Moneypak Virus (Windows 8) Please assist.

[pkgoss02]

Hello MB,

 

I have recently acquired the MoneyPak Virus. When it popped up i assumed virus and had to manually restart computer. From then on it would not allow me to sign into my account but it allows me to sign in either in temporary OR on my administrator. However, my account is where ALL my files and such are. I cannot seem to get to my data no matter what i do. It seems like the virus has locked me out of it. Also, i tried a system restore and no luck. AVG looks like its broken cause it will not scan and malwarebytes is currently scanning, it comes up with something new each time i scan. Ill post the log, i just have no clue really what i need to do and would love some assistance.

 

Most Sincerely,

 

David

[MrCharlie]

Welcome to the forum, see if you can do this:

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

[pkgoss02]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013

Ran by Administrator (administrator) on DAVID-PC on 15-09-2013 19:57:31

Running from C:\Users\Administrator\Downloads

Windows 8 Pro (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

(AMD) C:\WINDOWS\system32\atiesrxx.exe

(Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Atheros Commnucations) C:\WINDOWS\system32\AdminService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files (x86)\Dell\DELLOSD\DellOSDService.exe

(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe

(Fitbit, Inc.) C:\Program Files (x86)\Fitbit\fitbit.exe

(Intel® Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe

(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe

(Chicony) C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(AMD) C:\WINDOWS\system32\atieclxx.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

() C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe

(DELL) C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe

(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe

(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

(DELL) C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe

(DELL) C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(AMD) C:\WINDOWS\system32\atieclxx.exe

(Microsoft Corporation) C:\WINDOWS\WinStore\WSHost.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

() C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe

(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe

(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(PC-Doctor, Inc.) C:\Program Files\Dell Support Center\pcdrcui.exe

(Microsoft Corporation) C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(PC-Doctor, Inc.) C:\Program Files\Dell Support Center\pcdrsysinfosmbios2.p5x

(DELL INC.) C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FASuppMon.exe

(DELL INC.) C:\Program Files (x86)\DELL\DELLOSD\DELLOSD.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463080 2012-01-16] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)

HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)

MountPoints2: {3b2deb2f-7a1c-11e2-be7a-c01885841732} - "E:\TL-Bootstrap.exe" 

MountPoints2: {63754d33-b8ef-11e2-be82-c01885841732} - "E:\TL-Bootstrap.exe" 

MountPoints2: {dcfd7105-e65d-11e2-be8d-c01885841732} - "E:\MotorolaDeviceManagerSetup.exe" -a

HKLM-x32\...\Run: [bDRegion] - C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2011-11-29] (cyberlink)

HKLM-x32\...\Run: [Chicony_OSD] - C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe [53248 2011-01-12] ()

HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)

HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)

HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)

HKLM-x32\...\Run: [iMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-01-20] (Intel Corporation)

HKLM-x32\...\Run: [NeroLauncher] - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [66872 2011-12-31] ()

HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)

HKLM-x32\...\Run: [startCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-02-16] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [FAStartup] -  [x]

HKLM-x32\...\Run: [FATrayAlert] - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [92808 2013-01-22] (Sensible Vision )

HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)

Lsa: [Notification Packages] scecli FAPassSync

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

SearchScopes: HKLM - DefaultScope {8DE78077-6005-4F00-A13F-6B18877D05E2} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox

SearchScopes: HKLM-x32 - DefaultScope {8DE78077-6005-4F00-A13F-6B18877D05E2} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox

SearchScopes: HKCU - DefaultScope {8DE78077-6005-4F00-A13F-6B18877D05E2} URL = 

SearchScopes: HKCU - {8DE78077-6005-4F00-A13F-6B18877D05E2} URL = 

BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO: Face recognition web login for FastAccess - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: BitTorrentControl_v12 Toolbar - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBit2.dll (Conduit Ltd.)

BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)

BHO-x32: Face recognition web login for FastAccess - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - BitTorrentControl_v12 Toolbar - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBit2.dll (Conduit Ltd.)

Toolbar: HKCU -  No Name - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} -  No File

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File

Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

Chrome: 

=======

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File

CHR Plugin: (Java Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File

CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File

CHR Extension: (Google Docs) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (BitTorrentControl_v12) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\10.16.100.504_0

CHR Extension: (FastAccess SSO) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\feocblgcojafilfbgoineopkngchgaei\1.0.0.62_0

CHR Extension: (Chrome In-App Payments service) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0

CHR Extension: (Gmail) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

CHR HKLM\...\Chrome\Extension: [feocblgcojafilfbgoineopkngchgaei] - C:\Program Files (x86)\Sensible Vision\Fast Access\chrome_fasso\extension.crx

CHR HKLM-x32\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\David\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx

CHR HKLM-x32\...\Chrome\Extension: [feocblgcojafilfbgoineopkngchgaei] - C:\Program Files (x86)\Sensible Vision\Fast Access\chrome_fasso\extension.crx

 

==================== Services (Whitelisted) =================

 

R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)

S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-11-29] (CyberLink)

R2 Dell WMI Service; C:\Program Files (x86)\Dell\DELLOSD\DellOSDService.exe [69632 2012-01-11] ()

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MSMQ; C:\Windows\system32\mqsvc.exe [25088 2012-07-25] (Microsoft Corporation)

R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1901752 2013-07-22] (Microsoft Corporation)

R2 OSDSvc; C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [176128 2010-12-01] (Chicony)

R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [471552 2012-07-25] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)

R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248632 2013-07-18] (AVG Technologies CZ, s.r.o.)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)

R3 FACAP; C:\Windows\system32\DRIVERS\facap.sys [37888 2012-09-03] (Windows ® Win 7 DDK provider)

R3 FintekCIR; C:\Windows\system32\DRIVERS\FintekCIR.sys [30824 2010-12-22] (Fintek)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 MQAC; C:\Windows\System32\drivers\mqac.sys [185856 2012-07-25] (Microsoft Corporation)

U3 idsvc; 

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-09-15 19:56 - 2013-09-15 19:56 - 00000000 ____D C:\FRST

2013-09-15 19:55 - 2013-09-15 19:55 - 01951158 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe

2013-09-15 19:36 - 2013-09-15 19:36 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Roaming\PCDr

2013-09-15 19:36 - 2013-09-15 19:36 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Roaming\Dell

2013-09-15 19:31 - 2013-09-15 19:31 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Roaming\Intel Corporation

2013-09-15 19:31 - 2013-09-15 19:31 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Roaming\Creative

2013-09-15 19:31 - 2013-09-15 19:31 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Roaming\AVG2013

2013-09-15 19:31 - 2013-09-15 19:31 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Roaming\ATI

2013-09-15 19:31 - 2013-09-15 19:31 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Roaming\Apple Computer

2013-09-15 19:31 - 2013-09-15 19:31 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Local\Avg2013

2013-09-15 19:31 - 2013-09-15 19:31 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Local\ATI

2013-09-15 19:31 - 2013-09-15 19:31 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Local\Adobe

2013-09-15 19:30 - 2013-09-15 19:30 - 00000000 ___RD C:\Users\TEMP.DAVID-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-09-15 19:30 - 2013-09-15 19:30 - 00000000 ___RD C:\Users\TEMP.DAVID-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-09-15 19:29 - 2013-09-15 19:31 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Roaming\Adobe

2013-09-15 19:29 - 2013-09-15 19:29 - 00002257 _____ C:\Users\TEMP.DAVID-PC\Desktop\Google Chrome.lnk

2013-09-15 19:29 - 2013-09-15 19:29 - 00001432 _____ C:\Users\TEMP.DAVID-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-09-15 19:28 - 2013-09-15 19:30 - 00000000 ____D C:\Users\TEMP.DAVID-PC

2013-09-15 19:28 - 2013-09-15 19:29 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Local\Packages

2013-09-15 19:28 - 2013-09-15 19:28 - 00000020 ___SH C:\Users\TEMP.DAVID-PC\ntuser.ini

2013-09-15 19:28 - 2013-09-15 19:28 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Local\VirtualStore

2013-09-15 19:28 - 2013-09-13 00:54 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Local\SoftThinks

2013-09-15 19:28 - 2013-08-18 01:07 - 00000000 ___RD C:\Users\TEMP.DAVID-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2013-09-15 19:28 - 2013-06-19 22:46 - 00000000 ___RD C:\Users\TEMP.DAVID-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2013-09-15 19:28 - 2013-01-31 21:34 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Roaming\TuneUp Software

2013-09-15 19:28 - 2012-11-01 00:04 - 00000000 ___RD C:\Users\TEMP.DAVID-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2013-09-15 19:28 - 2012-11-01 00:04 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Roaming\Macromedia

2013-09-15 19:28 - 2012-07-26 04:13 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2013-09-15 19:12 - 2013-09-15 19:12 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes

2013-09-15 19:12 - 2013-09-15 19:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple

2013-09-14 15:51 - 2013-09-14 15:52 - 93503248 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\msert.exe

2013-09-13 12:57 - 2013-09-13 12:58 - 00430192 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2013-09-13 01:18 - 2013-09-13 18:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-09-13 01:18 - 2013-09-13 01:18 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-09-13 01:18 - 2013-09-13 01:18 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-09-13 01:18 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2013-09-13 01:13 - 2013-09-13 01:13 - 00275088 _____ C:\WINDOWS\Minidump\091313-67781-01.dmp

2013-09-13 01:02 - 2013-09-13 18:37 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2013-09-13 01:02 - 2013-09-13 18:37 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-09-13 01:02 - 2013-09-13 18:37 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-09-13 01:02 - 2013-09-13 18:37 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2013-09-13 01:02 - 2013-09-13 18:37 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2013-09-13 01:02 - 2013-09-13 18:37 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2013-09-13 01:02 - 2013-09-13 01:02 - 00002257 _____ C:\Users\TEMP\Desktop\Google Chrome.lnk

2013-09-13 01:02 - 2013-09-13 01:02 - 00001432 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-09-13 01:02 - 2013-09-13 01:02 - 00000020 ___SH C:\Users\TEMP\ntuser.ini

2013-09-13 01:02 - 2013-09-13 01:02 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Adobe

2013-09-13 01:02 - 2013-09-13 01:02 - 00000000 ____D C:\Users\TEMP\AppData\Local\VirtualStore

2013-09-13 01:02 - 2013-09-13 01:02 - 00000000 ____D C:\Users\TEMP\AppData\Local\Packages

2013-09-13 01:02 - 2013-09-13 00:54 - 00000000 ____D C:\Users\TEMP\AppData\Local\SoftThinks

2013-09-13 01:02 - 2013-01-31 21:34 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\TuneUp Software

2013-09-13 01:02 - 2012-11-01 00:04 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Macromedia

2013-09-13 00:52 - 2013-09-13 00:52 - 00000000 ____D C:\Users\David\Downloads\WatchMyGF.com - Emo

2013-09-13 00:52 - 2013-09-13 00:52 - 00000000 ____D C:\Users\David\Downloads\WatchMyGf Pack - 65 Clips

2013-09-11 22:31 - 2013-09-11 22:31 - 00712600 _____ C:\Users\David\Desktop\turkey trot.prn

2013-09-11 22:16 - 2013-08-16 01:41 - 00058200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys

2013-09-11 22:16 - 2013-08-16 01:39 - 02371728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll

2013-09-11 22:16 - 2013-08-16 01:39 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2013-09-11 22:16 - 2013-08-16 01:32 - 00209200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe

2013-09-11 22:16 - 2013-08-16 01:22 - 04917760 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe

2013-09-11 22:16 - 2013-08-16 01:22 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe

2013-09-11 22:16 - 2013-08-16 01:21 - 03275776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2013-09-11 22:16 - 2013-08-16 01:21 - 01621504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll

2013-09-11 22:16 - 2013-08-16 01:21 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll

2013-09-11 22:16 - 2013-08-16 01:21 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2013-09-11 22:16 - 2013-08-16 01:21 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll

2013-09-11 22:16 - 2013-08-16 01:21 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll

2013-09-11 22:16 - 2013-08-16 01:21 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll

2013-09-11 22:16 - 2013-08-16 01:21 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll

2013-09-11 22:16 - 2013-08-16 01:21 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll

2013-09-11 22:16 - 2013-08-16 01:21 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll

2013-09-11 22:16 - 2013-08-16 01:21 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll

2013-09-11 22:16 - 2013-08-16 01:21 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2013-09-11 22:16 - 2013-08-16 01:21 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll

2013-09-11 22:16 - 2013-08-16 01:21 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll

2013-09-11 22:16 - 2013-08-16 01:21 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll

2013-09-11 22:16 - 2013-08-16 01:21 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcln.dll

2013-09-11 22:16 - 2013-08-16 01:21 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

2013-09-11 22:16 - 2013-08-16 01:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll

2013-09-11 22:16 - 2013-08-16 01:20 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll

2013-09-11 22:16 - 2013-08-15 18:43 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2013-09-11 22:16 - 2013-08-15 18:43 - 00562688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll

2013-09-11 22:16 - 2013-08-15 18:43 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll

2013-09-11 22:16 - 2013-08-15 18:43 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll

2013-09-11 22:16 - 2013-08-15 18:43 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll

2013-09-11 22:16 - 2013-08-15 18:43 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll

2013-09-11 22:16 - 2013-08-15 18:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2013-09-11 22:16 - 2013-08-15 18:43 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll

2013-09-11 22:16 - 2013-08-15 18:43 - 00083968 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll

2013-09-11 22:16 - 2013-08-15 18:43 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe

2013-09-11 22:16 - 2013-08-15 18:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll

2013-09-11 22:16 - 2013-08-15 18:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll

2013-09-11 22:16 - 2013-08-15 18:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupcln.dll

2013-09-11 22:15 - 2013-08-21 00:12 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2013-09-11 22:15 - 2013-08-21 00:12 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2013-09-11 22:15 - 2013-08-21 00:11 - 19246592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2013-09-11 22:15 - 2013-08-21 00:11 - 15404544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2013-09-11 22:15 - 2013-08-21 00:11 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2013-09-11 22:15 - 2013-08-21 00:11 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2013-09-11 22:15 - 2013-08-21 00:11 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2013-09-11 22:15 - 2013-08-21 00:11 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll

2013-09-11 22:15 - 2013-08-21 00:11 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2013-09-11 22:15 - 2013-08-21 00:11 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2013-09-11 22:15 - 2013-08-21 00:11 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll

2013-09-11 22:15 - 2013-08-21 00:11 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll

2013-09-11 22:15 - 2013-08-21 00:11 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll

2013-09-11 22:15 - 2013-08-21 00:11 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll

2013-09-11 22:15 - 2013-08-21 00:11 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll

2013-09-11 22:15 - 2013-08-20 22:34 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb

2013-09-11 22:15 - 2013-08-20 22:06 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2013-09-11 22:15 - 2013-08-20 22:06 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2013-09-11 22:15 - 2013-08-20 22:06 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll

2013-09-11 22:15 - 2013-08-20 22:05 - 14332928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2013-09-11 22:15 - 2013-08-20 22:05 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2013-09-11 22:15 - 2013-08-20 22:05 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2013-09-11 22:15 - 2013-08-20 22:05 - 02048000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2013-09-11 22:15 - 2013-08-20 22:05 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2013-09-11 22:15 - 2013-08-20 22:05 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2013-09-11 22:15 - 2013-08-20 22:05 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll

2013-09-11 22:15 - 2013-08-20 22:05 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll

2013-09-11 22:15 - 2013-08-20 22:05 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll

2013-09-11 22:15 - 2013-08-20 22:05 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll

2013-09-11 22:15 - 2013-08-20 21:43 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb

2013-09-11 22:15 - 2013-08-20 19:52 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll

2013-09-11 22:15 - 2013-07-09 04:04 - 00120144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys

2013-09-11 22:15 - 2013-07-09 02:18 - 00439488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe

2013-09-11 22:15 - 2013-07-09 00:25 - 00385768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe

2013-09-11 22:15 - 2013-07-08 23:57 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll

2013-09-11 22:15 - 2013-07-08 18:46 - 00543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll

2013-09-11 22:15 - 2013-07-08 18:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll

2013-09-11 22:15 - 2013-07-08 18:46 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanadvui.dll

2013-09-11 22:15 - 2013-07-08 18:45 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll

2013-09-11 22:15 - 2013-07-05 20:16 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

2013-09-11 22:15 - 2013-07-02 20:23 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll

2013-09-11 22:15 - 2013-07-02 20:23 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll

2013-09-11 22:15 - 2013-07-02 20:22 - 02839552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll

2013-09-11 22:15 - 2013-07-02 20:22 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll

2013-09-11 22:15 - 2013-07-02 20:11 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll

2013-09-11 22:15 - 2013-07-02 20:11 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll

2013-09-11 22:15 - 2013-07-02 20:10 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll

2013-09-11 22:15 - 2013-07-01 18:08 - 00387583 _____ C:\WINDOWS\system32\ApnDatabase.xml

2013-09-11 22:15 - 2013-06-30 18:30 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\openfiles.exe

2013-09-11 22:15 - 2013-06-30 18:29 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\openfiles.exe

2013-09-11 22:15 - 2013-06-29 02:15 - 00195416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys

2013-09-11 22:15 - 2013-06-29 02:15 - 00125784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys

2013-09-11 22:15 - 2013-06-29 01:43 - 00327512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys

2013-09-11 22:15 - 2013-06-28 21:12 - 01022464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll

2013-09-11 22:15 - 2013-06-25 23:01 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys

2013-09-11 22:15 - 2013-06-24 18:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll

2013-09-11 22:15 - 2013-06-24 18:54 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll

2013-09-11 22:15 - 2013-06-24 18:54 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll

2013-09-11 22:15 - 2013-06-19 01:36 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll

2013-09-11 22:15 - 2013-06-19 01:36 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll

2013-09-11 22:15 - 2013-06-18 18:38 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll

2013-09-11 22:15 - 2013-06-18 18:38 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll

2013-09-11 22:15 - 2013-06-11 19:43 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll

2013-09-11 22:15 - 2013-06-11 19:26 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll

2013-09-11 22:15 - 2013-06-10 17:17 - 00096512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys

2013-09-11 22:15 - 2013-06-10 15:16 - 00888832 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll

2013-09-11 22:15 - 2013-06-10 15:15 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL

2013-09-11 22:15 - 2013-06-10 15:15 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL

2013-09-11 22:15 - 2013-06-10 15:15 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL

2013-09-11 22:15 - 2013-06-10 15:10 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll

2013-09-11 22:15 - 2013-06-10 15:10 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL

2013-09-11 22:15 - 2013-06-06 04:03 - 00119040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS

2013-09-11 22:14 - 2013-08-03 00:30 - 04038144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2013-09-08 14:20 - 2013-09-08 14:22 - 00000000 ____D C:\Users\David\Downloads\John Mayer - Paradise Valley [MP3-320-Cov][bubanee]

2013-09-08 14:18 - 2013-09-08 14:19 - 00000000 ____D C:\Users\David\Desktop\David Gossett

2013-09-07 18:05 - 2013-09-07 18:11 - 366592264 _____ C:\Users\David\Downloads\gfr_my_girls_girlfriend.mp4

2013-09-07 18:03 - 2013-09-07 18:03 - 00000000 ____D C:\Users\David\Downloads\Schoolgirl.POV.9.XXX

2013-09-07 17:57 - 2013-09-07 18:16 - 872212558 _____ C:\Users\David\Downloads\Girls Gone Wild - Very Bad Girls #8.avi

2013-09-07 17:55 - 2013-09-07 17:55 - 00000875 _____ C:\Users\David\Desktop\BitTorrent.lnk

2013-09-07 17:55 - 2013-09-07 17:55 - 00000855 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk

2013-09-05 01:43 - 2013-09-05 01:43 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgrkx64.sys

2013-09-01 11:31 - 2013-09-01 11:32 - 00920040 _____ C:\WINDOWS\Minidump\090113-45218-01.dmp

2013-08-31 09:10 - 2013-08-31 09:10 - 00000000 ____D C:\Users\David\Downloads\If You Were A Movie, This Would Be Your Soundtrack

2013-08-31 09:09 - 2013-08-31 09:09 - 00000000 ____D C:\Users\David\Downloads\Feel

2013-08-26 17:17 - 2013-08-26 17:17 - 00036178 _____ C:\Users\David\Desktop\billie.jpeg

2013-08-25 23:54 - 2013-08-31 09:07 - 1724877693 _____ C:\Users\David\Downloads\MOFOS_ I Know That Girl 13 XXX DVDRip NEW (2013).mp4

2013-08-25 22:41 - 2013-09-08 14:18 - 00000000 ____D C:\Users\David\Desktop\jess

2013-08-18 23:44 - 2013-09-08 23:57 - 00000000 ____D C:\Users\David\Desktop\kelsey

2013-08-18 01:13 - 2013-08-18 01:13 - 00963720 _____ C:\WINDOWS\Minidump\081813-32171-01.dmp

2013-08-16 22:22 - 2013-09-13 01:50 - 00000000 ____D C:\WINDOWS\system32\MRT

 

==================== One Month Modified Files and Folders =======

 

2013-09-15 19:56 - 2013-09-15 19:56 - 00000000 ____D C:\FRST

2013-09-15 19:55 - 2013-09-15 19:55 - 01951158 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe

2013-09-15 19:49 - 2012-11-01 00:08 - 01409898 _____ C:\WINDOWS\WindowsUpdate.log

2013-09-15 19:46 - 2012-05-07 12:31 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2013-09-15 19:36 - 2013-09-15 19:36 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Roaming\PCDr

2013-09-15 19:36 - 2013-09-15 19:36 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Roaming\Dell

2013-09-15 19:33 - 2012-10-31 16:45 - 00003414 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest

2013-09-15 19:33 - 2012-10-31 16:45 - 00000422 _____ C:\WINDOWS\Tasks\SystemToolsDailyTest.job

2013-09-15 19:31 - 2013-09-15 19:31 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Roaming\Intel Corporation

2013-09-15 19:31 - 2013-09-15 19:31 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Roaming\Creative

2013-09-15 19:31 - 2013-09-15 19:31 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Roaming\AVG2013

2013-09-15 19:31 - 2013-09-15 19:31 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Roaming\ATI

2013-09-15 19:31 - 2013-09-15 19:31 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Roaming\Apple Computer

2013-09-15 19:31 - 2013-09-15 19:31 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Local\Avg2013

2013-09-15 19:31 - 2013-09-15 19:31 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Local\ATI

2013-09-15 19:31 - 2013-09-15 19:31 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Local\Adobe

2013-09-15 19:31 - 2013-09-15 19:29 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Roaming\Adobe

2013-09-15 19:30 - 2013-09-15 19:30 - 00000000 ___RD C:\Users\TEMP.DAVID-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-09-15 19:30 - 2013-09-15 19:30 - 00000000 ___RD C:\Users\TEMP.DAVID-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-09-15 19:30 - 2013-09-15 19:28 - 00000000 ____D C:\Users\TEMP.DAVID-PC

2013-09-15 19:30 - 2012-10-31 17:56 - 00000892 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2013-09-15 19:29 - 2013-09-15 19:29 - 00002257 _____ C:\Users\TEMP.DAVID-PC\Desktop\Google Chrome.lnk

2013-09-15 19:29 - 2013-09-15 19:29 - 00001432 _____ C:\Users\TEMP.DAVID-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-09-15 19:29 - 2013-09-15 19:28 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Local\Packages

2013-09-15 19:29 - 2012-05-07 12:50 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup

2013-09-15 19:28 - 2013-09-15 19:28 - 00000020 ___SH C:\Users\TEMP.DAVID-PC\ntuser.ini

2013-09-15 19:28 - 2013-09-15 19:28 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Local\VirtualStore

2013-09-15 19:26 - 2012-10-31 17:56 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2013-09-15 19:18 - 2013-01-25 23:33 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer

2013-09-15 19:17 - 2012-11-23 01:13 - 00000000 ____D C:\Program Files (x86)\BitTorrentControl_v12

2013-09-15 19:14 - 2013-01-11 19:21 - 00000000 ____D C:\ProgramData\MFAData

2013-09-15 19:12 - 2013-09-15 19:12 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes

2013-09-15 19:12 - 2013-09-15 19:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple

2013-09-15 19:12 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\system32\sru

2013-09-14 20:03 - 2012-07-26 03:28 - 00978702 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2013-09-14 19:58 - 2012-07-26 03:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2013-09-14 19:58 - 2012-07-26 03:21 - 00456647 _____ C:\WINDOWS\setupact.log

2013-09-14 19:57 - 2012-07-26 04:12 - 00000000 __SHD C:\Program Files\Windows Sidebar

2013-09-14 15:52 - 2013-09-14 15:51 - 93503248 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\msert.exe

2013-09-13 23:26 - 2012-10-31 23:57 - 00022374 _____ C:\WINDOWS\PFRO.log

2013-09-13 18:37 - 2013-09-13 01:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-09-13 18:37 - 2013-09-13 01:02 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2013-09-13 18:37 - 2013-09-13 01:02 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-09-13 18:37 - 2013-09-13 01:02 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-09-13 18:37 - 2013-09-13 01:02 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2013-09-13 18:37 - 2013-09-13 01:02 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2013-09-13 18:37 - 2013-09-13 01:02 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2013-09-13 18:37 - 2013-05-19 01:04 - 00000000 ____D C:\WINDOWS\Minidump

2013-09-13 18:37 - 2012-11-23 01:13 - 00000000 ____D C:\Users\David\AppData\Roaming\BitTorrent

2013-09-13 18:37 - 2012-11-16 01:03 - 00000000 ____D C:\Users\David\AppData\Local\Nero_AG

2013-09-13 18:37 - 2012-07-26 04:12 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2013-09-13 18:37 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\WinStore

2013-09-13 18:37 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata

2013-09-13 18:37 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\system32\WinMetadata

2013-09-13 18:37 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\system32\spp

2013-09-13 18:37 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\rescache

2013-09-13 18:37 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\PolicyDefinitions

2013-09-13 18:37 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\L2Schemas

2013-09-13 18:37 - 2012-07-26 04:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared

2013-09-13 18:37 - 2012-07-26 01:38 - 00000000 ____D C:\WINDOWS\system32\Sysprep

2013-09-13 18:37 - 2012-07-26 01:38 - 00000000 ____D C:\WINDOWS\system32\oobe

2013-09-13 18:36 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\registration

2013-09-13 12:58 - 2013-09-13 12:57 - 00430192 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2013-09-13 12:47 - 2013-01-11 19:24 - 00000967 _____ C:\Users\Public\Desktop\AVG 2013.lnk

2013-09-13 12:42 - 2013-01-25 23:33 - 00000000 ____D C:\Users\Administrator\AppData\Local\Avg2013

2013-09-13 07:32 - 2012-07-26 01:26 - 00524288 ___SH C:\WINDOWS\system32\config\BBI

2013-09-13 01:50 - 2013-08-16 22:22 - 00000000 ____D C:\WINDOWS\system32\MRT

2013-09-13 01:49 - 2012-12-12 04:03 - 79143768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2013-09-13 01:48 - 2012-11-01 00:31 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2683367997-508916164-884079722-1001

2013-09-13 01:37 - 2013-01-24 21:00 - 00000000 ____D C:\Program Files\Microsoft Office 15

2013-09-13 01:18 - 2013-09-13 01:18 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-09-13 01:18 - 2013-09-13 01:18 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-09-13 01:13 - 2013-09-13 01:13 - 00275088 _____ C:\WINDOWS\Minidump\091313-67781-01.dmp

2013-09-13 01:13 - 2013-05-19 01:04 - 324092556 _____ C:\WINDOWS\MEMORY.DMP

2013-09-13 01:02 - 2013-09-13 01:02 - 00002257 _____ C:\Users\TEMP\Desktop\Google Chrome.lnk

2013-09-13 01:02 - 2013-09-13 01:02 - 00001432 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-09-13 01:02 - 2013-09-13 01:02 - 00000020 ___SH C:\Users\TEMP\ntuser.ini

2013-09-13 01:02 - 2013-09-13 01:02 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Adobe

2013-09-13 01:02 - 2013-09-13 01:02 - 00000000 ____D C:\Users\TEMP\AppData\Local\VirtualStore

2013-09-13 01:02 - 2013-09-13 01:02 - 00000000 ____D C:\Users\TEMP\AppData\Local\Packages

2013-09-13 00:54 - 2013-09-15 19:28 - 00000000 ____D C:\Users\TEMP.DAVID-PC\AppData\Local\SoftThinks

2013-09-13 00:54 - 2013-09-13 01:02 - 00000000 ____D C:\Users\TEMP\AppData\Local\SoftThinks

2013-09-13 00:54 - 2013-08-04 13:19 - 00000000 ____D C:\Users\David\AppData\Roaming\Spotify

2013-09-13 00:54 - 2012-11-01 00:04 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks

2013-09-13 00:54 - 2012-11-01 00:04 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks

2013-09-13 00:52 - 2013-09-13 00:52 - 00000000 ____D C:\Users\David\Downloads\WatchMyGF.com - Emo

2013-09-13 00:52 - 2013-09-13 00:52 - 00000000 ____D C:\Users\David\Downloads\WatchMyGf Pack - 65 Clips

2013-09-13 00:19 - 2013-08-04 13:20 - 00000000 ____D C:\Users\David\AppData\Local\Spotify

2013-09-13 00:19 - 2012-10-31 16:47 - 00000000 ____D C:\Users\David\AppData\Local\Adobe

2013-09-13 00:18 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent

2013-09-11 23:06 - 2013-06-08 00:41 - 00000000 ____D C:\Users\David\Desktop\Christine

2013-09-11 22:32 - 2013-01-11 01:14 - 00527360 ___SH C:\Users\David\Desktop\Thumbs.db

2013-09-11 22:31 - 2013-09-11 22:31 - 00712600 _____ C:\Users\David\Desktop\turkey trot.prn

2013-09-10 23:52 - 2012-11-01 01:01 - 00000024 _____ C:\Users\David\random.dat

2013-09-10 23:47 - 2012-11-01 01:01 - 00000044 _____ C:\Users\David\jagex_cl_runescape_LIVE.dat

2013-09-10 22:46 - 2012-05-07 12:31 - 00003742 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

2013-09-10 22:31 - 2012-11-16 01:02 - 00000000 ____D C:\Users\David\AppData\Local\Nero

2013-09-09 17:42 - 2012-07-26 01:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM

2013-09-08 23:57 - 2013-08-18 23:44 - 00000000 ____D C:\Users\David\Desktop\kelsey

2013-09-08 14:22 - 2013-09-08 14:20 - 00000000 ____D C:\Users\David\Downloads\John Mayer - Paradise Valley [MP3-320-Cov][bubanee]

2013-09-08 14:19 - 2013-09-08 14:18 - 00000000 ____D C:\Users\David\Desktop\David Gossett

2013-09-08 14:18 - 2013-08-25 22:41 - 00000000 ____D C:\Users\David\Desktop\jess

2013-09-07 18:16 - 2013-09-07 17:57 - 872212558 _____ C:\Users\David\Downloads\Girls Gone Wild - Very Bad Girls #8.avi

2013-09-07 18:11 - 2013-09-07 18:05 - 366592264 _____ C:\Users\David\Downloads\gfr_my_girls_girlfriend.mp4

2013-09-07 18:03 - 2013-09-07 18:03 - 00000000 ____D C:\Users\David\Downloads\Schoolgirl.POV.9.XXX

2013-09-07 17:55 - 2013-09-07 17:55 - 00000875 _____ C:\Users\David\Desktop\BitTorrent.lnk

2013-09-07 17:55 - 2013-09-07 17:55 - 00000855 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk

2013-09-05 16:09 - 2012-07-26 04:14 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2013-09-05 16:09 - 2012-07-26 04:14 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2013-09-05 01:43 - 2013-09-05 01:43 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgrkx64.sys

2013-09-01 11:32 - 2013-09-01 11:31 - 00920040 _____ C:\WINDOWS\Minidump\090113-45218-01.dmp

2013-09-01 11:32 - 2012-10-31 16:45 - 00000564 _____ C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job

2013-08-31 09:10 - 2013-08-31 09:10 - 00000000 ____D C:\Users\David\Downloads\If You Were A Movie, This Would Be Your Soundtrack

2013-08-31 09:09 - 2013-08-31 09:09 - 00000000 ____D C:\Users\David\Downloads\Feel

2013-08-31 09:07 - 2013-08-25 23:54 - 1724877693 _____ C:\Users\David\Downloads\MOFOS_ I Know That Girl 13 XXX DVDRip NEW (2013).mp4

2013-08-28 23:00 - 2012-10-31 16:45 - 00004234 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask

2013-08-26 17:17 - 2013-08-26 17:17 - 00036178 _____ C:\Users\David\Desktop\billie.jpeg

2013-08-21 00:12 - 2013-09-11 22:15 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2013-08-21 00:12 - 2013-09-11 22:15 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2013-08-21 00:11 - 2013-09-11 22:15 - 19246592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2013-08-21 00:11 - 2013-09-11 22:15 - 15404544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2013-08-21 00:11 - 2013-09-11 22:15 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2013-08-21 00:11 - 2013-09-11 22:15 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2013-08-21 00:11 - 2013-09-11 22:15 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2013-08-21 00:11 - 2013-09-11 22:15 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll

2013-08-21 00:11 - 2013-09-11 22:15 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2013-08-21 00:11 - 2013-09-11 22:15 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2013-08-21 00:11 - 2013-09-11 22:15 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll

2013-08-21 00:11 - 2013-09-11 22:15 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll

2013-08-21 00:11 - 2013-09-11 22:15 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll

2013-08-21 00:11 - 2013-09-11 22:15 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll

2013-08-21 00:11 - 2013-09-11 22:15 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll

2013-08-20 22:34 - 2013-09-11 22:15 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb

2013-08-20 22:06 - 2013-09-11 22:15 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2013-08-20 22:06 - 2013-09-11 22:15 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2013-08-20 22:06 - 2013-09-11 22:15 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll

2013-08-20 22:05 - 2013-09-11 22:15 - 14332928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2013-08-20 22:05 - 2013-09-11 22:15 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2013-08-20 22:05 - 2013-09-11 22:15 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2013-08-20 22:05 - 2013-09-11 22:15 - 02048000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2013-08-20 22:05 - 2013-09-11 22:15 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2013-08-20 22:05 - 2013-09-11 22:15 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2013-08-20 22:05 - 2013-09-11 22:15 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll

2013-08-20 22:05 - 2013-09-11 22:15 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll

2013-08-20 22:05 - 2013-09-11 22:15 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll

2013-08-20 22:05 - 2013-09-11 22:15 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll

2013-08-20 21:43 - 2013-09-11 22:15 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb

2013-08-20 19:52 - 2013-09-11 22:15 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll

2013-08-18 01:13 - 2013-08-18 01:13 - 00963720 _____ C:\WINDOWS\Minidump\081813-32171-01.dmp

2013-08-18 01:07 - 2013-09-15 19:28 - 00000000 ___RD C:\Users\TEMP.DAVID-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2013-08-18 01:07 - 2012-07-26 04:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2013-08-18 01:07 - 2012-07-26 04:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2013-08-18 01:07 - 2012-07-26 04:12 - 00000000 ____D C:\Program Files\Windows Defender

2013-08-18 01:07 - 2012-07-26 04:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender

2013-08-16 01:41 - 2013-09-11 22:16 - 00058200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys

2013-08-16 01:39 - 2013-09-11 22:16 - 02371728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll

2013-08-16 01:39 - 2013-09-11 22:16 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2013-08-16 01:32 - 2013-09-11 22:16 - 00209200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe

2013-08-16 01:22 - 2013-09-11 22:16 - 04917760 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe

2013-08-16 01:22 - 2013-09-11 22:16 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe

2013-08-16 01:21 - 2013-09-11 22:16 - 03275776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2013-08-16 01:21 - 2013-09-11 22:16 - 01621504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll

2013-08-16 01:21 - 2013-09-11 22:16 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll

2013-08-16 01:21 - 2013-09-11 22:16 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2013-08-16 01:21 - 2013-09-11 22:16 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll

2013-08-16 01:21 - 2013-09-11 22:16 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll

2013-08-16 01:21 - 2013-09-11 22:16 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll

2013-08-16 01:21 - 2013-09-11 22:16 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll

2013-08-16 01:21 - 2013-09-11 22:16 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll

2013-08-16 01:21 - 2013-09-11 22:16 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll

2013-08-16 01:21 - 2013-09-11 22:16 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll

2013-08-16 01:21 - 2013-09-11 22:16 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2013-08-16 01:21 - 2013-09-11 22:16 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll

2013-08-16 01:21 - 2013-09-11 22:16 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll

2013-08-16 01:21 - 2013-09-11 22:16 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll

2013-08-16 01:21 - 2013-09-11 22:16 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcln.dll

2013-08-16 01:21 - 2013-09-11 22:16 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

2013-08-16 01:21 - 2013-09-11 22:16 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll

2013-08-16 01:20 - 2013-09-11 22:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll

 

Files to move or delete:

====================

C:\Users\Administrator\jagex_cl_oldschool_LIVE.dat

C:\Users\Administrator\random.dat

C:\Users\David\jagex_cl_oldschool_LIVE.dat

C:\Users\David\jagex_cl_runescape_LIVE.dat

C:\Users\David\random.dat

 

 

Some content of TEMP:

====================

C:\Users\Administrator\AppData\Local\Temp\TB_C5FA.exe

C:\Users\David\AppData\Local\Temp\FAInstallV3.001.083.Dell.exe

C:\Users\David\AppData\Local\Temp\FAInstallV4.000.144.Dell.exe

C:\Users\David\AppData\Local\Temp\FAInstallV4.000.173.Dell.exe

C:\Users\David\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe

C:\Users\David\AppData\Local\Temp\OfficeSetup.exe

C:\Users\David\AppData\Local\Temp\uttB6C1.tmp.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-09-13 03:10

 

==================== End Of Log ============================

Addition.txt

[MrCharlie]

I have to stop here because there's evidence of illegal software on your system.
The software is Adobe and the crack is your host file, it allows you to by-pass Adobe activation.

Read the policy on Piracy here:
http://forums.malwarebytes.org/index.php?showtopic=97700

If you want to continue to receive help, remove the software and restore the host file back to Microsofts original.

MrC

[pkgoss02]

??? just tell me how and i will, but as of currently i cannot access the computer

[MrCharlie]

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

MrC

[MrCharlie]

How are we doing??

Do you still need help or can I close this post??

MrC

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!