Reply to thread

Message: <blockquote data-quote="Jon Peachment" data-source="post: 120293" data-attributes="member: 8172">Hi Guys I have this virus on my sons computer. I have followed the steps from previous posts and will copy and paste what I have below. Its a lot so I do apologise. Is anyone able to assist me? It would be really appreciated. Jon Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2013 01Ran by SYSTEM on 12-05-2013 16:23:14Running from I:\Windows 7 Home Premium (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: RecoveryThe current controlset is ControlSet002ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8158240 2009-10-07] (Realtek Semiconductor)HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2327952 2010-07-21] (Microsoft Corporation)HKLM\...\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-06] (Dell)HKLM-x32\...\runonceex: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)HKLM-x32\...\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [636032 2012-02-15] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] ()HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [x]HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41208 2012-12-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe [979360 2011-06-03] (Razer USA Ltd)HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2731296 2013-03-06] (Conduit)HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255360 2012-12-14] (LogMeIn Inc.)HKU\Aidan\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [x]HKU\Aidan\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1635752 2013-05-04] (Valve Corporation)HKU\Aidan\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]HKU\Aidan\...\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup [x]HKU\Aidan\...\Run: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect [1040712 2012-06-15] ()HKU\Aidan\...\Run: [Facebook Update] "C:\Users\Aidan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-10-12] (Facebook Inc.)HKU\Aidan\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18643560 2013-03-01] (Skype Technologies S.A.)HKU\Aidan\...\Run: [Akamai NetSession Interface] "C:\Users\Aidan\AppData\Local\Akamai\netsession_win.exe" [x]HKU\Aidan\...\Run: [SearchEngineProtection] C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe [620480 2013-02-23] (Oberon Media )HKU\Aidan\...\Run: [SearchProtect] C:\Users\Aidan\AppData\Roaming\SearchProtect\bin\cltmng.exe [2730784 2013-04-11] (Conduit)HKU\Aidan\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup [4936152 2012-12-04] (Exent Technologies Ltd.)HKU\Aidan\...\Run: [GoogleChromeAutoLaunch_F3BDC88420494643EF2FCA4ED02D03FA] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window [1312720 2013-04-09] (Google Inc.)HKU\Aidan\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Aidan\Documents\6dea9f99.exe [31232 2013-05-12] ()HKU\Aidan\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation)Startup: C:\Users\Aidan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()Startup: C:\Users\Aidan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnkShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\ProgramData\Start Menu\Programs\Startup\AML Device Install.lnkShortcutTarget: AML Device Install.lnk -> C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe ()Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)==================== Services (Whitelisted) =================S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2787280 2013-03-22] ()S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [93984 2013-03-06] (Conduit)S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)S2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [231752 2012-07-10] (NETGEAR)S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-01-30] ()S2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [x]S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]==================== Drivers (Whitelisted) ====================S3 atillk64; C:\dell\drivers\R267410\atillk64.sys [14608 2006-07-19] (ATI Technologies Inc.)S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)S2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2012-08-25] (CACE Technologies, Inc.)S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [38536 2013-01-25] ()S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)S3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2011-07-15] (Creative Technology Ltd.)S2 X5XSEx_Pr143; C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [56136 2012-08-02] (Exent Technologies Ltd.)S3 ALSysIO; \??\C:\Users\Aidan\AppData\Local\Temp\ALSysIO64.sys [x]S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [x]S1 RxFilter; system32\DRIVERS\RxFilter.sys [x]S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [x]S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-05-12 16:22 - 2013-05-12 16:22 - 00000000 ____D C:\FRST2013-05-12 14:45 - 2013-05-12 14:45 - 00116787 ____A C:\Users\Aidan\Local Settings\Application Data\2433f4332013-05-12 14:45 - 2013-05-12 14:45 - 00116787 ____A C:\Users\Aidan\Local Settings\2433f4332013-05-12 14:45 - 2013-05-12 14:45 - 00116787 ____A C:\Users\Aidan\AppData\Local\2433f4332013-05-12 14:45 - 2013-05-12 14:45 - 00116764 ____A C:\Users\Aidan\Application Data\2433f4332013-05-12 14:45 - 2013-05-12 14:45 - 00116764 ____A C:\Users\Aidan\AppData\Roaming\2433f4332013-05-12 14:45 - 2013-05-12 14:45 - 00116737 ____A C:\ProgramData\Application Data\2433f4332013-05-12 14:45 - 2013-05-12 14:45 - 00116737 ____A C:\ProgramData\2433f4332013-05-12 14:45 - 2013-05-12 14:45 - 00031232 ____A C:\Users\Aidan\My Documents\6dea9f99.exe2013-05-12 14:45 - 2013-05-12 14:45 - 00031232 ____A C:\Users\Aidan\Documents\6dea9f99.exe2013-05-07 22:52 - 2013-05-07 22:52 - 00000221 ____A C:\Users\Aidan\Desktop\CrimeCraft GangWars.url2013-05-06 22:26 - 2013-05-09 19:56 - 00000000 ____D C:\Users\Aidan\Application Data\PriceGong2013-05-06 22:26 - 2013-05-09 19:56 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\PriceGong2013-05-05 21:42 - 2013-05-05 21:42 - 00000222 ____A C:\Users\Aidan\Desktop\MicroVolts.url2013-05-04 12:04 - 2013-05-11 15:53 - 00000000 ____D C:\Users\Aidan\Desktop\Minecraft Server2013-05-01 17:39 - 2013-05-01 17:49 - 00000000 ____D C:\Program Files\My Dell2013-04-29 09:07 - 2009-03-18 17:35 - 00033856 ___AH (LogMeIn, Inc.) C:\Windows\System32\hamachi.sys2013-04-28 15:51 - 2013-05-12 16:01 - 00000276 ____A C:\Windows\Tasks\PC Performer_DEFAULT.job2013-04-28 15:51 - 2013-05-06 22:26 - 00000000 ____D C:\Users\Aidan\Application Data\holasearch2013-04-28 15:51 - 2013-05-06 22:26 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\holasearch2013-04-28 15:51 - 2013-05-01 16:30 - 00000284 ____A C:\Windows\Tasks\PC Performer_UPDATES.job2013-04-28 15:51 - 2013-04-28 15:51 - 00001016 ____A C:\Users\Public\Desktop\PC Performer.lnk2013-04-28 15:51 - 2013-04-28 15:51 - 00001016 ____A C:\ProgramData\Desktop\PC Performer.lnk2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\Users\Aidan\Application Data\PerformerSoft2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\Users\Aidan\Application Data\BabSolution2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\PerformerSoft2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\BabSolution2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\ProgramData\IBUpdaterService2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\ProgramData\Application Data\IBUpdaterService2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\Program Files (x86)\PC Performer2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\Program Files (x86)\holasearch2013-04-28 15:51 - 2012-12-19 16:53 - 00019632 ____A (PerformerSoft LLC) C:\Windows\System32\roboot64.exe2013-04-28 15:50 - 2013-05-12 16:06 - 00000000 ____D C:\Users\Aidan\Local Settings\LogMeIn Hamachi2013-04-28 15:50 - 2013-05-12 16:06 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\LogMeIn Hamachi2013-04-28 15:50 - 2013-05-12 16:06 - 00000000 ____D C:\Users\Aidan\AppData\Local\LogMeIn Hamachi2013-04-28 15:50 - 2013-04-28 15:50 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi2013-04-28 15:49 - 2013-04-28 15:49 - 04295168 ____A C:\Users\Aidan\Desktop\hamachi.msi2013-04-28 15:49 - 2013-04-28 15:49 - 00592120 ____A () C:\Users\Aidan\Desktop\pcpholasetup.exe2013-04-28 15:49 - 2013-04-28 15:49 - 00392512 ____A (Softonic                                        ) C:\Users\Aidan\Desktop\SoftonicDownloader_for_hamachi.exe2013-04-28 11:01 - 2013-05-04 12:03 - 00000000 ____D C:\Users\Aidan\Desktop\Swrver2013-04-28 11:01 - 2013-04-28 11:02 - 02541261 ____A C:\Users\Aidan\Downloads\Minecraft_Server.exe2013-04-28 09:57 - 2013-04-27 23:35 - 00001556 ____A C:\Users\Aidan\Desktop\Minecraft.lnk2013-04-27 22:19 - 2013-04-27 22:19 - 00000066 ____A C:\Users\Aidan\Downloads\createProfile51ab18872013-04-27 22:19 - 2013-04-27 22:19 - 00000017 ____A C:\Users\Aidan\Downloads\checkProfileName2013-04-27 21:53 - 2013-04-27 21:53 - 00000089 ____A C:\Users\Aidan\Downloads\register9fc074f72013-04-26 21:10 - 2013-04-27 11:11 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{AF92D7A6-C5B2-45CD-BD39-7197F1065163}2013-04-26 21:10 - 2013-04-27 11:11 - 00000000 ____D C:\Users\Aidan\Local Settings\{AF92D7A6-C5B2-45CD-BD39-7197F1065163}2013-04-26 21:10 - 2013-04-27 11:11 - 00000000 ____D C:\Users\Aidan\AppData\Local\{AF92D7A6-C5B2-45CD-BD39-7197F1065163}2013-04-25 20:32 - 2013-04-25 20:32 - 00000222 ____A C:\Users\Aidan\Desktop\District 187.url2013-04-25 17:39 - 2013-04-25 17:39 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{49409519-B1B4-4A2E-9B63-479C288DD581}2013-04-25 17:39 - 2013-04-25 17:39 - 00000000 ____D C:\Users\Aidan\Local Settings\{49409519-B1B4-4A2E-9B63-479C288DD581}2013-04-25 17:39 - 2013-04-25 17:39 - 00000000 ____D C:\Users\Aidan\AppData\Local\{49409519-B1B4-4A2E-9B63-479C288DD581}2013-04-24 20:50 - 2013-04-12 16:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys2013-04-24 20:45 - 2013-04-24 20:45 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{38E6F073-6BF0-4096-9687-88FBE6E031F5}2013-04-24 20:45 - 2013-04-24 20:45 - 00000000 ____D C:\Users\Aidan\Local Settings\{38E6F073-6BF0-4096-9687-88FBE6E031F5}2013-04-24 20:45 - 2013-04-24 20:45 - 00000000 ____D C:\Users\Aidan\AppData\Local\{38E6F073-6BF0-4096-9687-88FBE6E031F5}2013-04-23 17:43 - 2013-04-23 17:44 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{96716AE2-3223-461D-8BCA-261B5594DD9B}2013-04-23 17:43 - 2013-04-23 17:44 - 00000000 ____D C:\Users\Aidan\Local Settings\{96716AE2-3223-461D-8BCA-261B5594DD9B}2013-04-23 17:43 - 2013-04-23 17:44 - 00000000 ____D C:\Users\Aidan\AppData\Local\{96716AE2-3223-461D-8BCA-261B5594DD9B}2013-04-21 20:24 - 2013-05-06 22:27 - 00000000 ____D C:\Users\Aidan\Local Settings\WiseConvert_B2013-04-21 20:24 - 2013-05-06 22:27 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\WiseConvert_B2013-04-21 20:24 - 2013-05-06 22:27 - 00000000 ____D C:\Users\Aidan\AppData\Local\WiseConvert_B2013-04-21 20:24 - 2013-04-21 20:24 - 00000000 ____D C:\Users\Aidan\Application Data\mixidj2013-04-21 20:24 - 2013-04-21 20:24 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\mixidj2013-04-20 20:21 - 2013-04-20 20:21 - 00000000 ____D C:\Users\Aidan\Local Settings\Doctor Entertainment AB2013-04-20 20:21 - 2013-04-20 20:21 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\Doctor Entertainment AB2013-04-20 20:21 - 2013-04-20 20:21 - 00000000 ____D C:\Users\Aidan\AppData\Local\Doctor Entertainment AB2013-04-20 10:56 - 2013-04-20 10:57 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{48467D8C-7D89-4815-813D-4A215316D0C9}2013-04-20 10:56 - 2013-04-20 10:57 - 00000000 ____D C:\Users\Aidan\Local Settings\{48467D8C-7D89-4815-813D-4A215316D0C9}2013-04-20 10:56 - 2013-04-20 10:57 - 00000000 ____D C:\Users\Aidan\AppData\Local\{48467D8C-7D89-4815-813D-4A215316D0C9}2013-04-19 20:53 - 2013-04-29 09:00 - 00000000 ____D C:\ProgramData\BrowserProtect2013-04-19 20:53 - 2013-04-29 09:00 - 00000000 ____D C:\ProgramData\Application Data\BrowserProtect2013-04-19 20:53 - 2013-04-19 21:01 - 00000000 ____D C:\Program Files (x86)\Free Ride Games2013-04-19 20:53 - 2013-04-19 20:53 - 00000000 ____D C:\Users\Aidan\Application Data\CRMixiDJTB2013-04-19 20:53 - 2013-04-19 20:53 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\CRMixiDJTB2013-04-19 20:53 - 2013-04-19 20:53 - 00000000 ____D C:\ProgramData\Free Ride Games2013-04-19 20:53 - 2013-04-19 20:53 - 00000000 ____D C:\ProgramData\Application Data\Free Ride Games2013-04-19 20:53 - 2013-04-19 20:53 - 00000000 ____D C:\Program Files (x86)\mixidj2013-04-19 20:53 - 2012-12-04 17:48 - 00057824 ____N (Exent Technologies Ltd.) C:\Windows\ExentInfo.exe2013-04-19 20:52 - 2013-04-19 20:52 - 00000000 ____D C:\Program Files (x86)\PricePeep2013-04-19 16:51 - 2013-04-19 16:51 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{711A607A-39DC-40E2-AD36-987378A13612}2013-04-19 16:51 - 2013-04-19 16:51 - 00000000 ____D C:\Users\Aidan\Local Settings\{711A607A-39DC-40E2-AD36-987378A13612}2013-04-19 16:51 - 2013-04-19 16:51 - 00000000 ____D C:\Users\Aidan\AppData\Local\{711A607A-39DC-40E2-AD36-987378A13612}2013-04-18 18:30 - 2013-04-18 18:30 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{B05F6936-EE62-4338-87CF-C78C92F4FD39}2013-04-18 18:30 - 2013-04-18 18:30 - 00000000 ____D C:\Users\Aidan\Local Settings\{B05F6936-EE62-4338-87CF-C78C92F4FD39}2013-04-18 18:30 - 2013-04-18 18:30 - 00000000 ____D C:\Users\Aidan\AppData\Local\{B05F6936-EE62-4338-87CF-C78C92F4FD39}2013-04-17 17:56 - 2013-04-17 17:56 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{4F5C836F-7BF0-4837-B6D5-16EABDC0A6D8}2013-04-17 17:56 - 2013-04-17 17:56 - 00000000 ____D C:\Users\Aidan\Local Settings\{4F5C836F-7BF0-4837-B6D5-16EABDC0A6D8}2013-04-17 17:56 - 2013-04-17 17:56 - 00000000 ____D C:\Users\Aidan\AppData\Local\{4F5C836F-7BF0-4837-B6D5-16EABDC0A6D8}2013-04-16 18:34 - 2013-04-16 18:34 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{D7D28AE2-47F3-4330-812B-1AC59FE7569A}2013-04-16 18:34 - 2013-04-16 18:34 - 00000000 ____D C:\Users\Aidan\Local Settings\{D7D28AE2-47F3-4330-812B-1AC59FE7569A}2013-04-16 18:34 - 2013-04-16 18:34 - 00000000 ____D C:\Users\Aidan\AppData\Local\{D7D28AE2-47F3-4330-812B-1AC59FE7569A}2013-04-15 18:34 - 2013-04-15 18:35 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{F6B69632-3834-4F8C-8E6E-E02351E81C83}2013-04-15 18:34 - 2013-04-15 18:35 - 00000000 ____D C:\Users\Aidan\Local Settings\{F6B69632-3834-4F8C-8E6E-E02351E81C83}2013-04-15 18:34 - 2013-04-15 18:35 - 00000000 ____D C:\Users\Aidan\AppData\Local\{F6B69632-3834-4F8C-8E6E-E02351E81C83}2013-04-14 11:23 - 2013-04-14 11:24 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{58DCC829-4668-454F-AF2D-4F78B52BC9DF}2013-04-14 11:23 - 2013-04-14 11:24 - 00000000 ____D C:\Users\Aidan\Local Settings\{58DCC829-4668-454F-AF2D-4F78B52BC9DF}2013-04-14 11:23 - 2013-04-14 11:24 - 00000000 ____D C:\Users\Aidan\AppData\Local\{58DCC829-4668-454F-AF2D-4F78B52BC9DF}2013-04-13 22:53 - 2013-04-13 22:53 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{5E766E57-5CB9-4992-97F7-D918E528EFF4}2013-04-13 22:53 - 2013-04-13 22:53 - 00000000 ____D C:\Users\Aidan\Local Settings\{5E766E57-5CB9-4992-97F7-D918E528EFF4}2013-04-13 22:53 - 2013-04-13 22:53 - 00000000 ____D C:\Users\Aidan\AppData\Local\{5E766E57-5CB9-4992-97F7-D918E528EFF4}2013-04-13 10:52 - 2013-04-13 10:53 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{F1371623-85A7-45C1-BEDA-531B26B715A5}2013-04-13 10:52 - 2013-04-13 10:53 - 00000000 ____D C:\Users\Aidan\Local Settings\{F1371623-85A7-45C1-BEDA-531B26B715A5}2013-04-13 10:52 - 2013-04-13 10:53 - 00000000 ____D C:\Users\Aidan\AppData\Local\{F1371623-85A7-45C1-BEDA-531B26B715A5}2013-04-12 00:12 - 2013-04-12 00:12 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{6ED11928-1EBB-450E-B100-1A2AE2D3179D}2013-04-12 00:12 - 2013-04-12 00:12 - 00000000 ____D C:\Users\Aidan\Local Settings\{6ED11928-1EBB-450E-B100-1A2AE2D3179D}2013-04-12 00:12 - 2013-04-12 00:12 - 00000000 ____D C:\Users\Aidan\AppData\Local\{6ED11928-1EBB-450E-B100-1A2AE2D3179D}==================== One Month Modified Files and Folders =======2013-05-12 16:22 - 2013-05-12 16:22 - 00000000 ____D C:\FRST2013-05-12 16:18 - 2009-07-14 07:10 - 01084863 ____A C:\Windows\WindowsUpdate.log2013-05-12 16:13 - 2009-07-14 06:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-05-12 16:13 - 2009-07-14 06:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-05-12 16:07 - 2012-04-08 13:20 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2013-05-12 16:06 - 2013-04-28 15:50 - 00000000 ____D C:\Users\Aidan\Local Settings\LogMeIn Hamachi2013-05-12 16:06 - 2013-04-28 15:50 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\LogMeIn Hamachi2013-05-12 16:06 - 2013-04-28 15:50 - 00000000 ____D C:\Users\Aidan\AppData\Local\LogMeIn Hamachi2013-05-12 16:06 - 2010-05-01 18:27 - 00000000 ____D C:\Users\Aidan\Local Settings\SoftThinks2013-05-12 16:06 - 2010-05-01 18:27 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\SoftThinks2013-05-12 16:06 - 2010-05-01 18:27 - 00000000 ____D C:\Users\Aidan\AppData\Local\SoftThinks2013-05-12 16:06 - 2010-03-18 20:28 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks2013-05-12 16:06 - 2010-03-18 20:28 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks2013-05-12 16:06 - 2010-03-18 20:28 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks2013-05-12 16:06 - 2010-03-18 20:28 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks2013-05-12 16:06 - 2010-03-18 20:28 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks2013-05-12 16:06 - 2010-03-18 20:28 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks2013-05-12 16:06 - 2010-03-18 20:08 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup2013-05-12 16:05 - 2011-02-22 13:28 - 00000000 ____D C:\ProgramData\Kodak2013-05-12 16:05 - 2011-02-22 13:28 - 00000000 ____D C:\ProgramData\Application Data\Kodak2013-05-12 16:05 - 2010-05-02 16:46 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-05-12 16:05 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-05-12 16:05 - 2009-07-14 06:51 - 00156013 ____A C:\Windows\setupact.log2013-05-12 16:01 - 2013-04-28 15:51 - 00000276 ____A C:\Windows\Tasks\PC Performer_DEFAULT.job2013-05-12 14:45 - 2013-05-12 14:45 - 00116787 ____A C:\Users\Aidan\Local Settings\Application Data\2433f4332013-05-12 14:45 - 2013-05-12 14:45 - 00116787 ____A C:\Users\Aidan\Local Settings\2433f4332013-05-12 14:45 - 2013-05-12 14:45 - 00116787 ____A C:\Users\Aidan\AppData\Local\2433f4332013-05-12 14:45 - 2013-05-12 14:45 - 00116764 ____A C:\Users\Aidan\Application Data\2433f4332013-05-12 14:45 - 2013-05-12 14:45 - 00116764 ____A C:\Users\Aidan\AppData\Roaming\2433f4332013-05-12 14:45 - 2013-05-12 14:45 - 00116737 ____A C:\ProgramData\Application Data\2433f4332013-05-12 14:45 - 2013-05-12 14:45 - 00116737 ____A C:\ProgramData\2433f4332013-05-12 14:45 - 2013-05-12 14:45 - 00031232 ____A C:\Users\Aidan\My Documents\6dea9f99.exe2013-05-12 14:45 - 2013-05-12 14:45 - 00031232 ____A C:\Users\Aidan\Documents\6dea9f99.exe2013-05-12 14:34 - 2010-05-02 16:46 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-05-12 14:28 - 2010-05-02 20:04 - 00000000 ____D C:\Users\Aidan\Application Data\Skype2013-05-12 14:28 - 2010-05-02 20:04 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\Skype2013-05-12 14:08 - 2010-05-02 10:58 - 00000000 ____D C:\Users\Aidan\Local Settings\Deployment2013-05-12 14:08 - 2010-05-02 10:58 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\Deployment2013-05-12 14:08 - 2010-05-02 10:58 - 00000000 ____D C:\Users\Aidan\AppData\Local\Deployment2013-05-12 14:01 - 2012-10-12 16:56 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2204269814-2470913285-1325809592-1001UA.job2013-05-11 22:02 - 2011-07-09 11:03 - 00000000 ____D C:\Users\Aidan\Application Data\.minecraft2013-05-11 22:02 - 2011-07-09 11:03 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\.minecraft2013-05-11 19:36 - 2013-02-23 20:33 - 00000000 ____D C:\Program Files (x86)\File Type Assistant2013-05-11 17:01 - 2012-10-12 16:56 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2204269814-2470913285-1325809592-1001Core.job2013-05-11 15:53 - 2013-05-04 12:04 - 00000000 ____D C:\Users\Aidan\Desktop\Minecraft Server2013-05-10 23:08 - 2010-05-02 16:26 - 00000000 ____D C:\Program Files (x86)\Steam2013-05-09 19:56 - 2013-05-06 22:26 - 00000000 ____D C:\Users\Aidan\Application Data\PriceGong2013-05-09 19:56 - 2013-05-06 22:26 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\PriceGong2013-05-08 16:43 - 2010-07-17 12:02 - 00000000 ____D C:\Users\Aidan\My Documents\My Games2013-05-08 16:43 - 2010-07-17 12:02 - 00000000 ____D C:\Users\Aidan\Documents\My Games2013-05-08 16:41 - 2010-03-18 20:13 - 00425053 ____A C:\Windows\DirectX.log2013-05-07 22:52 - 2013-05-07 22:52 - 00000221 ____A C:\Users\Aidan\Desktop\CrimeCraft GangWars.url2013-05-06 22:27 - 2013-04-21 20:24 - 00000000 ____D C:\Users\Aidan\Local Settings\WiseConvert_B2013-05-06 22:27 - 2013-04-21 20:24 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\WiseConvert_B2013-05-06 22:27 - 2013-04-21 20:24 - 00000000 ____D C:\Users\Aidan\AppData\Local\WiseConvert_B2013-05-06 22:27 - 2013-04-02 18:27 - 00000000 ____D C:\Program Files (x86)\WiseConvert_B2013-05-06 22:26 - 2013-04-28 15:51 - 00000000 ____D C:\Users\Aidan\Application Data\holasearch2013-05-06 22:26 - 2013-04-28 15:51 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\holasearch2013-05-05 21:42 - 2013-05-05 21:42 - 00000222 ____A C:\Users\Aidan\Desktop\MicroVolts.url2013-05-04 12:03 - 2013-04-28 11:01 - 00000000 ____D C:\Users\Aidan\Desktop\Swrver2013-05-02 17:29 - 2010-05-23 10:02 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe2013-05-01 17:49 - 2013-05-01 17:39 - 00000000 ____D C:\Program Files\My Dell2013-05-01 17:49 - 2011-05-25 11:03 - 00000000 ____D C:\Program Files\Dell Support Center2013-05-01 17:39 - 2010-03-18 20:09 - 00000000 ____D C:\ProgramData\PCDr2013-05-01 17:39 - 2010-03-18 20:09 - 00000000 ____D C:\ProgramData\Application Data\PCDr2013-05-01 16:30 - 2013-04-28 15:51 - 00000284 ____A C:\Windows\Tasks\PC Performer_UPDATES.job2013-04-29 09:00 - 2013-04-19 20:53 - 00000000 ____D C:\ProgramData\BrowserProtect2013-04-29 09:00 - 2013-04-19 20:53 - 00000000 ____D C:\ProgramData\Application Data\BrowserProtect2013-04-29 09:00 - 2010-03-19 03:57 - 00744322 ____A C:\Windows\PFRO.log2013-04-28 23:14 - 2009-07-14 04:34 - 00000545 ____A C:\Windows\win.ini2013-04-28 23:13 - 2012-12-22 18:28 - 00000000 ___HD C:\Windows\msdownld.tmp2013-04-28 19:43 - 2013-02-23 20:34 - 00000000 ____D C:\Users\Aidan\Local Settings\FileTypeAssistant2013-04-28 19:43 - 2013-02-23 20:34 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\FileTypeAssistant2013-04-28 19:43 - 2013-02-23 20:34 - 00000000 ____D C:\Users\Aidan\AppData\Local\FileTypeAssistant2013-04-28 15:51 - 2013-04-28 15:51 - 00001016 ____A C:\Users\Public\Desktop\PC Performer.lnk2013-04-28 15:51 - 2013-04-28 15:51 - 00001016 ____A C:\ProgramData\Desktop\PC Performer.lnk2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\Users\Aidan\Application Data\PerformerSoft2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\Users\Aidan\Application Data\BabSolution2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\PerformerSoft2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\BabSolution2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\ProgramData\IBUpdaterService2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\ProgramData\Application Data\IBUpdaterService2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\Program Files (x86)\PC Performer2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\Program Files (x86)\holasearch2013-04-28 15:50 - 2013-04-28 15:50 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi2013-04-28 15:49 - 2013-04-28 15:49 - 04295168 ____A C:\Users\Aidan\Desktop\hamachi.msi2013-04-28 15:49 - 2013-04-28 15:49 - 00592120 ____A () C:\Users\Aidan\Desktop\pcpholasetup.exe2013-04-28 15:49 - 2013-04-28 15:49 - 00392512 ____A (Softonic                                        ) C:\Users\Aidan\Desktop\SoftonicDownloader_for_hamachi.exe2013-04-28 11:02 - 2013-04-28 11:01 - 02541261 ____A C:\Users\Aidan\Downloads\Minecraft_Server.exe2013-04-27 23:35 - 2013-04-28 09:57 - 00001556 ____A C:\Users\Aidan\Desktop\Minecraft.lnk2013-04-27 22:19 - 2013-04-27 22:19 - 00000066 ____A C:\Users\Aidan\Downloads\createProfile51ab18872013-04-27 22:19 - 2013-04-27 22:19 - 00000017 ____A C:\Users\Aidan\Downloads\checkProfileName2013-04-27 21:53 - 2013-04-27 21:53 - 00000089 ____A C:\Users\Aidan\Downloads\register9fc074f72013-04-27 17:15 - 2010-05-02 20:02 - 00000000 ___RD C:\Program Files (x86)\Skype2013-04-27 17:15 - 2010-05-02 20:02 - 00000000 ____D C:\ProgramData\Skype2013-04-27 17:15 - 2010-05-02 20:02 - 00000000 ____D C:\ProgramData\Application Data\Skype2013-04-27 17:15 - 2010-03-18 20:11 - 00000000 ____D C:\Program Files (x86)\Windows Live2013-04-27 11:11 - 2013-04-26 21:10 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{AF92D7A6-C5B2-45CD-BD39-7197F1065163}2013-04-27 11:11 - 2013-04-26 21:10 - 00000000 ____D C:\Users\Aidan\Local Settings\{AF92D7A6-C5B2-45CD-BD39-7197F1065163}2013-04-27 11:11 - 2013-04-26 21:10 - 00000000 ____D C:\Users\Aidan\AppData\Local\{AF92D7A6-C5B2-45CD-BD39-7197F1065163}2013-04-26 21:09 - 2010-05-01 18:51 - 00000000 ____D C:\Users\Aidan\Tracing2013-04-25 20:32 - 2013-04-25 20:32 - 00000222 ____A C:\Users\Aidan\Desktop\District 187.url2013-04-25 17:39 - 2013-04-25 17:39 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{49409519-B1B4-4A2E-9B63-479C288DD581}2013-04-25 17:39 - 2013-04-25 17:39 - 00000000 ____D C:\Users\Aidan\Local Settings\{49409519-B1B4-4A2E-9B63-479C288DD581}2013-04-25 17:39 - 2013-04-25 17:39 - 00000000 ____D C:\Users\Aidan\AppData\Local\{49409519-B1B4-4A2E-9B63-479C288DD581}2013-04-24 20:45 - 2013-04-24 20:45 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{38E6F073-6BF0-4096-9687-88FBE6E031F5}2013-04-24 20:45 - 2013-04-24 20:45 - 00000000 ____D C:\Users\Aidan\Local Settings\{38E6F073-6BF0-4096-9687-88FBE6E031F5}2013-04-24 20:45 - 2013-04-24 20:45 - 00000000 ____D C:\Users\Aidan\AppData\Local\{38E6F073-6BF0-4096-9687-88FBE6E031F5}2013-04-23 17:44 - 2013-04-23 17:43 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{96716AE2-3223-461D-8BCA-261B5594DD9B}2013-04-23 17:44 - 2013-04-23 17:43 - 00000000 ____D C:\Users\Aidan\Local Settings\{96716AE2-3223-461D-8BCA-261B5594DD9B}2013-04-23 17:44 - 2013-04-23 17:43 - 00000000 ____D C:\Users\Aidan\AppData\Local\{96716AE2-3223-461D-8BCA-261B5594DD9B}2013-04-22 03:33 - 2011-03-05 03:30 - 00000410 ___AH C:\Windows\Tasks\Norton Security Scan for Aidan.job2013-04-21 20:24 - 2013-04-21 20:24 - 00000000 ____D C:\Users\Aidan\Application Data\mixidj2013-04-21 20:24 - 2013-04-21 20:24 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\mixidj2013-04-20 20:21 - 2013-04-20 20:21 - 00000000 ____D C:\Users\Aidan\Local Settings\Doctor Entertainment AB2013-04-20 20:21 - 2013-04-20 20:21 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\Doctor Entertainment AB2013-04-20 20:21 - 2013-04-20 20:21 - 00000000 ____D C:\Users\Aidan\AppData\Local\Doctor Entertainment AB2013-04-20 10:57 - 2013-04-20 10:56 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{48467D8C-7D89-4815-813D-4A215316D0C9}2013-04-20 10:57 - 2013-04-20 10:56 - 00000000 ____D C:\Users\Aidan\Local Settings\{48467D8C-7D89-4815-813D-4A215316D0C9}2013-04-20 10:57 - 2013-04-20 10:56 - 00000000 ____D C:\Users\Aidan\AppData\Local\{48467D8C-7D89-4815-813D-4A215316D0C9}2013-04-19 21:01 - 2013-04-19 20:53 - 00000000 ____D C:\Program Files (x86)\Free Ride Games2013-04-19 21:01 - 2010-05-09 20:38 - 00000000 ____D C:\Users\Aidan\Application Data\Apple Computer2013-04-19 21:01 - 2010-05-09 20:38 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\Apple Computer2013-04-19 20:53 - 2013-04-19 20:53 - 00000000 ____D C:\Users\Aidan\Application Data\CRMixiDJTB2013-04-19 20:53 - 2013-04-19 20:53 - 00000000 ____D C:\Users\Aidan\AppData\Roaming\CRMixiDJTB2013-04-19 20:53 - 2013-04-19 20:53 - 00000000 ____D C:\ProgramData\Free Ride Games2013-04-19 20:53 - 2013-04-19 20:53 - 00000000 ____D C:\ProgramData\Application Data\Free Ride Games2013-04-19 20:53 - 2013-04-19 20:53 - 00000000 ____D C:\Program Files (x86)\mixidj2013-04-19 20:53 - 2013-02-23 20:32 - 00000064 ____A C:\Windows\GPlrLanc.dat2013-04-19 20:52 - 2013-04-19 20:52 - 00000000 ____D C:\Program Files (x86)\PricePeep2013-04-19 20:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF2013-04-19 20:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Resources2013-04-19 18:09 - 2013-03-23 19:14 - 00001175 ____A C:\Users\Aidan\Desktop\ROBLOX Studio 2013.lnk2013-04-19 16:51 - 2013-04-19 16:51 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{711A607A-39DC-40E2-AD36-987378A13612}2013-04-19 16:51 - 2013-04-19 16:51 - 00000000 ____D C:\Users\Aidan\Local Settings\{711A607A-39DC-40E2-AD36-987378A13612}2013-04-19 16:51 - 2013-04-19 16:51 - 00000000 ____D C:\Users\Aidan\AppData\Local\{711A607A-39DC-40E2-AD36-987378A13612}2013-04-18 18:30 - 2013-04-18 18:30 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{B05F6936-EE62-4338-87CF-C78C92F4FD39}2013-04-18 18:30 - 2013-04-18 18:30 - 00000000 ____D C:\Users\Aidan\Local Settings\{B05F6936-EE62-4338-87CF-C78C92F4FD39}2013-04-18 18:30 - 2013-04-18 18:30 - 00000000 ____D C:\Users\Aidan\AppData\Local\{B05F6936-EE62-4338-87CF-C78C92F4FD39}2013-04-17 17:56 - 2013-04-17 17:56 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{4F5C836F-7BF0-4837-B6D5-16EABDC0A6D8}2013-04-17 17:56 - 2013-04-17 17:56 - 00000000 ____D C:\Users\Aidan\Local Settings\{4F5C836F-7BF0-4837-B6D5-16EABDC0A6D8}2013-04-17 17:56 - 2013-04-17 17:56 - 00000000 ____D C:\Users\Aidan\AppData\Local\{4F5C836F-7BF0-4837-B6D5-16EABDC0A6D8}2013-04-16 18:34 - 2013-04-16 18:34 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{D7D28AE2-47F3-4330-812B-1AC59FE7569A}2013-04-16 18:34 - 2013-04-16 18:34 - 00000000 ____D C:\Users\Aidan\Local Settings\{D7D28AE2-47F3-4330-812B-1AC59FE7569A}2013-04-16 18:34 - 2013-04-16 18:34 - 00000000 ____D C:\Users\Aidan\AppData\Local\{D7D28AE2-47F3-4330-812B-1AC59FE7569A}2013-04-15 18:35 - 2013-04-15 18:34 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{F6B69632-3834-4F8C-8E6E-E02351E81C83}2013-04-15 18:35 - 2013-04-15 18:34 - 00000000 ____D C:\Users\Aidan\Local Settings\{F6B69632-3834-4F8C-8E6E-E02351E81C83}2013-04-15 18:35 - 2013-04-15 18:34 - 00000000 ____D C:\Users\Aidan\AppData\Local\{F6B69632-3834-4F8C-8E6E-E02351E81C83}2013-04-14 22:09 - 2013-01-30 21:52 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe2013-04-14 22:09 - 2012-07-08 18:19 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.xtr2013-04-14 22:09 - 2011-12-15 18:26 - 00281520 ____A C:\Windows\SysWOW64\PnkBstrB.ex02013-04-14 11:24 - 2013-04-14 11:23 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{58DCC829-4668-454F-AF2D-4F78B52BC9DF}2013-04-14 11:24 - 2013-04-14 11:23 - 00000000 ____D C:\Users\Aidan\Local Settings\{58DCC829-4668-454F-AF2D-4F78B52BC9DF}2013-04-14 11:24 - 2013-04-14 11:23 - 00000000 ____D C:\Users\Aidan\AppData\Local\{58DCC829-4668-454F-AF2D-4F78B52BC9DF}2013-04-13 22:53 - 2013-04-13 22:53 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{5E766E57-5CB9-4992-97F7-D918E528EFF4}2013-04-13 22:53 - 2013-04-13 22:53 - 00000000 ____D C:\Users\Aidan\Local Settings\{5E766E57-5CB9-4992-97F7-D918E528EFF4}2013-04-13 22:53 - 2013-04-13 22:53 - 00000000 ____D C:\Users\Aidan\AppData\Local\{5E766E57-5CB9-4992-97F7-D918E528EFF4}2013-04-13 10:53 - 2013-04-13 10:52 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{F1371623-85A7-45C1-BEDA-531B26B715A5}2013-04-13 10:53 - 2013-04-13 10:52 - 00000000 ____D C:\Users\Aidan\Local Settings\{F1371623-85A7-45C1-BEDA-531B26B715A5}2013-04-13 10:53 - 2013-04-13 10:52 - 00000000 ____D C:\Users\Aidan\AppData\Local\{F1371623-85A7-45C1-BEDA-531B26B715A5}2013-04-12 16:45 - 2013-04-24 20:50 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys2013-04-12 00:12 - 2013-04-12 00:12 - 00000000 ____D C:\Users\Aidan\Local Settings\Application Data\{6ED11928-1EBB-450E-B100-1A2AE2D3179D}2013-04-12 00:12 - 2013-04-12 00:12 - 00000000 ____D C:\Users\Aidan\Local Settings\{6ED11928-1EBB-450E-B100-1A2AE2D3179D}2013-04-12 00:12 - 2013-04-12 00:12 - 00000000 ____D C:\Users\Aidan\AppData\Local\{6ED11928-1EBB-450E-B100-1A2AE2D3179D}Other Malware:===========C:\Users\Aidan\APB_Reloaded_Installer.exeC:\Users\Aidan\gotomypc_626.exeC:\ProgramData\ezsidmv.dat==================== Known DLLs (Whitelisted) ==================================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points  =========================Restore point made on: 2013-05-03 09:15:50Restore point made on: 2013-05-05 20:01:37Restore point made on: 2013-05-06 11:50:36Restore point made on: 2013-05-08 16:39:39Restore point made on: 2013-05-08 16:42:23Restore point made on: 2013-05-10 16:53:42==================== Memory info =========================== Percentage of memory in use: 11%Total physical RAM: 6103.08 MBAvailable physical RAM: 5381.96 MBTotal Pagefile: 6101.23 MBAvailable Pagefile: 5369.57 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.88 MB==================== Drives ================================Drive c: (OS) (Fixed) (Total:921.79 GB) (Free:209.68 GB) NTFS (Disk=0 Partition=3)Drive i: () (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT (Disk=1 Partition=1)Drive j: (RECOVERY) (Fixed) (Total:9.61 GB) (Free:4.35 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 30000000)Partition 1: (Not Active) - (Size=118 MB) - (Type=DE)Partition 2: (Active) - (Size=10 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=922 GB) - (Type=07 NTFS)========================================================Disk: 1 (Size: 246 MB) (Disk ID: 00000000)Partition 1: (Active) - (Size=245 MB) - (Type=06)Last Boot: 2012-08-11 22:23==================== End Of Log ============================</blockquote>

Verification

Top