37 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-22 19:53 - 2013-08-22 21:51 - 00975858 _____ C:\Users\user\Desktop\AdwCleaner.exe
2013-08-22 19:53 - 2013-08-22 20:09 - 00000000 ____D C:\AdwCleaner
2013-08-22 13:30 - 2013-08-22 13:30 - 00025337 _____ C:\Users\user\Desktop\Addition.txt
2013-08-22 13:23 - 2013-08-22 12:22 - 01576476 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2013-08-22 13:21 - 2013-08-22 13:21 - 00000000 ____D C:\FRST
2013-08-22 10:21 - 2013-08-22 10:21 - 00000000 __SHD C:\found.001
2013-08-20 21:19 - 2013-08-20 21:19 - 00000000 __SHD C:\found.000
2013-08-20 14:38 - 2013-08-20 14:38 - 00000000 ____D C:\Users\user\Desktop\Job_124073
2013-08-20 14:37 - 2013-08-20 14:38 - 08411359 _____ C:\Users\user\Desktop\Job_124073.zip
2013-08-17 11:41 - 2013-08-17 11:42 - 00000000 ____D C:\Users\user\Desktop\yellow jacketjpg
2013-08-17 10:51 - 2013-08-22 13:51 - 00000000 ____D C:\Users\user\AppData\Local\Creative Tech
2013-08-15 16:11 - 2013-08-15 16:11 - 00002134 _____ C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2013-08-14 19:01 - 2013-08-14 19:01 - 34475458 _____ C:\Users\user\Desktop\football.psd
2013-08-14 18:55 - 2013-07-25 22:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 18:55 - 2013-07-25 22:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 18:55 - 2013-07-25 22:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 18:55 - 2013-07-25 22:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 18:55 - 2013-07-25 22:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 18:55 - 2013-07-25 22:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 18:55 - 2013-07-25 22:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 18:55 - 2013-07-25 22:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 18:55 - 2013-07-25 22:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 18:55 - 2013-07-25 22:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 18:55 - 2013-07-25 22:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 18:55 - 2013-07-25 22:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 18:55 - 2013-07-25 22:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 18:55 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 18:55 - 2013-07-25 20:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 18:55 - 2013-07-25 20:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 18:55 - 2013-07-25 20:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 18:55 - 2013-07-25 20:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 18:55 - 2013-07-25 20:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 18:55 - 2013-07-25 20:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 18:55 - 2013-07-25 20:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 18:55 - 2013-07-25 20:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 18:55 - 2013-07-25 20:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 18:55 - 2013-07-25 20:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 18:55 - 2013-07-25 20:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 18:55 - 2013-07-25 20:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 18:55 - 2013-07-25 20:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 18:55 - 2013-07-25 20:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 18:55 - 2013-07-25 19:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 18:55 - 2013-07-25 19:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 18:55 - 2013-07-25 18:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 18:43 - 2013-08-14 18:44 - 27253370 _____ C:\Users\user\Downloads\img3209_1.psd
2013-08-13 18:14 - 2013-07-08 22:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-13 18:14 - 2013-07-08 22:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-13 18:14 - 2013-07-08 22:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-13 18:14 - 2013-07-08 22:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-13 18:14 - 2013-07-08 21:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-13 18:14 - 2013-07-08 21:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-13 18:14 - 2013-07-08 21:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-13 18:14 - 2013-07-08 21:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-13 18:14 - 2013-07-05 23:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-13 18:13 - 2013-07-25 02:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-13 18:13 - 2013-07-25 01:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-13 18:13 - 2013-07-18 18:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-13 18:13 - 2013-07-18 18:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-13 18:13 - 2013-07-08 23:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-13 18:13 - 2013-07-08 22:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-13 18:13 - 2013-07-08 22:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-13 18:13 - 2013-07-08 22:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-13 18:13 - 2013-07-08 22:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-13 18:13 - 2013-07-08 22:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-13 18:13 - 2013-07-08 21:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-13 18:13 - 2013-07-08 21:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-13 18:13 - 2013-07-08 21:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-13 18:13 - 2013-07-08 19:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-13 18:12 - 2013-07-08 19:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-13 18:12 - 2013-07-08 19:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-13 18:12 - 2013-07-08 19:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-13 18:12 - 2013-06-14 21:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-11 19:50 - 2013-08-12 19:20 - 00002872 _____ C:\Windows\system32\TmInstall.log
2013-08-11 19:50 - 2013-08-11 19:50 - 00004280 _____ C:\Windows\SysWOW64\TmInstall.log
2013-08-11 18:34 - 2013-08-11 18:34 - 07390146 _____ C:\Users\user\Downloads\file1.cr2
2013-08-11 15:41 - 2013-08-11 15:46 - 00000000 ____D C:\Users\user\AppData\Roaming\Google
2013-08-11 15:40 - 2013-08-11 15:41 - 00000000 ____D C:\ProgramData\Google
2013-08-06 19:19 - 2013-05-02 02:06 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-08-06 19:11 - 2013-08-23 04:39 - 00001830 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2013-08-06 19:10 - 2013-08-06 19:10 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-08-06 19:10 - 2013-08-06 19:10 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2013-08-06 19:10 - 2013-02-19 13:59 - 00070112 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\cfwids.sys
2013-08-06 19:10 - 2013-02-19 13:55 - 00106552 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mferkdet.sys
2013-08-06 19:10 - 2013-02-19 13:55 - 00010728 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeclnk.sys
2013-08-06 19:10 - 2013-02-19 13:53 - 00515968 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfefirek.sys
2013-08-06 19:10 - 2013-02-19 13:53 - 00309840 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys
2013-08-06 19:10 - 2012-04-20 16:40 - 00196440 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2013-08-06 19:09 - 2013-08-20 18:52 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-08-06 19:09 - 2013-08-10 14:45 - 00000000 ____D C:\Program Files\McAfee
2013-08-06 19:09 - 2013-08-06 19:09 - 00000000 ____D C:\Program Files\McAfee.com
2013-08-06 19:02 - 2013-02-19 13:56 - 00182752 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2013-08-06 18:16 - 2013-08-06 18:29 - 00000000 ____D C:\Program Files\stinger
2013-08-06 18:16 - 2013-08-06 18:16 - 00262144 _____ C:\Windows\system32\config\ELAM
2013-08-06 18:16 - 2013-08-06 18:16 - 00000000 ____D C:\Stinger_Quarantine
2013-08-05 18:38 - 2013-08-12 19:28 - 00000000 ____D C:\Program Files (x86)\Total Recall Software
2013-08-05 18:38 - 2013-08-05 18:38 - 00001202 _____ C:\Users\user\Desktop\Total Recall Data Recovery Software.lnk
2013-08-01 19:47 - 2013-08-01 19:47 - 21021771 _____ C:\Users\user\Desktop\videoFileNo74508.wmv
2013-08-01 19:45 - 2008-10-04 08:57 - 15161638 _____ C:\Users\user\Desktop\videoFileNo74508.flv
2013-08-01 19:44 - 2013-08-01 19:45 - 12151220 _____ C:\Users\user\Desktop\videoFileNo74437.flv.part
2013-08-01 19:44 - 2013-08-01 19:44 - 00000002 ___SH C:\Users\user\AppData\Roaming\evf9
2013-08-01 19:40 - 2013-08-01 19:47 - 00000000 ____D C:\ZillaTube
2013-08-01 19:40 - 2013-08-01 19:40 - 00000620 _____ C:\Users\user\Desktop\ZillaTube.lnk
2013-08-01 19:40 - 2013-08-01 19:40 - 00000615 _____ C:\Users\user\Desktop\DemoHelp.lnk
2013-08-01 19:40 - 2013-08-01 19:40 - 00000591 _____ C:\Users\user\Desktop\HelpCHM.lnk
2013-08-01 19:40 - 2013-08-01 19:40 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZillaTube
2013-08-01 19:39 - 2013-08-01 19:40 - 37872383 _____ C:\Users\user\Downloads\ZillaTubeSetup.exe
2013-07-31 22:45 - 2013-07-31 22:45 - 00084613 _____ C:\Users\user\Desktop\Staff Development smee.pptx
2013-07-30 19:07 - 2013-07-30 19:07 - 00000000 ____D C:\Program Files (x86)\Cricut-Craft Room
2013-07-24 14:47 - 2013-07-24 14:47 - 00061440 _____ C:\Users\user\Documents\BIRTHDAY.lbl

==================== One Month Modified Files and Folders =======

2013-08-23 13:13 - 2012-10-06 13:31 - 00000000 ____D C:\Windows\Minidump
2013-08-23 13:13 - 2009-07-28 23:03 - 00000000 ____D C:\Windows\Panther
2013-08-23 13:10 - 2009-07-13 22:13 - 00794214 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-23 13:08 - 2013-08-23 13:08 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-23 13:08 - 2013-08-23 13:08 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-23 13:08 - 2013-08-23 13:08 - 00000000 ____D C:\Program Files\CCleaner
2013-08-23 12:49 - 2013-08-23 12:49 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-23 12:49 - 2013-08-23 12:49 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-23 12:49 - 2013-08-23 12:49 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-23 12:49 - 2013-08-23 12:49 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-23 12:49 - 2012-08-09 15:51 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-23 12:49 - 2012-08-09 15:51 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-23 12:46 - 2011-03-17 22:05 - 01187419 ____N C:\Windows\WindowsUpdate.log
2013-08-23 04:41 - 2009-07-13 21:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-23 04:41 - 2009-07-13 21:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-23 04:39 - 2013-08-06 19:11 - 00001830 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2013-08-23 04:34 - 2012-08-26 20:36 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-23 04:34 - 2011-03-17 22:50 - 00000050 _____ C:\Windows\system32\SupplicantTest.log
2013-08-23 04:34 - 2011-03-17 22:43 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-23 04:34 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-23 04:33 - 2013-08-23 04:33 - 00003288 ____N C:\bootsqm.dat
2013-08-23 03:37 - 2013-08-23 03:37 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-23 03:37 - 2013-08-23 03:37 - 00000000 ____D C:\Users\user\AppData\Roaming\Malwarebytes
2013-08-23 03:37 - 2013-08-23 03:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-23 03:37 - 2013-08-23 03:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-22 21:51 - 2013-08-22 19:53 - 00975858 _____ C:\Users\user\Desktop\AdwCleaner.exe
2013-08-22 20:09 - 2013-08-22 19:53 - 00000000 ____D C:\AdwCleaner
2013-08-22 13:51 - 2013-08-17 10:51 - 00000000 ____D C:\Users\user\AppData\Local\Creative Tech
2013-08-22 13:30 - 2013-08-22 13:30 - 00025337 _____ C:\Users\user\Desktop\Addition.txt
2013-08-22 13:21 - 2013-08-22 13:21 - 00000000 ____D C:\FRST
2013-08-22 12:22 - 2013-08-22 13:23 - 01576476 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2013-08-22 10:21 - 2013-08-22 10:21 - 00000000 __SHD C:\found.001
2013-08-22 10:07 - 2011-03-17 23:03 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-08-20 21:19 - 2013-08-20 21:19 - 00000000 __SHD C:\found.000
2013-08-20 18:52 - 2013-08-06 19:09 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-08-20 18:20 - 2012-08-26 20:36 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-20 17:58 - 2012-08-26 20:35 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-20 16:57 - 2012-07-10 19:41 - 00097008 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-20 16:57 - 2009-07-13 21:45 - 04923352 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-20 14:38 - 2013-08-20 14:38 - 00000000 ____D C:\Users\user\Desktop\Job_124073
2013-08-20 14:38 - 2013-08-20 14:37 - 08411359 _____ C:\Users\user\Desktop\Job_124073.zip
2013-08-20 14:21 - 2009-07-13 22:08 - 00032592 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-17 11:42 - 2013-08-17 11:41 - 00000000 ____D C:\Users\user\Desktop\yellow jacketjpg
2013-08-17 10:51 - 2012-12-03 08:31 - 00000000 ____D C:\Users\user\AppData\Local\{82DE7734-C61E-4139-824F-355BA749AE93}
2013-08-15 16:17 - 2013-02-23 07:39 - 00000000 ____D C:\Program Files\Carbonite
2013-08-15 16:11 - 2013-08-15 16:11 - 00002134 _____ C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2013-08-15 16:11 - 2013-02-23 07:39 - 00004140 _____ C:\Windows\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}
2013-08-15 16:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 14:58 - 2012-12-06 12:04 - 00000000 ____D C:\ProgramData\CCSTransfer
2013-08-14 19:01 - 2013-08-14 19:01 - 34475458 _____ C:\Users\user\Desktop\football.psd
2013-08-14 18:55 - 2012-08-20 06:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-14 18:47 - 2013-07-15 03:09 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 18:44 - 2013-08-14 18:43 - 27253370 _____ C:\Users\user\Downloads\img3209_1.psd
2013-08-14 18:42 - 2012-10-27 21:11 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 18:41 - 2012-08-26 20:36 - 00000000 ____D C:\Users\user\AppData\Local\Google
2013-08-12 19:28 - 2013-08-05 18:38 - 00000000 ____D C:\Program Files (x86)\Total Recall Software
2013-08-12 19:20 - 2013-08-11 19:50 - 00002872 _____ C:\Windows\system32\TmInstall.log
2013-08-11 19:57 - 2013-01-28 11:41 - 00000000 ____D C:\Users\user\.RichmondProLabSchoolSports
2013-08-11 19:50 - 2013-08-11 19:50 - 00004280 _____ C:\Windows\SysWOW64\TmInstall.log
2013-08-11 19:50 - 2011-03-17 22:23 - 00000000 ____D C:\ProgramData\Trend Micro
2013-08-11 18:34 - 2013-08-11 18:34 - 07390146 _____ C:\Users\user\Downloads\file1.cr2
2013-08-11 15:46 - 2013-08-11 15:41 - 00000000 ____D C:\Users\user\AppData\Roaming\Google
2013-08-11 15:41 - 2013-08-11 15:40 - 00000000 ____D C:\ProgramData\Google
2013-08-11 15:41 - 2012-08-26 20:36 - 00000000 ____D C:\Program Files\Google
2013-08-11 15:41 - 2012-08-26 20:35 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-11 15:41 - 2012-07-13 17:33 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2013-08-11 15:40 - 2012-08-26 20:35 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-11 15:40 - 2012-08-26 20:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-11 15:40 - 2012-08-26 20:35 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-10 14:45 - 2013-08-06 19:09 - 00000000 ____D C:\Program Files\McAfee
2013-08-09 20:59 - 2012-08-09 15:51 - 00000000 ____D C:\ProgramData\McAfee
2013-08-06 19:10 - 2013-08-06 19:10 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-08-06 19:10 - 2013-08-06 19:10 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2013-08-06 19:09 - 2013-08-06 19:09 - 00000000 ____D C:\Program Files\McAfee.com
2013-08-06 18:29 - 2013-08-06 18:16 - 00000000 ____D C:\Program Files\stinger
2013-08-06 18:16 - 2013-08-06 18:16 - 00262144 _____ C:\Windows\system32\config\ELAM
2013-08-06 18:16 - 2013-08-06 18:16 - 00000000 ____D C:\Stinger_Quarantine
2013-08-06 16:30 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-05 18:38 - 2013-08-05 18:38 - 00001202 _____ C:\Users\user\Desktop\Total Recall Data Recovery Software.lnk
2013-08-04 16:16 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-08-01 19:47 - 2013-08-01 19:47 - 21021771 _____ C:\Users\user\Desktop\videoFileNo74508.wmv
2013-08-01 19:47 - 2013-08-01 19:40 - 00000000 ____D C:\ZillaTube
2013-08-01 19:45 - 2013-08-01 19:44 - 12151220 _____ C:\Users\user\Desktop\videoFileNo74437.flv.part
2013-08-01 19:44 - 2013-08-01 19:44 - 00000002 ___SH C:\Users\user\AppData\Roaming\evf9
2013-08-01 19:44 - 2012-08-02 19:55 - 00000006 ___SH C:\Users\user\AppData\Roaming\date
2013-08-01 19:44 - 2012-08-02 19:55 - 00000000 ____D C:\Users\user\AppData\Roaming\MozillaControl
2013-08-01 19:40 - 2013-08-01 19:40 - 00000620 _____ C:\Users\user\Desktop\ZillaTube.lnk
2013-08-01 19:40 - 2013-08-01 19:40 - 00000615 _____ C:\Users\user\Desktop\DemoHelp.lnk
2013-08-01 19:40 - 2013-08-01 19:40 - 00000591 _____ C:\Users\user\Desktop\HelpCHM.lnk
2013-08-01 19:40 - 2013-08-01 19:40 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZillaTube
2013-08-01 19:40 - 2013-08-01 19:39 - 37872383 _____ C:\Users\user\Downloads\ZillaTubeSetup.exe
2013-07-31 22:45 - 2013-07-31 22:45 - 00084613 _____ C:\Users\user\Desktop\Staff Development smee.pptx
2013-07-30 19:07 - 2013-07-30 19:07 - 00000000 ____D C:\Program Files (x86)\Cricut-Craft Room
2013-07-30 19:07 - 2013-04-04 11:57 - 00000963 _____ C:\Users\Public\Desktop\Cricut-Craft Room.lnk
2013-07-25 22:13 - 2013-08-14 18:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-25 22:13 - 2013-08-14 18:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-25 22:13 - 2013-08-14 18:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-25 22:12 - 2013-08-14 18:55 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-25 22:12 - 2013-08-14 18:55 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-25 22:12 - 2013-08-14 18:55 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-25 22:12 - 2013-08-14 18:55 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-25 22:12 - 2013-08-14 18:55 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-25 22:12 - 2013-08-14 18:55 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-25 22:12 - 2013-08-14 18:55 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-25 22:12 - 2013-08-14 18:55 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-25 22:12 - 2013-08-14 18:55 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-25 22:12 - 2013-08-14 18:55 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-25 22:12 - 2013-08-14 18:55 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-25 20:35 - 2013-08-14 18:55 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-25 20:13 - 2013-08-14 18:55 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-25 20:13 - 2013-08-14 18:55 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-25 20:12 - 2013-08-14 18:55 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-25 20:12 - 2013-08-14 18:55 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-25 20:12 - 2013-08-14 18:55 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-25 20:12 - 2013-08-14 18:55 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-25 20:12 - 2013-08-14 18:55 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-25 20:12 - 2013-08-14 18:55 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-25 20:12 - 2013-08-14 18:55 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-25 20:12 - 2013-08-14 18:55 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-25 20:12 - 2013-08-14 18:55 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-25 20:11 - 2013-08-14 18:55 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-25 20:11 - 2013-08-14 18:55 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-25 19:49 - 2013-08-14 18:55 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-25 19:39 - 2013-08-14 18:55 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-25 18:59 - 2013-08-14 18:55 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 16:11 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-07-25 02:25 - 2013-08-13 18:13 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 01:57 - 2013-08-13 18:13 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-24 14:47 - 2013-07-24 14:47 - 00061440 _____ C:\Users\user\Documents\BIRTHDAY.lbl

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-15 16:03

==================== End Of Log ============================



#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:13 PM

Posted 23 August 2013 - 05:00 PM

Looks good and you are good to go. :thumbup2:

 

  1. Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). We don't need the log any more.

    Note: If the tool warned you about the outdated version please download and run the updated version.
     
  2. Please delete FRST tool as we don't need it any more. Also go to C:\FRST and delete the entire FRST folder.
     
  3. You may delete any tool or log we used from your computer. You may keep MalwareByte.
     
  4. Remove the old restore points and create a new restore point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Setting a new restore point AFTER cleaning your system will enable your computer to "roll-back" to a clean working state if needed. :
    • Go to Start => Right-click "Computer" and select "Properties".
    • In the left pane select "System Protection".
    • Press "Configure".
    • Select "Delete". Then press "Continue" close and "OK".
    • Select your drive (drive C) and press "Create".
      Fill in a name for the restore point and press "Create".
      After finished press "Close".


       


#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:13 PM

Posted 31 August 2013 - 03:58 AM

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a Private Message and I will reopen it for you.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users