Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hacked through 4 different routers & think they are still accessing my computer


  • This topic is locked This topic is locked
62 replies to this topic

#1 sickofhackers

sickofhackers

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 20 March 2014 - 12:32 AM

The title sums it up.  I have done a system restore on 2 laptops, 5 times each.  I have had remote settings turned off. I have also deleted any software that would leave an open port....truly left nothing and deleted a lot that was installed.  I most recently (after the last system restores) got a static IP address and new router. Bam....It took a mere 12 hours to be completely locked out of my router again (and that is being plugged into the ethernet.)  I NEVER used the wireless this last time, although it was broadcasting. The Internet Service Provider can't log into the router either. Thankfully, the last time, I only connected one of the computers to the home service.  I have one laptop that has been connected to a Hotspot.  It seems clean at the moment.  Thanks to my Internet Service Provider...no real tracing has been done...

 

RogueKiller continually finds registry errors.  Occasionally, Norton finds a small something. But nothing major.  After doing restores, I go in an MAKE SURE that no remote services are on or can start even manually. AND now they are back. I read today about a powershell script that can change a bunch of stuff. I am finding that the system time is being moved forward, then back.  I am still finding evidence (Event Viewer) that there are still remote connections booting. 

 

AGAIN, these have been taken back to FACTORY condition, with NO saving of files or programs! Any other ideas???? How do I shake these morons and the malware they are installing!? I just started searching this forum and suddenly my keyboard stopped working again.  I went and turned on the on screen keyboard.

 

Sorry for the shortened and condensed version.  More details can be provided on request.

 

Forgot to mention.  This person is deleting print drivers, locking many admin features, uninstalling programs,  installing random keyboards, where the "M" in particular is unavailable, so I can't access the command prompt. They deleted Picasa 3, which is where my screenshots would automatically be saved.  When I re-installed this program, the print screen didn't work. I was able to open paint and paste it there. I installed SoftPerfect Wifi Guard early on in this mess and could tell that someone was causing an IP conflict.  Then I got the computer I am on now online, and pulled the battery out of the other laptop.  WiFi Guard showed that it was still connected.  LOL.  Yeah, then I knew it was a serious problem.  My passport paperwork was signed and saved to my desktop. Grrrrr.

 

 

Okay.  Thanks again in advance.  

 

Thanks for the help on a 7 month ordeal!  I am SOOOO ready to just burn this stupid computer!

 



BC AdBot (Login to Remove)

 


#2 sickofhackers

sickofhackers
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 20 March 2014 - 12:40 AM

Computer is a Toshiba Satellite C655D  64 Bit  Windows 7 Home Premium Running Service Pack 1



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:46 AM

Posted 25 March 2014 - 12:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/528095 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 sickofhackers

sickofhackers
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 25 March 2014 - 09:53 AM

LOGS:  

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer:   BrowserJavaVersion: 10.51.2
Run by PC at 10:41:03 on 2014-03-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3687.1625 [GMT -4:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
SP: Bitdefender Antispyware *Enabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall *Disabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Users\PC\Downloads\RogueKillerX64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\cmd.exe
C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcrnmh.exe
C:\windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
uRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
uRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
dRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
TCP: NameServer = 65.32.5.111 65.32.5.112 192.168.1.1
TCP: Interfaces\{A35354BC-F76B-4A05-A3D4-F4BCC9BD55B8} : DHCPNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
TCP: Interfaces\{A35354BC-F76B-4A05-A3D4-F4BCC9BD55B8}\7414C4148595F5E4F4455433F543636333 : DHCPNameServer = 192.168.43.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender\bdagent.exe"
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2014-2-24 75904]
R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2014-2-24 38016]
R0 avc3;avc3;C:\windows\System32\drivers\avc3.sys [2014-3-1 893440]
R0 gzflt;gzflt;C:\windows\System32\drivers\gzflt.sys [2014-3-1 150256]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2014-3-1 93600]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2014-3-1 103504]
R1 BDVEDISK;BDVEDISK;C:\windows\System32\drivers\bdvedisk.sys [2014-3-1 76944]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2014-2-24 204288]
R2 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2014-3-1 94624]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [2014-3-1 67320]
R3 avchv;avchv Function Driver;C:\windows\System32\drivers\avchv.sys [2014-3-1 261056]
R3 avckf;avckf;C:\windows\System32\drivers\avckf.sys [2014-3-1 635392]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-11-11 137512]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2014-2-24 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-4-20 169584]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2014-2-24 38096]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\drivers\rtwlane.sys [2013-5-2 1514568]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2014-2-24 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-3-20 2153792]
S3 bdfwfpf_pc;bdfwfpf_pc;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [2014-3-1 121928]
S3 BDSandBox;BDSandBox;C:\windows\System32\drivers\bdsandbox.sys [2014-3-1 82824]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-3-11 111616]
S3 PSKMAD;PSKMAD;C:\windows\System32\drivers\PSKMAD.sys [2014-3-1 47632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2014-3-1 19456]
S3 rspSanity;rspSanity;C:\windows\System32\drivers\rspSanity64.sys [2014-3-23 31328]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2014-2-24 243712]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2014-2-24 1109096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-3-1 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2014-3-1 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2014-3-1 1255736]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [2014-3-1 77632]
SUnknown Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher; [x]
SUnknown PCCUJobMgr;PCCUJobMgr; [x]
.
=============== Created Last 30 ================
.
2014-03-23 16:12:03 -------- d-----w- C:\Users\PC\AppData\Roaming\ProductData
2014-03-23 05:43:53 31328 ----a-w- C:\windows\System32\drivers\rspSanity64.sys
2014-03-20 18:29:40 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-20 18:24:12 108968 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2014-03-20 07:48:55 -------- d-----w- C:\ProgramData\IObit
2014-03-20 07:48:42 -------- d-----w- C:\Users\PC\AppData\Roaming\IObit
2014-03-20 07:48:39 -------- d-----w- C:\ProgramData\ProductData
2014-03-20 07:48:08 -------- d-----w- C:\Program Files (x86)\IObit
2014-03-17 18:19:43 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-03-17 18:19:43 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-03-17 18:19:24 228864 ----a-w- C:\windows\System32\wwansvc.dll
2014-03-12 12:30:33 -------- d-----w- C:\Users\PC\AppData\Local\Diagnostics
2014-03-07 04:47:14 302080 ----a-w- C:\windows\System32\CNCALAL.DLL
2014-03-04 21:44:25 -------- d-----w- C:\ProgramData\Canon IJ Network Tool
2014-03-04 21:44:16 315392 ----a-w- C:\windows\SysWow64\CNC410L.dll
2014-03-04 21:44:16 15872 ----a-w- C:\windows\SysWow64\CNHMCA.dll
2014-03-04 21:44:16 106496 ----a-w- C:\windows\SysWow64\CNC410U.dll
2014-03-04 21:44:11 -------- d--h--w- C:\ProgramData\CanonIJFAX
2014-03-04 21:41:37 39424 ----a-w- C:\windows\System32\CNMN6UI.DLL
2014-03-04 21:41:37 366592 ----a-w- C:\windows\SysWow64\CNMNPPM.DLL
2014-03-04 21:41:37 359936 ----a-w- C:\windows\System32\CNMN6PPM.DLL
2014-03-04 21:41:37 -------- d-----w- C:\windows\System32\STRING
2014-03-04 21:39:54 99840 ----a-w- C:\windows\System32\Spool\prtprocs\x64\CNMPPAL.DLL
2014-03-04 21:39:54 30208 ----a-w- C:\windows\System32\Spool\prtprocs\x64\CNMPDAL.DLL
2014-03-04 21:38:55 385024 ----a-w- C:\windows\System32\CNMLMAL.DLL
2014-03-04 21:38:32 248320 ----a-w- C:\windows\System32\CNMIUAL.DLL
2014-03-04 15:56:34 -------- d-----w- C:\Users\PC\AppData\Roaming\Tific
2014-03-02 23:51:35 -------- d-----w- C:\ProgramData\GNU
2014-03-02 21:31:34 -------- d-----w- C:\Users\PC\AppData\Roaming\Malwarebytes
2014-03-02 21:31:21 -------- d-----w- C:\ProgramData\Malwarebytes
2014-03-02 20:53:30 33512 ----a-w- C:\windows\System32\drivers\DasPtct.SYS
2014-03-02 20:37:17 20312 ----a-w- C:\windows\System32\roboot64.exe
2014-03-02 20:37:15 -------- d-----w- C:\Users\PC\AppData\Roaming\systweak
2014-03-02 18:02:10 -------- d-----w- C:\Users\PC\AppData\Local\bdch
2014-03-02 18:01:58 -------- d-----w- C:\ProgramData\bdch
2014-03-02 03:42:38 -------- d-----w- C:\Users\PC\AppData\Local\Thunderbird
2014-03-02 03:41:54 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-02 03:01:55 -------- d-----w- C:\Users\PC\AppData\Local\Adobe
2014-03-02 02:46:44 -------- d-----w- C:\ProgramData\Oracle
2014-03-02 02:34:41 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-03-02 01:59:45 -------- d-----w- C:\Users\PC\AppData\Roaming\DesktopIconForAmazon
2014-03-01 21:37:36 1721576 ----a-w- C:\windows\System32\WdfCoInstaller01009.dll
2014-03-01 21:37:30 -------- d-----w- C:\ProgramData\BDLogging
2014-03-01 21:36:46 76944 ----a-w- C:\windows\System32\drivers\bdvedisk.sys
2014-03-01 21:36:43 93600 ----a-w- C:\windows\System32\drivers\BdfNdisf6.sys
2014-03-01 21:36:43 82824 ----a-w- C:\windows\System32\drivers\bdsandbox.sys
2014-03-01 21:36:43 74512 ----a-w- C:\windows\SysWow64\bdsandboxuiskin32.dll
2014-03-01 21:36:43 511328 ----a-w- C:\windows\capicom.dll
2014-03-01 21:36:24 893440 ----a-w- C:\windows\System32\drivers\avc3.sys
2014-03-01 21:36:24 635392 ----a-w- C:\windows\System32\drivers\avckf.sys
2014-03-01 21:36:24 261056 ----a-w- C:\windows\System32\drivers\avchv.sys
2014-03-01 21:34:29 -------- d-----w- C:\Users\PC\AppData\Roaming\Bitdefender
2014-03-01 21:34:03 3271472 ---ha-w- C:\bdr-bz01
2014-03-01 21:34:00 2247 ----a-w- C:\ProgramData\1393709292.4952.bin
2014-03-01 21:31:01 1451 ----a-w- C:\ProgramData\1393709292.2748.bin
2014-03-01 21:27:57 -------- d-----w- C:\Program Files (x86)\Common Files\Bitdefender
2014-03-01 20:26:27 -------- d-----w- C:\Users\PC\AppData\Local\CrashDumps
2014-03-01 20:23:51 22752 ----a-w- C:\windows\System32\PCloudBroom64.exe
2014-03-01 19:57:57 47632 ----a-w- C:\windows\System32\drivers\PSKMAD.sys
2014-03-01 19:57:25 -------- d-----w- C:\Program Files (x86)\Panda Security
2014-03-01 19:15:35 -------- d-----w- C:\Program Files (x86)\Canon
2014-03-01 18:39:35 -------- d-----w- C:\Users\PC\AppData\Local\Apps
2014-03-01 18:39:32 -------- d-----w- C:\Users\PC\AppData\Local\Deployment
2014-03-01 18:28:39 548864 ----a-w- C:\windows\System32\vbscript.dll
2014-03-01 18:28:39 454656 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-03-01 18:26:21 6574592 ----a-w- C:\windows\System32\mstscax.dll
2014-03-01 18:26:21 5694464 ----a-w- C:\windows\SysWow64\mstscax.dll
2014-03-01 18:26:15 465920 ----a-w- C:\windows\System32\WMPhoto.dll
2014-03-01 18:26:15 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2014-03-01 18:25:30 559104 ----a-w- C:\windows\System32\spoolsv.exe
2014-03-01 18:25:29 67072 ----a-w- C:\windows\splwow64.exe
2014-03-01 18:23:33 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2014-03-01 18:23:32 3928064 ----a-w- C:\windows\System32\d2d1.dll
2014-03-01 18:23:32 3419136 ----a-w- C:\windows\SysWow64\d2d1.dll
2014-03-01 18:23:32 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
2014-03-01 18:16:37 461312 ----a-w- C:\windows\System32\scavengeui.dll
2014-03-01 15:33:00 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-03-01 15:33:00 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-03-01 15:32:58 12625920 ----a-w- C:\windows\System32\wmploc.DLL
2014-03-01 15:32:57 12625408 ----a-w- C:\windows\SysWow64\wmploc.DLL
2014-03-01 15:19:50 -------- d-----w- C:\windows\Migration
2014-03-01 14:41:39 44544 ----a-w- C:\windows\System32\TsUsbGDCoInstaller.dll
2014-03-01 14:39:29 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui
2014-03-01 14:37:42 15360 ----a-w- C:\windows\System32\RdpGroupPolicyExtension.dll
2014-03-01 14:37:36 30208 ----a-w- C:\windows\System32\drivers\TsUsbGD.sys
2014-03-01 14:37:36 19456 ----a-w- C:\windows\System32\drivers\rdpvideominiport.sys
2014-03-01 14:37:29 192000 ----a-w- C:\windows\SysWow64\rdpendp_winip.dll
2014-03-01 14:37:28 243200 ----a-w- C:\windows\System32\rdpudd.dll
2014-03-01 14:37:27 228864 ----a-w- C:\windows\System32\rdpendp_winip.dll
2014-03-01 14:37:26 3174912 ----a-w- C:\windows\System32\rdpcorets.dll
2014-03-01 14:31:38 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys
2014-03-01 14:31:38 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys
2014-03-01 14:31:36 84992 ----a-w- C:\windows\System32\WUDFSvc.dll
2014-03-01 14:31:36 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll
2014-03-01 14:31:34 744448 ----a-w- C:\windows\System32\WUDFx.dll
2014-03-01 14:31:34 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll
2014-03-01 14:31:34 229888 ----a-w- C:\windows\System32\WUDFHost.exe
2014-03-01 14:28:02 658432 ----a-w- C:\windows\System32\RMActivate_isv.exe
2014-03-01 14:28:02 626176 ----a-w- C:\windows\System32\RMActivate.exe
2014-03-01 14:28:02 594944 ----a-w- C:\windows\SysWow64\RMActivate_isv.exe
2014-03-01 14:28:02 572416 ----a-w- C:\windows\SysWow64\RMActivate.exe
2014-03-01 14:28:02 508928 ----a-w- C:\windows\SysWow64\RMActivate_ssp_isv.exe
2014-03-01 14:28:01 553984 ----a-w- C:\windows\System32\RMActivate_ssp.exe
2014-03-01 14:28:01 552960 ----a-w- C:\windows\System32\RMActivate_ssp_isv.exe
2014-03-01 14:28:01 510976 ----a-w- C:\windows\SysWow64\RMActivate_ssp.exe
2014-03-01 14:28:01 485888 ----a-w- C:\windows\System32\secproc_isv.dll
2014-03-01 14:28:00 423936 ----a-w- C:\windows\SysWow64\secproc_isv.dll
2014-03-01 14:27:59 528384 ----a-w- C:\windows\System32\msdrm.dll
2014-03-01 14:27:59 488448 ----a-w- C:\windows\System32\secproc.dll
2014-03-01 14:27:59 428032 ----a-w- C:\windows\SysWow64\secproc.dll
2014-03-01 14:27:59 390144 ----a-w- C:\windows\SysWow64\msdrm.dll
2014-03-01 14:27:57 87040 ----a-w- C:\windows\SysWow64\secproc_ssp_isv.dll
2014-03-01 14:27:57 87040 ----a-w- C:\windows\SysWow64\secproc_ssp.dll
2014-03-01 14:27:57 123392 ----a-w- C:\windows\System32\secproc_ssp_isv.dll
2014-03-01 14:27:57 123392 ----a-w- C:\windows\System32\secproc_ssp.dll
2014-03-01 14:00:35 -------- d-----w- C:\windows\SysWow64\Wat
2014-03-01 14:00:35 -------- d-----w- C:\windows\System32\Wat
2014-03-01 08:11:36 -------- d-----w- C:\windows\System32\MRT
2014-03-01 06:44:26 1887232 ----a-w- C:\windows\System32\d3d11.dll
2014-03-01 06:44:26 1505280 ----a-w- C:\windows\SysWow64\d3d11.dll
2014-03-01 06:06:47 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2014-03-01 06:06:45 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2014-03-01 06:06:45 5120 ----a-w- C:\windows\System32\wmi.dll
2014-03-01 05:59:30 1882112 ----a-w- C:\windows\System32\msxml3.dll
2014-03-01 05:59:29 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2014-03-01 05:59:29 2048 ----a-w- C:\windows\System32\msxml3r.dll
2014-03-01 05:59:29 1237504 ----a-w- C:\windows\SysWow64\msxml3.dll
2014-03-01 05:58:42 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0DCFA282-7569-45D8-92EB-0C125338330B}\mpengine.dll
2014-03-01 05:58:20 950128 ----a-w- C:\windows\System32\drivers\ndis.sys
2014-03-01 05:58:19 41472 ----a-w- C:\windows\System32\drivers\RNDISMP.sys
2014-03-01 05:56:42 245760 ----a-w- C:\windows\System32\OxpsConverter.exe
2014-03-01 05:55:57 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll
2014-03-01 05:54:53 94208 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll
2014-03-01 05:54:53 86016 ----a-w- C:\windows\SysWow64\odbccu32.dll
2014-03-01 05:54:53 81920 ----a-w- C:\windows\SysWow64\odbccr32.dll
2014-03-01 05:54:53 319488 ----a-w- C:\windows\SysWow64\odbcjt32.dll
2014-03-01 05:54:53 212992 ----a-w- C:\windows\System32\odbctrac.dll
2014-03-01 05:54:53 163840 ----a-w- C:\windows\SysWow64\odbctrac.dll
2014-03-01 05:54:53 163840 ----a-w- C:\windows\System32\odbccp32.dll
2014-03-01 05:54:53 126976 ----a-w- C:\Program Files\Common Files\System\Ole DB\msdaosp.dll
2014-03-01 05:54:53 122880 ----a-w- C:\windows\SysWow64\odbccp32.dll
2014-03-01 05:54:53 106496 ----a-w- C:\windows\System32\odbccu32.dll
2014-03-01 05:54:53 106496 ----a-w- C:\windows\System32\odbccr32.dll
2014-03-01 05:39:47 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys
2014-03-01 05:39:18 70144 ----a-w- C:\windows\System32\appinfo.dll
2014-03-01 05:39:18 111448 ----a-w- C:\windows\System32\consent.exe
2014-03-01 05:38:56 224256 ----a-w- C:\windows\System32\wintrust.dll
2014-03-01 05:38:56 175104 ----a-w- C:\windows\SysWow64\wintrust.dll
2014-03-01 05:38:06 1474048 ----a-w- C:\windows\System32\crypt32.dll
2014-03-01 05:38:05 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2014-03-01 05:38:05 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2014-03-01 05:38:05 139776 ----a-w- C:\windows\System32\cryptnet.dll
2014-03-01 05:38:05 1168384 ----a-w- C:\windows\SysWow64\crypt32.dll
2014-03-01 05:38:05 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2014-03-01 05:37:46 395776 ----a-w- C:\windows\System32\webio.dll
2014-03-01 05:37:46 314880 ----a-w- C:\windows\SysWow64\webio.dll
2014-03-01 05:37:43 633856 ----a-w- C:\windows\System32\comctl32.dll
2014-03-01 05:37:43 530432 ----a-w- C:\windows\SysWow64\comctl32.dll
2014-03-01 05:37:00 1572864 ----a-w- C:\windows\System32\quartz.dll
2014-03-01 05:35:42 53248 ----a-w- C:\windows\System32\drivers\usbehci.sys
2014-03-01 05:34:56 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL
2014-03-01 05:33:51 2002432 ----a-w- C:\windows\System32\msxml6.dll
2014-03-01 05:33:49 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll
2014-03-01 05:33:47 478208 ----a-w- C:\windows\System32\dpnet.dll
2014-03-01 05:33:47 376832 ----a-w- C:\windows\SysWow64\dpnet.dll
2014-03-01 05:32:51 76800 ----a-w- C:\windows\System32\drivers\hidclass.sys
2014-03-01 05:32:51 32896 ----a-w- C:\windows\System32\drivers\hidparse.sys
2014-03-01 05:30:33 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-03-01 05:30:33 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-03-01 05:30:27 751104 ----a-w- C:\windows\System32\win32spl.dll
2014-03-01 05:30:27 492544 ----a-w- C:\windows\SysWow64\win32spl.dll
2014-03-01 05:30:22 288088 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2014-03-01 05:28:43 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2014-03-01 05:27:11 859648 ----a-w- C:\windows\System32\IKEEXT.DLL
2014-03-01 05:27:10 830464 ----a-w- C:\windows\System32\nshwfp.dll
2014-03-01 05:27:10 656896 ----a-w- C:\windows\SysWow64\nshwfp.dll
2014-03-01 05:27:10 324096 ----a-w- C:\windows\System32\FWPUCLNT.DLL
2014-03-01 05:27:10 216576 ----a-w- C:\windows\SysWow64\FWPUCLNT.DLL
2014-03-01 05:26:59 90624 ----a-w- C:\windows\System32\drivers\bowser.sys
2014-02-27 04:48:54 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-02-27 04:42:52 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2014-02-27 04:42:52 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2014-02-27 04:42:52 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2014-02-27 04:32:08 2622464 ----a-w- C:\windows\System32\wucltux.dll
2014-02-27 04:31:54 99840 ----a-w- C:\windows\System32\wudriver.dll
2014-02-27 04:31:44 36864 ----a-w- C:\windows\System32\wuapp.exe
2014-02-27 04:31:44 186752 ----a-w- C:\windows\System32\wuwebv.dll
2014-02-27 03:27:53 -------- d-----w- C:\ProgramData\Licenses
2014-02-27 03:25:34 -------- d-----w- C:\Users\PC\AppData\Local\Programs
2014-02-25 04:42:51 -------- d-----w- C:\Program Files\CCleaner
2014-02-25 02:59:46 -------- d-----w- C:\windows\System32\drivers\NortonPCCheckupx64\02000D0.00B
2014-02-25 02:59:46 -------- d-----w- C:\windows\System32\drivers\NortonPCCheckupx64
2014-02-25 02:58:33 -------- d-----w- C:\Program Files (x86)\Toshiba Online Backup
2014-02-25 02:48:00 -------- d-----w- C:\ProgramData\WildTangent
2014-02-25 02:47:59 -------- d-----w- C:\Program Files (x86)\TOSHIBA Games
2014-02-25 02:40:43 -------- d-----w- C:\ProgramData\Norton
2014-02-25 02:39:32 -------- d-----w- C:\ProgramData\NortonInstaller
2014-02-25 02:38:34 -------- d-----w- C:\Program Files (x86)\Common Files\Ulead Systems
2014-02-25 02:38:29 -------- d-----w- C:\Program Files (x86)\Corel
2014-02-25 02:27:24 38096 ----a-w- C:\windows\System32\drivers\PGEffect.sys
2014-02-25 02:25:13 138656 ----a-w- C:\windows\System32\TODDSrv.exe
2014-02-25 02:19:09 24576 ----a-w- C:\windows\SysWow64\TSCI.dll
2014-02-25 02:19:09 24576 ----a-w- C:\windows\SysWow64\THCI.dll
2014-02-25 02:15:13 1351392 ----a-w- C:\windows\SysWow64\COMCTL32.OCX
2014-02-25 02:14:28 152848 ----a-w- C:\windows\SysWow64\Comdlg32.ocx
2014-02-25 02:14:28 1081616 ----a-w- C:\windows\SysWow64\mscomctl.ocx
2014-02-25 02:14:25 9728 ----a-w- C:\windows\SysWow64\TCMSVR.dll
2014-02-25 02:14:25 9216 ----a-w- C:\windows\System32\drivers\FwLnk.sys
2014-02-25 02:14:22 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2014-02-25 02:14:22 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2014-02-25 02:14:22 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2014-02-25 02:14:22 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2014-02-25 02:14:20 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2014-02-25 02:14:20 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2014-02-25 02:14:20 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2014-02-25 02:13:55 -------- d-----w- C:\windows\SysWow64\sda
2014-02-25 02:13:42 9112168 ----a-w- C:\windows\SysWow64\RtsUStoricon.dll
2014-02-25 02:13:42 422504 ----a-w- C:\windows\System32\RtsUStor.dll
2014-02-25 02:13:42 243712 ----a-w- C:\windows\System32\drivers\RtsUStor.sys
2014-02-25 02:13:42 -------- d-----w- C:\Program Files (x86)\Realtek
2014-02-25 02:03:15 -------- d-----w- C:\windows\SysWow64\Atheros_L1e
2014-02-25 01:58:59 626792 ----a-w- C:\windows\System32\drivers\rtl819xp.sys
2014-02-25 01:58:59 450048 ----a-w- C:\windows\System32\drivers\rtl8187B.sys
2014-02-25 01:58:59 442368 ----a-w- C:\windows\System32\drivers\rtl8187Se.sys
2014-02-25 01:58:59 1221224 ----a-w- C:\windows\System32\drivers\rtl8192se.sys
2014-02-25 01:58:59 1109096 ----a-w- C:\windows\System32\drivers\rtl8192ce.sys
2014-02-25 01:58:58 -------- d-----w- C:\Program Files (x86)\Realtek WLAN Driver
2014-02-25 01:58:57 451072 ----a-w- C:\windows\SysWow64\ISSRemoveSP.exe
2014-02-25 01:57:40 -------- d-----w- C:\Program Files\Elantech
2014-02-25 01:53:07 -------- d-----w- C:\Program Files\CONEXANT
2014-02-25 01:49:21 75904 ----a-w- C:\windows\System32\drivers\amd_sata.sys
2014-02-25 01:49:21 38016 ----a-w- C:\windows\System32\drivers\amd_xata.sys
2014-02-25 01:47:25 0 ----a-w- C:\windows\ativpsrm.bin
2014-02-25 01:44:16 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2014-02-25 01:44:16 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2014-02-25 00:22:14 -------- d-----w- C:\Users\PC\AppData\Local\Google
2014-02-25 00:18:02 -------- d-----w- C:\Users\PC\AppData\Local\ATI
2014-02-25 00:17:53 -------- d-----w- C:\Users\PC\AppData\Local\TOSHIBA
2014-02-25 00:17:17 -------- d-----w- C:\Users\PC\AppData\Local\VirtualStore
2014-02-25 00:16:39 13 --sh--r- C:\windows\System32\drivers\fbd.sys
2014-02-25 00:16:04 -------- d-----w- C:\Users\PC\AppData\Roaming\WinBatch
.
==================== Find3M  ====================
.
2014-03-02 02:36:11 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-01 22:00:45 74512 ----a-w- C:\windows\System32\bdsandboxuiskin32.dll
2014-03-01 21:40:01 60622 ----a-w- C:\ProgramData\1393709292.4248.bin
2014-03-01 21:40:01 138727 ----a-w- C:\ProgramData\1393709292.4444.bin
2014-03-01 21:39:27 236524 ----a-w- C:\ProgramData\1393709292.576.bin
2014-03-01 21:39:27 125847 ----a-w- C:\ProgramData\1393709292.4764.bin
2014-03-01 21:34:23 1017489 ----a-w- C:\ProgramData\1393709292.4312.bin
2014-03-01 21:29:34 1090 ----a-w- C:\ProgramData\1393709292.4572.bin
2014-03-01 21:29:31 1090 ----a-w- C:\ProgramData\1393709292.4920.bin
2014-03-01 21:28:44 10651 ----a-w- C:\ProgramData\1393709292.4676.bin
2014-03-01 21:28:41 17879 ----a-w- C:\ProgramData\1393709292.3760.bin
2014-03-01 21:28:37 3735 ----a-w- C:\ProgramData\1393709292.5056.bin
2014-03-01 06:48:21 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-01 05:17:02 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
2014-02-07 01:23:30 3156480 ----a-w- C:\windows\System32\win32k.sys
2014-02-04 02:32:12 624128 ----a-w- C:\windows\System32\qedit.dll
2014-02-04 02:04:11 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2014-01-29 02:32:18 484864 ----a-w- C:\windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\windows\SysWow64\wer.dll
2014-01-06 19:23:36 4558848 ----a-w- C:\windows\SysWow64\GPhotos.scr
.
============= FINISH: 10:41:57.48 ===============
 
 
 
 
 
 
 
 
 

Attached Files



#5 sickofhackers

sickofhackers
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 30 March 2014 - 12:48 PM

RUN IN SAFE MODE:
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:39:22 PM, on 3/30/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Safe mode with network support
 
Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\cmd.exe
C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcrnmh.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKCU\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
O4 - HKCU\..\Run: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
O4 - HKCU\..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Reimage Real Time Protection (ReimageRealTimeProtection) - Reimage® - C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: SafeBox - Bitdefender - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 8113 bytes


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:46 PM

Posted 01 April 2014 - 10:09 AM

Greetings sickofhackers and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Based on what you have written I am not sure how much help I can offer you but we will see.

While I review our situation please run these programs for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 sickofhackers

sickofhackers
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 01 April 2014 - 10:51 AM

Hello Gary.  I must admit that I have made some efforts to remove bloatware and remnants of old antivirus software since my last post. I have also disabled many startup programs, that were not needed.
 
 
 
Here are the requested logs.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by PC (administrator) on PC-PC on 01-04-2014 11:14:55
Running from C:\Users\PC\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\seccenter.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\Antispam32\OBKAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\windows\SysWOW64\cmd.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcrnmh.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] - [X]
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2588456 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [Bdagent] - C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1742064 2014-03-27] (Bitdefender)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] - C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-03-27] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet] - C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001536 2014-03-27] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] - C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-03-27] (Bitdefender)
HKU\S-1-5-21-96528564-3643669245-997664657-1000\...\Run: [Bitdefender Wallet Agent] - C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-03-27] (Bitdefender)
HKU\S-1-5-21-96528564-3643669245-997664657-1000\...\Run: [Bitdefender Wallet Application Agent] - C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-03-27] (Bitdefender)
HKU\S-1-5-21-96528564-3643669245-997664657-1000\...\Run: [Bitdefender Wallet] - C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001536 2014-03-27] (Bitdefender)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = 
BHO-x32: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112 192.168.1.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Extension: (Google Docs) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-01]
CHR Extension: (Google Drive) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-01]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-01]
CHR Extension: (Bitdefender Wallet) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-03-01]
CHR Extension: (Google Search) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-01]
CHR Extension: (ContactMonkey Email Analytics for Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppikdhbkdinhpfbneekdbjhgphknad [2014-03-03]
CHR Extension: (Yesware Email Tracking) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjnkapjmjfpipfcccnjbjcbgdnahpjp [2014-03-01]
CHR Extension: (Google Wallet) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-01]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-03-27]
 
==================== Services (Whitelisted) =================
 
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2013-11-21] (Bitdefender)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-03-20] (IObit)
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-07] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1523728 2014-03-27] (Bitdefender)
 
==================== Drivers (Whitelisted) ====================
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2013-12-02] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2013-12-02] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-02-22] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32512 2014-03-30] ()
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)
S4 rspSanity; system32\DRIVERS\rspSanity64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-01 11:14 - 2014-04-01 11:15 - 00011845 _____ () C:\Users\PC\Downloads\FRST.txt
2014-04-01 11:13 - 2014-04-01 11:14 - 00000000 ____D () C:\FRST
2014-04-01 11:12 - 2014-04-01 11:12 - 02157056 _____ (Farbar) C:\Users\PC\Downloads\FRST64.exe
2014-04-01 11:02 - 2014-04-01 11:02 - 00000000 ____D () C:\windows\ERUNT
2014-04-01 11:00 - 2014-04-01 11:00 - 01037734 _____ (Thisisu) C:\Users\PC\Downloads\JRT.exe
2014-04-01 10:17 - 2014-04-01 10:41 - 00000000 ____D () C:\Users\PC\Desktop\Encrypted
2014-03-31 17:43 - 2014-03-31 17:45 - 00002430 _____ () C:\Users\PC\Desktop\Rkill.txt
2014-03-31 17:08 - 2014-03-31 17:08 - 00000000 ____D () C:\New folder
2014-03-31 16:54 - 2014-03-31 17:34 - 00000000 ____D () C:\AdwCleaner
2014-03-31 12:52 - 2014-03-31 12:52 - 01950720 _____ () C:\Users\PC\Downloads\adwcleaner.exe
2014-03-31 12:50 - 2014-03-31 12:51 - 105522456 _____ (Microsoft Corporation) C:\Users\PC\Downloads\msert.exe
2014-03-31 12:30 - 2014-03-31 12:31 - 26437344 _____ (Microsoft Corporation) C:\Users\PC\Downloads\Windows-KB890830-x64-V5.10.exe
2014-03-31 12:11 - 2014-03-31 12:11 - 00000000 ____D () C:\Users\PC\Downloads\TCPView
2014-03-31 10:53 - 2014-03-31 10:53 - 00058016 _____ () C:\Users\PC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-31 10:38 - 2014-03-31 10:39 - 00275712 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-30 14:32 - 2014-03-30 14:32 - 00000272 _____ () C:\windows\Tasks\Uninstaller_SkipUac_Administrator.job
2014-03-30 13:02 - 2014-03-30 13:02 - 00350639 _____ () C:\Users\PC\Desktop\MGlogs.zip
2014-03-30 12:50 - 2014-03-30 13:02 - 00350639 _____ () C:\MGlogs.zip
2014-03-30 12:50 - 2014-03-30 13:02 - 00000000 ____D () C:\MGtools
2014-03-30 12:48 - 2014-03-30 12:48 - 00032512 _____ () C:\windows\system32\Drivers\hitmanpro37.sys
2014-03-30 12:46 - 2014-03-30 12:46 - 00004762 _____ () C:\windows\system32\.crusader
2014-03-30 12:34 - 2014-03-30 12:46 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-30 12:32 - 2014-03-30 12:32 - 00000000 ____D () C:\Users\PC\Downloads\tdsskiller
2014-03-30 11:59 - 2014-03-30 12:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-30 11:57 - 2014-03-30 12:30 - 00000000 ____D () C:\Users\PC\Desktop\mbar
2014-03-30 11:56 - 2014-03-30 11:56 - 12589848 _____ (Malwarebytes Corp.) C:\Users\PC\Downloads\mbar-1.07.0.1009.exe
2014-03-30 11:54 - 2014-03-30 11:54 - 00002044 _____ () C:\Users\PC\RKreport[0]_S_03302014_115438.txt
2014-03-30 11:52 - 2014-03-30 11:52 - 00001107 _____ () C:\Users\PC\RKreport[0]_H_03302014_115240.txt
2014-03-30 11:51 - 2014-03-30 11:51 - 00001974 _____ () C:\Users\PC\RKreport[0]_S_03302014_115131.txt
2014-03-30 11:49 - 2014-03-30 11:49 - 00002273 _____ () C:\Users\PC\RKreport[0]_D_03302014_114929.txt
2014-03-30 11:38 - 2014-03-30 11:38 - 00002207 _____ () C:\Users\PC\RKreport[0]_S_03302014_113816.txt
2014-03-30 11:21 - 2014-03-30 11:21 - 10971424 _____ (SurfRight B.V.) C:\Users\PC\Downloads\HitmanPro_x64.exe
2014-03-30 10:25 - 2014-03-31 16:45 - 00025380 _____ () C:\Users\PC\Downloads\Result.txt
2014-03-30 10:22 - 2014-03-30 10:22 - 00982016 _____ (Farbar) C:\Users\PC\Downloads\MiniToolBox.exe
2014-03-29 23:36 - 2014-03-29 23:36 - 00001630 _____ () C:\Users\PC\RKreport[0]_S_03292014_233642.txt
2014-03-29 23:31 - 2014-03-29 23:31 - 00000839 _____ () C:\Users\PC\RKreport[0]_H_03292014_233118.txt
2014-03-29 23:28 - 2014-03-29 23:28 - 00001670 _____ () C:\Users\PC\RKreport[0]_S_03292014_232804.txt
2014-03-29 23:22 - 2014-03-30 11:49 - 00000000 ____D () C:\Users\PC\Desktop\RK_Quarantine
2014-03-29 23:21 - 2014-03-29 23:22 - 04527616 _____ () C:\Users\PC\Downloads\RogueKillerX64 (1).exe
2014-03-29 23:14 - 2014-03-29 23:14 - 00000000 ____D () C:\ProgramData\CDB
2014-03-29 23:12 - 2014-03-31 11:03 - 00000163 _____ () C:\windows\Reimage.ini
2014-03-29 22:54 - 2014-03-29 22:54 - 00000051 _____ () C:\Users\PC\Desktop\desktop-ini-virus removal.txt
2014-03-29 02:18 - 2014-04-01 11:03 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-29 02:18 - 2014-03-29 02:18 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-03-28 00:19 - 2014-03-28 00:19 - 05574252 _____ () C:\Users\PC\Downloads\YourFuture (1).mov
2014-03-28 00:15 - 2014-03-28 00:15 - 05574252 _____ () C:\Users\PC\Downloads\YourFuture.mov
2014-03-27 00:20 - 2014-03-27 00:20 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-03-27 00:19 - 2014-03-27 00:19 - 01402880 _____ () C:\Users\PC\Downloads\HiJackThis.msi
2014-03-25 14:28 - 2014-03-30 14:04 - 00000752 _____ () C:\Users\PC\Desktop\Win32kDiag.txt
2014-03-25 13:20 - 2014-03-25 13:20 - 00000000 ____D () C:\Users\PC\Downloads\Autoruns
2014-03-25 12:13 - 2014-03-25 12:13 - 01678013 _____ () C:\Users\PC\Downloads\pc-decrapifier-2.3.1.exe
2014-03-25 12:04 - 2014-03-25 12:04 - 00386464 _____ (Bleeping Computer, LLC) C:\Users\PC\Downloads\show-hidden.exe
2014-03-25 11:01 - 2014-03-30 15:50 - 00000000 ____D () C:\Users\PC\Desktop\CCleaner Regestry Edits
2014-03-25 01:25 - 2014-03-25 01:26 - 04486144 _____ () C:\Users\PC\Downloads\RogueKillerX64.exe
2014-03-25 01:14 - 2014-03-25 01:14 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\PC\Downloads\rkill64.exe
2014-03-25 00:36 - 2014-03-25 11:33 - 00002768 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-03-25 00:36 - 2014-03-25 00:36 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-25 00:31 - 2014-03-25 00:31 - 04763560 _____ (Piriform Ltd) C:\Users\PC\Downloads\ccsetup411pro.exe
2014-03-24 23:49 - 2014-03-25 14:15 - 02155166 _____ () C:\Users\PC\Desktop\AutoRuns.arn
2014-03-24 22:51 - 2014-03-24 22:51 - 00661184 _____ (Sysinternals - www.sysinternals.com) C:\Users\PC\Downloads\autoruns.exe
2014-03-23 20:10 - 2014-03-23 20:10 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-23 20:10 - 2014-03-23 20:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-23 14:32 - 2014-03-29 17:40 - 00000000 ____D () C:\Users\PC\Desktop\CR Car
2014-03-23 13:51 - 2014-03-23 13:51 - 00869456 _____ () C:\Users\PC\Downloads\Norton_Removal_Tool.exe
2014-03-23 13:37 - 2014-03-23 13:37 - 00000000 _____ () C:\Users\PC\Downloads\ylrbfhyt.bat
2014-03-23 12:12 - 2014-03-23 12:12 - 00000000 ____D () C:\Users\PC\AppData\Roaming\ProductData
2014-03-23 11:36 - 2014-03-30 14:01 - 00000000 ____D () C:\Users\PC\Desktop\Upload
2014-03-23 11:30 - 2014-03-23 11:30 - 00688992 ____R (Swearware) C:\Users\PC\Downloads\dds.com
2014-03-23 01:45 - 2014-03-23 01:45 - 00007152 _____ () C:\Users\PC\AppData\Local\Temp22.html
2014-03-23 01:44 - 2014-03-23 01:44 - 00001293 _____ () C:\Users\PC\AppData\Local\Temp1.html
2014-03-23 01:42 - 2014-03-23 01:42 - 01331232 _____ (Resplendence Software Projects Sp. ) C:\Users\PC\Downloads\sanitySetup.exe
2014-03-23 01:28 - 2014-03-23 01:28 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\PC\Downloads\rkill.exe
2014-03-23 01:27 - 2014-03-23 01:27 - 00231390 _____ () C:\Users\PC\Downloads\RootkitRevealer.zip
2014-03-23 01:23 - 2014-03-23 01:23 - 00338300 _____ () C:\Users\PC\Documents\GMER Log 3-21-14.log
2014-03-20 15:23 - 2014-03-20 15:23 - 00380416 _____ () C:\Users\PC\Downloads\ylrbfhyt.exe
2014-03-20 15:01 - 2014-03-20 15:01 - 00032242 _____ () C:\Users\PC\Downloads\Extras.Txt
2014-03-20 14:41 - 2014-03-20 14:41 - 00602112 _____ (OldTimer Tools) C:\Users\PC\Downloads\OTL.exe
2014-03-20 14:34 - 2014-03-20 14:34 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Oracle
2014-03-20 14:29 - 2014-03-20 14:29 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-03-20 14:29 - 2014-03-20 14:29 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-03-20 14:29 - 2014-03-20 14:29 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-03-20 14:29 - 2014-03-20 14:29 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-20 14:28 - 2014-03-20 14:28 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-20 14:26 - 2014-03-20 14:26 - 00921000 _____ (Oracle Corporation) C:\Users\PC\Downloads\chromeinstall-7u51.exe
2014-03-20 14:24 - 2014-03-20 14:23 - 00312744 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-03-20 14:24 - 2014-03-20 14:23 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-03-20 14:24 - 2014-03-20 14:23 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-03-20 14:24 - 2014-03-20 14:23 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2014-03-20 14:23 - 2014-03-20 14:23 - 00000000 ____D () C:\Program Files\Java
2014-03-20 12:37 - 2014-03-20 12:37 - 00987448 _____ () C:\Users\PC\Downloads\SecurityCheck.exe
2014-03-20 03:49 - 2014-03-25 11:40 - 00002882 _____ () C:\windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-03-20 03:48 - 2014-03-28 13:30 - 00000000 ____D () C:\ProgramData\ProductData
2014-03-20 03:48 - 2014-03-23 12:12 - 00000000 ____D () C:\ProgramData\IObit
2014-03-20 03:48 - 2014-03-20 03:49 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-03-20 03:48 - 2014-03-20 03:48 - 00001219 _____ () C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-03-20 03:48 - 2014-03-20 03:48 - 00001195 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-03-20 03:48 - 2014-03-20 03:48 - 00000000 ____D () C:\Users\PC\AppData\Roaming\IObit
2014-03-20 03:47 - 2014-03-20 03:47 - 12569408 _____ (IObit) C:\Users\PC\Downloads\iobituninstaller.exe
2014-03-20 03:23 - 2014-03-20 03:23 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\PC\Desktop\mbam-setup-1.75.0.1300 (1).exe
2014-03-20 03:02 - 2014-03-20 03:02 - 00047616 _____ () C:\Users\PC\Desktop\Win32kDiag.exe
2014-03-20 00:59 - 2014-03-20 00:59 - 00027222 _____ () C:\Users\PC\Downloads\index.htm
2014-03-20 00:35 - 2014-03-20 00:35 - 00047616 _____ () C:\Users\PC\Downloads\Win32kDiag (1).exe
2014-03-19 23:46 - 2014-03-19 23:46 - 00000000 ____D () C:\Users\PC\Desktop\Quotes & Pics
2014-03-19 23:39 - 2014-03-26 17:58 - 00000000 ____D () C:\Users\PC\Desktop\AdvoCare
2014-03-17 14:19 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-17 14:19 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-17 14:19 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-17 14:14 - 2014-03-17 14:17 - 00000000 ____D () C:\Users\PC\Downloads\Bitdefender Safepay
2014-03-14 12:32 - 2014-03-28 12:46 - 00000000 ____D () C:\Users\PC\Desktop\Disney Pics
2014-03-11 20:46 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-11 20:46 - 2014-03-01 01:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-11 20:46 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-11 20:46 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-11 20:46 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-11 20:46 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-11 20:46 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-11 20:46 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-11 20:46 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-11 20:46 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-11 20:46 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-11 20:46 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-11 20:46 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-11 20:46 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-11 20:46 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-11 20:46 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-11 20:46 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-11 20:46 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-11 20:46 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-11 20:46 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-11 20:46 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-11 20:46 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-11 20:46 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-11 20:46 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-11 20:46 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-11 20:46 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-11 20:46 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-11 20:46 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-11 20:46 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-11 20:46 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-11 20:46 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-11 20:46 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-11 20:46 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-11 20:46 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-11 20:46 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-11 20:46 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-11 20:46 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-11 20:46 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-11 20:46 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-11 20:46 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-11 20:46 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-11 20:46 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-11 20:46 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-11 20:46 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-11 20:46 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-11 18:02 - 2014-03-29 22:24 - 00000407 _____ () C:\windows\system32\checkdnsid.xml
2014-03-09 01:30 - 2014-03-09 01:30 - 00000486 _____ () C:\Users\PC\Desktop\gallfood.txt
2014-03-07 00:47 - 2010-10-21 06:00 - 00302080 _____ (CANON INC.) C:\windows\system32\CNCALAL.DLL
2014-03-05 22:07 - 2014-03-30 14:03 - 00000000 ____D () C:\Users\PC\Desktop\Screen Captures
2014-03-05 11:19 - 2014-03-05 11:19 - 00000518 _____ () C:\Users\PC\Downloads\Backup-codes-christina.txt
2014-03-04 20:29 - 2014-03-19 23:47 - 00000000 ____D () C:\Users\PC\Desktop\Avon
2014-03-04 17:44 - 2014-03-04 17:44 - 00000000 ___HD () C:\ProgramData\CanonIJFAX
2014-03-04 17:44 - 2014-03-04 17:44 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool
2014-03-04 17:44 - 2010-09-13 15:44 - 00106496 _____ (CANON INC.) C:\windows\SysWOW64\CNC410U.dll
2014-03-04 17:44 - 2010-09-06 18:03 - 00315392 _____ (CANON INC.) C:\windows\SysWOW64\CNC410L.dll
2014-03-04 17:44 - 2010-05-14 11:49 - 00015104 _____ () C:\windows\SysWOW64\CNC174ED.TBL
2014-03-04 17:44 - 2008-08-25 19:02 - 00015872 _____ (CANON INC.) C:\windows\SysWOW64\CNHMCA.dll
2014-03-04 17:41 - 2014-03-04 17:41 - 00000000 ____D () C:\windows\system32\STRING
2014-03-04 17:41 - 2012-06-14 18:18 - 00366592 _____ (CANON INC.) C:\windows\SysWOW64\CNMNPPM.DLL
2014-03-04 17:41 - 2012-06-14 18:18 - 00359936 _____ (CANON INC.) C:\windows\system32\CNMN6PPM.DLL
2014-03-04 17:41 - 2012-06-14 18:18 - 00039424 _____ (CANON INC.) C:\windows\system32\CNMN6UI.DLL
2014-03-04 17:39 - 2014-03-04 17:39 - 00000000 ___HD () C:\windows\system32\CanonIJ Uninstaller Information
2014-03-04 17:38 - 2014-03-04 17:38 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-03-04 17:38 - 2012-03-14 06:00 - 00385024 _____ (CANON INC.) C:\windows\system32\CNMLMAL.DLL
2014-03-04 17:38 - 2010-09-07 11:58 - 00248320 _____ (CANON INC.) C:\windows\system32\CNMIUAL.DLL
2014-03-04 17:36 - 2014-03-04 17:36 - 18996368 _____ () C:\Users\PC\Downloads\mp68-win-mx410-1_01-ejs.exe
2014-03-04 17:30 - 2014-03-04 17:30 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-03-04 17:28 - 2014-03-04 17:28 - 15900248 _____ () C:\Users\PC\Downloads\ewpx-win-1_4_1-ea23.exe
2014-03-04 11:56 - 2014-03-04 11:56 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Tific
2014-03-04 02:37 - 2014-03-04 02:37 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-03-04 02:32 - 2014-03-04 02:32 - 17660184 _____ (Google Inc.) C:\Users\PC\Downloads\picasa39-setup.exe
2014-03-02 21:28 - 2014-03-02 21:27 - 00000717 _____ () C:\Users\PC\CRPCret.p10
2014-03-02 19:51 - 2014-03-02 19:51 - 00000000 ____D () C:\ProgramData\GNU
2014-03-02 17:31 - 2014-03-02 17:31 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Malwarebytes
2014-03-02 17:31 - 2014-03-02 17:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-02 17:30 - 2014-03-02 17:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\PC\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-02 16:38 - 2014-03-02 16:38 - 00000044 _____ () C:\Users\PC\AppData\Roaming\WB.CFG
2014-03-02 14:02 - 2014-03-02 14:02 - 00000000 ____D () C:\Users\PC\AppData\Local\bdch
2014-03-02 14:01 - 2014-03-02 14:01 - 00000000 ____D () C:\ProgramData\bdch
 
==================== One Month Modified Files and Folders =======
 
2014-04-01 11:15 - 2014-04-01 11:14 - 00011845 _____ () C:\Users\PC\Downloads\FRST.txt
2014-04-01 11:14 - 2014-04-01 11:13 - 00000000 ____D () C:\FRST
2014-04-01 11:13 - 2014-02-24 21:36 - 02062775 _____ () C:\windows\WindowsUpdate.log
2014-04-01 11:12 - 2014-04-01 11:12 - 02157056 _____ (Farbar) C:\Users\PC\Downloads\FRST64.exe
2014-04-01 11:03 - 2014-03-29 02:18 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-01 11:02 - 2014-04-01 11:02 - 00000000 ____D () C:\windows\ERUNT
2014-04-01 11:00 - 2014-04-01 11:00 - 01037734 _____ (Thisisu) C:\Users\PC\Downloads\JRT.exe
2014-04-01 11:00 - 2014-03-01 14:41 - 00000890 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-01 10:41 - 2014-04-01 10:17 - 00000000 ____D () C:\Users\PC\Desktop\Encrypted
2014-04-01 10:12 - 2009-07-14 01:13 - 00781298 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-01 02:00 - 2014-03-01 14:41 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-31 17:45 - 2014-03-31 17:43 - 00002430 _____ () C:\Users\PC\Desktop\Rkill.txt
2014-03-31 17:43 - 2009-07-14 00:45 - 00024400 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-31 17:43 - 2009-07-14 00:45 - 00024400 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-31 17:36 - 2014-03-01 14:01 - 00006031 _____ () C:\windows\setupact.log
2014-03-31 17:36 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-31 17:34 - 2014-03-31 16:54 - 00000000 ____D () C:\AdwCleaner
2014-03-31 17:08 - 2014-03-31 17:08 - 00000000 ____D () C:\New folder
2014-03-31 16:45 - 2014-03-30 10:25 - 00025380 _____ () C:\Users\PC\Downloads\Result.txt
2014-03-31 12:52 - 2014-03-31 12:52 - 01950720 _____ () C:\Users\PC\Downloads\adwcleaner.exe
2014-03-31 12:51 - 2014-03-31 12:50 - 105522456 _____ (Microsoft Corporation) C:\Users\PC\Downloads\msert.exe
2014-03-31 12:31 - 2014-03-31 12:30 - 26437344 _____ (Microsoft Corporation) C:\Users\PC\Downloads\Windows-KB890830-x64-V5.10.exe
2014-03-31 12:11 - 2014-03-31 12:11 - 00000000 ____D () C:\Users\PC\Downloads\TCPView
2014-03-31 11:03 - 2014-03-29 23:12 - 00000163 _____ () C:\windows\Reimage.ini
2014-03-31 10:53 - 2014-03-31 10:53 - 00058016 _____ () C:\Users\PC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-31 10:39 - 2014-03-31 10:38 - 00275712 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-30 15:50 - 2014-03-25 11:01 - 00000000 ____D () C:\Users\PC\Desktop\CCleaner Regestry Edits
2014-03-30 14:32 - 2014-03-30 14:32 - 00000272 _____ () C:\windows\Tasks\Uninstaller_SkipUac_Administrator.job
2014-03-30 14:04 - 2014-03-25 14:28 - 00000752 _____ () C:\Users\PC\Desktop\Win32kDiag.txt
2014-03-30 14:03 - 2014-03-05 22:07 - 00000000 ____D () C:\Users\PC\Desktop\Screen Captures
2014-03-30 14:01 - 2014-03-23 11:36 - 00000000 ____D () C:\Users\PC\Desktop\Upload
2014-03-30 14:00 - 2014-02-24 20:15 - 00000000 ____D () C:\Users\PC
2014-03-30 13:02 - 2014-03-30 13:02 - 00350639 _____ () C:\Users\PC\Desktop\MGlogs.zip
2014-03-30 13:02 - 2014-03-30 12:50 - 00350639 _____ () C:\MGlogs.zip
2014-03-30 13:02 - 2014-03-30 12:50 - 00000000 ____D () C:\MGtools
2014-03-30 12:48 - 2014-03-30 12:48 - 00032512 _____ () C:\windows\system32\Drivers\hitmanpro37.sys
2014-03-30 12:46 - 2014-03-30 12:46 - 00004762 _____ () C:\windows\system32\.crusader
2014-03-30 12:46 - 2014-03-30 12:34 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-30 12:32 - 2014-03-30 12:32 - 00000000 ____D () C:\Users\PC\Downloads\tdsskiller
2014-03-30 12:30 - 2014-03-30 11:59 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-30 12:30 - 2014-03-30 11:57 - 00000000 ____D () C:\Users\PC\Desktop\mbar
2014-03-30 11:56 - 2014-03-30 11:56 - 12589848 _____ (Malwarebytes Corp.) C:\Users\PC\Downloads\mbar-1.07.0.1009.exe
2014-03-30 11:54 - 2014-03-30 11:54 - 00002044 _____ () C:\Users\PC\RKreport[0]_S_03302014_115438.txt
2014-03-30 11:52 - 2014-03-30 11:52 - 00001107 _____ () C:\Users\PC\RKreport[0]_H_03302014_115240.txt
2014-03-30 11:51 - 2014-03-30 11:51 - 00001974 _____ () C:\Users\PC\RKreport[0]_S_03302014_115131.txt
2014-03-30 11:49 - 2014-03-30 11:49 - 00002273 _____ () C:\Users\PC\RKreport[0]_D_03302014_114929.txt
2014-03-30 11:49 - 2014-03-29 23:22 - 00000000 ____D () C:\Users\PC\Desktop\RK_Quarantine
2014-03-30 11:38 - 2014-03-30 11:38 - 00002207 _____ () C:\Users\PC\RKreport[0]_S_03302014_113816.txt
2014-03-30 11:30 - 2014-03-01 15:18 - 00021038 _____ () C:\windows\PFRO.log
2014-03-30 11:21 - 2014-03-30 11:21 - 10971424 _____ (SurfRight B.V.) C:\Users\PC\Downloads\HitmanPro_x64.exe
2014-03-30 10:22 - 2014-03-30 10:22 - 00982016 _____ (Farbar) C:\Users\PC\Downloads\MiniToolBox.exe
2014-03-29 23:36 - 2014-03-29 23:36 - 00001630 _____ () C:\Users\PC\RKreport[0]_S_03292014_233642.txt
2014-03-29 23:31 - 2014-03-29 23:31 - 00000839 _____ () C:\Users\PC\RKreport[0]_H_03292014_233118.txt
2014-03-29 23:28 - 2014-03-29 23:28 - 00001670 _____ () C:\Users\PC\RKreport[0]_S_03292014_232804.txt
2014-03-29 23:22 - 2014-03-29 23:21 - 04527616 _____ () C:\Users\PC\Downloads\RogueKillerX64 (1).exe
2014-03-29 23:14 - 2014-03-29 23:14 - 00000000 ____D () C:\ProgramData\CDB
2014-03-29 22:54 - 2014-03-29 22:54 - 00000051 _____ () C:\Users\PC\Desktop\desktop-ini-virus removal.txt
2014-03-29 22:24 - 2014-03-11 18:02 - 00000407 _____ () C:\windows\system32\checkdnsid.xml
2014-03-29 17:40 - 2014-03-23 14:32 - 00000000 ____D () C:\Users\PC\Desktop\CR Car
2014-03-29 02:18 - 2014-03-29 02:18 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-03-29 02:18 - 2014-03-01 22:34 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-29 02:18 - 2011-07-21 21:55 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-29 01:55 - 2014-03-01 14:41 - 00003886 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 01:55 - 2014-03-01 14:41 - 00003634 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-28 14:01 - 2009-07-14 01:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-03-28 13:30 - 2014-03-20 03:48 - 00000000 ____D () C:\ProgramData\ProductData
2014-03-28 12:46 - 2014-03-14 12:32 - 00000000 ____D () C:\Users\PC\Desktop\Disney Pics
2014-03-28 00:19 - 2014-03-28 00:19 - 05574252 _____ () C:\Users\PC\Downloads\YourFuture (1).mov
2014-03-28 00:15 - 2014-03-28 00:15 - 05574252 _____ () C:\Users\PC\Downloads\YourFuture.mov
2014-03-27 00:20 - 2014-03-27 00:20 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-03-27 00:19 - 2014-03-27 00:19 - 01402880 _____ () C:\Users\PC\Downloads\HiJackThis.msi
2014-03-26 17:58 - 2014-03-19 23:39 - 00000000 ____D () C:\Users\PC\Desktop\AdvoCare
2014-03-26 07:47 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-03-25 14:15 - 2014-03-24 23:49 - 02155166 _____ () C:\Users\PC\Desktop\AutoRuns.arn
2014-03-25 13:20 - 2014-03-25 13:20 - 00000000 ____D () C:\Users\PC\Downloads\Autoruns
2014-03-25 12:24 - 2011-07-21 21:56 - 00000000 ____D () C:\ProgramData\Toshiba
2014-03-25 12:24 - 2011-07-21 21:54 - 00000000 ____D () C:\Program Files (x86)\Toshiba
2014-03-25 12:13 - 2014-03-25 12:13 - 01678013 _____ () C:\Users\PC\Downloads\pc-decrapifier-2.3.1.exe
2014-03-25 12:04 - 2014-03-25 12:04 - 00386464 _____ (Bleeping Computer, LLC) C:\Users\PC\Downloads\show-hidden.exe
2014-03-25 11:40 - 2014-03-20 03:49 - 00002882 _____ () C:\windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-03-25 11:33 - 2014-03-25 00:36 - 00002768 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-03-25 11:29 - 2014-03-01 16:26 - 00000000 ____D () C:\Users\PC\AppData\Local\CrashDumps
2014-03-25 01:26 - 2014-03-25 01:25 - 04486144 _____ () C:\Users\PC\Downloads\RogueKillerX64.exe
2014-03-25 01:14 - 2014-03-25 01:14 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\PC\Downloads\rkill64.exe
2014-03-25 00:37 - 2014-02-25 00:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-25 00:36 - 2014-03-25 00:36 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-25 00:31 - 2014-03-25 00:31 - 04763560 _____ (Piriform Ltd) C:\Users\PC\Downloads\ccsetup411pro.exe
2014-03-24 23:18 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-03-24 23:18 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-03-24 22:51 - 2014-03-24 22:51 - 00661184 _____ (Sysinternals - www.sysinternals.com) C:\Users\PC\Downloads\autoruns.exe
2014-03-23 20:10 - 2014-03-23 20:10 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-23 20:10 - 2014-03-23 20:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-23 13:51 - 2014-03-23 13:51 - 00869456 _____ () C:\Users\PC\Downloads\Norton_Removal_Tool.exe
2014-03-23 13:37 - 2014-03-23 13:37 - 00000000 _____ () C:\Users\PC\Downloads\ylrbfhyt.bat
2014-03-23 12:12 - 2014-03-23 12:12 - 00000000 ____D () C:\Users\PC\AppData\Roaming\ProductData
2014-03-23 12:12 - 2014-03-20 03:48 - 00000000 ____D () C:\ProgramData\IObit
2014-03-23 11:30 - 2014-03-23 11:30 - 00688992 ____R (Swearware) C:\Users\PC\Downloads\dds.com
2014-03-23 01:45 - 2014-03-23 01:45 - 00007152 _____ () C:\Users\PC\AppData\Local\Temp22.html
2014-03-23 01:44 - 2014-03-23 01:44 - 00001293 _____ () C:\Users\PC\AppData\Local\Temp1.html
2014-03-23 01:42 - 2014-03-23 01:42 - 01331232 _____ (Resplendence Software Projects Sp. ) C:\Users\PC\Downloads\sanitySetup.exe
2014-03-23 01:28 - 2014-03-23 01:28 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\PC\Downloads\rkill.exe
2014-03-23 01:27 - 2014-03-23 01:27 - 00231390 _____ () C:\Users\PC\Downloads\RootkitRevealer.zip
2014-03-23 01:23 - 2014-03-23 01:23 - 00338300 _____ () C:\Users\PC\Documents\GMER Log 3-21-14.log
2014-03-20 15:23 - 2014-03-20 15:23 - 00380416 _____ () C:\Users\PC\Downloads\ylrbfhyt.exe
2014-03-20 15:01 - 2014-03-20 15:01 - 00032242 _____ () C:\Users\PC\Downloads\Extras.Txt
2014-03-20 14:41 - 2014-03-20 14:41 - 00602112 _____ (OldTimer Tools) C:\Users\PC\Downloads\OTL.exe
2014-03-20 14:34 - 2014-03-20 14:34 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Oracle
2014-03-20 14:30 - 2014-03-01 22:46 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-20 14:29 - 2014-03-20 14:29 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-03-20 14:29 - 2014-03-20 14:29 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-03-20 14:29 - 2014-03-20 14:29 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-03-20 14:29 - 2014-03-20 14:29 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-20 14:28 - 2014-03-20 14:28 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-20 14:26 - 2014-03-20 14:26 - 00921000 _____ (Oracle Corporation) C:\Users\PC\Downloads\chromeinstall-7u51.exe
2014-03-20 14:23 - 2014-03-20 14:24 - 00312744 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-03-20 14:23 - 2014-03-20 14:24 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-03-20 14:23 - 2014-03-20 14:24 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-03-20 14:23 - 2014-03-20 14:24 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2014-03-20 14:23 - 2014-03-20 14:23 - 00000000 ____D () C:\Program Files\Java
2014-03-20 12:37 - 2014-03-20 12:37 - 00987448 _____ () C:\Users\PC\Downloads\SecurityCheck.exe
2014-03-20 03:49 - 2014-03-20 03:48 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-03-20 03:48 - 2014-03-20 03:48 - 00001219 _____ () C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-03-20 03:48 - 2014-03-20 03:48 - 00001195 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-03-20 03:48 - 2014-03-20 03:48 - 00000000 ____D () C:\Users\PC\AppData\Roaming\IObit
2014-03-20 03:47 - 2014-03-20 03:47 - 12569408 _____ (IObit) C:\Users\PC\Downloads\iobituninstaller.exe
2014-03-20 03:23 - 2014-03-20 03:23 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\PC\Desktop\mbam-setup-1.75.0.1300 (1).exe
2014-03-20 03:02 - 2014-03-20 03:02 - 00047616 _____ () C:\Users\PC\Desktop\Win32kDiag.exe
2014-03-20 00:59 - 2014-03-20 00:59 - 00027222 _____ () C:\Users\PC\Downloads\index.htm
2014-03-20 00:35 - 2014-03-20 00:35 - 00047616 _____ () C:\Users\PC\Downloads\Win32kDiag (1).exe
2014-03-19 23:47 - 2014-03-04 20:29 - 00000000 ____D () C:\Users\PC\Desktop\Avon
2014-03-19 23:46 - 2014-03-19 23:46 - 00000000 ____D () C:\Users\PC\Desktop\Quotes & Pics
2014-03-17 14:27 - 2014-03-01 04:11 - 00000000 ____D () C:\windows\system32\MRT
2014-03-17 14:17 - 2014-03-17 14:14 - 00000000 ____D () C:\Users\PC\Downloads\Bitdefender Safepay
2014-03-09 01:30 - 2014-03-09 01:30 - 00000486 _____ () C:\Users\PC\Desktop\gallfood.txt
2014-03-05 13:51 - 2011-07-21 21:55 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-05 11:19 - 2014-03-05 11:19 - 00000518 _____ () C:\Users\PC\Downloads\Backup-codes-christina.txt
2014-03-04 17:44 - 2014-03-04 17:44 - 00000000 ___HD () C:\ProgramData\CanonIJFAX
2014-03-04 17:44 - 2014-03-04 17:44 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool
2014-03-04 17:44 - 2014-03-01 15:15 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-03-04 17:44 - 2009-07-13 23:20 - 00000000 __RSD () C:\windows\Media
2014-03-04 17:41 - 2014-03-04 17:41 - 00000000 ____D () C:\windows\system32\STRING
2014-03-04 17:39 - 2014-03-04 17:39 - 00000000 ___HD () C:\windows\system32\CanonIJ Uninstaller Information
2014-03-04 17:38 - 2014-03-04 17:38 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-03-04 17:36 - 2014-03-04 17:36 - 18996368 _____ () C:\Users\PC\Downloads\mp68-win-mx410-1_01-ejs.exe
2014-03-04 17:30 - 2014-03-04 17:30 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-03-04 17:29 - 2014-03-01 15:15 - 00002062 _____ () C:\Users\Public\Desktop\Canon MP Navigator EX 4.1.lnk
2014-03-04 17:28 - 2014-03-04 17:28 - 15900248 _____ () C:\Users\PC\Downloads\ewpx-win-1_4_1-ea23.exe
2014-03-04 11:56 - 2014-03-04 11:56 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Tific
2014-03-04 02:37 - 2014-03-04 02:37 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-03-04 02:37 - 2014-02-24 20:22 - 00000000 ____D () C:\Users\PC\AppData\Local\Google
2014-03-04 02:36 - 2014-02-24 22:53 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-04 02:32 - 2014-03-04 02:32 - 17660184 _____ (Google Inc.) C:\Users\PC\Downloads\picasa39-setup.exe
2014-03-02 21:40 - 2014-02-24 20:17 - 00000000 ____D () C:\Users\PC\AppData\Local\VirtualStore
2014-03-02 21:27 - 2014-03-02 21:28 - 00000717 _____ () C:\Users\PC\CRPCret.p10
2014-03-02 20:09 - 2014-03-01 23:01 - 00000000 ____D () C:\Users\PC\AppData\Local\Adobe
2014-03-02 20:09 - 2014-03-01 10:23 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Adobe
2014-03-02 19:51 - 2014-03-02 19:51 - 00000000 ____D () C:\ProgramData\GNU
2014-03-02 17:31 - 2014-03-02 17:31 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Malwarebytes
2014-03-02 17:31 - 2014-03-02 17:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-02 17:30 - 2014-03-02 17:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\PC\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-02 16:38 - 2014-03-02 16:38 - 00000044 _____ () C:\Users\PC\AppData\Roaming\WB.CFG
2014-03-02 14:05 - 2014-03-01 04:11 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-02 14:02 - 2014-03-02 14:02 - 00000000 ____D () C:\Users\PC\AppData\Local\bdch
2014-03-02 14:01 - 2014-03-02 14:01 - 00000000 ____D () C:\ProgramData\bdch
 
Some content of TEMP:
====================
C:\Users\PC\AppData\Local\Temp\ntdll_dump.dll
C:\Users\PC\AppData\Local\Temp\promote-upx.exe
C:\Users\PC\AppData\Local\Temp\Quarantine.exe
C:\Users\PC\AppData\Local\Temp\ReimagePackage.exe
C:\Users\PC\AppData\Local\Temp\sqlite3.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-26 07:39
 
==================== End Of Log ============================
 
 
ADDITION:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by PC at 2014-04-01 11:17:23
Running from C:\Users\PC\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}
 
==================== Installed Programs ======================
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD Media Foundation Decoders (Version: 1.0.60607.2201 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0607.2212.38019 - ATI) Hidden
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{4ACA5AE7-E68C-5A48-F8E6-D67946267506}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 17.26.0.1106 - Bitdefender)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP Navigator EX 4.1 (HKLM-x32\...\MP Navigator EX 4.1) (Version:  - )
Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version:  - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0607.2212.38019 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0607.2212.38019 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0607.2212.38019 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help English (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help French (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help German (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
ccc-utility64 (Version: 2011.0607.2212.38019 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.0 - Conexant)
ETDWare PS/2-X64 8.0.8.0_R01 (HKLM\...\Elantech) (Version: 8.0.8.0 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.9.10 - IObit)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.87 - Panda Security)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.12 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.3 - TOSHIBA Corporation) Hidden
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.6 - TOSHIBA)
 
==================== Restore Points  =========================
 
25-03-2014 03:01:19 Windows Modules Installer
25-03-2014 03:07:08 Windows Update
25-03-2014 16:20:51 PC Decrapifier Restore Point
27-03-2014 04:19:44 Installed HiJackThis
31-03-2014 15:05:43 IObit Uninstaller restore point
31-03-2014 15:14:28 IObit Uninstaller restore point
31-03-2014 15:15:04 Removed HiJackThis
31-03-2014 15:17:57 IObit Uninstaller restore point
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2014-03-30 11:52 - 00000741 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {81FDE83E-2D2A-48DE-BDF9-AEA4A6FAE32B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-01] (Google Inc.)
Task: {951A7A25-58C4-4417-9E4D-818A15FAA995} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-01] (Google Inc.)
Task: {9BA24298-96DE-4FF3-9CF4-BAD4384AC550} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-29] (Adobe Systems Incorporated)
Task: {B2422FEB-67A2-46D9-9C7D-85A865D4B2A5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {FBA0F54D-4BD7-4A9A-B386-B0690A2E2B3C} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-03-20] (IObit)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-01 17:36 - 2013-06-19 12:45 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2014-03-01 17:36 - 2014-02-24 15:34 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2014-03-01 17:36 - 2011-11-14 20:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
2014-03-01 17:36 - 2014-02-24 15:34 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui
2014-03-25 06:09 - 2014-03-25 06:09 - 00771328 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00038_004\ashttpbr.mdl
2014-03-25 06:09 - 2014-03-25 06:09 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00038_004\ashttpdsp.mdl
2014-03-25 06:09 - 2014-03-25 06:09 - 02593416 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00038_004\ashttpph.mdl
2014-03-25 06:09 - 2014-03-25 06:09 - 01317216 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00038_004\ashttprbl.mdl
2014-03-01 17:36 - 2013-03-25 16:16 - 01117920 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll
2010-11-18 21:18 - 2010-11-18 21:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2011-06-10 00:09 - 2011-06-10 00:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-03-01 17:36 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender\bdmetrics.dll
2014-03-01 17:36 - 2014-03-27 07:08 - 00468496 _____ () C:\Program Files\Bitdefender\Bitdefender\bdidntconp.dll
2014-03-27 07:08 - 2014-03-27 07:08 - 00202240 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\bdidntconp.ui
2014-03-01 17:36 - 2014-03-27 07:07 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll
2014-03-16 20:44 - 2014-03-14 20:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-16 20:44 - 2014-03-14 20:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-16 20:44 - 2014-03-14 20:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-16 20:44 - 2014-03-14 20:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-16 20:44 - 2014-03-14 20:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-16 20:44 - 2014-03-14 20:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:905844AA
AlternateDataStreams: C:\Users\PC\Desktop\mbam-setup-1.75.0.1300 (1).exe:BDU
AlternateDataStreams: C:\Users\PC\Desktop\Win32kDiag.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\adwcleaner.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\autoruns.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\ccsetup411pro.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\chromeinstall-7u51.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\dds.com:BDU
AlternateDataStreams: C:\Users\PC\Downloads\ewpx-win-1_4_1-ea23.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\iobituninstaller.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\JRT.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\mp68-win-mx410-1_01-ejs.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\msert.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\Norton_Removal_Tool.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\OTL.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\pc-decrapifier-2.3.1.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\picasa39-setup.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\rkill.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\RogueKillerX64.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\sanitySetup.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\SecurityCheck.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\show-hidden.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\Win32kDiag (1).exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\Windows-KB890830-x64-V5.10.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\ylrbfhyt.exe:BDU
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/31/2014 05:37:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/31/2014 05:28:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/31/2014 10:42:04 AM) (Source: Windows Search Service) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-96528564-3643669245-997664657-1000}/">.
 
Error: (03/31/2014 10:41:20 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/31/2014 10:41:20 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/31/2014 10:41:20 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/31/2014 10:41:20 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/31/2014 10:41:20 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (03/31/2014 10:41:17 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/31/2014 10:41:17 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)
 
 
System errors:
=============
Error: (04/01/2014 10:50:46 AM) (Source: Ntfs) (User: )
Description: The default transaction resource manager on volume \Device\BdVeVolume2 encountered a non-retryable error and could not start.  The data contains the error code.
 
Error: (03/31/2014 05:36:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (03/31/2014 05:35:00 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (03/31/2014 05:27:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (03/31/2014 05:25:32 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (03/31/2014 10:41:20 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/31/2014 10:41:20 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
 
Error: (03/31/2014 10:40:21 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (03/30/2014 01:53:46 PM) (Source: DCOM) (User: )
Description: 1068stisvc{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (03/30/2014 01:52:32 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (03/31/2014 05:37:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/31/2014 05:28:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/31/2014 10:42:04 AM) (Source: Windows Search Service)(User: )
Description: 300x80040d07iehistory://{S-1-5-21-96528564-3643669245-997664657-1000}/
 
Error: (03/31/2014 10:41:20 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
 
Error: (03/31/2014 10:41:20 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/31/2014 10:41:20 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/31/2014 10:41:20 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/31/2014 10:41:20 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
 
Error: (03/31/2014 10:41:17 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
 
Error: (03/31/2014 10:41:17 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 56%
Total physical RAM: 3686.87 MB
Available physical RAM: 1605.43 MB
Total Pagefile: 7371.91 MB
Available Pagefile: 5355.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
DriveAdditional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by PC at 2014-04-01 11:17:23
Running from C:\Users\PC\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}
 
==================== Installed Programs ======================
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD Media Foundation Decoders (Version: 1.0.60607.2201 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0607.2212.38019 - ATI) Hidden
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{4ACA5AE7-E68C-5A48-F8E6-D67946267506}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 17.26.0.1106 - Bitdefender)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP Navigator EX 4.1 (HKLM-x32\...\MP Navigator EX 4.1) (Version:  - )
Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version:  - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0607.2212.38019 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0607.2212.38019 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0607.2212.38019 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help English (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help French (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help German (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
ccc-utility64 (Version: 2011.0607.2212.38019 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.0 - Conexant)
ETDWare PS/2-X64 8.0.8.0_R01 (HKLM\...\Elantech) (Version: 8.0.8.0 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.9.10 - IObit)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.87 - Panda Security)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.12 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.3 - TOSHIBA Corporation) Hidden
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.6 - TOSHIBA)
 
==================== Restore Points  =========================
 
25-03-2014 03:01:19 Windows Modules Installer
25-03-2014 03:07:08 Windows Update
25-03-2014 16:20:51 PC Decrapifier Restore Point
27-03-2014 04:19:44 Installed HiJackThis
31-03-2014 15:05:43 IObit Uninstaller restore point
31-03-2014 15:14:28 IObit Uninstaller restore point
31-03-2014 15:15:04 Removed HiJackThis
31-03-2014 15:17:57 IObit Uninstaller restore point
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2014-03-30 11:52 - 00000741 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {81FDE83E-2D2A-48DE-BDF9-AEA4A6FAE32B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-01] (Google Inc.)
Task: {951A7A25-58C4-4417-9E4D-818A15FAA995} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-01] (Google Inc.)
Task: {9BA24298-96DE-4FF3-9CF4-BAD4384AC550} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-29] (Adobe Systems Incorporated)
Task: {B2422FEB-67A2-46D9-9C7D-85A865D4B2A5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {FBA0F54D-4BD7-4A9A-B386-B0690A2E2B3C} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-03-20] (IObit)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-01 17:36 - 2013-06-19 12:45 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2014-03-01 17:36 - 2014-02-24 15:34 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2014-03-01 17:36 - 2011-11-14 20:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
2014-03-01 17:36 - 2014-02-24 15:34 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui
2014-03-25 06:09 - 2014-03-25 06:09 - 00771328 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00038_004\ashttpbr.mdl
2014-03-25 06:09 - 2014-03-25 06:09 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00038_004\ashttpdsp.mdl
2014-03-25 06:09 - 2014-03-25 06:09 - 02593416 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00038_004\ashttpph.mdl
2014-03-25 06:09 - 2014-03-25 06:09 - 01317216 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00038_004\ashttprbl.mdl
2014-03-01 17:36 - 2013-03-25 16:16 - 01117920 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll
2010-11-18 21:18 - 2010-11-18 21:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2011-06-10 00:09 - 2011-06-10 00:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-03-01 17:36 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender\bdmetrics.dll
2014-03-01 17:36 - 2014-03-27 07:08 - 00468496 _____ () C:\Program Files\Bitdefender\Bitdefender\bdidntconp.dll
2014-03-27 07:08 - 2014-03-27 07:08 - 00202240 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\bdidntconp.ui
2014-03-01 17:36 - 2014-03-27 07:07 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll
2014-03-16 20:44 - 2014-03-14 20:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-16 20:44 - 2014-03-14 20:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-16 20:44 - 2014-03-14 20:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-16 20:44 - 2014-03-14 20:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-16 20:44 - 2014-03-14 20:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-16 20:44 - 2014-03-14 20:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:905844AA
AlternateDataStreams: C:\Users\PC\Desktop\mbam-setup-1.75.0.1300 (1).exe:BDU
AlternateDataStreams: C:\Users\PC\Desktop\Win32kDiag.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\adwcleaner.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\autoruns.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\ccsetup411pro.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\chromeinstall-7u51.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\dds.com:BDU
AlternateDataStreams: C:\Users\PC\Downloads\ewpx-win-1_4_1-ea23.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\iobituninstaller.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\JRT.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\mp68-win-mx410-1_01-ejs.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\msert.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\Norton_Removal_Tool.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\OTL.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\pc-decrapifier-2.3.1.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\picasa39-setup.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\rkill.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\RogueKillerX64.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\sanitySetup.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\SecurityCheck.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\show-hidden.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\Win32kDiag (1).exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\Windows-KB890830-x64-V5.10.exe:BDU
AlternateDataStreams: C:\Users\PC\Downloads\ylrbfhyt.exe:BDU
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/31/2014 05:37:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/31/2014 05:28:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/31/2014 10:42:04 AM) (Source: Windows Search Service) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-96528564-3643669245-997664657-1000}/">.
 
Error: (03/31/2014 10:41:20 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/31/2014 10:41:20 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/31/2014 10:41:20 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/31/2014 10:41:20 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/31/2014 10:41:20 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (03/31/2014 10:41:17 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/31/2014 10:41:17 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)
 
 
System errors:
=============
Error: (04/01/2014 10:50:46 AM) (Source: Ntfs) (User: )
Description: The default transaction resource manager on volume \Device\BdVeVolume2 encountered a non-retryable error and could not start.  The data contains the error code.
 
Error: (03/31/2014 05:36:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (03/31/2014 05:35:00 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (03/31/2014 05:27:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (03/31/2014 05:25:32 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (03/31/2014 10:41:20 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/31/2014 10:41:20 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
 
Error: (03/31/2014 10:40:21 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (03/30/2014 01:53:46 PM) (Source: DCOM) (User: )
Description: 1068stisvc{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (03/30/2014 01:52:32 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (03/31/2014 05:37:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/31/2014 05:28:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/31/2014 10:42:04 AM) (Source: Windows Search Service)(User: )
Description: 300x80040d07iehistory://{S-1-5-21-96528564-3643669245-997664657-1000}/
 
Error: (03/31/2014 10:41:20 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
 
Error: (03/31/2014 10:41:20 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/31/2014 10:41:20 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/31/2014 10:41:20 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/31/2014 10:41:20 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
 
Error: (03/31/2014 10:41:17 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
 
Error: (03/31/2014 10:41:17 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 56%
Total physical RAM: 3686.87 MB
Available physical RAM: 1605.43 MB
Total Pagefile: 7371.91 MB
Available Pagefile: 5355.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (TI106232W0C) (Fixed) (Total:284.4 GB) (Free:239.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 14E14ED3)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=284 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=17)
 
==================== End Of Log ============================c: (TI106232W0C) (Fixed) (Total:284.4 GB) (Free:239.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 14E14ED3)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=284 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=17)
 
==================== End Of Log ============================


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:46 PM

Posted 01 April 2014 - 11:09 AM

Greetings,

Have you reset your modem during this process?

Please do these things.

===================================================

Virustotal Online Virus Scanner

--------------------
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file (if multiple files then one at a time), double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

C:\Users\PC\Downloads\ylrbfhyt.bat

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
virustotal.jpg

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\Users\PC\AppData\Local\Temp\ntdll_dump.dll
C:\Users\PC\AppData\Local\Temp\promote-upx.exe
C:\Users\PC\AppData\Local\Temp\Quarantine.exe
C:\Users\PC\AppData\Local\Temp\ReimagePackage.exe
C:\Users\PC\AppData\Local\Temp\sqlite3.exe
AlternateDataStreams: C:\ProgramData\TEMP:905844AA
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Virustotal link
  • Fixlog
  • Modem reset?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 sickofhackers

sickofhackers
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 01 April 2014 - 11:38 AM

These problems began (hacking) in May 2013 or at least I noticed them then.  The hacker actually locked the Internet Service Provider out of their own router/modem, which wouldn't be hard...as they leave backdoors the size of Kansas in their routers/modems!  Oh yeah...I did file an FBI report as this continued until I moved in August 30th, 2013.  However, problems continued...passwords would change on the user accounts and for the admin. Keyboards changed, etc.   I believe I am still locked out of a few things at the moment, but not for sure. I am not in the same state, nor with the same ISP.  THANK THE LORD!   

 

I HAVE rebooted the current router/modem.

I HAVE uploaded the requested file to VirusTotal.  

I got this error message:

This file was last analysed by VirusTotal on 2014-04-01 16:14:11 UTC, it was first analysed by VirusTotal on 2006-09-18 07:26:15 UTC.

Detection ratio: 0/51gust 

You can take a look at the last analysis or analyse it again now.

 Warning! You submitted an empty file (0 bytes size), please make sure no software on your computer is preventing the upload (e.g. antivirus quarantine).

 

https://www.virustotal.com/en/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1396368963/

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by PC at 2014-04-01 12:37:03 Run:1
Running from C:\Users\PC\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\Users\PC\AppData\Local\Temp\ntdll_dump.dll
C:\Users\PC\AppData\Local\Temp\promote-upx.exe
C:\Users\PC\AppData\Local\Temp\Quarantine.exe
C:\Users\PC\AppData\Local\Temp\ReimagePackage.exe
C:\Users\PC\AppData\Local\Temp\sqlite3.exe
AlternateDataStreams: C:\ProgramData\TEMP:905844AA
*****************
 
C:\Users\PC\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\PC\AppData\Local\Temp\promote-upx.exe => Moved successfully.
C:\Users\PC\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\PC\AppData\Local\Temp\ReimagePackage.exe => Moved successfully.
C:\Users\PC\AppData\Local\Temp\sqlite3.exe => Moved successfully.
C:\ProgramData\TEMP => ":905844AA" ADS removed successfully.
 
==== End of Fixlog ====


#10 sickofhackers

sickofhackers
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 01 April 2014 - 11:45 AM

BTW- My AntiVirus was turned off during the scan and upload.



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:46 PM

Posted 01 April 2014 - 12:13 PM

Thanks,

 

If you right click on ylrbfhyt.bat and select Properties does it show 0 for Size and Size on disk?

 

I am a little uncertain regarding what you are experiencing at the present time.  I understand the history but what is going on right now?

 


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 sickofhackers

sickofhackers
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 01 April 2014 - 01:14 PM

Yes, it says 0 bytes.

 

See screenshots...I am locked out of things like My Music, Public Folders, etc. --Access denied. That is just the things I can see...what are the real things that matter that I am locked out of?  I am afraid that there is a hidden user account...is that possible? 

 

I have seen in a process explorer multiple lsass.exe processes running. I have seen mutiple desktop.ini files in one folder. I don't know, but thought if preferences were updated, the file would just be replace. 

 

I deleted all common software...like iTunes for example, as I was afraid that the know open port was being used to access my computer.   Maybe the damage is just done to my computer, but things still creep up on occasion, like my computer keyboard will switch to an international version, or the browser closing itself when I literally go to BleepingComputer. NO JOKE. 

 

I will opening admit that I do not fully understand iPv6 and Tunnel adapters, but I am a single user, with a single logon account (yep. the ADMIN account).  I have residential ISP, and log on only to such.  I do not connect with other computers through my computer and never have.  I am not part of a "network."  So, to concluded things that should be associated with networking and remote access (so I read), keep persistently appear on my computer.   I have through Task Manager/Startup made sure that these things are to never start, yet they are back.  I only download things from places that I know are VERY safe. 

 

The computer is a TON better, after the 6 or 7 full factory restores (no software or files saved).  However, things just still aren't "right."

 

Attached Files



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:46 PM

Posted 01 April 2014 - 02:32 PM

Thanks for the information.

Multiple .ini files are common.

There are certain things in Task Manager that if you end the process the computer will automatically relaunch it.  Can you give me a couple of specific examples?

Please run this for me.

===================================================

GrantPerms by Farbar

--------------------
  • Download Grantperms (32 bit systems) or Grantperms64 (64 bit systems) and save it to your desktop
  • Unzip the file and launch the program
  • Copy and paste the following in the edit box:

C:\users

  • Click Unlock. When it is done click OK
  • Click List Permissions and copy/paste the results of the Perms.txt document.
  • A copy of Perms.txt will be saved in the same directory the tool is run.
  • Check you access to music files
===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:dir
C:\users /s
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply or, if necessary zip and attach the file.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Grantperms log
  • Systemlook log
  • Do you have access to your music?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 sickofhackers

sickofhackers
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 01 April 2014 - 04:09 PM

GrantPerms by Farbar 
Ran by PC (administrator) at 2014-04-01 16:08:33
 
===============================================
\\?\C:\users
 
   Owner: BUILTIN\Administrators
 
   DACL(P)(AI):
   BUILTIN\Administrators   FULL   ALLOW   (CI)(OI)
   NT AUTHORITY\SYSTEM   FULL   ALLOW   (CI)(OI)
   BUILTIN\Users   READ/EXECUTE   ALLOW   (CI)(OI)
 
 
 
================ End Of List ================
 
 Hold please as I try to figure out home to upload systemLook.txt.   The file is too large.
 
 
ACCESS DENIED still for Music, Pictures, Videos, etc.
 
 
Okay, in the next log...I noticed this...the program was deleted, yet this still appears. C:\users\All Users\GNU 
 
I have NEVER had McAfee on this computer.  Not in any shape form or fashion.   C:\users\All Users\McAfee
 
All "games" have been deleted from this computer as bloatware.  C:\users\All Users\Microsoft\Windows\GameExplorer\   What is this?  
 
I guess I need to just start listing things that look strange to me.  You are the expert.  Please keep in mind this is a pretty minimal computer, with most bloatware removed (everything I was comfortable removing).
 
C:\users\All Users\Microsoft\Windows\Ringtones  (I have no ringtones)
C:\users\All Users\Microsoft\Windows\Start Menu\Programs\Games  (Again, I had uninstalled all games...here are more)
C:\users\All Users\Microsoft\Windows\Start Menu\Programs\NetZero   (Remnants of removed bloatware?)
C:\users\All Users\Mozilla                    (Remnants of removed Mozilla products removed)
C:\users\All Users\Norton                    (Remnants of removed bloatware?)
C:\users\All Users\WildTangent   (Remnants of removed bloatware?)
 
 
Okay, I give...here is the log.  There is so much showing here that there should be no trace of.   It is attached, as Chrome is crashing every time I post this. 


#15 sickofhackers

sickofhackers
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 01 April 2014 - 04:16 PM

PART ONE:

 

SystemLook 30.07.11 by jpshortstuff

Log created at 16:13 on 01/04/2014 by PC

Administrator - Elevation successful

 

========== dir ==========

 

C:\users - Parameters: "/s"

 

---Files---

desktop.ini --ahs-- 174 bytes [04:54 14/07/2009] [04:54 14/07/2009]

C:\users\All Users d--hs-- [05:08 14/07/2009]

1393709292.2748.bin --a---- 1451 bytes [21:31 01/03/2014] [21:31 01/03/2014]

1393709292.3760.bin --a---- 17879 bytes [21:28 01/03/2014] [21:28 01/03/2014]

1393709292.4248.bin --a---- 60622 bytes [21:28 01/03/2014] [21:40 01/03/2014]

1393709292.4312.bin --a---- 1017489 bytes [21:28 01/03/2014] [21:34 01/03/2014]

1393709292.4444.bin --a---- 138727 bytes [21:28 01/03/2014] [21:40 01/03/2014]

1393709292.4572.bin --a---- 1090 bytes [21:28 01/03/2014] [21:29 01/03/2014]

1393709292.4676.bin --a---- 10651 bytes [21:28 01/03/2014] [21:28 01/03/2014]

1393709292.4764.bin --a---- 125847 bytes [21:28 01/03/2014] [21:39 01/03/2014]

1393709292.4920.bin --a---- 1090 bytes [21:28 01/03/2014] [21:29 01/03/2014]

1393709292.4952.bin --a---- 2247 bytes [21:34 01/03/2014] [21:34 01/03/2014]

1393709292.5056.bin --a---- 3735 bytes [21:28 01/03/2014] [21:28 01/03/2014]

1393709292.576.bin --a---- 236524 bytes [21:28 01/03/2014] [21:39 01/03/2014]

C:\users\All Users\Adobe d------ [01:55 22/07/2011]

C:\users\All Users\Adobe\Acrobat d------ [03:05 02/03/2014]

C:\users\All Users\Adobe\Acrobat\11.0 d------ [03:05 02/03/2014]

C:\users\All Users\Adobe\Acrobat\11.0\Replicate d------ [03:05 02/03/2014]

C:\users\All Users\Adobe\Acrobat\11.0\Replicate\Security d------ [03:05 02/03/2014]

directories.acrodata --a---- 479 bytes [01:43 24/09/2012] [01:43 24/09/2012]

 

C:\users\All Users\Adobe\AIR d------ [01:55 22/07/2011]

 

C:\users\All Users\Adobe\AIR\Updater d------ [01:55 22/07/2011]

 

C:\users\All Users\Adobe\ARM d------ [17:51 05/03/2014]

 

C:\users\All Users\Adobe\ARM\Reader_11.0.06 d------ [17:51 05/03/2014]

 

C:\users\All Users\Adobe\Setup d------ [03:02 02/03/2014]

 

C:\users\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AB0000000001} d------ [03:02 02/03/2014]

ABCPY.INI --a---- 625 bytes [03:43 24/09/2012] [03:43 24/09/2012]

AcroRead.msi --a---- 2385920 bytes [03:47 24/09/2012] [03:47 24/09/2012]

AdbeRdrUpd11006.msp --a---- 19824640 bytes [07:58 21/12/2013] [07:58 21/12/2013]

Data1.cab --a---- 129304692 bytes [03:47 24/09/2012] [03:47 24/09/2012]

setup.exe --a---- 364976 bytes [07:58 21/12/2013] [07:58 21/12/2013]

Setup.ini --a---- 207 bytes [07:58 21/12/2013] [07:58 21/12/2013]

 

C:\users\All Users\Application Data d--hs-- [05:08 14/07/2009]

 

C:\users\All Users\ATI d------ [01:47 25/02/2014]

 

C:\users\All Users\ATI\ACE d------ [01:47 25/02/2014]

Profiles.xml --a---- 186 bytes [01:48 25/02/2014] [03:10 25/02/2014]

C:\users\All Users\bdch d------ [18:01 02/03/2014]

bdch_stats.xml --a---- 83 bytes [18:01 02/03/2014] [18:02 02/03/2014]

 

C:\users\All Users\BDLogging d------ [21:37 01/03/2014]

 

C:\users\All Users\BDLogging\safeboxservice d------ [21:55 01/03/2014]

safeboxservice2080.log --a---- 1453910 bytes [17:29 28/03/2014] [02:57 30/03/2014]

safeboxservice2124.log --a---- 70116 bytes [21:27 31/03/2014] [21:35 31/03/2014]

safeboxservice2168.log --a---- 1932210 bytes [21:36 31/03/2014] [16:40 01/04/2014]

safeboxservice3012.log --a---- 1422576 bytes [14:40 31/03/2014] [21:25 31/03/2014]

 

C:\users\All Users\BDLogging\updatesrv d------ [21:37 01/03/2014]

 

C:\users\All Users\Bitdefender d------ [21:28 01/03/2014]

 

C:\users\All Users\Bitdefender\Avc d------ [21:39 01/03/2014]

 

C:\users\All Users\Bitdefender\Avc\Feedback d------ [21:39 01/03/2014]

0000000016390767_8560_005552_AVCCORE.DLL.info --a---- 1995 bytes [21:39 01/03/2014] [21:39 01/03/2014]

C:\users\All Users\Bitdefender\Desktop d------ [21:34 01/03/2014]

backup20140301173642.reg --a---- 133284 bytes [22:36 01/03/2014] [22:36 01/03/2014]

backup20140302155545.reg --a---- 231204 bytes [20:55 02/03/2014] [20:55 02/03/2014]

backup20140325112124.reg --a---- 15318 bytes [15:21 25/03/2014] [15:21 25/03/2014]

safegoresp.xml --a---- 0 bytes [23:44 01/03/2014] [20:10 01/04/2014]

users.xml --a---- 325 bytes [21:50 01/03/2014] [20:10 01/04/2014]

vuscan.xml --a---- 310 bytes [21:49 01/03/2014] [21:44 31/03/2014]

winupdates.xml --a---- 278385 bytes [21:49 01/03/2014] [21:44 31/03/2014]

 

C:\users\All Users\Bitdefender\Desktop\Events d------ [21:39 01/03/2014]

events.db --a---- 302080 bytes [21:39 01/03/2014] [20:13 01/04/2014]

C:\users\All Users\Bitdefender\Desktop\OBK d------ [21:34 01/03/2014]

C:\users\All Users\Bitdefender\Desktop\OBK\PC d------ [21:47 01/03/2014]

settings.xml --a---- 470 bytes [21:48 01/03/2014] [06:29 01/04/2014]

 

C:\users\All Users\Bitdefender\Desktop\OBK\PC\.cache d------ [21:48 01/03/2014]

Cookies --a---- 11264 bytes [21:51 01/03/2014] [06:30 01/04/2014]

Cookies-journal --a---- 9800 bytes [21:51 01/03/2014] [06:30 01/04/2014]

data_0 --a---- 45056 bytes [21:51 01/03/2014] [06:32 01/04/2014]

data_1 --a---- 532480 bytes [21:51 01/03/2014] [06:32 01/04/2014]

data_2 --a---- 2105344 bytes [21:51 01/03/2014] [06:29 01/04/2014]

data_3 --a---- 4202496 bytes [21:51 01/03/2014] [06:32 01/04/2014]

f_000001 --a---- 20453 bytes [21:51 01/03/2014] [21:51 01/03/2014]

f_000003 --a---- 36978 bytes [21:51 01/03/2014] [21:51 01/03/2014]

f_000004 --a---- 71605 bytes [21:51 01/03/2014] [21:51 01/03/2014]

f_000005 --a---- 107241 bytes [21:51 01/03/2014] [21:51 01/03/2014]

f_000007 --a---- 22938 bytes [21:51 01/03/2014] [21:51 01/03/2014]

f_000008 --a---- 30387 bytes [21:51 01/03/2014] [21:51 01/03/2014]

f_000009 --a---- 86414 bytes [21:51 01/03/2014] [21:51 01/03/2014]

f_00000a --a---- 40007 bytes [21:51 01/03/2014] [21:51 01/03/2014]

f_00000b --a---- 33450 bytes [17:56 02/03/2014] [17:56 02/03/2014]

f_00000c --a---- 93868 bytes [17:56 02/03/2014] [17:56 02/03/2014]

f_00000d --a---- 31108 bytes [17:56 02/03/2014] [17:56 02/03/2014]

f_00000f --a---- 35018 bytes [17:56 02/03/2014] [17:56 02/03/2014]

f_000010 --a---- 46862 bytes [17:56 02/03/2014] [17:56 02/03/2014]

f_000011 --a---- 81602 bytes [17:56 02/03/2014] [17:56 02/03/2014]

f_000012 --a---- 28519 bytes [17:56 02/03/2014] [17:56 02/03/2014]

f_000013 --a---- 28347 bytes [17:56 02/03/2014] [17:56 02/03/2014]

f_000014 --a---- 58780 bytes [17:56 02/03/2014] [17:56 02/03/2014]

f_000015 --a---- 57653 bytes [17:56 02/03/2014] [17:56 02/03/2014]

f_000016 --a---- 61520 bytes [17:56 02/03/2014] [17:56 02/03/2014]

f_000019 --a---- 20794 bytes [17:57 02/03/2014] [17:57 02/03/2014]

f_00001d --a---- 21547 bytes [17:57 02/03/2014] [17:57 02/03/2014]

f_00001e --a---- 54526 bytes [17:57 02/03/2014] [17:57 02/03/2014]

f_00001f --a---- 576896 bytes [17:57 02/03/2014] [17:57 02/03/2014]

f_000020 --a---- 120733 bytes [17:57 02/03/2014] [17:57 02/03/2014]

f_000021 --a---- 558184 bytes [17:57 02/03/2014] [17:57 02/03/2014]

f_000027 --a---- 61474 bytes [17:59 02/03/2014] [17:59 02/03/2014]

f_000029 --a---- 21615 bytes [17:59 02/03/2014] [17:59 02/03/2014]

f_00002a --a---- 32226 bytes [17:59 02/03/2014] [17:59 02/03/2014]

f_00002b --a---- 168877 bytes [17:59 02/03/2014] [17:59 02/03/2014]

f_00002c --a---- 99504 bytes [17:59 02/03/2014] [17:59 02/03/2014]

f_00002d --a---- 137672 bytes [18:00 02/03/2014] [18:00 02/03/2014]

f_00002e --a---- 16497 bytes [18:00 02/03/2014] [18:00 02/03/2014]

f_00002f --a---- 29369 bytes [18:00 02/03/2014] [18:00 02/03/2014]

f_000030 --a---- 16805 bytes [18:00 02/03/2014] [18:00 02/03/2014]

f_000031 --a---- 34459 bytes [18:00 02/03/2014] [18:00 02/03/2014]

f_000032 --a---- 62912 bytes [18:00 02/03/2014] [18:00 02/03/2014]

f_000033 --a---- 32065 bytes [18:00 02/03/2014] [18:00 02/03/2014]

f_000034 --a---- 42773 bytes [18:00 02/03/2014] [18:00 02/03/2014]

f_000035 --a---- 61878 bytes [18:00 02/03/2014] [18:00 02/03/2014]

f_000036 --a---- 30387 bytes [18:00 02/03/2014] [18:00 02/03/2014]

f_000037 --a---- 82045 bytes [18:00 02/03/2014] [18:00 02/03/2014]

f_000038 --a---- 75174 bytes [18:00 02/03/2014] [18:00 02/03/2014]

f_000039 --a---- 69246 bytes [18:00 02/03/2014] [18:00 02/03/2014]

f_00003a --a---- 129233 bytes [18:00 02/03/2014] [18:00 02/03/2014]

f_00003b --a---- 28126 bytes [18:00 02/03/2014] [18:00 02/03/2014]

f_00003c --a---- 17564 bytes [18:00 02/03/2014] [18:00 02/03/2014]

f_00003d --a---- 20453 bytes [18:01 02/03/2014] [18:01 02/03/2014]

f_00003e --a---- 29185 bytes [18:01 02/03/2014] [18:01 02/03/2014]

f_00003f --a---- 29909 bytes [18:01 02/03/2014] [18:01 02/03/2014]

f_000040 --a---- 73865 bytes [18:01 02/03/2014] [18:01 02/03/2014]

f_000041 --a---- 25462 bytes [18:01 02/03/2014] [18:01 02/03/2014]

f_000042 --a---- 18381 bytes [18:01 02/03/2014] [18:01 02/03/2014]

f_000046 --a---- 21547 bytes [16:25 03/03/2014] [16:25 03/03/2014]

f_000047 --a---- 20794 bytes [16:25 03/03/2014] [16:25 03/03/2014]

f_00004c --a---- 21615 bytes [16:28 03/03/2014] [16:28 03/03/2014]

f_00004d --a---- 99504 bytes [16:28 03/03/2014] [16:28 03/03/2014]

f_00004e --a---- 32226 bytes [16:28 03/03/2014] [16:28 03/03/2014]

f_000051 --a---- 20794 bytes [20:07 05/03/2014] [20:07 05/03/2014]

f_000052 --a---- 21547 bytes [20:07 05/03/2014] [20:07 05/03/2014]

f_000055 --a---- 32226 bytes [20:08 05/03/2014] [20:08 05/03/2014]

f_000056 --a---- 21615 bytes [20:08 05/03/2014] [20:08 05/03/2014]

f_000057 --a---- 99504 bytes [20:08 05/03/2014] [20:08 05/03/2014]

f_000059 --a---- 22988 bytes [21:16 07/03/2014] [21:16 07/03/2014]

f_00005c --a---- 21547 bytes [21:17 07/03/2014] [21:17 07/03/2014]

f_00005d --a---- 20794 bytes [21:17 07/03/2014] [21:17 07/03/2014]

f_000061 --a---- 21615 bytes [21:18 07/03/2014] [21:18 07/03/2014]

f_000062 --a---- 32226 bytes [21:18 07/03/2014] [21:18 07/03/2014]

f_000063 --a---- 99504 bytes [21:18 07/03/2014] [21:18 07/03/2014]

f_000064 --a---- 21032 bytes [04:42 09/03/2014] [04:42 09/03/2014]

f_000065 --a---- 23538 bytes [04:42 09/03/2014] [04:42 09/03/2014]

f_000066 --a---- 25800 bytes [04:42 09/03/2014] [04:42 09/03/2014]

f_000067 --a---- 23538 bytes [04:42 09/03/2014] [04:42 09/03/2014]

f_000068 --a---- 17564 bytes [04:42 09/03/2014] [04:42 09/03/2014]

f_000069 --a---- 23967 bytes [04:45 09/03/2014] [04:45 09/03/2014]

f_00006a --a---- 30074 bytes [04:45 09/03/2014] [04:45 09/03/2014]

f_00006b --a---- 17072 bytes [04:45 09/03/2014] [04:45 09/03/2014]

f_00006c --a---- 17270 bytes [04:45 09/03/2014] [04:45 09/03/2014]

f_00006d --a---- 28390 bytes [04:45 09/03/2014] [04:45 09/03/2014]

f_00006e --a---- 18490 bytes [04:45 09/03/2014] [04:45 09/03/2014]

f_00006f --a---- 18567 bytes [04:45 09/03/2014] [04:45 09/03/2014]

f_000070 --a---- 23746 bytes [04:46 09/03/2014] [04:46 09/03/2014]

f_000071 --a---- 50384 bytes [04:46 09/03/2014] [04:46 09/03/2014]

f_000072 --a---- 30173 bytes [04:46 09/03/2014] [04:46 09/03/2014]

f_000073 --a---- 153417 bytes [04:46 09/03/2014] [04:46 09/03/2014]

f_000074 --a---- 29580 bytes [04:46 09/03/2014] [04:46 09/03/2014]

f_000075 --a---- 30440 bytes [04:46 09/03/2014] [04:46 09/03/2014]

f_000076 --a---- 32007 bytes [04:46 09/03/2014] [04:46 09/03/2014]

f_000077 --a---- 29938 bytes [04:46 09/03/2014] [04:46 09/03/2014]

f_000078 --a---- 26532 bytes [04:46 09/03/2014] [04:46 09/03/2014]

f_000079 --a---- 29171 bytes [04:46 09/03/2014] [04:46 09/03/2014]

f_00007a --a---- 48321 bytes [04:46 09/03/2014] [04:46 09/03/2014]

f_00007b --a---- 68926 bytes [04:46 09/03/2014] [04:46 09/03/2014]

f_00007c --a---- 24025 bytes [04:46 09/03/2014] [04:46 09/03/2014]

f_00007d --a---- 17564 bytes [04:46 09/03/2014] [04:46 09/03/2014]

f_000080 --a---- 83575 bytes [18:09 17/03/2014] [18:09 17/03/2014]

f_000081 --a---- 21547 bytes [18:09 17/03/2014] [18:09 17/03/2014]

f_000082 --a---- 20794 bytes [18:09 17/03/2014] [18:09 17/03/2014]

f_000083 --a---- 42328 bytes [18:09 17/03/2014] [18:09 17/03/2014]

f_000086 --a---- 76603 bytes [18:11 17/03/2014] [18:11 17/03/2014]

f_000087 --a---- 195150 bytes [18:11 17/03/2014] [18:11 17/03/2014]

f_000088 --a---- 189366 bytes [18:11 17/03/2014] [18:11 17/03/2014]

f_000089 --a---- 24687 bytes [18:11 17/03/2014] [18:11 17/03/2014]

f_00008a --a---- 17197 bytes [18:11 17/03/2014] [18:11 17/03/2014]

f_00008b --a---- 775551 bytes [18:14 17/03/2014] [18:14 17/03/2014]

f_00008d --a---- 741575 bytes [18:17 17/03/2014] [18:17 17/03/2014]

f_000099 --a---- 39659 bytes [20:27 23/03/2014] [20:27 23/03/2014]

f_00009c --a---- 21615 bytes [20:27 23/03/2014] [20:27 23/03/2014]

f_0000a7 --a---- 21615 bytes [23:12 23/03/2014] [23:12 23/03/2014]

f_0000ae --a---- 17032 bytes [15:24 28/03/2014] [15:24 28/03/2014]

f_0000af --a---- 23339 bytes [15:26 28/03/2014] [15:26 28/03/2014]

f_0000b3 --a---- 20794 bytes [22:49 29/03/2014] [22:49 29/03/2014]

f_0000b4 --a---- 21547 bytes [22:49 29/03/2014] [22:49 29/03/2014]

f_0000b8 --a---- 76603 bytes [22:50 29/03/2014] [22:50 29/03/2014]

f_0000b9 --a---- 195150 bytes [22:50 29/03/2014] [22:50 29/03/2014]

f_0000ba --a---- 189366 bytes [22:50 29/03/2014] [22:50 29/03/2014]

f_0000bb --a---- 98606 bytes [22:50 29/03/2014] [22:50 29/03/2014]

f_0000bc --a---- 21615 bytes [22:50 29/03/2014] [22:50 29/03/2014]

f_0000bd --a---- 168877 bytes [22:50 29/03/2014] [22:50 29/03/2014]

f_0000be --a---- 43712 bytes [06:25 01/04/2014] [06:25 01/04/2014]

f_0000c3 --a---- 23066 bytes [06:29 01/04/2014] [06:29 01/04/2014]

f_0000c4 --a---- 20794 bytes [06:29 01/04/2014] [06:29 01/04/2014]

f_0000c5 --a---- 21547 bytes [06:29 01/04/2014] [06:29 01/04/2014]

f_0000c6 --a---- 39659 bytes [06:29 01/04/2014] [06:29 01/04/2014]

f_0000c7 --a---- 42465 bytes [06:29 01/04/2014] [06:29 01/04/2014]

f_0000c8 --a---- 91330 bytes [06:29 01/04/2014] [06:29 01/04/2014]

f_0000c9 --a---- 26950 bytes [06:30 01/04/2014] [06:30 01/04/2014]

f_0000ca --a---- 24632 bytes [06:30 01/04/2014] [06:30 01/04/2014]

index --a---- 524656 bytes [21:51 01/03/2014] [21:51 01/03/2014]

 

C:\users\All Users\Bitdefender\Desktop\OBK\PC\.cache\AppCache d------ [21:48 01/03/2014]

 

C:\users\All Users\Bitdefender\Desktop\OBK\PC\.cache\Local Storage d------ [21:48 01/03/2014]

http_www.att.com_0.localstorage --a---- 4096 bytes [21:51 01/03/2014] [18:00 02/03/2014]

http_www.att.com_0.localstorage-journal --a---- 3608 bytes [21:51 01/03/2014] [18:00 02/03/2014]

 

C:\users\All Users\Bitdefender\Desktop\OBK\PC\lsess d------ [23:54 01/03/2014]

 

C:\users\All Users\Bitdefender\Desktop\Profiles d------ [21:37 01/03/2014]

ondemandal.xml --a---- 14293 bytes [21:37 01/03/2014] [19:33 01/04/2014]

C:\users\All Users\Bitdefender\Desktop\Profiles\LGKC d------ [21:39 01/03/2014]

ondemandal.xml --a---- 14233 bytes [21:39 01/03/2014] [21:46 31/03/2014]

 

C:\users\All Users\Bitdefender\Desktop\Profiles\Logs d------ [21:37 01/03/2014]

wd.ini --a---- 154 bytes [21:38 01/03/2014] [21:36 31/03/2014]

C:\users\All Users\Bitdefender\Desktop\Profiles\Logs\6c6a05a3-89e5-4f89-bab5-a5e25bade8be d------ [18:43 10/03/2014]

1394476387_1_01.xml --a---- 3550 bytes [18:43 10/03/2014] [18:43 10/03/2014]

1395116338_1_01.xml --a---- 3552 bytes [04:28 18/03/2014] [04:28 18/03/2014]

1395729855_1_01.xml --a---- 3551 bytes [06:54 25/03/2014] [06:54 25/03/2014]

1396380180_1_01.xml --a---- 3551 bytes [19:33 01/04/2014] [19:33 01/04/2014]

C:\users\All Users\Bitdefender\Desktop\Profiles\Logs\da29f7c8-23b1-4974-8d11-209959ac694b d------ [00:27 02/03/2014]

1393719970_1_01.xml --a---- 3542 bytes [00:27 02/03/2014] [00:27 02/03/2014]

1393799884_1_01.xml --a---- 3544 bytes [22:43 02/03/2014] [22:43 02/03/2014]

1395553045_1_01.xml --a---- 3543 bytes [05:38 23/03/2014] [05:38 23/03/2014]

1396278282_3_01.xml --a---- 3540 bytes [15:04 31/03/2014] [15:04 31/03/2014]

C:\users\All Users\Bitdefender\Desktop\Profiles\Logs\dcf483c4-26d0-4e6f-ba28-6a53a00adae1 d------ [23:40 01/03/2014]

1393711331_3_02.xml --a---- 5044 bytes [23:40 01/03/2014] [23:40 01/03/2014]

1393717923_1_02.xml --a---- 7838 bytes [02:30 02/03/2014] [02:30 02/03/2014]

1393770486_1_01.xml --a---- 8356 bytes [15:50 02/03/2014] [15:50 02/03/2014]

1393799885_1_01.xml --a---- 8358 bytes [04:07 03/03/2014] [04:07 03/03/2014]

1394168239_1_01.xml --a---- 6334 bytes [16:57 07/03/2014] [16:57 07/03/2014]

1395593444_3_01.xml --a---- 3568 bytes [16:51 23/03/2014] [16:51 23/03/2014]

1395917682_3_01.xml --a---- 5067 bytes [12:31 27/03/2014] [12:31 27/03/2014]

1396302400_1_01.xml --a---- 5827 bytes [02:22 01/04/2014] [02:22 01/04/2014]

C:\users\All Users\Bitdefender\Desktop\Quarantine d------ [21:39 01/03/2014]

C:\users\All Users\Bitdefender\Desktop\QuarantineBackup d------ [21:39 01/03/2014]

C:\users\All Users\Bitdefender\Desktop\SecReport d------ [21:39 01/03/2014]

prevsecreport.log --a---- 2902 bytes [22:49 01/03/2014] [23:37 23/03/2014]

secreport.log --a---- 3317 bytes [22:49 01/03/2014] [01:53 30/03/2014]

tempsecreport.log --a---- 2101 bytes [15:50 31/03/2014] [20:00 01/04/2014]

 

C:\users\All Users\Bitdefender\Desktop\SecReport\css d------ [01:04 09/03/2014]

raport.css --a---- 11368 bytes [01:04 09/03/2014] [20:20 21/10/2013]

raport_rtl.css --a---- 11603 bytes [01:04 09/03/2014] [20:20 21/10/2013]

reset.css --a---- 1202 bytes [01:04 09/03/2014] [19:31 20/02/2013]

segoeui.woff --a---- 281509 bytes [01:04 09/03/2014] [18:44 08/02/2013]

segoeuil.woff --a---- 184520 bytes [01:04 09/03/2014] [18:44 08/02/2013]

C:\users\All Users\Bitdefender\Desktop\SecReport\html d------ [01:04 09/03/2014]

report.html --a---- 12886 bytes [01:04 09/03/2014] [20:53 22/07/2013]

 

C:\users\All Users\Bitdefender\Desktop\SecReport\images d------ [01:04 09/03/2014]

autopilot.png --a---- 2990 bytes [01:04 09/03/2014] [18:44 08/02/2013]

bd_logo.png --a---- 5674 bytes [01:04 09/03/2014] [18:44 08/02/2013]

bg.jpg --a---- 2118 bytes [01:04 09/03/2014] [23:00 19/02/2013]

bg_footer.jpg --a---- 3167 bytes [01:04 09/03/2014] [23:00 19/02/2013]

bg_header.png --a---- 73847 bytes [01:04 09/03/2014] [23:00 19/02/2013]

black_bar.jpg --a---- 110857 bytes [01:04 09/03/2014] [18:44 08/02/2013]

bott.png --a---- 3014 bytes [01:04 09/03/2014] [18:44 08/02/2013]

bott_rtl.png --a---- 3016 bytes [01:04 09/03/2014] [14:54 16/04/2013]

chart_overlay.png --a---- 4005 bytes [01:04 09/03/2014] [18:44 08/02/2013]

chart_overlay_table.png --a---- 3954 bytes [01:04 09/03/2014] [18:44 08/02/2013]

chart_overlay_table_highlighted.png --a---- 12839 bytes [01:04 09/03/2014] [18:44 08/02/2013]

cloud_protection_icon.png --a---- 11721 bytes [01:04 09/03/2014] [23:00 19/02/2013]

collapsed.png --a---- 2817 bytes [01:04 09/03/2014] [18:44 08/02/2013]

date_ico.png --a---- 2923 bytes [01:04 09/03/2014] [23:00 19/02/2013]

date_separator.png --a---- 3196 bytes [01:04 09/03/2014] [18:44 08/02/2013]

dropper_circle.png --a---- 3145 bytes [01:04 09/03/2014] [18:44 08/02/2013]

events_icon.png --a---- 3116 bytes [01:04 09/03/2014] [17:47 04/04/2013]

expanded.png --a---- 2824 bytes [01:04 09/03/2014] [18:44 08/02/2013]

footer_logo.png --a---- 4242 bytes [01:04 09/03/2014] [18:44 08/02/2013]

green_bar.jpg --a---- 111547 bytes [01:04 09/03/2014] [18:44 08/02/2013]

icon_apps_scan.png --a---- 3004 bytes [01:04 09/03/2014] [18:44 08/02/2013]

icon_app_scan.png --a---- 4602 bytes [01:04 09/03/2014] [23:00 19/02/2013]

icon_autopilot.png --a---- 2969 bytes [01:04 09/03/2014] [18:44 08/02/2013]

icon_filevault.png --a---- 3142 bytes [01:04 09/03/2014] [18:44 08/02/2013]

icon_file_enc.png --a---- 3939 bytes [01:04 09/03/2014] [19:31 20/02/2013]

icon_file_scan.png --a---- 4473 bytes [01:04 09/03/2014] [23:00 19/02/2013]

icon_placeholder.png --a---- 2848 bytes [01:04 09/03/2014] [18:44 08/02/2013]

icon_safebox.png --a---- 3519 bytes [01:04 09/03/2014] [18:44 08/02/2013]

icon_safebox_black.png --a---- 4004 bytes [01:04 09/03/2014] [19:31 20/02/2013]

icon_usermode.png --a---- 3023 bytes [01:04 09/03/2014] [18:44 08/02/2013]

icon_vuln_scan.png --a---- 4455 bytes [01:04 09/03/2014] [19:31 20/02/2013]

icon_web_scan.png --a---- 4606 bytes [01:04 09/03/2014] [23:00 19/02/2013]

line_horiz.jpg --a---- 120702 bytes [01:04 09/03/2014] [23:00 19/02/2013]

logo_txt_bd.png --a---- 3747 bytes [01:04 09/03/2014] [23:00 19/02/2013]

privacy_icon.png --a---- 12601 bytes [01:04 09/03/2014] [19:31 20/02/2013]

recom_ico.png --a---- 4719 bytes [01:04 09/03/2014] [23:00 19/02/2013]

red_bar.jpg --a---- 117549 bytes [01:04 09/03/2014] [18:44 08/02/2013]

stat_green.png --a---- 5258 bytes [01:04 09/03/2014] [23:00 19/02/2013]

stat_orange.png --a---- 4666 bytes [01:04 09/03/2014] [23:00 19/02/2013]

stat_red.png --a---- 5882 bytes [01:04 09/03/2014] [23:00 19/02/2013]

tip.png --a---- 2996 bytes [01:04 09/03/2014] [23:00 19/02/2013]

top.png --a---- 4753 bytes [01:04 09/03/2014] [00:24 23/02/2013]

top_bar.png --a---- 7270 bytes [01:04 09/03/2014] [23:00 19/02/2013]

top_rtl.png --a---- 3818 bytes [01:04 09/03/2014] [14:54 16/04/2013]

ts_header.png --a---- 394939 bytes [01:04 09/03/2014] [18:44 08/02/2013]

upper_stat_black_bg.png --a---- 2896 bytes [01:04 09/03/2014] [18:44 08/02/2013]

upper_stat_green_bg.png --a---- 2905 bytes [01:04 09/03/2014] [18:44 08/02/2013]

upper_stat_orange_bg.png --a---- 2907 bytes [01:04 09/03/2014] [18:44 08/02/2013]

upper_stat_red_bg.png --a---- 2903 bytes [01:04 09/03/2014] [18:44 08/02/2013]

usermode.png --a---- 3023 bytes [01:04 09/03/2014] [18:44 08/02/2013]

yelow_bar.jpg --a---- 111178 bytes [01:04 09/03/2014] [18:44 08/02/2013]

C:\users\All Users\Bitdefender\Desktop\SecReport\js d------ [01:04 09/03/2014]

jdata.js --a---- 3570 bytes [01:04 09/03/2014] [14:44 31/03/2014]

jprevdata.js --a---- 2950 bytes [01:04 09/03/2014] [14:44 31/03/2014]

jquery.min.js --a---- 93870 bytes [01:04 09/03/2014] [18:44 08/02/2013]

jsPopulateHTML.js --a---- 29947 bytes [01:04 09/03/2014] [11:07 27/03/2014]

jtexts.js --a---- 11324 bytes [01:04 09/03/2014] [14:44 31/03/2014]

 

C:\users\All Users\Bitdefender\Desktop\Temp d------ [21:34 01/03/2014]

patch_17.24_0002_gzflt.log --a---- 377 bytes [22:00 01/03/2014] [22:00 01/03/2014]

C:\users\All Users\Bitdefender\Desktop\Temp\BDIDW d------ [21:55 01/03/2014]

C:\users\All Users\Bitdefender\DTrace d------ [21:37 01/03/2014]

17.13.0003.log --a---- 2516 bytes [22:00 01/03/2014] [22:00 01/03/2014]

17.20.0001.log --a---- 2516 bytes [22:00 01/03/2014] [22:00 01/03/2014]

patch_17.13_0001_safego.log --a---- 11747 bytes [22:00 01/03/2014] [22:00 01/03/2014]

patch_17.15_0003_gzfltkey.log --a---- 470 bytes [22:00 01/03/2014] [22:00 01/03/2014]

patch_17.15_0003_mitm.log --a---- 975 bytes [22:00 01/03/2014] [22:00 01/03/2014]

patch_17.15_0004_bbext.log --a---- 4100 bytes [22:00 01/03/2014] [22:00 01/03/2014]

patch_17.15_0005_gzfltkey.log --a---- 3782 bytes [22:00 01/03/2014] [22:00 01/03/2014]

patch_17.16_0001_genbdch.log --a---- 4407 bytes [22:00 01/03/2014] [22:00 01/03/2014]

patch_17.17_0001_pwdmansettings.log --a---- 3151 bytes [22:00 01/03/2014] [22:00 01/03/2014]

patch_17.18_0001_gzfltkey.log --a---- 3782 bytes [22:00 01/03/2014] [22:00 01/03/2014]

patch_17.18_0002_supptool.log --a---- 3805 bytes [22:00 01/03/2014] [22:00 01/03/2014]

patch_17.18_0003_core_http.log --a---- 9597 bytes [11:08 27/03/2014] [11:08 27/03/2014]

patch_17.18_0003_fwrules.log --a---- 54835 bytes [22:00 01/03/2014] [22:00 01/03/2014]

patch_17.19_0002_gzfltkey.log --a---- 3782 bytes [22:00 01/03/2014] [22:00 01/03/2014]

patch_17.19_0003_gzfltkey.log --a---- 3782 bytes [22:00 01/03/2014] [22:00 01/03/2014]

patch_17.19_0004_gzfltkey.log --a---- 3782 bytes [22:00 01/03/2014] [22:00 01/03/2014]

patch_17.20_0002_gzfltkey.log --a---- 3782 bytes [22:00 01/03/2014] [22:00 01/03/2014]

patch_17.21_0001_gzfltkey.log --a---- 3782 bytes [22:00 01/03/2014] [22:00 01/03/2014]

patch_17.21_0001_ondemand.log --a---- 5794 bytes [22:00 01/03/2014] [22:00 01/03/2014]

patch_17.23_0001_gzfltkey.log --a---- 3782 bytes [22:00 01/03/2014] [22:00 01/03/2014]

patch_17.24_0001_gzfltkey.log --a---- 3782 bytes [22:00 01/03/2014] [22:00 01/03/2014]

patch_17.26_0001_pmbxcrnmh.log --a---- 856 bytes [22:00 01/03/2014] [22:00 01/03/2014]

patch_17.26_0002_gzfltkey.log --a---- 3782 bytes [22:00 01/03/2014] [22:00 01/03/2014]

patch_17_22_0001_sandboxcopyfiles.log --a---- 521 bytes [22:00 01/03/2014] [22:00 01/03/2014]

patch_17_22_0002_gzfltkey.log --a---- 3782 bytes [22:00 01/03/2014] [22:00 01/03/2014]

patch_17_27_0001_autoscan.log --a---- 1401 bytes [11:08 27/03/2014] [11:08 27/03/2014]

version.log --a---- 1243 bytes [22:00 01/03/2014] [17:59 28/03/2014]

 

C:\users\All Users\Bitdefender\Logs d------ [22:00 01/03/2014]

patch_pc_driverupd.log --a---- 6173 bytes [22:00 01/03/2014] [17:59 28/03/2014]

patch_pc_sig.log --a---- 12823 bytes [22:00 01/03/2014] [17:59 28/03/2014]

 

C:\users\All Users\Bitdefender\PasswordManager d------ [21:28 01/03/2014]

 

C:\users\All Users\Bitdefender\PasswordManager\S-1-5-21-96528564-3643669245-997664657-1000 d------ [21:39 01/03/2014]

pwdman-settings.xml --a---- 811 bytes [21:39 01/03/2014] [00:00 02/03/2014]

pwdman.db --a---- 1474851 bytes [22:50 01/03/2014] [15:59 23/03/2014]

PwdMan.xml --a---- 181 bytes [22:28 01/03/2014] [15:59 23/03/2014]

wlt5A4C.tmp --a---- 0 bytes [15:59 23/03/2014] [15:59 23/03/2014]






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users