Jump to content

uza

Members
  • Posts

    12
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Sorry i have been a bit busy i will be able to finish some time over the weekend.
  2. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.20.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Seth :: SETH-PC [administrator] 1/19/2013 10:41:59 PM mbam-log-2013-01-19 (22-41-59).txt Scan type: Full scan (C:\|D:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 521354 Time elapsed: 1 hour(s), 45 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\FRST\Quarantine\phxzbypky.exe (Trojan.Agent.ED) -> Quarantined and deleted successfully. (end) seems to have found a trojan that i hopefully removed, Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:51:18 AM, on 1/20/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Seth\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com/'>http://samsung.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: W2PBrowser Browser Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [updatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0" O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" O4 - HKLM\..\Run: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" O4 - HKLM\..\Run: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" O4 - HKCU\..\Run: [GoTrusted] C:\Program Files (x86)\GoTrusted.com\GoTrusted Secure Tunnel v2.3.0.5\GoTrusted Secure Tunnel.exe O4 - HKCU\..\Run: [MurGee.com Auto Clicker] C:\Program Files (x86)\Auto Clicker\AutoClicker.exe :silent O4 - Global Startup: SRS Premium Sound.lnk = ? O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Seth\Desktop\PartyPoker.lnk O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Seth\Desktop\PartyPoker.lnk O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing) O23 - Service: Intel® Turbo Boost Technology Monitor (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel® Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13918 bytes
  3. ???? ??? Windows Live ???? Windows Live ????? Messenger ????? Windows Live ?????? ??????? ?? Windows Live ???????? ?? Messenger ???????? ?????????? Windows Live ????????? Messenger ?????????? Windows Live ??????????? ?? Windows Live µTorrent Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader 9.1 Adobe Shockwave Player 11.6 Advanced SystemCare 4 „Messenger“ pagalbine priemone Apple Application Support Apple Software Update ASIO4ALL Auto Clicker v1.1 Auto Typer by MurGee v1.2 „Windows Live Essentials“ „Windows Live Mail“ „Windows Live Messenger“ „Windows Live“ fotogalerija BatteryLifeExtender Best Buy pc app Bing Bar Bing Rewards Client Installer ChargeableUSB Complemento Messenger Complément Messenger Coupon Printer for Windows CyberLink DVD Suite CyberLink LabelPrint CyberLink Power2Go CyberLink PowerDirector CyberLink PowerDVD 8 CyberLink PowerProducer CyberLink YouCam D3DX10 Diablo III Beta Doplnok programu Messenger Easy Content Share Easy Display Manager Easy Network Manager Easy SpeedUp Manager EasyBatteryManager EasyFileShare Fast Start FL Studio 10 Fotogalerija Windows Live Galeria de Fotografias do Windows Live Galeria fotografii uslugi Windows Live Galerie de photos Windows Live Galerie foto Windows Live Galería fotográfica de Windows Live Game Booster Google Chrome Google Toolbar for Internet Explorer Google Update Helper GoTrusted Secure Tunnel v2.3.0.5 HP Deskjet 1000 J110 series Help HP Photo Creations HP Update HWiNFO32 Version 4.06 IL Download Manager Intel® Control Center Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® Rapid Storage Technology Intel® Wireless Display IObit Malware Fighter Java 7 Update 7 Java Auto Updater Java 6 Update 25 Junk Mail filter update KeyScrambler Malwarebytes' Anti-Malware version 1.51.1.1800 Marvell Miniport Driver Mesh Runtime Messenger-kumppani Messenger ??? ?? Messenger ???? Messenger ????? Messenger Assistent Messenger Companion Messenger kíséro Messenger Pratilac Messenger Suradnik Microsoft Default Manager Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MultimediaPOP Norton Internet Security Norton Online Backup NVIDIA Updatus PartyPoker Poczta uslugi Windows Live Podstawowe programy Windows Live PokerStars.net Pomocnik Messenger Pošta Windows Live QuickTime Raccolta foto di Windows Live Realtek High Definition Audio Driver RuneScape Launcher 1.0.4 S?????? f?t???af??? t?? Windows Live Samsung AnyWeb Print Samsung Recovery Solution 5 Samsung Support Center Samsung Update Plus Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) ShortKeys Lite Skype™ 5.10 Smart Defrag 2 Sony Media Manager 2.2 Spremljevalec Messenger SwiftKit swMSM Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) User Guide Windows Live Windows Live ?? Windows Live ?? ??? Windows Live ??? Windows Live ???? Windows Live Communications Platform Windows Live Essentials Windows Live Fotótár Windows Live Foto-galerija Windows Live fotoattelu galerija Windows Live Fotogalerie Windows Live Fotogalleri Windows Live Fotogaléria Windows Live Fotograf Galerisi Windows Live Galeria de Fotos Windows Live Galerija fotografija Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Messenger Windows Live Messenger Companion Core Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Pošta Windows Live SOXE Windows Live SOXE Definitions Windows Live Temel Parçalar Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Liven asennustyökalu Windows Liven sähköposti Windows Liven valokuvavalikoima Windows Password Key Standard Demo WinZip 15.5 XSplit
  4. 2013-01-19 22:59:28 . 2013-01-19 22:59:28 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SynTPEnh.reg.dat 2013-01-19 22:59:28 . 2013-01-19 22:59:28 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-ETDCtrl.reg.dat 2013-01-19 22:59:28 . 2013-01-19 22:59:28 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat 2013-01-19 22:59:11 . 2013-01-19 22:59:11 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat 2013-01-19 22:50:37 . 2013-01-19 22:50:37 16,624 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2013-01-19 22:40:19 . 2013-01-19 22:40:19 51 ----a-w- C:\Qoobox\Quarantine\catchme.log 2012-12-03 01:20:05 . 2013-01-06 21:44:16 19,897 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\12.2.txt.vir 2012-10-06 00:02:10 . 2012-10-08 23:09:36 7,931 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\10.5.txt.vir 2012-09-23 11:20:10 . 2012-09-25 20:45:52 3,930 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\9.21.txt.vir 2012-09-01 00:56:30 . 2012-09-01 00:56:31 1,204 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\8.31.txt.vir 2012-05-28 03:51:06 . 2012-05-28 03:51:06 3,023 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\5.20.txt.vir 2012-05-09 15:59:11 . 2012-05-09 15:59:17 954 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\5.8.txt.vir 2012-03-20 16:01:16 . 2012-04-06 13:33:25 28,296 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\3.20.txt.vir 2012-03-09 21:14:28 . 2012-03-09 21:14:29 13,004 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\3.9.txt.vir 2012-02-18 19:20:36 . 2012-02-18 19:20:36 3,670 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\2.18.txt.vir 2012-01-21 00:47:01 . 2012-01-21 00:47:01 204,800 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\AppData\Roaming\Feipki\iryn.exe.vir 2011-11-09 08:15:07 . 2011-11-09 08:15:07 3,653 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\11.7.txt.vir 2011-11-04 01:27:27 . 2011-11-06 21:53:00 6,093 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\11.4.txt.vir 2011-11-03 11:13:13 . 2011-11-03 11:13:14 5,439 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\11.3.txt.vir 2011-10-08 07:31:21 . 2011-10-08 07:31:21 8,391 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\10.6.txt.vir 2011-10-05 01:55:01 . 2011-10-05 01:55:01 1,408 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\10.4.txt.vir 2011-10-03 22:54:37 . 2011-10-03 22:54:37 5,769 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\10.3.txt.vir 2011-10-02 16:53:20 . 2011-10-02 16:53:20 1,579 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\10.2.txt.vir 2011-09-29 05:41:07 . 2011-09-29 05:41:07 1,240 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\9.29.txt.vir 2011-09-28 07:03:35 . 2011-09-28 07:03:36 2,406 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\9.28.txt.vir 2011-09-24 04:48:18 . 2011-09-28 07:03:56 2,024 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\9.24.txt.vir 2011-09-23 08:28:07 . 2011-09-23 08:28:07 4,153 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\9.23.txt.vir 2011-09-23 02:36:32 . 2011-09-23 02:36:32 6,592 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\9.22.txt.vir 2011-09-18 22:31:50 . 2011-09-18 22:31:50 2,553 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\9.17.txt.vir 2011-09-14 09:35:22 . 2011-09-14 09:35:22 6,544 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\9.13.txt.vir 2011-09-10 08:48:58 . 2011-09-10 08:48:58 5,410 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\9.9.txt.vir 2011-09-07 06:31:43 . 2011-09-07 06:31:43 2,026 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\9.7.txt.vir 2011-09-06 08:33:43 . 2011-09-06 08:33:43 4,502 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\9.6.txt.vir 2011-09-05 08:39:59 . 2011-09-05 08:39:59 6,248 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\9.5.txt.vir 2011-09-01 02:06:17 . 2011-09-01 02:06:17 1,532 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\8.30.txt.vir 2011-08-27 18:49:11 . 2011-08-27 18:49:11 0 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\AppData\Roaming\Ikusa\wyege.sux.vir 2011-08-25 19:19:34 . 2011-08-25 19:19:34 2,545 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\8.24.txt.vir 2011-08-20 18:26:06 . 2011-08-20 18:26:06 4,143 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\8.18.txt.vir 2011-08-20 03:13:24 . 2011-08-20 03:13:24 1,887 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\8.17.txt.vir 2011-08-16 12:00:40 . 2011-08-16 12:00:40 3,033 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\8.9.txt.vir 2011-08-11 02:32:41 . 2011-08-11 09:55:27 3,847 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\8.8.txt.vir 2011-08-08 20:14:47 . 2011-08-08 20:14:47 2,881 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\8.7.txt.vir 2011-08-08 03:25:20 . 2011-08-08 03:25:21 2,604 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\8.2.txt.vir 2011-08-02 06:25:32 . 2011-08-02 06:25:32 6,929 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\8.1.txt.vir 2011-08-02 00:23:13 . 2011-08-02 00:23:13 6,086 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\7.31.txt.vir 2011-08-01 00:13:47 . 2011-08-01 00:13:47 4,541 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\7.30.txt.vir 2011-07-30 09:07:13 . 2011-07-30 09:07:13 2,023 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\7.29.txt.vir 2011-07-30 02:09:53 . 2011-07-30 02:09:54 4,041 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\7.28.txt.vir 2011-07-27 22:55:41 . 2011-07-27 22:55:41 465 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\7.26.txt.vir 2011-07-25 10:32:09 . 2011-07-25 10:32:09 4,099 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\7.24.txt.vir 2011-07-24 07:59:02 . 2011-07-24 07:59:02 6,169 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\7.23.txt.vir 2011-07-23 07:33:58 . 2011-07-23 07:33:58 3,676 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\7.22.txt.vir 2011-07-21 07:15:42 . 2011-07-21 07:15:42 709,968 ----a-w- C:\Qoobox\Quarantine\C\Windows\isRS-000.tmp.vir 2011-07-21 06:47:18 . 2011-07-21 06:47:19 6,543 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\7.21.txt.vir 2011-07-20 06:03:41 . 2011-07-20 06:03:41 5,469 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\7.20.txt.vir 2011-07-19 09:18:14 . 2011-07-19 09:18:14 6,217 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\7.18.txt.vir 2011-07-17 08:18:54 . 2011-07-17 08:18:54 6,233 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\7.16.txt.vir 2011-07-16 07:19:26 . 2011-07-16 08:46:55 6,916 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\7.15.txt.vir 2011-07-15 06:29:30 . 2011-07-15 06:29:30 8,406 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\7.14.txt.vir 2011-07-14 20:45:23 . 2011-07-14 20:45:23 4,702 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\7.13.txt.vir 2011-07-13 06:04:46 . 2011-07-13 21:56:52 7,022 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\7.12.txt.vir 2011-07-12 23:34:31 . 2011-07-12 23:34:32 1,338 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\7.11.txt.vir 2011-07-11 09:09:12 . 2011-07-11 18:27:43 5,186 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\7.10.txt.vir 2011-07-10 04:01:03 . 2011-07-10 04:01:03 1,475 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\7.9.txt.vir 2011-07-06 23:46:11 . 2011-07-07 18:23:53 746 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\7.6.txt.vir 2011-07-02 05:23:37 . 2011-07-02 05:23:37 4,482 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\7.1.txt.vir 2011-07-01 07:21:19 . 2011-07-01 18:11:14 2,072 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\6.30.txt.vir 2011-06-29 18:44:27 . 2011-06-29 19:02:02 1,944 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\6.29.txt.vir 2011-06-29 08:16:05 . 2011-06-29 08:16:05 2,503 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\6.28.txt.vir 2011-06-27 18:35:01 . 2011-06-28 09:03:04 1,325 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\6.27.txt.vir 2011-06-27 17:27:58 . 2011-06-27 17:27:58 1,429 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\6.26.txt.vir 2011-06-25 22:14:46 . 2012-06-15 06:52:14 7,106 ----a-w- C:\Qoobox\Quarantine\C\Users\Seth\6.25.txt.vir 2010-12-03 18:51:35 . 2010-08-16 18:46:00 5,109,352 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\SETD0EA.tmp.vir 2010-12-03 18:51:35 . 2010-08-16 18:46:00 446,056 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\SETCEB7.tmp.vir 2010-12-03 18:51:33 . 2010-08-16 18:46:00 100,968 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\SETC2A2.tmp.vir 2010-12-03 18:51:26 . 2010-08-16 18:46:00 1,626,728 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\SETAF2A.tmp.vir The file i was mainly concerned about at this point was c:\users\Seth\12.2.txt
  5. ComboFix 13-01-17.04 - Seth 01/19/2013 15:43:21.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3882.1731 [GMT -7:00] Running from: c:\users\Seth\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Seth\10.2.txt c:\users\Seth\10.3.txt c:\users\Seth\10.4.txt c:\users\Seth\10.5.txt c:\users\Seth\10.6.txt c:\users\Seth\11.3.txt c:\users\Seth\11.4.txt c:\users\Seth\11.7.txt c:\users\Seth\12.2.txt c:\users\Seth\2.18.txt c:\users\Seth\3.20.txt c:\users\Seth\3.9.txt c:\users\Seth\5.20.txt c:\users\Seth\5.8.txt c:\users\Seth\6.25.txt c:\users\Seth\6.26.txt c:\users\Seth\6.27.txt c:\users\Seth\6.28.txt c:\users\Seth\6.29.txt c:\users\Seth\6.30.txt c:\users\Seth\7.1.txt c:\users\Seth\7.10.txt c:\users\Seth\7.11.txt c:\users\Seth\7.12.txt c:\users\Seth\7.13.txt c:\users\Seth\7.14.txt c:\users\Seth\7.15.txt c:\users\Seth\7.16.txt c:\users\Seth\7.18.txt c:\users\Seth\7.20.txt c:\users\Seth\7.21.txt c:\users\Seth\7.22.txt c:\users\Seth\7.23.txt c:\users\Seth\7.24.txt c:\users\Seth\7.26.txt c:\users\Seth\7.28.txt c:\users\Seth\7.29.txt c:\users\Seth\7.30.txt c:\users\Seth\7.31.txt c:\users\Seth\7.6.txt c:\users\Seth\7.9.txt c:\users\Seth\8.1.txt c:\users\Seth\8.17.txt c:\users\Seth\8.18.txt c:\users\Seth\8.2.txt c:\users\Seth\8.24.txt c:\users\Seth\8.30.txt c:\users\Seth\8.31.txt c:\users\Seth\8.7.txt c:\users\Seth\8.8.txt c:\users\Seth\8.9.txt c:\users\Seth\9.13.txt c:\users\Seth\9.17.txt c:\users\Seth\9.21.txt c:\users\Seth\9.22.txt c:\users\Seth\9.23.txt c:\users\Seth\9.24.txt c:\users\Seth\9.28.txt c:\users\Seth\9.29.txt c:\users\Seth\9.5.txt c:\users\Seth\9.6.txt c:\users\Seth\9.7.txt c:\users\Seth\9.9.txt c:\users\Seth\AppData\Roaming\Feipki c:\users\Seth\AppData\Roaming\Feipki\iryn.exe c:\users\Seth\AppData\Roaming\Ikusa c:\users\Seth\AppData\Roaming\Ikusa\wyege.sux c:\windows\isRS-000.tmp c:\windows\SysWow64\SETAF2A.tmp c:\windows\SysWow64\SETC2A2.tmp c:\windows\SysWow64\SETCEB7.tmp c:\windows\SysWow64\SETD0EA.tmp . . ((((((((((((((((((((((((( Files Created from 2012-12-19 to 2013-01-19 ))))))))))))))))))))))))))))))) . . 2013-01-19 22:20 . 2013-01-19 22:20 -------- d-----w- C:\FRST 2013-01-19 19:24 . 2013-01-19 19:24 -------- d-----w- c:\users\Seth\AppData\Local\Programs 2013-01-18 21:01 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A4022419-669F-4ACA-B633-7D22EA53C096}\mpengine.dll 2013-01-10 05:38 . 2013-01-10 05:38 -------- d-----w- c:\users\Seth\AppData\Local\Proxure 2013-01-10 05:38 . 2013-01-10 05:38 -------- d-----w- c:\programdata\ClubSanDisk 2013-01-09 21:28 . 2012-12-07 11:20 23552 ----a-w- c:\windows\system32\oflc.rs 2012-12-21 10:01 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 10:01 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 10:01 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 10:01 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-10 10:05 . 2011-06-04 07:23 67599240 ----a-w- c:\windows\system32\MRT.exe 2012-11-30 04:45 . 2013-01-09 21:28 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-14 07:06 . 2012-12-13 19:04 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-13 19:04 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-13 19:04 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-13 19:04 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-13 19:04 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-13 19:04 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-13 19:04 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-13 19:04 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-13 19:04 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-13 19:04 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-13 19:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-13 19:04 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-13 19:04 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-13 19:04 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-13 19:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-13 19:04 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-13 19:04 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-13 19:04 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-13 19:04 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-13 19:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-13 19:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-13 19:04 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-12 19:52 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-11-12 19:52 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-11-09 05:45 . 2012-12-11 21:32 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-11 21:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-02 05:59 . 2012-12-11 21:31 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-11-02 05:11 . 2012-12-11 21:31 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-10-27 18:49 . 2012-10-27 18:49 30592 ----a-w- c:\windows\SysWow64\drivers\HWiNFO64A.SYS . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-06-04 399736] "Advanced SystemCare 4"="c:\program files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560] "GoTrusted"="c:\program files (x86)\GoTrusted.com\GoTrusted Secure Tunnel v2.3.0.5\GoTrusted Secure Tunnel.exe" [2011-04-12 188488] "MurGee.com Auto Clicker"="c:\program files (x86)\Auto Clicker\AutoClicker.exe" [2011-05-05 40960] "AutoTyperMurGee"="c:\program files (x86)\Auto Typer by MurGee\AutoTyper.exe" [2012-02-28 55656] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504] "RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432] "PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472] "UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-01-13 4453208] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-20 421736] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ SRS Premium Sound.lnk - c:\windows\Installer\{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-12-2 156952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-03 2320920] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-04-09 47616] R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-08-31 118664] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432] R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-09-20 33184] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-09-20 21872] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-31 1255736] R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-06 21384] R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-01-17 25960] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 18232] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110701.001\BHDrvx64.sys [2011-05-19 1143416] S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [2012-10-27 30592] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110720.031\IDSvia64.sys [2011-07-08 488056] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168] S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-09-01 408576] S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832] S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928] S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-09-01 911872] S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2010-05-16 71168] S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2010-05-16 175104] S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [2010-05-16 81920] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-29 136824] S3 gttap1;GoTrusted-x64 Adapter;c:\windows\system32\DRIVERS\gttap1.sys [2010-11-02 66104] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-08-30 289280] S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-04-24 273088] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 25912] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-10-05 42392] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-08-30 394016] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-15 04:36 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe . Contents of the 'Scheduled Tasks' folder . 2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15 04:25] . 2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15 04:25] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-17 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-17 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-17 415256] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-11 11369576] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-10-19 1931024] "IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-09-01 1449984] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://samsung.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) Toolbar-Locked - (no file) HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-Windows Password Key Standard Demo - c:\users\Seth\Desktop\Windows Password Key Standard Demo\uninst.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe c:\program files (x86)\IObit\Game Booster\gbtray.exe c:\program files (x86)\Samsung\Easy Display Manager\dmhkcore.exe c:\program files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe c:\program files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe . ************************************************************************** . Completion time: 2013-01-19 16:00:38 - machine was rebooted ComboFix-quarantined-files.txt 2013-01-19 23:00 . Pre-Run: 8,431,075,328 bytes free Post-Run: 9,417,912,320 bytes free . - - End Of File - - 8ADEA2E5EF26929A95E40857EF66E0E8 It seems to have deleted some things from my computer that i wish i would of backed up not knowing it would delete them...Other than that it seems the computer is doing okay.
  6. # AdwCleaner v2.106 - Logfile created 01/19/2013 at 15:15:37 # Updated 17/01/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Seth - SETH-PC # Boot Mode : Normal # Running from : C:\Users\Seth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E0S2YSQ4\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Google Chrome v24.0.1312.52 File : C:\Users\Seth\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [722 octets] - [19/01/2013 15:15:37] ########## EOF - C:\AdwCleaner[s1].txt - [781 octets] ########## RogueKiller V8.4.3 [Jan 10 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Seth [Admin rights] Mode : Remove -- Date : 01/19/2013 15:25:09 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ] HKCU\[...]\Command Processor : AutoRun ("C:\Users\Seth\AppData\Local\phxzbypky.exe") -> DELETED ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HM641JI +++++ --- User --- [MBR] 70aabfa64b0c4d9c8e0110c175a4f2a5 [bSP] 9a270bc82ed6fe353e978f1e0e672288 : KIWI Image system MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 237568 Mo 2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 486746112 | Size: 354707 Mo 3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1213186048 | Size: 18102 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_01192013_02d1525.txt >> RKreport[1]_S_01192013_02d1524.txt ; RKreport[2]_D_01192013_02d1525.txt
  7. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2013 Ran by SYSTEM at 2013-01-19 14:45:07 Run:1 Running from H:\ ============================================== HKEY_USERS\Seth\Software\Microsoft\Windows\CurrentVersion\Run\\ieodjrzotp Value deleted successfully. HKEY_USERS\Seth\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr Value deleted successfully. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value was restored successfully . HKEY_USERS\Seth\Software\Microsoft\Windows\CurrentVersion\Run\\Xicaysr Value deleted successfully. C:\Users\Seth\AppData\Roaming\phxzbypky.exe moved successfully. C:\Users\All Users\phxzbypky.exe moved successfully. C:\Users\Seth\AppData\Local\phxzbypky.exe moved successfully. ==== End of Fixlog ==== I am now able to load my computer without the FBI warning. It looks like all the background settings and stuff have been reset but glad to be able to view it again. Is there anything else that i must do from this point?
  8. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2013 Ran by SYSTEM at 19-01-2013 14:20:59 Running from H:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11369576 2010-08-10] (Realtek Semiconductor) HKLM\...\Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1931024 2010-10-18] (Intel® Corporation) HKLM\...\Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash [1449984 2010-08-31] (Intel® Corporation) HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2581384 2010-08-30] (ELAN Microelectronics Corp.) HKLM\...\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2399632 2011-04-13] (Microsoft Corporation) HKLM\...\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-04-16] () HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2818856 2011-08-25] (Synaptics Incorporated) HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.) HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-05-31] (Symantec Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-06-03] (CyberLink) HKLM-x32\...\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [updatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0" [222504 2008-01-03] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2009-04-15] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [50472 2009-04-15] (CyberLink Corp.) HKLM-x32\...\Run: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" [218408 2008-12-03] (CyberLink Corp.) HKLM-x32\...\Run: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2009-07-20] (CyberLink Corp.) HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-09] (Microsoft Corporation) HKLM-x32\...\Run: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart [4453208 2012-01-12] (IObit) HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [449584 2011-07-06] (Malwarebytes Corporation) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-07-19] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard) HKLM-x32\...\Run: [] [x] HKU\Seth\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-11-10] (Microsoft Corporation) HKU\Seth\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" [399736 2011-06-03] (BitTorrent, Inc.) HKU\Seth\...\Run: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [412560 2011-05-28] (IObit) HKU\Seth\...\Run: [GoTrusted] C:\Program Files (x86)\GoTrusted.com\GoTrusted Secure Tunnel v2.3.0.5\GoTrusted Secure Tunnel.exe [188488 2011-04-12] (GoTrusted.com) HKU\Seth\...\Run: [MurGee.com Auto Clicker] C:\Program Files (x86)\Auto Clicker\AutoClicker.exe :silent [40960 2011-05-04] (MurGee.com) HKU\Seth\...\Run: [Xicaysr] C:\Users\Seth\AppData\Roaming\Feipki\iryn.exe [204800 2012-01-20] () HKU\Seth\...\Run: [AutoTyperMurGee] C:\Program Files (x86)\Auto Typer by MurGee\AutoTyper.exe :settings [55656 2012-02-28] (MurGee.com) HKU\Seth\...\Run: [ieodjrzotp] C:\Users\Seth\AppData\Roaming\phxzbypky [x] HKU\Seth\...\Policies\system: [DisableTaskMgr] 1 HKLM\...\Winlogon: [shell] explorer.exe, C:\ProgramData\phxzbypky [x ] () Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 AppInit_DLLs: C:\windows\system32\nvinitx.dll Startup: C:\Users\All Users\Start Menu\Programs\Startup\SRS Premium Sound.lnk ShortcutTarget: SRS Premium Sound.lnk -> C:\windows\Installer\{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.) Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy pc app.lnk ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy pc app.lnk ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) ==================== Services (Whitelisted) =================== 2 AdvancedSystemCareService; C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [353168 2011-05-28] (IObit) 2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [821592 2012-01-09] (IObit) 2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [366640 2011-07-06] (Malwarebytes Corporation) 2 MSSQL$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR [7520337 2002-12-17] (Microsoft Corporation) 3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) 4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-10-18] () 2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation) 2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-05-31] (Symantec Corporation) 4 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-07] () 3 SQLAgent$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR [311872 2002-12-17] (Microsoft Corporation) ==================== Drivers (Whitelisted) ===================== 1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110701.001\BHDrvx64.sys [1143416 2011-05-19] (Symantec Corporation) 1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [481912 2011-05-22] (Symantec Corporation) 3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [136824 2011-05-29] (Symantec Corporation) 3 FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [21384 2012-01-05] (IObit) 1 HWiNFO32; \??\C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [30592 2012-10-27] (REALiX) 1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110720.031\IDSvia64.sys [488056 2011-07-08] (Symantec Corporation) 3 KeyScrambler; C:\Windows\System32\Drivers\KeyScrambler.sys [273088 2011-04-24] (QFX Software Corporation) 3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [25912 2011-07-06] (Malwarebytes Corporation) 3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110720.022\ENG64.SYS [117880 2011-05-29] (Symantec Corporation) 3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110720.022\EX64.SYS [2011768 2011-05-29] (Symantec Corporation) 3 RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [33184 2011-09-20] (IObit.com) 3 rtport; C:\Windows\SysWow64\Drivers\rtport.sys [15144 2011-04-18] (Windows ® 2003 DDK 3790 provider) 0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18232 2011-02-23] () 3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation) 1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation) 0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation) 0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation) 3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-22] (Symantec Corporation) 1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation) 1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation) 2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13832 2010-04-16] () 3 UrlFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [21872 2011-09-20] (IObit.com) ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-01-19 14:20 - 2013-01-19 14:20 - 00000000 ____D C:\FRST 2013-01-19 11:29 - 2013-01-19 12:09 - 00114688 ____A (Nok) C:\Users\Seth\AppData\Roaming\phxzbypky.exe 2013-01-19 11:19 - 2013-01-19 12:11 - 00114688 ____A (Nok) C:\Users\All Users\phxzbypky.exe 2013-01-19 11:19 - 2013-01-19 12:09 - 00114688 ____A (Nok) C:\Users\Seth\AppData\Local\phxzbypky.exe 2013-01-19 08:23 - 2013-01-19 08:23 - 00000000 ____D C:\Users\Seth\AppData\Local\{7C1322AC-6329-41E9-90F6-5F0EFEDC8484} 2013-01-18 15:10 - 2013-01-18 15:10 - 00000000 ____D C:\Users\Seth\AppData\Local\{9D35A75A-1956-4A20-8593-873F9FBE7752} 2013-01-18 03:09 - 2013-01-18 03:09 - 00000000 ____D C:\Users\Seth\AppData\Local\{1A2639EF-0469-4A30-BACD-0EEB63B9E438} 2013-01-17 23:26 - 2013-01-18 21:45 - 323247714 ____A C:\Users\Seth\Documents\clip0245.avi 2013-01-17 22:01 - 2013-01-17 23:24 - 3016358100 ____A C:\Users\Seth\Documents\clip0244.avi 2013-01-17 15:17 - 2013-01-17 20:04 - 3341176018 ____A C:\Users\Seth\Documents\clip0243.avi 2013-01-17 15:09 - 2013-01-17 15:09 - 00000000 ____D C:\Users\Seth\AppData\Local\{F0232D0D-701F-4519-95B8-0580E2157717} 2013-01-17 03:05 - 2013-01-17 03:05 - 00000000 ____D C:\Users\Seth\AppData\Local\{04D85E6C-5E69-44EB-8230-0A61B0F0EE89} 2013-01-16 15:05 - 2013-01-16 15:05 - 00000000 ____D C:\Users\Seth\AppData\Local\{40BD1701-2D36-4BBB-9A99-42E832C3AD88} 2013-01-16 01:21 - 2013-01-16 01:21 - 00000000 ____D C:\Users\Seth\AppData\Local\{B504EEE2-6693-491F-AC18-8D9870D1E5B1} 2013-01-15 21:32 - 2013-01-15 23:05 - 101383118 ____A C:\Users\Seth\Documents\clip0242.avi 2013-01-15 13:20 - 2013-01-15 13:21 - 00000000 ____D C:\Users\Seth\AppData\Local\{73A2483E-106A-40ED-B042-DE138288C51C} 2013-01-14 15:27 - 2013-01-14 15:27 - 00000000 ____D C:\Users\Seth\AppData\Local\{8C4F64A5-A46E-47CE-9AFE-2950D6AFC650} 2013-01-14 03:26 - 2013-01-14 03:26 - 00000000 ____D C:\Users\Seth\AppData\Local\{92C1560E-359C-4BAA-8F26-31456B7EB4DB} 2013-01-13 18:40 - 2013-01-14 05:14 - 3934091438 ____A C:\Users\Seth\Documents\clip0241.avi 2013-01-13 18:05 - 2013-01-13 18:36 - 526400494 ____A C:\Users\Seth\Documents\clip0240.avi 2013-01-13 15:25 - 2013-01-13 15:25 - 00000000 ____D C:\Users\Seth\AppData\Local\{00FFCA2C-5A9C-4FAC-AE10-9731361D9C69} 2013-01-13 14:37 - 2013-01-13 14:38 - 00000000 ____D C:\Users\Seth\AppData\Local\{F254E3A4-133E-40E6-A35E-89FC968D713F} 2013-01-13 03:00 - 2013-01-13 06:59 - 1350985966 ____A C:\Users\Seth\Documents\clip0239.avi 2013-01-13 01:44 - 2013-01-13 01:44 - 00000000 ____D C:\Users\Seth\AppData\Local\{7ACD8BC9-8E7F-428F-B725-5E2D0D9DB6D5} 2013-01-12 19:20 - 2013-01-13 02:53 - 300635508 ____A C:\Users\Seth\Documents\clip0238.avi 2013-01-12 13:44 - 2013-01-12 13:44 - 00000000 ____D C:\Users\Seth\AppData\Local\{364956B0-7DDB-4AA3-BF56-EDCB669CA77C} 2013-01-12 01:27 - 2013-01-12 01:27 - 00000000 ____D C:\Users\Seth\AppData\Local\{AB756463-A2CE-4546-86CF-966E651D32D5} 2013-01-11 18:05 - 2013-01-11 22:35 - 1720657302 ____A C:\Users\Seth\Documents\clip0237.avi 2013-01-11 13:26 - 2013-01-11 13:26 - 00000000 ____D C:\Users\Seth\AppData\Local\{0BA4B800-18E2-4B3B-9168-50F80150B409} 2013-01-11 01:25 - 2013-01-11 01:26 - 00000000 ____D C:\Users\Seth\AppData\Local\{DD292471-D65D-48CB-8959-A8C9546FC7B7} 2013-01-10 16:05 - 2013-01-11 00:22 - 3813037850 ____A C:\Users\Seth\Documents\clip0236.avi 2013-01-10 13:25 - 2013-01-10 13:25 - 00000000 ____D C:\Users\Seth\AppData\Local\{8A18A555-EBE3-4EC4-9262-8A438BFC145B} 2013-01-10 01:24 - 2013-01-10 01:24 - 00000000 ____D C:\Users\Seth\AppData\Local\{B02D8267-DD6C-4653-9EAE-46E5F5A5405C} 2013-01-09 21:38 - 2013-01-09 21:38 - 00000000 ____D C:\Users\Seth\AppData\Local\Proxure 2013-01-09 21:38 - 2013-01-09 21:38 - 00000000 ____D C:\Users\All Users\ClubSanDisk 2013-01-09 15:41 - 2013-01-10 00:20 - 2396297530 ____A C:\Users\Seth\Documents\clip0235.avi 2013-01-09 13:29 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll 2013-01-09 13:29 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll 2013-01-09 13:29 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll 2013-01-09 13:29 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll 2013-01-09 13:29 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs 2013-01-09 13:29 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs 2013-01-09 13:29 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs 2013-01-09 13:29 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs 2013-01-09 13:29 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs 2013-01-09 13:29 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs 2013-01-09 13:29 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs 2013-01-09 13:29 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs 2013-01-09 13:29 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs 2013-01-09 13:29 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs 2013-01-09 13:29 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs 2013-01-09 13:29 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs 2013-01-09 13:29 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs 2013-01-09 13:29 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs 2013-01-09 13:29 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs 2013-01-09 13:29 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs 2013-01-09 13:29 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs 2013-01-09 13:29 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs 2013-01-09 13:29 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs 2013-01-09 13:29 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs 2013-01-09 13:29 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll 2013-01-09 13:29 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2013-01-09 13:29 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2013-01-09 13:29 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2013-01-09 13:29 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-01-09 13:29 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-01-09 13:29 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2013-01-09 13:29 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2013-01-09 13:29 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2013-01-09 13:29 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2013-01-09 13:28 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs 2013-01-09 13:28 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs 2013-01-09 13:28 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs 2013-01-09 13:28 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs 2013-01-09 13:28 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs 2013-01-09 13:28 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs 2013-01-09 13:28 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs 2013-01-09 13:28 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs 2013-01-09 13:28 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll 2013-01-09 13:28 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll 2013-01-09 13:28 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2013-01-09 13:28 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll 2013-01-09 13:28 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll 2013-01-09 13:28 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2013-01-09 13:28 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-01-09 13:28 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-01-09 13:28 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe 2013-01-09 13:28 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-01-09 13:28 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-01-09 13:28 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-01-09 13:28 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-01-09 13:28 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls 2013-01-09 13:28 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls 2013-01-09 13:28 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-01-09 13:28 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe 2013-01-09 13:23 - 2013-01-09 13:23 - 00000000 ____D C:\Users\Seth\AppData\Local\{3B747E28-BA07-4F05-B300-AD443CAC12AE} 2013-01-09 01:18 - 2013-01-09 01:19 - 00000000 ____D C:\Users\Seth\AppData\Local\{348929C1-258E-41BF-B3CC-D9DAE1764589} 2013-01-08 13:18 - 2013-01-08 13:18 - 00000000 ____D C:\Users\Seth\AppData\Local\{6B157F5B-AE77-4197-8461-9F5FB1E6825A} 2013-01-08 01:16 - 2013-01-08 01:16 - 00000000 ____D C:\Users\Seth\AppData\Local\{F097FD4A-87F1-4FA7-BB9D-DB037DE523E2} 2013-01-07 21:20 - 2013-01-07 23:56 - 129232340 ____A C:\Users\Seth\Documents\clip0234.avi 2013-01-07 13:15 - 2013-01-07 13:15 - 00000000 ____D C:\Users\Seth\AppData\Local\{5AD7F760-130C-4F01-8147-7927C2E72B8F} 2013-01-07 01:14 - 2013-01-07 01:15 - 00000000 ____D C:\Users\Seth\AppData\Local\{96086C7C-DFE2-4FB0-BE82-846ED8C01C0E} 2013-01-06 18:01 - 2013-01-06 23:42 - 1616220352 ____A C:\Users\Seth\Documents\clip0233.avi 2013-01-05 20:27 - 2013-01-06 00:01 - 516711460 ____A C:\Users\Seth\Documents\clip0232.avi 2013-01-05 20:26 - 2013-01-05 20:26 - 01081024 ____A C:\Users\Seth\Documents\clip0231.avi 2013-01-05 20:25 - 2013-01-05 20:26 - 146481760 ____A C:\Users\Seth\Documents\clip0230.avi 2013-01-05 18:17 - 2013-01-05 20:24 - 1576009778 ____A C:\Users\Seth\Documents\clip0229.avi 2013-01-03 18:43 - 2013-01-04 02:26 - 3025026844 ____A C:\Users\Seth\Documents\clip0227.avi 2013-01-03 18:03 - 2013-01-03 18:43 - 933991268 ____A C:\Users\Seth\Documents\clip0225.avi 2013-01-01 23:10 - 2013-01-01 23:20 - 01398010 ____A C:\Users\Seth\Documents\clip0223.avi 2013-01-01 01:51 - 2013-01-06 13:14 - 00000000 ____D C:\Users\Seth\AppData\Local\{A9F22823-E0FD-4EEE-8F33-9E65208212C2} 2012-12-31 20:13 - 2012-12-31 20:13 - 16244432 ____A C:\Users\Seth\Documents\clip0222.avi 2012-12-31 19:39 - 2012-12-31 20:04 - 682159956 ____A C:\Users\Seth\Documents\clip0220.avi 2012-12-31 18:39 - 2012-12-31 19:33 - 1509365760 ____A C:\Users\Seth\Documents\clip0228.avi 2012-12-31 18:39 - 2012-12-31 18:39 - 00780000 ____A C:\Users\Seth\Documents\clip0228.avi.bak 2012-12-31 13:50 - 2012-12-31 13:50 - 00000000 ____D C:\Users\Seth\AppData\Local\{00A7A675-3F79-4F9E-8EF0-E29B9640B1C3} 2012-12-31 01:49 - 2012-12-31 01:49 - 00000000 ____D C:\Users\Seth\AppData\Local\{66033721-BF64-4350-982A-31AE63232128} 2012-12-30 17:48 - 2012-12-30 17:48 - 24051536 ____A (Igor Pavlov) C:\Users\Seth\Downloads\tor-browser-2.3.25-1_en-US.exe 2012-12-30 13:49 - 2012-12-30 13:49 - 00000000 ____D C:\Users\Seth\AppData\Local\{5975B5B9-B095-4B1F-A2FD-C3C64FBB8489} 2012-12-30 01:13 - 2012-12-30 01:13 - 00000000 ____D C:\Users\Seth\AppData\Local\{E58B1B68-83E5-4866-A909-338B27009E6A} 2012-12-29 19:36 - 2012-12-29 21:59 - 416586690 ____A C:\Users\Seth\Documents\clip0226.avi 2012-12-29 13:12 - 2012-12-29 13:13 - 00000000 ____D C:\Users\Seth\AppData\Local\{5E0BD7B2-2460-4AE8-8DAB-B3CFA9DA7164} 2012-12-29 01:12 - 2012-12-29 01:12 - 00000000 ____D C:\Users\Seth\AppData\Local\{BABF4D70-0AE7-496F-B722-5867CB27F3F0} 2012-12-28 13:11 - 2012-12-28 13:11 - 00000000 ____D C:\Users\Seth\AppData\Local\{EB0E18AA-6ED5-4D77-8BB3-12F35920C5EE} 2012-12-28 01:10 - 2012-12-28 01:10 - 00000000 ____D C:\Users\Seth\AppData\Local\{61691EEC-D809-47A6-85F1-EDF1A1174CA9} 2012-12-28 00:14 - 2012-12-28 01:55 - 196939446 ____A C:\Users\Seth\Documents\clip0224.avi 2012-12-27 15:56 - 2012-12-27 17:17 - 796200178 ____A C:\Users\Seth\Documents\clip0221.avi 2012-12-27 13:09 - 2012-12-27 13:10 - 00000000 ____D C:\Users\Seth\AppData\Local\{9CF78ED8-EC5B-4A1F-B761-76CE7AF7C49D} 2012-12-27 00:04 - 2012-12-27 00:04 - 00000000 ____D C:\Users\Seth\AppData\Local\{C3B69C06-38DA-40B6-AF56-46FC9175891F} 2012-12-26 12:03 - 2012-12-26 12:03 - 00000000 ____D C:\Users\Seth\AppData\Local\{87E11902-7A2F-4267-A5B9-5437058F3F94} 2012-12-25 15:37 - 2012-12-25 15:38 - 00000000 ____D C:\Users\Seth\AppData\Local\{DFC57AF4-CFB4-4B43-8A94-EEAA0F3092D8} 2012-12-24 22:57 - 2012-12-24 22:57 - 00000000 ____D C:\Users\Seth\AppData\Local\{397FBBF5-B2CB-46D0-AC75-4C0426768A9D} 2012-12-23 21:16 - 2012-12-24 10:56 - 00000000 ____D C:\Users\Seth\AppData\Local\{7D2EEB3B-0F12-4759-84F6-1CE936206ED4} 2012-12-23 11:28 - 2012-12-23 11:28 - 00300432 ____A C:\Windows\Minidump\122312-65270-01.dmp 2012-12-23 09:16 - 2012-12-23 09:16 - 00000000 ____D C:\Users\Seth\AppData\Local\{1C6BAA68-259D-41A0-99E4-FD953DB508A9} 2012-12-22 14:07 - 2012-12-22 14:07 - 00000000 ____D C:\Users\Seth\AppData\Local\{A545814A-81FC-4339-A95C-D6E3417F43D1} 2012-12-22 02:06 - 2012-12-22 02:06 - 00000000 ____D C:\Users\Seth\AppData\Local\{E164E73E-B3D4-44A0-B4CC-6D38EAA0DB24} 2012-12-22 00:06 - 2012-12-22 01:40 - 1716601472 ____A C:\Users\Seth\Documents\clip0219.avi 2012-12-21 16:10 - 2012-12-21 18:23 - 2109928458 ____A C:\Users\Seth\Documents\clip0218.avi 2012-12-21 14:05 - 2012-12-21 14:05 - 00000000 ____D C:\Users\Seth\AppData\Local\{8F9C832D-013F-47A0-A25C-F7177F9C185B} 2012-12-21 02:04 - 2012-12-21 02:04 - 00000000 ____D C:\Users\Seth\AppData\Local\{D3F4CE74-3366-46E7-AE39-62100F0F9C98} 2012-12-21 02:01 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll 2012-12-21 02:01 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2012-12-21 02:01 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2012-12-21 02:01 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2012-12-20 16:22 - 2012-12-21 00:34 - 2730890940 ____A C:\Users\Seth\Documents\clip0217.avi 2012-12-20 14:03 - 2012-12-20 14:04 - 00000000 ____D C:\Users\Seth\AppData\Local\{6B0DB087-506F-4439-950B-7116F5C6FDB7} ==================== One Month Modified Files and Folders ======= 2013-01-19 14:20 - 2013-01-19 14:20 - 00000000 ____D C:\FRST 2013-01-19 12:11 - 2013-01-19 11:19 - 00114688 ____A (Nok) C:\Users\All Users\phxzbypky.exe 2013-01-19 12:09 - 2013-01-19 11:29 - 00114688 ____A (Nok) C:\Users\Seth\AppData\Roaming\phxzbypky.exe 2013-01-19 12:09 - 2013-01-19 11:19 - 00114688 ____A (Nok) C:\Users\Seth\AppData\Local\phxzbypky.exe 2013-01-19 12:09 - 2012-10-14 20:25 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-01-19 12:09 - 2011-06-03 22:34 - 00000000 ____D C:\Users\Seth\AppData\Roaming\uTorrent 2013-01-19 12:03 - 2010-12-02 17:18 - 00000050 ____A C:\Windows\System32\SupplicantTest.log 2013-01-19 12:03 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-01-19 12:02 - 2011-11-27 14:23 - 00020752 ____A C:\Windows\setupact.log 2013-01-19 11:26 - 2010-12-02 17:16 - 01924027 ____A C:\Windows\WindowsUpdate.log 2013-01-19 11:23 - 2011-05-29 23:49 - 00000000 ____D C:\Users\Seth\Tracing 2013-01-19 11:22 - 2012-11-10 12:19 - 00002259 ____A C:\Users\Seth\Desktop\Google Chrome.lnk 2013-01-19 11:22 - 2012-03-12 12:46 - 00000000 ____D C:\Users\Seth\AppData\Roaming\Waywv 2013-01-19 11:21 - 2011-12-15 01:43 - 00011906 ____A C:\Windows\PFRO.log 2013-01-19 10:54 - 2012-10-14 20:25 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-01-19 08:23 - 2013-01-19 08:23 - 00000000 ____D C:\Users\Seth\AppData\Local\{7C1322AC-6329-41E9-90F6-5F0EFEDC8484} 2013-01-19 08:23 - 2011-05-30 11:49 - 00000000 ____D C:\Users\Seth\AppData\Local\Windows Live 2013-01-19 08:23 - 2011-05-22 13:22 - 00000000 ____D C:\Users\Seth\AppData\Roaming\TS3Client 2013-01-18 21:45 - 2013-01-17 23:26 - 323247714 ____A C:\Users\Seth\Documents\clip0245.avi 2013-01-18 20:24 - 2012-11-29 15:26 - 00000032 ____A C:\Users\Seth\jagex_cl_runescape_LIVE.dat 2013-01-18 15:10 - 2013-01-18 15:10 - 00000000 ____D C:\Users\Seth\AppData\Local\{9D35A75A-1956-4A20-8593-873F9FBE7752} 2013-01-18 03:09 - 2013-01-18 03:09 - 00000000 ____D C:\Users\Seth\AppData\Local\{1A2639EF-0469-4A30-BACD-0EEB63B9E438} 2013-01-17 23:24 - 2013-01-17 22:01 - 3016358100 ____A C:\Users\Seth\Documents\clip0244.avi 2013-01-17 20:04 - 2013-01-17 15:17 - 3341176018 ____A C:\Users\Seth\Documents\clip0243.avi 2013-01-17 15:09 - 2013-01-17 15:09 - 00000000 ____D C:\Users\Seth\AppData\Local\{F0232D0D-701F-4519-95B8-0580E2157717} 2013-01-17 15:09 - 2011-05-22 13:20 - 00000000 ____D C:\Program Files (x86)\SwiftKit 2013-01-17 03:05 - 2013-01-17 03:05 - 00000000 ____D C:\Users\Seth\AppData\Local\{04D85E6C-5E69-44EB-8230-0A61B0F0EE89} 2013-01-16 17:16 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-01-16 17:16 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-01-16 15:05 - 2013-01-16 15:05 - 00000000 ____D C:\Users\Seth\AppData\Local\{40BD1701-2D36-4BBB-9A99-42E832C3AD88} 2013-01-16 01:21 - 2013-01-16 01:21 - 00000000 ____D C:\Users\Seth\AppData\Local\{B504EEE2-6693-491F-AC18-8D9870D1E5B1} 2013-01-15 23:05 - 2013-01-15 21:32 - 101383118 ____A C:\Users\Seth\Documents\clip0242.avi 2013-01-15 13:21 - 2013-01-15 13:20 - 00000000 ____D C:\Users\Seth\AppData\Local\{73A2483E-106A-40ED-B042-DE138288C51C} 2013-01-14 15:27 - 2013-01-14 15:27 - 00000000 ____D C:\Users\Seth\AppData\Local\{8C4F64A5-A46E-47CE-9AFE-2950D6AFC650} 2013-01-14 05:14 - 2013-01-13 18:40 - 3934091438 ____A C:\Users\Seth\Documents\clip0241.avi 2013-01-14 03:26 - 2013-01-14 03:26 - 00000000 ____D C:\Users\Seth\AppData\Local\{92C1560E-359C-4BAA-8F26-31456B7EB4DB} 2013-01-13 18:36 - 2013-01-13 18:05 - 526400494 ____A C:\Users\Seth\Documents\clip0240.avi 2013-01-13 15:25 - 2013-01-13 15:25 - 00000000 ____D C:\Users\Seth\AppData\Local\{00FFCA2C-5A9C-4FAC-AE10-9731361D9C69} 2013-01-13 14:38 - 2013-01-13 14:37 - 00000000 ____D C:\Users\Seth\AppData\Local\{F254E3A4-133E-40E6-A35E-89FC968D713F} 2013-01-13 06:59 - 2013-01-13 03:00 - 1350985966 ____A C:\Users\Seth\Documents\clip0239.avi 2013-01-13 02:53 - 2013-01-12 19:20 - 300635508 ____A C:\Users\Seth\Documents\clip0238.avi 2013-01-13 01:44 - 2013-01-13 01:44 - 00000000 ____D C:\Users\Seth\AppData\Local\{7ACD8BC9-8E7F-428F-B725-5E2D0D9DB6D5} 2013-01-12 13:44 - 2013-01-12 13:44 - 00000000 ____D C:\Users\Seth\AppData\Local\{364956B0-7DDB-4AA3-BF56-EDCB669CA77C} 2013-01-12 01:27 - 2013-01-12 01:27 - 00000000 ____D C:\Users\Seth\AppData\Local\{AB756463-A2CE-4546-86CF-966E651D32D5} 2013-01-11 22:35 - 2013-01-11 18:05 - 1720657302 ____A C:\Users\Seth\Documents\clip0237.avi 2013-01-11 13:26 - 2013-01-11 13:26 - 00000000 ____D C:\Users\Seth\AppData\Local\{0BA4B800-18E2-4B3B-9168-50F80150B409} 2013-01-11 05:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-01-11 01:26 - 2013-01-11 01:25 - 00000000 ____D C:\Users\Seth\AppData\Local\{DD292471-D65D-48CB-8959-A8C9546FC7B7} 2013-01-11 00:22 - 2013-01-10 16:05 - 3813037850 ____A C:\Users\Seth\Documents\clip0236.avi 2013-01-10 13:25 - 2013-01-10 13:25 - 00000000 ____D C:\Users\Seth\AppData\Local\{8A18A555-EBE3-4EC4-9262-8A438BFC145B} 2013-01-10 12:19 - 2011-06-03 09:12 - 00000000 ____D C:\Users\Seth\AppData\Local\CrashDumps 2013-01-10 02:46 - 2009-07-13 21:13 - 00753608 ____A C:\Windows\System32\PerfStringBackup.INI 2013-01-10 02:42 - 2009-07-13 20:45 - 00279680 ____A C:\Windows\System32\FNTCACHE.DAT 2013-01-10 02:11 - 2012-09-22 13:09 - 00000118 ____A C:\Windows\System32\MRT.INI 2013-01-10 02:05 - 2011-06-03 23:23 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-01-10 01:24 - 2013-01-10 01:24 - 00000000 ____D C:\Users\Seth\AppData\Local\{B02D8267-DD6C-4653-9EAE-46E5F5A5405C} 2013-01-10 00:20 - 2013-01-09 15:41 - 2396297530 ____A C:\Users\Seth\Documents\clip0235.avi 2013-01-09 21:38 - 2013-01-09 21:38 - 00000000 ____D C:\Users\Seth\AppData\Local\Proxure 2013-01-09 21:38 - 2013-01-09 21:38 - 00000000 ____D C:\Users\All Users\ClubSanDisk 2013-01-09 13:23 - 2013-01-09 13:23 - 00000000 ____D C:\Users\Seth\AppData\Local\{3B747E28-BA07-4F05-B300-AD443CAC12AE} 2013-01-09 01:19 - 2013-01-09 01:18 - 00000000 ____D C:\Users\Seth\AppData\Local\{348929C1-258E-41BF-B3CC-D9DAE1764589} 2013-01-08 13:18 - 2013-01-08 13:18 - 00000000 ____D C:\Users\Seth\AppData\Local\{6B157F5B-AE77-4197-8461-9F5FB1E6825A} 2013-01-08 01:16 - 2013-01-08 01:16 - 00000000 ____D C:\Users\Seth\AppData\Local\{F097FD4A-87F1-4FA7-BB9D-DB037DE523E2} 2013-01-07 23:56 - 2013-01-07 21:20 - 129232340 ____A C:\Users\Seth\Documents\clip0234.avi 2013-01-07 13:15 - 2013-01-07 13:15 - 00000000 ____D C:\Users\Seth\AppData\Local\{5AD7F760-130C-4F01-8147-7927C2E72B8F} 2013-01-07 01:15 - 2013-01-07 01:14 - 00000000 ____D C:\Users\Seth\AppData\Local\{96086C7C-DFE2-4FB0-BE82-846ED8C01C0E} 2013-01-06 23:42 - 2013-01-06 18:01 - 1616220352 ____A C:\Users\Seth\Documents\clip0233.avi 2013-01-06 13:44 - 2012-12-02 17:20 - 00019897 ____A C:\Users\Seth\12.2.txt 2013-01-06 13:14 - 2013-01-01 01:51 - 00000000 ____D C:\Users\Seth\AppData\Local\{A9F22823-E0FD-4EEE-8F33-9E65208212C2} 2013-01-06 00:01 - 2013-01-05 20:27 - 516711460 ____A C:\Users\Seth\Documents\clip0232.avi 2013-01-05 20:26 - 2013-01-05 20:26 - 01081024 ____A C:\Users\Seth\Documents\clip0231.avi 2013-01-05 20:26 - 2013-01-05 20:25 - 146481760 ____A C:\Users\Seth\Documents\clip0230.avi 2013-01-05 20:24 - 2013-01-05 18:17 - 1576009778 ____A C:\Users\Seth\Documents\clip0229.avi 2013-01-04 17:32 - 2011-05-22 16:43 - 00000000 ____D C:\.jagex_cache_32 2013-01-04 02:26 - 2013-01-03 18:43 - 3025026844 ____A C:\Users\Seth\Documents\clip0227.avi 2013-01-03 18:43 - 2013-01-03 18:03 - 933991268 ____A C:\Users\Seth\Documents\clip0225.avi 2013-01-01 23:20 - 2013-01-01 23:10 - 01398010 ____A C:\Users\Seth\Documents\clip0223.avi 2012-12-31 20:13 - 2012-12-31 20:13 - 16244432 ____A C:\Users\Seth\Documents\clip0222.avi 2012-12-31 20:04 - 2012-12-31 19:39 - 682159956 ____A C:\Users\Seth\Documents\clip0220.avi 2012-12-31 19:33 - 2012-12-31 18:39 - 1509365760 ____A C:\Users\Seth\Documents\clip0228.avi 2012-12-31 18:39 - 2012-12-31 18:39 - 00780000 ____A C:\Users\Seth\Documents\clip0228.avi.bak 2012-12-31 13:50 - 2012-12-31 13:50 - 00000000 ____D C:\Users\Seth\AppData\Local\{00A7A675-3F79-4F9E-8EF0-E29B9640B1C3} 2012-12-31 01:49 - 2012-12-31 01:49 - 00000000 ____D C:\Users\Seth\AppData\Local\{66033721-BF64-4350-982A-31AE63232128} 2012-12-30 17:48 - 2012-12-30 17:48 - 24051536 ____A (Igor Pavlov) C:\Users\Seth\Downloads\tor-browser-2.3.25-1_en-US.exe 2012-12-30 13:49 - 2012-12-30 13:49 - 00000000 ____D C:\Users\Seth\AppData\Local\{5975B5B9-B095-4B1F-A2FD-C3C64FBB8489} 2012-12-30 01:13 - 2012-12-30 01:13 - 00000000 ____D C:\Users\Seth\AppData\Local\{E58B1B68-83E5-4866-A909-338B27009E6A} 2012-12-29 21:59 - 2012-12-29 19:36 - 416586690 ____A C:\Users\Seth\Documents\clip0226.avi 2012-12-29 13:13 - 2012-12-29 13:12 - 00000000 ____D C:\Users\Seth\AppData\Local\{5E0BD7B2-2460-4AE8-8DAB-B3CFA9DA7164} 2012-12-29 01:12 - 2012-12-29 01:12 - 00000000 ____D C:\Users\Seth\AppData\Local\{BABF4D70-0AE7-496F-B722-5867CB27F3F0} 2012-12-28 13:11 - 2012-12-28 13:11 - 00000000 ____D C:\Users\Seth\AppData\Local\{EB0E18AA-6ED5-4D77-8BB3-12F35920C5EE} 2012-12-28 01:55 - 2012-12-28 00:14 - 196939446 ____A C:\Users\Seth\Documents\clip0224.avi 2012-12-28 01:10 - 2012-12-28 01:10 - 00000000 ____D C:\Users\Seth\AppData\Local\{61691EEC-D809-47A6-85F1-EDF1A1174CA9} 2012-12-27 17:17 - 2012-12-27 15:56 - 796200178 ____A C:\Users\Seth\Documents\clip0221.avi 2012-12-27 13:10 - 2012-12-27 13:09 - 00000000 ____D C:\Users\Seth\AppData\Local\{9CF78ED8-EC5B-4A1F-B761-76CE7AF7C49D} 2012-12-27 00:04 - 2012-12-27 00:04 - 00000000 ____D C:\Users\Seth\AppData\Local\{C3B69C06-38DA-40B6-AF56-46FC9175891F} 2012-12-26 12:03 - 2012-12-26 12:03 - 00000000 ____D C:\Users\Seth\AppData\Local\{87E11902-7A2F-4267-A5B9-5437058F3F94} 2012-12-25 15:38 - 2012-12-25 15:37 - 00000000 ____D C:\Users\Seth\AppData\Local\{DFC57AF4-CFB4-4B43-8A94-EEAA0F3092D8} 2012-12-24 22:57 - 2012-12-24 22:57 - 00000000 ____D C:\Users\Seth\AppData\Local\{397FBBF5-B2CB-46D0-AC75-4C0426768A9D} 2012-12-24 10:56 - 2012-12-23 21:16 - 00000000 ____D C:\Users\Seth\AppData\Local\{7D2EEB3B-0F12-4759-84F6-1CE936206ED4} 2012-12-23 11:28 - 2012-12-23 11:28 - 00300432 ____A C:\Windows\Minidump\122312-65270-01.dmp 2012-12-23 11:28 - 2011-08-10 14:45 - 00000000 ____D C:\Windows\Minidump 2012-12-23 09:16 - 2012-12-23 09:16 - 00000000 ____D C:\Users\Seth\AppData\Local\{1C6BAA68-259D-41A0-99E4-FD953DB508A9} 2012-12-22 14:07 - 2012-12-22 14:07 - 00000000 ____D C:\Users\Seth\AppData\Local\{A545814A-81FC-4339-A95C-D6E3417F43D1} 2012-12-22 02:06 - 2012-12-22 02:06 - 00000000 ____D C:\Users\Seth\AppData\Local\{E164E73E-B3D4-44A0-B4CC-6D38EAA0DB24} 2012-12-22 01:40 - 2012-12-22 00:06 - 1716601472 ____A C:\Users\Seth\Documents\clip0219.avi 2012-12-22 00:50 - 2012-12-19 22:44 - 00008250 ____A C:\Users\Seth\12.19.txt 2012-12-21 18:23 - 2012-12-21 16:10 - 2109928458 ____A C:\Users\Seth\Documents\clip0218.avi 2012-12-21 14:05 - 2012-12-21 14:05 - 00000000 ____D C:\Users\Seth\AppData\Local\{8F9C832D-013F-47A0-A25C-F7177F9C185B} 2012-12-21 02:04 - 2012-12-21 02:04 - 00000000 ____D C:\Users\Seth\AppData\Local\{D3F4CE74-3366-46E7-AE39-62100F0F9C98} 2012-12-21 00:34 - 2012-12-20 16:22 - 2730890940 ____A C:\Users\Seth\Documents\clip0217.avi 2012-12-20 14:04 - 2012-12-20 14:03 - 00000000 ____D C:\Users\Seth\AppData\Local\{6B0DB087-506F-4439-950B-7116F5C6FDB7} ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 18% Total physical RAM: 3882.09 MB Available physical RAM: 3161.2 MB Total Pagefile: 3880.23 MB Available Pagefile: 3157.23 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:232 GB) (Free:9.87 GB) NTFS 2 Drive d: () (Fixed) (Total:346.39 GB) (Free:345.14 GB) NTFS 3 Drive f: (SAMSUNG_REC) (Fixed) (Total:17.68 GB) (Free:0.94 GB) NTFS ==>[system with boot components (obtained from reading drive)] 5 Drive h: () (Removable) (Total:29.8 GB) (Free:21.15 GB) FAT32 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 7 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 596 GB 1024 KB Disk 1 Online 29 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 232 GB 101 MB Partition 0 Extended 346 GB 232 GB Partition 4 Logical 346 GB 232 GB Partition 3 Recovery 17 GB 578 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 232 GB Healthy ========================================================= Disk: 0 Partition 4 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 D NTFS Partition 346 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 27 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 F SAMSUNG_REC NTFS Partition 17 GB Healthy Hidden ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 29 GB 16 KB ================================================================================== Disk: 1 Partition 1 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 H FAT32 Removable 29 GB Healthy ========================================================= Last Boot: 2013-01-14 09:46 ==================== End Of Log ============================= Farbar Recovery Scan Tool (x64) Version: 15-01-2013 Ran by SYSTEM at 2013-01-19 14:37:16 Running from H:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ======
  9. sorry just realized i did the search wrong ill fix it.
  10. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2013 Ran by SYSTEM at 19-01-2013 14:20:59 Running from H:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11369576 2010-08-10] (Realtek Semiconductor) HKLM\...\Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1931024 2010-10-18] (Intel® Corporation) HKLM\...\Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash [1449984 2010-08-31] (Intel® Corporation) HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2581384 2010-08-30] (ELAN Microelectronics Corp.) HKLM\...\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2399632 2011-04-13] (Microsoft Corporation) HKLM\...\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-04-16] () HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2818856 2011-08-25] (Synaptics Incorporated) HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.) HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-05-31] (Symantec Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-06-03] (CyberLink) HKLM-x32\...\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [updatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0" [222504 2008-01-03] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2009-04-15] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [50472 2009-04-15] (CyberLink Corp.) HKLM-x32\...\Run: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" [218408 2008-12-03] (CyberLink Corp.) HKLM-x32\...\Run: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2009-07-20] (CyberLink Corp.) HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-09] (Microsoft Corporation) HKLM-x32\...\Run: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart [4453208 2012-01-12] (IObit) HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [449584 2011-07-06] (Malwarebytes Corporation) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-07-19] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard) HKLM-x32\...\Run: [] [x] HKU\Seth\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-11-10] (Microsoft Corporation) HKU\Seth\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" [399736 2011-06-03] (BitTorrent, Inc.) HKU\Seth\...\Run: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [412560 2011-05-28] (IObit) HKU\Seth\...\Run: [GoTrusted] C:\Program Files (x86)\GoTrusted.com\GoTrusted Secure Tunnel v2.3.0.5\GoTrusted Secure Tunnel.exe [188488 2011-04-12] (GoTrusted.com) HKU\Seth\...\Run: [MurGee.com Auto Clicker] C:\Program Files (x86)\Auto Clicker\AutoClicker.exe :silent [40960 2011-05-04] (MurGee.com) HKU\Seth\...\Run: [Xicaysr] C:\Users\Seth\AppData\Roaming\Feipki\iryn.exe [204800 2012-01-20] () HKU\Seth\...\Run: [AutoTyperMurGee] C:\Program Files (x86)\Auto Typer by MurGee\AutoTyper.exe :settings [55656 2012-02-28] (MurGee.com) HKU\Seth\...\Run: [ieodjrzotp] C:\Users\Seth\AppData\Roaming\phxzbypky [x] HKU\Seth\...\Policies\system: [DisableTaskMgr] 1 HKLM\...\Winlogon: [shell] explorer.exe, C:\ProgramData\phxzbypky [x ] () Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 AppInit_DLLs: C:\windows\system32\nvinitx.dll Startup: C:\Users\All Users\Start Menu\Programs\Startup\SRS Premium Sound.lnk ShortcutTarget: SRS Premium Sound.lnk -> C:\windows\Installer\{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.) Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy pc app.lnk ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy pc app.lnk ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) ==================== Services (Whitelisted) =================== 2 AdvancedSystemCareService; C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [353168 2011-05-28] (IObit) 2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [821592 2012-01-09] (IObit) 2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [366640 2011-07-06] (Malwarebytes Corporation) 2 MSSQL$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR [7520337 2002-12-17] (Microsoft Corporation) 3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) 4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-10-18] () 2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation) 2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-05-31] (Symantec Corporation) 4 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-07] () 3 SQLAgent$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR [311872 2002-12-17] (Microsoft Corporation) ==================== Drivers (Whitelisted) ===================== 1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110701.001\BHDrvx64.sys [1143416 2011-05-19] (Symantec Corporation) 1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [481912 2011-05-22] (Symantec Corporation) 3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [136824 2011-05-29] (Symantec Corporation) 3 FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [21384 2012-01-05] (IObit) 1 HWiNFO32; \??\C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [30592 2012-10-27] (REALiX) 1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110720.031\IDSvia64.sys [488056 2011-07-08] (Symantec Corporation) 3 KeyScrambler; C:\Windows\System32\Drivers\KeyScrambler.sys [273088 2011-04-24] (QFX Software Corporation) 3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [25912 2011-07-06] (Malwarebytes Corporation) 3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110720.022\ENG64.SYS [117880 2011-05-29] (Symantec Corporation) 3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110720.022\EX64.SYS [2011768 2011-05-29] (Symantec Corporation) 3 RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [33184 2011-09-20] (IObit.com) 3 rtport; C:\Windows\SysWow64\Drivers\rtport.sys [15144 2011-04-18] (Windows ® 2003 DDK 3790 provider) 0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18232 2011-02-23] () 3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation) 1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation) 0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation) 0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation) 3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-22] (Symantec Corporation) 1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation) 1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation) 2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13832 2010-04-16] () 3 UrlFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [21872 2011-09-20] (IObit.com) ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-01-19 14:20 - 2013-01-19 14:20 - 00000000 ____D C:\FRST 2013-01-19 11:29 - 2013-01-19 12:09 - 00114688 ____A (Nok) C:\Users\Seth\AppData\Roaming\phxzbypky.exe 2013-01-19 11:19 - 2013-01-19 12:11 - 00114688 ____A (Nok) C:\Users\All Users\phxzbypky.exe 2013-01-19 11:19 - 2013-01-19 12:09 - 00114688 ____A (Nok) C:\Users\Seth\AppData\Local\phxzbypky.exe 2013-01-19 08:23 - 2013-01-19 08:23 - 00000000 ____D C:\Users\Seth\AppData\Local\{7C1322AC-6329-41E9-90F6-5F0EFEDC8484} 2013-01-18 15:10 - 2013-01-18 15:10 - 00000000 ____D C:\Users\Seth\AppData\Local\{9D35A75A-1956-4A20-8593-873F9FBE7752} 2013-01-18 03:09 - 2013-01-18 03:09 - 00000000 ____D C:\Users\Seth\AppData\Local\{1A2639EF-0469-4A30-BACD-0EEB63B9E438} 2013-01-17 23:26 - 2013-01-18 21:45 - 323247714 ____A C:\Users\Seth\Documents\clip0245.avi 2013-01-17 22:01 - 2013-01-17 23:24 - 3016358100 ____A C:\Users\Seth\Documents\clip0244.avi 2013-01-17 15:17 - 2013-01-17 20:04 - 3341176018 ____A C:\Users\Seth\Documents\clip0243.avi 2013-01-17 15:09 - 2013-01-17 15:09 - 00000000 ____D C:\Users\Seth\AppData\Local\{F0232D0D-701F-4519-95B8-0580E2157717} 2013-01-17 03:05 - 2013-01-17 03:05 - 00000000 ____D C:\Users\Seth\AppData\Local\{04D85E6C-5E69-44EB-8230-0A61B0F0EE89} 2013-01-16 15:05 - 2013-01-16 15:05 - 00000000 ____D C:\Users\Seth\AppData\Local\{40BD1701-2D36-4BBB-9A99-42E832C3AD88} 2013-01-16 01:21 - 2013-01-16 01:21 - 00000000 ____D C:\Users\Seth\AppData\Local\{B504EEE2-6693-491F-AC18-8D9870D1E5B1} 2013-01-15 21:32 - 2013-01-15 23:05 - 101383118 ____A C:\Users\Seth\Documents\clip0242.avi 2013-01-15 13:20 - 2013-01-15 13:21 - 00000000 ____D C:\Users\Seth\AppData\Local\{73A2483E-106A-40ED-B042-DE138288C51C} 2013-01-14 15:27 - 2013-01-14 15:27 - 00000000 ____D C:\Users\Seth\AppData\Local\{8C4F64A5-A46E-47CE-9AFE-2950D6AFC650} 2013-01-14 03:26 - 2013-01-14 03:26 - 00000000 ____D C:\Users\Seth\AppData\Local\{92C1560E-359C-4BAA-8F26-31456B7EB4DB} 2013-01-13 18:40 - 2013-01-14 05:14 - 3934091438 ____A C:\Users\Seth\Documents\clip0241.avi 2013-01-13 18:05 - 2013-01-13 18:36 - 526400494 ____A C:\Users\Seth\Documents\clip0240.avi 2013-01-13 15:25 - 2013-01-13 15:25 - 00000000 ____D C:\Users\Seth\AppData\Local\{00FFCA2C-5A9C-4FAC-AE10-9731361D9C69} 2013-01-13 14:37 - 2013-01-13 14:38 - 00000000 ____D C:\Users\Seth\AppData\Local\{F254E3A4-133E-40E6-A35E-89FC968D713F} 2013-01-13 03:00 - 2013-01-13 06:59 - 1350985966 ____A C:\Users\Seth\Documents\clip0239.avi 2013-01-13 01:44 - 2013-01-13 01:44 - 00000000 ____D C:\Users\Seth\AppData\Local\{7ACD8BC9-8E7F-428F-B725-5E2D0D9DB6D5} 2013-01-12 19:20 - 2013-01-13 02:53 - 300635508 ____A C:\Users\Seth\Documents\clip0238.avi 2013-01-12 13:44 - 2013-01-12 13:44 - 00000000 ____D C:\Users\Seth\AppData\Local\{364956B0-7DDB-4AA3-BF56-EDCB669CA77C} 2013-01-12 01:27 - 2013-01-12 01:27 - 00000000 ____D C:\Users\Seth\AppData\Local\{AB756463-A2CE-4546-86CF-966E651D32D5} 2013-01-11 18:05 - 2013-01-11 22:35 - 1720657302 ____A C:\Users\Seth\Documents\clip0237.avi 2013-01-11 13:26 - 2013-01-11 13:26 - 00000000 ____D C:\Users\Seth\AppData\Local\{0BA4B800-18E2-4B3B-9168-50F80150B409} 2013-01-11 01:25 - 2013-01-11 01:26 - 00000000 ____D C:\Users\Seth\AppData\Local\{DD292471-D65D-48CB-8959-A8C9546FC7B7} 2013-01-10 16:05 - 2013-01-11 00:22 - 3813037850 ____A C:\Users\Seth\Documents\clip0236.avi 2013-01-10 13:25 - 2013-01-10 13:25 - 00000000 ____D C:\Users\Seth\AppData\Local\{8A18A555-EBE3-4EC4-9262-8A438BFC145B} 2013-01-10 01:24 - 2013-01-10 01:24 - 00000000 ____D C:\Users\Seth\AppData\Local\{B02D8267-DD6C-4653-9EAE-46E5F5A5405C} 2013-01-09 21:38 - 2013-01-09 21:38 - 00000000 ____D C:\Users\Seth\AppData\Local\Proxure 2013-01-09 21:38 - 2013-01-09 21:38 - 00000000 ____D C:\Users\All Users\ClubSanDisk 2013-01-09 15:41 - 2013-01-10 00:20 - 2396297530 ____A C:\Users\Seth\Documents\clip0235.avi 2013-01-09 13:29 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll 2013-01-09 13:29 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll 2013-01-09 13:29 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll 2013-01-09 13:29 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll 2013-01-09 13:29 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs 2013-01-09 13:29 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs 2013-01-09 13:29 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs 2013-01-09 13:29 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs 2013-01-09 13:29 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs 2013-01-09 13:29 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs 2013-01-09 13:29 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs 2013-01-09 13:29 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs 2013-01-09 13:29 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs 2013-01-09 13:29 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs 2013-01-09 13:29 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs 2013-01-09 13:29 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs 2013-01-09 13:29 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs 2013-01-09 13:29 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs 2013-01-09 13:29 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs 2013-01-09 13:29 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs 2013-01-09 13:29 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs 2013-01-09 13:29 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs 2013-01-09 13:29 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs 2013-01-09 13:29 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs 2013-01-09 13:29 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll 2013-01-09 13:29 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2013-01-09 13:29 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2013-01-09 13:29 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2013-01-09 13:29 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-01-09 13:29 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-01-09 13:29 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2013-01-09 13:29 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2013-01-09 13:29 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2013-01-09 13:29 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2013-01-09 13:28 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs 2013-01-09 13:28 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs 2013-01-09 13:28 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs 2013-01-09 13:28 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs 2013-01-09 13:28 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs 2013-01-09 13:28 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs 2013-01-09 13:28 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs 2013-01-09 13:28 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs 2013-01-09 13:28 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll 2013-01-09 13:28 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll 2013-01-09 13:28 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2013-01-09 13:28 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll 2013-01-09 13:28 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll 2013-01-09 13:28 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2013-01-09 13:28 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-01-09 13:28 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-01-09 13:28 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe 2013-01-09 13:28 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-01-09 13:28 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-01-09 13:28 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-01-09 13:28 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-01-09 13:28 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-01-09 13:28 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls 2013-01-09 13:28 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls 2013-01-09 13:28 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-01-09 13:28 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe 2013-01-09 13:23 - 2013-01-09 13:23 - 00000000 ____D C:\Users\Seth\AppData\Local\{3B747E28-BA07-4F05-B300-AD443CAC12AE} 2013-01-09 01:18 - 2013-01-09 01:19 - 00000000 ____D C:\Users\Seth\AppData\Local\{348929C1-258E-41BF-B3CC-D9DAE1764589} 2013-01-08 13:18 - 2013-01-08 13:18 - 00000000 ____D C:\Users\Seth\AppData\Local\{6B157F5B-AE77-4197-8461-9F5FB1E6825A} 2013-01-08 01:16 - 2013-01-08 01:16 - 00000000 ____D C:\Users\Seth\AppData\Local\{F097FD4A-87F1-4FA7-BB9D-DB037DE523E2} 2013-01-07 21:20 - 2013-01-07 23:56 - 129232340 ____A C:\Users\Seth\Documents\clip0234.avi 2013-01-07 13:15 - 2013-01-07 13:15 - 00000000 ____D C:\Users\Seth\AppData\Local\{5AD7F760-130C-4F01-8147-7927C2E72B8F} 2013-01-07 01:14 - 2013-01-07 01:15 - 00000000 ____D C:\Users\Seth\AppData\Local\{96086C7C-DFE2-4FB0-BE82-846ED8C01C0E} 2013-01-06 18:01 - 2013-01-06 23:42 - 1616220352 ____A C:\Users\Seth\Documents\clip0233.avi 2013-01-05 20:27 - 2013-01-06 00:01 - 516711460 ____A C:\Users\Seth\Documents\clip0232.avi 2013-01-05 20:26 - 2013-01-05 20:26 - 01081024 ____A C:\Users\Seth\Documents\clip0231.avi 2013-01-05 20:25 - 2013-01-05 20:26 - 146481760 ____A C:\Users\Seth\Documents\clip0230.avi 2013-01-05 18:17 - 2013-01-05 20:24 - 1576009778 ____A C:\Users\Seth\Documents\clip0229.avi 2013-01-03 18:43 - 2013-01-04 02:26 - 3025026844 ____A C:\Users\Seth\Documents\clip0227.avi 2013-01-03 18:03 - 2013-01-03 18:43 - 933991268 ____A C:\Users\Seth\Documents\clip0225.avi 2013-01-01 23:10 - 2013-01-01 23:20 - 01398010 ____A C:\Users\Seth\Documents\clip0223.avi 2013-01-01 01:51 - 2013-01-06 13:14 - 00000000 ____D C:\Users\Seth\AppData\Local\{A9F22823-E0FD-4EEE-8F33-9E65208212C2} 2012-12-31 20:13 - 2012-12-31 20:13 - 16244432 ____A C:\Users\Seth\Documents\clip0222.avi 2012-12-31 19:39 - 2012-12-31 20:04 - 682159956 ____A C:\Users\Seth\Documents\clip0220.avi 2012-12-31 18:39 - 2012-12-31 19:33 - 1509365760 ____A C:\Users\Seth\Documents\clip0228.avi 2012-12-31 18:39 - 2012-12-31 18:39 - 00780000 ____A C:\Users\Seth\Documents\clip0228.avi.bak 2012-12-31 13:50 - 2012-12-31 13:50 - 00000000 ____D C:\Users\Seth\AppData\Local\{00A7A675-3F79-4F9E-8EF0-E29B9640B1C3} 2012-12-31 01:49 - 2012-12-31 01:49 - 00000000 ____D C:\Users\Seth\AppData\Local\{66033721-BF64-4350-982A-31AE63232128} 2012-12-30 17:48 - 2012-12-30 17:48 - 24051536 ____A (Igor Pavlov) C:\Users\Seth\Downloads\tor-browser-2.3.25-1_en-US.exe 2012-12-30 13:49 - 2012-12-30 13:49 - 00000000 ____D C:\Users\Seth\AppData\Local\{5975B5B9-B095-4B1F-A2FD-C3C64FBB8489} 2012-12-30 01:13 - 2012-12-30 01:13 - 00000000 ____D C:\Users\Seth\AppData\Local\{E58B1B68-83E5-4866-A909-338B27009E6A} 2012-12-29 19:36 - 2012-12-29 21:59 - 416586690 ____A C:\Users\Seth\Documents\clip0226.avi 2012-12-29 13:12 - 2012-12-29 13:13 - 00000000 ____D C:\Users\Seth\AppData\Local\{5E0BD7B2-2460-4AE8-8DAB-B3CFA9DA7164} 2012-12-29 01:12 - 2012-12-29 01:12 - 00000000 ____D C:\Users\Seth\AppData\Local\{BABF4D70-0AE7-496F-B722-5867CB27F3F0} 2012-12-28 13:11 - 2012-12-28 13:11 - 00000000 ____D C:\Users\Seth\AppData\Local\{EB0E18AA-6ED5-4D77-8BB3-12F35920C5EE} 2012-12-28 01:10 - 2012-12-28 01:10 - 00000000 ____D C:\Users\Seth\AppData\Local\{61691EEC-D809-47A6-85F1-EDF1A1174CA9} 2012-12-28 00:14 - 2012-12-28 01:55 - 196939446 ____A C:\Users\Seth\Documents\clip0224.avi 2012-12-27 15:56 - 2012-12-27 17:17 - 796200178 ____A C:\Users\Seth\Documents\clip0221.avi 2012-12-27 13:09 - 2012-12-27 13:10 - 00000000 ____D C:\Users\Seth\AppData\Local\{9CF78ED8-EC5B-4A1F-B761-76CE7AF7C49D} 2012-12-27 00:04 - 2012-12-27 00:04 - 00000000 ____D C:\Users\Seth\AppData\Local\{C3B69C06-38DA-40B6-AF56-46FC9175891F} 2012-12-26 12:03 - 2012-12-26 12:03 - 00000000 ____D C:\Users\Seth\AppData\Local\{87E11902-7A2F-4267-A5B9-5437058F3F94} 2012-12-25 15:37 - 2012-12-25 15:38 - 00000000 ____D C:\Users\Seth\AppData\Local\{DFC57AF4-CFB4-4B43-8A94-EEAA0F3092D8} 2012-12-24 22:57 - 2012-12-24 22:57 - 00000000 ____D C:\Users\Seth\AppData\Local\{397FBBF5-B2CB-46D0-AC75-4C0426768A9D} 2012-12-23 21:16 - 2012-12-24 10:56 - 00000000 ____D C:\Users\Seth\AppData\Local\{7D2EEB3B-0F12-4759-84F6-1CE936206ED4} 2012-12-23 11:28 - 2012-12-23 11:28 - 00300432 ____A C:\Windows\Minidump\122312-65270-01.dmp 2012-12-23 09:16 - 2012-12-23 09:16 - 00000000 ____D C:\Users\Seth\AppData\Local\{1C6BAA68-259D-41A0-99E4-FD953DB508A9} 2012-12-22 14:07 - 2012-12-22 14:07 - 00000000 ____D C:\Users\Seth\AppData\Local\{A545814A-81FC-4339-A95C-D6E3417F43D1} 2012-12-22 02:06 - 2012-12-22 02:06 - 00000000 ____D C:\Users\Seth\AppData\Local\{E164E73E-B3D4-44A0-B4CC-6D38EAA0DB24} 2012-12-22 00:06 - 2012-12-22 01:40 - 1716601472 ____A C:\Users\Seth\Documents\clip0219.avi 2012-12-21 16:10 - 2012-12-21 18:23 - 2109928458 ____A C:\Users\Seth\Documents\clip0218.avi 2012-12-21 14:05 - 2012-12-21 14:05 - 00000000 ____D C:\Users\Seth\AppData\Local\{8F9C832D-013F-47A0-A25C-F7177F9C185B} 2012-12-21 02:04 - 2012-12-21 02:04 - 00000000 ____D C:\Users\Seth\AppData\Local\{D3F4CE74-3366-46E7-AE39-62100F0F9C98} 2012-12-21 02:01 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll 2012-12-21 02:01 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2012-12-21 02:01 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2012-12-21 02:01 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2012-12-20 16:22 - 2012-12-21 00:34 - 2730890940 ____A C:\Users\Seth\Documents\clip0217.avi 2012-12-20 14:03 - 2012-12-20 14:04 - 00000000 ____D C:\Users\Seth\AppData\Local\{6B0DB087-506F-4439-950B-7116F5C6FDB7} ==================== One Month Modified Files and Folders ======= 2013-01-19 14:20 - 2013-01-19 14:20 - 00000000 ____D C:\FRST 2013-01-19 12:11 - 2013-01-19 11:19 - 00114688 ____A (Nok) C:\Users\All Users\phxzbypky.exe 2013-01-19 12:09 - 2013-01-19 11:29 - 00114688 ____A (Nok) C:\Users\Seth\AppData\Roaming\phxzbypky.exe 2013-01-19 12:09 - 2013-01-19 11:19 - 00114688 ____A (Nok) C:\Users\Seth\AppData\Local\phxzbypky.exe 2013-01-19 12:09 - 2012-10-14 20:25 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-01-19 12:09 - 2011-06-03 22:34 - 00000000 ____D C:\Users\Seth\AppData\Roaming\uTorrent 2013-01-19 12:03 - 2010-12-02 17:18 - 00000050 ____A C:\Windows\System32\SupplicantTest.log 2013-01-19 12:03 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-01-19 12:02 - 2011-11-27 14:23 - 00020752 ____A C:\Windows\setupact.log 2013-01-19 11:26 - 2010-12-02 17:16 - 01924027 ____A C:\Windows\WindowsUpdate.log 2013-01-19 11:23 - 2011-05-29 23:49 - 00000000 ____D C:\Users\Seth\Tracing 2013-01-19 11:22 - 2012-11-10 12:19 - 00002259 ____A C:\Users\Seth\Desktop\Google Chrome.lnk 2013-01-19 11:22 - 2012-03-12 12:46 - 00000000 ____D C:\Users\Seth\AppData\Roaming\Waywv 2013-01-19 11:21 - 2011-12-15 01:43 - 00011906 ____A C:\Windows\PFRO.log 2013-01-19 10:54 - 2012-10-14 20:25 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-01-19 08:23 - 2013-01-19 08:23 - 00000000 ____D C:\Users\Seth\AppData\Local\{7C1322AC-6329-41E9-90F6-5F0EFEDC8484} 2013-01-19 08:23 - 2011-05-30 11:49 - 00000000 ____D C:\Users\Seth\AppData\Local\Windows Live 2013-01-19 08:23 - 2011-05-22 13:22 - 00000000 ____D C:\Users\Seth\AppData\Roaming\TS3Client 2013-01-18 21:45 - 2013-01-17 23:26 - 323247714 ____A C:\Users\Seth\Documents\clip0245.avi 2013-01-18 20:24 - 2012-11-29 15:26 - 00000032 ____A C:\Users\Seth\jagex_cl_runescape_LIVE.dat 2013-01-18 15:10 - 2013-01-18 15:10 - 00000000 ____D C:\Users\Seth\AppData\Local\{9D35A75A-1956-4A20-8593-873F9FBE7752} 2013-01-18 03:09 - 2013-01-18 03:09 - 00000000 ____D C:\Users\Seth\AppData\Local\{1A2639EF-0469-4A30-BACD-0EEB63B9E438} 2013-01-17 23:24 - 2013-01-17 22:01 - 3016358100 ____A C:\Users\Seth\Documents\clip0244.avi 2013-01-17 20:04 - 2013-01-17 15:17 - 3341176018 ____A C:\Users\Seth\Documents\clip0243.avi 2013-01-17 15:09 - 2013-01-17 15:09 - 00000000 ____D C:\Users\Seth\AppData\Local\{F0232D0D-701F-4519-95B8-0580E2157717} 2013-01-17 15:09 - 2011-05-22 13:20 - 00000000 ____D C:\Program Files (x86)\SwiftKit 2013-01-17 03:05 - 2013-01-17 03:05 - 00000000 ____D C:\Users\Seth\AppData\Local\{04D85E6C-5E69-44EB-8230-0A61B0F0EE89} 2013-01-16 17:16 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-01-16 17:16 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-01-16 15:05 - 2013-01-16 15:05 - 00000000 ____D C:\Users\Seth\AppData\Local\{40BD1701-2D36-4BBB-9A99-42E832C3AD88} 2013-01-16 01:21 - 2013-01-16 01:21 - 00000000 ____D C:\Users\Seth\AppData\Local\{B504EEE2-6693-491F-AC18-8D9870D1E5B1} 2013-01-15 23:05 - 2013-01-15 21:32 - 101383118 ____A C:\Users\Seth\Documents\clip0242.avi 2013-01-15 13:21 - 2013-01-15 13:20 - 00000000 ____D C:\Users\Seth\AppData\Local\{73A2483E-106A-40ED-B042-DE138288C51C} 2013-01-14 15:27 - 2013-01-14 15:27 - 00000000 ____D C:\Users\Seth\AppData\Local\{8C4F64A5-A46E-47CE-9AFE-2950D6AFC650} 2013-01-14 05:14 - 2013-01-13 18:40 - 3934091438 ____A C:\Users\Seth\Documents\clip0241.avi 2013-01-14 03:26 - 2013-01-14 03:26 - 00000000 ____D C:\Users\Seth\AppData\Local\{92C1560E-359C-4BAA-8F26-31456B7EB4DB} 2013-01-13 18:36 - 2013-01-13 18:05 - 526400494 ____A C:\Users\Seth\Documents\clip0240.avi 2013-01-13 15:25 - 2013-01-13 15:25 - 00000000 ____D C:\Users\Seth\AppData\Local\{00FFCA2C-5A9C-4FAC-AE10-9731361D9C69} 2013-01-13 14:38 - 2013-01-13 14:37 - 00000000 ____D C:\Users\Seth\AppData\Local\{F254E3A4-133E-40E6-A35E-89FC968D713F} 2013-01-13 06:59 - 2013-01-13 03:00 - 1350985966 ____A C:\Users\Seth\Documents\clip0239.avi 2013-01-13 02:53 - 2013-01-12 19:20 - 300635508 ____A C:\Users\Seth\Documents\clip0238.avi 2013-01-13 01:44 - 2013-01-13 01:44 - 00000000 ____D C:\Users\Seth\AppData\Local\{7ACD8BC9-8E7F-428F-B725-5E2D0D9DB6D5} 2013-01-12 13:44 - 2013-01-12 13:44 - 00000000 ____D C:\Users\Seth\AppData\Local\{364956B0-7DDB-4AA3-BF56-EDCB669CA77C} 2013-01-12 01:27 - 2013-01-12 01:27 - 00000000 ____D C:\Users\Seth\AppData\Local\{AB756463-A2CE-4546-86CF-966E651D32D5} 2013-01-11 22:35 - 2013-01-11 18:05 - 1720657302 ____A C:\Users\Seth\Documents\clip0237.avi 2013-01-11 13:26 - 2013-01-11 13:26 - 00000000 ____D C:\Users\Seth\AppData\Local\{0BA4B800-18E2-4B3B-9168-50F80150B409} 2013-01-11 05:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-01-11 01:26 - 2013-01-11 01:25 - 00000000 ____D C:\Users\Seth\AppData\Local\{DD292471-D65D-48CB-8959-A8C9546FC7B7} 2013-01-11 00:22 - 2013-01-10 16:05 - 3813037850 ____A C:\Users\Seth\Documents\clip0236.avi 2013-01-10 13:25 - 2013-01-10 13:25 - 00000000 ____D C:\Users\Seth\AppData\Local\{8A18A555-EBE3-4EC4-9262-8A438BFC145B} 2013-01-10 12:19 - 2011-06-03 09:12 - 00000000 ____D C:\Users\Seth\AppData\Local\CrashDumps 2013-01-10 02:46 - 2009-07-13 21:13 - 00753608 ____A C:\Windows\System32\PerfStringBackup.INI 2013-01-10 02:42 - 2009-07-13 20:45 - 00279680 ____A C:\Windows\System32\FNTCACHE.DAT 2013-01-10 02:11 - 2012-09-22 13:09 - 00000118 ____A C:\Windows\System32\MRT.INI 2013-01-10 02:05 - 2011-06-03 23:23 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-01-10 01:24 - 2013-01-10 01:24 - 00000000 ____D C:\Users\Seth\AppData\Local\{B02D8267-DD6C-4653-9EAE-46E5F5A5405C} 2013-01-10 00:20 - 2013-01-09 15:41 - 2396297530 ____A C:\Users\Seth\Documents\clip0235.avi 2013-01-09 21:38 - 2013-01-09 21:38 - 00000000 ____D C:\Users\Seth\AppData\Local\Proxure 2013-01-09 21:38 - 2013-01-09 21:38 - 00000000 ____D C:\Users\All Users\ClubSanDisk 2013-01-09 13:23 - 2013-01-09 13:23 - 00000000 ____D C:\Users\Seth\AppData\Local\{3B747E28-BA07-4F05-B300-AD443CAC12AE} 2013-01-09 01:19 - 2013-01-09 01:18 - 00000000 ____D C:\Users\Seth\AppData\Local\{348929C1-258E-41BF-B3CC-D9DAE1764589} 2013-01-08 13:18 - 2013-01-08 13:18 - 00000000 ____D C:\Users\Seth\AppData\Local\{6B157F5B-AE77-4197-8461-9F5FB1E6825A} 2013-01-08 01:16 - 2013-01-08 01:16 - 00000000 ____D C:\Users\Seth\AppData\Local\{F097FD4A-87F1-4FA7-BB9D-DB037DE523E2} 2013-01-07 23:56 - 2013-01-07 21:20 - 129232340 ____A C:\Users\Seth\Documents\clip0234.avi 2013-01-07 13:15 - 2013-01-07 13:15 - 00000000 ____D C:\Users\Seth\AppData\Local\{5AD7F760-130C-4F01-8147-7927C2E72B8F} 2013-01-07 01:15 - 2013-01-07 01:14 - 00000000 ____D C:\Users\Seth\AppData\Local\{96086C7C-DFE2-4FB0-BE82-846ED8C01C0E} 2013-01-06 23:42 - 2013-01-06 18:01 - 1616220352 ____A C:\Users\Seth\Documents\clip0233.avi 2013-01-06 13:44 - 2012-12-02 17:20 - 00019897 ____A C:\Users\Seth\12.2.txt 2013-01-06 13:14 - 2013-01-01 01:51 - 00000000 ____D C:\Users\Seth\AppData\Local\{A9F22823-E0FD-4EEE-8F33-9E65208212C2} 2013-01-06 00:01 - 2013-01-05 20:27 - 516711460 ____A C:\Users\Seth\Documents\clip0232.avi 2013-01-05 20:26 - 2013-01-05 20:26 - 01081024 ____A C:\Users\Seth\Documents\clip0231.avi 2013-01-05 20:26 - 2013-01-05 20:25 - 146481760 ____A C:\Users\Seth\Documents\clip0230.avi 2013-01-05 20:24 - 2013-01-05 18:17 - 1576009778 ____A C:\Users\Seth\Documents\clip0229.avi 2013-01-04 17:32 - 2011-05-22 16:43 - 00000000 ____D C:\.jagex_cache_32 2013-01-04 02:26 - 2013-01-03 18:43 - 3025026844 ____A C:\Users\Seth\Documents\clip0227.avi 2013-01-03 18:43 - 2013-01-03 18:03 - 933991268 ____A C:\Users\Seth\Documents\clip0225.avi 2013-01-01 23:20 - 2013-01-01 23:10 - 01398010 ____A C:\Users\Seth\Documents\clip0223.avi 2012-12-31 20:13 - 2012-12-31 20:13 - 16244432 ____A C:\Users\Seth\Documents\clip0222.avi 2012-12-31 20:04 - 2012-12-31 19:39 - 682159956 ____A C:\Users\Seth\Documents\clip0220.avi 2012-12-31 19:33 - 2012-12-31 18:39 - 1509365760 ____A C:\Users\Seth\Documents\clip0228.avi 2012-12-31 18:39 - 2012-12-31 18:39 - 00780000 ____A C:\Users\Seth\Documents\clip0228.avi.bak 2012-12-31 13:50 - 2012-12-31 13:50 - 00000000 ____D C:\Users\Seth\AppData\Local\{00A7A675-3F79-4F9E-8EF0-E29B9640B1C3} 2012-12-31 01:49 - 2012-12-31 01:49 - 00000000 ____D C:\Users\Seth\AppData\Local\{66033721-BF64-4350-982A-31AE63232128} 2012-12-30 17:48 - 2012-12-30 17:48 - 24051536 ____A (Igor Pavlov) C:\Users\Seth\Downloads\tor-browser-2.3.25-1_en-US.exe 2012-12-30 13:49 - 2012-12-30 13:49 - 00000000 ____D C:\Users\Seth\AppData\Local\{5975B5B9-B095-4B1F-A2FD-C3C64FBB8489} 2012-12-30 01:13 - 2012-12-30 01:13 - 00000000 ____D C:\Users\Seth\AppData\Local\{E58B1B68-83E5-4866-A909-338B27009E6A} 2012-12-29 21:59 - 2012-12-29 19:36 - 416586690 ____A C:\Users\Seth\Documents\clip0226.avi 2012-12-29 13:13 - 2012-12-29 13:12 - 00000000 ____D C:\Users\Seth\AppData\Local\{5E0BD7B2-2460-4AE8-8DAB-B3CFA9DA7164} 2012-12-29 01:12 - 2012-12-29 01:12 - 00000000 ____D C:\Users\Seth\AppData\Local\{BABF4D70-0AE7-496F-B722-5867CB27F3F0} 2012-12-28 13:11 - 2012-12-28 13:11 - 00000000 ____D C:\Users\Seth\AppData\Local\{EB0E18AA-6ED5-4D77-8BB3-12F35920C5EE} 2012-12-28 01:55 - 2012-12-28 00:14 - 196939446 ____A C:\Users\Seth\Documents\clip0224.avi 2012-12-28 01:10 - 2012-12-28 01:10 - 00000000 ____D C:\Users\Seth\AppData\Local\{61691EEC-D809-47A6-85F1-EDF1A1174CA9} 2012-12-27 17:17 - 2012-12-27 15:56 - 796200178 ____A C:\Users\Seth\Documents\clip0221.avi 2012-12-27 13:10 - 2012-12-27 13:09 - 00000000 ____D C:\Users\Seth\AppData\Local\{9CF78ED8-EC5B-4A1F-B761-76CE7AF7C49D} 2012-12-27 00:04 - 2012-12-27 00:04 - 00000000 ____D C:\Users\Seth\AppData\Local\{C3B69C06-38DA-40B6-AF56-46FC9175891F} 2012-12-26 12:03 - 2012-12-26 12:03 - 00000000 ____D C:\Users\Seth\AppData\Local\{87E11902-7A2F-4267-A5B9-5437058F3F94} 2012-12-25 15:38 - 2012-12-25 15:37 - 00000000 ____D C:\Users\Seth\AppData\Local\{DFC57AF4-CFB4-4B43-8A94-EEAA0F3092D8} 2012-12-24 22:57 - 2012-12-24 22:57 - 00000000 ____D C:\Users\Seth\AppData\Local\{397FBBF5-B2CB-46D0-AC75-4C0426768A9D} 2012-12-24 10:56 - 2012-12-23 21:16 - 00000000 ____D C:\Users\Seth\AppData\Local\{7D2EEB3B-0F12-4759-84F6-1CE936206ED4} 2012-12-23 11:28 - 2012-12-23 11:28 - 00300432 ____A C:\Windows\Minidump\122312-65270-01.dmp 2012-12-23 11:28 - 2011-08-10 14:45 - 00000000 ____D C:\Windows\Minidump 2012-12-23 09:16 - 2012-12-23 09:16 - 00000000 ____D C:\Users\Seth\AppData\Local\{1C6BAA68-259D-41A0-99E4-FD953DB508A9} 2012-12-22 14:07 - 2012-12-22 14:07 - 00000000 ____D C:\Users\Seth\AppData\Local\{A545814A-81FC-4339-A95C-D6E3417F43D1} 2012-12-22 02:06 - 2012-12-22 02:06 - 00000000 ____D C:\Users\Seth\AppData\Local\{E164E73E-B3D4-44A0-B4CC-6D38EAA0DB24} 2012-12-22 01:40 - 2012-12-22 00:06 - 1716601472 ____A C:\Users\Seth\Documents\clip0219.avi 2012-12-22 00:50 - 2012-12-19 22:44 - 00008250 ____A C:\Users\Seth\12.19.txt 2012-12-21 18:23 - 2012-12-21 16:10 - 2109928458 ____A C:\Users\Seth\Documents\clip0218.avi 2012-12-21 14:05 - 2012-12-21 14:05 - 00000000 ____D C:\Users\Seth\AppData\Local\{8F9C832D-013F-47A0-A25C-F7177F9C185B} 2012-12-21 02:04 - 2012-12-21 02:04 - 00000000 ____D C:\Users\Seth\AppData\Local\{D3F4CE74-3366-46E7-AE39-62100F0F9C98} 2012-12-21 00:34 - 2012-12-20 16:22 - 2730890940 ____A C:\Users\Seth\Documents\clip0217.avi 2012-12-20 14:04 - 2012-12-20 14:03 - 00000000 ____D C:\Users\Seth\AppData\Local\{6B0DB087-506F-4439-950B-7116F5C6FDB7} ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 18% Total physical RAM: 3882.09 MB Available physical RAM: 3161.2 MB Total Pagefile: 3880.23 MB Available Pagefile: 3157.23 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:232 GB) (Free:9.87 GB) NTFS 2 Drive d: () (Fixed) (Total:346.39 GB) (Free:345.14 GB) NTFS 3 Drive f: (SAMSUNG_REC) (Fixed) (Total:17.68 GB) (Free:0.94 GB) NTFS ==>[system with boot components (obtained from reading drive)] 5 Drive h: () (Removable) (Total:29.8 GB) (Free:21.15 GB) FAT32 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 7 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 596 GB 1024 KB Disk 1 Online 29 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 232 GB 101 MB Partition 0 Extended 346 GB 232 GB Partition 4 Logical 346 GB 232 GB Partition 3 Recovery 17 GB 578 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 232 GB Healthy ========================================================= Disk: 0 Partition 4 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 D NTFS Partition 346 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 27 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 F SAMSUNG_REC NTFS Partition 17 GB Healthy Hidden ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 29 GB 16 KB ================================================================================== Disk: 1 Partition 1 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 H FAT32 Removable 29 GB Healthy ========================================================= Last Boot: 2013-01-14 09:46 ==================== End Of Log ============================= Farbar Recovery Scan Tool (x64) Version: 15-01-2013 Ran by SYSTEM at 2013-01-19 14:22:43 Running from H:\ ================== Search: "Search.txt" =================== ====== End Of Search ======
  11. Thank you for replying i'm doing the scan right now and will reply back with the logs when finished.
  12. I seem to have been infected by the fbi warning virus in my attempts to remove the virus i have not been able to access any form of safe mode. I have been able to access the repair feature from the boot menu and get a command prompt running but as far as locating the files or anything else im pretty much stuck. I noticed a few other threads related to this virus on this forum so i'm just hoping i can get some sort of help and it would be much appreciated.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.