Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Security Pro was the start to my bad day today - HELP!


  • This topic is locked This topic is locked
72 replies to this topic

#1 Haiduk4

Haiduk4

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 03 October 2013 - 03:33 PM

I am running Windows 7 (XP I believe) and somehow this virus ensnared me. I found an article on this site touting Rkill and how to download it free but even when I start in safe mode the virus hijacks me again. I am at its mercy, please help.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:40 AM

Posted 03 October 2013 - 03:53 PM


Hello Haiduk4

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe or e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • First Press the Scan button.
  • It will make a log (FRST.txt)
I want you to poste the FRST.txt report into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:40 AM

Posted 07 October 2013 - 12:39 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Haiduk4

Haiduk4
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 07 October 2013 - 09:25 AM

Hello Thank you for checking back. I've been trying to get a clean download of the farbar. I will have it tonight and will begin the process of removal.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:40 AM

Posted 07 October 2013 - 12:19 PM

No problem and thank you for letting me know



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Haiduk4

Haiduk4
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 09 October 2013 - 01:34 PM

Gringo,
I am communicating with you via ipad. I have done the initial scan on my infected computer using farbar and have the first file saved in notepad. I am unsure how to post the notepad file here since I cannot use my computer. Please advise.

#7 Haiduk4

Haiduk4
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 09 October 2013 - 01:45 PM

I would also like to know how to back up files in this situation : when I click on any file the antivirus takes over.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:40 AM

Posted 09 October 2013 - 01:55 PM

Hello Haiduk4

how did you get frst to the infected computer? can you do things in reverse to get me the report.

Can you upload the file using the IPAD - I know you can not open it but can you upload here - https://www.wetransfer.com/

and send me the link


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Haiduk4

Haiduk4
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 09 October 2013 - 02:06 PM

I used a flash drive to get farbar to the computer. The log file is saved to that flash drive. My iPad does not have a USB port to upload the flash drive info.

#10 Haiduk4

Haiduk4
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 09 October 2013 - 02:12 PM

Hello Gringo,

The only other thing I can think to do is to send this flash drive with a friend who will take it to their work computer and post it here for me. HOWEVER, since this drive has been connected to my computer, is there a possibility of infecting their work computer now?

#11 Haiduk4

Haiduk4
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 09 October 2013 - 03:01 PM

Hello Gringo, I have an adapter which allows me to plug a USB into the iPad BUT when I plug it in I am advised that the device requires too much power to use.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:40 AM

Posted 09 October 2013 - 07:51 PM

Hello

You may have to ask someone for some help on this until we get the computer going

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Haiduk4

Haiduk4
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 09 October 2013 - 08:38 PM

Ok Gringo, I am sending the flash drive with my husband tomorrow, and he will upload the file log to this post. Thank you so much for your patience with this me in this process.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:40 AM

Posted 09 October 2013 - 10:17 PM

Hello Haiduk4


No problem - It may be slow at first until l we overcome this part but once we get started it will go allot faster


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Haiduk4

Haiduk4
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 10 October 2013 - 08:37 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013

Ran by SYSTEM on MININT-EJ5O3DH on 09-10-2013 13:17:26

Running from G:\

Windows 7 Home Premium (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Recovery

 

The current controlset is ControlSet001

ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [UfSeAgnt.exe] - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1022368 2009-09-24] (Trend Micro Inc.)

HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)

HKLM\...\Run: [AS2014] - C:\ProgramData\ngXv3333\ngXv3333.exe [564888 2013-10-03] ()

HKLM\...\Run: [weltp] - "C:\Windows\System32\rundll32.exe" "C:\Users\DARLA\AppData\Roaming\weltp.dll",OSError <===== ATTENTION

HKLM\...\Run: [zrvcd] - "C:\Windows\System32\rundll32.exe" "C:\Users\DARLA\AppData\Roaming\zrvcd.dll",ReadLongFromFile <===== ATTENTION

HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\ngXv3333\ngXv3333.exe -sm,

HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-08-03] ()

HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Gateway Photo Frame] - C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe [124416 2009-07-20] (IOI)

HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)

HKLM-x32\...\Run: [Easy Dock] - [x]

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Conime] - %windir%\system32\conime.exe

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)

HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [EKStatusMonitor] - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)

HKLM-x32\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)

HKU\ADM2\...\Run: [AS2014] - C:\ProgramData\ngXv3333\ngXv3333.exe [564888 2013-10-03] ()

HKU\DARLA\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-05] (Google Inc.)

HKU\DARLA\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)

HKU\DARLA\...\Run: [Easy Dock] - C:\Users\DARLA\Documents\RCA easyRip\EZDock.exe

HKU\DARLA\...\Run: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)

HKU\DARLA\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

HKU\DARLA\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)

HKU\DARLA\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)

HKU\DARLA\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)

HKU\DARLA\...\Run: [AppleIEDAV] - C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1315144 2013-09-04] (Apple Inc.)

HKU\DARLA\...\Run: [zrvcd] - "C:\Windows\System32\rundll32.exe" "C:\Users\DARLA\AppData\Roaming\zrvcd.dll",ReadLongFromFile <===== ATTENTION

HKU\DARLA\...\Run: [sqewhbmv] - C:\Users\DARLA\AppData\Local\uibmxwfc.exe [37888 2013-10-03] ()

HKU\DARLA\...\Run: [weltp] - "C:\Windows\System32\rundll32.exe" "C:\Users\DARLA\AppData\Roaming\weltp.dll",OSError <===== ATTENTION

HKU\DARLA\...\Run: [AS2014] - C:\ProgramData\ngXv3333\ngXv3333.exe [564888 2013-10-03] ()

HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [162336 2009-07-21] ()

HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [162336 2009-07-21] ()

Startup: C:\Users\ADM2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk

ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)

Startup: C:\Users\DARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk

ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll (Hewlett-Packard Co.)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk

ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk

ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)

 

==================== Services (Whitelisted) =================

 

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

S3 humyo.com; C:\Program Files\humyo SmartDrive\hrfscore.exe [6679632 2011-01-10] (Trend Micro Inc.)

S2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2009-08-14] (Alcatel-Lucent)

S2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [836504 2010-11-10] (Trend Micro Inc.)

S3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2009-09-24] (Trend Micro Inc.)

S3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2009-09-24] (Trend Micro Inc.)

 

==================== Drivers (Whitelisted) ====================

 

S3 AVer7231_x64; C:\Windows\System32\DRIVERS\AVer7231_x64.sys [1622528 2009-08-24] (AVerMedia TECHNOLOGIES, Inc.)

S3 hrfsmrx; C:\Windows\System32\Drivers\hrfsmrx.sys [185936 2011-01-10] (Trend Micro Inc.)

S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA))

S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA))

S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA))

S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA))

S3 rtl819xp; C:\Windows\System32\DRIVERS\rtl819xp.sys [622624 2010-02-01] (Realtek Semiconductor Corporation                           )

S3 rtl819xpn64; C:\Windows\System32\DRIVERS\rtl819xp.sys [622624 2010-02-01] (Realtek Semiconductor Corporation                           )

S2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42768 2011-07-12] (Trend Micro Inc.)

S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2009-09-24] (Trend Micro Inc.)

S2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [342288 2011-07-12] (Trend Micro Inc.)

S2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [2077456 2011-07-12] (Trend Micro Inc.)

S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

S3 cpuz132; \??\C:\Users\DARLA\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]

S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]

S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]

S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [x]

S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [x]

S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-10-09 13:17 - 2013-10-09 13:17 - 00000000 ____D C:\FRST

2013-10-08 23:37 - 2013-10-08 23:37 - 17226632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2013-10-03 13:49 - 2013-10-03 13:49 - 00000000 ____D C:\Users\ADM2\AppData\Local\PackageAware

2013-10-03 13:45 - 2013-10-03 13:45 - 00000000 ____D C:\Users\ADM2\AppData\Local\Best_Buy®

2013-10-03 13:43 - 2013-10-03 13:56 - 00001673 _____ C:\Users\ADM2\Desktop\Antivirus Security Pro.lnk

2013-10-03 13:43 - 2013-10-03 13:56 - 00000118 _____ C:\Users\ADM2\Desktop\Antivirus Security Pro support.url

2013-10-03 13:43 - 2013-10-03 13:43 - 00000000 ____D C:\Users\ADM2\AppData\Roaming\Google

2013-10-03 13:43 - 2013-10-03 13:43 - 00000000 ____D C:\Users\ADM2\AppData\Local\Google

2013-10-03 13:42 - 2013-10-03 13:42 - 00000000 ____D C:\Users\ADM2\AppData\Roaming\Adobe

2013-10-03 13:41 - 2013-10-03 13:41 - 00110896 _____ C:\Users\ADM2\AppData\Local\GDIPFONTCACHEV1.DAT

2013-10-03 13:41 - 2013-10-03 13:41 - 00000020 ___SH C:\Users\ADM2\ntuser.ini

2013-10-03 13:41 - 2013-10-03 13:41 - 00000000 ____D C:\users\ADM2

2013-10-03 13:41 - 2013-06-30 08:25 - 00800824 _____ (Microsoft Corporation) C:\Users\ADM2\AppData\Roaming\DPInst.exe

2013-10-03 13:41 - 2013-06-30 08:25 - 00106496 _____ (Microsoft Corporation) C:\Users\ADM2\AppData\Roaming\gacutil.exe

2013-10-03 13:41 - 2013-06-30 08:25 - 00036352 _____ (Microsoft Corporation) C:\Users\ADM2\AppData\Roaming\PnPutil.exe

2013-10-03 13:41 - 2013-06-30 08:25 - 00000000 ____D C:\Users\ADM2\AppData\Roaming\KODAK AiO Home Center1538303536

2013-10-03 13:41 - 2012-10-28 18:21 - 00007140 _____ C:\Users\ADM2\AppData\Local\installer.log

2013-10-03 13:41 - 2012-10-28 17:42 - 00000000 ____D C:\Users\ADM2\AppData\Roaming\KODAK AiO Home Center2127553451

2013-10-03 13:41 - 2011-09-07 13:55 - 00000000 ____D C:\Users\ADM2\AppData\Local\Eastman_Kodak_Company

2013-10-03 13:41 - 2010-06-07 12:19 - 00000000 ____D C:\Users\ADM2\AppData\Roaming\Macromedia

2013-10-03 13:41 - 2010-03-29 18:40 - 00000000 ____D C:\Users\ADM2\AppData\Local\Microsoft Help

2013-10-03 13:38 - 2013-10-03 13:38 - 00568984 _____ C:\Users\DARLA\AppData\Local\xepxgboh.exe

2013-10-03 13:37 - 2013-10-03 13:37 - 00568984 _____ C:\Users\DARLA\AppData\Local\atlxftuv.exe

2013-10-03 13:36 - 2013-10-03 13:36 - 00176128 _____ () C:\Users\DARLA\AppData\Local\nqwurrcc.exe

2013-10-03 13:34 - 2013-10-03 15:12 - 00001673 _____ C:\Users\DARLA\Desktop\Antivirus Security Pro.lnk

2013-10-03 13:34 - 2013-10-03 15:12 - 00000118 _____ C:\Users\DARLA\Desktop\Antivirus Security Pro support.url

2013-10-03 06:36 - 2013-10-03 06:36 - 00074240 _____ C:\Windows\cmmoexec64.dll

2013-10-03 06:36 - 2013-10-03 06:36 - 00065024 _____ C:\Windows\SysWOW64\cmmoexec.dll

2013-10-03 06:29 - 2013-10-03 06:29 - 00564888 _____ C:\Users\DARLA\AppData\Local\uqillpjr.exe

2013-10-03 06:12 - 2013-10-03 06:12 - 00074240 _____ C:\Windows\System32\cmmoexec64.dll

2013-10-03 06:12 - 2013-10-03 06:12 - 00065024 _____ C:\Windows\cmmoexec.dll

2013-10-03 06:03 - 2013-10-03 06:03 - 00056352 _____ C:\Users\DARLA\AppData\Local\pxuncfbt

2013-10-03 06:02 - 2013-10-03 06:02 - 00000000 _____ C:\Users\DARLA\AppData\Roaming\SharedSettings.ccs

2013-10-03 05:54 - 2013-10-03 13:41 - 00000000 ____D C:\ProgramData\ngXv3333

2013-10-03 05:54 - 2013-10-03 05:54 - 00564888 _____ C:\Users\DARLA\AppData\Local\cexkorog.exe

2013-10-03 05:53 - 2013-10-03 05:53 - 00794624 _____ () C:\Users\DARLA\AppData\Roaming\zrvcd.dll

2013-10-03 05:53 - 2013-10-03 05:53 - 00352256 _____ (Systems Corporation) C:\Users\DARLA\AppData\Roaming\weltp.dll

2013-10-03 05:48 - 2013-10-03 05:48 - 00037888 _____ C:\Users\DARLA\AppData\Local\uibmxwfc.exe

2013-10-01 15:25 - 2013-10-02 15:37 - 00371489 _____ C:\Users\DARLA\Documents\HALLOWEEN COSTUME PARTY 10 13.pptx

2013-10-01 14:16 - 2013-10-01 14:16 - 00010930 _____ C:\Users\DARLA\Desktop\2013 Halloween party evite - Shortcut.lnk

2013-09-26 09:10 - 2013-09-26 09:10 - 00001790 _____ C:\Users\Public\Desktop\iTunes.lnk

2013-09-26 09:10 - 2013-09-26 09:10 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-09-26 09:10 - 2013-09-26 09:10 - 00000000 ____D C:\Program Files\iTunes

2013-09-26 09:10 - 2013-09-26 09:10 - 00000000 ____D C:\Program Files\iPod

2013-09-26 09:10 - 2013-09-26 09:10 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-09-25 06:18 - 2013-09-26 14:58 - 00000000 ____D C:\Users\DARLA\AppData\Local\EDDD404C-E064-4DC0-B9AF-29CADAA2F82D.aplzod

2013-09-25 06:15 - 2013-09-25 06:15 - 00000000 ____D C:\Users\DARLA\AppData\Local\{1AC4EFA5-8280-4B32-AEA4-6C7ADE63339F}

2013-09-21 09:06 - 2013-09-21 09:06 - 00000000 ____D C:\Users\DARLA\AppData\Local\{060981D0-C2B6-495D-AD9C-72EB6294C8F6}

2013-09-19 02:18 - 2013-09-19 02:18 - 00000000 ____D C:\Users\DARLA\AppData\Local\{28FB30EF-738C-4F3E-BE4E-C233E9354F9C}

2013-09-18 14:18 - 2013-09-18 14:18 - 00000000 ____D C:\Users\DARLA\AppData\Local\{3B62EC9F-7FAF-461F-B525-1891481D4DDD}

2013-09-17 15:58 - 2013-09-17 15:58 - 00000000 ____D C:\Users\DARLA\AppData\Local\{F28AEDCC-F98C-43C8-AC68-2C5637E428BF}

2013-09-15 10:56 - 2012-08-23 06:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\rdpudd.dll

2013-09-15 10:56 - 2012-08-23 06:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys

2013-09-15 10:56 - 2012-08-23 06:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys

2013-09-15 10:56 - 2012-08-23 05:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll

2013-09-15 10:56 - 2012-08-23 05:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll

2013-09-15 10:56 - 2012-08-23 05:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe

2013-09-15 10:56 - 2012-08-23 05:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll

2013-09-15 10:56 - 2012-08-23 05:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll

2013-09-15 10:56 - 2012-08-23 05:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll

2013-09-15 10:56 - 2012-08-23 05:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2013-09-15 10:56 - 2012-08-23 05:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll

2013-09-15 10:56 - 2012-08-23 05:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll

2013-09-15 10:56 - 2012-08-23 04:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\tsgqec.dll

2013-09-15 10:56 - 2012-08-23 03:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe

2013-09-15 10:56 - 2012-08-23 03:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

2013-09-15 10:56 - 2012-08-23 03:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\System32\wksprt.exe

2013-09-15 10:56 - 2012-08-23 03:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll

2013-09-15 10:56 - 2012-08-23 02:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\System32\aaclient.dll

2013-09-15 10:56 - 2012-08-23 02:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll

2013-09-15 10:56 - 2012-08-23 02:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2013-09-15 10:56 - 2012-08-23 02:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\System32\mstsc.exe

2013-09-15 10:56 - 2012-08-23 01:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll

2013-09-15 10:56 - 2012-08-23 00:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2013-09-15 10:56 - 2012-08-23 00:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll

2013-09-15 10:55 - 2012-08-24 10:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2013-09-15 10:55 - 2012-08-24 10:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2013-09-15 10:55 - 2012-08-24 10:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll

2013-09-15 10:55 - 2012-08-24 10:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll

2013-09-15 10:55 - 2012-08-24 08:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2013-09-15 10:55 - 2012-08-24 08:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2013-09-15 10:55 - 2012-08-24 08:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2013-09-15 10:38 - 2013-09-15 10:38 - 00000000 ____D C:\Users\DARLA\AppData\Local\{0F63FC65-6F11-4854-AC6B-4344B9533885}

2013-09-13 10:54 - 2013-09-13 10:55 - 00000000 ____D C:\Users\DARLA\AppData\Local\{05FEC793-630F-42CF-864A-2B2C3CFBAFBB}

2013-09-12 06:12 - 2013-09-12 06:12 - 00000000 ____D C:\Users\DARLA\AppData\Local\{151B6D4C-A056-4FA6-8ED6-E7C95F5E4A20}

2013-09-11 00:29 - 2013-09-11 00:29 - 00000000 ____D C:\Users\DARLA\AppData\Local\{4081C15C-15D2-4864-9F9A-BCBF49BA2378}

2013-09-11 00:09 - 2013-08-09 21:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-09-11 00:09 - 2013-08-09 21:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-09-11 00:09 - 2013-08-09 21:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-09-11 00:09 - 2013-08-09 21:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-09-11 00:09 - 2013-08-09 21:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-09-11 00:09 - 2013-08-09 21:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-09-11 00:09 - 2013-08-09 21:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-09-11 00:09 - 2013-08-09 21:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-09-11 00:09 - 2013-08-09 21:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-09-11 00:09 - 2013-08-09 21:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-09-11 00:09 - 2013-08-09 21:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-09-11 00:09 - 2013-08-09 21:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-09-11 00:09 - 2013-08-09 21:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-09-11 00:09 - 2013-08-09 21:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-09-11 00:09 - 2013-08-09 19:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-09-11 00:09 - 2013-08-09 19:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-09-11 00:09 - 2013-08-09 19:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-09-11 00:09 - 2013-08-09 19:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-09-11 00:09 - 2013-08-09 19:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-09-11 00:09 - 2013-08-09 19:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-09-11 00:09 - 2013-08-09 19:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-09-11 00:09 - 2013-08-09 19:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-09-11 00:09 - 2013-08-09 19:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-09-11 00:09 - 2013-08-09 19:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-09-11 00:09 - 2013-08-09 19:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-09-11 00:09 - 2013-08-09 19:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-09-11 00:09 - 2013-08-09 19:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-09-11 00:09 - 2013-08-09 19:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-09-11 00:09 - 2013-08-09 19:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-09-11 00:09 - 2013-08-09 18:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-09-11 00:09 - 2013-08-09 18:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-09-10 09:52 - 2013-08-07 17:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-09-10 09:52 - 2013-08-04 18:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys

2013-09-10 09:52 - 2013-08-01 18:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-09-10 09:52 - 2013-08-01 18:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll

2013-09-10 09:52 - 2013-08-01 18:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2013-09-10 09:52 - 2013-08-01 18:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll

2013-09-10 09:52 - 2013-08-01 18:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2013-09-10 09:52 - 2013-08-01 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2013-09-10 09:52 - 2013-08-01 18:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2013-09-10 09:52 - 2013-08-01 18:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2013-09-10 09:52 - 2013-08-01 18:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 17:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-09-10 09:52 - 2013-08-01 17:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-09-10 09:52 - 2013-08-01 17:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-09-10 09:52 - 2013-08-01 17:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2013-09-10 09:52 - 2013-08-01 17:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2013-09-10 09:52 - 2013-08-01 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-09-10 09:52 - 2013-08-01 17:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2013-09-10 09:52 - 2013-08-01 17:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 17:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe

2013-09-10 09:52 - 2013-08-01 16:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe

2013-09-10 09:52 - 2013-08-01 16:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-09-10 09:52 - 2013-08-01 16:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-09-10 09:52 - 2013-08-01 16:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-09-10 09:52 - 2013-08-01 16:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-09-10 09:52 - 2013-08-01 16:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 16:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 16:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2013-09-10 09:52 - 2013-08-01 16:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2013-09-10 09:52 - 2013-07-25 18:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll

2013-09-10 09:52 - 2013-07-25 18:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll

2013-09-10 09:52 - 2013-07-25 17:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-09-10 09:52 - 2013-07-25 17:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

 

==================== One Month Modified Files and Folders =======

 

2013-10-09 13:17 - 2013-10-09 13:17 - 00000000 ____D C:\FRST

2013-10-09 10:10 - 2009-07-13 20:51 - 01411584 _____ C:\Windows\setupact.log

2013-10-09 09:59 - 2010-07-14 11:21 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A84FCCF8-0E13-4780-A79F-7E5D9005593A}

2013-10-09 09:43 - 2010-03-28 15:58 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-10-09 09:37 - 2012-04-02 05:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-08 23:37 - 2013-10-08 23:37 - 17226632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2013-10-08 23:37 - 2012-04-02 05:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-10-08 23:37 - 2012-04-02 05:19 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-10-08 23:37 - 2011-06-29 05:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-10-08 11:43 - 2010-03-28 15:58 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-10-08 11:38 - 2010-03-28 15:58 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-10-08 11:38 - 2010-03-28 15:58 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-10-03 15:19 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-03 15:19 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-03 15:12 - 2013-10-03 13:34 - 00001673 _____ C:\Users\DARLA\Desktop\Antivirus Security Pro.lnk

2013-10-03 15:12 - 2013-10-03 13:34 - 00000118 _____ C:\Users\DARLA\Desktop\Antivirus Security Pro support.url

2013-10-03 15:12 - 2010-08-06 15:00 - 00000000 ____D C:\ProgramData\Kodak

2013-10-03 15:12 - 2010-04-14 11:35 - 00000000 ____D C:\ProgramData\boost_interprocess

2013-10-03 15:12 - 2010-03-28 17:09 - 00000000 ____D C:\Users\DARLA\Tracing

2013-10-03 15:12 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-03 15:04 - 2009-07-13 21:13 - 00730532 _____ C:\Windows\System32\PerfStringBackup.INI

2013-10-03 13:56 - 2013-10-03 13:43 - 00001673 _____ C:\Users\ADM2\Desktop\Antivirus Security Pro.lnk

2013-10-03 13:56 - 2013-10-03 13:43 - 00000118 _____ C:\Users\ADM2\Desktop\Antivirus Security Pro support.url

2013-10-03 13:49 - 2013-10-03 13:49 - 00000000 ____D C:\Users\ADM2\AppData\Local\PackageAware

2013-10-03 13:45 - 2013-10-03 13:45 - 00000000 ____D C:\Users\ADM2\AppData\Local\Best_Buy®

2013-10-03 13:43 - 2013-10-03 13:43 - 00000000 ____D C:\Users\ADM2\AppData\Roaming\Google

2013-10-03 13:43 - 2013-10-03 13:43 - 00000000 ____D C:\Users\ADM2\AppData\Local\Google

2013-10-03 13:42 - 2013-10-03 13:42 - 00000000 ____D C:\Users\ADM2\AppData\Roaming\Adobe

2013-10-03 13:41 - 2013-10-03 13:41 - 00110896 _____ C:\Users\ADM2\AppData\Local\GDIPFONTCACHEV1.DAT

2013-10-03 13:41 - 2013-10-03 13:41 - 00000020 ___SH C:\Users\ADM2\ntuser.ini

2013-10-03 13:41 - 2013-10-03 13:41 - 00000000 ____D C:\users\ADM2

2013-10-03 13:41 - 2013-10-03 05:54 - 00000000 ____D C:\ProgramData\ngXv3333

2013-10-03 13:38 - 2013-10-03 13:38 - 00568984 _____ C:\Users\DARLA\AppData\Local\xepxgboh.exe

2013-10-03 13:37 - 2013-10-03 13:37 - 00568984 _____ C:\Users\DARLA\AppData\Local\atlxftuv.exe

2013-10-03 13:36 - 2013-10-03 13:36 - 00176128 _____ () C:\Users\DARLA\AppData\Local\nqwurrcc.exe

2013-10-03 06:36 - 2013-10-03 06:36 - 00074240 _____ C:\Windows\cmmoexec64.dll

2013-10-03 06:36 - 2013-10-03 06:36 - 00065024 _____ C:\Windows\SysWOW64\cmmoexec.dll

2013-10-03 06:29 - 2013-10-03 06:29 - 00564888 _____ C:\Users\DARLA\AppData\Local\uqillpjr.exe

2013-10-03 06:12 - 2013-10-03 06:12 - 00074240 _____ C:\Windows\System32\cmmoexec64.dll

2013-10-03 06:12 - 2013-10-03 06:12 - 00065024 _____ C:\Windows\cmmoexec.dll

2013-10-03 06:03 - 2013-10-03 06:03 - 00056352 _____ C:\Users\DARLA\AppData\Local\pxuncfbt

2013-10-03 06:02 - 2013-10-03 06:02 - 00000000 _____ C:\Users\DARLA\AppData\Roaming\SharedSettings.ccs

2013-10-03 06:01 - 2010-01-13 18:51 - 01858177 _____ C:\Windows\WindowsUpdate.log

2013-10-03 05:54 - 2013-10-03 05:54 - 00564888 _____ C:\Users\DARLA\AppData\Local\cexkorog.exe

2013-10-03 05:53 - 2013-10-03 05:53 - 00794624 _____ () C:\Users\DARLA\AppData\Roaming\zrvcd.dll

2013-10-03 05:53 - 2013-10-03 05:53 - 00352256 _____ (Systems Corporation) C:\Users\DARLA\AppData\Roaming\weltp.dll

2013-10-03 05:48 - 2013-10-03 05:48 - 00037888 _____ C:\Users\DARLA\AppData\Local\uibmxwfc.exe

2013-10-02 15:37 - 2013-10-01 15:25 - 00371489 _____ C:\Users\DARLA\Documents\HALLOWEEN COSTUME PARTY 10 13.pptx

2013-10-01 14:16 - 2013-10-01 14:16 - 00010930 _____ C:\Users\DARLA\Desktop\2013 Halloween party evite - Shortcut.lnk

2013-09-26 14:58 - 2013-09-25 06:18 - 00000000 ____D C:\Users\DARLA\AppData\Local\EDDD404C-E064-4DC0-B9AF-29CADAA2F82D.aplzod

2013-09-26 09:10 - 2013-09-26 09:10 - 00001790 _____ C:\Users\Public\Desktop\iTunes.lnk

2013-09-26 09:10 - 2013-09-26 09:10 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-09-26 09:10 - 2013-09-26 09:10 - 00000000 ____D C:\Program Files\iTunes

2013-09-26 09:10 - 2013-09-26 09:10 - 00000000 ____D C:\Program Files\iPod

2013-09-26 09:10 - 2013-09-26 09:10 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-09-25 06:18 - 2012-09-28 10:34 - 00000000 ____D C:\Users\DARLA\Documents\Outlook Files

2013-09-25 06:17 - 2010-03-29 17:12 - 00000000 ____D C:\Users\DARLA\AppData\Local\Apple

2013-09-25 06:15 - 2013-09-25 06:15 - 00000000 ____D C:\Users\DARLA\AppData\Local\{1AC4EFA5-8280-4B32-AEA4-6C7ADE63339F}

2013-09-25 06:15 - 2010-03-29 17:13 - 00000000 ____D C:\Users\DARLA\AppData\Local\Apple Computer

2013-09-21 09:06 - 2013-09-21 09:06 - 00000000 ____D C:\Users\DARLA\AppData\Local\{060981D0-C2B6-495D-AD9C-72EB6294C8F6}

2013-09-19 02:18 - 2013-09-19 02:18 - 00000000 ____D C:\Users\DARLA\AppData\Local\{28FB30EF-738C-4F3E-BE4E-C233E9354F9C}

2013-09-18 14:18 - 2013-09-18 14:18 - 00000000 ____D C:\Users\DARLA\AppData\Local\{3B62EC9F-7FAF-461F-B525-1891481D4DDD}

2013-09-17 15:58 - 2013-09-17 15:58 - 00000000 ____D C:\Users\DARLA\AppData\Local\{F28AEDCC-F98C-43C8-AC68-2C5637E428BF}

2013-09-15 12:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2013-09-15 11:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-09-15 10:38 - 2013-09-15 10:38 - 00000000 ____D C:\Users\DARLA\AppData\Local\{0F63FC65-6F11-4854-AC6B-4344B9533885}

2013-09-15 10:36 - 2009-11-05 13:22 - 00285548 _____ C:\Windows\PFRO.log

2013-09-15 10:35 - 2009-11-05 13:10 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-09-15 10:35 - 2009-07-13 18:34 - 00000478 _____ C:\Windows\win.ini

2013-09-13 13:19 - 2012-12-23 06:17 - 00000000 ____D C:\Users\DARLA\Desktop\2012-12-23 D Camera pix 12 23 05

2013-09-13 10:55 - 2013-09-13 10:54 - 00000000 ____D C:\Users\DARLA\AppData\Local\{05FEC793-630F-42CF-864A-2B2C3CFBAFBB}

2013-09-12 06:13 - 2013-05-06 12:01 - 00000000 ____D C:\Users\DARLA\Desktop\2013-05-06

2013-09-12 06:12 - 2013-09-12 06:12 - 00000000 ____D C:\Users\DARLA\AppData\Local\{151B6D4C-A056-4FA6-8ED6-E7C95F5E4A20}

2013-09-12 06:08 - 2013-05-17 09:47 - 00000000 ____D C:\Users\DARLA\Desktop\2013-05-17

2013-09-12 06:06 - 2013-03-06 14:40 - 00000000 ____D C:\Users\DARLA\Desktop\2013-03-06

2013-09-11 00:29 - 2013-09-11 00:29 - 00000000 ____D C:\Users\DARLA\AppData\Local\{4081C15C-15D2-4864-9F9A-BCBF49BA2378}

2013-09-11 00:27 - 2009-07-13 20:45 - 00426072 _____ C:\Windows\System32\FNTCACHE.DAT

2013-09-11 00:06 - 2013-08-15 00:01 - 00000000 ____D C:\Windows\System32\MRT

2013-09-11 00:06 - 2010-04-26 05:56 - 79143768 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

 

ZeroAccess:

C:\$Recycle.Bin\S-1-5-21-344418420-3823632273-2407523003-1001\$48f4923f11982951ee9eadbcd0b70776

 

Files to move or delete:

====================

C:\ProgramData\PKP_DLes.DAT

C:\ProgramData\PKP_DLet.DAT

C:\ProgramData\PKP_DLev.DAT

C:\Users\DARLA\BonjourPSSetup.exe

C:\Users\DARLA\ParetoLogic FileCure.exe

C:\Users\DARLA\viewer_633.exe

 

 

Some content of TEMP:

====================

C:\Users\ADM2\AppData\Local\Temp\rzgqfnhq.dll

C:\Users\DARLA\AppData\Local\Temp\AMPing.exe

C:\Users\DARLA\AppData\Local\Temp\atl80.dll

C:\Users\DARLA\AppData\Local\Temp\BrowserPlus.exe

C:\Users\DARLA\AppData\Local\Temp\FlashPlayerUpdate.exe

C:\Users\DARLA\AppData\Local\Temp\FlashPlayerUpdate01.exe

C:\Users\DARLA\AppData\Local\Temp\ICReinstall_PhotoAlbumSetup.exe

C:\Users\DARLA\AppData\Local\Temp\imxpt32y.dll

C:\Users\DARLA\AppData\Local\Temp\InstallFlashPlayer.exe

C:\Users\DARLA\AppData\Local\Temp\InstallManager_BAB_BAB.exe

C:\Users\DARLA\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe

C:\Users\DARLA\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe

C:\Users\DARLA\AppData\Local\Temp\libexpat.dll

C:\Users\DARLA\AppData\Local\Temp\mfc80.dll

C:\Users\DARLA\AppData\Local\Temp\mfc80u.dll

C:\Users\DARLA\AppData\Local\Temp\mfcm80.dll

C:\Users\DARLA\AppData\Local\Temp\mfcm80u.dll

C:\Users\DARLA\AppData\Local\Temp\msimg32.dll

C:\Users\DARLA\AppData\Local\Temp\msvcm80.dll

C:\Users\DARLA\AppData\Local\Temp\msvcp80.dll

C:\Users\DARLA\AppData\Local\Temp\msvcr80.dll

C:\Users\DARLA\AppData\Local\Temp\nlsdl.dll

C:\Users\DARLA\AppData\Local\Temp\ose00000.exe

C:\Users\DARLA\AppData\Local\Temp\SearchWithGoogleUpdate.exe

C:\Users\DARLA\AppData\Local\Temp\sfnwntarvpkbrwoni.exe

C:\Users\DARLA\AppData\Local\Temp\SmartDrive.exe

C:\Users\DARLA\AppData\Local\Temp\tbSmil.dll

C:\Users\DARLA\AppData\Local\Temp\tmdbg64.dll

C:\Users\DARLA\AppData\Local\Temp\Update.exe

C:\Users\DARLA\AppData\Local\Temp\zqyrvamk.dll

 

 

==================== Known DLLs (Whitelisted) ================

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

==================== EXE ASSOCIATION =====================

 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

 

==================== Restore Points  =========================

 

 

==================== Memory info ===========================

 

Percentage of memory in use: 12%

Total physical RAM: 7935.3 MB

Available physical RAM: 6975.02 MB

Total Pagefile: 7933.45 MB

Available Pagefile: 7028.79 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB

 

==================== Drives ================================

 

Drive c: (Gateway) (Fixed) (Total:919.41 GB) (Free:633.73 GB) NTFS

Drive e: (PQSERVICE) (Fixed) (Total:12 GB) (Free:3.97 GB) NTFS

Drive g: () (Fixed) (Total:7.45 GB) (Free:7.38 GB) FAT32

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 932 GB) (Disk ID: 1A6A07CA)

Partition 1: (Not Active) - (Size=12 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=919 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 7 GB) (Disk ID: 0F6DE5E2)

Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

 

 

LastRegBack: 2013-09-30 21:52

 

==================== End Of Log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users