Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with ZeroAccess Root kit. Missing/hidden files, can't recover.


  • This topic is locked This topic is locked
82 replies to this topic

#1 TheRealJustan

TheRealJustan

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 23 August 2013 - 02:50 PM

My most recent master recordings from FL Studio have disappeared. The files are in a format known as ".flp", and all of the files that I've done from about the Summer of 2012 up until just a few days ago, have vanished. As far as I can tell, none of my pictures, word documents, music etc. have been affected. But for whatever reason, my master recordings from within the last year, have been. Our PC was infected with ZeroAccess Root kit. I'm not sure if this has anything to do with my missing files or not. I've gone through a few recovery steps including, trying to restore a Previous Version of the respective directories back to a state where my files should have been there. I attempted to do a Backup and Restore via the Control Panel, but that feature was never set up for this computer, so that wouldn't have worked. The odd thing that I noticed is that I had a similar issue before. I was never able to access these recent files outside of FL Studio, but when I was in the program itself, I was. I also noticed that when I would access them from the program, there was a "lock" icon next to the name of the files. This lock icon was not present on any of the older files, just the ones from about June/July 2012 going forward. I've gone through all of the required steps that Broni had me go through on this topic and have included the requested logs. I hope I am doing this right. Please forgive me if I've forgotten a step. I have attached the Attach.txt and copy + pasted the DDS.txt log below:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7601.17514
Run by Trebledsoul at 5:13:24 on 2013-08-23
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\HP webOS\SDK\bin\novacomd\amd64\novacomd.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Users\TREBLE~1\AppData\Local\Temp\nstA759.tmp\PEV.DAT
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\TREBLE~1\AppData\Local\Temp\nsr516F.tmp\PEV.DAT
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Users\Trebledsoul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Trebledsoul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Trebledsoul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Trebledsoul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Users\Trebledsoul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Trebledsoul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx4800&r=273601101200p0337y1m5k48i15212
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx4800&r=273601101200p0337y1m5k48i15212
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx4800&r=273601101200p0337y1m5k48i15212
uURLSearchHooks: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - <orphaned>
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit2.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit2.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Trebledsoul\AppData\Local\DownloadTerms\temp.dat
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit2.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
TB: BitTorrentBar Toolbar: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit2.dll
TB: <No Name>:  - LocalServer32 - <no file>
TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - 
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit2.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [BitTorrent] "C:\Users\Trebledsoul\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
uRun: [AdobeBridge] <no file>
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Conime] C:\Windows\System32\conime.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{0385ECFB-6F66-4518-9D4C-AA45F4187A7F} : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{0385ECFB-6F66-4518-9D4C-AA45F4187A7F}\0525F4A454344505C4144594E455D4 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0385ECFB-6F66-4518-9D4C-AA45F4187A7F}\0527F6A656364705C6164796E657D6 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{0385ECFB-6F66-4518-9D4C-AA45F4187A7F}\2456C6B696E6F574F575962756C6563737F5243433631393 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0385ECFB-6F66-4518-9D4C-AA45F4187A7F}\2456C6B696E6F5E4B2F5233453838343 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{0385ECFB-6F66-4518-9D4C-AA45F4187A7F}\2456C6B696E6F5E4F575962756C6563737F5839333245373 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0385ECFB-6F66-4518-9D4C-AA45F4187A7F}\34F4D463F5E4564777F627B6 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{0385ECFB-6F66-4518-9D4C-AA45F4187A7F}\34F4D463F5E4564777F627B6F513 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{0385ECFB-6F66-4518-9D4C-AA45F4187A7F}\34F4D473F5E4564777F627B6 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{0385ECFB-6F66-4518-9D4C-AA45F4187A7F}\34F4D473F5E4564777F627B6F513 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{0385ECFB-6F66-4518-9D4C-AA45F4187A7F}\66163656C6563737E6164796F6E6E2F62776 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{9839D28E-AD73-414C-BA3E-7787F09E4C11} : DHCPNameServer = 10.100.200.2
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll c:\progra~3\wincert\win32c~1.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx4800&r=273601101200p0337y1m5k48i15212
x64-mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx4800&r=273601101200p0337y1m5k48i15212
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [pcreg] C:\Program Files\wrapper_inst\service.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Trebledsoul\AppData\Roaming\Mozilla\Firefox\Profiles\m39n19sh.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=EE280017C4B792B0&affID=123485&tsp=4970
FF - prefs.js: keyword.URL - 
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Trebledsoul\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\Trebledsoul\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Trebledsoul\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Trebledsoul\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - ExtSQL: 2013-08-09 22:16; {a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}; C:\Users\Trebledsoul\AppData\Roaming\Mozilla\Firefox\Profiles\m39n19sh.default\extensions\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}
FF - ExtSQL: 2013-08-23 15:42; avg@toolbar; C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.5.0.2
.
============= SERVICES / DRIVERS ===============
.
R? Andbus;LGE Android Platform Composite USB Device
R? AndDiag;LGE Android Platform USB Serial Port
R? AndGps;LGE Android Platform USB GPS NMEA Port
R? ANDModem;LGE Android Platform USB Modem
R? AndNetDiag;LGE AndroidNet USB Serial Port
R? AndNetDiag2;LGE AndroidNet For Diagnostics Port
R? ANDNetModem;LGE AndroidNet USB Modem
R? andnetndis;LGE AndroidNet NDIS Ethernet Adapter
R? BrowserDefendert;BrowserDefendert
R? btusbflt;Bluetooth USB Filter
R? btwl2cap;Bluetooth L2CAP Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? hasplms;HASP License Manager
R? SwitchBoard;Adobe SwitchBoard
R? TsUsbFlt;TsUsbFlt
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSHA;AVGIDSHA
S? Avgldx64;AVG AVI Loader Driver
S? Avgloga;AVG Logging Driver
S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx64;AVG Anti-Rootkit Driver
S? Avgtdia;AVG TDI Driver
S? avgtp;avgtp
S? avgwd;AVG WatchDog
S? Greg_Service;GRegService
S? ITECIRfilter;ITECIR Filter Driver
S? JMCR;JMCR
S? Lbd;Lbd
S? MAUSBMIDISPORT;Service for M-Audio MIDISPORT
S? MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor
S? mlkumidi;MusicLab Virtual Miniport MIDI Driver
S? netr28x;Ralink 802.11n Extensible Wireless Driver
S? NovacomD;Palm Novacom
S? NTI IScheduleSvc;NTI IScheduleSvc
S? otmfilter.sys;TACTION
S? Palm_TCP_Relay;Palm TCP Relay
S? PxHlpa64;PxHlpa64
S? RTL8167;Realtek 8167 NT Driver
S? Updater Service;Updater Service
S? USBMULCD;USB Multi-Channel Audio Device Interface
S? vToolbarUpdater15.5.0;vToolbarUpdater15.5.0
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-08-25 11:55:56 -------- d-----w- C:\Program Files\M-Audio
2013-08-25 11:54:55 -------- d-----w- C:\ProgramData\AVID
2013-08-23 19:43:14 -------- d-----w- C:\Users\Trebledsoul\AppData\Local\AVG SafeGuard toolbar
2013-08-23 19:42:47 -------- d-----w- C:\Users\Trebledsoul\AppData\Local\ShieldApps
2013-08-23 19:41:22 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-08-23 19:41:22 -------- d-----w- C:\Program Files (x86)\PC Registry Shield
2013-08-23 19:41:07 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar
2013-08-23 19:41:04 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2013-08-23 19:40:56 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar
2013-08-23 19:40:12 -------- d-----w- C:\Program Files\wrapper_inst
2013-08-23 19:39:25 -------- d-----w- C:\Program Files (x86)\wrapper_inst
2013-08-23 01:28:36 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-23 00:48:31 -------- d-----w- C:\Users\Trebledsoul\AppData\Roaming\Malwarebytes
2013-08-23 00:47:52 -------- d-----w- C:\ProgramData\Malwarebytes
2013-08-23 00:47:50 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-08-23 00:47:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-22 23:17:11 -------- d-----w- C:\Program Files (x86)\M-Audio
2013-08-19 01:22:37 -------- d-----w- C:\Program Files (x86)\Virtual Families 2
2013-08-10 02:16:58 -------- d-----w- C:\Users\Trebledsoul\AppData\Roaming\Open Download Manager
2013-08-10 02:16:29 -------- d-----w- C:\Program Files (x86)\GorillaPrice
2013-08-10 02:15:32 -------- d-----w- C:\ProgramData\BrowserDefender
2013-08-10 02:14:48 -------- d-----w- C:\ProgramData\Babylon
2013-08-10 02:14:45 -------- d-----w- C:\Program Files (x86)\OpenDownloaderManager
2013-08-10 02:06:49 -------- d-----w- C:\ProgramData\AVS4YOU
2013-08-10 02:06:31 -------- d-----w- C:\Users\Trebledsoul\AppData\Roaming\AVS4YOU
2013-08-10 02:02:51 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia
2013-08-10 02:02:50 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2013-08-10 02:02:50 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2013-08-10 02:02:50 -------- d-----w- C:\Program Files (x86)\AVS4YOU
2013-08-09 22:59:53 -------- d-----w- C:\Users\Trebledsoul\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-08-09 22:00:52 -------- d-----w- C:\Users\Trebledsoul\AppData\Local\{7F79E42F-BA3F-4D75-9E15-BA9DFF3C4CBE}
2013-08-04 08:46:47 -------- d-----w- C:\Users\Trebledsoul\AppData\Local\{4F031D8E-B48B-426D-A995-D8C125CBB096}
2013-08-03 20:46:21 -------- d-----w- C:\Users\Trebledsoul\AppData\Local\{8EB5D0C9-36D0-42AB-840B-C539D07BD37E}
2013-08-03 18:44:16 -------- d-----w- C:\Users\Trebledsoul\AppData\Local\{6A744578-AC99-4601-986D-D09399D7BBA4}
2013-08-03 08:46:04 -------- d-----w- C:\Users\Trebledsoul\AppData\Local\{21610914-0820-4723-98A1-DA8070EFAE1D}
2013-08-03 06:44:04 -------- d-----w- C:\Users\Trebledsoul\AppData\Local\{8900C88B-635B-4A3C-8A85-72E629B64B6D}
2013-08-02 20:45:31 -------- d-----w- C:\Users\Trebledsoul\AppData\Local\{12C885B3-F7EC-47DD-A75A-A3857B479BEF}
2013-08-02 18:43:53 -------- d-----w- C:\Users\Trebledsoul\AppData\Local\{1610186E-E637-4302-84AB-772DAA78EC0A}
2013-08-02 08:45:01 -------- d-----w- C:\Users\Trebledsoul\AppData\Local\{F50B4428-BCC4-48BB-AED4-6A6AEB35E1C5}
2013-08-02 06:43:41 -------- d-----w- C:\Users\Trebledsoul\AppData\Local\{F5CD4704-DCF7-419B-B858-F493EC69FCA2}
2013-08-01 20:44:42 -------- d-----w- C:\Users\Trebledsoul\AppData\Local\{ABF4DF61-19D9-4254-9523-012C8F45E77B}
2013-08-01 11:20:11 -------- d-----w- C:\ProgramData\ALM
2013-08-01 11:16:16 -------- d-----w- C:\adobeTemp
2013-08-01 08:44:22 -------- d-----w- C:\Users\Trebledsoul\AppData\Local\{BB12FB65-634C-442B-89C1-68EAABF9A573}
2013-07-31 20:44:10 -------- d-----w- C:\Users\Trebledsoul\AppData\Local\{BF82DEB1-DB34-43EB-AD86-37C22DA97F47}
2013-07-31 08:43:59 -------- d-----w- C:\Users\Trebledsoul\AppData\Local\{514661B9-F132-4393-B97C-53D1C21791FC}
2013-07-30 20:43:47 -------- d-----w- C:\Users\Trebledsoul\AppData\Local\{9ACD9EE7-24FE-420C-9379-D52934778318}
2013-07-30 08:43:36 -------- d-----w- C:\Users\Trebledsoul\AppData\Local\{7A8E9D43-153F-434B-A50F-E3D2AFC4927D}
2013-07-27 20:43:58 -------- d-----w- C:\Users\Trebledsoul\AppData\Local\{E39FD170-61B8-4715-AC9F-C9E59D03ED7F}
2013-07-27 09:20:07 -------- d-----w- C:\Users\Trebledsoul\AppData\Local\Macromedia
2013-07-27 09:01:16 -------- d-----w- C:\Users\Trebledsoul\AppData\Local\Mozilla
2013-07-26 01:16:04 -------- d-----w- C:\Users\Trebledsoul\AppData\Local\{2EFEAE47-826A-4B66-8118-7AD65C143C12}
2013-07-24 20:16:26 -------- d-----w- C:\Users\Trebledsoul\AppData\Local\{5EB88721-DDE7-477C-B2F1-88E35AF3E3FC}
.
==================== Find3M  ====================
.
2013-07-27 09:19:25 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-27 09:19:25 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-15 10:59:19 262144 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2013-06-15 10:59:18 86016 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
.
============= FINISH:  9:04:11.46 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:49 PM

Posted 27 August 2013 - 03:26 PM

Hi and Welcome!!
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to this topic so that you can see when there are new responses.
  • IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.
 
Having said that.... YBCQLm4.gif

1QYkxTZ.jpg Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
  • ----------

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 27 August 2013 - 09:22 PM

Here we go:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-27 21:18:39
-----------------------------
21:18:39.825    OS Version: Windows x64 6.1.7601 Service Pack 1
21:18:39.825    Number of processors: 2 586 0x170A
21:18:39.826    ComputerName: COM6  UserName: 
21:18:46.909    Initialize success
21:19:53.717    AVAST engine defs: 13082701
21:47:17.474    The log file has been saved successfully to "C:\Users\Trebledsoul\Desktop\aswMBR.txt"
 
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-27 21:18:39
-----------------------------
21:18:39.825    OS Version: Windows x64 6.1.7601 Service Pack 1
21:18:39.825    Number of processors: 2 586 0x170A
21:18:39.826    ComputerName: COM6  UserName: 
21:18:46.909    Initialize success
21:19:53.717    AVAST engine defs: 13082701
21:47:17.474    The log file has been saved successfully to "C:\Users\Trebledsoul\Desktop\aswMBR.txt"
21:48:23.383    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:48:23.387    Disk 0 Vendor: ST3750528AS CC44 Size: 715404MB BusType: 11
21:48:23.637    Disk 0 MBR read successfully
21:48:23.642    Disk 0 MBR scan
21:48:23.693    Disk 0 Windows 7 default MBR code
21:48:23.718    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        15360 MB offset 2048
21:48:23.740    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 31459328
21:48:23.751    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       699942 MB offset 31664128
21:48:23.804    Disk 0 scanning C:\Windows\system32\drivers
21:48:44.650    Service scanning
21:49:11.096    Modules scanning
21:49:11.109    Disk 0 trace - called modules:
21:49:11.464    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
21:49:11.472    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005835060]
21:49:11.481    3 CLASSPNP.SYS[fffff880019af43f] -> nt!IofCallDriver -> [0xfffffa80052cd1e0]
21:49:11.489    5 ACPI.sys[fffff88000f2b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80052e1060]
21:49:15.020    AVAST engine scan C:\Windows
21:49:23.679    AVAST engine scan C:\Windows\system32
21:54:30.084    AVAST engine scan C:\Windows\system32\drivers
21:54:47.458    AVAST engine scan C:\Users\Trebledsoul
22:08:05.864    AVAST engine scan C:\ProgramData
22:11:43.231    Scan finished successfully
22:19:29.390    Disk 0 MBR has been saved successfully to "C:\Users\Trebledsoul\Desktop\MBR.dat"
22:19:29.401    The log file has been saved successfully to "C:\Users\Trebledsoul\Desktop\aswMBR.txt"


#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:49 PM

Posted 27 August 2013 - 09:50 PM

Good...
 
ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 27 August 2013 - 10:15 PM

I ran into this error, each time I tried to run ComboFix. 

 

 

"Error opening file for writing:

 

C:\32788R22FWJFW\pev.3XE

 

Click Abort to stop the installation,

Retry to try again, or

Ignore to skip this file."



#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:49 PM

Posted 28 August 2013 - 06:44 AM

Boot to Safe Mode and then run ComboFix from there.  If a log is produced please post it.....if not, let me know what happens.


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 29 August 2013 - 02:38 AM

I can't even get into Safe Mode. When it starts to do the "Loading Windows Files" process, it always gets stuck at "avgishda.sys". I wasn't sure if something I had plugged into the USB ports was stopping it, so short of the wireless keyboard adaptor, I unplugged everything. Still no luck. No idea what to do. I do know that this computer is driving me nuts! -___-


Edited by TheRealJustan, 29 August 2013 - 02:48 AM.


#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:49 PM

Posted 29 August 2013 - 06:35 AM

Looks as if AVG is interfering with the running of ComboFix.  For the time being, I want you to uninstall AVG completely and then try to run ComboFix.  If a log is produced please post that.
 
Just as a warning.....until we get another antivirus program on your system only visit here and download from the links that I provide you.   :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#9 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 29 August 2013 - 04:15 PM

Ok, I uninstalled that. Still can't boot in Safe Mode, because now it gets stuck at ClassPNP.sys. So I booted it regularly and ran the program. It went all the way through this time, but no log file was created. I searched for ComboFix.txt, but no such file was found.  

 

EDIT: I'm guessing it went all the way through. I'm not sure how this program is supposed to work. You mentioned following all the prompts, but the only thing that was brought up, was a request to update the program, and to agree to the terms. All of which, I did.


Edited by TheRealJustan, 29 August 2013 - 04:18 PM.


#10 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:49 PM

Posted 29 August 2013 - 08:39 PM

Did you see the screen turn blue and then it run through several numbered stages??   

 

Check in C:\ComboFix.txt  If that is there post it here.  


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#11 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 29 August 2013 - 08:46 PM

No, nothing like that ever happened. And I have yet to locate such a log. 

 

EDIT: I followed each step too. I saved it to my desktop, then right-clicked and did "Run As Administrator". It brought up black box, with green text, and it listed off a bunch of files it was scanning or extracting or something. It did a back-up, and then it closed. Nothing else happened.


Edited by TheRealJustan, 30 August 2013 - 03:33 AM.


#12 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:49 PM

Posted 30 August 2013 - 06:49 AM

N4qAiMQ.jpgFRST
 
Download the 64 bit version for your system of FRST and save it to a flash drive. 
 
Plug the flashdrive into the infected PC.
 
Enter System Recovery Options
 
To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter 
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#13 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 30 August 2013 - 10:35 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by SYSTEM on 30-08-2013 23:24:29
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981600 2009-07-23] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [pcreg] - C:\Program Files\wrapper_inst\service.exe [346720 2013-08-23] ()
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$b6506d807f150f785e524122ead9bdf7\n. ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Conime] - %windir%\system32\conime.exe [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-07-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2314416 2013-08-24] ()
HKU\Babygirl\...\Run: [PhotoGadgetFirstRun_Portal] - 0 [x]
HKU\Babygirl\...\Run: [PhotoGadgetFirstRun] - 0 [x]
HKU\Babygirl\...\Run: [PhotoGadget] - 0 [x]
HKU\Babygirl\...\Run: [MusicGadget] - 0 [x]
HKU\Babygirl\...\Run: [TouchMemo] - 0 [x]
HKU\Babygirl\...\Run: [cdloader] - C:\Users\Babygirl\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\Babygirl\...\Run: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
HKU\Babygirl\...\Run: [Google Update] - C:\Users\Babygirl\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-10-13] (Google Inc.)
HKU\Babygirl\...\Run: [SearchProtect] - C:\Users\Babygirl\AppData\Roaming\SearchProtect\bin\cltmng.exe [x]
HKU\Babygirl\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\system32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Bianca\...\Run: [PhotoGadgetFirstRun_Portal] - 0 [x]
HKU\Bianca\...\Run: [PhotoGadgetFirstRun] - 0 [x]
HKU\Bianca\...\Run: [PhotoGadget] - C:\Program Files (x86)\Gateway\Gateway Touch Suite\TouchPhotoShow.exe [382976 2009-08-24] (acer)
HKU\Bianca\...\Run: [MusicGadget] - C:\Program Files (x86)\Gateway\Gateway Touch Suite\TouchMusic.exe [416256 2009-08-24] ()
HKU\Bianca\...\Run: [TouchMemo] - 0 [x]
HKU\Bianca\...\Run: [cdloader] - C:\Users\Bianca\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\D-Bass6.COM6\...\Run: [PhotoGadgetFirstRun_Portal] - 0 [x]
HKU\D-Bass6.COM6\...\Run: [PhotoGadgetFirstRun] - 0 [x]
HKU\D-Bass6.COM6\...\Run: [MusicGadget] - 0 [x]
HKU\D-Bass6.COM6\...\Run: [PhotoGadget] - 0 [x]
HKU\D-Bass6.COM6\...\Run: [TouchMemo] - 0 [x]
HKU\D-Bass6.COM6\...\Run: [cdloader] - C:\Users\D-Bass6.COM6\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2011-08-23] (magicJack L.P.)
HKU\D-Bass6.COM6\...\Run: [Google Update] - C:\Users\D-Bass6.COM6\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-06-03] (Google Inc.)
HKU\D-Bass6.COM6\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex [x]
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [162336 2009-07-21] ()
HKU\Trebledsoul\...\Run: [BitTorrent] - C:\Users\Trebledsoul\AppData\Roaming\BitTorrent\BitTorrent.exe [1122384 2013-06-15] (BitTorrent Inc.)
HKU\Trebledsoul\...\Run: [AdobeBridge] -  [x]
HKU\Trebledsoul\...\Run: [Google Update] - C:\Users\Trebledsoul\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-30] (Google Inc.)
HKU\Trebledsoul\...\Run: [cdloader] - C:\Users\Trebledsoul\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\Trebledsoul\...\Run: [Spybot-S&D Cleaning] - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [x]
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL C:\PROGRA~2\SEARCH~1\Datamngr\x64\mgrldr.dll  [50592 2012-02-01] ()
AppInit_DLLs-x32: c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll c:\progra~3\wincert\win32c~1.dll [50592 2012-02-01] ()
Startup: C:\Users\Babygirl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\Babygirl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magicJack.lnk
ShortcutTarget: magicJack.lnk ->  (No File)
Startup: C:\Users\D-Bass6.COM6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc - Shortcut.lnk
ShortcutTarget: MagicDisc - Shortcut.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Services (Whitelisted) =================
 
S2 MIDISPORTAudioDevMon; C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [1638704 2012-02-24] (M-Audio)
S2 NovacomD; C:\Program Files (x86)\HP webOS\SDK\bin\novacomd\amd64\novacomd.exe [72192 2011-06-24] (Palm)
S2 Palm_TCP_Relay; C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe [11776 2011-07-19] ()
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-06-29] ()
S2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [1643184 2013-08-24] (AVG Secure Search)
S2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2012-03-02] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.)
S3 AndNetDiag2; C:\Windows\System32\DRIVERS\lgandnetdiag264.sys [29184 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93184 2012-07-04] (LG Electronics Inc.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-24] (AVG Technologies)
S3 int15.sys; C:\Windows\System32\OEM\Factory\int15.sys [17952 2008-03-28] (Acer, Inc.)
S3 int15.sys; C:\Windows\System32\OEM\Factory\int15.sys [17952 2008-03-28] (Acer, Inc.)
S3 ITECIRfilter; C:\Windows\System32\DRIVERS\ITECIRfilter.sys [28264 2011-03-22] (ITE Tech. Inc. )
S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-06-24] (Lavasoft AB)
S3 MAUSBMIDISPORT; C:\Windows\System32\DRIVERS\MAudioMIDISPORT.sys [201008 2012-02-24] (M-Audio)
S3 mlkumidi; C:\Windows\System32\drivers\mlkumidi.sys [57408 2012-08-29] (MusicLab, Inc.)
S3 otmfilter.sys; C:\Windows\System32\DRIVERS\otmfilter.sys [14336 2009-07-06] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12570752 2007-06-18] ()
S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2009-09-29] (C-Media Electronics Inc)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-08-30 19:16 - 2013-08-30 19:16 - 00003542 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0 Fallback-COM6-Trebledsoul
2013-08-29 12:51 - 2013-08-29 12:51 - 00000000 ____D C:\Users\Trebledsoul\AppData\Roaming\TuneUp Software
2013-08-29 12:49 - 2013-08-29 12:49 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\MFAData
2013-08-29 01:09 - 2013-08-29 01:09 - 00017184 _____ C:\Users\Trebledsoul\Documents\teasing with her toes II youtube.wlmp
2013-08-29 00:38 - 2013-08-29 00:39 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{AD610934-CE1B-4B7E-9D1B-162BAAB990EF}
2013-08-27 21:16 - 2013-08-29 13:07 - 05114906 ____R (Swearware) C:\Users\Trebledsoul\Desktop\ComboFix.exe
2013-08-27 19:05 - 2013-08-27 19:05 - 00007950 _____ C:\Users\Trebledsoul\Documents\soaking youtube.wlmp
2013-08-27 19:03 - 2013-08-29 17:03 - 00000000 ___SD C:\32788R22FWJFW
2013-08-27 19:03 - 2013-08-27 19:03 - 00000000 ____D C:\Windows\erdnt
2013-08-27 18:19 - 2013-08-27 18:19 - 00000512 _____ C:\Users\Trebledsoul\Desktop\MBR.dat
2013-08-27 17:47 - 2013-08-27 18:19 - 00002620 _____ C:\Users\Trebledsoul\Desktop\aswMBR.txt
2013-08-27 15:03 - 2013-08-27 15:03 - 00005902 _____ C:\Users\Trebledsoul\Documents\shoeplay silver flats 2  youtube.wlmp
2013-08-27 14:05 - 2013-08-27 15:18 - 04745728 _____ (AVAST Software) C:\Users\Trebledsoul\Downloads\aswMBR.exe
2013-08-27 11:55 - 2013-08-27 11:55 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{D02EBF98-4B45-47AE-8A84-0F94C4B3E1DC}
2013-08-27 04:17 - 2013-08-27 04:17 - 00002323 _____ C:\Users\Trebledsoul\Documents\shoeplay silver flats 2 short.wlmp
2013-08-27 03:49 - 2013-08-27 03:49 - 00002292 _____ C:\Users\Trebledsoul\Documents\park shoeplay 2 short.wlmp
2013-08-27 03:45 - 2013-08-27 03:45 - 00002292 _____ C:\Users\Trebledsoul\Documents\park shoeplay 1 short.wlmp
2013-08-27 03:14 - 2013-08-27 03:14 - 00002276 _____ C:\Users\Trebledsoul\Documents\teasing with her toes short.wlmp
2013-08-26 23:55 - 2013-08-26 23:55 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{0BDC58AC-372A-4DC8-A5E8-CC465E3B8888}
2013-08-26 11:54 - 2013-08-26 11:55 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{BED45EF3-3CA8-4B29-B58D-E37F48084CE3}
2013-08-25 23:54 - 2013-08-25 23:54 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{5CA55989-FD81-4541-B301-94002B313857}
2013-08-25 21:03 - 2013-08-25 21:03 - 34227672 _____ C:\Users\Trebledsoul\Downloads\NSYNC Reunion Justin Timberlake MTV VMAs 2013.mp4
2013-08-25 15:28 - 2013-08-25 15:28 - 00002306 _____ C:\Users\Trebledsoul\Documents\up close and personal preview.wlmp
2013-08-25 13:57 - 2013-08-25 13:57 - 00005162 _____ C:\Users\Trebledsoul\Documents\out to lunch 3 preview.wlmp
2013-08-25 13:36 - 2013-08-25 13:36 - 00005154 _____ C:\Users\Trebledsoul\Documents\out to lunch 2 preview.wlmp
2013-08-25 11:54 - 2013-08-25 11:54 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{7BF78889-A511-4AE9-833B-509CF78E5BFC}
2013-08-25 03:55 - 2013-08-25 03:55 - 00000000 ____D C:\Program Files\M-Audio
2013-08-25 03:54 - 2013-08-25 03:54 - 14586160 _____ (M-Audio) C:\Users\Trebledsoul\Downloads\MIDISport Installer 6_1_3_Driver 5_10_0_5141.exe
2013-08-25 03:54 - 2013-08-25 03:54 - 00000000 ____D C:\ProgramData\AVID
2013-08-25 01:14 - 2013-08-25 01:14 - 00005187 _____ C:\Users\Trebledsoul\Documents\black pantyhose dangling.wlmp
2013-08-25 00:44 - 2013-08-25 00:44 - 00005133 _____ C:\Users\Trebledsoul\Documents\black pantyhose shoeplay.wlmp
2013-08-25 00:22 - 2013-08-25 00:22 - 00005130 _____ C:\Users\Trebledsoul\Documents\teasing with her toes.wlmp
2013-08-24 23:54 - 2013-08-24 23:54 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{E83CF536-F7EE-4B66-B5BE-DFCB82BF3D0E}
2013-08-24 20:17 - 2013-08-24 20:42 - 00000000 ____D C:\Users\Trebledsoul\Downloads\Natalie's 8GB
2013-08-23 11:43 - 2013-08-29 13:06 - 00003216 _____ C:\Windows\System32\Tasks\PcRegistryShield_Start
2013-08-23 11:43 - 2013-08-21 11:18 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\AVG SafeGuard toolbar
2013-08-23 11:42 - 2013-08-29 13:06 - 00000000 ____D C:\Users\Trebledsoul\Documents\PCRegistyShield
2013-08-23 11:41 - 2013-08-29 13:07 - 00000000 ____D C:\Program Files (x86)\PC Registry Shield
2013-08-23 11:41 - 2013-08-27 03:35 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-08-23 11:41 - 2013-08-24 12:41 - 00045856 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-08-23 11:40 - 2013-08-24 12:42 - 00003725 _____ C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-08-23 11:40 - 2013-08-24 12:41 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-08-23 11:40 - 2013-08-23 11:40 - 00003708 _____ C:\Windows\System32\Tasks\pcreg
2013-08-23 11:40 - 2013-08-23 11:40 - 00000000 ____D C:\Program Files\wrapper_inst
2013-08-23 11:39 - 2013-08-23 11:40 - 00000000 ____D C:\Program Files (x86)\wrapper_inst
2013-08-23 11:38 - 2013-08-23 11:39 - 24415218 _____ C:\Users\Trebledsoul\Desktop\surgeonsimulator2013_win.zip
2013-08-23 05:04 - 2013-08-23 11:31 - 00024803 _____ C:\Users\Trebledsoul\Desktop\dds.txt
2013-08-23 05:04 - 2013-08-23 11:31 - 00011705 _____ C:\Users\Trebledsoul\Desktop\attach.txt
2013-08-22 21:09 - 2013-08-23 12:41 - 00000000 ____D C:\Program Files\Recuva
2013-08-22 21:09 - 2013-08-22 21:09 - 00001665 _____ C:\Users\Public\Desktop\Recuva.lnk
2013-08-22 21:06 - 2013-08-22 21:06 - 03843072 _____ (Piriform Ltd) C:\Users\Trebledsoul\Desktop\rcsetup148.exe
2013-08-22 18:56 - 2013-08-22 18:56 - 00688992 _____ (Swearware) C:\Users\Trebledsoul\Desktop\dds (1).com
2013-08-22 18:55 - 2013-08-22 18:55 - 00688992 ____R (Swearware) C:\Users\Trebledsoul\Desktop\dds.com
2013-08-22 18:25 - 2013-08-22 18:53 - 00003678 _____ C:\Users\Trebledsoul\Desktop\Rkill.txt
2013-08-22 18:25 - 2013-08-22 18:25 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Trebledsoul\Desktop\iExplore.exe
2013-08-22 18:25 - 2013-08-22 18:25 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\Trebledsoul\Desktop\iExplore64.exe
2013-08-22 18:19 - 2013-08-22 18:19 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Trebledsoul\Downloads\rkill.exe
2013-08-22 18:19 - 2013-08-22 18:19 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\Trebledsoul\Downloads\rkill64.exe
2013-08-22 17:28 - 2013-08-22 18:17 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-22 17:27 - 2013-08-22 18:17 - 00000000 ____D C:\Users\Trebledsoul\Desktop\mbar
2013-08-22 17:27 - 2013-08-22 17:27 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Trebledsoul\Downloads\mbar-1.06.1.1005.exe
2013-08-22 17:10 - 2013-08-22 17:10 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-08-22 16:48 - 2013-08-22 16:48 - 00000000 ____D C:\Users\Trebledsoul\AppData\Roaming\Malwarebytes
2013-08-22 16:47 - 2013-08-22 16:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-22 16:47 - 2013-08-22 16:47 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Trebledsoul\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-22 16:47 - 2013-08-22 16:47 - 00001076 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-22 16:47 - 2013-08-22 16:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-22 16:47 - 2013-04-04 10:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-08-22 16:44 - 2013-08-22 16:45 - 00029684 _____ C:\Users\Trebledsoul\Downloads\Result.txt
2013-08-22 16:43 - 2013-08-22 16:43 - 00760937 _____ (Farbar) C:\Users\Trebledsoul\Downloads\MiniToolBox.exe
2013-08-22 16:43 - 2013-08-22 16:43 - 00005921 _____ C:\Users\Trebledsoul\Downloads\FSS.txt
2013-08-22 16:41 - 2013-08-22 16:41 - 00358507 _____ (Farbar) C:\Users\Trebledsoul\Downloads\FSS.exe
2013-08-22 16:37 - 2013-08-22 16:37 - 00891115 _____ C:\Users\Trebledsoul\Downloads\SecurityCheck.exe
2013-08-22 15:17 - 2013-08-22 15:17 - 00000000 ____D C:\Program Files (x86)\M-Audio
2013-08-18 17:23 - 2013-08-18 17:50 - 00001094 _____ C:\Users\Trebledsoul\Desktop\Virtual Families 2.lnk
2013-08-18 17:23 - 2013-08-18 17:50 - 00001094 _____ C:\Users\D-Bass6.COM6\Desktop\Virtual Families 2.lnk
2013-08-18 17:23 - 2013-08-18 17:50 - 00001094 _____ C:\Users\Bianca\Desktop\Virtual Families 2.lnk
2013-08-18 17:23 - 2013-08-18 17:50 - 00001094 _____ C:\Users\Babygirl\Desktop\Virtual Families 2.lnk
2013-08-18 17:22 - 2013-08-18 17:23 - 00000000 ____D C:\Program Files (x86)\Virtual Families 2
2013-08-18 17:21 - 2013-08-18 17:21 - 84811352 _____ C:\Users\Trebledsoul\Downloads\VirtualFamilies2Setup_DEMO.exe
2013-08-18 17:20 - 2013-08-18 17:20 - 59776149 _____ C:\Users\Trebledsoul\Downloads\VFSetup_v1_00.exe
2013-08-18 17:15 - 2013-08-18 17:20 - 00001070 _____ C:\Users\Trebledsoul\Desktop\Virtual Families.lnk
2013-08-18 17:15 - 2013-08-18 17:20 - 00001070 _____ C:\Users\D-Bass6.COM6\Desktop\Virtual Families.lnk
2013-08-18 17:15 - 2013-08-18 17:20 - 00001070 _____ C:\Users\Bianca\Desktop\Virtual Families.lnk
2013-08-18 17:15 - 2013-08-18 17:20 - 00001070 _____ C:\Users\Babygirl\Desktop\Virtual Families.lnk
2013-08-14 12:58 - 2013-08-14 12:58 - 00003500 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-COM6-Babygirl
2013-08-10 00:35 - 2013-08-10 00:47 - 00016893 _____ C:\Users\Trebledsoul\Documents\nylon tease.wlmp
2013-08-09 23:49 - 2013-08-09 23:49 - 00005243 _____ C:\Users\Trebledsoul\Documents\fun with nylons 1 preview.wlmp
2013-08-09 23:39 - 2013-08-09 23:39 - 00005021 _____ C:\Users\Trebledsoul\Documents\fun with nylons 2 preview.wlmp
2013-08-09 22:51 - 2013-08-09 22:51 - 00005467 _____ C:\Users\Trebledsoul\Documents\funwithnylonspreview.wlmp
2013-08-09 22:38 - 2013-08-09 22:38 - 00005061 _____ C:\Users\Trebledsoul\Documents\shoeplaypark2preview.wlmp
2013-08-09 22:20 - 2013-08-09 22:20 - 00005008 _____ C:\Users\Trebledsoul\Documents\shoeplaypark1preview.wlmp
2013-08-09 18:37 - 2013-08-09 18:37 - 00000000 ____D C:\Users\Trebledsoul\Downloads\AVS Video Editor 6.4.1.240 Incl Patch (MPT) - KurdTM
2013-08-09 18:16 - 2013-08-09 18:25 - 00000000 ____D C:\Program Files (x86)\GorillaPrice
2013-08-09 18:16 - 2013-08-09 18:19 - 00000000 ____D C:\Users\Trebledsoul\AppData\Roaming\Open Download Manager
2013-08-09 18:15 - 2013-08-09 18:15 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-08-09 18:14 - 2013-08-18 14:15 - 00000000 ____D C:\Program Files (x86)\OpenDownloaderManager
2013-08-09 18:14 - 2013-08-09 18:14 - 00482680 _____ (My Company) C:\Users\Trebledsoul\Downloads\Setup (1).exe
2013-08-09 18:14 - 2013-08-09 18:14 - 00000000 ____D C:\ProgramData\Babylon
2013-08-09 18:06 - 2013-08-09 18:06 - 00000000 ____D C:\Users\Trebledsoul\AppData\Roaming\AVS4YOU
2013-08-09 18:06 - 2013-08-09 18:06 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-08-09 18:03 - 2013-08-09 18:03 - 00001168 _____ C:\Users\Trebledsoul\Desktop\AVS Video Editor.lnk
2013-08-09 18:02 - 2013-08-09 18:05 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-08-09 18:02 - 2011-06-23 09:26 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2013-08-09 18:02 - 2011-06-23 09:25 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2013-08-09 17:53 - 2013-08-09 17:58 - 154348096 _____ (Online Media Technologies Ltd.                              ) C:\Users\Trebledsoul\Downloads\AVSVideoEditor.exe
2013-08-09 17:31 - 2013-08-09 17:34 - 00000000 ____D C:\Users\Trebledsoul\Downloads\VirtualDub-1.9.11
2013-08-09 17:31 - 2013-08-09 17:31 - 01035060 _____ C:\Users\Trebledsoul\Downloads\Deshaker30_64.zip
2013-08-09 17:29 - 2013-08-09 17:29 - 01707366 _____ C:\Users\Trebledsoul\Downloads\VirtualDub-1.9.11.zip
2013-08-09 14:59 - 2013-08-09 14:59 - 00000000 ____D C:\Users\Trebledsoul\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-08-09 14:59 - 2013-08-09 14:59 - 00000000 ____D C:\Users\Public\Documents\Adobe
2013-08-09 14:00 - 2013-08-09 14:01 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{7F79E42F-BA3F-4D75-9E15-BA9DFF3C4CBE}
2013-08-05 11:55 - 2013-08-05 11:55 - 00029700 _____ C:\Users\Trebledsoul\Downloads\msg0001 (2).WAV
2013-08-04 01:07 - 2013-08-04 01:07 - 00002273 _____ C:\Users\Trebledsoul\Documents\fun with nylons 3.wlmp
2013-08-04 00:46 - 2013-08-04 00:46 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{4F031D8E-B48B-426D-A995-D8C125CBB096}
2013-08-03 23:52 - 2013-08-03 23:52 - 00004956 _____ C:\Users\Trebledsoul\Documents\fun with nylons 2.wlmp
2013-08-03 17:06 - 2013-08-03 17:06 - 00118065 _____ C:\Users\Trebledsoul\Documents\Dogasu's Backpack (07-24-2013) - Box Office - Week Two.htm
2013-08-03 17:06 - 2013-08-03 17:06 - 00000000 ____D C:\Users\Trebledsoul\Documents\Dogasu's Backpack (07-24-2013) - Box Office - Week Two_files
2013-08-03 14:47 - 2013-08-03 14:47 - 00000874 _____ C:\Users\Trebledsoul\AppData\Local\recently-used.xbel
2013-08-03 13:20 - 2013-08-30 00:23 - 00000132 _____ C:\Users\Trebledsoul\AppData\Roaming\Adobe PNG Format CC Prefs
2013-08-03 12:46 - 2013-08-03 12:46 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{8EB5D0C9-36D0-42AB-840B-C539D07BD37E}
2013-08-03 10:44 - 2013-08-03 10:44 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{6A744578-AC99-4601-986D-D09399D7BBA4}
2013-08-03 00:46 - 2013-08-03 00:46 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{21610914-0820-4723-98A1-DA8070EFAE1D}
2013-08-02 22:44 - 2013-08-02 22:44 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{8900C88B-635B-4A3C-8A85-72E629B64B6D}
2013-08-02 21:39 - 2013-08-04 10:47 - 00000000 ____D C:\Users\Trebledsoul\Documents\Unnamed Site 2
2013-08-02 12:45 - 2013-08-02 12:46 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{12C885B3-F7EC-47DD-A75A-A3857B479BEF}
2013-08-02 10:43 - 2013-08-02 10:44 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{1610186E-E637-4302-84AB-772DAA78EC0A}
2013-08-02 00:45 - 2013-08-02 00:45 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{F50B4428-BCC4-48BB-AED4-6A6AEB35E1C5}
2013-08-01 22:43 - 2013-08-01 22:43 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{F5CD4704-DCF7-419B-B858-F493EC69FCA2}
2013-08-01 12:44 - 2013-08-01 12:45 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{ABF4DF61-19D9-4254-9523-012C8F45E77B}
2013-08-01 10:52 - 2013-08-01 10:52 - 00045235 _____ C:\Users\Trebledsoul\Downloads\msg0012.WAV
2013-08-01 09:49 - 2013-08-01 09:49 - 00024890 _____ C:\Users\Trebledsoul\Downloads\msg0001 (1).WAV
2013-08-01 07:21 - 2013-08-01 07:21 - 00027165 _____ C:\Users\Trebledsoul\Downloads\msg0011.WAV
2013-08-01 07:20 - 2013-08-01 07:20 - 00016765 _____ C:\Users\Trebledsoul\Downloads\msg0010.WAV
2013-08-01 07:20 - 2013-08-01 07:20 - 00016765 _____ C:\Users\Trebledsoul\Downloads\msg0010 (1).WAV
2013-08-01 03:20 - 2013-08-01 03:20 - 00000000 ____D C:\ProgramData\ALM
2013-08-01 02:34 - 2013-08-01 02:34 - 00001070 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-08-01 00:44 - 2013-08-01 00:44 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{BB12FB65-634C-442B-89C1-68EAABF9A573}
2013-07-31 12:44 - 2013-07-31 12:44 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{BF82DEB1-DB34-43EB-AD86-37C22DA97F47}
2013-07-31 09:35 - 2013-07-31 09:35 - 00050045 _____ C:\Users\Trebledsoul\Downloads\msg0009.WAV
2013-07-31 09:34 - 2013-07-31 09:34 - 00120310 _____ C:\Users\Trebledsoul\Downloads\msg0008.WAV
2013-07-31 02:32 - 2013-07-31 02:32 - 00000031 _____ C:\Users\Trebledsoul\Documents\HostGatorSupportTicket7.31.2013.txt
2013-07-31 00:43 - 2013-07-31 00:44 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{514661B9-F132-4393-B97C-53D1C21791FC}
 
==================== One Month Modified Files and Folders =======
 
2013-08-30 23:22 - 2013-08-30 23:22 - 00000000 ____D C:\FRST
2013-08-30 19:20 - 2012-06-30 20:18 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4167322582-210579182-1958676144-1012UA.job
2013-08-30 19:20 - 2012-05-29 22:25 - 00000000 ____D C:\Users\Trebledsoul\AppData\Roaming\BitTorrent
2013-08-30 19:20 - 2010-11-30 21:44 - 00196608 _____ C:\Windows\System32\Ikeext.etl
2013-08-30 19:20 - 2009-12-03 16:54 - 01758353 _____ C:\Windows\WindowsUpdate.log
2013-08-30 19:20 - 2009-07-13 20:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-30 19:20 - 2009-07-13 20:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-30 19:19 - 2009-07-13 21:13 - 00726270 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-30 19:17 - 2013-06-09 20:24 - 00014839 _____ C:\Windows\setupact.log
2013-08-30 19:17 - 2012-05-31 00:52 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\Adobe
2013-08-30 19:16 - 2013-08-30 19:16 - 00003542 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0 Fallback-COM6-Trebledsoul
2013-08-30 19:16 - 2010-05-01 16:00 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-30 19:16 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-30 19:15 - 2013-01-20 15:03 - 00004894 _____ C:\Windows\mlkumidi.log
2013-08-30 19:06 - 2011-03-22 03:39 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4167322582-210579182-1958676144-1000UA.job
2013-08-30 19:01 - 2012-06-02 12:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-30 19:01 - 2011-07-18 11:18 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4167322582-210579182-1958676144-1011UA.job
2013-08-30 18:51 - 2010-05-01 16:00 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-30 14:20 - 2012-06-30 20:18 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4167322582-210579182-1958676144-1012Core.job
2013-08-30 14:00 - 2013-05-20 20:07 - 00000472 _____ C:\Windows\Tasks\ParetoLogic Registration.job
2013-08-30 11:05 - 2011-03-22 03:39 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4167322582-210579182-1958676144-1000Core.job
2013-08-30 00:23 - 2013-08-03 13:20 - 00000132 _____ C:\Users\Trebledsoul\AppData\Roaming\Adobe PNG Format CC Prefs
2013-08-29 22:01 - 2011-07-18 11:17 - 00000874 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4167322582-210579182-1958676144-1011Core.job
2013-08-29 17:26 - 2012-05-29 22:29 - 00000000 ____D C:\Users\Trebledsoul\AppData\Roaming\Mozilla
2013-08-29 17:03 - 2013-08-27 19:03 - 00000000 ___SD C:\32788R22FWJFW
2013-08-29 13:07 - 2013-08-27 21:16 - 05114906 ____R (Swearware) C:\Users\Trebledsoul\Desktop\ComboFix.exe
2013-08-29 13:07 - 2013-08-23 11:41 - 00000000 ____D C:\Program Files (x86)\PC Registry Shield
2013-08-29 13:06 - 2013-08-23 11:43 - 00003216 _____ C:\Windows\System32\Tasks\PcRegistryShield_Start
2013-08-29 13:06 - 2013-08-23 11:42 - 00000000 ____D C:\Users\Trebledsoul\Documents\PCRegistyShield
2013-08-29 12:57 - 2011-04-12 15:56 - 00101464 _____ C:\Windows\PFRO.log
2013-08-29 12:54 - 2010-11-08 06:29 - 00000000 ____D C:\ProgramData\MFAData
2013-08-29 12:53 - 2012-12-15 13:27 - 00000000 ____D C:\ProgramData\AVG2013
2013-08-29 12:52 - 2010-06-26 01:13 - 00000000 ___HD C:\$AVG
2013-08-29 12:51 - 2013-08-29 12:51 - 00000000 ____D C:\Users\Trebledsoul\AppData\Roaming\TuneUp Software
2013-08-29 12:49 - 2013-08-29 12:49 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\MFAData
2013-08-29 01:09 - 2013-08-29 01:09 - 00017184 _____ C:\Users\Trebledsoul\Documents\teasing with her toes II youtube.wlmp
2013-08-29 00:39 - 2013-08-29 00:38 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{AD610934-CE1B-4B7E-9D1B-162BAAB990EF}
2013-08-27 19:05 - 2013-08-27 19:05 - 00007950 _____ C:\Users\Trebledsoul\Documents\soaking youtube.wlmp
2013-08-27 19:03 - 2013-08-27 19:03 - 00000000 ____D C:\Windows\erdnt
2013-08-27 18:19 - 2013-08-27 18:19 - 00000512 _____ C:\Users\Trebledsoul\Desktop\MBR.dat
2013-08-27 18:19 - 2013-08-27 17:47 - 00002620 _____ C:\Users\Trebledsoul\Desktop\aswMBR.txt
2013-08-27 15:18 - 2013-08-27 14:05 - 04745728 _____ (AVAST Software) C:\Users\Trebledsoul\Downloads\aswMBR.exe
2013-08-27 15:03 - 2013-08-27 15:03 - 00005902 _____ C:\Users\Trebledsoul\Documents\shoeplay silver flats 2  youtube.wlmp
2013-08-27 11:55 - 2013-08-27 11:55 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{D02EBF98-4B45-47AE-8A84-0F94C4B3E1DC}
2013-08-27 04:17 - 2013-08-27 04:17 - 00002323 _____ C:\Users\Trebledsoul\Documents\shoeplay silver flats 2 short.wlmp
2013-08-27 03:49 - 2013-08-27 03:49 - 00002292 _____ C:\Users\Trebledsoul\Documents\park shoeplay 2 short.wlmp
2013-08-27 03:45 - 2013-08-27 03:45 - 00002292 _____ C:\Users\Trebledsoul\Documents\park shoeplay 1 short.wlmp
2013-08-27 03:35 - 2013-08-23 11:41 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-08-27 03:14 - 2013-08-27 03:14 - 00002276 _____ C:\Users\Trebledsoul\Documents\teasing with her toes short.wlmp
2013-08-26 23:55 - 2013-08-26 23:55 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{0BDC58AC-372A-4DC8-A5E8-CC465E3B8888}
2013-08-26 11:55 - 2013-08-26 11:54 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{BED45EF3-3CA8-4B29-B58D-E37F48084CE3}
2013-08-25 23:54 - 2013-08-25 23:54 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{5CA55989-FD81-4541-B301-94002B313857}
2013-08-25 21:03 - 2013-08-25 21:03 - 34227672 _____ C:\Users\Trebledsoul\Downloads\NSYNC Reunion Justin Timberlake MTV VMAs 2013.mp4
2013-08-25 15:28 - 2013-08-25 15:28 - 00002306 _____ C:\Users\Trebledsoul\Documents\up close and personal preview.wlmp
2013-08-25 13:57 - 2013-08-25 13:57 - 00005162 _____ C:\Users\Trebledsoul\Documents\out to lunch 3 preview.wlmp
2013-08-25 13:36 - 2013-08-25 13:36 - 00005154 _____ C:\Users\Trebledsoul\Documents\out to lunch 2 preview.wlmp
2013-08-25 11:54 - 2013-08-25 11:54 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{7BF78889-A511-4AE9-833B-509CF78E5BFC}
2013-08-25 03:55 - 2013-08-25 03:55 - 00000000 ____D C:\Program Files\M-Audio
2013-08-25 03:54 - 2013-08-25 03:54 - 14586160 _____ (M-Audio) C:\Users\Trebledsoul\Downloads\MIDISport Installer 6_1_3_Driver 5_10_0_5141.exe
2013-08-25 03:54 - 2013-08-25 03:54 - 00000000 ____D C:\ProgramData\AVID
2013-08-25 01:14 - 2013-08-25 01:14 - 00005187 _____ C:\Users\Trebledsoul\Documents\black pantyhose dangling.wlmp
2013-08-25 00:44 - 2013-08-25 00:44 - 00005133 _____ C:\Users\Trebledsoul\Documents\black pantyhose shoeplay.wlmp
2013-08-25 00:22 - 2013-08-25 00:22 - 00005130 _____ C:\Users\Trebledsoul\Documents\teasing with her toes.wlmp
2013-08-24 23:54 - 2013-08-24 23:54 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{E83CF536-F7EE-4B66-B5BE-DFCB82BF3D0E}
2013-08-24 20:42 - 2013-08-24 20:17 - 00000000 ____D C:\Users\Trebledsoul\Downloads\Natalie's 8GB
2013-08-24 19:56 - 2011-10-19 16:38 - 00000000 ____D C:\Program Files (x86)\Morphyre
2013-08-24 12:42 - 2013-08-23 11:40 - 00003725 _____ C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-08-24 12:42 - 2013-07-27 01:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-24 12:41 - 2013-08-23 11:41 - 00045856 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-08-24 12:41 - 2013-08-23 11:40 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-08-23 12:41 - 2013-08-22 21:09 - 00000000 ____D C:\Program Files\Recuva
2013-08-23 11:40 - 2013-08-23 11:40 - 00003708 _____ C:\Windows\System32\Tasks\pcreg
2013-08-23 11:40 - 2013-08-23 11:40 - 00000000 ____D C:\Program Files\wrapper_inst
2013-08-23 11:40 - 2013-08-23 11:39 - 00000000 ____D C:\Program Files (x86)\wrapper_inst
2013-08-23 11:39 - 2013-08-23 11:38 - 24415218 _____ C:\Users\Trebledsoul\Desktop\surgeonsimulator2013_win.zip
2013-08-23 11:31 - 2013-08-23 05:04 - 00024803 _____ C:\Users\Trebledsoul\Desktop\dds.txt
2013-08-23 11:31 - 2013-08-23 05:04 - 00011705 _____ C:\Users\Trebledsoul\Desktop\attach.txt
2013-08-22 21:09 - 2013-08-22 21:09 - 00001665 _____ C:\Users\Public\Desktop\Recuva.lnk
2013-08-22 21:06 - 2013-08-22 21:06 - 03843072 _____ (Piriform Ltd) C:\Users\Trebledsoul\Desktop\rcsetup148.exe
2013-08-22 18:56 - 2013-08-22 18:56 - 00688992 _____ (Swearware) C:\Users\Trebledsoul\Desktop\dds (1).com
2013-08-22 18:55 - 2013-08-22 18:55 - 00688992 ____R (Swearware) C:\Users\Trebledsoul\Desktop\dds.com
2013-08-22 18:53 - 2013-08-22 18:25 - 00003678 _____ C:\Users\Trebledsoul\Desktop\Rkill.txt
2013-08-22 18:25 - 2013-08-22 18:25 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Trebledsoul\Desktop\iExplore.exe
2013-08-22 18:25 - 2013-08-22 18:25 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\Trebledsoul\Desktop\iExplore64.exe
2013-08-22 18:19 - 2013-08-22 18:19 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Trebledsoul\Downloads\rkill.exe
2013-08-22 18:19 - 2013-08-22 18:19 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\Trebledsoul\Downloads\rkill64.exe
2013-08-22 18:17 - 2013-08-22 17:28 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-22 18:17 - 2013-08-22 17:27 - 00000000 ____D C:\Users\Trebledsoul\Desktop\mbar
2013-08-22 17:27 - 2013-08-22 17:27 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Trebledsoul\Downloads\mbar-1.06.1.1005.exe
2013-08-22 17:10 - 2013-08-22 17:10 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-08-22 17:08 - 2013-05-20 20:26 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\SwvUpdater
2013-08-22 17:08 - 2013-05-13 10:00 - 00000000 ____D C:\Program Files (x86)\Search Results Toolbar
2013-08-22 16:48 - 2013-08-22 16:48 - 00000000 ____D C:\Users\Trebledsoul\AppData\Roaming\Malwarebytes
2013-08-22 16:48 - 2013-08-22 16:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-22 16:47 - 2013-08-22 16:47 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Trebledsoul\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-22 16:47 - 2013-08-22 16:47 - 00001076 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-22 16:47 - 2013-08-22 16:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-22 16:45 - 2013-08-22 16:44 - 00029684 _____ C:\Users\Trebledsoul\Downloads\Result.txt
2013-08-22 16:43 - 2013-08-22 16:43 - 00760937 _____ (Farbar) C:\Users\Trebledsoul\Downloads\MiniToolBox.exe
2013-08-22 16:43 - 2013-08-22 16:43 - 00005921 _____ C:\Users\Trebledsoul\Downloads\FSS.txt
2013-08-22 16:41 - 2013-08-22 16:41 - 00358507 _____ (Farbar) C:\Users\Trebledsoul\Downloads\FSS.exe
2013-08-22 16:37 - 2013-08-22 16:37 - 00891115 _____ C:\Users\Trebledsoul\Downloads\SecurityCheck.exe
2013-08-22 15:17 - 2013-08-22 15:17 - 00000000 ____D C:\Program Files (x86)\M-Audio
2013-08-22 00:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2013-08-21 18:09 - 2011-06-28 22:31 - 00000000 ____D C:\users\D-Bass6.COM6
2013-08-21 18:09 - 2011-02-28 06:06 - 00000000 ____D C:\users\Bianca
2013-08-21 18:09 - 2010-01-09 19:08 - 00000000 ____D C:\users\Babygirl
2013-08-21 11:18 - 2013-08-23 11:43 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\AVG SafeGuard toolbar
2013-08-18 17:50 - 2013-08-18 17:23 - 00001094 _____ C:\Users\Trebledsoul\Desktop\Virtual Families 2.lnk
2013-08-18 17:50 - 2013-08-18 17:23 - 00001094 _____ C:\Users\D-Bass6.COM6\Desktop\Virtual Families 2.lnk
2013-08-18 17:50 - 2013-08-18 17:23 - 00001094 _____ C:\Users\Bianca\Desktop\Virtual Families 2.lnk
2013-08-18 17:50 - 2013-08-18 17:23 - 00001094 _____ C:\Users\Babygirl\Desktop\Virtual Families 2.lnk
2013-08-18 17:23 - 2013-08-18 17:22 - 00000000 ____D C:\Program Files (x86)\Virtual Families 2
2013-08-18 17:23 - 2013-07-23 16:32 - 00000000 ____D C:\Users\Trebledsoul\Documents\LDW
2013-08-18 17:21 - 2013-08-18 17:21 - 84811352 _____ C:\Users\Trebledsoul\Downloads\VirtualFamilies2Setup_DEMO.exe
2013-08-18 17:20 - 2013-08-18 17:20 - 59776149 _____ C:\Users\Trebledsoul\Downloads\VFSetup_v1_00.exe
2013-08-18 17:20 - 2013-08-18 17:15 - 00001070 _____ C:\Users\Trebledsoul\Desktop\Virtual Families.lnk
2013-08-18 17:20 - 2013-08-18 17:15 - 00001070 _____ C:\Users\D-Bass6.COM6\Desktop\Virtual Families.lnk
2013-08-18 17:20 - 2013-08-18 17:15 - 00001070 _____ C:\Users\Bianca\Desktop\Virtual Families.lnk
2013-08-18 17:20 - 2013-08-18 17:15 - 00001070 _____ C:\Users\Babygirl\Desktop\Virtual Families.lnk
2013-08-18 17:15 - 2013-07-23 16:32 - 00000000 ____D C:\Program Files (x86)\Virtual Families
2013-08-18 14:35 - 2012-06-02 12:20 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\CrashDumps
2013-08-18 14:18 - 2009-07-13 20:45 - 05162008 _____ C:\Windows\System32\FNTCACHE.DAT
2013-08-18 14:15 - 2013-08-09 18:14 - 00000000 ____D C:\Program Files (x86)\OpenDownloaderManager
2013-08-18 14:15 - 2013-07-27 01:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-14 14:26 - 2011-06-30 08:20 - 01056768 ___SH C:\Users\Babygirl\Documents\Thumbs.db
2013-08-14 13:04 - 2011-04-30 10:22 - 00000000 ____D C:\Users\Babygirl\AppData\Roaming\Mozilla
2013-08-14 13:03 - 2011-03-22 03:39 - 00002383 _____ C:\Users\Babygirl\Desktop\Google Chrome.lnk
2013-08-14 12:58 - 2013-08-14 12:58 - 00003500 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-COM6-Babygirl
2013-08-14 12:58 - 2010-01-09 19:23 - 00000000 ____D C:\Users\Babygirl\AppData\Roaming\Adobe
2013-08-14 12:56 - 2010-02-19 12:08 - 00001004 _____ C:\Users\Babygirl\Desktop\magicJack.lnk
2013-08-14 12:56 - 2010-02-19 12:03 - 00000000 ____D C:\Users\Babygirl\AppData\Roaming\mjusbsp
2013-08-10 00:47 - 2013-08-10 00:35 - 00016893 _____ C:\Users\Trebledsoul\Documents\nylon tease.wlmp
2013-08-09 23:49 - 2013-08-09 23:49 - 00005243 _____ C:\Users\Trebledsoul\Documents\fun with nylons 1 preview.wlmp
2013-08-09 23:39 - 2013-08-09 23:39 - 00005021 _____ C:\Users\Trebledsoul\Documents\fun with nylons 2 preview.wlmp
2013-08-09 22:51 - 2013-08-09 22:51 - 00005467 _____ C:\Users\Trebledsoul\Documents\funwithnylonspreview.wlmp
2013-08-09 22:38 - 2013-08-09 22:38 - 00005061 _____ C:\Users\Trebledsoul\Documents\shoeplaypark2preview.wlmp
2013-08-09 22:20 - 2013-08-09 22:20 - 00005008 _____ C:\Users\Trebledsoul\Documents\shoeplaypark1preview.wlmp
2013-08-09 18:37 - 2013-08-09 18:37 - 00000000 ____D C:\Users\Trebledsoul\Downloads\AVS Video Editor 6.4.1.240 Incl Patch (MPT) - KurdTM
2013-08-09 18:25 - 2013-08-09 18:16 - 00000000 ____D C:\Program Files (x86)\GorillaPrice
2013-08-09 18:19 - 2013-08-09 18:16 - 00000000 ____D C:\Users\Trebledsoul\AppData\Roaming\Open Download Manager
2013-08-09 18:15 - 2013-08-09 18:15 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-08-09 18:15 - 2013-05-13 10:04 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\Torch
2013-08-09 18:14 - 2013-08-09 18:14 - 00482680 _____ (My Company) C:\Users\Trebledsoul\Downloads\Setup (1).exe
2013-08-09 18:14 - 2013-08-09 18:14 - 00000000 ____D C:\ProgramData\Babylon
2013-08-09 18:06 - 2013-08-09 18:06 - 00000000 ____D C:\Users\Trebledsoul\AppData\Roaming\AVS4YOU
2013-08-09 18:06 - 2013-08-09 18:06 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-08-09 18:06 - 2012-05-29 21:44 - 00135168 _____ C:\Users\Trebledsoul\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-09 18:05 - 2013-08-09 18:02 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-08-09 18:03 - 2013-08-09 18:03 - 00001168 _____ C:\Users\Trebledsoul\Desktop\AVS Video Editor.lnk
2013-08-09 17:58 - 2013-08-09 17:53 - 154348096 _____ (Online Media Technologies Ltd.                              ) C:\Users\Trebledsoul\Downloads\AVSVideoEditor.exe
2013-08-09 17:34 - 2013-08-09 17:31 - 00000000 ____D C:\Users\Trebledsoul\Downloads\VirtualDub-1.9.11
2013-08-09 17:31 - 2013-08-09 17:31 - 01035060 _____ C:\Users\Trebledsoul\Downloads\Deshaker30_64.zip
2013-08-09 17:29 - 2013-08-09 17:29 - 01707366 _____ C:\Users\Trebledsoul\Downloads\VirtualDub-1.9.11.zip
2013-08-09 15:02 - 2010-01-10 13:03 - 00188823 _____ C:\Windows\wininit.ini
2013-08-09 15:01 - 2013-05-13 10:05 - 00002239 _____ C:\Users\Trebledsoul\Desktop\Torch.lnk
2013-08-09 14:59 - 2013-08-09 14:59 - 00000000 ____D C:\Users\Trebledsoul\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-08-09 14:59 - 2013-08-09 14:59 - 00000000 ____D C:\Users\Public\Documents\Adobe
2013-08-09 14:01 - 2013-08-09 14:00 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{7F79E42F-BA3F-4D75-9E15-BA9DFF3C4CBE}
2013-08-05 11:55 - 2013-08-05 11:55 - 00029700 _____ C:\Users\Trebledsoul\Downloads\msg0001 (2).WAV
2013-08-04 10:47 - 2013-08-02 21:39 - 00000000 ____D C:\Users\Trebledsoul\Documents\Unnamed Site 2
2013-08-04 01:07 - 2013-08-04 01:07 - 00002273 _____ C:\Users\Trebledsoul\Documents\fun with nylons 3.wlmp
2013-08-04 00:46 - 2013-08-04 00:46 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{4F031D8E-B48B-426D-A995-D8C125CBB096}
2013-08-03 23:52 - 2013-08-03 23:52 - 00004956 _____ C:\Users\Trebledsoul\Documents\fun with nylons 2.wlmp
2013-08-03 22:38 - 2012-05-31 19:30 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-08-03 22:35 - 2012-05-29 21:19 - 00000000 ____D C:\Users\Trebledsoul\AppData\Roaming\Adobe
2013-08-03 17:06 - 2013-08-03 17:06 - 00118065 _____ C:\Users\Trebledsoul\Documents\Dogasu's Backpack (07-24-2013) - Box Office - Week Two.htm
2013-08-03 17:06 - 2013-08-03 17:06 - 00000000 ____D C:\Users\Trebledsoul\Documents\Dogasu's Backpack (07-24-2013) - Box Office - Week Two_files
2013-08-03 14:49 - 2012-06-02 12:09 - 00000000 ____D C:\Users\Trebledsoul\.gimp-2.8
2013-08-03 14:47 - 2013-08-03 14:47 - 00000874 _____ C:\Users\Trebledsoul\AppData\Local\recently-used.xbel
2013-08-03 12:46 - 2013-08-03 12:46 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{8EB5D0C9-36D0-42AB-840B-C539D07BD37E}
2013-08-03 10:57 - 2012-08-27 13:31 - 00000000 ____D C:\Users\Trebledsoul\AppData\Roaming\mjusbsp
2013-08-03 10:44 - 2013-08-03 10:44 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{6A744578-AC99-4601-986D-D09399D7BBA4}
2013-08-03 09:58 - 2013-06-15 05:05 - 00000000 ____D C:\Program Files\Adobe
2013-08-03 09:58 - 2013-06-15 05:01 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-03 09:39 - 2009-09-04 11:18 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-03 00:46 - 2013-08-03 00:46 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{21610914-0820-4723-98A1-DA8070EFAE1D}
2013-08-02 22:44 - 2013-08-02 22:44 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{8900C88B-635B-4A3C-8A85-72E629B64B6D}
2013-08-02 12:46 - 2013-08-02 12:45 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{12C885B3-F7EC-47DD-A75A-A3857B479BEF}
2013-08-02 10:44 - 2013-08-02 10:43 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{1610186E-E637-4302-84AB-772DAA78EC0A}
2013-08-02 00:45 - 2013-08-02 00:45 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{F50B4428-BCC4-48BB-AED4-6A6AEB35E1C5}
2013-08-01 22:43 - 2013-08-01 22:43 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{F5CD4704-DCF7-419B-B858-F493EC69FCA2}
2013-08-01 12:45 - 2013-08-01 12:44 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{ABF4DF61-19D9-4254-9523-012C8F45E77B}
2013-08-01 12:33 - 2012-08-27 13:33 - 00001013 _____ C:\Users\Trebledsoul\Desktop\magicJack.lnk
2013-08-01 10:52 - 2013-08-01 10:52 - 00045235 _____ C:\Users\Trebledsoul\Downloads\msg0012.WAV
2013-08-01 09:49 - 2013-08-01 09:49 - 00024890 _____ C:\Users\Trebledsoul\Downloads\msg0001 (1).WAV
2013-08-01 07:21 - 2013-08-01 07:21 - 00027165 _____ C:\Users\Trebledsoul\Downloads\msg0011.WAV
2013-08-01 07:20 - 2013-08-01 07:20 - 00016765 _____ C:\Users\Trebledsoul\Downloads\msg0010.WAV
2013-08-01 07:20 - 2013-08-01 07:20 - 00016765 _____ C:\Users\Trebledsoul\Downloads\msg0010 (1).WAV
2013-08-01 03:26 - 2009-09-04 11:18 - 00000000 ____D C:\ProgramData\Adobe
2013-08-01 03:20 - 2013-08-01 03:20 - 00000000 ____D C:\ProgramData\ALM
2013-08-01 02:34 - 2013-08-01 02:34 - 00001070 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-08-01 00:44 - 2013-08-01 00:44 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{BB12FB65-634C-442B-89C1-68EAABF9A573}
2013-07-31 18:50 - 2012-06-13 10:00 - 00000000 ____D C:\Users\Trebledsoul\Documents\Youcam
2013-07-31 12:44 - 2013-07-31 12:44 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{BF82DEB1-DB34-43EB-AD86-37C22DA97F47}
2013-07-31 09:35 - 2013-07-31 09:35 - 00050045 _____ C:\Users\Trebledsoul\Downloads\msg0009.WAV
2013-07-31 09:34 - 2013-07-31 09:34 - 00120310 _____ C:\Users\Trebledsoul\Downloads\msg0008.WAV
2013-07-31 02:32 - 2013-07-31 02:32 - 00000031 _____ C:\Users\Trebledsoul\Documents\HostGatorSupportTicket7.31.2013.txt
2013-07-31 00:44 - 2013-07-31 00:43 - 00000000 ____D C:\Users\Trebledsoul\AppData\Local\{514661B9-F132-4393-B97C-53D1C21791FC}
 
Files to move or delete:
====================
C:\Users\Babygirl\AppData\Local\Temp\cltmng.exe
C:\Users\Babygirl\AppData\Local\Temp\msvcp100.dll
C:\Users\Babygirl\AppData\Local\Temp\msvcr100.dll
C:\Users\Babygirl\AppData\Local\Temp\CProgram Files (x86)Opera\D3DCompiler_43.dll
C:\Users\Babygirl\AppData\Local\Temp\CProgram Files (x86)Opera\Opera-12.15-1748.i386.autoupdate.exe
C:\Users\Babygirl\AppData\Local\Temp\CProgram Files (x86)Opera\opera.dll
C:\Users\Babygirl\AppData\Local\Temp\CProgram Files (x86)Opera\opera.exe
C:\Users\Babygirl\AppData\Local\Temp\CProgram Files (x86)Opera\OperaUpgrader.exe
C:\Users\Babygirl\AppData\Local\Temp\CProgram Files (x86)Opera\updatechecker\opera_autoupdate.exe
C:\Users\Babygirl\AppData\Local\Temp\CProgram Files (x86)Opera\mapi\OperaMAPI.dll
C:\Users\Babygirl\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\gstreamer.dll
C:\Users\Babygirl\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstaudioconvert.dll
C:\Users\Babygirl\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstaudioresample.dll
C:\Users\Babygirl\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstautodetect.dll
C:\Users\Babygirl\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstcoreplugins.dll
C:\Users\Babygirl\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstdecodebin2.dll
C:\Users\Babygirl\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstdirectsound.dll
C:\Users\Babygirl\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstffmpegcolorspace.dll
C:\Users\Babygirl\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstoggdec.dll
C:\Users\Babygirl\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstwaveform.dll
C:\Users\Babygirl\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstwavparse.dll
C:\Users\Babygirl\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstwebmdec.dll
C:\Users\Babygirl\AppData\Local\Temp\654AD4B1-6B9A-4522-8069-DF991074D647\CbsProvider.dll
C:\Users\Babygirl\AppData\Local\Temp\654AD4B1-6B9A-4522-8069-DF991074D647\CompatProvider.dll
C:\Users\Babygirl\AppData\Local\Temp\654AD4B1-6B9A-4522-8069-DF991074D647\DismCore.dll
C:\Users\Babygirl\AppData\Local\Temp\654AD4B1-6B9A-4522-8069-DF991074D647\DismCorePS.dll
C:\Users\Babygirl\AppData\Local\Temp\654AD4B1-6B9A-4522-8069-DF991074D647\DismHost.exe
C:\Users\Babygirl\AppData\Local\Temp\654AD4B1-6B9A-4522-8069-DF991074D647\DismProv.dll
C:\Users\Babygirl\AppData\Local\Temp\654AD4B1-6B9A-4522-8069-DF991074D647\DmiProvider.dll
C:\Users\Babygirl\AppData\Local\Temp\654AD4B1-6B9A-4522-8069-DF991074D647\FolderProvider.dll
C:\Users\Babygirl\AppData\Local\Temp\654AD4B1-6B9A-4522-8069-DF991074D647\IntlProvider.dll
C:\Users\Babygirl\AppData\Local\Temp\654AD4B1-6B9A-4522-8069-DF991074D647\LogProvider.dll
C:\Users\Babygirl\AppData\Local\Temp\654AD4B1-6B9A-4522-8069-DF991074D647\MsiProvider.dll
C:\Users\Babygirl\AppData\Local\Temp\654AD4B1-6B9A-4522-8069-DF991074D647\OSProvider.dll
C:\Users\Babygirl\AppData\Local\Temp\654AD4B1-6B9A-4522-8069-DF991074D647\SmiProvider.dll
C:\Users\Babygirl\AppData\Local\Temp\654AD4B1-6B9A-4522-8069-DF991074D647\TransmogProvider.dll
C:\Users\Babygirl\AppData\Local\Temp\654AD4B1-6B9A-4522-8069-DF991074D647\UnattendProvider.dll
C:\Users\Babygirl\AppData\Local\Temp\654AD4B1-6B9A-4522-8069-DF991074D647\wdscore.dll
C:\Users\Babygirl\AppData\Local\Temp\654AD4B1-6B9A-4522-8069-DF991074D647\WimProvider.dll
C:\Users\Bianca\AppData\Local\Temp\CUsersBiancaAppDataLocalProgramsOpera\D3DCompiler_43.dll
C:\Users\Bianca\AppData\Local\Temp\CUsersBiancaAppDataLocalProgramsOpera\Opera-12.14-1738.i386.autoupdate.exe
C:\Users\Bianca\AppData\Local\Temp\CUsersBiancaAppDataLocalProgramsOpera\opera.dll
C:\Users\Bianca\AppData\Local\Temp\CUsersBiancaAppDataLocalProgramsOpera\opera.exe
C:\Users\Bianca\AppData\Local\Temp\CUsersBiancaAppDataLocalProgramsOpera\OperaUpgrader.exe
C:\Users\Bianca\AppData\Local\Temp\CUsersBiancaAppDataLocalProgramsOpera\updatechecker\opera_autoupdate.exe
C:\Users\Bianca\AppData\Local\Temp\CUsersBiancaAppDataLocalProgramsOpera\mapi\OperaMAPI.dll
C:\Users\Bianca\AppData\Local\Temp\CUsersBiancaAppDataLocalProgramsOpera\gstreamer\gstreamer.dll
C:\Users\Bianca\AppData\Local\Temp\CUsersBiancaAppDataLocalProgramsOpera\gstreamer\plugins\gstaudioconvert.dll
C:\Users\Bianca\AppData\Local\Temp\CUsersBiancaAppDataLocalProgramsOpera\gstreamer\plugins\gstaudioresample.dll
C:\Users\Bianca\AppData\Local\Temp\CUsersBiancaAppDataLocalProgramsOpera\gstreamer\plugins\gstautodetect.dll
C:\Users\Bianca\AppData\Local\Temp\CUsersBiancaAppDataLocalProgramsOpera\gstreamer\plugins\gstcoreplugins.dll
C:\Users\Bianca\AppData\Local\Temp\CUsersBiancaAppDataLocalProgramsOpera\gstreamer\plugins\gstdecodebin2.dll
C:\Users\Bianca\AppData\Local\Temp\CUsersBiancaAppDataLocalProgramsOpera\gstreamer\plugins\gstdirectsound.dll
C:\Users\Bianca\AppData\Local\Temp\CUsersBiancaAppDataLocalProgramsOpera\gstreamer\plugins\gstffmpegcolorspace.dll
C:\Users\Bianca\AppData\Local\Temp\CUsersBiancaAppDataLocalProgramsOpera\gstreamer\plugins\gstoggdec.dll
C:\Users\Bianca\AppData\Local\Temp\CUsersBiancaAppDataLocalProgramsOpera\gstreamer\plugins\gstwaveform.dll
C:\Users\Bianca\AppData\Local\Temp\CUsersBiancaAppDataLocalProgramsOpera\gstreamer\plugins\gstwavparse.dll
C:\Users\Bianca\AppData\Local\Temp\CUsersBiancaAppDataLocalProgramsOpera\gstreamer\plugins\gstwebmdec.dll
C:\Users\Bianca\AppData\Local\Temp\205Bwrd.~lk\6930fspext.dll
C:\Users\D-Bass6.COM6\AppData\Local\Temp\eauninstall.exe
C:\Users\D-Bass6.COM6\AppData\Local\Temp\i4jdel0.exe
C:\Users\D-Bass6.COM6\AppData\Local\Temp\nsl6F34.exe
C:\Users\D-Bass6.COM6\AppData\Local\Temp\SimCity 4 Deluxe_uninst.exe
C:\Users\D-Bass6.COM6\AppData\Local\Temp\{1B086020-2A89-4291-A826-A3D680108CDB}\ISSetup.dll
C:\Users\D-Bass6.COM6\AppData\Local\Temp\{1B086020-2A89-4291-A826-A3D680108CDB}\setup.exe
C:\Users\D-Bass6.COM6\AppData\Local\Temp\{18339A0C-DA1A-422F-92DC-E538C93DE258}\GetDXVer.dll
C:\Users\D-Bass6.COM6\AppData\Local\Temp\{18339A0C-DA1A-422F-92DC-E538C93DE258}\IS32Util.dll
C:\Users\D-Bass6.COM6\AppData\Local\Temp\{18339A0C-DA1A-422F-92DC-E538C93DE258}\ISBEW64.exe
C:\Users\D-Bass6.COM6\AppData\Local\Temp\{18339A0C-DA1A-422F-92DC-E538C93DE258}\ISRT.dll
C:\Users\D-Bass6.COM6\AppData\Local\Temp\{18339A0C-DA1A-422F-92DC-E538C93DE258}\setup.exe
C:\Users\D-Bass6.COM6\AppData\Local\Temp\{18339A0C-DA1A-422F-92DC-E538C93DE258}\SuppressAutoRun.dll
C:\Users\D-Bass6.COM6\AppData\Local\Temp\{18339A0C-DA1A-422F-92DC-E538C93DE258}\U32inst.dll
C:\Users\D-Bass6.COM6\AppData\Local\Temp\{18339A0C-DA1A-422F-92DC-E538C93DE258}\u32sn.dll
C:\Users\D-Bass6.COM6\AppData\Local\Temp\{18339A0C-DA1A-422F-92DC-E538C93DE258}\WIAReg.exe
C:\Users\D-Bass6.COM6\AppData\Local\Temp\{18339A0C-DA1A-422F-92DC-E538C93DE258}\_isres.dll
C:\Users\D-Bass6.COM6\AppData\Local\Temp\{18339A0C-DA1A-422F-92DC-E538C93DE258}\_isuser.dll
C:\Users\Trebledsoul\AppData\Local\Temp\200810.exe
C:\Users\Trebledsoul\AppData\Local\Temp\AAMHelper.exe
C:\Users\Trebledsoul\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\Trebledsoul\AppData\Local\Temp\AVG-Safeguard.exe
C:\Users\Trebledsoul\AppData\Local\Temp\bassmod.dll
C:\Users\Trebledsoul\AppData\Local\Temp\cltmng.exe
C:\Users\Trebledsoul\AppData\Local\Temp\msvcp100.dll
C:\Users\Trebledsoul\AppData\Local\Temp\msvcr100.dll
C:\Users\Trebledsoul\AppData\Local\Temp\oi_{0DDD7CAB-284E-4230-9825-8F7C2A3A5162}.exe
C:\Users\Trebledsoul\AppData\Local\Temp\PC-Registry-EXE-0808.exe
C:\Users\Trebledsoul\AppData\Local\Temp\uninst1.exe
C:\Users\Trebledsoul\AppData\Local\Temp\winzip1664_2_wrapped.exe
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\GoogleCrashHandler.exe
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\GoogleCrashHandler64.exe
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\GoogleUpdate.exe
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\GoogleUpdateBroker.exe
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\GoogleUpdateOnDemand.exe
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\GoogleUpdateSetup.exe
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdate.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_am.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_ar.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_bg.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_bn.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_ca.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_cs.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_da.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_de.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_el.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_en-GB.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_en.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_es-419.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_es.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_et.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_fa.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_fi.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_fil.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_fr.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_gu.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_hi.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_hr.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_hu.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_id.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_is.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_it.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_iw.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_ja.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_kn.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_ko.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_lt.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_lv.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_ml.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_mr.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_ms.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_nl.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_no.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_pl.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_pt-BR.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_pt-PT.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_ro.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_ru.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_sk.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_sl.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_sr.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_sv.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_sw.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_ta.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_te.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_th.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_tr.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_uk.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_ur.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_vi.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_zh-CN.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\goopdateres_zh-TW.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\npGoogleUpdate3.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\psmachine.dll
C:\Users\Trebledsoul\AppData\Local\Temp\{BDBD2D19-D052-406C-AB22-973B703A707C}\psuser.dll
C:\Users\Trebledsoul\AppData\Local\Temp\_av4_\aswCmnB.dll
C:\Users\Trebledsoul\AppData\Local\Temp\_av4_\aswCmnOS.dll
C:\Users\Trebledsoul\AppData\Local\Temp\_av4_\aswCmnS.dll
C:\Users\Trebledsoul\AppData\Local\Temp\_av4_\aswEngin.dll
C:\Users\Trebledsoul\AppData\Local\Temp\_av4_\aswScan.dll
C:\Users\Trebledsoul\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_.exe
C:\Users\Trebledsoul\AppData\Local\Temp\Solid State Networks\Host.a22ef7bda699602e587cc0dd5512c6970cad4d18\downloader.dll
C:\Users\Trebledsoul\AppData\Local\Temp\Solid State Networks\Host.a22ef7bda699602e587cc0dd5512c6970cad4d18\launcher.dll
C:\Users\Trebledsoul\AppData\Local\Temp\Rar$EXa0.249\auxsetup.exe
C:\Users\Trebledsoul\AppData\Local\Temp\Rar$EXa0.249\vdicmdrv.dll
C:\Users\Trebledsoul\AppData\Local\Temp\Rar$EXa0.249\vdremote.dll
C:\Users\Trebledsoul\AppData\Local\Temp\Rar$EXa0.249\vdsvrlnk.dll
C:\Users\Trebledsoul\AppData\Local\Temp\Rar$EXa0.249\vdub.exe
C:\Users\Trebledsoul\AppData\Local\Temp\Rar$EXa0.249\VirtualDub.exe
C:\Users\Trebledsoul\AppData\Local\Temp\nsxEA6.tmp\Helper.dll
C:\Users\Trebledsoul\AppData\Local\Temp\nsu3B97.tmp\Helper.dll
C:\Users\Trebledsoul\AppData\Local\Temp\nstA759.tmp\ffext.dll
C:\Users\Trebledsoul\AppData\Local\Temp\nstA759.tmp\nsExec.dll
C:\Users\Trebledsoul\AppData\Local\Temp\nstA759.tmp\System.dll
C:\Users\Trebledsoul\AppData\Local\Temp\nstA759.tmp\UserInfo.dll
C:\Users\Trebledsoul\AppData\Local\Temp\nsr516F.tmp\ffext.dll
C:\Users\Trebledsoul\AppData\Local\Temp\nsr516F.tmp\nsExec.dll
C:\Users\Trebledsoul\AppData\Local\Temp\nsr516F.tmp\System.dll
C:\Users\Trebledsoul\AppData\Local\Temp\nsr516F.tmp\UserInfo.dll
C:\Users\Trebledsoul\AppData\Local\Temp\nsaEB0C.tmp\System.dll
C:\Users\Trebledsoul\AppData\Local\Temp\E750DEAF-BAB0-7891-90B1-23EA1E2D4E70\Latest\BExternal.dll
C:\Users\Trebledsoul\AppData\Local\Temp\E750DEAF-BAB0-7891-90B1-23EA1E2D4E70\Latest\BUSolForMontiera.dll
C:\Users\Trebledsoul\AppData\Local\Temp\E750DEAF-BAB0-7891-90B1-23EA1E2D4E70\Latest\ChromeToolbarSetup.dll
C:\Users\Trebledsoul\AppData\Local\Temp\E750DEAF-BAB0-7891-90B1-23EA1E2D4E70\Latest\CrxInstaller.dll
C:\Users\Trebledsoul\AppData\Local\Temp\E750DEAF-BAB0-7891-90B1-23EA1E2D4E70\Latest\GUninstaller.exe
C:\Users\Trebledsoul\AppData\Local\Temp\E750DEAF-BAB0-7891-90B1-23EA1E2D4E70\Latest\IEHelper.dll
C:\Users\Trebledsoul\AppData\Local\Temp\E750DEAF-BAB0-7891-90B1-23EA1E2D4E70\Latest\MntrDLLInstall.dll
C:\Users\Trebledsoul\AppData\Local\Temp\E750DEAF-BAB0-7891-90B1-23EA1E2D4E70\Latest\sqlite3.dll
C:\Users\Trebledsoul\AppData\Local\Temp\e4j4B5B.tmp_dir12228\i4jdel.exe
C:\Users\Trebledsoul\AppData\Local\Temp\DB6B.dir\InstallFlashPlayer.exe
C:\Users\Trebledsoul\AppData\Local\Temp\D65C.dir\InstallFlashPlayer.exe
C:\Users\Trebledsoul\AppData\Local\Temp\d56b0555-edc5-405f-9265-c6311e180e89\ma_isu.exe
C:\Users\Trebledsoul\AppData\Local\Temp\d56b0555-edc5-405f-9265-c6311e180e89\ma_isu2.exe
C:\Users\Trebledsoul\AppData\Local\Temp\d56b0555-edc5-405f-9265-c6311e180e89\vcredist_x64.exe
C:\Users\Trebledsoul\AppData\Local\Temp\d56b0555-edc5-405f-9265-c6311e180e89\vcredist_x86.exe
C:\Users\Trebledsoul\AppData\Local\Temp\ct2504091\ieLogic.exe
C:\Users\Trebledsoul\AppData\Local\Temp\ct2504091\statisticsStub.exe
C:\Users\Trebledsoul\AppData\Local\Temp\CRX_DF399A9B283A\ChromeRecovery.exe
C:\Users\Trebledsoul\AppData\Local\Temp\CRX_DF399A9B283A\GoogleUpdateSetup.exe
C:\Users\Trebledsoul\AppData\Local\Temp\CProgram Files (x86)Opera\D3DCompiler_43.dll
C:\Users\Trebledsoul\AppData\Local\Temp\CProgram Files (x86)Opera\Opera-12.16-1860.i386.autoupdate.exe
C:\Users\Trebledsoul\AppData\Local\Temp\CProgram Files (x86)Opera\opera.dll
C:\Users\Trebledsoul\AppData\Local\Temp\CProgram Files (x86)Opera\opera.exe
C:\Users\Trebledsoul\AppData\Local\Temp\CProgram Files (x86)Opera\OperaUpgrader.exe
C:\Users\Trebledsoul\AppData\Local\Temp\CProgram Files (x86)Opera\updatechecker\opera_autoupdate.exe
C:\Users\Trebledsoul\AppData\Local\Temp\CProgram Files (x86)Opera\mapi\OperaMAPI.dll
C:\Users\Trebledsoul\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\gstreamer.dll
C:\Users\Trebledsoul\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstaudioconvert.dll
C:\Users\Trebledsoul\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstaudioresample.dll
C:\Users\Trebledsoul\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstautodetect.dll
C:\Users\Trebledsoul\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstcoreplugins.dll
C:\Users\Trebledsoul\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstdecodebin2.dll
C:\Users\Trebledsoul\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstdirectsound.dll
C:\Users\Trebledsoul\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstffmpegcolorspace.dll
C:\Users\Trebledsoul\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstoggdec.dll
C:\Users\Trebledsoul\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstwaveform.dll
C:\Users\Trebledsoul\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstwavparse.dll
C:\Users\Trebledsoul\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstwebmdec.dll
C:\Users\Trebledsoul\AppData\Local\Temp\CCIS\ccsqlh.exe
C:\Users\Trebledsoul\AppData\Local\Temp\CCIS\sqlite3.dll
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a05200\avg-secure-search-installer.exe
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a05200\ProgFiles\AVG SafeGuard toolbar\lip.exe
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a05200\ProgFiles\AVG SafeGuard toolbar\PostInstall.exe
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a05200\ProgFiles\AVG SafeGuard toolbar\Uninstall.exe
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a05200\ProgFiles\AVG SafeGuard toolbar\vprot.exe
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a05200\ProgFiles\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a05200\ConfigFiles\avguidx.dll
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a05200\ConfigFiles\MachineIdCreator.exe
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a05200\CommonFiles\AVG SafeGuard toolbar\avgdttbx.dll
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a05200\CommonFiles\AVG SafeGuard toolbar\AVGRewardsWorker.dll
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a05200\CommonFiles\AVG SafeGuard toolbar\DriverInstaller.exe
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a05200\CommonFiles\AVG SafeGuard toolbar\DriverInstaller_64.exe
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a05200\CommonFiles\AVG SafeGuard toolbar\helper.dll
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a05200\CommonFiles\AVG SafeGuard toolbar\log4cplusU.dll
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a05200\CommonFiles\AVG SafeGuard toolbar\loggingserver.exe
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a05200\CommonFiles\AVG SafeGuard toolbar\npsitesafety.dll
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a05200\CommonFiles\AVG SafeGuard toolbar\ScriptHelper.exe
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a05200\CommonFiles\AVG SafeGuard toolbar\SiteSafety.dll
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a05200\CommonFiles\AVG SafeGuard toolbar\ToolbarUpdater.exe
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a05200\CommonFiles\AVG SafeGuard toolbar\ViProtocol.dll
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a04148\avg-secure-search-installer.exe
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a04148\ProgFiles\AVG SafeGuard toolbar\lip.exe
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a04148\ProgFiles\AVG SafeGuard toolbar\PostInstall.exe
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a04148\ProgFiles\AVG SafeGuard toolbar\Uninstall.exe
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a04148\ProgFiles\AVG SafeGuard toolbar\vprot.exe
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a04148\ProgFiles\AVG SafeGuard toolbar\14.0.0.12\AVG SafeGuard toolbar_toolbar.dll
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a04148\ConfigFiles\avguidx.dll
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a04148\ConfigFiles\MachineIdCreator.exe
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a04148\CommonFiles\AVG SafeGuard toolbar\avgdttbx.dll
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a04148\CommonFiles\AVG SafeGuard toolbar\AVGRewardsWorker.dll
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a04148\CommonFiles\AVG SafeGuard toolbar\DriverInstaller.exe
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a04148\CommonFiles\AVG SafeGuard toolbar\DriverInstaller_64.exe
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a04148\CommonFiles\AVG SafeGuard toolbar\npsitesafety.dll
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a04148\CommonFiles\AVG SafeGuard toolbar\ScriptHelper.exe
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a04148\CommonFiles\AVG SafeGuard toolbar\SiteSafety.dll
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a04148\CommonFiles\AVG SafeGuard toolbar\ToolbarUpdater.exe
C:\Users\Trebledsoul\AppData\Local\Temp\avg_a04148\CommonFiles\AVG SafeGuard toolbar\ViProtocol.dll
C:\Users\Trebledsoul\AppData\Local\Temp\249697\20130809221639.exe
C:\Users\Trebledsoul\AppData\Local\Temp\00c2f8f1-bfc9-4c49-aeef-826a0c2294c0\vcredist_x86.exe
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-08-07 00:09:03
Restore point made on: 2013-08-14 04:11:07
Restore point made on: 2013-08-23 20:22:44
Restore point made on: 2013-08-25 03:55:37
Restore point made on: 2013-08-29 12:50:22
Restore point made on: 2013-08-29 12:53:55
 
==================== Memory info =========================== 
 
Percentage of memory in use: 16%
Total physical RAM: 3964.1 MB
Available physical RAM: 3309.73 MB
Total Pagefile: 3962.25 MB
Available Pagefile: 3304.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: (Gateway) (Fixed) (Total:683.54 GB) (Free:335.04 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:4.58 GB) NTFS
Drive g: (BLACKBERRY2) (Removable) (Total:7.39 GB) (Free:5.52 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: E0FED9E5)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=684 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)
 
 
LastRegBack: 2013-08-21 20:33
 
==================== End Of Log ============================


#14 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:49 PM

Posted 31 August 2013 - 09:10 AM

I have a family member just back from the hospital so I will be indisposed until tonight but in the meantime....
 
**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.
 
Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.
 
If you would like to format and reinstall your Operating System please let me know and we can assist you with that.
 
If you would like to continue with the cleaning, please let me know and I will be more than happy to help.   :)
----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#15 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 31 August 2013 - 11:33 AM

Understood, I do hope that your family member is doing better, my friend.

 

I'd like to just continue cleaning for now. Right now, formatting the drive is not an option, as my only back-up drive had an electrical short a while ago, and funds aren't sufficient enough to justify spending money to repair it, buy another one, or sign up for one of those online data backup services right now...though I'd love to do each of those. I understand that the computer may not be 100% clean until a complete re-install is done, but if we can somehow get it better than it is now, without that, I'd like to take that route. My biggest goal is to figure out what became of my music recordings that just disappeared, and recover them. These were very recent files from within the last 12-15 months, that just vanished without a trace and without explanation. From what I can tell, this has only happened to these files. I don't know if this infection targets specific files like this, or what. All I know is, I've fallen so far behind on my projects, and I really need to understand why this happened, and how to get my files back. So yes, let's please continue cleaning. And thank you so much for your help, so far.  :)


Edited by TheRealJustan, 31 August 2013 - 11:35 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users