Reply to thread

Message: <blockquote data-quote="bravebird" data-source="post: 125453" data-attributes="member: 9121">log from scanScan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-06-2013Ran by SYSTEM on 20-06-2013 19:50:56Running from F:\Windows Vista (TM) Home Premium (X86) OS Language: English(US)Internet Explorer Version 9Boot Mode: RecoveryThe current controlset is ControlSet004ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-01-18] (Synaptics, Inc.)HKLM\...\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [634880 2007-01-17] (Motorola Inc.)HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2007-10-24] (Intel Corporation)HKLM\...\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" [218408 2007-08-16] (CyberLink Corp.)HKLM\...\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)HKLM\...\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-09-13] (Hewlett-Packard Development Company, L.P.)HKLM\...\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [311296 2007-01-08] (Hewlett-Packard Development Company, L.P.)HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [ 2007-10-01] (Hewlett-Packard)HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [ 2007-10-01] (Hewlett-Packard)HKU\OfficeMax\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-20] (Microsoft Corporation)HKU\OfficeMax\...\Run: [F.lux] "C:\Users\OfficeMax\Local Settings\Apps\F.lux\flux.exe" /noshow [ 2009-08-28] ()========================== Services (Whitelisted) =================S2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2008-11-07] (Apple Inc.)S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.)S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard)S2 mfevtp; C:\Windows\system32\mfevtps.exe [166320 2012-07-17] (McAfee, Inc.)S2 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [271760 2007-12-19] ()S2 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [112016 2007-12-19] ()S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()S3 Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [1251720 2009-01-04] ()S4 UEBZ; C:\Users\OFFICE~1\AppData\Local\Temp\UEBZ.exe [x]==================== Drivers (Whitelisted) ====================S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2008-01-20] (Microsoft Corporation)S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [31560 2013-06-19] ()S4 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [127992 2012-07-17] (McAfee, Inc.)S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [554048 2012-07-17] (McAfee, Inc.)S1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [206784 2012-07-17] (McAfee, Inc.)S1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [101112 2012-05-25] (GFI Software)S4 A2DDA; \??\F:\EmsisoftEmergencyKit\Run\a2ddax86.sys [x]S4 catchme; \??\C:\Users\OFFICE~1\AppData\Local\Temp\catchme.sys [x]S4 COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys [x]S4 CO_Mon; \??\C:\Windows\system32\drivers\CO_Mon.sys [x]S1 eabfiltr; S4 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [x]S4 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]S4 IDSvix86; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090217.004\IDSvix86.sys [x]S4 IpInIp; system32\DRIVERS\ipinip.sys [x]S4 MpKsl3539e50a; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E65AD0FB-B77D-47EA-B867-4BB6ED644CD5}\MpKsl3539e50a.sys [x]S4 MpKsl546e8a23; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F17E6CC9-177C-42B6-922C-E607BD01FE85}\MpKsl546e8a23.sys [x]S4 MpKsl6430cb37; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B2A6845F-A566-4C54-8DF8-7B75FFCCE511}\MpKsl6430cb37.sys [x]S4 MpKsl7ee4e834; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B2A6845F-A566-4C54-8DF8-7B75FFCCE511}\MpKsl7ee4e834.sys [x]S4 MpKsl8adbd91b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{43900AF4-7886-4B5D-83D4-14E77764DA65}\MpKsl8adbd91b.sys [x]S4 MpKsla944542e; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{56FF3638-EEF9-4A79-A64E-2825324F5A73}\MpKsla944542e.sys [x]S4 MpKsld0dcd759; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7328A9AA-F1E4-4103-BDCB-3C82A17A8BAA}\MpKsld0dcd759.sys [x]S4 MpKsldcfe8f12; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC112CF5-CDBF-44A3-BF92-6D576069C4ED}\MpKsldcfe8f12.sys [x]S4 MpNWMon; system32\DRIVERS\MpNWMon.sys [x]S4 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090223.048\NAVENG.SYS [x]S4 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090223.048\NAVEX15.SYS [x]S4 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]S4 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]S4 SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [x]S4 SRTSP; System32\Drivers\SRTSP.SYS [x]S4 SRTSPL; System32\Drivers\SRTSPL.SYS [x]S4 SRTSPX; System32\Drivers\SRTSPX.SYS [x]S4 SYMDNS; \SystemRoot\System32\Drivers\SYMDNS.SYS [x]S4 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [x]S4 SYMFW; \SystemRoot\System32\Drivers\SYMFW.SYS [x]S4 SymIM; system32\DRIVERS\SymIMv.sys [x]S4 SymIMMP; system32\DRIVERS\SymIM.sys [x]S4 SYMNDISV; \SystemRoot\System32\Drivers\SYMNDISV.SYS [x]S4 SYMREDRV; \SystemRoot\System32\Drivers\SYMREDRV.SYS [x]S4 SYMTDI; \SystemRoot\System32\Drivers\SYMTDI.SYS [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-06-20 18:34 - 2013-06-20 18:34 - 00000000 ____D C:\FRST2013-06-20 18:32 - 2013-06-20 18:33 - 01368343 ____A (Farbar) C:\Users\OfficeMax\Downloads\FRST.exe2013-06-20 14:51 - 2013-06-20 14:51 - 00017380 ____A C:\ComboFix.txt2013-06-20 10:30 - 2013-06-20 10:31 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\OfficeMax\Downloads\adeles.exe2013-06-19 12:58 - 2013-06-19 12:58 - 00658624 ____A (Sysinternals - www.sysinternals.com) C:\Users\OfficeMax\Downloads\autoruns.exe2013-06-19 10:59 - 2013-06-19 10:59 - 00004272 ____A C:\Users\OfficeMax\Downloads\HitmanPro.txt2013-06-19 09:14 - 2013-06-19 09:14 - 00000000 ____D C:\Program Files\ESET2013-06-19 09:04 - 2013-06-19 09:04 - 00000649 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-06-19 09:04 - 2013-06-19 09:04 - 00000649 ____A C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk2013-06-19 09:04 - 2013-04-04 13:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys2013-06-19 09:01 - 2013-06-19 09:01 - 00031560 ____A C:\Windows\System32\Drivers\mbamchameleon.sys2013-06-19 08:46 - 2013-06-19 08:46 - 00001852 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk2013-06-19 08:46 - 2013-06-19 08:46 - 00001852 ____A C:\ProgramData\Desktop\Adobe Reader X.lnk2013-06-19 08:45 - 2013-06-19 08:45 - 00000000 ____D C:\Program Files\Common Files\Adobe2013-06-19 08:26 - 2013-06-19 08:42 - 50844096 ____A (Adobe Systems Incorporated) C:\Users\OfficeMax\Downloads\AdbeRdr1014_en_US.exe2013-06-19 08:20 - 2013-06-19 08:21 - 02347384 ____A (ESET) C:\Users\OfficeMax\Downloads\esetsmartinstaller_enu(1).exe2013-06-19 07:55 - 2013-06-19 07:55 - 00003584 ____A C:\Users\OfficeMax\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-06-19 07:55 - 2013-06-19 07:55 - 00003584 ____A C:\Users\OfficeMax\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-06-19 07:55 - 2013-06-19 07:55 - 00003584 ____A C:\Users\OfficeMax\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-06-19 06:23 - 2013-06-20 18:28 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2013-06-19 06:23 - 2013-06-19 06:23 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe2013-06-19 06:23 - 2013-06-19 06:23 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl2013-06-19 06:15 - 2013-06-19 06:15 - 00814472 ____A (Adobe Systems Incorporated) C:\Users\OfficeMax\Downloads\uninstall_flash_player.exe2013-06-18 17:13 - 2013-06-18 17:13 - 00000000 ____D C:\ProgramData\Kaspersky Lab2013-06-18 17:13 - 2013-06-18 17:13 - 00000000 ____D C:\ProgramData\Application Data\Kaspersky Lab2013-06-18 07:55 - 2013-06-19 10:58 - 00004272 ____A C:\Users\OfficeMax\Downloads\HitmanPro_20130618_0855.log2013-06-18 07:55 - 2013-06-18 07:55 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe2013-06-17 18:46 - 2013-06-19 09:04 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2013-06-17 18:39 - 2013-06-17 18:41 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\OfficeMax\Downloads\mbam-setup-1.75.0.1300(1).exe2013-06-17 18:09 - 2013-06-17 18:09 - 00000000 ____D C:\Users\OfficeMax\Downloads\mbar-1.06.0.10032013-06-17 17:58 - 2013-06-17 18:07 - 13169742 ____A C:\Users\OfficeMax\Downloads\mbar-1.06.0.1003.zip2013-06-17 17:53 - 2013-06-17 17:53 - 00033211 ____A C:\Users\OfficeMax\Desktop\JRT.txt2013-06-17 17:51 - 2013-06-17 17:51 - 00000000 ____D C:\Windows\ERUNT2013-06-17 17:51 - 2013-06-17 17:51 - 00000000 ____D C:\JRT2013-06-17 17:50 - 2013-06-17 17:50 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\OfficeMax\Downloads\JRT.exe2013-06-17 17:44 - 2013-06-17 17:45 - 00003607 ____A C:\AdwCleaner[S1].txt2013-06-17 17:42 - 2013-06-17 17:43 - 00648201 ____A C:\Users\OfficeMax\Downloads\adwcleaner.exe2013-06-17 17:34 - 2013-06-17 17:35 - 00011234 ____A C:\Users\OfficeMax\Downloads\new otl.log2013-06-17 17:28 - 2013-06-17 17:28 - 00000000 ____D C:\_OTL2013-06-17 08:15 - 2013-06-17 08:15 - 00000000 ____D C:\Users\OfficeMax\Local Settings\Macromedia2013-06-17 08:15 - 2013-06-17 08:15 - 00000000 ____D C:\Users\OfficeMax\Local Settings\Application Data\Macromedia2013-06-17 08:15 - 2013-06-17 08:15 - 00000000 ____D C:\Users\OfficeMax\AppData\Local\Macromedia2013-06-17 07:47 - 2013-06-17 07:47 - 00000000 ____D C:\Program Files\Common Files\Java2013-06-17 07:42 - 2013-06-17 07:42 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll2013-06-17 07:42 - 2013-06-17 07:41 - 00866720 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll2013-06-17 07:42 - 2013-06-17 07:41 - 00263584 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe2013-06-17 07:42 - 2013-06-17 07:41 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe2013-06-17 07:42 - 2013-06-17 07:41 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe2013-06-17 06:36 - 2013-06-17 06:36 - 00063460 ____A C:\Users\OfficeMax\Downloads\Extras.Txt2013-06-17 06:33 - 2013-06-17 06:33 - 00106512 ____A C:\Users\OfficeMax\Downloads\OTL.Txt2013-06-17 06:22 - 2013-06-17 06:22 - 00602112 ____A (OldTimer Tools) C:\Users\OfficeMax\Downloads\OTL.exe2013-06-17 06:01 - 2013-05-02 14:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe2013-06-17 06:01 - 2013-05-02 14:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe2013-06-17 03:17 - 2013-05-16 15:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-06-17 03:17 - 2013-05-16 14:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-06-17 03:17 - 2013-05-16 14:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-06-17 03:17 - 2013-05-16 14:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-06-17 03:17 - 2013-05-16 14:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-06-17 03:17 - 2013-05-16 14:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2013-06-17 03:17 - 2013-05-16 14:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2013-06-17 03:17 - 2013-05-16 14:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-06-17 03:17 - 2013-05-16 14:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-06-17 03:17 - 2013-05-16 14:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2013-06-17 03:17 - 2013-05-16 14:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll2013-06-17 03:17 - 2013-05-16 14:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-06-17 03:17 - 2013-05-16 14:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-06-17 03:17 - 2013-05-16 14:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-06-17 03:17 - 2013-05-16 14:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-06-17 03:17 - 2013-05-16 14:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-06-17 02:05 - 2013-06-17 02:05 - 00000000 ___RD C:\Program Files\Skype2013-06-17 02:05 - 2013-06-17 02:05 - 00000000 ____D C:\Program Files\Common Files\Skype2013-06-17 02:02 - 2012-07-25 19:39 - 00526952 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys2013-06-17 02:02 - 2012-07-25 19:39 - 00047720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys2013-06-17 02:02 - 2012-07-25 19:21 - 00196608 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe2013-06-17 02:02 - 2012-07-25 19:20 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll2013-06-17 02:02 - 2012-07-25 19:20 - 00172032 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll2013-06-17 02:02 - 2012-07-25 19:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll2013-06-17 02:02 - 2012-07-25 19:20 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll2013-06-17 02:02 - 2012-07-25 18:46 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll2013-06-17 02:02 - 2012-07-25 18:33 - 00066560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys2013-06-17 02:02 - 2012-07-25 18:32 - 00155136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys2013-06-17 02:02 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf2013-06-17 02:02 - 2012-06-02 06:34 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf2013-06-17 02:02 - 2009-07-14 04:12 - 00016896 ____A (Microsoft Corporation) C:\Windows\System32\winusb.dll2013-06-16 21:09 - 2013-06-16 21:38 - 01985898 ____A (Mozilla) C:\Users\OfficeMax\Downloads\Firefox Setup 21.0.exe.part2013-06-16 20:46 - 2013-06-17 07:41 - 00000000 ____D C:\Program Files\Mozilla Firefox2013-06-16 20:20 - 2013-06-16 20:20 - 00001596 ____A C:\Users\OfficeMax\Desktop\aswMBR.txt2013-06-16 20:16 - 2013-06-16 20:18 - 04745728 ____A (AVAST Software) C:\Users\OfficeMax\Downloads\aswMBR.exe2013-06-16 18:44 - 2013-05-07 19:40 - 00914792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys2013-06-16 18:44 - 2013-05-07 17:58 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys2013-06-16 18:21 - 2013-04-08 17:36 - 02049024 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys2013-06-16 18:12 - 2012-09-25 08:19 - 00075776 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll2013-06-16 18:10 - 2013-06-16 18:10 - 00001692 ____A C:\Users\Public\Desktop\HitmanPro.lnk2013-06-16 18:10 - 2013-06-16 18:10 - 00001692 ____A C:\ProgramData\Desktop\HitmanPro.lnk2013-06-16 18:09 - 2013-06-16 18:10 - 00000000 ____D C:\Program Files\HitmanPro2013-06-16 18:08 - 2013-06-18 07:55 - 00000000 ____D C:\ProgramData\HitmanPro2013-06-16 18:08 - 2013-06-18 07:55 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro2013-06-16 18:02 - 2013-02-11 17:57 - 00015872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys2013-06-16 17:56 - 2013-03-08 19:45 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll2013-06-16 17:56 - 2013-03-08 17:28 - 00064000 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe2013-06-16 17:53 - 2013-06-16 18:00 - 09171472 ____A (SurfRight B.V.) C:\Users\OfficeMax\Downloads\HitmanPro.exe2013-06-16 17:49 - 2013-04-15 06:20 - 00638328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys2013-06-16 17:49 - 2013-04-13 02:56 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll2013-06-16 17:49 - 2012-11-02 02:18 - 00376320 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll2013-06-16 17:49 - 2012-11-02 00:26 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\dpnsvr.exe2013-06-16 17:48 - 2012-11-19 20:22 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll2013-06-16 17:45 - 2013-03-03 11:07 - 01082232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys2013-06-16 17:45 - 2012-09-28 08:11 - 00892928 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll2013-06-16 17:44 - 2013-05-01 20:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll2013-06-16 17:44 - 2013-05-01 20:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll2013-06-16 17:44 - 2012-11-21 19:54 - 00353280 ____A (Microsoft Corporation) C:\Windows\System32\shlwapi.dll2013-06-16 17:44 - 2012-11-12 17:29 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll2013-06-16 17:44 - 2012-11-07 19:48 - 01314816 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll2013-06-16 17:44 - 2012-08-24 07:53 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll2013-06-16 17:41 - 2013-04-23 20:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll2013-06-16 17:41 - 2013-04-23 20:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll2013-06-16 17:41 - 2013-04-23 20:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll2013-06-16 17:41 - 2013-04-23 20:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll2013-06-16 17:41 - 2013-04-23 17:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe2013-06-16 17:40 - 2012-11-02 02:19 - 01400832 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll2013-06-16 17:34 - 2013-03-07 19:53 - 00376320 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll2013-06-16 17:34 - 2013-03-07 19:52 - 02067968 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll2013-06-16 17:26 - 2013-04-17 04:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll2013-06-16 17:25 - 2013-06-16 17:26 - 00001570 ____A C:\Users\OfficeMax\Desktop\Rkill.txt2013-06-16 16:53 - 2012-12-16 05:12 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll2013-06-16 16:53 - 2012-12-16 02:50 - 00293376 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll2013-06-16 15:53 - 2013-06-16 15:53 - 00001429 ____A C:\Users\OfficeMax\Desktop\RKreport[3]_S_06162013_165301.txt2013-06-16 15:05 - 2013-06-19 09:01 - 00000000 ____D C:\Users\OfficeMax\Downloads\mbam-chameleon-1.62.1.10002013-06-16 15:01 - 2013-06-16 15:04 - 01440846 ____A C:\Users\OfficeMax\Downloads\mbam-chameleon-1.62.1.1000.zip2013-06-16 14:49 - 2013-06-20 14:54 - 00002790 ____A C:\Windows\PFRO.log2013-06-16 14:43 - 2013-06-20 14:51 - 00000000 ____D C:\Qoobox2013-06-16 14:43 - 2013-06-16 16:41 - 00000000 ____D C:\Windows\erdnt2013-06-16 14:43 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe2013-06-16 14:43 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe2013-06-16 14:43 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe2013-06-16 14:43 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe2013-06-16 14:43 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe2013-06-16 14:43 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe2013-06-16 14:43 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe2013-06-16 14:43 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe2013-06-16 14:39 - 2013-06-16 14:39 - 00048966 ____A C:\Users\OfficeMax\Desktop\Remove Trojan ZeroAccess virus (Removal Guide).htm2013-06-16 14:34 - 2013-06-20 14:38 - 05081444 ____R (Swearware) C:\Users\OfficeMax\Downloads\ComboFix.exe2013-06-16 14:30 - 2013-06-16 15:49 - 00000000 ____D C:\Users\OfficeMax\Desktop\RK_Quarantine2013-06-16 14:29 - 2013-06-16 14:30 - 00907776 ____A C:\Users\OfficeMax\Downloads\RogueKiller.exe2013-06-16 14:24 - 2013-06-16 14:25 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\OfficeMax\Downloads\iexplore.exe.exe2013-06-16 13:43 - 2013-06-16 13:43 - 00688992 ____R (Swearware) C:\Users\OfficeMax\Downloads\dds.com2013-06-16 12:41 - 2013-06-16 12:41 - 00000000 ____D C:\Users\OfficeMax\Desktop\mbar-1.06.0.1003(1)2013-06-16 12:32 - 2013-06-16 12:32 - 00001333 ____A C:\Users\OfficeMax\Desktop\securitycheck text.txt2013-06-16 10:14 - 2013-06-20 18:42 - 01941593 ____A C:\Windows\WindowsUpdate.log2013-06-16 09:01 - 2013-06-16 09:01 - 00000000 _RASH C:\MSDOS.SYS2013-06-16 09:01 - 2013-06-16 09:01 - 00000000 _RASH C:\IO.SYS2013-06-16 08:06 - 2013-06-16 08:06 - 01553028 ____A C:\Users\OfficeMax\My Documents\cc_20130616_090607.reg2013-06-16 08:06 - 2013-06-16 08:06 - 01553028 ____A C:\Users\OfficeMax\Documents\cc_20130616_090607.reg2013-06-16 07:45 - 2013-06-16 07:50 - 04378864 ____A (Piriform Ltd) C:\Users\OfficeMax\Downloads\ccsetup402.exe2013-06-13 19:22 - 2013-06-13 19:22 - 00000000 ____D C:\found.0112013-06-13 15:27 - 2013-06-13 15:27 - 00000000 ____D C:\found.0102013-06-13 09:55 - 2013-06-13 09:55 - 00000000 ____D C:\366eab9c421c2d96fcef6e403a01ad2013-06-13 09:37 - 2013-06-13 09:37 - 00000000 ____D C:\Program Files\Windows Installer Clean Up2013-06-13 09:36 - 2013-06-13 09:36 - 00000000 ____D C:\Program Files\MSECACHE2013-06-12 19:06 - 2013-06-12 19:06 - 00000000 ____D C:\c84656d8fdf2402e9d2013-06-12 18:29 - 2013-06-12 18:32 - 11091432 ____A (Microsoft Corporation) C:\Users\OfficeMax\Desktop\mseinstall.exe2013-06-12 18:04 - 2013-06-12 18:05 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\OfficeMax\Desktop\rkill.exe2013-06-12 13:50 - 2013-06-12 13:50 - 00000000 ____D C:\found.0092013-06-12 13:07 - 2013-06-12 13:11 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\OfficeMax\Downloads\mbam-setup-1.75.0.1300.exe2013-06-12 12:13 - 2013-06-12 12:13 - 00000000 ____D C:\Users\OfficeMax\Application Data\Malwarebytes2013-06-12 12:13 - 2013-06-12 12:13 - 00000000 ____D C:\Users\OfficeMax\AppData\Roaming\Malwarebytes2013-06-12 12:06 - 2013-06-12 12:06 - 00000000 ____D C:\Quarantine2013-06-11 13:32 - 2013-06-11 13:32 - 00000000 ____A C:\Windows\System32\SBRC.dat2013-06-11 13:32 - 2012-05-25 12:14 - 00101112 ____A (GFI Software) C:\Windows\System32\Drivers\SBREDrv.sys2013-06-11 13:32 - 2012-05-25 12:14 - 00042864 ____A (GFI Software) C:\Windows\System32\sbbd.exe2013-06-08 21:06 - 2013-06-08 21:06 - 00000000 ____D C:\63f496ee69557e4f173fcefa2013-06-08 20:49 - 2013-06-08 20:49 - 00000000 ____D C:\f2ea61c736c459e4aad9232013-06-08 18:49 - 2013-06-08 18:49 - 00377856 ____A C:\Users\OfficeMax\Downloads\75te9mme.exe2013-06-08 17:55 - 2013-06-17 18:27 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-06-08 17:55 - 2013-06-17 18:27 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes' Anti-Malware (portable)2013-06-08 17:49 - 2013-06-08 17:49 - 00000000 ____D C:\ProgramData\Malwarebytes2013-06-08 17:49 - 2013-06-08 17:49 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes2013-06-08 17:49 - 2013-06-08 17:49 - 00000000 ____D C:\mbar-1.06.0.10032013-06-08 17:38 - 2013-06-08 17:47 - 13169742 ____A C:\mbar-1.06.0.1003.zip2013-06-08 05:11 - 2013-06-08 21:03 - 00000000 ____D C:\Windows\pss2013-05-25 10:09 - 2013-05-25 10:09 - 00001160 ____A C:\Users\OfficeMax\Downloads\ajax_price_update (2).cfm2013-05-25 10:09 - 2013-05-25 10:09 - 00001160 ____A C:\Users\OfficeMax\Downloads\ajax_price_update (1).cfm2013-05-23 15:50 - 2013-05-23 15:50 - 00001160 ____A C:\Users\OfficeMax\Downloads\ajax_price_update.cfm==================== One Month Modified Files and Folders ========2013-06-20 18:42 - 2013-06-16 10:14 - 01941593 ____A C:\Windows\WindowsUpdate.log2013-06-20 18:42 - 2006-11-02 05:01 - 00032576 ____A C:\Windows\Tasks\SCHEDLGU.TXT2013-06-20 18:42 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-06-20 18:42 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02013-06-20 18:42 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02013-06-20 18:34 - 2013-06-20 18:34 - 00000000 ____D C:\FRST2013-06-20 18:34 - 2006-11-02 02:33 - 00010096 ____A C:\Windows\System32\PerfStringBackup.INI2013-06-20 18:33 - 2013-06-20 18:32 - 01368343 ____A (Farbar) C:\Users\OfficeMax\Downloads\FRST.exe2013-06-20 18:28 - 2013-06-19 06:23 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2013-06-20 14:54 - 2013-06-16 14:49 - 00002790 ____A C:\Windows\PFRO.log2013-06-20 14:54 - 2010-08-29 12:06 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-894241628-2637172068-3778301761-1000UA.job2013-06-20 14:54 - 2010-08-29 12:06 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-894241628-2637172068-3778301761-1000Core.job2013-06-20 14:51 - 2013-06-20 14:51 - 00017380 ____A C:\ComboFix.txt2013-06-20 14:51 - 2013-06-16 14:43 - 00000000 ____D C:\Qoobox2013-06-20 14:49 - 2006-11-02 02:23 - 00000215 ____A C:\Windows\system.ini2013-06-20 14:38 - 2013-06-16 14:34 - 05081444 ____R (Swearware) C:\Users\OfficeMax\Downloads\ComboFix.exe2013-06-20 10:48 - 2012-03-02 12:00 - 00000000 ____D C:\TDSSKiller_Quarantine2013-06-20 10:31 - 2013-06-20 10:30 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\OfficeMax\Downloads\adeles.exe2013-06-19 15:24 - 2010-06-08 15:59 - 00000000 ____D C:\Users\OfficeMax\Application Data\Skype2013-06-19 15:24 - 2010-06-08 15:59 - 00000000 ____D C:\Users\OfficeMax\AppData\Roaming\Skype2013-06-19 12:58 - 2013-06-19 12:58 - 00658624 ____A (Sysinternals - www.sysinternals.com) C:\Users\OfficeMax\Downloads\autoruns.exe2013-06-19 10:59 - 2013-06-19 10:59 - 00004272 ____A C:\Users\OfficeMax\Downloads\HitmanPro.txt2013-06-19 10:58 - 2013-06-18 07:55 - 00004272 ____A C:\Users\OfficeMax\Downloads\HitmanPro_20130618_0855.log2013-06-19 09:14 - 2013-06-19 09:14 - 00000000 ____D C:\Program Files\ESET2013-06-19 09:04 - 2013-06-19 09:04 - 00000649 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-06-19 09:04 - 2013-06-19 09:04 - 00000649 ____A C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk2013-06-19 09:04 - 2013-06-17 18:46 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2013-06-19 09:01 - 2013-06-19 09:01 - 00031560 ____A C:\Windows\System32\Drivers\mbamchameleon.sys2013-06-19 09:01 - 2013-06-16 15:05 - 00000000 ____D C:\Users\OfficeMax\Downloads\mbam-chameleon-1.62.1.10002013-06-19 08:46 - 2013-06-19 08:46 - 00001852 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk2013-06-19 08:46 - 2013-06-19 08:46 - 00001852 ____A C:\ProgramData\Desktop\Adobe Reader X.lnk2013-06-19 08:45 - 2013-06-19 08:45 - 00000000 ____D C:\Program Files\Common Files\Adobe2013-06-19 08:45 - 2008-02-17 22:44 - 00000000 ____D C:\ProgramData\Application Data\Adobe2013-06-19 08:45 - 2008-02-17 22:44 - 00000000 ____D C:\ProgramData\Adobe2013-06-19 08:45 - 2008-02-17 22:44 - 00000000 ____D C:\Program Files\Adobe2013-06-19 08:42 - 2013-06-19 08:26 - 50844096 ____A (Adobe Systems Incorporated) C:\Users\OfficeMax\Downloads\AdbeRdr1014_en_US.exe2013-06-19 08:21 - 2013-06-19 08:20 - 02347384 ____A (ESET) C:\Users\OfficeMax\Downloads\esetsmartinstaller_enu(1).exe2013-06-19 08:10 - 2009-01-04 21:24 - 00000000 ____D C:\Users\OfficeMax\Local Settings\Application Data\Adobe2013-06-19 08:10 - 2009-01-04 21:24 - 00000000 ____D C:\Users\OfficeMax\Local Settings\Adobe2013-06-19 08:10 - 2009-01-04 21:24 - 00000000 ____D C:\Users\OfficeMax\AppData\Local\Adobe2013-06-19 07:55 - 2013-06-19 07:55 - 00003584 ____A C:\Users\OfficeMax\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-06-19 07:55 - 2013-06-19 07:55 - 00003584 ____A C:\Users\OfficeMax\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-06-19 07:55 - 2013-06-19 07:55 - 00003584 ____A C:\Users\OfficeMax\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-06-19 06:45 - 2011-12-27 15:32 - 00000000 ____D C:\Users\OfficeMax\Local Settings\CrashDumps2013-06-19 06:45 - 2011-12-27 15:32 - 00000000 ____D C:\Users\OfficeMax\Local Settings\Application Data\CrashDumps2013-06-19 06:45 - 2011-12-27 15:32 - 00000000 ____D C:\Users\OfficeMax\AppData\Local\CrashDumps2013-06-19 06:34 - 2008-02-17 21:42 - 00000000 ____D C:\Program Files\Hewlett-Packard2013-06-19 06:23 - 2013-06-19 06:23 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe2013-06-19 06:23 - 2013-06-19 06:23 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl2013-06-19 06:15 - 2013-06-19 06:15 - 00814472 ____A (Adobe Systems Incorporated) C:\Users\OfficeMax\Downloads\uninstall_flash_player.exe2013-06-18 17:13 - 2013-06-18 17:13 - 00000000 ____D C:\ProgramData\Kaspersky Lab2013-06-18 17:13 - 2013-06-18 17:13 - 00000000 ____D C:\ProgramData\Application Data\Kaspersky Lab2013-06-18 16:55 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET2013-06-18 15:57 - 2008-02-17 22:17 - 00000000 ____D C:\Program Files\Microsoft Office2013-06-18 07:55 - 2013-06-18 07:55 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe2013-06-18 07:55 - 2013-06-16 18:08 - 00000000 ____D C:\ProgramData\HitmanPro2013-06-18 07:55 - 2013-06-16 18:08 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro2013-06-17 18:41 - 2013-06-17 18:39 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\OfficeMax\Downloads\mbam-setup-1.75.0.1300(1).exe2013-06-17 18:27 - 2013-06-08 17:55 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-06-17 18:27 - 2013-06-08 17:55 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes' Anti-Malware (portable)2013-06-17 18:09 - 2013-06-17 18:09 - 00000000 ____D C:\Users\OfficeMax\Downloads\mbar-1.06.0.10032013-06-17 18:07 - 2013-06-17 17:58 - 13169742 ____A C:\Users\OfficeMax\Downloads\mbar-1.06.0.1003.zip2013-06-17 17:53 - 2013-06-17 17:53 - 00033211 ____A C:\Users\OfficeMax\Desktop\JRT.txt2013-06-17 17:51 - 2013-06-17 17:51 - 00000000 ____D C:\Windows\ERUNT2013-06-17 17:51 - 2013-06-17 17:51 - 00000000 ____D C:\JRT2013-06-17 17:50 - 2013-06-17 17:50 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\OfficeMax\Downloads\JRT.exe2013-06-17 17:45 - 2013-06-17 17:44 - 00003607 ____A C:\AdwCleaner[S1].txt2013-06-17 17:43 - 2013-06-17 17:42 - 00648201 ____A C:\Users\OfficeMax\Downloads\adwcleaner.exe2013-06-17 17:35 - 2013-06-17 17:34 - 00011234 ____A C:\Users\OfficeMax\Downloads\new otl.log2013-06-17 17:28 - 2013-06-17 17:28 - 00000000 ____D C:\_OTL2013-06-17 08:15 - 2013-06-17 08:15 - 00000000 ____D C:\Users\OfficeMax\Local Settings\Macromedia2013-06-17 08:15 - 2013-06-17 08:15 - 00000000 ____D C:\Users\OfficeMax\Local Settings\Application Data\Macromedia2013-06-17 08:15 - 2013-06-17 08:15 - 00000000 ____D C:\Users\OfficeMax\AppData\Local\Macromedia2013-06-17 07:47 - 2013-06-17 07:47 - 00000000 ____D C:\Program Files\Common Files\Java2013-06-17 07:42 - 2013-06-17 07:42 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll2013-06-17 07:41 - 2013-06-17 07:42 - 00866720 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll2013-06-17 07:41 - 2013-06-17 07:42 - 00263584 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe2013-06-17 07:41 - 2013-06-17 07:42 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe2013-06-17 07:41 - 2013-06-17 07:42 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe2013-06-17 07:41 - 2013-06-16 20:46 - 00000000 ____D C:\Program Files\Mozilla Firefox2013-06-17 07:41 - 2010-09-07 20:48 - 00788896 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll2013-06-17 07:41 - 2008-02-17 23:04 - 00000000 ____D C:\Program Files\Java2013-06-17 06:36 - 2013-06-17 06:36 - 00063460 ____A C:\Users\OfficeMax\Downloads\Extras.Txt2013-06-17 06:33 - 2013-06-17 06:33 - 00106512 ____A C:\Users\OfficeMax\Downloads\OTL.Txt2013-06-17 06:22 - 2013-06-17 06:22 - 00602112 ____A (OldTimer Tools) C:\Users\OfficeMax\Downloads\OTL.exe2013-06-17 04:15 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache2013-06-17 03:48 - 2006-11-02 04:47 - 00398000 ____A C:\Windows\System32\FNTCACHE.DAT2013-06-17 03:47 - 2011-01-12 16:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-06-17 03:46 - 2012-05-24 14:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service2013-06-17 03:28 - 2008-02-17 22:38 - 00000000 ____D C:\ProgramData\Microsoft Help2013-06-17 03:28 - 2008-02-17 22:38 - 00000000 ____D C:\ProgramData\Application Data\Microsoft Help2013-06-17 02:05 - 2013-06-17 02:05 - 00000000 ___RD C:\Program Files\Skype2013-06-17 02:05 - 2013-06-17 02:05 - 00000000 ____D C:\Program Files\Common Files\Skype2013-06-17 02:05 - 2011-07-24 21:27 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk2013-06-17 02:05 - 2011-07-24 21:27 - 00001878 ____A C:\ProgramData\Desktop\Skype.lnk2013-06-17 02:05 - 2009-01-21 19:08 - 00000000 ____D C:\ProgramData\Skype2013-06-17 02:05 - 2009-01-21 19:08 - 00000000 ____D C:\ProgramData\Application Data\Skype2013-06-17 02:02 - 2006-11-02 02:23 - 00000219 ____A C:\Windows\win.ini2013-06-16 21:38 - 2013-06-16 21:09 - 01985898 ____A (Mozilla) C:\Users\OfficeMax\Downloads\Firefox Setup 21.0.exe.part2013-06-16 20:20 - 2013-06-16 20:20 - 00001596 ____A C:\Users\OfficeMax\Desktop\aswMBR.txt2013-06-16 20:18 - 2013-06-16 20:16 - 04745728 ____A (AVAST Software) C:\Users\OfficeMax\Downloads\aswMBR.exe2013-06-16 18:10 - 2013-06-16 18:10 - 00001692 ____A C:\Users\Public\Desktop\HitmanPro.lnk2013-06-16 18:10 - 2013-06-16 18:10 - 00001692 ____A C:\ProgramData\Desktop\HitmanPro.lnk2013-06-16 18:10 - 2013-06-16 18:09 - 00000000 ____D C:\Program Files\HitmanPro2013-06-16 18:00 - 2013-06-16 17:53 - 09171472 ____A (SurfRight B.V.) C:\Users\OfficeMax\Downloads\HitmanPro.exe2013-06-16 17:26 - 2013-06-16 17:25 - 00001570 ____A C:\Users\OfficeMax\Desktop\Rkill.txt2013-06-16 17:06 - 2008-02-17 22:16 - 00000000 ____D C:\Program Files\Microsoft Works2013-06-16 16:44 - 2006-11-02 03:18 - 00000000 __RHD C:\users\Default2013-06-16 16:44 - 2006-11-02 03:18 - 00000000 ___RD C:\users\Public2013-06-16 16:41 - 2013-06-16 14:43 - 00000000 ____D C:\Windows\erdnt2013-06-16 16:34 - 2008-07-07 09:34 - 00000000 ____D C:\users\OfficeMax2013-06-16 15:53 - 2013-06-16 15:53 - 00001429 ____A C:\Users\OfficeMax\Desktop\RKreport[3]_S_06162013_165301.txt2013-06-16 15:49 - 2013-06-16 14:30 - 00000000 ____D C:\Users\OfficeMax\Desktop\RK_Quarantine2013-06-16 15:04 - 2013-06-16 15:01 - 01440846 ____A C:\Users\OfficeMax\Downloads\mbam-chameleon-1.62.1.1000.zip2013-06-16 14:39 - 2013-06-16 14:39 - 00048966 ____A C:\Users\OfficeMax\Desktop\Remove Trojan ZeroAccess virus (Removal Guide).htm2013-06-16 14:30 - 2013-06-16 14:29 - 00907776 ____A C:\Users\OfficeMax\Downloads\RogueKiller.exe2013-06-16 14:25 - 2013-06-16 14:24 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\OfficeMax\Downloads\iexplore.exe.exe2013-06-16 13:43 - 2013-06-16 13:43 - 00688992 ____R (Swearware) C:\Users\OfficeMax\Downloads\dds.com2013-06-16 12:41 - 2013-06-16 12:41 - 00000000 ____D C:\Users\OfficeMax\Desktop\mbar-1.06.0.1003(1)2013-06-16 12:32 - 2013-06-16 12:32 - 00001333 ____A C:\Users\OfficeMax\Desktop\securitycheck text.txt2013-06-16 10:25 - 2008-07-07 10:08 - 00109600 ____A C:\Users\OfficeMax\Local Settings\GDIPFONTCACHEV1.DAT2013-06-16 10:25 - 2008-07-07 10:08 - 00109600 ____A C:\Users\OfficeMax\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2013-06-16 10:25 - 2008-07-07 10:08 - 00109600 ____A C:\Users\OfficeMax\AppData\Local\GDIPFONTCACHEV1.DAT2013-06-16 09:01 - 2013-06-16 09:01 - 00000000 _RASH C:\MSDOS.SYS2013-06-16 09:01 - 2013-06-16 09:01 - 00000000 _RASH C:\IO.SYS2013-06-16 08:06 - 2013-06-16 08:06 - 01553028 ____A C:\Users\OfficeMax\My Documents\cc_20130616_090607.reg2013-06-16 08:06 - 2013-06-16 08:06 - 01553028 ____A C:\Users\OfficeMax\Documents\cc_20130616_090607.reg2013-06-16 08:02 - 2011-01-12 18:14 - 00000000 ____D C:\Users\OfficeMax\Tracing2013-06-16 08:01 - 2012-05-12 07:02 - 00000000 ____D C:\Windows\Minidump2013-06-16 08:01 - 2008-02-17 21:29 - 00000000 ____D C:\Windows\panther2013-06-16 07:50 - 2013-06-16 07:45 - 04378864 ____A (Piriform Ltd) C:\Users\OfficeMax\Downloads\ccsetup402.exe2013-06-14 13:13 - 2012-05-25 09:37 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.02013-06-13 19:22 - 2013-06-13 19:22 - 00000000 ____D C:\found.0112013-06-13 15:27 - 2013-06-13 15:27 - 00000000 ____D C:\found.0102013-06-13 10:16 - 2011-01-26 18:18 - 00001945 ____A C:\Windows\epplauncher.mif2013-06-13 09:55 - 2013-06-13 09:55 - 00000000 ____D C:\366eab9c421c2d96fcef6e403a01ad2013-06-13 09:37 - 2013-06-13 09:37 - 00000000 ____D C:\Program Files\Windows Installer Clean Up2013-06-13 09:36 - 2013-06-13 09:36 - 00000000 ____D C:\Program Files\MSECACHE2013-06-12 19:06 - 2013-06-12 19:06 - 00000000 ____D C:\c84656d8fdf2402e9d2013-06-12 18:32 - 2013-06-12 18:29 - 11091432 ____A (Microsoft Corporation) C:\Users\OfficeMax\Desktop\mseinstall.exe2013-06-12 18:05 - 2013-06-12 18:04 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\OfficeMax\Desktop\rkill.exe2013-06-12 13:50 - 2013-06-12 13:50 - 00000000 ____D C:\found.0092013-06-12 13:11 - 2013-06-12 13:07 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\OfficeMax\Downloads\mbam-setup-1.75.0.1300.exe2013-06-12 12:13 - 2013-06-12 12:13 - 00000000 ____D C:\Users\OfficeMax\Application Data\Malwarebytes2013-06-12 12:13 - 2013-06-12 12:13 - 00000000 ____D C:\Users\OfficeMax\AppData\Roaming\Malwarebytes2013-06-12 12:06 - 2013-06-12 12:06 - 00000000 ____D C:\Quarantine2013-06-12 06:04 - 2008-06-10 01:08 - 00000000 ____D C:\ProgramData\WildTangent2013-06-12 06:04 - 2008-06-10 01:08 - 00000000 ____D C:\ProgramData\Application Data\WildTangent2013-06-11 13:32 - 2013-06-11 13:32 - 00000000 ____A C:\Windows\System32\SBRC.dat2013-06-08 21:06 - 2013-06-08 21:06 - 00000000 ____D C:\63f496ee69557e4f173fcefa2013-06-08 21:03 - 2013-06-08 05:11 - 00000000 ____D C:\Windows\pss2013-06-08 20:49 - 2013-06-08 20:49 - 00000000 ____D C:\f2ea61c736c459e4aad9232013-06-08 18:49 - 2013-06-08 18:49 - 00377856 ____A C:\Users\OfficeMax\Downloads\75te9mme.exe2013-06-08 17:49 - 2013-06-08 17:49 - 00000000 ____D C:\ProgramData\Malwarebytes2013-06-08 17:49 - 2013-06-08 17:49 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes2013-06-08 17:49 - 2013-06-08 17:49 - 00000000 ____D C:\mbar-1.06.0.10032013-06-08 17:47 - 2013-06-08 17:38 - 13169742 ____A C:\mbar-1.06.0.1003.zip2013-06-08 17:15 - 2010-06-15 18:02 - 00000000 ____D C:\Users\OfficeMax\Local Settings\Yahoo2013-06-08 17:15 - 2010-06-15 18:02 - 00000000 ____D C:\Users\OfficeMax\Local Settings\Application Data\Yahoo2013-06-08 17:15 - 2010-06-15 18:02 - 00000000 ____D C:\Users\OfficeMax\AppData\Local\Yahoo2013-06-08 17:15 - 2008-07-07 09:41 - 00000000 ____D C:\Program Files\Yahoo!2013-06-08 17:14 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\twain_322013-06-08 17:12 - 2008-02-17 21:46 - 00000000 ___HD C:\Program Files\InstallShield Installation Information2013-06-07 21:32 - 2008-06-10 01:04 - 00000344 ____A C:\Users\Public\Documents\hpqp.ini2013-06-07 21:32 - 2008-06-10 01:04 - 00000344 ____A C:\ProgramData\Documents\hpqp.ini2013-06-03 16:43 - 2006-11-02 02:24 - 73393752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe2013-05-25 10:09 - 2013-05-25 10:09 - 00001160 ____A C:\Users\OfficeMax\Downloads\ajax_price_update (2).cfm2013-05-25 10:09 - 2013-05-25 10:09 - 00001160 ____A C:\Users\OfficeMax\Downloads\ajax_price_update (1).cfm2013-05-23 15:50 - 2013-05-23 15:50 - 00001160 ____A C:\Users\OfficeMax\Downloads\ajax_price_update.cfmFiles to move or delete:====================C:\Windows\Tasks\{22BC48D0-C7F8-477F-B8CE-C05108B69F1A}.job==================== Known DLLs (Whitelisted) ================================ Bamital & volsnap Check =================C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points  =========================Restore point made on: 2013-06-20 14:39:26==================== Memory info =========================== Percentage of memory in use: 17%Total physical RAM: 3061.81 MBAvailable physical RAM: 2514.59 MBTotal Pagefile: 2781.51 MBAvailable Pagefile: 2596.54 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1968.17 MB==================== Drives ================================Drive c: () (Fixed) (Total:221.19 GB) (Free:163.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (HP_RECOVERY) (Fixed) (Total:11.69 GB) (Free:2.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]Drive f: (BOOTCD_USB) (Removable) (Total:3.73 GB) (Free:3.51 GB) FAT32Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 233 GB) (Disk ID: DC596CAA)Partition 1: (Active) - (Size=221 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)========================================================Disk: 1 (Size: 4 GB) (Disk ID: 1169C6BC)Partition 1: (Active) - (Size=4 GB) - (Type=0B)LastRegBack: 2013-06-20 17:44==================== End Of Log ============================</blockquote>

Verification

Top