AFP Virus - anti-malware not detecting

SouthernCross87 · Feb 19, 2013

Need help ASAP please Maleware tips team! I'm not a PC expert but from reading the threads I don't think this virus is gone...

Fiery · Feb 20, 2013

Hi and welcome to MalwareTips!

I'm Fiery and I would gladly assist you in removing the malware on your computer.

Before we start:

Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
The absence of symptoms does not mean your PC is fully disinfected.
If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
Most of the virus is gone, we will run a few scans to check for remnants and make sure it's not hiding anywhere. We will run a scan outside the operating system environment to root out any potential rootkits.

Open OTL. Under custom scan/fixes, copy and paste the following:

:Files
C:\ProgramData\28775468.pad
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.

Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 32 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST.exe" rel="nofollow external"><>Farbar Recovery Scan Tool</></a> and save it to a USB/flash drive.
</li>

Also download List Parts 32bit and save it to the USB/flash drive also.

<li>Plug the flashdrive into the infected PC.</li>

<li>Enter <>System Recovery Options</>.</li>

<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>

<li>On the System Recovery Options menu you will get the following options:
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <>e:\frst.exe</> and press <>Enter</>
<>Note:</> Replace letter <>e</> with the drive letter of your flash drive.</li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Back in the command prompt, type <>e:\listparts.exe</> and press <>Enter</>
<li>ListParts will start to run. Check the box beside List BCD and click Scan
<li>When finished scanning it will make a log Result.txt on the flash drive
<li>Type exit</li>
<li>Please copy and paste both FRST.txt and Result.txt logs in your next reply</li></li>
</ol>
</ul>

SouthernCross87 · Feb 20, 2013

Hi Fiery,

Thanks for picking up my thread. Results of OTL fix below, starting on Farbar and List Parts now.

All processes killed
========== FILES ==========
C:\ProgramData\28775468.pad moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Adam\Downloads\cmd.bat deleted successfully.
C:\Users\Adam\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Adam
->Temp folder emptied: 266168551 bytes
->Temporary Internet Files folder emptied: 230587606 bytes
->Java cache emptied: 21053 bytes
->Google Chrome cache emptied: 10675020 bytes
->Flash cache emptied: 106873 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 942222623 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 29618682 bytes
RecycleBin emptied: 300440 bytes

Total Files Cleaned = 1,411.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 02202013_165107

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

SouthernCross87 · Feb 20, 2013

Hi Fiery,

FRST.txt file log:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-02-2013 01
Ran by SYSTEM at 20-02-2013 17:37:44
Running from F:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-01-17] (Synaptics, Inc.)
HKLM\...\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0" [222504 2007-12-24] (CyberLink Corp.)
HKLM\...\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" [468264 2008-05-14] (CyberLink Corp.)
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [202032 2008-03-14] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [554288 2007-11-01] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [70912 2008-04-15] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2007-11-20] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-16] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421160 2011-04-26] (Apple Inc.)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [442433 2008-04-16] (IDT, Inc.)
HKU\Adam\...\Run: [Google Update] "C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-05-22] (Google Inc.)
HKU\Adam\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [17418928 2012-07-12] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Startup: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> X:\windows\system32\config\systemprofile\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)

==================== Services (Whitelisted) ===================

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe [73728 2008-02-11] (Andrea Electronics Corporation)
2 Freemake Improver; "C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe" [100864 2013-01-10] (Freemake)
2 QPCapSvc; "C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [292248 2008-05-14] ()
2 QPSched; "C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [116112 2008-05-14] ()
2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [341328 2008-03-26] ()
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe [221239 2008-04-16] (IDT, Inc.)
2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]

==================== Drivers (Whitelisted) ====================

0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [170000 2008-04-14] (AMD Technologies Inc.)
0 Amddfltr; C:\Windows\System32\DRIVERS\Amddfltr.sys [15416 2008-01-07] (Advanced Micro Devices)
3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [143952 2010-09-17] (Trend Micro Inc.)
2 {22D78859-9CE9-4B77-BF18-AC83E81A9263}; \??\C:\Program Files\HP\QuickPlay\000.fcl [61424 2008-05-14] (Cyberlink Corp.)
1 eabfiltr; [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 UIUSys; C:\Windows\System32\DRIVERS\UIUSYS.SYS [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-02-20 17:37 - 2013-02-20 17:37 - 00000000 ____D C:\FRST
2013-02-19 22:46 - 2013-02-19 22:46 - 00003402 ____A C:\Users\Adam\Desktop\02202013_165107.log
2013-02-19 22:21 - 2013-02-19 22:21 - 00000000 ____D C:\_OTL
2013-02-19 21:47 - 2013-02-19 21:48 - 00798208 ____A C:\Users\Adam\Downloads\RogueKiller.exe
2013-02-19 21:47 - 2013-02-19 21:47 - 00587671 ____A C:\Users\Adam\Downloads\AdwCleaner.exe
2013-02-19 21:40 - 2013-02-19 21:40 - 00001676 ____A C:\Users\Adam\Desktop\aswMBR.txt
2013-02-19 21:40 - 2013-02-19 21:40 - 00000512 ____A C:\Users\Adam\Desktop\MBR.dat
2013-02-19 21:37 - 2013-02-19 21:38 - 04732416 ____A (AVAST Software) C:\Users\Adam\Downloads\aswMBR.exe
2013-02-19 21:36 - 2013-02-19 21:36 - 00048378 ____A C:\Users\Adam\Desktop\Extras.Txt
2013-02-19 21:29 - 2013-02-19 21:29 - 00175710 ____A C:\Users\Adam\Desktop\OTL.Txt
2013-02-19 21:29 - 2013-02-19 21:29 - 00048378 ____A C:\Users\Adam\Downloads\Extras.Txt
2013-02-19 21:26 - 2013-02-19 21:26 - 00175710 ____A C:\Users\Adam\Downloads\OTL.Txt
2013-02-19 21:16 - 2013-02-19 21:16 - 00602112 ____A (OldTimer Tools) C:\Users\Adam\Downloads\OTL.exe
2013-02-19 21:09 - 2013-02-19 21:09 - 00020298 ____A C:\Users\Adam\Desktop\HitmanPro_20130220_1539.log
2013-02-19 21:03 - 2013-02-19 21:03 - 00001692 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-02-19 21:03 - 2013-02-19 21:03 - 00001692 ____A C:\ProgramData\Desktop\HitmanPro.lnk
2013-02-19 21:03 - 2013-02-19 21:03 - 00000000 ____D C:\Program Files\HitmanPro
2013-02-19 21:02 - 2013-02-19 21:09 - 00000000 ____D C:\ProgramData\HitmanPro
2013-02-19 21:02 - 2013-02-19 21:09 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro
2013-02-19 21:01 - 2013-02-19 21:02 - 08984048 ____A (SurfRight B.V.) C:\Users\Adam\Downloads\HitmanPro.exe
2013-02-19 18:48 - 2013-02-19 18:48 - 00000866 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-02-19 18:48 - 2013-02-19 18:48 - 00000866 ____A C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2013-02-19 18:48 - 2013-02-19 18:48 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-02-19 18:48 - 2012-12-13 22:19 - 00021104 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-02-19 18:47 - 2013-02-19 18:47 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Adam\Downloads\mbam-setup-1.70.0.1100.exe
2013-02-15 08:40 - 2012-03-01 06:46 - 00219648 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-02-15 08:40 - 2012-03-01 06:46 - 00160768 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-02-15 08:40 - 2012-02-29 06:08 - 01172480 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-02-15 08:40 - 2012-02-29 05:44 - 00683008 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-02-15 08:40 - 2012-02-29 05:41 - 01069056 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-02-15 08:40 - 2011-03-12 13:55 - 00876032 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-02-14 09:59 - 2013-02-14 09:59 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-02-14 09:58 - 2013-02-14 09:58 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2013-02-14 09:58 - 2013-02-14 09:58 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
2013-02-14 09:23 - 2009-09-09 18:01 - 03023360 ____A (Microsoft Corporation) C:\Windows\System32\UIRibbon.dll
2013-02-14 09:23 - 2009-09-09 18:00 - 01164800 ____A (Microsoft Corporation) C:\Windows\System32\UIRibbonRes.dll
2013-02-14 09:23 - 2009-09-09 18:00 - 00092672 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-02-14 09:22 - 2009-09-30 17:02 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\BthMtpContextHandler.dll
2013-02-14 09:22 - 2009-09-30 17:02 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\WPDShextAutoplay.exe
2013-02-14 09:22 - 2009-09-30 17:01 - 00081920 ____A (Microsoft Corporation) C:\Windows\System32\wpdbusenum.dll
2013-02-14 09:21 - 2009-09-30 17:02 - 02537472 ____A (Microsoft Corporation) C:\Windows\System32\wpdshext.dll
2013-02-14 09:21 - 2009-09-30 17:02 - 00334848 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceApi.dll
2013-02-14 09:21 - 2009-09-30 17:02 - 00087552 ____A (Microsoft Corporation) C:\Windows\System32\WPDShServiceObj.dll
2013-02-14 09:21 - 2009-09-30 17:01 - 00546816 ____A (Microsoft Corporation) C:\Windows\System32\wpd_ci.dll
2013-02-14 09:21 - 2009-09-30 17:01 - 00350208 ____A (Microsoft Corporation) C:\Windows\System32\WPDSp.dll
2013-02-14 09:21 - 2009-09-30 17:01 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\WpdMtp.dll
2013-02-14 09:21 - 2009-09-30 17:01 - 00196608 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceWMDRM.dll
2013-02-14 09:21 - 2009-09-30 17:01 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceTypes.dll
2013-02-14 09:21 - 2009-09-30 17:01 - 00100864 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceClassExtension.dll
2013-02-14 09:21 - 2009-09-30 17:01 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\WpdMtpUS.dll
2013-02-14 09:21 - 2009-09-30 17:01 - 00060928 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceConnectApi.dll
2013-02-14 09:21 - 2009-09-30 17:01 - 00040448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WpdUsb.sys
2013-02-14 09:21 - 2009-09-30 17:01 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\WpdConns.dll
2013-02-14 09:12 - 2012-02-29 07:11 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2013-02-14 09:12 - 2012-02-29 07:09 - 00157696 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2013-02-14 09:12 - 2012-02-29 05:32 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2013-02-14 09:02 - 2013-02-14 09:02 - 12321280 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-02-14 09:02 - 2013-02-14 09:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-02-14 09:02 - 2013-02-14 09:02 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-02-14 09:02 - 2013-02-14 09:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-02-14 09:02 - 2013-02-14 09:02 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-02-14 09:02 - 2013-02-14 09:02 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-02-14 09:02 - 2013-02-14 09:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-02-14 09:02 - 2013-02-14 09:02 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-02-14 09:02 - 2013-02-14 09:02 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-14 09:02 - 2013-02-14 09:02 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-02-14 09:02 - 2013-02-14 09:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-02-14 09:02 - 2013-02-14 09:02 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-02-14 09:02 - 2013-02-14 09:02 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-02-14 09:01 - 2013-02-14 09:01 - 02873344 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 01554432 ____A (Microsoft Corporation) C:\Windows\System32\xpsservices.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 01075712 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 01029120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 00979456 ____A (Microsoft Corporation) C:\Windows\System32\MFH264Dec.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 00847360 ____A (Microsoft Corporation) C:\Windows\System32\OpcServices.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 00667648 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
2013-02-14 09:01 - 2013-02-14 09:01 - 00638336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-02-14 09:01 - 2013-02-14 09:01 - 00586240 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 00486400 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 00478720 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 00357376 ____A (Microsoft Corporation) C:\Windows\System32\MFHEAACdec.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 00302592 ____A (Microsoft Corporation) C:\Windows\System32\mfmp4src.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 00261632 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 00258048 ____A (Microsoft Corporation) C:\Windows\System32\winspool.drv
2013-02-14 09:01 - 2013-02-14 09:01 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 00189952 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 00098816 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 00026112 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelineprxy.dll
2013-02-14 09:00 - 2013-02-14 09:00 - 00974848 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-02-14 09:00 - 2013-02-14 09:00 - 00519680 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-02-14 09:00 - 2013-02-14 09:00 - 00369664 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-02-14 09:00 - 2013-02-14 09:00 - 00321024 ____A (Microsoft Corporation) C:\Windows\System32\PhotoMetadataHandler.dll
2013-02-14 09:00 - 2013-02-14 09:00 - 00252928 ____A (Microsoft Corporation) C:\Windows\System32\dxdiag.exe
2013-02-14 09:00 - 2013-02-14 09:00 - 00195584 ____A (Microsoft Corporation) C:\Windows\System32\dxdiagn.dll
2013-02-14 09:00 - 2013-02-14 09:00 - 00189440 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-02-14 08:58 - 2013-02-14 09:02 - 00003837 ____A C:\Windows\IE9_main.log
2013-02-14 08:42 - 2012-07-25 18:46 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2013-02-14 08:42 - 2012-07-25 18:33 - 00066560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2013-02-14 08:42 - 2012-07-25 18:32 - 00155136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2013-02-14 08:42 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-02-14 08:42 - 2012-06-02 06:34 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-02-14 08:42 - 2009-07-14 04:12 - 00016896 ____A (Microsoft Corporation) C:\Windows\System32\winusb.dll
2013-02-14 08:41 - 2012-07-25 19:39 - 00526952 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-02-14 08:41 - 2012-07-25 19:39 - 00047720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2013-02-14 08:41 - 2012-07-25 19:21 - 00196608 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2013-02-14 08:41 - 2012-07-25 19:20 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2013-02-14 08:41 - 2012-07-25 19:20 - 00172032 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2013-02-14 08:41 - 2012-07-25 19:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2013-02-14 08:41 - 2012-07-25 19:20 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2013-02-14 08:31 - 2012-12-16 05:12 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-02-14 08:31 - 2012-12-16 02:50 - 00293376 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-02-13 22:19 - 2012-09-25 08:19 - 00075776 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2013-02-13 22:19 - 2012-05-11 07:57 - 00623616 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2013-02-13 22:19 - 2011-11-18 12:23 - 01205064 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-02-13 22:19 - 2011-10-14 08:03 - 00189952 ____A (Microsoft Corporation) C:\Windows\System32\winmm.dll
2013-02-13 22:19 - 2011-10-14 08:00 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\mciseq.dll
2013-02-13 22:19 - 2011-07-29 08:01 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2013-02-13 22:19 - 2011-07-29 08:01 - 00217088 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2013-02-13 22:19 - 2011-07-29 08:00 - 00069632 ____A (Microsoft Corporation) C:\Windows\System32\Mpeg2Data.ax
2013-02-13 22:19 - 2011-07-29 08:00 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax
2013-02-13 22:18 - 2013-01-03 17:38 - 02048512 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-02-13 22:18 - 2012-11-02 02:18 - 00376320 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2013-02-13 22:18 - 2012-11-02 00:26 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\dpnsvr.exe
2013-02-13 22:18 - 2012-08-21 03:47 - 00224640 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2013-02-13 22:18 - 2012-06-29 08:01 - 00467968 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2013-02-13 22:18 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-02-13 22:18 - 2012-03-20 15:28 - 00053120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2013-02-13 22:18 - 2011-11-18 09:47 - 00066560 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2013-02-13 22:18 - 2011-10-14 08:02 - 00429056 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2013-02-13 22:18 - 2011-02-22 06:13 - 00288768 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-02-13 22:18 - 2011-02-22 05:33 - 00797696 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-02-13 22:17 - 2012-11-21 19:54 - 00353280 ____A (Microsoft Corporation) C:\Windows\System32\shlwapi.dll
2013-02-13 22:17 - 2012-11-19 20:22 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-02-13 22:17 - 2012-11-12 17:29 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-02-13 22:17 - 2012-11-07 19:48 - 01314816 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2013-02-13 22:17 - 2012-09-28 08:11 - 00892928 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-02-13 22:17 - 2012-08-24 07:53 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-02-13 22:17 - 2012-06-01 16:02 - 00985088 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-02-13 22:17 - 2012-06-01 16:02 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-02-13 22:17 - 2012-06-01 16:02 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-02-13 22:17 - 2011-12-14 08:17 - 00680448 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2013-02-13 22:17 - 2011-11-25 07:59 - 00376320 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-02-13 22:16 - 2013-01-04 21:26 - 03602808 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-02-13 22:16 - 2013-01-04 21:26 - 03550072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-02-13 22:16 - 2013-01-04 03:28 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-02-13 22:16 - 2012-11-02 02:19 - 01400832 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-02-13 22:16 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-02-13 22:16 - 2012-05-01 06:03 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2013-02-13 22:16 - 2011-11-16 08:23 - 00377344 ____A (Microsoft Corporation) C:\Windows\System32\winhttp.dll
2013-02-13 22:16 - 2011-10-25 07:58 - 00497152 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-02-13 22:16 - 2011-10-25 07:56 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-02-13 22:16 - 2011-08-25 08:15 - 00555520 ____A (Microsoft Corporation) C:\Windows\System32\UIAutomationCore.dll
2013-02-13 22:16 - 2011-08-25 08:14 - 00563712 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2013-02-13 22:16 - 2011-08-25 08:14 - 00238080 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2013-02-13 22:16 - 2011-08-25 05:31 - 00004096 ____A (Microsoft Corporation) C:\Windows\System32\oleaccrc.dll
2013-02-13 22:16 - 2011-06-15 08:12 - 00182784 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2013-02-13 22:15 - 2012-06-04 07:26 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-02-13 22:15 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-02-13 22:15 - 2011-11-16 08:23 - 00072704 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-02-13 22:15 - 2011-11-16 08:21 - 01259008 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-02-13 22:15 - 2011-11-16 06:12 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-02-13 22:15 - 2010-05-04 11:13 - 00231424 ____A (Microsoft Corporation) C:\Windows\System32\msshsq.dll
2013-02-13 21:56 - 2012-01-09 07:54 - 00613376 ____A (Microsoft Corporation) C:\Windows\System32\rdpencom.dll
2013-02-13 21:40 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2013-02-13 21:40 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2013-02-13 21:40 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2013-02-13 21:40 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2013-02-13 21:39 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2013-02-13 21:39 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2013-02-13 21:39 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2013-02-13 21:39 - 2012-06-01 20:49 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2013-02-13 21:39 - 2012-06-01 20:42 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2013-02-12 20:48 - 2013-02-12 20:50 - 00000000 ____D C:\Windows\System32\vi-VN
2013-02-12 20:48 - 2013-02-12 20:50 - 00000000 ____D C:\Windows\System32\eu-ES
2013-02-12 20:48 - 2013-02-12 20:50 - 00000000 ____D C:\Windows\System32\ca-ES
2013-02-12 20:27 - 2013-02-12 20:27 - 00000000 ____D C:\ProgramData\Sun
2013-02-12 20:27 - 2013-02-12 20:27 - 00000000 ____D C:\ProgramData\Application Data\Sun
2013-02-12 20:27 - 2013-02-12 20:26 - 00477616 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2013-02-12 20:27 - 2013-02-12 20:26 - 00473520 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2013-02-12 20:27 - 2013-02-12 20:26 - 00158128 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2013-02-12 20:27 - 2013-02-12 20:26 - 00149936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2013-02-12 20:27 - 2013-02-12 20:26 - 00149936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2013-02-12 20:20 - 2013-02-12 20:20 - 00000000 ____D C:\Windows\System32\EventProviders
2013-01-25 19:19 - 2013-01-25 19:20 - 00000000 ____D C:\Users\Adam\My Documents\Freemake
2013-01-25 19:19 - 2013-01-25 19:20 - 00000000 ____D C:\Users\Adam\Documents\Freemake
2013-01-25 19:19 - 2013-01-25 19:20 - 00000000 ____D C:\ProgramData\Freemake
2013-01-25 19:19 - 2013-01-25 19:20 - 00000000 ____D C:\ProgramData\Application Data\Freemake
2013-01-25 19:19 - 2013-01-25 19:19 - 00001073 ____A C:\Users\Public\Desktop\Freemake Video Converter.lnk
2013-01-25 19:19 - 2013-01-25 19:19 - 00001073 ____A C:\ProgramData\Desktop\Freemake Video Converter.lnk
2013-01-25 19:19 - 2013-01-25 19:19 - 00000000 ____D C:\Program Files\Freemake
2013-01-24 21:37 - 2013-01-24 21:37 - 00094208 ____A C:\Users\Adam\Downloads\January-March 2013 - Key Dates.xls
2013-01-24 21:35 - 2013-02-19 05:59 - 00016130 ____A C:\Users\Adam\Desktop\Hamleys Hours.xlsx
2013-01-22 21:25 - 2010-06-01 10:25 - 00527192 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2013-01-22 21:25 - 2010-06-01 10:25 - 00239960 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2013-01-22 21:25 - 2010-06-01 10:25 - 00074072 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2013-01-22 21:25 - 2010-05-25 17:11 - 02106216 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2013-01-22 21:25 - 2010-05-25 17:11 - 01998168 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2013-01-22 21:25 - 2010-05-25 17:11 - 01868128 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2013-01-22 21:25 - 2010-05-25 17:11 - 00470880 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2013-01-22 21:25 - 2010-05-25 17:11 - 00248672 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2013-01-22 21:25 - 2010-02-03 15:31 - 00528216 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2013-01-22 21:25 - 2010-02-03 15:31 - 00238936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2013-01-22 21:25 - 2010-02-03 15:31 - 00074072 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2013-01-22 21:25 - 2010-02-03 15:31 - 00022360 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2013-01-22 21:25 - 2009-09-03 23:14 - 00515416 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2013-01-22 21:25 - 2009-09-03 23:14 - 00238936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2013-01-22 21:25 - 2009-09-03 23:14 - 00069464 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2013-01-22 21:25 - 2009-09-03 22:59 - 05501792 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2013-01-22 21:25 - 2009-09-03 22:59 - 01974616 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2013-01-22 21:25 - 2009-09-03 22:59 - 01892184 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2013-01-22 21:25 - 2009-09-03 22:59 - 00453456 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2013-01-22 21:25 - 2009-09-03 22:59 - 00235344 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2013-01-22 21:25 - 2009-03-15 19:48 - 00517448 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2013-01-22 21:25 - 2009-03-15 19:48 - 00235352 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2013-01-22 21:25 - 2009-03-15 19:48 - 00022360 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2013-01-22 21:25 - 2009-03-08 20:57 - 04178264 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2013-01-22 21:25 - 2009-03-08 20:57 - 01846632 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
2013-01-22 21:25 - 2009-03-08 20:57 - 00453456 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
2013-01-22 21:25 - 2008-10-14 11:52 - 04379984 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2013-01-22 21:25 - 2008-10-14 11:52 - 02036576 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2013-01-22 21:25 - 2008-10-14 11:52 - 00452440 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2013-01-22 21:24 - 2008-10-26 15:34 - 00514384 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2013-01-22 21:24 - 2008-10-26 15:34 - 00235856 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2013-01-22 21:24 - 2008-10-26 15:34 - 00070992 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2013-01-22 21:24 - 2008-10-26 15:34 - 00023376 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2013-01-22 21:24 - 2008-07-30 16:11 - 00238088 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2013-01-22 21:24 - 2008-07-30 16:11 - 00068616 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2013-01-22 21:24 - 2008-07-30 16:10 - 00509448 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2013-01-22 21:24 - 2008-07-09 16:31 - 00467984 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2013-01-22 21:24 - 2008-07-09 16:30 - 03851784 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2013-01-22 21:24 - 2008-07-09 16:30 - 01493528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2013-01-22 21:24 - 2008-05-29 19:49 - 00507400 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
2013-01-22 21:24 - 2008-05-29 19:48 - 00238088 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
2013-01-22 21:24 - 2008-05-29 19:47 - 00065032 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
2013-01-22 21:24 - 2008-05-29 19:47 - 00025608 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
2013-01-22 21:24 - 2008-05-29 19:41 - 03850760 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
2013-01-22 21:24 - 2008-05-29 19:41 - 01491992 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
2013-01-22 21:24 - 2008-05-29 19:41 - 00467984 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
2013-01-22 21:24 - 2008-03-04 21:33 - 00479752 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
2013-01-22 21:24 - 2008-03-04 21:33 - 00238088 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
2013-01-22 21:24 - 2008-03-04 21:30 - 00025608 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
2013-01-22 21:24 - 2008-03-04 21:26 - 03786760 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
2013-01-22 21:24 - 2008-03-04 21:26 - 01420824 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
2013-01-22 21:24 - 2008-02-05 04:37 - 00462864 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
2013-01-22 21:24 - 2007-10-21 09:09 - 00267272 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
2013-01-22 21:24 - 2007-10-21 09:07 - 00017928 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
2013-01-22 21:24 - 2007-10-11 20:44 - 03734536 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
2013-01-22 21:24 - 2007-10-11 20:44 - 01374232 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
2013-01-22 21:24 - 2007-10-01 15:26 - 00444776 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
2013-01-22 21:24 - 2007-07-19 06:27 - 00267112 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
2013-01-22 21:24 - 2007-07-18 23:44 - 03727720 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll
2013-01-22 21:24 - 2007-07-18 23:44 - 01358192 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
2013-01-22 21:24 - 2007-07-18 23:44 - 00444776 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
2013-01-22 21:24 - 2007-06-20 02:16 - 00266088 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
2013-01-22 21:24 - 2007-05-15 22:15 - 03497832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
2013-01-22 21:24 - 2007-05-15 22:15 - 01124720 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
2013-01-22 21:24 - 2007-05-15 22:15 - 00443752 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
2013-01-22 21:24 - 2007-04-04 00:25 - 00261480 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
2013-01-22 21:24 - 2007-04-04 00:23 - 00081768 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
2013-01-22 21:24 - 2007-03-14 22:27 - 00443752 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
2013-01-22 21:24 - 2007-03-11 22:12 - 03495784 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
2013-01-22 21:24 - 2007-03-11 22:12 - 01123696 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
2013-01-22 21:24 - 2007-03-04 18:12 - 00015128 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
2013-01-22 21:24 - 2007-01-23 20:57 - 00255848 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
2013-01-22 21:24 - 2006-12-07 17:32 - 00251672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
2013-01-22 21:24 - 2006-11-28 18:36 - 03426072 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
2013-01-22 21:24 - 2006-11-28 18:36 - 00440080 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
2013-01-22 21:24 - 2006-09-27 21:35 - 02414360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
2013-01-22 21:24 - 2006-09-27 21:35 - 00237848 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
2013-01-22 21:24 - 2006-07-27 15:00 - 00236824 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
2013-01-22 21:24 - 2006-07-27 15:00 - 00062744 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
2013-01-22 21:24 - 2006-05-30 12:54 - 00230168 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
2013-01-22 21:24 - 2006-03-30 18:10 - 02388176 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
2013-01-22 21:24 - 2006-03-30 18:09 - 00229584 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
2013-01-22 21:24 - 2006-03-30 18:09 - 00062672 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
2013-01-22 21:24 - 2006-02-02 14:13 - 02332368 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
2013-01-22 21:24 - 2006-02-02 14:12 - 00230096 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
2013-01-22 21:24 - 2006-02-02 14:11 - 00014032 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
2013-01-22 21:24 - 2005-12-04 23:39 - 02323664 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
2013-01-22 21:24 - 2005-07-22 01:29 - 02319568 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
2013-01-22 21:24 - 2005-05-25 21:04 - 02297552 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
2013-01-22 21:24 - 2005-03-17 22:49 - 02337488 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
2013-01-22 21:24 - 2005-02-05 01:15 - 02222800 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
2013-01-22 17:30 - 2013-01-22 17:30 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-01-22 01:01 - 2013-01-22 01:01 - 00000854 ____A C:\Users\Adam\Desktop\join.me.lnk
2013-01-22 01:01 - 2013-01-22 01:01 - 00000000 ____D C:\Users\Adam\Local Settings\join.me
2013-01-22 01:01 - 2013-01-22 01:01 - 00000000 ____D C:\Users\Adam\Local Settings\Application Data\join.me
2013-01-22 01:01 - 2013-01-22 01:01 - 00000000 ____D C:\Users\Adam\AppData\Local\join.me
2013-01-22 00:53 - 2013-01-22 00:53 - 00001746 ____A C:\Users\Adam\Desktop\Hamleys.rdp
2013-01-22 00:32 - 2013-01-22 00:52 - 00001746 ___AH C:\Users\Adam\My Documents\Default.rdp
2013-01-22 00:32 - 2013-01-22 00:52 - 00001746 ___AH C:\Users\Adam\Documents\Default.rdp
2013-01-22 00:14 - 2013-01-22 00:14 - 00000000 ____D C:\ProgramData\McAfee
2013-01-22 00:14 - 2013-01-22 00:14 - 00000000 ____D C:\ProgramData\Application Data\McAfee

==================== One Month Modified Files and Folders ========

2013-02-20 17:37 - 2013-02-20 17:37 - 00000000 ____D C:\FRST
2013-02-19 23:03 - 2011-06-25 11:16 - 00000000 ____D C:\Users\Adam\Application Data\Skype
2013-02-19 23:03 - 2011-06-25 11:16 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Skype
2013-02-19 23:03 - 2011-05-22 12:19 - 01557905 ____A C:\Windows\WindowsUpdate.log
2013-02-19 23:03 - 2006-11-02 05:01 - 00032622 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-02-19 23:03 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-19 23:03 - 2006-11-02 04:52 - 00073830 ____A C:\Windows\setupact.log
2013-02-19 23:03 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-19 23:03 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-19 22:51 - 2006-11-02 02:33 - 00718972 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-19 22:47 - 2012-12-04 14:23 - 00000000 ____D C:\Users\Adam\Application Data\Dropbox
2013-02-19 22:47 - 2012-12-04 14:23 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Dropbox
2013-02-19 22:46 - 2013-02-19 22:46 - 00003402 ____A C:\Users\Adam\Desktop\02202013_165107.log
2013-02-19 22:46 - 2012-12-04 14:28 - 00000000 ___RD C:\Users\Adam\Dropbox
2013-02-19 22:46 - 2011-05-22 12:45 - 00000269 ____A C:\Users\Public\Documents\hpqp.ini
2013-02-19 22:46 - 2011-05-22 12:45 - 00000269 ____A C:\ProgramData\Documents\hpqp.ini
2013-02-19 22:21 - 2013-02-19 22:21 - 00000000 ____D C:\_OTL
2013-02-19 22:11 - 2011-05-22 07:44 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3077527324-4073192309-3894687368-1000UA.job
2013-02-19 21:48 - 2013-02-19 21:47 - 00798208 ____A C:\Users\Adam\Downloads\RogueKiller.exe
2013-02-19 21:47 - 2013-02-19 21:47 - 00587671 ____A C:\Users\Adam\Downloads\AdwCleaner.exe
2013-02-19 21:40 - 2013-02-19 21:40 - 00001676 ____A C:\Users\Adam\Desktop\aswMBR.txt
2013-02-19 21:40 - 2013-02-19 21:40 - 00000512 ____A C:\Users\Adam\Desktop\MBR.dat
2013-02-19 21:38 - 2013-02-19 21:37 - 04732416 ____A (AVAST Software) C:\Users\Adam\Downloads\aswMBR.exe
2013-02-19 21:36 - 2013-02-19 21:36 - 00048378 ____A C:\Users\Adam\Desktop\Extras.Txt
2013-02-19 21:29 - 2013-02-19 21:29 - 00175710 ____A C:\Users\Adam\Desktop\OTL.Txt
2013-02-19 21:29 - 2013-02-19 21:29 - 00048378 ____A C:\Users\Adam\Downloads\Extras.Txt
2013-02-19 21:26 - 2013-02-19 21:26 - 00175710 ____A C:\Users\Adam\Downloads\OTL.Txt
2013-02-19 21:16 - 2013-02-19 21:16 - 00602112 ____A (OldTimer Tools) C:\Users\Adam\Downloads\OTL.exe
2013-02-19 21:09 - 2013-02-19 21:09 - 00020298 ____A C:\Users\Adam\Desktop\HitmanPro_20130220_1539.log
2013-02-19 21:09 - 2013-02-19 21:02 - 00000000 ____D C:\ProgramData\HitmanPro
2013-02-19 21:09 - 2013-02-19 21:02 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro
2013-02-19 21:03 - 2013-02-19 21:03 - 00001692 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-02-19 21:03 - 2013-02-19 21:03 - 00001692 ____A C:\ProgramData\Desktop\HitmanPro.lnk
2013-02-19 21:03 - 2013-02-19 21:03 - 00000000 ____D C:\Program Files\HitmanPro
2013-02-19 21:02 - 2013-02-19 21:01 - 08984048 ____A (SurfRight B.V.) C:\Users\Adam\Downloads\HitmanPro.exe
2013-02-19 18:48 - 2013-02-19 18:48 - 00000866 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-02-19 18:48 - 2013-02-19 18:48 - 00000866 ____A C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2013-02-19 18:48 - 2013-02-19 18:48 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-02-19 18:47 - 2013-02-19 18:47 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Adam\Downloads\mbam-setup-1.70.0.1100.exe
2013-02-19 18:43 - 2011-05-22 07:44 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3077527324-4073192309-3894687368-1000Core.job
2013-02-19 18:42 - 2011-05-22 04:57 - 00000000 ____D C:\users\Adam
2013-02-19 18:42 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool
2013-02-19 18:42 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\registration
2013-02-19 18:42 - 2006-11-02 02:22 - 44040192 ____A C:\Windows\System32\config\software_previous
2013-02-19 18:42 - 2006-11-02 02:22 - 36962304 ____A C:\Windows\System32\config\components_previous
2013-02-19 18:42 - 2006-11-02 02:22 - 29622272 ____A C:\Windows\System32\config\system_previous
2013-02-19 18:42 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2013-02-19 18:42 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2013-02-19 18:42 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\default_previous
2013-02-19 18:27 - 2012-01-31 15:17 - 00000680 ____A C:\Users\Adam\Local Settings\d3d9caps.dat
2013-02-19 18:27 - 2012-01-31 15:17 - 00000680 ____A C:\Users\Adam\Local Settings\Application Data\d3d9caps.dat
2013-02-19 18:27 - 2012-01-31 15:17 - 00000680 ____A C:\Users\Adam\AppData\Local\d3d9caps.dat
2013-02-19 05:59 - 2013-01-24 21:35 - 00016130 ____A C:\Users\Adam\Desktop\Hamleys Hours.xlsx
2013-02-19 00:42 - 2011-09-06 10:05 - 00000052 ____A C:\Windows\System32\DOErrors.log
2013-02-18 21:32 - 2011-06-03 02:33 - 00103936 ____A C:\Users\Adam\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-18 21:32 - 2011-06-03 02:33 - 00103936 ____A C:\Users\Adam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-18 21:32 - 2011-06-03 02:33 - 00103936 ____A C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-18 16:47 - 2012-12-25 15:51 - 00000000 ____D C:\Users\Adam\My Documents\Adelaide
2013-02-18 16:47 - 2012-12-25 15:51 - 00000000 ____D C:\Users\Adam\Documents\Adelaide
2013-02-16 16:41 - 2013-02-16 16:30 - 258862433 ____A C:\Users\Adam\Downloads\bv.13011513.avi
2013-02-16 00:00 - 2011-05-22 08:38 - 00000000 ____D C:\Users\Adam\My Documents\To Do
2013-02-16 00:00 - 2011-05-22 08:38 - 00000000 ____D C:\Users\Adam\Documents\To Do
2013-02-15 23:55 - 2012-12-25 15:52 - 00000000 ____D C:\Users\Adam\My Documents\Oz Funding
2013-02-15 23:55 - 2012-12-25 15:52 - 00000000 ____D C:\Users\Adam\Documents\Oz Funding
2013-02-14 10:19 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache
2013-02-14 10:15 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-02-14 10:03 - 2006-11-02 04:47 - 00378376 ____A C:\Windows\System32\FNTCACHE.DAT
2013-02-14 09:59 - 2013-02-14 09:59 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-02-14 09:59 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ___RD C:\Windows\Offline Web Pages
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\zh-TW
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\zh-HK
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\zh-CN
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\uk-UA
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\tr-TR
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\th-TH
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sv-SE
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sr-Latn-CS
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sl-SI
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sk-SK
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ru-RU
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ro-RO
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\pt-PT
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\pt-BR
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\pl-PL
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\nl-NL
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\nb-NO
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\lv-LV
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\lt-LT
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ko-KR
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ja-JP
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\it-IT
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\hu-HU
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\hr-HR
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\he-IL
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\fr-FR
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\fi-FI
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\et-EE
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\el-GR
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\bg-BG
2013-02-14 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ar-SA
2013-02-14 09:58 - 2013-02-14 09:58 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2013-02-14 09:58 - 2013-02-14 09:58 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
2013-02-14 09:58 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\XPSViewer
2013-02-14 09:58 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\System
2013-02-14 09:02 - 2013-02-14 09:02 - 12321280 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-02-14 09:02 - 2013-02-14 09:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-02-14 09:02 - 2013-02-14 09:02 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-02-14 09:02 - 2013-02-14 09:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-02-14 09:02 - 2013-02-14 09:02 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-02-14 09:02 - 2013-02-14 09:02 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-02-14 09:02 - 2013-02-14 09:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-02-14 09:02 - 2013-02-14 09:02 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-02-14 09:02 - 2013-02-14 09:02 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-14 09:02 - 2013-02-14 09:02 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-02-14 09:02 - 2013-02-14 09:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-02-14 09:02 - 2013-02-14 09:02 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-02-14 09:02 - 2013-02-14 09:02 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-02-14 09:02 - 2013-02-14 09:02 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-02-14 09:02 - 2013-02-14 08:58 - 00003837 ____A C:\Windows\IE9_main.log
2013-02-14 09:02 - 2006-11-01 22:32 - 00008798 ____A C:\Windows\System32\icrav03.rat
2013-02-14 09:02 - 2006-11-01 22:32 - 00001988 ____A C:\Windows\System32\ticrf.rat
2013-02-14 09:01 - 2013-02-14 09:01 - 02873344 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 01554432 ____A (Microsoft Corporation) C:\Windows\System32\xpsservices.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 01075712 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 01029120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 00979456 ____A (Microsoft Corporation) C:\Windows\System32\MFH264Dec.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 00847360 ____A (Microsoft Corporation) C:\Windows\System32\OpcServices.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 00667648 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
2013-02-14 09:01 - 2013-02-14 09:01 - 00638336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-02-14 09:01 - 2013-02-14 09:01 - 00586240 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 00486400 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 00478720 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 00357376 ____A (Microsoft Corporation) C:\Windows\System32\MFHEAACdec.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 00302592 ____A (Microsoft Corporation) C:\Windows\System32\mfmp4src.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 00261632 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 00258048 ____A (Microsoft Corporation) C:\Windows\System32\winspool.drv
2013-02-14 09:01 - 2013-02-14 09:01 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 00189952 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 00098816 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-02-14 09:01 - 2013-02-14 09:01 - 00026112 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelineprxy.dll
2013-02-14 09:00 - 2013-02-14 09:00 - 00974848 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-02-14 09:00 - 2013-02-14 09:00 - 00519680 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-02-14 09:00 - 2013-02-14 09:00 - 00369664 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-02-14 09:00 - 2013-02-14 09:00 - 00321024 ____A (Microsoft Corporation) C:\Windows\System32\PhotoMetadataHandler.dll
2013-02-14 09:00 - 2013-02-14 09:00 - 00252928 ____A (Microsoft Corporation) C:\Windows\System32\dxdiag.exe
2013-02-14 09:00 - 2013-02-14 09:00 - 00195584 ____A (Microsoft Corporation) C:\Windows\System32\dxdiagn.dll
2013-02-14 09:00 - 2013-02-14 09:00 - 00189440 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-02-13 21:43 - 2006-11-02 02:24 - 67823584 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-02-13 21:42 - 2008-05-21 10:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-02-13 21:42 - 2008-05-21 10:20 - 00000000 ____D C:\ProgramData\Application Data\Microsoft Help
2013-02-13 21:33 - 2008-01-20 18:47 - 00721894 ____A C:\Windows\PFRO.log
2013-02-12 20:50 - 2013-02-12 20:48 - 00000000 ____D C:\Windows\System32\vi-VN
2013-02-12 20:50 - 2013-02-12 20:48 - 00000000 ____D C:\Windows\System32\eu-ES
2013-02-12 20:50 - 2013-02-12 20:48 - 00000000 ____D C:\Windows\System32\ca-ES
2013-02-12 20:50 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-02-12 20:50 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Photo Gallery
2013-02-12 20:50 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Defender
2013-02-12 20:50 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Collaboration
2013-02-12 20:50 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Calendar
2013-02-12 20:50 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Movie Maker
2013-02-12 20:50 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\SLUI
2013-02-12 20:50 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2013-02-12 20:50 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\IME
2013-02-12 20:27 - 2013-02-12 20:27 - 00000000 ____D C:\ProgramData\Sun
2013-02-12 20:27 - 2013-02-12 20:27 - 00000000 ____D C:\ProgramData\Application Data\Sun
2013-02-12 20:27 - 2008-05-21 10:45 - 00000000 ____D C:\Program Files\Common Files\Java
2013-02-12 20:26 - 2013-02-12 20:27 - 00477616 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2013-02-12 20:26 - 2013-02-12 20:27 - 00473520 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2013-02-12 20:26 - 2013-02-12 20:27 - 00158128 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2013-02-12 20:26 - 2013-02-12 20:27 - 00149936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2013-02-12 20:26 - 2013-02-12 20:27 - 00149936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2013-02-12 20:26 - 2008-05-21 10:45 - 00000000 ____D C:\Program Files\Java
2013-02-12 20:20 - 2013-02-12 20:20 - 00000000 ____D C:\Windows\System32\EventProviders
2013-02-11 21:00 - 2012-12-19 01:03 - 00000000 ____D C:\Users\Adam\Desktop\Job specs
2013-02-11 20:35 - 2012-12-19 01:03 - 00000000 ____D C:\Users\Adam\Desktop\CV 2012
2013-02-05 19:32 - 2012-12-04 14:28 - 00000916 ____A C:\Users\Adam\Desktop\Dropbox.lnk
2013-02-01 03:55 - 2011-05-22 07:45 - 00002037 ____A C:\Users\Adam\Desktop\Google Chrome.lnk
2013-01-25 19:20 - 2013-01-25 19:19 - 00000000 ____D C:\Users\Adam\My Documents\Freemake
2013-01-25 19:20 - 2013-01-25 19:19 - 00000000 ____D C:\Users\Adam\Documents\Freemake
2013-01-25 19:20 - 2013-01-25 19:19 - 00000000 ____D C:\ProgramData\Freemake
2013-01-25 19:20 - 2013-01-25 19:19 - 00000000 ____D C:\ProgramData\Application Data\Freemake
2013-01-25 19:19 - 2013-01-25 19:19 - 00001073 ____A C:\Users\Public\Desktop\Freemake Video Converter.lnk
2013-01-25 19:19 - 2013-01-25 19:19 - 00001073 ____A C:\ProgramData\Desktop\Freemake Video Converter.lnk
2013-01-25 19:19 - 2013-01-25 19:19 - 00000000 ____D C:\Program Files\Freemake
2013-01-24 21:37 - 2013-01-24 21:37 - 00094208 ____A C:\Users\Adam\Downloads\January-March 2013 - Key Dates.xls
2013-01-22 17:30 - 2013-01-22 17:30 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-01-22 17:30 - 2011-10-09 07:06 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-01-22 01:01 - 2013-01-22 01:01 - 00000854 ____A C:\Users\Adam\Desktop\join.me.lnk
2013-01-22 01:01 - 2013-01-22 01:01 - 00000000 ____D C:\Users\Adam\Local Settings\join.me
2013-01-22 01:01 - 2013-01-22 01:01 - 00000000 ____D C:\Users\Adam\Local Settings\Application Data\join.me
2013-01-22 01:01 - 2013-01-22 01:01 - 00000000 ____D C:\Users\Adam\AppData\Local\join.me
2013-01-22 00:53 - 2013-01-22 00:53 - 00001746 ____A C:\Users\Adam\Desktop\Hamleys.rdp
2013-01-22 00:52 - 2013-01-22 00:32 - 00001746 ___AH C:\Users\Adam\My Documents\Default.rdp
2013-01-22 00:52 - 2013-01-22 00:32 - 00001746 ___AH C:\Users\Adam\Documents\Default.rdp
2013-01-22 00:14 - 2013-01-22 00:14 - 00000000 ____D C:\ProgramData\McAfee
2013-01-22 00:14 - 2013-01-22 00:14 - 00000000 ____D C:\ProgramData\Application Data\McAfee

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2013-02-13 22:18] - [2012-08-21 03:47] - 0224640 ____A (Microsoft Corporation) 786DB5771F05EF300390399F626BF30A

==================== EXE ASSOCIATION =====================

HKLM\

SouthernCross87 · Feb 20, 2013

Hi Fiery,

List Part results log:
ListParts by Farbar Version: 16-01-2013
Ran by SYSTEM (administrator) on 20-02-2013 at 17:42:00
Windows Vista (X86)
Running From: F:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3069.22 MB
Available physical RAM: 2629.1 MB
Total Pagefile: 2806.23 MB
Available Pagefile: 2630.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1996.57 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:223.54 GB) (Free:24.72 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (HP_RECOVERY) (Fixed) (Total:9.34 GB) (Free:1.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:1.88 GB) (Free:1.69 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 2232 KB
Disk 1 Online 1931 MB 0 B

Partitions of Disk 0:
===============

ACTIVE - Mark the selected basic partition as active.
ADD - Add a mirror to a simple volume.
ASSIGN - Assign a drive letter or mount point to the selected volume.
ATTRIBUTES - Manipulate volume attributes.
AUTOMOUNT - Enable and disable automatic mounting of basic volumes.
BREAK - Break a mirror set.
CLEAN - Clear the configuration information, or all information, off the
disk.
CONVERT - Convert between different disk formats.
CREATE - Create a volume or partition.
DELETE - Delete an object.
DETAIL - Provide details about an object.
EXIT - Exit DiskPart.
EXTEND - Extend a volume.
FILESYSTEMS - Display current and supported file systems on the volume.
FORMAT - Format the volume or partition.
GPT - Assign attributes to the selected GPT partition.
HELP - Display a list of commands.
IMPORT - Import a disk group.
INACTIVE - Mark the selected basic partition as inactive.
LIST - Display a list of objects.
ONLINE - Online a disk that is currently marked as offline.
REM - Does nothing. This is used to comment scripts.
REMOVE - Remove a drive letter or mount point assignment.
REPAIR - Repair a RAID-5 volume with a failed member.
RESCAN - Rescan the computer looking for disks and volumes.
RETAIN - Place a retained partition under a simple volume.
SELECT - Shift the focus to an object.
SETID - Change the partition type.
SHRINK - Reduce the size of the selected volume.

======================================================================================================

Partitions of Disk 1:
===============

ACTIVE - Mark the selected basic partition as active.
ADD - Add a mirror to a simple volume.
ASSIGN - Assign a drive letter or mount point to the selected volume.
ATTRIBUTES - Manipulate volume attributes.
AUTOMOUNT - Enable and disable automatic mounting of basic volumes.
BREAK - Break a mirror set.
CLEAN - Clear the configuration information, or all information, off the
disk.
CONVERT - Convert between different disk formats.
CREATE - Create a volume or partition.
DELETE - Delete an object.
DETAIL - Provide details about an object.
EXIT - Exit DiskPart.
EXTEND - Extend a volume.
FILESYSTEMS - Display current and supported file systems on the volume.
FORMAT - Format the volume or partition.
GPT - Assign attributes to the selected GPT partition.
HELP - Display a list of commands.
IMPORT - Import a disk group.
INACTIVE - Mark the selected basic partition as inactive.
LIST - Display a list of objects.
ONLINE - Online a disk that is currently marked as offline.
REM - Does nothing. This is used to comment scripts.
REMOVE - Remove a drive letter or mount point assignment.
REPAIR - Repair a RAID-5 volume with a failed member.
RESCAN - Rescan the computer looking for disks and volumes.
RETAIN - Place a retained partition under a simple volume.
SELECT - Shift the focus to an object.
SETID - Change the partition type.
SHRINK - Reduce the size of the selected volume.

======================================================================================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {default}
resumeobject {f0dae6fd-d611-11dc-9a85-0016d3016530}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
path \windows\system32\boot\winload.exe
description HP Recovery Manager
osdevice ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
systemroot \windows
nx OptIn
detecthal Yes
winpe Yes

Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \Windows\system32\winload.exe
description Microsoft Windows Vista
locale en-US
inherit {bootloadersettings}
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {f0dae6fd-d611-11dc-9a85-0016d3016530}
nx OptIn

Resume from Hibernate
---------------------
identifier {f0dae6fd-d611-11dc-9a85-0016d3016530}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Setup Ramdisk Options
---------------------
identifier {ramdiskoptions}
description Ramdisk Options
ramdisksdidevice partition=D:
ramdisksdipath \boot\boot.sdi

****** End Of Log ******

Fiery · Feb 20, 2013

Hi there,

Can you attach the FRST log like you did for the OTL logs? It is cut off

SouthernCross87 · Feb 20, 2013

Hi,

FRST log attached

Fiery · Feb 20, 2013

Download & SAVE to your Desktop RogueKiller or from here

Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select Run as Administrator to start
Wait until Prescan has finished, then click on "Scan" button
Wait until the Status box shows "Scan Finished"
Click on "Report" and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller+

Download TDSSkiller from here

Double-Click on TDSSKiller.exe to run the application
When TDSSkiller opens, click change parameters , check the box next to Loaded modules . A reboot will be required.
After reboot, TDSSKiller will run again. Click Change parameters again and make sure everything is checked.
click Start scan .
If a suspicious object is detected, the default action will be Skip, click on Continue. (If it saids TDL4/TDSS file system, select delete)
If malicious objects are found, ensure Cure (default) is selected, then click Continue and Reboot now to finish the cleaning process.

Post the log after (usually C:\ folder in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt

SouthernCross87 · Feb 20, 2013

Hi Fiery,

Roguekiller log below, TDSSkiller log attached

RogueKiller V8.5.1 [Feb 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Adam [Admin rights]
Mode : Remove -- Date : 02/21/2013 01:57:26
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHZ2250BH G2 SCSI Disk Device +++++
--- User ---
[MBR] 635af9075245e7fba71850c1351f7983
[BSP] dc5e24308b68b8372e673cb6b9c22de8 : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 228903 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 468795392 | Size: 9568 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_02212013_02d0157.txt >>
RKreport[1]_S_02212013_02d0155.txt ; RKreport[2]_D_02212013_02d0157.txt

Fiery · Feb 20, 2013

Things are looking good, your logs are coming out clean.

Download Malwarebytes Anti-Rootkit from here to your Desktop. (Don't be alarmed if your computer crashes during a scan, just reboot and move on to the Kaspersky virus removal tool if it does)

Unzip the contents to a folder on your Desktop.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

Download Kaspersky Virus Removal Tool <a title="External link" href="http://www.kaspersky.com/antivirus-removal-tool?form=1" rel="nofollow">from here</a></> (Download Version 11. You'll have to enter your email address and name)
<ol>
<li>Double-click the file and follow the on-screen prompts until it is installed</li>
<li>Click the Options button (the 'Gear' icon), then make sure only the following are ticked:
<ul>
<li>System Memory</li>
<li>Hidden startup objects</li>
<li>Disk boot sectors</li>
<li>Computer</li>
<li>Local Disk (C: )</li>
</ul>
</li>
<li>Click on <>Automatic Scan</></li>
<li>Now click the <>Start Scanning</> button, to run the scan</li>
<li>After the scan is complete, click the reports button ('Paper icon', next to the 'Gear' icon) on the right hand side</li>
<li>Click <>Detected threats</> on the left</li>
<li>Now click the <>Save</> button, and save it as <>kaslog.txt</> to your <>Desktop</></li>
<li>Please attach kaslog.txt in your next reply.</li>
</ol>

SouthernCross87 · Feb 20, 2013

Hi Fiery,

mbar reports as follows, Kaspersky auto scan took 10hrs to complete but no threats were detected so no log to download?

Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.20.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Adam :: ADAM-PC [administrator]

21/02/2013 02:51:54
mbar-log-2013-02-21 (02-51-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26432
Time elapsed: 13 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1020

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_39

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.100000 GHz
Memory total: 3218169856, free: 1882226688

------------ Kernel report ------------
02/21/2013 02:37:14
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\79269332.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\isapnp.sys
\SystemRoot\system32\drivers\mpio.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\aliide.sys
\SystemRoot\system32\drivers\amdide.sys
\SystemRoot\system32\drivers\cmdide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\msdsm.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\viaide.sys
\SystemRoot\system32\drivers\iastorv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\lsi_scsi.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\hpcisss.sys
\SystemRoot\system32\drivers\adp94xx.sys
\SystemRoot\system32\drivers\adpahci.sys
\SystemRoot\system32\drivers\adpu160m.sys
\SystemRoot\system32\drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\adpu320.sys
\SystemRoot\system32\drivers\djsvs.sys
\SystemRoot\system32\drivers\arc.sys
\SystemRoot\system32\drivers\arcsas.sys
\SystemRoot\system32\drivers\elxstor.sys
\SystemRoot\system32\drivers\i2omp.sys
\SystemRoot\system32\drivers\iirsp.sys
\SystemRoot\system32\drivers\iteatapi.sys
\SystemRoot\system32\drivers\iteraid.sys
\SystemRoot\system32\drivers\lsi_fc.sys
\SystemRoot\system32\drivers\lsi_sas.sys
\SystemRoot\system32\drivers\megasas.sys
\SystemRoot\system32\drivers\megasr.sys
\SystemRoot\system32\drivers\mraid35x.sys
\SystemRoot\system32\drivers\nfrd960.sys
\SystemRoot\system32\drivers\ql2300.sys
\SystemRoot\system32\drivers\ql40xx.sys
\SystemRoot\system32\drivers\sisraid2.sys
\SystemRoot\system32\drivers\sisraid4.sys
\SystemRoot\system32\drivers\symc8xx.sys
\SystemRoot\system32\drivers\sym_hi.sys
\SystemRoot\system32\drivers\sym_u3.sys
\SystemRoot\system32\drivers\uliahci.sys
\SystemRoot\system32\drivers\ulsata.sys
\SystemRoot\system32\drivers\ulsata2.sys
\SystemRoot\system32\drivers\vsmraid.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\drivers\sbp2port.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\DRIVERS\Amddfltr.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\ahcix86s.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athr.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\jmcr.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\enecir.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\stwrt.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\tmlwf.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_ahcix86s.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\HP\QuickPlay\000.fcl
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\WINDOWS\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff873d51b0
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000008b\
Lower Device Object: 0xffffffff869b6978
Lower Device Driver Name: \Driver\ahcix86s\
Driver name found: ahcix86s
Initialization returned 0x0
Port sub-driver loaded: \??\C:\WINDOWS\System32\drivers\Storport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.02.20.04
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff873d51b0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff874d8d18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff873d51b0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff873d58b0, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xffffffff873d5cd0, DeviceName: Unknown, DriverName: \Driver\Amddfltr\
DevicePointer: 0xffffffff869b6978, DeviceName: \Device\0000008b\, DriverName: \Driver\ahcix86s\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffb9b35500, 0xffffffff873d51b0, 0xffffffff87309370
Lower DeviceData: 0xffffffffb9b17e18, 0xffffffff869b6978, 0xffffffff85eb2960
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BD55BD55

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 468795329
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 468795392 Numsec = 19595264

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1020

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Non-administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_39

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.100000 GHz
Memory total: 3218169856, free: 1796734976

=======================================

Fiery · Feb 20, 2013

Looks good, every log has come up clean.

If you are no longer experiencing any other issues, it's safe to say that your PC is now clean!

Double click on OTL to run it

Click on the Cleanup button at the top.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes
This will remove itself and other tools we may have used.

Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after.

For XP
How to create a Restore Point in XP
Delete all restore points except the most recent one

For Vista
Create a restore point
Delete all but the most recent restore point

For Windows 7
Create a restore point
Delete all but the most recent restore point - Click the Delete all but the most recent restore point link

Keep your system updated

Keeping your programs (especially Adobe and Java products) updated is essential. Update Checker will notify you if any of your programs require an update.
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office product bugs and vulnerabilities.
Please ensure you update your system regularly and have automatic updates on. You can learn how to turn Automatic Updates on here

I also recommend you to switch your antivirus program to a better one. Here are some suggestions:

avast! 7 Home Edition - Don't use it with Online Armor
Avira AntiVir Personal
BitDefender Antivirus Free Edition
Microsoft Security Essentials

In addition to your antivirus, you need additional protection such as a firewall and behavioural blocker.

Online Armor
Comodo Firewall - If you are an advance user
ZoneAlarm Free Firewall
PC Tool Firewall Plus

Other steps that you may want to do to further protect your system/files:

Sandboxie - "Quarantines" your browser so anything that you do in it will be isolated from your system.
Backup important files regulary to an external hard-drive or USB

Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.

Should you want to try a product but don't know how it performs, here is a list of current reviews to help you decide.

Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.

Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.

KeyScramber - Encrypts your keystrokes to protect you against keyloggers that steals personal & banking information
AdBlock - Disable/blocks advertisements on websites so you won't accidentally click on a malicious ad.
NoScript - Disables Flash & Java contents to avoid exploits or drive-by attacks
Web of Trust - Shows the website rating by other users and blocks dangerous and poor-rated sites

Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.

AdBlock

Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.

Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask

My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.

Search

AFP Virus - anti-malware not detecting

SouthernCross87

New Member

Attachments

Fiery

Level 1

SouthernCross87

New Member

SouthernCross87

New Member

SouthernCross87

New Member

Fiery

Level 1

SouthernCross87

New Member

Attachments

Fiery

Level 1

SouthernCross87

New Member

Attachments

Fiery

Level 1

SouthernCross87

New Member

Fiery

Level 1

Similar threads