Police Central E-Crime Unit

J

Jon Peachment

New Member
Thread author
May 12, 2013
1
Hi Guys

I have this virus on my sons computer.

I have followed the steps from previous posts and will copy and paste what I have below. Its a lot so I do apologise.
Is anyone able to assist me? It would be really appreciated.

Jon



Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2013 01
Ran by SYSTEM on 12-05-2013 16:23:14
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8158240 2009-10-07] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-06] (Dell)
HKLM-x32\...\runonceex: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [636032 2012-02-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] ()
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe [979360 2011-06-03] (Razer USA Ltd)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2731296 2013-03-06] (Conduit)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255360 2012-12-14] (LogMeIn Inc.)
HKU\Aidan\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKU\Aidan\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1635752 2013-05-04] (Valve Corporation)
HKU\Aidan\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\Aidan\...\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup [x]
HKU\Aidan\...\Run: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect [1040712 2012-06-15] ()
HKU\Aidan\...\Run: [Facebook Update] "C:\Users\Aidan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-10-12] (Facebook Inc.)
HKU\Aidan\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18643560 2013-03-01] (Skype Technologies S.A.)
HKU\Aidan\...\Run: [Akamai NetSession Interface] "C:\Users\Aidan\AppData\Local\Akamai\netsession_win.exe" [x]
HKU\Aidan\...\Run: [SearchEngineProtection] C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe [620480 2013-02-23] (Oberon Media )
HKU\Aidan\...\Run: [SearchProtect] C:\Users\Aidan\AppData\Roaming\SearchProtect\bin\cltmng.exe [2730784 2013-04-11] (Conduit)
HKU\Aidan\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup [4936152 2012-12-04] (Exent Technologies Ltd.)
HKU\Aidan\...\Run: [GoogleChromeAutoLaunch_F3BDC88420494643EF2FCA4ED02D03FA] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window [1312720 2013-04-09] (Google Inc.)
HKU\Aidan\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Aidan\Documents\6dea9f99.exe [31232 2013-05-12] ()
HKU\Aidan\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Aidan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Aidan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\AML Device Install.lnk
ShortcutTarget: AML Device Install.lnk -> C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) =================

S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2787280 2013-03-22] ()
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [93984 2013-03-06] (Conduit)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [231752 2012-07-10] (NETGEAR)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-01-30] ()
S2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [x]
S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

==================== Drivers (Whitelisted) ====================

S3 atillk64; C:\dell\drivers\R267410\atillk64.sys [14608 2006-07-19] (ATI Technologies Inc.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2012-08-25] (CACE Technologies, Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [38536 2013-01-25] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2011-07-15] (Creative Technology Ltd.)
S2 X5XSEx_Pr143; C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
S3 ALSysIO; \??\C:\Users\Aidan\AppData\Local\Temp\ALSysIO64.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [x]
S1 RxFilter; system32\DRIVERS\RxFilter.sys [x]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-12 16:22 - 2013-05-12 16:22 - 00000000 ____D C:\FRST
2013-05-12 14:45 - 2013-05-12 14:45 - 00116787 ____A C:\Users\Aidan\Local Settings\Application Data\2433f433
2013-05-12 14:45 - 2013-05-12 14:45 - 00116787 ____A C:\Users\Aidan\Local Settings\2433f433
2013-05-12 14:45 - 2013-05-12 14:45 - 00116787 ____A C:\Users\Aidan\AppData\Local\2433f433
2013-05-12 14:45 - 2013-05-12 14:45 - 00116764 ____A C:\Users\Aidan\Application Data\2433f433
2013-05-12 14:45 - 2013-05-12 14:45 - 00116764 ____A C:\Users\Aidan\AppData\Roaming\2433f433
2013-05-12 14:45 - 2013-05-12 14:45 - 00116737 ____A C:\ProgramData\Application Data\2433f433
2013-05-12 14:45 - 2013-05-12 14:45 - 00116737 ____A C:\ProgramData\2433f433
2013-05-12 14:45 - 2013-05-12 14:45 - 00031232 ____A C:\Users\Aidan\My Documents\6dea9f99.exe
2013-05-12 14:45 - 2013-05-12 14:45 - 00031232 ____A C:\Users\Aidan\Documents\6dea9f99.exe
2013-05-07 22:52 - 2013-05-07 22:52 - 00000221 ____A C:\Users\Aidan\Desktop\CrimeCraft GangWars.url
2013-05-06 22:26 - 2013-05-09 19:56 - 00000000 ____D C:\Users\Aidan\Application Data\PriceGong
2013-05-06 22:26 - 2013-05-09 19:56 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\PriceGong
2013-05-05 21:42 - 2013-05-05 21:42 - 00000222 ____A C:\Users\Aidan\Desktop\MicroVolts.url
2013-05-04 12:04 - 2013-05-11 15:53 - 00000000 ____D C:\Users\Aidan\Desktop\Minecraft Server
2013-05-01 17:39 - 2013-05-01 17:49 - 00000000 ____D C:\Program Files\My Dell
2013-04-29 09:07 - 2009-03-18 17:35 - 00033856 ___AH (LogMeIn, Inc.) C:\Windows\System32\hamachi.sys
2013-04-28 15:51 - 2013-05-12 16:01 - 00000276 ____A C:\Windows\Tasks\PC Performer_DEFAULT.job
2013-04-28 15:51 - 2013-05-06 22:26 - 00000000 ____D C:\Users\Aidan\Application Data\holasearch
2013-04-28 15:51 - 2013-05-06 22:26 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\holasearch
2013-04-28 15:51 - 2013-05-01 16:30 - 00000284 ____A C:\Windows\Tasks\PC Performer_UPDATES.job
2013-04-28 15:51 - 2013-04-28 15:51 - 00001016 ____A C:\Users\Public\Desktop\PC Performer.lnk
2013-04-28 15:51 - 2013-04-28 15:51 - 00001016 ____A C:\ProgramData\Desktop\PC Performer.lnk
2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\Users\Aidan\Application Data\PerformerSoft
2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\Users\Aidan\Application Data\BabSolution
2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\PerformerSoft
2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\BabSolution
2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\ProgramData\Application Data\IBUpdaterService
2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\Program Files (x86)\PC Performer
2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\Program Files (x86)\holasearch
2013-04-28 15:51 - 2012-12-19 16:53 - 00019632 ____A (PerformerSoft LLC) C:\Windows\System32\roboot64.exe
2013-04-28 15:50 - 2013-05-12 16:06 - 00000000 ____D C:\Users\Aidan\Local Settings\LogMeIn Hamachi
2013-04-28 15:50 - 2013-05-12 16:06 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\LogMeIn Hamachi
2013-04-28 15:50 - 2013-05-12 16:06 - 00000000 ____D C:\Users\Aidan\AppData\Local\LogMeIn Hamachi
2013-04-28 15:50 - 2013-04-28 15:50 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-04-28 15:49 - 2013-04-28 15:49 - 04295168 ____A C:\Users\Aidan\Desktop\hamachi.msi
2013-04-28 15:49 - 2013-04-28 15:49 - 00592120 ____A () C:\Users\Aidan\Desktop\pcpholasetup.exe
2013-04-28 15:49 - 2013-04-28 15:49 - 00392512 ____A (Softonic ) C:\Users\Aidan\Desktop\SoftonicDownloader_for_hamachi.exe
2013-04-28 11:01 - 2013-05-04 12:03 - 00000000 ____D C:\Users\Aidan\Desktop\Swrver
2013-04-28 11:01 - 2013-04-28 11:02 - 02541261 ____A C:\Users\Aidan\Downloads\Minecraft_Server.exe
2013-04-28 09:57 - 2013-04-27 23:35 - 00001556 ____A C:\Users\Aidan\Desktop\Minecraft.lnk
2013-04-27 22:19 - 2013-04-27 22:19 - 00000066 ____A C:\Users\Aidan\Downloads\createProfile51ab1887
2013-04-27 22:19 - 2013-04-27 22:19 - 00000017 ____A C:\Users\Aidan\Downloads\checkProfileName
2013-04-27 21:53 - 2013-04-27 21:53 - 00000089 ____A C:\Users\Aidan\Downloads\register9fc074f7
2013-04-26 21:10 - 2013-04-27 11:11 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{AF92D7A6-C5B2-45CD-BD39-7197F1065163}
2013-04-26 21:10 - 2013-04-27 11:11 - 00000000 ____D C:\Users\Aidan\Local Settings\{AF92D7A6-C5B2-45CD-BD39-7197F1065163}
2013-04-26 21:10 - 2013-04-27 11:11 - 00000000 ____D C:\Users\Aidan\AppData\Local\{AF92D7A6-C5B2-45CD-BD39-7197F1065163}
2013-04-25 20:32 - 2013-04-25 20:32 - 00000222 ____A C:\Users\Aidan\Desktop\District 187.url
2013-04-25 17:39 - 2013-04-25 17:39 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{49409519-B1B4-4A2E-9B63-479C288DD581}
2013-04-25 17:39 - 2013-04-25 17:39 - 00000000 ____D C:\Users\Aidan\Local Settings\{49409519-B1B4-4A2E-9B63-479C288DD581}
2013-04-25 17:39 - 2013-04-25 17:39 - 00000000 ____D C:\Users\Aidan\AppData\Local\{49409519-B1B4-4A2E-9B63-479C288DD581}
2013-04-24 20:50 - 2013-04-12 16:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-24 20:45 - 2013-04-24 20:45 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{38E6F073-6BF0-4096-9687-88FBE6E031F5}
2013-04-24 20:45 - 2013-04-24 20:45 - 00000000 ____D C:\Users\Aidan\Local Settings\{38E6F073-6BF0-4096-9687-88FBE6E031F5}
2013-04-24 20:45 - 2013-04-24 20:45 - 00000000 ____D C:\Users\Aidan\AppData\Local\{38E6F073-6BF0-4096-9687-88FBE6E031F5}
2013-04-23 17:43 - 2013-04-23 17:44 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{96716AE2-3223-461D-8BCA-261B5594DD9B}
2013-04-23 17:43 - 2013-04-23 17:44 - 00000000 ____D C:\Users\Aidan\Local Settings\{96716AE2-3223-461D-8BCA-261B5594DD9B}
2013-04-23 17:43 - 2013-04-23 17:44 - 00000000 ____D C:\Users\Aidan\AppData\Local\{96716AE2-3223-461D-8BCA-261B5594DD9B}
2013-04-21 20:24 - 2013-05-06 22:27 - 00000000 ____D C:\Users\Aidan\Local Settings\WiseConvert_B
2013-04-21 20:24 - 2013-05-06 22:27 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\WiseConvert_B
2013-04-21 20:24 - 2013-05-06 22:27 - 00000000 ____D C:\Users\Aidan\AppData\Local\WiseConvert_B
2013-04-21 20:24 - 2013-04-21 20:24 - 00000000 ____D C:\Users\Aidan\Application Data\mixidj
2013-04-21 20:24 - 2013-04-21 20:24 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\mixidj
2013-04-20 20:21 - 2013-04-20 20:21 - 00000000 ____D C:\Users\Aidan\Local Settings\Doctor Entertainment AB
2013-04-20 20:21 - 2013-04-20 20:21 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\Doctor Entertainment AB
2013-04-20 20:21 - 2013-04-20 20:21 - 00000000 ____D C:\Users\Aidan\AppData\Local\Doctor Entertainment AB
2013-04-20 10:56 - 2013-04-20 10:57 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{48467D8C-7D89-4815-813D-4A215316D0C9}
2013-04-20 10:56 - 2013-04-20 10:57 - 00000000 ____D C:\Users\Aidan\Local Settings\{48467D8C-7D89-4815-813D-4A215316D0C9}
2013-04-20 10:56 - 2013-04-20 10:57 - 00000000 ____D C:\Users\Aidan\AppData\Local\{48467D8C-7D89-4815-813D-4A215316D0C9}
2013-04-19 20:53 - 2013-04-29 09:00 - 00000000 ____D C:\ProgramData\BrowserProtect
2013-04-19 20:53 - 2013-04-29 09:00 - 00000000 ____D C:\ProgramData\Application Data\BrowserProtect
2013-04-19 20:53 - 2013-04-19 21:01 - 00000000 ____D C:\Program Files (x86)\Free Ride Games
2013-04-19 20:53 - 2013-04-19 20:53 - 00000000 ____D C:\Users\Aidan\Application Data\CRMixiDJTB
2013-04-19 20:53 - 2013-04-19 20:53 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\CRMixiDJTB
2013-04-19 20:53 - 2013-04-19 20:53 - 00000000 ____D C:\ProgramData\Free Ride Games
2013-04-19 20:53 - 2013-04-19 20:53 - 00000000 ____D C:\ProgramData\Application Data\Free Ride Games
2013-04-19 20:53 - 2013-04-19 20:53 - 00000000 ____D C:\Program Files (x86)\mixidj
2013-04-19 20:53 - 2012-12-04 17:48 - 00057824 ____N (Exent Technologies Ltd.) C:\Windows\ExentInfo.exe
2013-04-19 20:52 - 2013-04-19 20:52 - 00000000 ____D C:\Program Files (x86)\PricePeep
2013-04-19 16:51 - 2013-04-19 16:51 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{711A607A-39DC-40E2-AD36-987378A13612}
2013-04-19 16:51 - 2013-04-19 16:51 - 00000000 ____D C:\Users\Aidan\Local Settings\{711A607A-39DC-40E2-AD36-987378A13612}
2013-04-19 16:51 - 2013-04-19 16:51 - 00000000 ____D C:\Users\Aidan\AppData\Local\{711A607A-39DC-40E2-AD36-987378A13612}
2013-04-18 18:30 - 2013-04-18 18:30 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{B05F6936-EE62-4338-87CF-C78C92F4FD39}
2013-04-18 18:30 - 2013-04-18 18:30 - 00000000 ____D C:\Users\Aidan\Local Settings\{B05F6936-EE62-4338-87CF-C78C92F4FD39}
2013-04-18 18:30 - 2013-04-18 18:30 - 00000000 ____D C:\Users\Aidan\AppData\Local\{B05F6936-EE62-4338-87CF-C78C92F4FD39}
2013-04-17 17:56 - 2013-04-17 17:56 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{4F5C836F-7BF0-4837-B6D5-16EABDC0A6D8}
2013-04-17 17:56 - 2013-04-17 17:56 - 00000000 ____D C:\Users\Aidan\Local Settings\{4F5C836F-7BF0-4837-B6D5-16EABDC0A6D8}
2013-04-17 17:56 - 2013-04-17 17:56 - 00000000 ____D C:\Users\Aidan\AppData\Local\{4F5C836F-7BF0-4837-B6D5-16EABDC0A6D8}
2013-04-16 18:34 - 2013-04-16 18:34 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{D7D28AE2-47F3-4330-812B-1AC59FE7569A}
2013-04-16 18:34 - 2013-04-16 18:34 - 00000000 ____D C:\Users\Aidan\Local Settings\{D7D28AE2-47F3-4330-812B-1AC59FE7569A}
2013-04-16 18:34 - 2013-04-16 18:34 - 00000000 ____D C:\Users\Aidan\AppData\Local\{D7D28AE2-47F3-4330-812B-1AC59FE7569A}
2013-04-15 18:34 - 2013-04-15 18:35 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{F6B69632-3834-4F8C-8E6E-E02351E81C83}
2013-04-15 18:34 - 2013-04-15 18:35 - 00000000 ____D C:\Users\Aidan\Local Settings\{F6B69632-3834-4F8C-8E6E-E02351E81C83}
2013-04-15 18:34 - 2013-04-15 18:35 - 00000000 ____D C:\Users\Aidan\AppData\Local\{F6B69632-3834-4F8C-8E6E-E02351E81C83}
2013-04-14 11:23 - 2013-04-14 11:24 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{58DCC829-4668-454F-AF2D-4F78B52BC9DF}
2013-04-14 11:23 - 2013-04-14 11:24 - 00000000 ____D C:\Users\Aidan\Local Settings\{58DCC829-4668-454F-AF2D-4F78B52BC9DF}
2013-04-14 11:23 - 2013-04-14 11:24 - 00000000 ____D C:\Users\Aidan\AppData\Local\{58DCC829-4668-454F-AF2D-4F78B52BC9DF}
2013-04-13 22:53 - 2013-04-13 22:53 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{5E766E57-5CB9-4992-97F7-D918E528EFF4}
2013-04-13 22:53 - 2013-04-13 22:53 - 00000000 ____D C:\Users\Aidan\Local Settings\{5E766E57-5CB9-4992-97F7-D918E528EFF4}
2013-04-13 22:53 - 2013-04-13 22:53 - 00000000 ____D C:\Users\Aidan\AppData\Local\{5E766E57-5CB9-4992-97F7-D918E528EFF4}
2013-04-13 10:52 - 2013-04-13 10:53 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{F1371623-85A7-45C1-BEDA-531B26B715A5}
2013-04-13 10:52 - 2013-04-13 10:53 - 00000000 ____D C:\Users\Aidan\Local Settings\{F1371623-85A7-45C1-BEDA-531B26B715A5}
2013-04-13 10:52 - 2013-04-13 10:53 - 00000000 ____D C:\Users\Aidan\AppData\Local\{F1371623-85A7-45C1-BEDA-531B26B715A5}
2013-04-12 00:12 - 2013-04-12 00:12 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{6ED11928-1EBB-450E-B100-1A2AE2D3179D}
2013-04-12 00:12 - 2013-04-12 00:12 - 00000000 ____D C:\Users\Aidan\Local Settings\{6ED11928-1EBB-450E-B100-1A2AE2D3179D}
2013-04-12 00:12 - 2013-04-12 00:12 - 00000000 ____D C:\Users\Aidan\AppData\Local\{6ED11928-1EBB-450E-B100-1A2AE2D3179D}

==================== One Month Modified Files and Folders =======

2013-05-12 16:22 - 2013-05-12 16:22 - 00000000 ____D C:\FRST
2013-05-12 16:18 - 2009-07-14 07:10 - 01084863 ____A C:\Windows\WindowsUpdate.log
2013-05-12 16:13 - 2009-07-14 06:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-12 16:13 - 2009-07-14 06:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-12 16:07 - 2012-04-08 13:20 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-12 16:06 - 2013-04-28 15:50 - 00000000 ____D C:\Users\Aidan\Local Settings\LogMeIn Hamachi
2013-05-12 16:06 - 2013-04-28 15:50 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\LogMeIn Hamachi
2013-05-12 16:06 - 2013-04-28 15:50 - 00000000 ____D C:\Users\Aidan\AppData\Local\LogMeIn Hamachi
2013-05-12 16:06 - 2010-05-01 18:27 - 00000000 ____D C:\Users\Aidan\Local Settings\SoftThinks
2013-05-12 16:06 - 2010-05-01 18:27 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\SoftThinks
2013-05-12 16:06 - 2010-05-01 18:27 - 00000000 ____D C:\Users\Aidan\AppData\Local\SoftThinks
2013-05-12 16:06 - 2010-03-18 20:28 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
2013-05-12 16:06 - 2010-03-18 20:28 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2013-05-12 16:06 - 2010-03-18 20:28 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-05-12 16:06 - 2010-03-18 20:28 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2013-05-12 16:06 - 2010-03-18 20:28 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2013-05-12 16:06 - 2010-03-18 20:28 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-05-12 16:06 - 2010-03-18 20:08 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-05-12 16:05 - 2011-02-22 13:28 - 00000000 ____D C:\ProgramData\Kodak
2013-05-12 16:05 - 2011-02-22 13:28 - 00000000 ____D C:\ProgramData\Application Data\Kodak
2013-05-12 16:05 - 2010-05-02 16:46 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-12 16:05 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-12 16:05 - 2009-07-14 06:51 - 00156013 ____A C:\Windows\setupact.log
2013-05-12 16:01 - 2013-04-28 15:51 - 00000276 ____A C:\Windows\Tasks\PC Performer_DEFAULT.job
2013-05-12 14:45 - 2013-05-12 14:45 - 00116787 ____A C:\Users\Aidan\Local Settings\Application Data\2433f433
2013-05-12 14:45 - 2013-05-12 14:45 - 00116787 ____A C:\Users\Aidan\Local Settings\2433f433
2013-05-12 14:45 - 2013-05-12 14:45 - 00116787 ____A C:\Users\Aidan\AppData\Local\2433f433
2013-05-12 14:45 - 2013-05-12 14:45 - 00116764 ____A C:\Users\Aidan\Application Data\2433f433
2013-05-12 14:45 - 2013-05-12 14:45 - 00116764 ____A C:\Users\Aidan\AppData\Roaming\2433f433
2013-05-12 14:45 - 2013-05-12 14:45 - 00116737 ____A C:\ProgramData\Application Data\2433f433
2013-05-12 14:45 - 2013-05-12 14:45 - 00116737 ____A C:\ProgramData\2433f433
2013-05-12 14:45 - 2013-05-12 14:45 - 00031232 ____A C:\Users\Aidan\My Documents\6dea9f99.exe
2013-05-12 14:45 - 2013-05-12 14:45 - 00031232 ____A C:\Users\Aidan\Documents\6dea9f99.exe
2013-05-12 14:34 - 2010-05-02 16:46 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-12 14:28 - 2010-05-02 20:04 - 00000000 ____D C:\Users\Aidan\Application Data\Skype
2013-05-12 14:28 - 2010-05-02 20:04 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\Skype
2013-05-12 14:08 - 2010-05-02 10:58 - 00000000 ____D C:\Users\Aidan\Local Settings\Deployment
2013-05-12 14:08 - 2010-05-02 10:58 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\Deployment
2013-05-12 14:08 - 2010-05-02 10:58 - 00000000 ____D C:\Users\Aidan\AppData\Local\Deployment
2013-05-12 14:01 - 2012-10-12 16:56 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2204269814-2470913285-1325809592-1001UA.job
2013-05-11 22:02 - 2011-07-09 11:03 - 00000000 ____D C:\Users\Aidan\Application Data\.minecraft
2013-05-11 22:02 - 2011-07-09 11:03 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\.minecraft
2013-05-11 19:36 - 2013-02-23 20:33 - 00000000 ____D C:\Program Files (x86)\File Type Assistant
2013-05-11 17:01 - 2012-10-12 16:56 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2204269814-2470913285-1325809592-1001Core.job
2013-05-11 15:53 - 2013-05-04 12:04 - 00000000 ____D C:\Users\Aidan\Desktop\Minecraft Server
2013-05-10 23:08 - 2010-05-02 16:26 - 00000000 ____D C:\Program Files (x86)\Steam
2013-05-09 19:56 - 2013-05-06 22:26 - 00000000 ____D C:\Users\Aidan\Application Data\PriceGong
2013-05-09 19:56 - 2013-05-06 22:26 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\PriceGong
2013-05-08 16:43 - 2010-07-17 12:02 - 00000000 ____D C:\Users\Aidan\My Documents\My Games
2013-05-08 16:43 - 2010-07-17 12:02 - 00000000 ____D C:\Users\Aidan\Documents\My Games
2013-05-08 16:41 - 2010-03-18 20:13 - 00425053 ____A C:\Windows\DirectX.log
2013-05-07 22:52 - 2013-05-07 22:52 - 00000221 ____A C:\Users\Aidan\Desktop\CrimeCraft GangWars.url
2013-05-06 22:27 - 2013-04-21 20:24 - 00000000 ____D C:\Users\Aidan\Local Settings\WiseConvert_B
2013-05-06 22:27 - 2013-04-21 20:24 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\WiseConvert_B
2013-05-06 22:27 - 2013-04-21 20:24 - 00000000 ____D C:\Users\Aidan\AppData\Local\WiseConvert_B
2013-05-06 22:27 - 2013-04-02 18:27 - 00000000 ____D C:\Program Files (x86)\WiseConvert_B
2013-05-06 22:26 - 2013-04-28 15:51 - 00000000 ____D C:\Users\Aidan\Application Data\holasearch
2013-05-06 22:26 - 2013-04-28 15:51 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\holasearch
2013-05-05 21:42 - 2013-05-05 21:42 - 00000222 ____A C:\Users\Aidan\Desktop\MicroVolts.url
2013-05-04 12:03 - 2013-04-28 11:01 - 00000000 ____D C:\Users\Aidan\Desktop\Swrver
2013-05-02 17:29 - 2010-05-23 10:02 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-01 17:49 - 2013-05-01 17:39 - 00000000 ____D C:\Program Files\My Dell
2013-05-01 17:49 - 2011-05-25 11:03 - 00000000 ____D C:\Program Files\Dell Support Center
2013-05-01 17:39 - 2010-03-18 20:09 - 00000000 ____D C:\ProgramData\PCDr
2013-05-01 17:39 - 2010-03-18 20:09 - 00000000 ____D C:\ProgramData\Application Data\PCDr
2013-05-01 16:30 - 2013-04-28 15:51 - 00000284 ____A C:\Windows\Tasks\PC Performer_UPDATES.job
2013-04-29 09:00 - 2013-04-19 20:53 - 00000000 ____D C:\ProgramData\BrowserProtect
2013-04-29 09:00 - 2013-04-19 20:53 - 00000000 ____D C:\ProgramData\Application Data\BrowserProtect
2013-04-29 09:00 - 2010-03-19 03:57 - 00744322 ____A C:\Windows\PFRO.log
2013-04-28 23:14 - 2009-07-14 04:34 - 00000545 ____A C:\Windows\win.ini
2013-04-28 23:13 - 2012-12-22 18:28 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-04-28 19:43 - 2013-02-23 20:34 - 00000000 ____D C:\Users\Aidan\Local Settings\FileTypeAssistant
2013-04-28 19:43 - 2013-02-23 20:34 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\FileTypeAssistant
2013-04-28 19:43 - 2013-02-23 20:34 - 00000000 ____D C:\Users\Aidan\AppData\Local\FileTypeAssistant
2013-04-28 15:51 - 2013-04-28 15:51 - 00001016 ____A C:\Users\Public\Desktop\PC Performer.lnk
2013-04-28 15:51 - 2013-04-28 15:51 - 00001016 ____A C:\ProgramData\Desktop\PC Performer.lnk
2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\Users\Aidan\Application Data\PerformerSoft
2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\Users\Aidan\Application Data\BabSolution
2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\PerformerSoft
2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\BabSolution
2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\ProgramData\Application Data\IBUpdaterService
2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\Program Files (x86)\PC Performer
2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\Program Files (x86)\holasearch
2013-04-28 15:50 - 2013-04-28 15:50 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-04-28 15:49 - 2013-04-28 15:49 - 04295168 ____A C:\Users\Aidan\Desktop\hamachi.msi
2013-04-28 15:49 - 2013-04-28 15:49 - 00592120 ____A () C:\Users\Aidan\Desktop\pcpholasetup.exe
2013-04-28 15:49 - 2013-04-28 15:49 - 00392512 ____A (Softonic ) C:\Users\Aidan\Desktop\SoftonicDownloader_for_hamachi.exe
2013-04-28 11:02 - 2013-04-28 11:01 - 02541261 ____A C:\Users\Aidan\Downloads\Minecraft_Server.exe
2013-04-27 23:35 - 2013-04-28 09:57 - 00001556 ____A C:\Users\Aidan\Desktop\Minecraft.lnk
2013-04-27 22:19 - 2013-04-27 22:19 - 00000066 ____A C:\Users\Aidan\Downloads\createProfile51ab1887
2013-04-27 22:19 - 2013-04-27 22:19 - 00000017 ____A C:\Users\Aidan\Downloads\checkProfileName
2013-04-27 21:53 - 2013-04-27 21:53 - 00000089 ____A C:\Users\Aidan\Downloads\register9fc074f7
2013-04-27 17:15 - 2010-05-02 20:02 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-04-27 17:15 - 2010-05-02 20:02 - 00000000 ____D C:\ProgramData\Skype
2013-04-27 17:15 - 2010-05-02 20:02 - 00000000 ____D C:\ProgramData\Application Data\Skype
2013-04-27 17:15 - 2010-03-18 20:11 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-04-27 11:11 - 2013-04-26 21:10 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{AF92D7A6-C5B2-45CD-BD39-7197F1065163}
2013-04-27 11:11 - 2013-04-26 21:10 - 00000000 ____D C:\Users\Aidan\Local Settings\{AF92D7A6-C5B2-45CD-BD39-7197F1065163}
2013-04-27 11:11 - 2013-04-26 21:10 - 00000000 ____D C:\Users\Aidan\AppData\Local\{AF92D7A6-C5B2-45CD-BD39-7197F1065163}
2013-04-26 21:09 - 2010-05-01 18:51 - 00000000 ____D C:\Users\Aidan\Tracing
2013-04-25 20:32 - 2013-04-25 20:32 - 00000222 ____A C:\Users\Aidan\Desktop\District 187.url
2013-04-25 17:39 - 2013-04-25 17:39 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{49409519-B1B4-4A2E-9B63-479C288DD581}
2013-04-25 17:39 - 2013-04-25 17:39 - 00000000 ____D C:\Users\Aidan\Local Settings\{49409519-B1B4-4A2E-9B63-479C288DD581}
2013-04-25 17:39 - 2013-04-25 17:39 - 00000000 ____D C:\Users\Aidan\AppData\Local\{49409519-B1B4-4A2E-9B63-479C288DD581}
2013-04-24 20:45 - 2013-04-24 20:45 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{38E6F073-6BF0-4096-9687-88FBE6E031F5}
2013-04-24 20:45 - 2013-04-24 20:45 - 00000000 ____D C:\Users\Aidan\Local Settings\{38E6F073-6BF0-4096-9687-88FBE6E031F5}
2013-04-24 20:45 - 2013-04-24 20:45 - 00000000 ____D C:\Users\Aidan\AppData\Local\{38E6F073-6BF0-4096-9687-88FBE6E031F5}
2013-04-23 17:44 - 2013-04-23 17:43 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{96716AE2-3223-461D-8BCA-261B5594DD9B}
2013-04-23 17:44 - 2013-04-23 17:43 - 00000000 ____D C:\Users\Aidan\Local Settings\{96716AE2-3223-461D-8BCA-261B5594DD9B}
2013-04-23 17:44 - 2013-04-23 17:43 - 00000000 ____D C:\Users\Aidan\AppData\Local\{96716AE2-3223-461D-8BCA-261B5594DD9B}
2013-04-22 03:33 - 2011-03-05 03:30 - 00000410 ___AH C:\Windows\Tasks\Norton Security Scan for Aidan.job
2013-04-21 20:24 - 2013-04-21 20:24 - 00000000 ____D C:\Users\Aidan\Application Data\mixidj
2013-04-21 20:24 - 2013-04-21 20:24 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\mixidj
2013-04-20 20:21 - 2013-04-20 20:21 - 00000000 ____D C:\Users\Aidan\Local Settings\Doctor Entertainment AB
2013-04-20 20:21 - 2013-04-20 20:21 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\Doctor Entertainment AB
2013-04-20 20:21 - 2013-04-20 20:21 - 00000000 ____D C:\Users\Aidan\AppData\Local\Doctor Entertainment AB
2013-04-20 10:57 - 2013-04-20 10:56 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{48467D8C-7D89-4815-813D-4A215316D0C9}
2013-04-20 10:57 - 2013-04-20 10:56 - 00000000 ____D C:\Users\Aidan\Local Settings\{48467D8C-7D89-4815-813D-4A215316D0C9}
2013-04-20 10:57 - 2013-04-20 10:56 - 00000000 ____D C:\Users\Aidan\AppData\Local\{48467D8C-7D89-4815-813D-4A215316D0C9}
2013-04-19 21:01 - 2013-04-19 20:53 - 00000000 ____D C:\Program Files (x86)\Free Ride Games
2013-04-19 21:01 - 2010-05-09 20:38 - 00000000 ____D C:\Users\Aidan\Application Data\Apple Computer
2013-04-19 21:01 - 2010-05-09 20:38 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\Apple Computer
2013-04-19 20:53 - 2013-04-19 20:53 - 00000000 ____D C:\Users\Aidan\Application Data\CRMixiDJTB
2013-04-19 20:53 - 2013-04-19 20:53 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\CRMixiDJTB
2013-04-19 20:53 - 2013-04-19 20:53 - 00000000 ____D C:\ProgramData\Free Ride Games
2013-04-19 20:53 - 2013-04-19 20:53 - 00000000 ____D C:\ProgramData\Application Data\Free Ride Games
2013-04-19 20:53 - 2013-04-19 20:53 - 00000000 ____D C:\Program Files (x86)\mixidj
2013-04-19 20:53 - 2013-02-23 20:32 - 00000064 ____A C:\Windows\GPlrLanc.dat
2013-04-19 20:52 - 2013-04-19 20:52 - 00000000 ____D C:\Program Files (x86)\PricePeep
2013-04-19 20:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-04-19 20:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Resources
2013-04-19 18:09 - 2013-03-23 19:14 - 00001175 ____A C:\Users\Aidan\Desktop\ROBLOX Studio 2013.lnk
2013-04-19 16:51 - 2013-04-19 16:51 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{711A607A-39DC-40E2-AD36-987378A13612}
2013-04-19 16:51 - 2013-04-19 16:51 - 00000000 ____D C:\Users\Aidan\Local Settings\{711A607A-39DC-40E2-AD36-987378A13612}
2013-04-19 16:51 - 2013-04-19 16:51 - 00000000 ____D C:\Users\Aidan\AppData\Local\{711A607A-39DC-40E2-AD36-987378A13612}
2013-04-18 18:30 - 2013-04-18 18:30 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{B05F6936-EE62-4338-87CF-C78C92F4FD39}
2013-04-18 18:30 - 2013-04-18 18:30 - 00000000 ____D C:\Users\Aidan\Local Settings\{B05F6936-EE62-4338-87CF-C78C92F4FD39}
2013-04-18 18:30 - 2013-04-18 18:30 - 00000000 ____D C:\Users\Aidan\AppData\Local\{B05F6936-EE62-4338-87CF-C78C92F4FD39}
2013-04-17 17:56 - 2013-04-17 17:56 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{4F5C836F-7BF0-4837-B6D5-16EABDC0A6D8}
2013-04-17 17:56 - 2013-04-17 17:56 - 00000000 ____D C:\Users\Aidan\Local Settings\{4F5C836F-7BF0-4837-B6D5-16EABDC0A6D8}
2013-04-17 17:56 - 2013-04-17 17:56 - 00000000 ____D C:\Users\Aidan\AppData\Local\{4F5C836F-7BF0-4837-B6D5-16EABDC0A6D8}
2013-04-16 18:34 - 2013-04-16 18:34 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{D7D28AE2-47F3-4330-812B-1AC59FE7569A}
2013-04-16 18:34 - 2013-04-16 18:34 - 00000000 ____D C:\Users\Aidan\Local Settings\{D7D28AE2-47F3-4330-812B-1AC59FE7569A}
2013-04-16 18:34 - 2013-04-16 18:34 - 00000000 ____D C:\Users\Aidan\AppData\Local\{D7D28AE2-47F3-4330-812B-1AC59FE7569A}
2013-04-15 18:35 - 2013-04-15 18:34 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{F6B69632-3834-4F8C-8E6E-E02351E81C83}
2013-04-15 18:35 - 2013-04-15 18:34 - 00000000 ____D C:\Users\Aidan\Local Settings\{F6B69632-3834-4F8C-8E6E-E02351E81C83}
2013-04-15 18:35 - 2013-04-15 18:34 - 00000000 ____D C:\Users\Aidan\AppData\Local\{F6B69632-3834-4F8C-8E6E-E02351E81C83}
2013-04-14 22:09 - 2013-01-30 21:52 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-04-14 22:09 - 2012-07-08 18:19 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2013-04-14 22:09 - 2011-12-15 18:26 - 00281520 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2013-04-14 11:24 - 2013-04-14 11:23 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{58DCC829-4668-454F-AF2D-4F78B52BC9DF}
2013-04-14 11:24 - 2013-04-14 11:23 - 00000000 ____D C:\Users\Aidan\Local Settings\{58DCC829-4668-454F-AF2D-4F78B52BC9DF}
2013-04-14 11:24 - 2013-04-14 11:23 - 00000000 ____D C:\Users\Aidan\AppData\Local\{58DCC829-4668-454F-AF2D-4F78B52BC9DF}
2013-04-13 22:53 - 2013-04-13 22:53 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{5E766E57-5CB9-4992-97F7-D918E528EFF4}
2013-04-13 22:53 - 2013-04-13 22:53 - 00000000 ____D C:\Users\Aidan\Local Settings\{5E766E57-5CB9-4992-97F7-D918E528EFF4}
2013-04-13 22:53 - 2013-04-13 22:53 - 00000000 ____D C:\Users\Aidan\AppData\Local\{5E766E57-5CB9-4992-97F7-D918E528EFF4}
2013-04-13 10:53 - 2013-04-13 10:52 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{F1371623-85A7-45C1-BEDA-531B26B715A5}
2013-04-13 10:53 - 2013-04-13 10:52 - 00000000 ____D C:\Users\Aidan\Local Settings\{F1371623-85A7-45C1-BEDA-531B26B715A5}
2013-04-13 10:53 - 2013-04-13 10:52 - 00000000 ____D C:\Users\Aidan\AppData\Local\{F1371623-85A7-45C1-BEDA-531B26B715A5}
2013-04-12 16:45 - 2013-04-24 20:50 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-12 00:12 - 2013-04-12 00:12 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{6ED11928-1EBB-450E-B100-1A2AE2D3179D}
2013-04-12 00:12 - 2013-04-12 00:12 - 00000000 ____D C:\Users\Aidan\Local Settings\{6ED11928-1EBB-450E-B100-1A2AE2D3179D}
2013-04-12 00:12 - 2013-04-12 00:12 - 00000000 ____D C:\Users\Aidan\AppData\Local\{6ED11928-1EBB-450E-B100-1A2AE2D3179D}

Other Malware:
===========
C:\Users\Aidan\APB_Reloaded_Installer.exe
C:\Users\Aidan\gotomypc_626.exe
C:\ProgramData\ezsidmv.dat

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-05-03 09:15:50
Restore point made on: 2013-05-05 20:01:37
Restore point made on: 2013-05-06 11:50:36
Restore point made on: 2013-05-08 16:39:39
Restore point made on: 2013-05-08 16:42:23
Restore point made on: 2013-05-10 16:53:42

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 6103.08 MB
Available physical RAM: 5381.96 MB
Total Pagefile: 6101.23 MB
Available Pagefile: 5369.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:921.79 GB) (Free:209.68 GB) NTFS (Disk=0 Partition=3)
Drive i: () (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT (Disk=1 Partition=1)
Drive j: (RECOVERY) (Fixed) (Total:9.61 GB) (Free:4.35 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 30000000)
Partition 1: (Not Active) - (Size=118 MB) - (Type=DE)
Partition 2: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=922 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 246 MB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=245 MB) - (Type=06)


Last Boot: 2012-08-11 22:23

==================== End Of Log ============================
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Hi and welcome to the malwaretips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:
  • I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />

Now please download this file and save it to your Flash Drive.

[attachment=4449]


Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log. Then attempt to boot to normal mode.
 

Attachments

  • fixlist.txt
    2.2 KB · Views: 100

Similar threads

J
  • Locked
I need help with a Malware Spanish logs
Replies
2
Views
2,282
Windows Malware Removal Help & Support
nasdaq
nasdaq
K
  • Locked
PowerShell/MaleficAms Powershell Infection Please Help
Replies
2
Views
2,501
Windows Malware Removal Help & Support
nasdaq
nasdaq
Razza
    • Like
Question Intrusion prevention not working as expected
Replies
8
Views
982
Kaspersky
Razza
Razza

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top