Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After running Hitman Pro can no longer boot into Windows 7


  • This topic is locked This topic is locked
6 replies to this topic

#1 uxm

uxm

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 05 September 2013 - 08:55 AM

Hitman Pro reported that I may have a rootkit, after running and restarting I could no longer boot into Windows 7.
 
I ran FRST and here is the log. Should I remove the .job files? Let me know if any other info is needed. Thanks in advance!
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-09-2013
Ran by SYSTEM on MININT-JAHKKR2 on 05-09-2013 13:44:11
Running from K:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [PrnStatusMX] - C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1238528 2007-08-29] (Marvell Semiconductor, Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$d7043fec9a27f28174d8f0da1707b97a\n. ATTENTION! ====> ZeroAccess?
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM\...\Policies\Explorer: [3212083974] 0x504B0304E834CBC2068374BFB511000000400000868759DE0D386F5A8D9B0842FE933CD0493740E3B29F974A329CC8EAC5522F50DEE147631572F270080E76224746DF9B0CD8041C90B5DCD1F7F728BC2EDE424A05870ED5B941054D5BE62CC7259BDB672369D689B361CF728FF0B3CACB483F7D3DFB51C498FFBFF14D7E58060487E6B3AD5A11DB96EA858407C697A3EE06355D0A5D02E22AE1BA4C53E188F8617C14F31A63367E540AAA01B1EB676843527B71ED9278F5CAA8895DFCE2964A958A43B821BBA02F84BEE7C501C8F4002F88ED4635042127E644DB9F414663C72796347E2E97A97B215B36A740D3EF371A86B2C4CE683B59A6EDA35F86A76DF0E67A4CC22A462BD98A63E63A97A745563FE7CDFF5386B8BE9C0B63F4889A27BC24908C86ACB447B43BC547123CF8F6590A5CC3833AEA4E250C6D65191322C1C4026B0A3D6CF958EBAA7DB258E44202D169ADD31FF159F25CFCFF0CD27A297FB7F835A05E9BB52886FAFC6BAC2E1003CB8C468185A3AD185CAE9EFE9E1CBE79C0B96378A44600E0269138D7E0C1B5252A5E35A642F9D050DE2949249C4876513F186387297E2486FF3605EEFED016ED9530686DB3DA005253C75E299E33ECC4CB6CBA85EE7FF3572FBDDE9ECEE46B9452C6C8B34423E8F4812186C3363912D532166BB8A9CD57A4453D202C579925E03FFF405B10A1CD0E8BEF6FACE1D27CD75270A640F47E104FE8CE4100F03804E134ED37DC31D7680F2C72D02DBED8EB77D08CA011B13C3E34351D107DE3843ADE58B49BAB78ACFCFB34979BCBDF3F2226BBD8F88F894C3C2574D1916056D0DC430BAED72B9E8045FE432FFB90F5DA5E330D8049E62403885599AF010741B1C78DB6ECB600D64C003BCAF45C161BF6A3746A16055C088BAD433D76CFF98E4DBB73D3DA9A78DCEF3D4CEB3F5BB355735987F5954A12F6C16689B14991A43F41C30FCFD08EE6AACBA089E2BC7400E5D9AFDA3833BDAF8D29584893C00078B92A627BE0FFA5F45622E494A827E82FAD8437CCCF92FFD19EDEDDC208CBEAB4D7BEAEF4F8CDE94543DF787CA37FE99739F5E15878C72BFC66D8946EE37C2560A6931BFDF780B8A7A81986EC0111513D61E8E9C621E55DFB325521619601978A12EBE41054B9FE760AEF6E47EE811333D9CC27D7C379F9E89C6F69F7AA5560760505EBD8E52BB431BE19326AA1584C555700842FAB93E1E37BFD21CBCC6AE1D97E4F3D74042975AFAF59E614CEC8D7214AA518E0A65BBE4A10000408BBA7F810C7135B3E75BE88F2028C110A9EDF36D280145A2481A131AF02A9E63E11CAFEB18A1EF417554780CC55F6A060E9769FF063060B4978A3E9C2186F637BC98A1649410B47ADE13891183F257A40CDE8E3B98AA705E519B904FD1587CC3383DC29A7E1C754ABA9AC13FB0BD4C98089D49BA9DD3BFB98F8565830D3359A46DFC3EDE494871B1296F8BA91E9C06FE02F3011D0433FA62597B5386E8982316D3FCE8DB06EA4C5A0CAE174A4CD41ACD79C90921F720C4CC06F472258C16ACC20F344544F1F7530AC4730B1205793114E093E96D6C7A9A344A8D172FAD50E4579D23ECE461ED19BF051400E3E3ABEE202C8E737EB66EE41BE229A8936DB172BE479E6FE21AEC2994ED8556A5C1ED0FA10742F879664F27D6459F8CE3B36FDE2E9F0DD8BB052010D445B0BB2174D0196DEEF0F38E5D4E5DD3A0BBDBCD7F8189E624F396D00197AC1DAEFB310B157B2C15DEBC9B5EB3D25F80B29E046C3608B0AA2008293896C6AA741AA6A6AF2FE7FFE6876B4860F577BA274AECC8EF6224EF26DBFE87D502F22565B34E679E5DA43CEC0681DA27E920625ABF97F65AA2F7AA65F82FF2C5B26A4CFA95C17F8A246D84E5550363885D2ED284DCE5FEEA5EB8D019F85F1CCAEB6279196E44067BF8B7A9D5633B0ACCB79527C9133189B410075B5CB7E9190C68F0E63BF686AE7F50834D7302910C543235FD5DA2D1A61E317E2F49361F3047803B1E4DF4A65C5FEEA96177BC2A178E0508EAF8142388CBC1DA0BCABA4DF9D62835B22F5CA348D335CCAE70AB02F711C951F41D27D76F7FF5C7629DD3721AA95FA9064B1B59572C65D7211548D26708D531964E9C40D291A3D93FE63C17ED02CA09CEE134DDC3F6CB0C37CAC9883289D4376476A03A872BBC0F31B1BB80805B23DF98593AB0BDAB52340BDA552FC2097FADCF1F883DCB0BDE09DFDBDB6CB8F2D0946C994C0A09A458525873CDE2B26395BAFC0BE806442470A4590B2A13D14E9C71414E756C5C97DD9FEF86FC554324B2C5E7CB19FB85CC8428E0722679E68CD0B0CE0832F9660C91F68A98C09A0F8056F7E584502ECB2F089575D4F42F32CA9F914B85CA48593EDD4DEF17C046D400F59068F01264E9882D616FFB4D7B7AF560990B3431B3E2FB4E886BC4CE34B16E022A867387D66DE2416A6167A9EB13098043D128587318BFBE01F6A001FBF212EC0B9D20BC870E74230D5A64F1633C6658DD822C2FFD2832761AF181122FB6F74814720E36519158BA820F674457170D7D051D7400D939F46417A1083BA1B838F24C6FBCAB22DCDE15F83BE8DA6641516DA9AAFBFC697D00DFCA24B90532D73111736586A153CD9A108AE84A116163C99E343AE83D5662DCBFC2632C59E204EDAACA916F666BD8E1BBE72884A93F31E8CD024EF14383C4281785EAE11F36FE0EB7C1CE0CD7DD965D52B724AD727968CB22511302B5D8FA14212AC45CADEB7AA6D51A120ABA606DBC83CFBF31A785E465094729B6D2E4B33FC6CEE3A5E496294E7F85434B2E7C08146FD7336C59B187F73E6386674D30462E937C3181782928DD38BDFB8C66B2049697C7682BBFC15C2DD2386FE5C219A3240CB076111289F688933C24AB6F3D9341970267A7F856E926C2CC70638F71AA8A7E03D393D2692F67EBE2C0C96AD2A73722B669916A022DADB43D1D19070E8E4FD42BF992C4CBDE127EE2825B7718266227A29B5E0C1B7DAA19623A019F1AF08CC9DC85445768EB07108571DEDA9C67A17A5C5A129EE53B70234C610FEF7683D0DA1AE0BDA770EB61410DEDF5EBEB3844F48B2994E5743F99717DC697AA77011AA36BE4B1C68D141062184EA88A977DE59F02CF38DD651184778855F1CD40FB2D4413E7754BE765F928165CAC3141867DD1AF0630A3FBABC781FB7C6367CA8DA4791B5A5B1AC2FF3118694C02A996BDE2AA82F7B4E6881CD32566695F9F7BAC94B5462218E0D2186DEA51C2C3396B1495E0D4EAAF187D61222A1B331A691F99F1E040A2751F3147271D17B9CABDB177728FB95D21B68AFE5A8A995F35E5F6CC071A9C0CC64C3E5B24F17689EA159356604C514949EE0DF33D33330FB5B50BD05C4646209BBF60C4BCDA521CDEDA97DBF59EE186B8FAC2FA8FEF4E9A5D28BCF447DE3F91FCD9854B87FA6D7C9584335FAAC30099BE855C275CB96E98B5D5EF99CA1861B7707AEC618C5F656777DE63773966094FDCCA4F94C16C6F3BF5295C8E17FEECD915D3AEA0675062B2B0D703835C34528D54DFD7B53A0525FA1061B25D4AA845C5FD1E70620BE5311B5B3C828C6E4F24378EDAAFE1001A73CFBD4E9AE612C79F2C38DDA172D60C1CEB343EEEC07653018AF8B370EC6115CE0C4C0F159D6277B1E2464CFA329701A8F375C6D45D778EE133775AAE0B9E6BD7FB54745AA48F88A326BC65891A570C393D8C2434F78A03E0651F86A391443F0BA028CD7DB0F0DBB9056B85354D7811B200C233B32D6409FAAB49D8F1C89A12A2CC4F86C7DFBBBD6AD9B1865461411A44167CD12D9092BB5306F724D89477A0C3DF8E0ECBC0C6859B005884B0DCE109B5DF8BADE089BF8A51A9C677D59B68DFEEDC933CCEF115E2A16E575427FD481AA50B058640FE2CE81A47D2D8066CB220924E68B12993DF838074BE16DABEA6353CB208957B9AA6F45BCCFD44ED0423FC5010083EF8039BC7621582D45D58F04B12E8ABC349501AAD56AA101D311CB9E347D9CE5C05D36587B274280E1848FC4549E911976E313F1F817784FD1A352282B70E2323176861AF17A363857699CC01BE406E370F7B38D1466CB1AB107BB3BCBF3AA6AEFCFD85B0D829A725C72732888D7F218F74911ED2CC177F591912C26601838B03FBCEF50FD84B42706A60E884581A28B0A3533D4F1BF12E2BBE4910AE83472BC9150B6A138206DB3AE0CBEB6A61E9A4152CFCAC3DE9CA042B8B3A869249A89FD67EF2CE106CE6F934B2244B9B325A4B6AEBA2246ECA952DF5572F0198433F863CF2BD6D1E63B9D4E36F5EF3B19277C3D65BABE63F951D3DF200B7DBD0F284AC5962D43CEABA69BDFC40386708A585112C905F506BC0479CB67F614413A02F67E92816551F056D366BC5F453CAF6F44BFD3319F403948C4D22646ECC740D1E38534EB3562644C2637074796ADAFA6F6383BE49223BA2E9512205F7A2228116E6F4C1C80E27738FBAB3BF43C3E0602CABB70CCD997A2D02B70AB82E8221D49A4DABECA605F4DADA1B68D02B33229587C7CDB9736079E3271E2BE765830167E2EC5983FB308AEE77D888BCA46715ABF199F04F29EBC09F0BEF17C09EAE017104C5FE3C5DE261B78E0CA1E9183C796980CE274233509A2B011603886F3EF9101F1566B779A12FAE798C11EB808BEA915DFC9C08EB4497075779F3886FA930DBA817C5DAF4BFE1AD81539E8D4F5937CEAE6A2C9DFCC37814901A4955E3ACC5001B543F3AC6220146D6E79E29F6010C7EC2B046667322BBC8B6BCBE7C00ACC8E6563A5D4735CDB9BAF685475A5D354248167885C3F6AEFBF95184DB833B33293E0ABA1AD02EC232D476FE1DAA42900718C04D7182BA2A3E779BB52186238D20B10CE9FC501FF1FF3C317876AC84D5174D3C6253E495EE97CBB9FB41F262524F95CC1267F3BF9EB0033C7853E0F1B64E50B7CDD2A9D7432A5096C2F0145E0F10611F3E505D29A457AD093207220829E2BCFA24119C29FFFE1DC7C1680592ADEE8EA06605D90C953290952599F80483E3A8540F3A2F37C7C8FCBA1712E9F5D0970BF4B38E7E40DFCBC970735C525318CB160099068C518D9022FBDD5DCCD8E623735B9AFA37F8C1926B87DD6BEB9B9644B62D97E1963276A67A3DE28D7716914893173A06747DF96714213160E7EDAC79E430881E8946A9BB47BD288BECB9BDC5B746F0AFAF3D4C0E8C50551590D282AC216176F56F44BA8F2062862E6E80494597CA64A602FA99610438487687AFC6A0FB866ED2C9F0F3814BCD63E7D2F78E68F02C454138012E342861C782A6F884EFD5B317C8BCEC56167A4CED80B0B1C1457225D8D404C082387BB99C60E1A18AA5D63840B0A9DFFF48720263A9CF5529EE1DACB35B00E6643C534997BD84F0F32E8F5CF1A0E223B9585579B613EEFE437CBD2C73F5A39036DFED4C59E5CE9B09187263FBEE379ED432D15BADAD2C8A218CF3145A599F682E7D8BC1DFC564C39171B3B854A89249C618D6351E0BF58E66EE12CCF7847E513DCBD9233CA333C54FC69970D7CDA3281889C4627C2C9DED210439F8A21EFF80A543937CDF6763347145546FFF9420A6839A0BAC05ECC3CF28CE361DF23ACA46BE538857A07FF12676886AED7C5C16ADBA4C9E3022173357355FEBF5BA453A1678ADC1771E825096173C24C506D2C78B8B9D09664E6A9691754AC5F05FE6DC792406FE53E8F4CE6C65620F6678ADD5CDD8F15260B2CD6AF99653865859EBC1708A7E6A2E1136C5A3D90764181AEC9D6D7033E7394D9D6D40D0FDD4C8A8876233BF5609627A06C1FC17A7B7D6939BFA9B0A79B730C3BCF4C20F83FB4E573E1BC5D32C63232F90C088F101C7CA94BCA69B0367B9249ED5FA48B9E21953995CCD1B0592D8517CE5F2D6CAB48E72C9DF2BCF1F55942600196715DE47E7AD0F3DCBFF968D0314C66E90A631EB46308E0A30EAB7147BB9A375700C3646E67862EE5C1FCF03F0252E07A0BF2BD2017A949D6BD0233FD9AAA2DEA09719AB388BB9CDCAC09157A635B6A1828EBB3A022B63B2BDD75A4516BB874F9D61FD25B1B97C8C20B7144FF88593D25CA2862FAC925BEA8869F1BEA6A2C6B2FD3E810A44F8F78875E742325A516F8BC212DF0B4C942044EEE6DC7441296713BE73F7A730CD60A3F4545D5050E3DB52B51C4806C2C3FD77EC73A5DE99240F36DF1633E7FB3520A64FDAD157D73721CCF2824AD4C797C91141D7813F0433DF8D84407D2B4807AAEA371093BBAAC8CB16834A3CBBC76E8C323DAEDCBA3355073386FB5E99F0BF2404EE114FD476398176D8B5EE196DAC50FFA410F8CE35DA459B000DD4781F3047DA7744405A5FA877258AFB556C04BD7C6DEE342434DF48684B062BB74A71F5F70809C8818CE522F479320FDA1E479E5D23FE4E85A812B56146B98BAF0C44AD6D3452C45A8F16DAF7DBF4B804A59ABE6AFED1BBF65FA18C90F91EA
HKLM\...\Policies\Explorer: [3518887414] 0x504B0304D545F260F6F5BDD19817000000500000868759DE0D386F5A8D9B0842FE933CD0493740E3B2AF974A329CC8EAC5522F50DEE147631572F270080E76224746DF9B0CD8041C90B5DCD1F7F728BC2EDE424A05870ED5B941054D5BE62CC7259BDB672369D689472091A38F11CB36A626C1661B1249BE7AE0A8AAA99564A17FEC91D70C6F6E09633690C90A5D6EDADF197F04B7EBD62E2E8DE283CAE5AFE7B454B2AC360F39222027057A6392B865A459B4226CDEEB326AF925C622E128060C1EA014C3FF116D8E857C3C8C6FBC146B282712FEF6062F3178E12CE90D2B20C22CF0148F85E3E42BA172BEBDCCAE41867C7CE4DA604555E656E32734CF19C3F6005BDB527655BFF8DD6B4ED164521E668776F280D05BD73F7B31F260068AC73431CC67ED049E208825C47B48E011C4ABB454260EB0409028551DC81C135B7F711486FE728596322FCC503F630B0105115982356B08A7978AAC5ACF15EE78D28F0B0307041CE87767EB09F350D03368F40BC33BA1EBF83BF4D41CCB98C579E2F3B749FD6CE6D5CDA0137403AFCBF6A00C3EB02E206E2399FB589947199133AB396A31B60635FAA70837C64653E7F8DC8D70C542467060AF2ADE5421DEA7A5FC425D5A8BB629D9172F077B4059DABF5C135EB35B17D51ACBC9DC28C245065881AE4317F97D38C7F674E3ACFF7006921F271EB5B45B2D83C4273F43EC38C185134CB383BBFC5EBC2A3D8E8012DCBC54EA24A5C0C6AD790B2161E042F3451807AA33197D0E5DF7CFD29C03D0845DA58BE2C6A30F888188E5F07026AE95E23B503AFF5A900F350644E0C3406FE07E2E05C724ED274D16D36EDB55D87568073DB4FF41AAD04EFC38C19D9E53F54264884F4F02E71C6206DAFE15374818CF81BA88BC0760FAC67F130778102E2B975EA5BD8CD5C5F9D0649482D22D3CADD549599CE75899D64EE8E764A77646936A0CDEAA8021E1CFC28361F1D861407FA0976BAFB721D56C9F08C95A8C39704D73E14EE4BDEDF8AEE26F55DCB1D68290DB8F34CBFEF0DBDA02D08AEEC0AF62B275E845903149F6A9869CFCF561A69D96B30584A345A71837712E6E759245E78F3A8E6C61C1A30539A45DC07431772DB9645E3FA69F08572537B0CFDCF81EB68F028E683AE4EBC5F0458CFD684BD09C0FCB7A8CAD62A6CA706FEFE4DBCDFB8F5B07415BE06B2AB1777201230758ADCE59B7E1C5750986B804CFC5A1C63EECAEB375DBFA2B3993E77AC45F82129BBB1C0A44C07294163F54EEB0B9CC9FC2C69DF6D75963AC380CD45A4B903A4628A146D359FDB50FCD17AE520BDA536CBE3E24ABF76FE88762A515164FB974322893DF47621244008D2CCE47123EF4061D500C34E91C92D39CEC4B0242EF02755DC3AF0F2E8C49537A31718DA38EE77F355165BA35264E1E5D1841721B015C733C202F885AAB60C8AC42F05FFCB21FB26F55B423FBA8AEB86ACCC2D03784AFB9DB84CA6A4F8E02D5BC958E5CC780FE41BC27CC06B1288A0006EF9570175BD1D096C559C220C988CA68229748CF76BD365BDC5519C43643D893D55421D1A172CCF9046B8F47ECDE9DA9C18A4AE36EEE52A061387168BA1DA17ACDB8371193E56477C2828331CB30A190CCAC83B3400EFA09B459366B713159E5E66CA6480949496312347E77BC0A0C0EDD7B53332BE1FD071CAE053AE000D970A8C43C01B79E483F4B7B25FF4C0FD3106552755A66C3C891AC718123ABCF09A5B627B24ECE1C68094971919DAEAF593E8D48E4023605F29618BCE48E4575AED673D2529D4617E47F1FC96DA8054DAC4D256EF4711558E1385CCAE528AA6D34F5AED285BD43B11BDC7EA48420C34E9A8A6D20B66A050C5FD92C39ED7885748E530E643FD2D04D61F04D360DA7E00D1A9E92EDBB8EB58B89EF6FC199D0CFA1366B9AF18839B2BBDD9CAAD11F754D8A4EB27E8F0E5C1A9BF6EC7F4EF45F520211BCE014AFD4DF03E903013ADF9941B4712FD0ABE2D5BE2556C8DF18094F0C58CCA0FF0917CFA0A8FE23A14215FCF19992F838C1E90857F587902EE38D411F1EF14164199128B922CDAC7121C12F7621C27A27C64F4381121D07EE84F2DF7A2D0B9928E7CAB5F98CD362EA40B41B3C5C7663FDC487DAB43B5D276E6502A0D98787653F618855CF74AAEC6960AC867AA4710DB2910DEC73D246CC881FCFE93AE5813032A4BCFF0C0BAC11F765813192839E02E44E3C0214A50B728F4A843F128281EF84055425DE9F958200536D0760FF2FA61A08D2B701425254DF9909D66C1DD521B266A1285D92685F5D2728D8271DFB3389FD4E797C9EE12598DE6C6E3DE0832999095916C1F78CE97D5522AEA55355055DA410C17692093DF4382C014161AB09B646D7340A2B6679B9F33AB88AC3B72F65D45205215FF861BE841AD7A3512A083278915DE55B6BF93714B7071D0B3F81DEEC68EC8CDCC9C734C5C551FF412F31EF8B16A05DBC4B688D3A2E6096701FCE6835824EEB74B980ABE1E3D6446E1EE986566F07794FC444742CA937B833D5DF760B627C1AECB9D1854E19C50DD654EC4A0498F605BC26AEFD420188249C7B9802CF6DB6399EA7785F20F76B97F3502A17E82FCD7AF7C8962FF0DD701944747AEE8F87660CE6D2E8BB69DDEACDD743E841A4ADF6291D891372016787CC17B812495ED0ED41F028B246F138F14C11CC6B1D6963CE57855D48BC48BF30AAE9E6316C56F072A690F75A42361865CFC411B25775F658973970E0A970E09C5EF99A738D245FDEC7052D51B849411B8DE4B12E2F9413BF2CAAC14E7F361EF1B6307C9EF696D04E7ABA8C3A810EFD3CCDC3FA56EB7DA3D6E1CEEF4471578485C300613248301C3D6A3AB3954FBD1BC74C09BBC1CBF028350F62BA745B9180E8551FA6FB5AA7B61EFDFF444FF43679DF3A2F221E226556ABB92F0C65A62E08F0DC1595C30E8DB6785DF77BC4E28ED25F102E54B7FEBEDEB40082D466DD5E44AE4FB6421AFE5E522E6F813BD6505C535C8411DF3057BE980EFDCD4A5CD470C1E13E95FC95D2B623418268DC767889809483CFA94741610557F4CFC45482C1ADE6F61672603B5848D7565B23C7F6A446176E3D0103B767ACFE36F7E011DD92AB2FB708D6B3C539165FA0D800B0891A72646BC98B605A175F7342F1DF1A9AE4463B4B1D2F0B00B58334ECDED92995D88DDB72A5A086AEF3CF5D9402DF4A58E45984E18FFD93CE6A56B769A836E24ABB88AD1123F9CE1CE2F86D30DA8B8030F4DA8AC5A77DB781A2F0FFA1024AE62B13466C949680AAB919143B66E1D08CAAA453AE50B5A422FAE0FBA2EF48BE9B57940C5DF4E27661622E7BEFEB61D64992C93E9E7AD687592193B727F3FD5DB5E153F75F9188B358DCBF8AFF86B018C462015409BFB9B235B958A4EF96FAB0AAA2343A6033D2AED6D81DDE4325762DB2B35E52D278F14CADB7226DEDCB990E5906D0EDA7FC16BAA5FD78DF8671BA25E63D16057698FD67C52404FFE01FC976CAA174C42A5F919ED5AF558C26BCFF66322694EB9238218B8B820D2BA8942B56A009B91794E9FF31A39D56348FDFD268ED5F38E856AD03528C2F6BA1B21AE1FEB1D960AADF035F10F878F2E84957CB7447E30990FBCDC52BBEC463A0308E27CB4D46D837CCB5E6F3A34873B855A75123566DB34759DFCB99B1397D4A4E62864D146288B54AA545204679762E6D302983676DDB7433E9789591C93544DE110783426337A74BDA680D8D25B19738512FDD4034B8D5836F38C677F05E4EB4FFDAAA06DCA0C1D2D7DFA7FF5BD649522859E6871388D17E02926A285082C10F82EF16B71088B0C636978AABAF2E6F5B1A7F23B5A653991724D2203A235401F1288C187FC17DF3689178CF67ACB99119C59F8D77FE540B4F792262F9A4A44F972093280675C1490F5F401820233FE8F340C46B5041869E5CEE18FF56D34A71455697E0D5EAE2E3644F6C5CD6380A340CCD23E90C7475EBBE4C2EA341B60C610C9EBD646AED7BDC5B76E419AF732B15634AE0701A3016F0AFC596B0B60FA095BF14A096CE16804E395DC8C9B91B116CF9DC1120450689ABD289B2BA4F69C2BA2A9EE151E47C841D1189A05834BD092415FE827E15BD637552BE426F73F2D2F637C5FC47DA11F2EDB61E2E809AA16A1DFB40CE58060DB75613BC320DD188C602DC3431676907E2C4CCD82426DD3B218EA01AF93AF6EB121B0A32E3DC4D6B1A88ADC6928B86E7416B25B474AE12B396A8DC57D3883C63AF88035079217750C7E7B73CAF7BD2D1ADA5B04313B9F25B0907026F8BE2F441D7A3B0F2DED0C24AADE8546E2A82DC6B02A2979C70801E4A6ADC95458956CB4020EE7A01CCD5AC3ED4178E4E2614BCB743C6FA8D008592E12CFA4243BCE16E0B618EF8F136DBD62A6643B7151336D1AE2761653B826521586DE89F85C5930A6173B10771C23E126F179573F42287E2661F2449DD79EDA7FFEDF9D702DBA31CB9B6AECF1BCF5D6EA4DB0988351D81FBE38919FE8FC60ECB547E0AC646E6F4DB4194D21C2E84B0DCCA75837315E39784045CB76D2FB85D3C43388DE930318B6C49F75C04E26F99772A38482E15ABA052F6B41FF4A66C0322FA04D05501C50986DCDE4F811FDF4D7FBB4192FF3DAEBE31955B90251D004C43C0F764985592535CFBA073EEE54F779D5BFAED2090320D685DF25E78E93017AF47A117629B207734A341572DB44790E7DE8F247FE3D5ECDE57FF82F82D93007CA2A9C9A35AC9BA1741167BC53F54C4D56EE725BCE9A8AA8793547BF08D7234311B1307A04B6DD77B3A3E60FC131F24EFAD9AC3227B185CE5C83E696041AC62A5553E2168B64C5FC66B96D344843A9C79E194D80C9CA7EF54BC3EE87F4692FB5F66FC76031C9F04B05164C001D1FCE8335F067A2E2ED14EC9E61FAD9D65A3568BD130C0D9464D319FDC5CB74582B6C90D2BF27F2B12A8AECCAFF48517E5478A27E235A57EA09E1B9E69C1A3FEAA9420DF37C22B113C80BBB3395B6EEFC5F6ACDA96A82F1098995897CB2DB2F164E8979C71ABA8F42EE76E00CCD9966E2C0F22D9D49BCE98DC7AB844530EA7C47BA7C81BA1D85CA930A9F97CD1BE289A1621C75558068EDD4BE3F0EBDC5E054F54F5549A90C48196E0D2175D2A21FB460354641AE8ACB5D789236F3E37A4A686EADDC5B441DB62CCBEB0F43ABB3B3A71C2178A9AA260C0E89C3FA85C34D7CDA6D8FC4CBEFF583575524C69940D9F516B2D4EF61424540EB4F94945AA391591AA5FCAA4D41AE44AA87AB91B244E79A68A2A17C10ED728162A33C5E6A2D27AE7F20BF27717E5ED6C8DE4094D891B8CD70B245E784B2C0465871C134FBD1523AB4C4EBDC646ACBD41E4E2C211322DEA33802F36D1A25FD0BAD40E88DF8C2FE431B8A677A4738AEED34C58B12FFA75CD2279DE5CF842BE6E1447307F91FF497BE98DEE1A6E0348775BE1916107BE78F705B72906F473193D7A8E131EDEE21AFFAD809E2F3B84092B690DDF56213BB92E45D8818F4AAF4F81635FF5E1681A60E3805DAEDF237E3DFE2F729B86B4C0BCC4830D5469A985E2824462F0D0C13F27C4583A2FE9CED050408528DCB88F90E7BB0259FEC554D048AB0DBCFE95E06BACC6419CCFB060C9BDC43BEF22B0DECBE185128C3DD1D487CC58BF72C89A9BC168477CE8FA421E69F9BD02B7A0CAF54EA28E562F459845D8518A992938289EA6462BE16EBA8555713CA826376AF8A6B9A123E301565B6F4BA59FCFD2F70173270EB7F296D266B72F33DA1DD0CF9E621E11252B9E712A20D4C9DEDECF6AF70829D3EC2E1308004FAC981CF5CF040AA4C9F87314884299F9A7A2CA2F529B57EE10C748133C3175F0F7DE45A9F9528586AD228F68ABAE03DACFBA9036F73038043DE0A148494289068106A014739ABC1F87524343DE281059F1E64C7BC90D0538E879B7FFAC568C79DD051A0A9C9A2E737699D249691ACCA169D6B856E3FC7D98CB2630FF6FBE3B3538F918F93A50E15FEBA0590CDDDD199E5119288312FEDAB83F792EE0E9DBD85781AB493BFE7E5B91E42F9BE3A795D3B7D459E3B791CB30EF99631225BA955EFB0E8599B117235469FDD25E9175C29498A939169C7D779B9F0E792442B21B92CB07B53FC51496BE4BAEBC7F99EB9AD6696734EF1B1D8C2AF7425C0DF2AF4A2063BB2A0664E3F286B2C8B4942835E58A30AE4E73F5BB98B312B1316CA3012E25979E7389CAC56E6492FF78A2BAAB81AF069A4E86B435C5F2BF709DBCC549F6CB1D24E72F78C699583F32D46FE0CE4A1D2CCCB3DB5D05B7433C70F09ABFCC869F6059C7569DD9EF7C34968BCF15F6C6F082367401E8C2214F03AA494FBBFA061B2704E5BB0CB81AC77805292F6D235EE7EF5DF1FD7745C6F8C60C03F753BD1F4BBD46F272987CC652B03F585386ADC55DAFB6B4E33F51D9B241C3AD7EF6F86416744BED7CD8C94303D116C76BBBFF86E870ED2AD3CADC6D5F4DF77F647E7C1B19D3045FE6C0C180FDD58F9F7F86FB7843C59004877AEB7F193F23AC1D59511956DE7DA2A9936F16D76312B6E4834F21EDC6B25117CEABF2BDE8623F3D2A049F890F4D1CB9572C47E6A807E6FC530F5DCD5A53BFCB96BAF242C060E31F5DAC87F5893C10A3F1180585758CA235C7E4F374C508B2570FED46EB045CAAB26096190016E55B45581BB9D9662BD46A04A0B6203761A063ACACC70318B9298BDB5A34055FB369A203FA6559218A00339D7FAEAE0F86CDAC1364DEDCBD49C3A98B4AADE6131D996EBD38374188343E2E43DB2ACD06F909FE52DA9E60EDCF70279A1A0754ADF82B2E229422B4F184352C1DFEC3F1B48F54112874373F60BC59DDBEA34C6DA436195AE0E1F1EC652C2B2EA5624867B85A2825F225E8F5063C528BA55940B0371F86DFFDB924714F2CB762C052982738616778379171BCD1C750E9FE2F232E267FEB96D786671346F9133A0E5A76D3124A52054AD5C9977D029CEE5D00A2B2DE3C405E4F82DDC1C9F877899FFE96844CE96226C40AD21CE27BEB1CED9C345C4447CA2665A1B3785C997143BB11D2DC759E55B3171BDAC19EEF7E55844F8FD3A514B94B406FA261413AE47A5E70D1941CC9D1F3FB5C723C7D814DB916E1D44D9A06CFF069E87F2B3CF6598B9000A3AA75DE21ED830F80482E4097C1EA33CE2D8194532087E1982AA385891876D814B68CD18D738424903EF3A4956D4348B82C4B498D9EDB4E6DE2AD24AD979948EE9E8B330C441D306D2462D44EC1B9D72CD56D28963E25A0FEFAD9E3D116DCD0C521ACD0F852C2D6EB847A4CE63B58D0D0820F49D897687B64E112F2B7A6D0B30103050C30AEFDE84EC3009936DD7F10305217DC1D182250FA4F1AFE82A3F83D563B4DCAD100DC8DC47C1B7BE1A60F32A1109B28A2C0BD39610D49223115AF1A3329DBB3E065AA513CDE4C5D22B0BFDEF48950C519AC95E03EA14260588C1737948C688398353F62651EACC2B39F5677D742F5FF61B1F1F210F168DBDF875F73333EDF5C38C4E91C652A2DD41A0C83FB6C9131C3D06B7DCB95BF6E6E7C3A450FBDF23E274098C19D53633ACF7B6FC9D74F79FE29B0DF909F6551945616761C303AA8B5C2FF6BC00B9276CFC2003BA70969C4551A4EA10C371EA8A1B143017D79A5995ABF0CF6458B6FB426FC8181A4FF4A55C57B5A0FCDC9C33C3ECB094483622A3E8B14A26B1155C7086D8BD225FEFEFF364A287E661AFC13F77083699ED3E520E03AD53A98FFBA6CDA3573E5C51096EAF475CE3E1297625C8C8171F4458C7BAB0FED535E9AAF0EA615F45EB3A2D035280A2F8AC42F86465379A80E827953AFB737A8CCC29AD341B4C3310895046F99ECCA1EB919679F2D5CE6F1FCBEEFF0835BCDDBFEA1DF7BBBF03AA750B8C46437F2DA5CE079869DF97586F52DD42B4A292ECF9C0B96AEC792F291653571373133FF3DDDE85ECB6D4DE2F349E71F893AF2FA42A68FE19A5B02E5BE781C035312D912906E6F980EAB54542972677375F5FA6A63164FF607B26D435B903D68179863F02C3BE9CC56373E8A54C7B2349296C85C3DA7A48BF77BD4B5A07761EB7ED880E9F4BFE1949971BA35BCBD2805F61F572CC209E4BE34F6A781A5A2A79E728AC6FC7E516FF342B380376330884F64552275A7A30245463326672F56FE04F56048C64501D60FFC309E9976FEF7931CE671EF6963DC015D56C3082C9230AEAF7072533DDFA1B19DBFE001266D8A09DBF2427025E9B59501F060F75D45E0748700FA26B92C52C8F71310DDBB1DFB2E23D4709243FC4CA1A59840DC07F432548F0075BFAFE9840C5754BE5CFCCF97F48E78B594939E9A9D737B3E7DBC364306BD309F479DEFEB03C09FCDE7DB9A4FF1D35865E6B462231FDF5FA7431CFE3A68B5D7152B021E86C64A5A51BEA3FF81BA9AA527ECDE123305C471B3F2B6D6887782C2208AF2FD5655F9EE58EBC126A017CBC00E2555A11722B4534C2EF317E81106602EFA8E81127289C9DF32215F257F594D4AF931F716F0785D776E44B71D8636E34D5DB4DF15F1E381B60F37608F0A2C234552AEA444B4EE28DD79B9AAC0BB62FE2A100554163DE1047B370FDD778565D883
HKLM\...\Policies\Explorer: [1781466620] 0x504B0304280C1952FC052F6A1204000000300000868759DE0D386F5A8D9B0842FE933CD0493740E3B2AF974A329CC8EAC5522F50DEE147631572F270080E76224746DF9B0CD8041C90B5DCD1F7F728BC2EDE424A05870ED5B941054D5BE62CC7259BDB672369D689472091A38F11CB362DF5C2661B1249BE7AE0A8AAA9957C824DEC21CF148F7712D6858DE8091B43F78E392238CB417E7019F416377D8053AE403451C703E55F6430D1A6617327018549617E3F6B0A3CA9011F732E02C99736F52639DDFF33C81D8D4B202B856CB062F8786BFF78F627BDBA61E3ACB55275F94863E9082781F3382B7172DA84BDDFD9CA0AAE09707BE139428F5B9C1AE20B9F768C792C16266E59EE254A9EC1D542F60B059A4EC19741DDF9D8B56E45918AEC4C767BF60598E7554D194FF33D847C9BCADF7C2A6FE18EE47868A1887D9FD20DB1DF6BE7AFECD2E39A69BD2CE15D76987BA47C7D66D36BA91EAC249D8537F6A4122BAA33F19744680C89659F2BAAFA1F3F90505CC0F8DE165CF6F1BDA646C9AE934D1BD3A9BC8CD7250B9B88825B419A44DB49720629BAE84237E8FCAF33D61FC7D0F01CF69F843B97F18FA7E18E1D01CCF4894A4345CB5108B6A0D658476C001AEA38F7ABA62573D9ABDAEAAA3772131279531CB2F29D5880C0825B3774C4BD289269CFDC69EE65D478D62F1A2077C642C9C0F8D38F65DB010D278F28589D0405D17417C7E6B0CC6B89E0E3D407A3D602BCB21939B8C7E2A0F8CACFC2EEE6D80EBDA52047603E74E9FE9CEAD14D05F66EBB3C6F4FD51F6A0AAF2CACC23FB34A09B3105ACA184588A91426587B5046153A86A75033ADB79C24ADFC047C4754FEC3CB13445501F64AA51CA9B4399A310336945B5ADA8204CA4B71890F72A1D5BA49D3F87808F6419DB5BAAA0E20A210386A67F707132E842EFF521F7F1CAC1EECF799427AEC5499CB96731809EEBE7720DA0BDE6699DAF22B9B7EA8A60DA6A2AA6A1CBCB5DE6A91238D1878B73ABE9C8578B41C9E0ABDFF4B4393B4BF3D9CF70D08F1ED2DBD79715C67C0E4E72F29C5E162A3FB52AC08744C2C8D66E282F0DF0D91B36A37E4E1E8AF8BEC2356CCBDFD1FF6878048C1961C5706C821A61185CA796DC839021ABDEB935A8E9E9C052A4C5678FA29A09B0ED46C5ED74046E81583DEEDDCE681A4691FBE5C4428557238BE7E1DE1C1D2DF88695D71456ADC7B55EC3EC282D7A0A15591A2B2D9B0B90F71BC0A73898217BB8D892833C377B17F1A8F80607A5A47AEABF2AC3AA95A4D3ABF81B62F85DA68FAAA60F0FF19DCD89C8FA0D874EDF47C1149A903956651BF0C4FF8FB748EB8A5ED35B786CF914DA6D75B63E1CB7C634FED826755D54DA8A5422AFDBB52E18BB2FD0AA0915285960B130DAD5209F4AD7596FBA38A869FB7F1693015A5EC6D66D700013E6543E2FB8BADCBA898901F2CFFD6986FAA829FDA79140686D18F3141BCCC886201D12DF05DE5ED349AA0E1A35778EE
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2011-08-11] (cyberlink)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [hpbdfawep] - C:\Program Files (x86)\HP\Dfawep\bin\hpbdfawep.exe [1214976 2007-04-25] ()
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKU\Megan\...\Run: [Cyirgaq] - C:\Users\Megan\AppData\Roaming\Egkydo\idsyo.exe [356504 2013-01-10] (DT Soft Ltd)
HKU\Megan\...\Run: [kpxmu] - C:\Users\Megan\AppData\Roaming\Microsoft\Cluuo\cluuo.exe [287744 2013-05-29] (Корпорация Майкрософт)
HKU\Naylor\...\Run: [Adobe Acrobat Synchronizer] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1264360 2012-12-18] (Adobe Systems Incorporated)
HKU\Naylor\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1632680 2013-03-15] ()
HKU\Naylor\...\Run: [HP Officejet 6700 (NET)] - C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\Naylor\...\Run: [Bufoucvumi] - C:\Users\Naylor\AppData\Roaming\Ewulof\fenek.exe [x]
HKU\Naylor\...\Run: [Avid] - Regsvr32.exe C:\Windows\system32\config\systemprofile\AppData\Local\Avid\exesccmh.dll [x] <===== ATTENTION
HKU\Naylor\...\Run: [970955104779.exe] - C:\Users\Naylor\AppData\Roaming\970955104779.exe [x]
HKU\Naylor\...\Run: [cftomn.exe] - C:\Users\Naylor\AppData\Local\cftomn.exe [x]
HKU\Naylor\...\Run: [evggk] - "C:\Users\Naylor\AppData\Roaming\Microsoft\Hhtnige\hhtnige.exe" [x]
HKU\Naylor\...\Run: [Internet Security] - C:\ProgramData\tdefender.exe [855040 2013-06-25] ()
HKU\Naylor\...\Run: [Adobe CSS5.1 Manager] - C:\Users\Naylor\AppData\Local\e27a7ea4-3a15-479a-9a44-ba80f0f04984ad\eaeaaaabaffad.exe [x] <===== ATTENTION
HKU\Naylor\...\Policies\Explorer\Run: [eaeaaaabaffad] - C:\Users\Naylor\AppData\Local\e27a7ea4-3a15-479a-9a44-ba80f0f04984ad\eaeaaaabaffad.exe [x]
HKU\Naylor\...\CurrentVersion\Windows: [Load] c:\users\naylor\dxfnyoi.exe <===== ATTENTION
HKU\Naylor\...\Winlogon: [Shell] explorer.exe,C:\Users\Naylor\AppData\Roaming\skype.dat <==== ATTENTION 
IMEO\hijackthis.exe: [Debugger] vedim_.exe
IMEO\housecalllauncher.exe: [Debugger] zfrui_.exe
IMEO\mbam.exe: [Debugger] ttd_.exe
IMEO\mbamgui.exe: [Debugger] ifl_.exe
IMEO\rstrui.exe: [Debugger] nkdas_.exe
IMEO\spybotsd.exe: [Debugger] zkskj_.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\anluma.exe (DT Soft Ltd)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\anluma.exe (DT Soft Ltd)
Startup: C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cluuo.lnk
ShortcutTarget: cluuo.lnk -> C:\Users\Megan\AppData\Roaming\Microsoft\Cluuo\cluuo.exe (Корпорация Майкрософт)
 
==================== Services (Whitelisted) =================
 
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink)
S2 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [572928 2013-02-11] ()
S2 DefaultTabUpdate; C:\Users\Naylor\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2012-07-16] ()
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [120592 2013-05-22] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)
S3 RoxMediaDBVHS; C:\Program Files (x86)\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [1116656 2010-02-19] (Sonic Solutions)
 
==================== Drivers (Whitelisted) ====================
 
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S1 ijekxmxs; \??\C:\Windows\system32\drivers\ijekxmxs.sys [x]
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [x]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 62DDF55680F8C53E4B8DDE4189ADA0B8
C:\Windows\System32\DRIVERS\atikmpag.sys 51F027DFFEDFB8D763FABFFA06B56E6D
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys DBB487D09F56C674430AC454FD8BCAB9
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys 2FDAEC4B02729C48C0FD1B0B4695995B
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 235362D403D9D677514649D88DB31914
C:\Windows\System32\DRIVERS\IntcDAud.sys FC727061C0F47C8059E88E05D5C8E381
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\k57nd60a.sys 12E27942DBB7C91880163634B0D8A776
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MarvinBus64.sys 024DA28053D57E9E32BEE52600576BBB
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys 1C6E73FC46B509EFF9D0086AA37132DF
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys FC1D590039EF06A381768710E6C07E75
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netvsc60.sys 73CE12B8BDD747B0063CB0A7EF44CEA7
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 8FB3C853E886E1E4D57271672486111C
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\VMBusVideoM.sys 4CDD7DF58730D23BA9CB5829A6E2ECEA
C:\Windows\System32\drivers\tcpip.sys B62A953F2BF3922C8764A29C34A22899
C:\Windows\System32\DRIVERS\tcpip.sys B62A953F2BF3922C8764A29C34A22899
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\emBDA64.sys 1E1786E15F91183BE26732E89ADC1817
C:\Windows\System32\DRIVERS\emOEM64.sys E97F0E00ADBC1BCEF691C71DBEE77041
C:\Windows\System32\Drivers\usbaapl64.sys AF1B9474D67897D0C2CFF58E0ACEACCC
C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A
C:\Windows\System32\DRIVERS\usbccgp.sys 19AD7990C0B67E48DAC5B26F99628223
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-04 17:44 - 2013-09-03 15:28 - 00002960 _____ C:\Windows\System32\Tasks\HP WEP
2013-09-04 17:36 - 2013-09-04 19:36 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-04 01:49 - 2013-09-04 01:49 - 00275152 _____ C:\Windows\Minidump\090413-21574-01.dmp
2013-09-03 15:58 - 2013-09-03 15:58 - 00064734 _____ C:\Users\Administrator\Documents\cc_20130903_165826.reg
2013-09-03 15:53 - 2013-09-03 15:53 - 04454952 _____ (Piriform Ltd) C:\Users\Administrator\Downloads\ccsetup405.exe
2013-09-03 15:53 - 2013-09-03 15:53 - 00002788 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-09-03 15:53 - 2013-09-03 15:53 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-03 15:53 - 2013-09-03 15:53 - 00000824 _____ C:\ProgramData\Desktop\CCleaner.lnk
2013-09-03 15:53 - 2013-09-03 15:53 - 00000000 ____D C:\Program Files\CCleaner
2013-09-03 15:51 - 2013-09-03 15:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel Corporation
2013-09-03 15:35 - 2013-09-03 15:35 - 00275152 _____ C:\Windows\Minidump\090313-20092-01.dmp
2013-09-03 15:31 - 2013-09-04 01:49 - 471440505 _____ C:\Windows\MEMORY.DMP
2013-09-03 15:31 - 2013-09-03 15:31 - 00275152 _____ C:\Windows\Minidump\090313-25428-01.dmp
2013-09-03 15:28 - 2013-09-03 15:31 - 00000344 _____ C:\Windows\Tasks\HP WEP.job
2013-09-03 15:23 - 2013-09-03 15:24 - 00001863 _____ C:\Windows\WindowsUpdate.log
2013-09-03 15:23 - 2013-09-03 15:23 - 00002119 _____ C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
2013-09-03 15:23 - 2013-09-03 15:23 - 00002119 _____ C:\ProgramData\Desktop\Microsoft Security Essentials.lnk
2013-09-03 15:23 - 2013-09-03 15:23 - 00001945 _____ C:\Windows\epplauncher.mif
2013-09-03 15:23 - 2013-09-03 15:23 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-03 15:23 - 2013-09-03 15:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-03 15:22 - 2013-09-03 15:30 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-03 15:22 - 2013-09-03 15:30 - 00001104 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-03 15:22 - 2013-09-03 15:22 - 00254152 _____ (Secure By Design Inc.) C:\Users\Administrator\Downloads\Ninite Essentials Malwarebytes Installer.exe
2013-09-03 15:22 - 2013-09-03 15:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-03 15:22 - 2013-09-03 15:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2013-09-03 15:22 - 2013-04-04 13:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-09-03 15:17 - 2013-09-04 01:49 - 00000224 _____ C:\Windows\setupact.log
2013-09-03 15:17 - 2013-09-03 15:31 - 00007792 _____ C:\Windows\PFRO.log
2013-09-03 15:17 - 2013-09-03 15:17 - 00000000 _____ C:\Windows\setuperr.log
2013-09-03 15:14 - 2013-09-03 15:18 - 00003832 _____ C:\Windows\System32\TmInstall.log
2013-09-03 15:14 - 2013-09-03 15:14 - 00004280 _____ C:\Windows\SysWOW64\TmInstall.log
2013-09-03 15:11 - 2013-09-03 15:11 - 12327440 _____ (Trend Micro Inc.) C:\Users\Administrator\Downloads\TiUnTool_60_MUI.exe
2013-09-03 14:10 - 2013-09-03 15:51 - 00172072 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-03 14:10 - 2013-09-03 14:10 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Roxio Burn
2013-09-03 14:10 - 2013-09-03 14:10 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Roxio
2013-09-03 14:10 - 2013-09-03 14:10 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ATI
2013-09-03 14:10 - 2013-09-03 14:10 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2013-09-03 14:10 - 2013-09-03 14:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2013-09-03 14:10 - 2013-09-03 14:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\Avid
2013-09-03 14:10 - 2013-09-03 14:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\ATI
2013-09-03 14:10 - 2013-09-03 14:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2013-09-03 14:09 - 2013-09-03 14:09 - 04188160 _____ C:\Program Files (x86)\GUTCC06.tmp
2013-09-03 14:09 - 2013-09-03 14:09 - 00000000 ____D C:\Program Files (x86)\GUMCC05.tmp
2013-09-03 14:08 - 2013-09-03 14:10 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-09-03 14:07 - 2013-09-03 14:07 - 00000660 __RSH C:\Users\Administrator\ntuser.pol
2013-09-03 14:06 - 2013-09-04 19:36 - 00000000 ____D C:\users\Administrator
2013-09-03 14:06 - 2013-09-03 14:06 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-09-03 14:06 - 2013-06-18 15:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\SoftThinks
2013-09-03 14:06 - 2012-03-20 07:34 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2013-09-03 14:06 - 2012-02-19 13:53 - 00001150 _____ C:\Users\Administrator\Desktop\My Business Toolkit.lnk
2013-09-03 14:06 - 2012-01-25 18:33 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2013-09-03 11:31 - 2013-09-03 11:31 - 00000000 ____D C:\Users\Megan\AppData\Local\Apple
2013-09-03 11:28 - 2013-09-03 11:28 - 00000000 ____D C:\Users\Megan\AppData\Roaming\HpUpdate
2013-09-03 11:27 - 2013-09-03 11:27 - 00003590 _____ C:\Windows\System32\Tasks\mxscluuoupd
 
==================== One Month Modified Files and Folders =======
 
2013-09-05 13:42 - 2013-09-05 13:42 - 00000000 ____D C:\FRST
2013-09-04 19:36 - 2013-09-04 17:36 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-04 19:36 - 2013-09-03 14:06 - 00000000 ____D C:\users\Administrator
2013-09-04 19:36 - 2013-07-05 15:44 - 00000000 ____D C:\Users\Megan\AppData\Roaming\Egkydo
2013-09-04 19:36 - 2013-05-11 13:49 - 00000000 ____D C:\Users\Naylor\AppData\Roaming\gfx
2013-09-04 19:36 - 2013-05-11 10:57 - 00000000 ____D C:\Users\Naylor\AppData\Roaming\WindowsPEx
2013-09-04 19:36 - 2013-05-11 10:49 - 00000000 ____D C:\Users\Naylor\AppData\Roaming\WindowsPED
2013-09-04 19:36 - 2013-05-05 17:44 - 00000000 ____D C:\ProgramData\508215AC75CA8FB500005081C530959A
2013-09-04 19:36 - 2013-02-11 12:38 - 00000000 ____D C:\Users\Naylor\AppData\Local\{AB959331-961F-42A6-BC42-85ECAA4D688C}
2013-09-04 19:36 - 2012-07-16 17:49 - 00000000 ____D C:\Users\Naylor\AppData\Local\RivalGaming
2013-09-04 19:36 - 2012-07-16 17:49 - 00000000 ____D C:\Program Files (x86)\SavingsApp
2013-09-04 19:36 - 2012-04-11 08:11 - 00000000 ____D C:\users\Megan
2013-09-04 19:36 - 2012-01-23 18:31 - 00000000 ____D C:\users\Naylor
2013-09-04 19:36 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-09-04 19:35 - 2012-01-17 17:43 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-09-04 09:18 - 2012-01-17 17:54 - 00000000 ____D C:\ProgramData\Sonic
2013-09-04 03:12 - 2012-04-01 12:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-04 03:08 - 2013-03-06 15:16 - 00000340 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2013-09-04 03:00 - 2013-06-25 18:54 - 00000330 ____H C:\Windows\Tasks\{D27699D3-D13C-4E51-90AA-803CB12B1344}.job
2013-09-04 03:00 - 2013-05-01 15:32 - 00000342 _____ C:\Windows\Tasks\At29.job
2013-09-04 03:00 - 2013-05-01 15:31 - 00000340 _____ C:\Windows\Tasks\At5.job
2013-09-04 02:49 - 2012-09-02 13:51 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-04 02:00 - 2013-05-01 15:32 - 00000342 _____ C:\Windows\Tasks\At28.job
2013-09-04 02:00 - 2013-05-01 15:31 - 00000340 _____ C:\Windows\Tasks\At4.job
2013-09-04 01:57 - 2009-07-14 00:13 - 00006458 _____ C:\Windows\System32\PerfStringBackup.INI
2013-09-04 01:57 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-04 01:57 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-04 01:49 - 2013-09-04 01:49 - 00275152 _____ C:\Windows\Minidump\090413-21574-01.dmp
2013-09-04 01:49 - 2013-09-03 15:31 - 471440505 _____ C:\Windows\MEMORY.DMP
2013-09-04 01:49 - 2013-09-03 15:17 - 00000224 _____ C:\Windows\setupact.log
2013-09-04 01:49 - 2013-03-06 21:58 - 00000000 ____D C:\Windows\Minidump
2013-09-04 01:49 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-03 15:58 - 2013-09-03 15:58 - 00064734 _____ C:\Users\Administrator\Documents\cc_20130903_165826.reg
2013-09-03 15:57 - 2012-05-28 12:21 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-03 15:57 - 2011-02-10 09:25 - 00000000 ____D C:\Windows\panther
2013-09-03 15:53 - 2013-09-03 15:53 - 04454952 _____ (Piriform Ltd) C:\Users\Administrator\Downloads\ccsetup405.exe
2013-09-03 15:53 - 2013-09-03 15:53 - 00002788 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-09-03 15:53 - 2013-09-03 15:53 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-03 15:53 - 2013-09-03 15:53 - 00000824 _____ C:\ProgramData\Desktop\CCleaner.lnk
2013-09-03 15:53 - 2013-09-03 15:53 - 00000000 ____D C:\Program Files\CCleaner
2013-09-03 15:51 - 2013-09-03 15:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel Corporation
2013-09-03 15:51 - 2013-09-03 14:10 - 00172072 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-03 15:37 - 2012-09-02 13:51 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-03 15:35 - 2013-09-03 15:35 - 00275152 _____ C:\Windows\Minidump\090313-20092-01.dmp
2013-09-03 15:31 - 2013-09-03 15:31 - 00275152 _____ C:\Windows\Minidump\090313-25428-01.dmp
2013-09-03 15:31 - 2013-09-03 15:28 - 00000344 _____ C:\Windows\Tasks\HP WEP.job
2013-09-03 15:31 - 2013-09-03 15:17 - 00007792 _____ C:\Windows\PFRO.log
2013-09-03 15:30 - 2013-09-03 15:22 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-03 15:30 - 2013-09-03 15:22 - 00001104 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-03 15:28 - 2013-09-04 17:44 - 00002960 _____ C:\Windows\System32\Tasks\HP WEP
2013-09-03 15:28 - 2012-07-16 17:49 - 00000264 _____ C:\Windows\Tasks\RGames Updater.job
2013-09-03 15:24 - 2013-09-03 15:23 - 00001863 _____ C:\Windows\WindowsUpdate.log
2013-09-03 15:23 - 2013-09-03 15:23 - 00002119 _____ C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
2013-09-03 15:23 - 2013-09-03 15:23 - 00002119 _____ C:\ProgramData\Desktop\Microsoft Security Essentials.lnk
2013-09-03 15:23 - 2013-09-03 15:23 - 00001945 _____ C:\Windows\epplauncher.mif
2013-09-03 15:23 - 2013-09-03 15:23 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-03 15:23 - 2013-09-03 15:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-03 15:22 - 2013-09-03 15:22 - 00254152 _____ (Secure By Design Inc.) C:\Users\Administrator\Downloads\Ninite Essentials Malwarebytes Installer.exe
2013-09-03 15:22 - 2013-09-03 15:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-03 15:22 - 2013-09-03 15:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2013-09-03 15:18 - 2013-09-03 15:14 - 00003832 _____ C:\Windows\System32\TmInstall.log
2013-09-03 15:17 - 2013-09-03 15:17 - 00000000 _____ C:\Windows\setuperr.log
2013-09-03 15:14 - 2013-09-03 15:14 - 00004280 _____ C:\Windows\SysWOW64\TmInstall.log
2013-09-03 15:14 - 2012-01-17 17:57 - 00000000 ____D C:\ProgramData\Trend Micro
2013-09-03 15:12 - 2012-04-01 12:37 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-03 15:12 - 2012-04-01 12:37 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-03 15:12 - 2012-01-17 17:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-03 15:11 - 2013-09-03 15:11 - 12327440 _____ (Trend Micro Inc.) C:\Users\Administrator\Downloads\TiUnTool_60_MUI.exe
2013-09-03 15:00 - 2013-05-01 15:32 - 00000342 _____ C:\Windows\Tasks\At41.job
2013-09-03 15:00 - 2013-05-01 15:31 - 00000340 _____ C:\Windows\Tasks\At17.job
2013-09-03 14:58 - 2009-07-14 00:08 - 00032544 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-03 14:10 - 2013-09-03 14:10 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Roxio Burn
2013-09-03 14:10 - 2013-09-03 14:10 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Roxio
2013-09-03 14:10 - 2013-09-03 14:10 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ATI
2013-09-03 14:10 - 2013-09-03 14:10 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2013-09-03 14:10 - 2013-09-03 14:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2013-09-03 14:10 - 2013-09-03 14:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\Avid
2013-09-03 14:10 - 2013-09-03 14:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\ATI
2013-09-03 14:10 - 2013-09-03 14:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2013-09-03 14:10 - 2013-09-03 14:08 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-09-03 14:09 - 2013-09-03 14:09 - 04188160 _____ C:\Program Files (x86)\GUTCC06.tmp
2013-09-03 14:09 - 2013-09-03 14:09 - 00000000 ____D C:\Program Files (x86)\GUMCC05.tmp
2013-09-03 14:07 - 2013-09-03 14:07 - 00000660 __RSH C:\Users\Administrator\ntuser.pol
2013-09-03 14:06 - 2013-09-03 14:06 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-09-03 12:02 - 2013-05-01 15:31 - 00000340 _____ C:\Windows\Tasks\At14.job
2013-09-03 12:00 - 2013-05-01 15:32 - 00000342 _____ C:\Windows\Tasks\At38.job
2013-09-03 11:31 - 2013-09-03 11:31 - 00000000 ____D C:\Users\Megan\AppData\Local\Apple
2013-09-03 11:28 - 2013-09-03 11:28 - 00000000 ____D C:\Users\Megan\AppData\Roaming\HpUpdate
2013-09-03 11:27 - 2013-09-03 11:27 - 00003590 _____ C:\Windows\System32\Tasks\mxscluuoupd
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$d7043fec9a27f28174d8f0da1707b97a
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$d7043fec9a27f28174d8f0da1707b97a
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2716485453-1427893299-3410459372-1000\$d7043fec9a27f28174d8f0da1707b97a
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$d7043fec9a27f28174d8f0da1707b97a
 
Files to move or delete:
====================
C:\Windows\svchost.exe
ATTENTION ====> Check for partition/boot infection.
C:\Users\Administrator\AppData\Local\Temp\6c0yrv4d.dll
C:\ProgramData\1m572m2im.dat
C:\ProgramData\dwm.exe
C:\ProgramData\mxdefender.exe
C:\ProgramData\tdefender.exe
C:\Users\Naylor\acrobat.exe
C:\Users\Naylor\csrss.exe
C:\Users\Naylor\jagex_cl_runescape_LIVE.dat
C:\Users\Naylor\notepad.exe
C:\Users\Naylor\random.dat
C:\Users\Naylor\skype.exe
C:\Users\Naylor\spoolsv.exe
C:\Users\Naylor\AppData\Roaming\skype.ini
C:\Users\Naylor\AppData\Local\Temp\-dc5hjpj.dll
C:\Users\Naylor\AppData\Local\Temp\05cxqeo1.dll
C:\Users\Naylor\AppData\Local\Temp\0fzddlqm.dll
C:\Users\Naylor\AppData\Local\Temp\0knu00yl.dll
C:\Users\Naylor\AppData\Local\Temp\0nb60r5h.dll
C:\Users\Naylor\AppData\Local\Temp\0qlagbtu.dll
C:\Users\Naylor\AppData\Local\Temp\1138195258.exe
C:\Users\Naylor\AppData\Local\Temp\1139798970.exe
C:\Users\Naylor\AppData\Local\Temp\1876c773.exe
C:\Users\Naylor\AppData\Local\Temp\1tm_oycg.dll
C:\Users\Naylor\AppData\Local\Temp\1weqg0lj.dll
C:\Users\Naylor\AppData\Local\Temp\2045728674.exe
C:\Users\Naylor\AppData\Local\Temp\24jeucb1.dll
C:\Users\Naylor\AppData\Local\Temp\2mwcpaou.dll
C:\Users\Naylor\AppData\Local\Temp\4dc5zw9e.dll
C:\Users\Naylor\AppData\Local\Temp\4fecithp.dll
C:\Users\Naylor\AppData\Local\Temp\57-rssji.dll
C:\Users\Naylor\AppData\Local\Temp\5_de1ueo.dll
C:\Users\Naylor\AppData\Local\Temp\61www7ph.dll
C:\Users\Naylor\AppData\Local\Temp\6ecffmnz.dll
C:\Users\Naylor\AppData\Local\Temp\71bjcxpn.dll
C:\Users\Naylor\AppData\Local\Temp\79aar6fq.dll
C:\Users\Naylor\AppData\Local\Temp\7hpezmrf.dll
C:\Users\Naylor\AppData\Local\Temp\90msyyfa.dll
C:\Users\Naylor\AppData\Local\Temp\9nxhc3y8.dll
C:\Users\Naylor\AppData\Local\Temp\afoz8crg.dll
C:\Users\Naylor\AppData\Local\Temp\AJMvqk0.exe
C:\Users\Naylor\AppData\Local\Temp\artv_gsk.dll
C:\Users\Naylor\AppData\Local\Temp\asisukok.dll
C:\Users\Naylor\AppData\Local\Temp\azapeewl.dll
C:\Users\Naylor\AppData\Local\Temp\bm_0xu7s.dll
C:\Users\Naylor\AppData\Local\Temp\bwysj__p.dll
C:\Users\Naylor\AppData\Local\Temp\cyz4armk.dll
C:\Users\Naylor\AppData\Local\Temp\d27tpkbt.dll
C:\Users\Naylor\AppData\Local\Temp\dcntnfih.dll
C:\Users\Naylor\AppData\Local\Temp\dfhnfhxd.dll
C:\Users\Naylor\AppData\Local\Temp\drm_dyndata_7330014.dll
C:\Users\Naylor\AppData\Local\Temp\dtamyajk.dll
C:\Users\Naylor\AppData\Local\Temp\eoqugime.dll
C:\Users\Naylor\AppData\Local\Temp\ep7a4vng.dll
C:\Users\Naylor\AppData\Local\Temp\fewraqqr.dll
C:\Users\Naylor\AppData\Local\Temp\fg3zo7vc.dll
C:\Users\Naylor\AppData\Local\Temp\h2og3z4e.dll
C:\Users\Naylor\AppData\Local\Temp\hfljfdh_.dll
C:\Users\Naylor\AppData\Local\Temp\hh15htl-.dll
C:\Users\Naylor\AppData\Local\Temp\hpu3xmnd.dll
C:\Users\Naylor\AppData\Local\Temp\ht128dwb.dll
C:\Users\Naylor\AppData\Local\Temp\i1cazftv.dll
C:\Users\Naylor\AppData\Local\Temp\ieqmnra6.dll
C:\Users\Naylor\AppData\Local\Temp\ik9-yaf8.dll
C:\Users\Naylor\AppData\Local\Temp\jmoz3fpt.dll
C:\Users\Naylor\AppData\Local\Temp\jna1539455500803050976.dll
C:\Users\Naylor\AppData\Local\Temp\jna2062604558326918517.dll
C:\Users\Naylor\AppData\Local\Temp\jna2301387591953857826.dll
C:\Users\Naylor\AppData\Local\Temp\jna2423206878191553477.dll
C:\Users\Naylor\AppData\Local\Temp\jna3233079411392879306.dll
C:\Users\Naylor\AppData\Local\Temp\jna3435630063571756125.dll
C:\Users\Naylor\AppData\Local\Temp\jna3645972488854499400.dll
C:\Users\Naylor\AppData\Local\Temp\jnjzdwoh.dll
C:\Users\Naylor\AppData\Local\Temp\jy7ft6yr.dll
C:\Users\Naylor\AppData\Local\Temp\k3knkeps.dll
C:\Users\Naylor\AppData\Local\Temp\kqywsmpr.dll
C:\Users\Naylor\AppData\Local\Temp\LiTL9ND.exe
C:\Users\Naylor\AppData\Local\Temp\lnmf0uau.dll
C:\Users\Naylor\AppData\Local\Temp\lsm8_64k.dll
C:\Users\Naylor\AppData\Local\Temp\lxkfhebd.dll
C:\Users\Naylor\AppData\Local\Temp\m2sfy18d.dll
C:\Users\Naylor\AppData\Local\Temp\m4d6j8pb.dll
C:\Users\Naylor\AppData\Local\Temp\m9hlah40.dll
C:\Users\Naylor\AppData\Local\Temp\mbiw7594.dll
C:\Users\Naylor\AppData\Local\Temp\mldzdq_y.dll
C:\Users\Naylor\AppData\Local\Temp\my55smbm.dll
C:\Users\Naylor\AppData\Local\Temp\nb67u-vc.dll
C:\Users\Naylor\AppData\Local\Temp\nlti7_ko.dll
C:\Users\Naylor\AppData\Local\Temp\npnmpwsx.dll
C:\Users\Naylor\AppData\Local\Temp\o0ybrft4.dll
C:\Users\Naylor\AppData\Local\Temp\obxy3qqw.dll
C:\Users\Naylor\AppData\Local\Temp\ofbp2hli.dll
C:\Users\Naylor\AppData\Local\Temp\oguir1ci.dll
C:\Users\Naylor\AppData\Local\Temp\orwmx2fy.dll
C:\Users\Naylor\AppData\Local\Temp\ovw8bech.dll
C:\Users\Naylor\AppData\Local\Temp\oyahtv-c.dll
C:\Users\Naylor\AppData\Local\Temp\pijdzlxe.dll
C:\Users\Naylor\AppData\Local\Temp\qe55dvvv.dll
C:\Users\Naylor\AppData\Local\Temp\qfbqwaxj.dll
C:\Users\Naylor\AppData\Local\Temp\qr7fgvp0.dll
C:\Users\Naylor\AppData\Local\Temp\r4lhhurj.dll
C:\Users\Naylor\AppData\Local\Temp\r9avappb.dll
C:\Users\Naylor\AppData\Local\Temp\rupdapvl.dll
C:\Users\Naylor\AppData\Local\Temp\rxmpthom.dll
C:\Users\Naylor\AppData\Local\Temp\s3mjqdj-.dll
C:\Users\Naylor\AppData\Local\Temp\saczbooq.dll
C:\Users\Naylor\AppData\Local\Temp\so3a-hmz.dll
C:\Users\Naylor\AppData\Local\Temp\su-ltp4b.dll
C:\Users\Naylor\AppData\Local\Temp\t0znxylu.dll
C:\Users\Naylor\AppData\Local\Temp\t9rn3teo.dll
C:\Users\Naylor\AppData\Local\Temp\tbedrs.dll
C:\Users\Naylor\AppData\Local\Temp\tjm5cpov.dll
C:\Users\Naylor\AppData\Local\Temp\tjyf7z3r.dll
C:\Users\Naylor\AppData\Local\Temp\tr1a5tkk.dll
C:\Users\Naylor\AppData\Local\Temp\tyvazpsy.dll
C:\Users\Naylor\AppData\Local\Temp\uixh0a88.dll
C:\Users\Naylor\AppData\Local\Temp\usb3jjbn.dll
C:\Users\Naylor\AppData\Local\Temp\vadsweym.dll
C:\Users\Naylor\AppData\Local\Temp\vn_m5gcy.dll
C:\Users\Naylor\AppData\Local\Temp\vsk85cj6.dll
C:\Users\Naylor\AppData\Local\Temp\vx68dqtv.dll
C:\Users\Naylor\AppData\Local\Temp\wb6f_wo1.dll
C:\Users\Naylor\AppData\Local\Temp\wbx9ol4p.dll
C:\Users\Naylor\AppData\Local\Temp\wjdncrct.dll
C:\Users\Naylor\AppData\Local\Temp\wlk8njrr.dll
C:\Users\Naylor\AppData\Local\Temp\Wnfoh45.exe
C:\Users\Naylor\AppData\Local\Temp\wpg6v-pi.dll
C:\Users\Naylor\AppData\Local\Temp\x-mzuve0.dll
C:\Users\Naylor\AppData\Local\Temp\xm6dbiy_.dll
C:\Users\Naylor\AppData\Local\Temp\xvbxfbjfnhv.exe
C:\Users\Naylor\AppData\Local\Temp\yn4rtvjt.dll
C:\Users\Naylor\AppData\Local\Temp\z-qlluu8.dll
C:\Users\Naylor\AppData\Local\Temp\z8qa7gu5.dll
C:\Users\Naylor\AppData\Local\Temp\zapjryqirrem.exe
C:\Users\Naylor\AppData\Local\Temp\zjpy1pes.dll
C:\Users\Naylor\AppData\Local\Temp\zZWqtxi.exe
C:\Users\Naylor\AppData\Local\Temp\_nlcoaiv.dll
C:\Users\Naylor\AppData\Local\Temp\{F0EF06FD-03ED-4D36-9000-D459A51D7BFC}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\{ED82BFBC-CF06-4749-8DB2-2BDCF31E3DE3}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\{DECCB07C-29D9-4519-8BBA-D04043D688DC}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\{B60D874F-176D-4B41-B3F0-0AE241325FCA}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\{9578217D-120E-4969-91D1-10A0C7DA177A}\ISSetup.dll
C:\Users\Naylor\AppData\Local\Temp\{9578217D-120E-4969-91D1-10A0C7DA177A}\_Setup.dll
C:\Users\Naylor\AppData\Local\Temp\{8F54E1B6-3BE9-4BAD-8017-615BD70E57C8}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\{6FF3A3BA-07A0-4CD9-AF2C-448232D8D478}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\{6FF3A3BA-07A0-4CD9-AF2C-448232D8D478}\ISRT.dll
C:\Users\Naylor\AppData\Local\Temp\{6FF3A3BA-07A0-4CD9-AF2C-448232D8D478}\_isres_0x0409.dll
C:\Users\Naylor\AppData\Local\Temp\{55111411-8949-4125-94BB-CF96E6775354}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\{5281B41F-02D2-4475-A959-555A59F1B1BF}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\{4CF9C6BC-1604-4ACD-AF64-5554C7E25E94}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\{2AF5D9A4-5D9A-47E0-86F0-592BD519801F}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\{24C35AB8-95F7-4CD1-83BB-D4091CDE9571}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\{245FAB97-A3AF-474E-B58D-54CECA44C37D}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\{1DD675F6-B34B-4AEA-98AC-BB00C97E5DF5}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\{0F7364AC-1081-4810-A38F-B14DA235E8A9}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\{012AA37C-9F54-4E79-8544-F6BB0C0D5F08}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\tmpf98fc40d\toxo.exe
C:\Users\Naylor\AppData\Local\Temp\tmpcb88b031\toxo.exe
C:\Users\Naylor\AppData\Local\Temp\tmp9400c318\popoooo.exe
C:\Users\Naylor\AppData\Local\Temp\tmp89693353\ate.exe
C:\Users\Naylor\AppData\Local\Temp\tmp7c3d0bee\toxo.exe
C:\Users\Naylor\AppData\Local\Temp\Temp1_bw2v12_trn_v1201.zip\BW212_Trn_v1201\BW2v12_Trn_v1201.exe
C:\Users\Naylor\AppData\Local\Temp\SOERedist\DSETUP.dll
C:\Users\Naylor\AppData\Local\Temp\SOERedist\dsetup32.dll
C:\Users\Naylor\AppData\Local\Temp\SOERedist\DXSETUP.exe
C:\Users\Naylor\AppData\Local\Temp\SOERedist\dxwebsetup.exe
C:\Users\Naylor\AppData\Local\Temp\jumwtxcpo\jumwtxcpo.dll
C:\Users\Naylor\AppData\Local\Temp\ispA713.tmp\_Setup.dll
C:\Users\Naylor\AppData\Local\Temp\isp9EBA.tmp\_Setup.dll
C:\Users\Naylor\AppData\Local\Temp\isp9D61.tmp\_Setup.dll
C:\Users\Naylor\AppData\Local\Temp\isp2192.tmp\_Setup.dll
C:\Users\Naylor\AppData\Local\Temp\is-OB9JP.tmp\FMInstPlugin.exe
C:\Users\Naylor\AppData\Local\Temp\is-OB9JP.tmp\InstallPlugin.dll
C:\Users\Naylor\AppData\Local\Temp\is-OB9JP.tmp\Setup.dll
C:\Users\Naylor\AppData\Local\Temp\is-OB9JP.tmp\VistaLib.dll
C:\Users\Naylor\AppData\Local\Temp\is-OB9JP.tmp\_isetup\_shfoldr.dll
C:\Users\Naylor\AppData\Local\Temp\is-MMC4O.tmp\FMInstPlugin.exe
C:\Users\Naylor\AppData\Local\Temp\is-MMC4O.tmp\InstallPlugin.dll
C:\Users\Naylor\AppData\Local\Temp\is-MMC4O.tmp\Setup.dll
C:\Users\Naylor\AppData\Local\Temp\is-MMC4O.tmp\VistaLib.dll
C:\Users\Naylor\AppData\Local\Temp\is-MMC4O.tmp\_isetup\_shfoldr.dll
C:\Users\Naylor\AppData\Local\Temp\is-4G91D.tmp\FMInstPlugin.exe
C:\Users\Naylor\AppData\Local\Temp\is-4G91D.tmp\InstallPlugin.dll
C:\Users\Naylor\AppData\Local\Temp\is-4G91D.tmp\Setup.dll
C:\Users\Naylor\AppData\Local\Temp\is-4G91D.tmp\VistaLib.dll
C:\Users\Naylor\AppData\Local\Temp\is-4G91D.tmp\_isetup\_shfoldr.dll
C:\Users\Naylor\AppData\Local\Temp\HpUpdate\26489\HPPCShorCutCreator_5810_000_002_hpu.exe
C:\Users\Naylor\AppData\Local\Temp\HpUpdate\26148\5541_FWEDO2_000_001_hpu.exe
C:\Users\Naylor\AppData\Local\Temp\HpUpdate\25545\hpusetup.exe
C:\Users\Naylor\AppData\Local\Temp\CCIS\ccsqlh.exe
C:\Users\Naylor\AppData\Local\Temp\CCIS\sqlite3.dll
C:\Users\Naylor\AppData\Local\Temp\7zS08E0\bootstrap-ojp.exe
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At25.job
C:\Windows\Tasks\At26.job
C:\Windows\Tasks\At27.job
C:\Windows\Tasks\At28.job
C:\Windows\Tasks\At29.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At30.job
C:\Windows\Tasks\At31.job
C:\Windows\Tasks\At32.job
C:\Windows\Tasks\At33.job
C:\Windows\Tasks\At34.job
C:\Windows\Tasks\At35.job
C:\Windows\Tasks\At36.job
C:\Windows\Tasks\At37.job
C:\Windows\Tasks\At38.job
C:\Windows\Tasks\At39.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At40.job
C:\Windows\Tasks\At41.job
C:\Windows\Tasks\At42.job
C:\Windows\Tasks\At43.job
C:\Windows\Tasks\At44.job
C:\Windows\Tasks\At45.job
C:\Windows\Tasks\At46.job
C:\Windows\Tasks\At47.job
C:\Windows\Tasks\At48.job
C:\Windows\Tasks\At49.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job
C:\Windows\Tasks\{D27699D3-D13C-4E51-90AA-803CB12B1344}.job
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
TDL4: custom:26000022 <===== ATTENTION!
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-09-04 03:14:25
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=E:
description             Windows Boot Manager
locale                  en-us
inherit                 {globalsettings}
default                 {default}
resumeobject            {778da5c6-4166-11e1-b5ff-d4bed992a695}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{234ba9dd-415f-11e1-9418-d4bed992a695}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{234ba9dd-415f-11e1-9418-d4bed992a695}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-us
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {778da5c6-4166-11e1-b5ff-d4bed992a695}
nx                      OptIn
 
Resume from Hibernate
---------------------
identifier              {778da5c6-4166-11e1-b5ff-d4bed992a695}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=E:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
custom:26000022         Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {234ba9dd-415f-11e1-9418-d4bed992a695}
description             Ramdisk Options
ramdisksdidevice        partition=E:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 8%
Total physical RAM: 8174.45 MB
Available physical RAM: 7504.46 MB
Total Pagefile: 8172.64 MB
Available Pagefile: 7493.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:452.08 GB) (Free:6.23 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:13.64 GB) (Free:6.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive e: detected.
Drive f: (HBCD-15.1) (CDROM) (Total:2.64 GB) (Free:0 GB) CDFS
Drive k: (HITMANPRO) (Removable) (Total:29.04 GB) (Free:9.96 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: B4FCACED)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (Size: 29 GB) (Disk ID: 675071DF)
Partition 1: (Active) - (Size=29 GB) - (Type=0B)
 
 
LastRegBack: 2013-09-03 11:53
 
==================== End Of Log ============================

Edited by bloopie, 05 September 2013 - 09:57 AM.
Moved topic from Aii to Logs forum. ~bloopie


BC AdBot (Login to Remove)

 


#2 uxm

uxm
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 05 September 2013 - 10:41 AM

Also it says this topic was moved. Did I do something wrong? Where was it moved to? 



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:30 AM

Posted 07 September 2013 - 12:10 AM


Hello uxm

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

 

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$d7043fec9a27f28174d8f0da1707b97a\n. ATTENTION! ====> ZeroAccess?
HKU\Megan\...\Run: [Cyirgaq] - C:\Users\Megan\AppData\Roaming\Egkydo\idsyo.exe [356504 2013-01-10] (DT Soft Ltd)
HKU\Megan\...\Run: [kpxmu] - C:\Users\Megan\AppData\Roaming\Microsoft\Cluuo\cluuo.exe [287744 2013-05-29] (?????????? ??????????)
HKU\Naylor\...\Run: [Bufoucvumi] - C:\Users\Naylor\AppData\Roaming\Ewulof\fenek.exe [x]
HKU\Naylor\...\Run: [Avid] - Regsvr32.exe C:\Windows\system32\config\systemprofile\AppData\Local\Avid\exesccmh.dll [x] <===== ATTENTION
HKU\Naylor\...\Run: [970955104779.exe] - C:\Users\Naylor\AppData\Roaming\970955104779.exe [x]
HKU\Naylor\...\Run: [cftomn.exe] - C:\Users\Naylor\AppData\Local\cftomn.exe [x]
HKU\Naylor\...\Run: [evggk] - "C:\Users\Naylor\AppData\Roaming\Microsoft\Hhtnige\hhtnige.exe" [x]
HKU\Naylor\...\Run: [Internet Security] - C:\ProgramData\tdefender.exe [855040 2013-06-25] ()
HKU\Naylor\...\Run: [Adobe CSS5.1 Manager] - C:\Users\Naylor\AppData\Local\e27a7ea4-3a15-479a-9a44-ba80f0f04984ad\eaeaaaabaffad.exe [x] <===== ATTENTION
HKU\Naylor\...\Policies\Explorer\Run: [eaeaaaabaffad] - C:\Users\Naylor\AppData\Local\e27a7ea4-3a15-479a-9a44-ba80f0f04984ad\eaeaaaabaffad.exe [x]
HKU\Naylor\...\CurrentVersion\Windows: [Load] c:\users\naylor\dxfnyoi.exe <===== ATTENTION
HKU\Naylor\...\Winlogon: [Shell] explorer.exe,C:\Users\Naylor\AppData\Roaming\skype.dat <==== ATTENTION
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\anluma.exe (DT Soft Ltd)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\anluma.exe (DT Soft Ltd)
Startup: C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cluuo.lnk
ShortcutTarget: cluuo.lnk -> C:\Users\Megan\AppData\Roaming\Microsoft\Cluuo\cluuo.exe (?????????? ??????????)
C:\$Recycle.Bin\S-1-5-18\$d7043fec9a27f28174d8f0da1707b97a
C:\$Recycle.Bin\S-1-5-18\$d7043fec9a27f28174d8f0da1707b97a
C:\$Recycle.Bin\S-1-5-21-2716485453-1427893299-3410459372-1000\$d7043fec9a27f28174d8f0da1707b97a
C:\$Recycle.Bin\S-1-5-18\$d7043fec9a27f28174d8f0da1707b97a
C:\Users\Administrator\AppData\Local\Temp\6c0yrv4d.dll
C:\ProgramData\1m572m2im.dat
C:\ProgramData\dwm.exe
C:\ProgramData\mxdefender.exe
C:\ProgramData\tdefender.exe
C:\Users\Naylor\acrobat.exe
C:\Users\Naylor\csrss.exe
C:\Users\Naylor\jagex_cl_runescape_LIVE.dat
C:\Users\Naylor\notepad.exe
C:\Users\Naylor\random.dat
C:\Users\Naylor\skype.exe
C:\Users\Naylor\spoolsv.exe
C:\Users\Naylor\AppData\Roaming\skype.ini
C:\Users\Naylor\AppData\Local\Temp\-dc5hjpj.dll
C:\Users\Naylor\AppData\Local\Temp\05cxqeo1.dll
C:\Users\Naylor\AppData\Local\Temp\0fzddlqm.dll
C:\Users\Naylor\AppData\Local\Temp\0knu00yl.dll
C:\Users\Naylor\AppData\Local\Temp\0nb60r5h.dll
C:\Users\Naylor\AppData\Local\Temp\0qlagbtu.dll
C:\Users\Naylor\AppData\Local\Temp\1138195258.exe
C:\Users\Naylor\AppData\Local\Temp\1139798970.exe
C:\Users\Naylor\AppData\Local\Temp\1876c773.exe
C:\Users\Naylor\AppData\Local\Temp\1tm_oycg.dll
C:\Users\Naylor\AppData\Local\Temp\1weqg0lj.dll
C:\Users\Naylor\AppData\Local\Temp\2045728674.exe
C:\Users\Naylor\AppData\Local\Temp\24jeucb1.dll
C:\Users\Naylor\AppData\Local\Temp\2mwcpaou.dll
C:\Users\Naylor\AppData\Local\Temp\4dc5zw9e.dll
C:\Users\Naylor\AppData\Local\Temp\4fecithp.dll
C:\Users\Naylor\AppData\Local\Temp\57-rssji.dll
C:\Users\Naylor\AppData\Local\Temp\5_de1ueo.dll
C:\Users\Naylor\AppData\Local\Temp\61www7ph.dll
C:\Users\Naylor\AppData\Local\Temp\6ecffmnz.dll
C:\Users\Naylor\AppData\Local\Temp\71bjcxpn.dll
C:\Users\Naylor\AppData\Local\Temp\79aar6fq.dll
C:\Users\Naylor\AppData\Local\Temp\7hpezmrf.dll
C:\Users\Naylor\AppData\Local\Temp\90msyyfa.dll
C:\Users\Naylor\AppData\Local\Temp\9nxhc3y8.dll
C:\Users\Naylor\AppData\Local\Temp\afoz8crg.dll
C:\Users\Naylor\AppData\Local\Temp\AJMvqk0.exe
C:\Users\Naylor\AppData\Local\Temp\artv_gsk.dll
C:\Users\Naylor\AppData\Local\Temp\asisukok.dll
C:\Users\Naylor\AppData\Local\Temp\azapeewl.dll
C:\Users\Naylor\AppData\Local\Temp\bm_0xu7s.dll
C:\Users\Naylor\AppData\Local\Temp\bwysj__p.dll
C:\Users\Naylor\AppData\Local\Temp\cyz4armk.dll
C:\Users\Naylor\AppData\Local\Temp\d27tpkbt.dll
C:\Users\Naylor\AppData\Local\Temp\dcntnfih.dll
C:\Users\Naylor\AppData\Local\Temp\dfhnfhxd.dll
C:\Users\Naylor\AppData\Local\Temp\drm_dyndata_7330014.dll
C:\Users\Naylor\AppData\Local\Temp\dtamyajk.dll
C:\Users\Naylor\AppData\Local\Temp\eoqugime.dll
C:\Users\Naylor\AppData\Local\Temp\ep7a4vng.dll
C:\Users\Naylor\AppData\Local\Temp\fewraqqr.dll
C:\Users\Naylor\AppData\Local\Temp\fg3zo7vc.dll
C:\Users\Naylor\AppData\Local\Temp\h2og3z4e.dll
C:\Users\Naylor\AppData\Local\Temp\hfljfdh_.dll
C:\Users\Naylor\AppData\Local\Temp\hh15htl-.dll
C:\Users\Naylor\AppData\Local\Temp\hpu3xmnd.dll
C:\Users\Naylor\AppData\Local\Temp\ht128dwb.dll
C:\Users\Naylor\AppData\Local\Temp\i1cazftv.dll
C:\Users\Naylor\AppData\Local\Temp\ieqmnra6.dll
C:\Users\Naylor\AppData\Local\Temp\ik9-yaf8.dll
C:\Users\Naylor\AppData\Local\Temp\jmoz3fpt.dll
C:\Users\Naylor\AppData\Local\Temp\jna1539455500803050976.dll
C:\Users\Naylor\AppData\Local\Temp\jna2062604558326918517.dll
C:\Users\Naylor\AppData\Local\Temp\jna2301387591953857826.dll
C:\Users\Naylor\AppData\Local\Temp\jna2423206878191553477.dll
C:\Users\Naylor\AppData\Local\Temp\jna3233079411392879306.dll
C:\Users\Naylor\AppData\Local\Temp\jna3435630063571756125.dll
C:\Users\Naylor\AppData\Local\Temp\jna3645972488854499400.dll
C:\Users\Naylor\AppData\Local\Temp\jnjzdwoh.dll
C:\Users\Naylor\AppData\Local\Temp\jy7ft6yr.dll
C:\Users\Naylor\AppData\Local\Temp\k3knkeps.dll
C:\Users\Naylor\AppData\Local\Temp\kqywsmpr.dll
C:\Users\Naylor\AppData\Local\Temp\LiTL9ND.exe
C:\Users\Naylor\AppData\Local\Temp\lnmf0uau.dll
C:\Users\Naylor\AppData\Local\Temp\lsm8_64k.dll
C:\Users\Naylor\AppData\Local\Temp\lxkfhebd.dll
C:\Users\Naylor\AppData\Local\Temp\m2sfy18d.dll
C:\Users\Naylor\AppData\Local\Temp\m4d6j8pb.dll
C:\Users\Naylor\AppData\Local\Temp\m9hlah40.dll
C:\Users\Naylor\AppData\Local\Temp\mbiw7594.dll
C:\Users\Naylor\AppData\Local\Temp\mldzdq_y.dll
C:\Users\Naylor\AppData\Local\Temp\my55smbm.dll
C:\Users\Naylor\AppData\Local\Temp\nb67u-vc.dll
C:\Users\Naylor\AppData\Local\Temp\nlti7_ko.dll
C:\Users\Naylor\AppData\Local\Temp\npnmpwsx.dll
C:\Users\Naylor\AppData\Local\Temp\o0ybrft4.dll
C:\Users\Naylor\AppData\Local\Temp\obxy3qqw.dll
C:\Users\Naylor\AppData\Local\Temp\ofbp2hli.dll
C:\Users\Naylor\AppData\Local\Temp\oguir1ci.dll
C:\Users\Naylor\AppData\Local\Temp\orwmx2fy.dll
C:\Users\Naylor\AppData\Local\Temp\ovw8bech.dll
C:\Users\Naylor\AppData\Local\Temp\oyahtv-c.dll
C:\Users\Naylor\AppData\Local\Temp\pijdzlxe.dll
C:\Users\Naylor\AppData\Local\Temp\qe55dvvv.dll
C:\Users\Naylor\AppData\Local\Temp\qfbqwaxj.dll
C:\Users\Naylor\AppData\Local\Temp\qr7fgvp0.dll
C:\Users\Naylor\AppData\Local\Temp\r4lhhurj.dll
C:\Users\Naylor\AppData\Local\Temp\r9avappb.dll
C:\Users\Naylor\AppData\Local\Temp\rupdapvl.dll
C:\Users\Naylor\AppData\Local\Temp\rxmpthom.dll
C:\Users\Naylor\AppData\Local\Temp\s3mjqdj-.dll
C:\Users\Naylor\AppData\Local\Temp\saczbooq.dll
C:\Users\Naylor\AppData\Local\Temp\so3a-hmz.dll
C:\Users\Naylor\AppData\Local\Temp\su-ltp4b.dll
C:\Users\Naylor\AppData\Local\Temp\t0znxylu.dll
C:\Users\Naylor\AppData\Local\Temp\t9rn3teo.dll
C:\Users\Naylor\AppData\Local\Temp\tbedrs.dll
C:\Users\Naylor\AppData\Local\Temp\tjm5cpov.dll
C:\Users\Naylor\AppData\Local\Temp\tjyf7z3r.dll
C:\Users\Naylor\AppData\Local\Temp\tr1a5tkk.dll
C:\Users\Naylor\AppData\Local\Temp\tyvazpsy.dll
C:\Users\Naylor\AppData\Local\Temp\uixh0a88.dll
C:\Users\Naylor\AppData\Local\Temp\usb3jjbn.dll
C:\Users\Naylor\AppData\Local\Temp\vadsweym.dll
C:\Users\Naylor\AppData\Local\Temp\vn_m5gcy.dll
C:\Users\Naylor\AppData\Local\Temp\vsk85cj6.dll
C:\Users\Naylor\AppData\Local\Temp\vx68dqtv.dll
C:\Users\Naylor\AppData\Local\Temp\wb6f_wo1.dll
C:\Users\Naylor\AppData\Local\Temp\wbx9ol4p.dll
C:\Users\Naylor\AppData\Local\Temp\wjdncrct.dll
C:\Users\Naylor\AppData\Local\Temp\wlk8njrr.dll
C:\Users\Naylor\AppData\Local\Temp\Wnfoh45.exe
C:\Users\Naylor\AppData\Local\Temp\wpg6v-pi.dll
C:\Users\Naylor\AppData\Local\Temp\x-mzuve0.dll
C:\Users\Naylor\AppData\Local\Temp\xm6dbiy_.dll
C:\Users\Naylor\AppData\Local\Temp\xvbxfbjfnhv.exe
C:\Users\Naylor\AppData\Local\Temp\yn4rtvjt.dll
C:\Users\Naylor\AppData\Local\Temp\z-qlluu8.dll
C:\Users\Naylor\AppData\Local\Temp\z8qa7gu5.dll
C:\Users\Naylor\AppData\Local\Temp\zapjryqirrem.exe
C:\Users\Naylor\AppData\Local\Temp\zjpy1pes.dll
C:\Users\Naylor\AppData\Local\Temp\zZWqtxi.exe
C:\Users\Naylor\AppData\Local\Temp\_nlcoaiv.dll
C:\Users\Naylor\AppData\Local\Temp\{F0EF06FD-03ED-4D36-9000-D459A51D7BFC}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\{ED82BFBC-CF06-4749-8DB2-2BDCF31E3DE3}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\{DECCB07C-29D9-4519-8BBA-D04043D688DC}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\{B60D874F-176D-4B41-B3F0-0AE241325FCA}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\{9578217D-120E-4969-91D1-10A0C7DA177A}\ISSetup.dll
C:\Users\Naylor\AppData\Local\Temp\{9578217D-120E-4969-91D1-10A0C7DA177A}\_Setup.dll
C:\Users\Naylor\AppData\Local\Temp\{8F54E1B6-3BE9-4BAD-8017-615BD70E57C8}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\{6FF3A3BA-07A0-4CD9-AF2C-448232D8D478}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\{6FF3A3BA-07A0-4CD9-AF2C-448232D8D478}\ISRT.dll
C:\Users\Naylor\AppData\Local\Temp\{6FF3A3BA-07A0-4CD9-AF2C-448232D8D478}\_isres_0x0409.dll
C:\Users\Naylor\AppData\Local\Temp\{55111411-8949-4125-94BB-CF96E6775354}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\{5281B41F-02D2-4475-A959-555A59F1B1BF}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\{4CF9C6BC-1604-4ACD-AF64-5554C7E25E94}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\{2AF5D9A4-5D9A-47E0-86F0-592BD519801F}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\{24C35AB8-95F7-4CD1-83BB-D4091CDE9571}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\{245FAB97-A3AF-474E-B58D-54CECA44C37D}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\{1DD675F6-B34B-4AEA-98AC-BB00C97E5DF5}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\{0F7364AC-1081-4810-A38F-B14DA235E8A9}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\{012AA37C-9F54-4E79-8544-F6BB0C0D5F08}\ISBEW64.exe
C:\Users\Naylor\AppData\Local\Temp\tmpf98fc40d\toxo.exe
C:\Users\Naylor\AppData\Local\Temp\tmpcb88b031\toxo.exe
C:\Users\Naylor\AppData\Local\Temp\tmp9400c318\popoooo.exe
C:\Users\Naylor\AppData\Local\Temp\tmp89693353\ate.exe
C:\Users\Naylor\AppData\Local\Temp\tmp7c3d0bee\toxo.exe
C:\Users\Naylor\AppData\Local\Temp\Temp1_bw2v12_trn_v1201.zip\BW212_Trn_v1201\BW2v12_Trn_v1201.exe
C:\Users\Naylor\AppData\Local\Temp\SOERedist\DSETUP.dll
C:\Users\Naylor\AppData\Local\Temp\SOERedist\dsetup32.dll
C:\Users\Naylor\AppData\Local\Temp\SOERedist\DXSETUP.exe
C:\Users\Naylor\AppData\Local\Temp\SOERedist\dxwebsetup.exe
C:\Users\Naylor\AppData\Local\Temp\jumwtxcpo\jumwtxcpo.dll
C:\Users\Naylor\AppData\Local\Temp\ispA713.tmp\_Setup.dll
C:\Users\Naylor\AppData\Local\Temp\isp9EBA.tmp\_Setup.dll
C:\Users\Naylor\AppData\Local\Temp\isp9D61.tmp\_Setup.dll
C:\Users\Naylor\AppData\Local\Temp\isp2192.tmp\_Setup.dll
C:\Users\Naylor\AppData\Local\Temp\is-OB9JP.tmp\FMInstPlugin.exe
C:\Users\Naylor\AppData\Local\Temp\is-OB9JP.tmp\InstallPlugin.dll
C:\Users\Naylor\AppData\Local\Temp\is-OB9JP.tmp\Setup.dll
C:\Users\Naylor\AppData\Local\Temp\is-OB9JP.tmp\VistaLib.dll
C:\Users\Naylor\AppData\Local\Temp\is-OB9JP.tmp\_isetup\_shfoldr.dll
C:\Users\Naylor\AppData\Local\Temp\is-MMC4O.tmp\FMInstPlugin.exe
C:\Users\Naylor\AppData\Local\Temp\is-MMC4O.tmp\InstallPlugin.dll
C:\Users\Naylor\AppData\Local\Temp\is-MMC4O.tmp\Setup.dll
C:\Users\Naylor\AppData\Local\Temp\is-MMC4O.tmp\VistaLib.dll
C:\Users\Naylor\AppData\Local\Temp\is-MMC4O.tmp\_isetup\_shfoldr.dll
C:\Users\Naylor\AppData\Local\Temp\is-4G91D.tmp\FMInstPlugin.exe
C:\Users\Naylor\AppData\Local\Temp\is-4G91D.tmp\InstallPlugin.dll
C:\Users\Naylor\AppData\Local\Temp\is-4G91D.tmp\Setup.dll
C:\Users\Naylor\AppData\Local\Temp\is-4G91D.tmp\VistaLib.dll
C:\Users\Naylor\AppData\Local\Temp\is-4G91D.tmp\_isetup\_shfoldr.dll
C:\Users\Naylor\AppData\Local\Temp\HpUpdate\26489\HPPCShorCutCreator_5810_000_002_hpu.exe
C:\Users\Naylor\AppData\Local\Temp\HpUpdate\26148\5541_FWEDO2_000_001_hpu.exe
C:\Users\Naylor\AppData\Local\Temp\HpUpdate\25545\hpusetup.exe
C:\Users\Naylor\AppData\Local\Temp\CCIS\ccsqlh.exe
C:\Users\Naylor\AppData\Local\Temp\CCIS\sqlite3.dll
C:\Users\Naylor\AppData\Local\Temp\7zS08E0\bootstrap-ojp.exe
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At25.job
C:\Windows\Tasks\At26.job
C:\Windows\Tasks\At27.job
C:\Windows\Tasks\At28.job
C:\Windows\Tasks\At29.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At30.job
C:\Windows\Tasks\At31.job
C:\Windows\Tasks\At32.job
C:\Windows\Tasks\At33.job
C:\Windows\Tasks\At34.job
C:\Windows\Tasks\At35.job
C:\Windows\Tasks\At36.job
C:\Windows\Tasks\At37.job
C:\Windows\Tasks\At38.job
C:\Windows\Tasks\At39.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At40.job
C:\Windows\Tasks\At41.job
C:\Windows\Tasks\At42.job
C:\Windows\Tasks\At43.job
C:\Windows\Tasks\At44.job
C:\Windows\Tasks\At45.job
C:\Windows\Tasks\At46.job
C:\Windows\Tasks\At47.job
C:\Windows\Tasks\At48.job
C:\Windows\Tasks\At49.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job
C:\Windows\Tasks\{D27699D3-D13C-4E51-90AA-803CB12B1344}.job
TDL4: custom:26000022 <===== ATTENTION!
CMD: bootrec /FixMbr

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 uxm

uxm
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 09 September 2013 - 10:17 AM

Thank you so much! That did the trick!



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:30 AM

Posted 09 September 2013 - 08:20 PM



Hello uxm

There is still issues that need to be taken care of

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:30 AM

Posted 12 September 2013 - 09:53 PM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:30 AM

Posted 18 September 2013 - 01:49 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users