Inactive [A] Trojan Sirefef.Y help please

[Giacomo]

Hello, I encountered this forum and im loving it. Hope you can help me with this.
I got infected by Siferef.y and im running windows 7 64bit.
I just did the procedure with frst64 and this is my log :

Part 1

Scan result of Farbar Recovery Scan Tool Version: 20-06-2012
Ran by SYSTEM at 20-06-2012 10:46:30
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Italian Standard
The current controlset is ControlSet001

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [168216 2011-05-09] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-05-09] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-05-09] (Intel Corporation)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2588968 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11785832 2011-03-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [2189416 2011-03-08] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271552 2012-05-02] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [340336 2010-09-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [407920 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201584 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k [297280 2011-03-09] (NTI Corporation)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I [362200 2011-09-05] (facemoods.com)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [x]
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1104440 2012-06-12] ()
HKU\Jimmy\...\Run: [Google Update] "C:\Users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-09-15] (Google Inc.)
HKU\Jimmy\...\Run: [HW_OPENEYE_OUC_Chiavetta Internet E353 21.6] "C:\Program Files (x86)\Chiavetta Internet E353 21.6\UpdateDog\ouc.exe" [x]
HKU\Jimmy\...\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray [x]
HKU\Jimmy\...\Run: [TunesNINJA] C:\Users\Jimmy\AppData\Roaming\TunesNINJA\TunesNINJA.exe [184320 2012-05-10] (TunesNINJA)
HKU\Jimmy\...\Run: [eMuleAutoStart] C:\Program Files (x86)\eMule\emule.exe -AutoStart [5758976 2010-04-07] (http://www.emule-project.net)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{975AA791-2D0B-48C6-B230-CF19B4741896}: [NameServer]193.70.152.25 212.52.97.25
Tcpip\..\Interfaces\{98EB41B0-3935-46C0-B9A2-0AD6B223926D}: [NameServer]193.70.152.25 212.52.97.25

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-09-17] (SUPERAntiSpyware.com)
2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [352336 2011-03-14] (Dritek System Inc.)
3 EgisTec Ticket Service; "C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe" [172912 2010-09-27] (Egis Technology Inc. )
2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [872552 2011-05-10] (Acer Incorporated)
2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-25] (Acer Incorporated)
2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [244624 2011-01-31] (Acer Incorporated)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-05-02] (Microsoft Corporation)
3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2006-11-10] (Nero AG)
2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-03-09] (NTI Corporation)
2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3048136 2012-05-30] (Skype Technologies S.A.)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2011-02-01] (Intel Corporation)
2 vToolbarUpdater11.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [935480 2012-06-12] ()

========================== Drivers (Whitelisted) =============

1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-22] (AVG Technologies CZ, s.r.o.)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-18] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-21] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-30] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-18] (AVG Technologies CZ, s.r.o.)
3 b57xdbd; C:\Windows\System32\Drivers\b57xdbd.sys [67624 2011-01-20] (Broadcom Corporation)
3 b57xdmp; C:\Windows\System32\Drivers\b57xdmp.sys [19496 2011-01-20] (Broadcom Corporation)
3 bScsiMSa; C:\Windows\System32\Drivers\bScsiMSa.sys [52264 2011-01-19] (Broadcom Corporation)
3 bScsiSDa; C:\Windows\System32\Drivers\bScsiSDa.sys [85544 2011-01-13] (Broadcom Corporation)
3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [18432 2011-03-09] (NTI Corporation)
3 onda_lq_cdc_acm; C:\Windows\System32\Drivers\onda_lq_cdc_acm.sys [78848 2011-03-25] (Onda Communication S.p.A)
3 onda_lq_cdc_ecm; C:\Windows\System32\Drivers\onda_lq_cdc_ecm.sys [52736 2011-03-25] (Onda Communication S.p.A)
3 onda_lq_cpo; C:\Windows\System32\Drivers\onda_lq_cpo.sys [14336 2011-03-25] (Onda Communication S.p.A)
3 onda_lq_ecm_enum; C:\Windows\System32\Drivers\onda_lq_ecm_enum.sys [53248 2011-03-25] (Onda Communication S.p.A)
3 onda_lq_ecm_enum_filter; C:\Windows\System32\Drivers\onda_lq_ecm_enum_filter.sys [53248 2011-03-25] (Onda Communication S.p.A)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2011-09-19] (Duplex Secure Ltd.)
3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [17408 2011-03-09] (NTI Corporation)
3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [x]
3 ew_usbenumfilter; C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys [x]
3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [x]
3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [x]
3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [x]
3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [x]

 

[Giacomo]

Part 2

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-20 10:46 - 2012-06-20 10:46 - 00000000 ____D C:\FRST
2012-06-18 10:01 - 2012-06-19 07:47 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2012-06-18 06:46 - 2012-06-18 06:46 - 00001912 ____A C:\Windows\epplauncher.mif
2012-06-18 06:46 - 2012-06-18 06:46 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-18 06:46 - 2012-06-18 06:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-18 06:41 - 2012-06-20 00:43 - 00000978 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-18 06:41 - 2012-06-18 06:41 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-18 06:41 - 2012-06-18 06:41 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-18 06:41 - 2012-06-18 06:41 - 00000000 ____D C:\Windows\System32\Macromed
2012-06-18 06:39 - 2012-06-18 06:39 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\IObit
2012-06-18 06:30 - 2012-06-18 06:30 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-18 06:30 - 2012-06-18 06:30 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\Malwarebytes
2012-06-18 06:30 - 2012-06-18 06:30 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-18 06:30 - 2012-06-18 06:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-18 06:30 - 2012-06-18 06:30 - 00000000 ____D C:\47a625f6924b8adfe9b5a60fcc4dc175
2012-06-18 06:30 - 2012-04-04 05:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-18 06:24 - 2012-06-18 06:24 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-18 02:52 - 2012-06-18 02:52 - 00350040 ____A (SweetIM Technologies Ltd.) C:\Users\Jimmy\Downloads\sweetimsetup.exe
2012-06-18 02:37 - 2012-06-18 02:37 - 03605456 ____A C:\Users\Jimmy\Downloads\emule050a (2).exe
2012-06-17 23:55 - 2012-06-17 23:55 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{D970F5C2-DB4B-4194-9EF3-F79AFF79054E}
2012-06-16 23:32 - 2012-06-16 23:32 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{A1DAFD5E-F58A-4093-8585-965E6F1CBAFD}
2012-06-16 12:20 - 2012-06-16 12:20 - 02388880 ____A (Musiclab, LLC ) C:\Users\Jimmy\Downloads\BearShareV10.exe
2012-06-16 12:14 - 2012-06-16 12:14 - 02389072 ____A (Musiclab, LLC ) C:\Users\Jimmy\Downloads\BearShareV10it (1).exe
2012-06-16 12:10 - 2012-06-16 12:10 - 00638041 ____A C:\Users\Jimmy\Downloads\Codec-Installer (16).exe
2012-06-16 07:47 - 2012-06-16 07:47 - 00638041 ____A C:\Users\Jimmy\Downloads\Codec-Installer (15).exe
2012-06-16 07:45 - 2012-06-16 07:45 - 00638041 ____A C:\Users\Jimmy\Downloads\Codec-Installer (14).exe
2012-06-16 07:38 - 2012-06-16 07:38 - 00638041 ____A C:\Users\Jimmy\Downloads\Codec-Installer (13).exe
2012-06-16 07:38 - 2012-06-16 07:38 - 00638041 ____A C:\Users\Jimmy\Downloads\Codec-Installer (12).exe
2012-06-16 02:38 - 2012-06-16 02:38 - 00638041 ____A C:\Users\Jimmy\Downloads\Codec-Installer (11).exe
2012-06-16 02:37 - 2012-06-16 02:37 - 00638041 ____A C:\Users\Jimmy\Downloads\Codec-Installer (10).exe
2012-06-15 10:36 - 2012-06-15 10:36 - 02433192 ____A (iMesh Inc. ) C:\Users\Jimmy\Downloads\iMeshV11it.exe
2012-06-15 07:24 - 2012-06-15 07:24 - 00017016 ____A C:\Windows\FSAUA_UN.LOG
2012-06-15 07:24 - 2012-06-15 07:24 - 00001240 ____A C:\Windows\fsdgunst.log
2012-06-15 07:24 - 2012-06-15 07:24 - 00000724 ____A C:\Windows\daasunin.LOG
2012-06-15 07:23 - 2012-06-15 07:24 - 00583528 ____A C:\Windows\FSUNINST.log
2012-06-15 07:23 - 2012-06-15 07:24 - 00097325 ____A C:\Windows\uninstaller.log
2012-06-15 07:23 - 2012-06-15 07:23 - 00001845 ____A C:\Windows\FSPSUNI.LOG
2012-06-15 07:23 - 2012-06-15 07:23 - 00001564 ____A C:\Windows\FSASWUNI.LOG
2012-06-15 07:23 - 2012-06-15 07:23 - 00001193 ____A C:\Windows\FSGEMINST.LOG
2012-06-15 07:23 - 2012-06-15 07:23 - 00000110 ____A C:\Windows\FSAVES_inst.log
2012-06-15 06:59 - 2012-06-15 06:59 - 00000000 ____D C:\Program Files (x86)\IMinent Toolbar
2012-06-15 06:58 - 2012-06-15 08:24 - 00002592 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2012-06-15 06:57 - 2012-06-15 08:59 - 00000953 ____A C:\Users\Public\Desktop\eMule.lnk
2012-06-15 06:57 - 2012-06-15 06:57 - 00000000 ____D C:\Program Files (x86)\eMule
2012-06-15 06:54 - 2012-06-15 06:54 - 03605456 ____A C:\Users\Jimmy\Downloads\emule050a (1).exe
2012-06-15 06:51 - 2012-06-15 06:51 - 03605456 ____A C:\Users\Jimmy\Downloads\emule050a.exe
2012-06-15 06:25 - 2012-06-15 06:27 - 00077347 ____A C:\Windows\fshfcntl.log
2012-06-15 06:25 - 2012-06-15 06:27 - 00034573 ____A C:\Windows\fsiuupd.log
2012-06-15 06:25 - 2012-06-15 06:27 - 00020998 ____A C:\Windows\ih8.hotfix.xml.log
2012-06-15 06:25 - 2012-06-15 06:25 - 00000000 ____A C:\Windows\fsiugeneric.log
2012-06-15 05:13 - 2012-06-15 05:13 - 00033408 ____A C:\Windows\SysWOW64\Drivers\fsbts.sys
2012-06-15 05:13 - 2012-06-15 05:13 - 00000613 ____A C:\Windows\fsav_db_setup.log
2012-06-15 05:11 - 2012-06-15 07:24 - 73077479 ____A C:\Windows\FSISU.log
2012-06-15 05:11 - 2012-06-15 07:24 - 01331031 ____A C:\Windows\FSDEPH.log
2012-06-15 05:11 - 2012-06-15 07:24 - 00026578 ____A C:\Windows\fsavunin.log
2012-06-15 05:11 - 2012-06-15 07:24 - 00008035 ____A C:\Windows\FSGKIAIN.log
2012-06-15 05:11 - 2012-06-15 07:24 - 00003418 ____A C:\Windows\FSLDIN.LOG
2012-06-15 05:11 - 2012-06-15 07:24 - 00000827 ____A C:\Windows\FSGUIINS.LOG
2012-06-15 05:11 - 2012-06-15 07:24 - 00000643 ____A C:\Windows\fstnbins.LOG
2012-06-15 05:11 - 2012-06-15 07:24 - 00000584 ____A C:\Windows\HELPINST.LOG
2012-06-15 05:11 - 2012-06-15 07:23 - 00028804 ____A C:\Windows\fwesinst.log
2012-06-15 05:11 - 2012-06-15 07:23 - 00024109 ____A C:\Windows\FSSSINST.log
2012-06-15 05:11 - 2012-06-15 07:23 - 00021236 ____A C:\Windows\fwinst.log
2012-06-15 05:11 - 2012-06-15 07:23 - 00010171 ____A C:\Windows\FSSCINST.log
2012-06-15 05:11 - 2012-06-15 07:23 - 00000980 ____A C:\Windows\fsgadget.log
2012-06-15 05:11 - 2012-06-15 05:13 - 02043925 ____A C:\Windows\FSSFM.log
2012-06-15 05:11 - 2012-06-15 05:13 - 01363954 ____A C:\Windows\FSSETUP.log
2012-06-15 05:11 - 2012-06-15 05:13 - 00249455 ____A C:\Windows\FSPROD.log
2012-06-15 05:11 - 2012-06-15 05:13 - 00212622 ____A C:\Windows\RunSetup.log
2012-06-15 05:11 - 2012-06-15 05:13 - 00098944 ____A C:\Windows\fsauains.LOG
2012-06-15 05:11 - 2012-06-15 05:13 - 00049358 ____A C:\Windows\FSAVINST.LOG
2012-06-15 05:11 - 2012-06-15 05:13 - 00023168 ____A C:\Windows\fsmainst.log
2012-06-15 05:11 - 2012-06-15 05:13 - 00010155 ____A C:\Windows\FSAVCSIN.LOG
2012-06-15 05:11 - 2012-06-15 05:13 - 00009612 ____A C:\Windows\FSSYSUPD.LOG
2012-06-15 05:11 - 2012-06-15 05:13 - 00006566 ____A C:\Windows\FSPSINST.LOG
2012-06-15 05:11 - 2012-06-15 05:13 - 00005596 ____A C:\Windows\FSASWINS.LOG
2012-06-15 05:11 - 2012-06-15 05:13 - 00003653 ____A C:\Windows\FSGemini.LOG
2012-06-15 05:11 - 2012-06-15 05:13 - 00002288 ____A C:\Windows\DAASINST.LOG
2012-06-15 05:11 - 2012-06-15 05:13 - 00002045 ____A C:\Windows\fsdginst.log
2012-06-15 05:11 - 2012-06-15 05:11 - 01361118 ____A C:\Windows\fssgpex.LOG
2012-06-15 05:11 - 2012-06-15 05:11 - 00028863 ____A C:\Windows\preconfig.log
2012-06-15 05:11 - 2012-06-15 05:11 - 00005380 ____A C:\Windows\ih8.fssg.xml.log
2012-06-15 05:11 - 2012-06-15 05:11 - 00002807 ____A C:\Windows\FSPRODRM.LOG
2012-06-15 05:11 - 2012-06-15 05:11 - 00000421 ____A C:\Windows\CSCOZARM.LOG
2012-06-15 05:11 - 2012-06-15 05:11 - 00000229 ____A C:\Windows\FSAUASUB.LOG
2012-06-15 05:10 - 2012-06-15 06:27 - 00074895 ____A C:\Windows\ih8.config.xml.log
2012-06-15 05:10 - 2012-06-15 05:13 - 00069828 ____A C:\Windows\fsinstaller.log
2012-06-15 05:10 - 2012-06-15 05:10 - 00002658 ____A C:\Windows\Q-Klez.log
2012-06-15 05:10 - 2012-06-15 05:10 - 00001417 ____A C:\Windows\fswil.log
2012-06-15 05:10 - 2012-06-15 05:10 - 00000197 ____A C:\Windows\fsihcomptest.log
2012-06-15 04:01 - 2012-06-15 04:01 - 00000000 ____D C:\Users\Jimmy\Documents\Nero Home
2012-06-15 03:21 - 2012-06-15 03:21 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{6259EE9E-C608-4279-9411-A2ADF8259445}
2012-06-14 12:28 - 2012-06-14 12:28 - 00000000 ____D C:\Users\Jimmy\AppData\Local\Oberon Games
2012-06-14 12:25 - 2012-06-14 12:25 - 00000000 ____D C:\Users\Jimmy\AppData\Local\Microsoft Games
2012-06-14 10:01 - 2012-06-14 10:01 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{EB09072B-6613-41C2-81F7-8D0C6DB9EA6C}
2012-06-14 10:01 - 2012-06-14 10:01 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{46E89D4B-C06A-4DAD-BD16-3EB57E66F756}
2012-06-13 13:55 - 2012-06-13 13:55 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{65F92EAA-457B-4800-BDD2-5EF075BE0B05}
2012-06-13 13:55 - 2012-06-13 13:55 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{5570BA70-F2EB-467E-B52D-04BEA61E0206}
2012-06-12 22:58 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-12 22:58 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-12 22:58 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-12 22:58 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-12 22:58 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-12 22:58 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-12 22:58 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-12 22:58 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-12 22:58 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-12 22:58 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-12 22:58 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-12 22:58 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-12 22:58 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-12 22:58 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-12 22:58 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-12 22:58 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-12 22:58 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-12 22:58 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-12 22:58 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-12 22:58 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-12 22:58 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-12 22:58 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-12 22:58 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-12 22:58 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-12 22:58 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-12 22:58 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-12 22:58 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-12 22:58 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-12 22:55 - 2012-06-12 22:55 - 00000000 ____D C:\Users\Jimmy\AppData\Local\AVG Secure Search
2012-06-12 22:54 - 2012-06-12 22:55 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-06-12 22:54 - 2012-06-12 22:54 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-06-12 22:03 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 22:03 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-12 22:03 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-12 22:03 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-12 22:03 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-12 22:03 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-12 22:03 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-12 22:03 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-12 22:03 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-12 22:03 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-12 22:03 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-12 22:03 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-12 22:03 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-12 22:03 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-12 22:03 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-12 22:03 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-12 22:03 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-12 17:58 - 2012-06-12 17:58 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{5F486AB2-F1F3-4706-AD87-D023CA6DF774}
2012-06-12 16:05 - 2012-06-12 16:05 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{7FE4C373-C792-49F6-B156-77B7D5072D8F}
2012-06-12 16:04 - 2012-06-12 16:05 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{E0E01516-7FF7-483C-8F2A-20D3918ACF61}
2012-06-12 16:04 - 2012-06-12 16:04 - 00000000 ___HD C:\Users\Jimmy\Desktop\Download
2012-06-12 12:40 - 2012-06-12 12:40 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{F1ED040B-BF42-4D90-B511-0BD82C438FA0}
2012-06-12 12:39 - 2012-06-12 12:40 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{7922EB17-EF2E-4239-8431-0D69F8B6D98C}
2012-06-12 11:11 - 2012-06-18 02:48 - 00000000 ____D C:\Users\Jimmy\Desktop\BEST-2012-2
2012-06-12 10:29 - 2012-06-12 10:29 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{4FF33220-95B0-4F58-A764-2DED23611315}
2012-06-12 10:28 - 2012-06-12 10:29 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{7236C12E-B4F5-45D6-BF5A-76BCFB936FA1}
2012-06-11 23:25 - 2012-06-11 23:25 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{12069F52-AD17-480A-AF49-3DD0F14EE562}
2012-06-11 16:51 - 2012-06-11 16:51 - 00638041 ____A C:\Users\Jimmy\Downloads\Codec-Installer (9).exe
2012-06-11 15:07 - 2012-06-11 15:07 - 00637834 ____A C:\Users\Jimmy\Downloads\Codec-Installer (8).exe
2012-06-11 15:06 - 2012-06-11 15:06 - 00638041 ____A C:\Users\Jimmy\Downloads\Codec-Installer (7).exe
2012-06-11 11:08 - 2012-06-11 11:08 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{E28CDDAA-25CE-4F3D-9D89-DDD026DDE4D3}
2012-06-11 11:07 - 2012-06-11 11:08 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{B905FCFA-097C-449B-98C8-C3BDA3987A22}
2012-06-11 01:03 - 2012-06-11 01:04 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{BC8A38F1-9B74-45F7-BD77-FEB2C00FC0A2}
2012-06-11 01:02 - 2012-06-11 01:03 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{934F4DEA-0F9D-46D6-ABF7-0D0DD5374662}
2012-06-11 00:04 - 2012-06-11 00:04 - 00637802 ____A C:\Users\Jimmy\Downloads\Codec-Installer (6).exe
2012-06-10 12:25 - 2012-06-10 12:25 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{BD859A83-57BB-4869-A2B7-8C6CFEE3B945}
2012-06-10 08:08 - 2012-06-10 08:09 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{8B94439E-DD5C-46F4-BC15-8446FCDA81E0}
2012-06-10 08:08 - 2012-06-10 08:08 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{068030A9-B7B5-43DE-95A6-33E0407C5DEB}
2012-06-10 06:10 - 2012-06-10 06:10 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{F402F4FF-BAB3-4A56-B084-BB0882229D7D}
2012-06-09 15:20 - 2012-06-09 15:21 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{66B19E38-D57B-49C7-A10B-F2BAAF27EC36}
2012-06-07 13:07 - 2012-06-07 13:07 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{15DD37C5-374D-4EF0-8D12-CEC04A45045A}
2012-06-06 04:56 - 2012-06-06 04:56 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{374945B8-3F79-48FA-85A8-6A04A68FC046}
2012-06-06 04:55 - 2012-06-06 04:55 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{61E8C087-9701-48E0-B648-6351204568EF}
2012-06-06 04:55 - 2012-06-06 04:55 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{08001DEC-ADB4-4A5A-9BEC-8BE97AFE2F57}
2012-06-06 02:56 - 2012-06-06 02:56 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{DFFE8F2B-2796-44F4-8460-5B1C25F3BFCC}
2012-06-06 00:49 - 2012-06-06 00:49 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{5F227B36-8ADF-4C2B-9AA0-1EBC861C24AF}
2012-06-01 14:23 - 2012-06-01 14:30 - 02385216 ____A (Musiclab, LLC ) C:\Users\Jimmy\Downloads\BearShareV10it.exe
2012-06-01 04:49 - 2012-06-18 01:13 - 00000000 ____D C:\Users\Jimmy\Desktop\BEST-2012
2012-05-31 10:53 - 2012-05-31 10:53 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{DDB54662-5370-47DE-8EC6-F1245413B45A}
2012-05-31 10:53 - 2012-05-31 10:53 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{2BA143A4-545C-465B-AD9D-4C8F89B5235D}
2012-05-29 04:08 - 2012-06-18 00:50 - 00000000 ____D C:\Users\Jimmy\Desktop\ANNI-80
2012-05-27 12:12 - 2012-05-27 12:13 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{64AE12AD-B800-4BEA-9A40-9130C40EAA8D}
2012-05-27 07:49 - 2012-05-27 07:49 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{112D0148-7E6E-4784-8408-40A5CB2F83D5}
2012-05-26 12:32 - 2012-05-26 12:32 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{EAD4848D-4D02-4895-9B1B-94C335D159B5}
2012-05-26 08:52 - 2012-05-26 08:57 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{B372EC0E-A0A7-46D0-B8DD-0FADEFBB291A}
2012-05-26 08:52 - 2012-05-26 08:52 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{84E2A360-5C79-4B86-8C8D-1C6D3EDDA6C8}
2012-05-25 08:26 - 2012-05-25 08:26 - 00000666 ____A C:\Users\Jimmy\Documents\Raccolte - collegamento.lnk
2012-05-24 07:54 - 2012-05-24 07:54 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\TunesNINJA
2012-05-24 07:54 - 2012-05-24 07:54 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\IncomingFiles
2012-05-24 06:39 - 2012-05-24 06:39 - 00154544 ____A C:\emule.bmp
2012-05-22 16:30 - 2012-06-13 02:42 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\Media Finder
2012-05-22 16:30 - 2012-06-12 14:51 - 00001204 ____A C:\1.txt
2012-05-22 16:30 - 2012-05-22 16:30 - 00001490 ____A C:\user.js
2012-05-22 16:30 - 2012-05-22 16:30 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\Mozilla
2012-05-22 16:30 - 2012-05-22 16:30 - 00000000 ____D C:\Program Files (x86)\BabylonToolbar
2012-05-22 16:27 - 2012-06-19 23:22 - 00000000 ____D C:\Program Files (x86)\I Want This
2012-05-22 16:27 - 2012-05-22 16:27 - 00000000 ____D C:\Users\Jimmy\AppData\Local\I Want This
2012-05-22 16:25 - 2012-05-22 16:35 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{4C4738EA-A32D-425C-BE92-938494F4A3D9}
2012-05-22 16:25 - 2012-05-22 16:25 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\Babylon
2012-05-22 16:25 - 2012-05-22 16:25 - 00000000 ____D C:\Users\Jimmy\AppData\Local\Babylon
2012-05-22 16:25 - 2012-05-22 16:25 - 00000000 ____D C:\Users\All Users\Babylon
2012-05-22 16:22 - 2012-06-06 02:13 - 00000000 ____D C:\Users\Jimmy\Downloads\Nuova cartella
2012-05-21 07:29 - 2012-05-21 07:29 - 00944264 ____A (Skype Technologies S.A.) C:\Users\Jimmy\Downloads\SkypeSetup (5).exe
2012-05-21 07:28 - 2012-05-21 07:28 - 00944264 ____A (Skype Technologies S.A.) C:\Users\Jimmy\Downloads\SkypeSetup (4).exe
2012-05-21 06:38 - 2012-06-18 02:49 - 00000000 ____D C:\Users\Jimmy\Desktop\mp3

 

[Giacomo]

Part 3
============ 3 Months Modified Files and Folders =============

2012-06-20 10:46 - 2012-06-20 10:46 - 00000000 ____D C:\FRST
2012-06-20 00:43 - 2012-06-18 06:41 - 00000978 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-20 00:43 - 2011-09-15 16:27 - 00001160 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1722360273-273184005-3618300221-1000UA.job
2012-06-20 00:42 - 2012-05-11 07:09 - 00017686 ____A C:\Windows\setupact.log
2012-06-20 00:42 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-19 23:22 - 2012-05-22 16:27 - 00000000 ____D C:\Program Files (x86)\I Want This
2012-06-19 07:47 - 2012-06-18 10:01 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2012-06-19 06:02 - 2012-05-11 07:09 - 00082882 ____A C:\Windows\PFRO.log
2012-06-18 07:29 - 2009-07-13 21:08 - 00032556 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-18 06:51 - 2009-07-13 20:45 - 00016752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-18 06:51 - 2009-07-13 20:45 - 00016752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-18 06:49 - 2011-09-19 02:48 - 01976807 ____A C:\Windows\WindowsUpdate.log
2012-06-18 06:46 - 2012-06-18 06:46 - 00001912 ____A C:\Windows\epplauncher.mif
2012-06-18 06:46 - 2012-06-18 06:46 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-18 06:46 - 2012-06-18 06:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-18 06:46 - 2012-04-24 00:48 - 01584750 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-18 06:46 - 2011-07-15 23:32 - 00705902 ____A C:\Windows\System32\perfh010.dat
2012-06-18 06:46 - 2011-07-15 23:32 - 00131192 ____A C:\Windows\System32\perfc010.dat
2012-06-18 06:41 - 2012-06-18 06:41 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-18 06:41 - 2012-06-18 06:41 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-18 06:41 - 2012-06-18 06:41 - 00000000 ____D C:\Windows\System32\Macromed
2012-06-18 06:39 - 2012-06-18 06:39 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\IObit
2012-06-18 06:32 - 2011-09-17 02:41 - 00000000 ____D C:\Users\All Users\MFAData
2012-06-18 06:30 - 2012-06-18 06:30 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-18 06:30 - 2012-06-18 06:30 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\Malwarebytes
2012-06-18 06:30 - 2012-06-18 06:30 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-18 06:30 - 2012-06-18 06:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-18 06:30 - 2012-06-18 06:30 - 00000000 ____D C:\47a625f6924b8adfe9b5a60fcc4dc175
2012-06-18 06:24 - 2012-06-18 06:24 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-18 06:18 - 2009-07-13 21:13 - 01557022 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-18 04:42 - 2011-09-17 01:24 - 00000000 ____D C:\Users\Jimmy\Tracing
2012-06-18 02:54 - 2011-09-17 01:50 - 00000000 ____D C:\Users\Jimmy\AppData\Local\eMule
2012-06-18 02:52 - 2012-06-18 02:52 - 00350040 ____A (SweetIM Technologies Ltd.) C:\Users\Jimmy\Downloads\sweetimsetup.exe
2012-06-18 02:49 - 2012-05-21 06:38 - 00000000 ____D C:\Users\Jimmy\Desktop\mp3
2012-06-18 02:48 - 2012-06-12 11:11 - 00000000 ____D C:\Users\Jimmy\Desktop\BEST-2012-2
2012-06-18 02:37 - 2012-06-18 02:37 - 03605456 ____A C:\Users\Jimmy\Downloads\emule050a (2).exe
2012-06-18 01:43 - 2011-09-15 16:27 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1722360273-273184005-3618300221-1000Core.job
2012-06-18 01:13 - 2012-06-01 04:49 - 00000000 ____D C:\Users\Jimmy\Desktop\BEST-2012
2012-06-18 00:50 - 2012-05-29 04:08 - 00000000 ____D C:\Users\Jimmy\Desktop\ANNI-80
2012-06-18 00:45 - 2011-09-19 06:58 - 00000000 ____D C:\Users\Jimmy\Desktop\MUSICA
2012-06-17 23:55 - 2012-06-17 23:55 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{D970F5C2-DB4B-4194-9EF3-F79AFF79054E}
2012-06-17 23:42 - 2011-09-17 02:45 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-06-17 15:07 - 2012-04-24 01:24 - 00000000 __SHD C:\Users\Jimmy\AppData\Local\{2adda509-e304-d9fa-4b02-a668f8eca5c2}
2012-06-17 08:33 - 2011-09-15 16:37 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\Skype
2012-06-17 06:40 - 2011-06-07 23:10 - 00000000 ____D C:\Users\All Users\Skype
2012-06-16 23:32 - 2012-06-16 23:32 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{A1DAFD5E-F58A-4093-8585-965E6F1CBAFD}
2012-06-16 12:20 - 2012-06-16 12:20 - 02388880 ____A (Musiclab, LLC ) C:\Users\Jimmy\Downloads\BearShareV10.exe
2012-06-16 12:14 - 2012-06-16 12:14 - 02389072 ____A (Musiclab, LLC ) C:\Users\Jimmy\Downloads\BearShareV10it (1).exe
2012-06-16 12:10 - 2012-06-16 12:10 - 00638041 ____A C:\Users\Jimmy\Downloads\Codec-Installer (16).exe
2012-06-16 07:47 - 2012-06-16 07:47 - 00638041 ____A C:\Users\Jimmy\Downloads\Codec-Installer (15).exe
2012-06-16 07:45 - 2012-06-16 07:45 - 00638041 ____A C:\Users\Jimmy\Downloads\Codec-Installer (14).exe
2012-06-16 07:38 - 2012-06-16 07:38 - 00638041 ____A C:\Users\Jimmy\Downloads\Codec-Installer (13).exe
2012-06-16 07:38 - 2012-06-16 07:38 - 00638041 ____A C:\Users\Jimmy\Downloads\Codec-Installer (12).exe
2012-06-16 02:39 - 2011-10-21 14:02 - 00000137 ____A C:\Users\Jimmy\AppData\default.pls
2012-06-16 02:38 - 2012-06-16 02:38 - 00638041 ____A C:\Users\Jimmy\Downloads\Codec-Installer (11).exe
2012-06-16 02:37 - 2012-06-16 02:37 - 00638041 ____A C:\Users\Jimmy\Downloads\Codec-Installer (10).exe
2012-06-15 10:36 - 2012-06-15 10:36 - 02433192 ____A (iMesh Inc. ) C:\Users\Jimmy\Downloads\iMeshV11it.exe
2012-06-15 08:59 - 2012-06-15 06:57 - 00000953 ____A C:\Users\Public\Desktop\eMule.lnk
2012-06-15 08:24 - 2012-06-15 06:58 - 00002592 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2012-06-15 07:26 - 2012-04-24 00:47 - 00000000 ____D C:\Program Files (x86)\F-Secure
2012-06-15 07:24 - 2012-06-15 07:24 - 00017016 ____A C:\Windows\FSAUA_UN.LOG
2012-06-15 07:24 - 2012-06-15 07:24 - 00001240 ____A C:\Windows\fsdgunst.log
2012-06-15 07:24 - 2012-06-15 07:24 - 00000724 ____A C:\Windows\daasunin.LOG
2012-06-15 07:24 - 2012-06-15 07:23 - 00583528 ____A C:\Windows\FSUNINST.log
2012-06-15 07:24 - 2012-06-15 07:23 - 00097325 ____A C:\Windows\uninstaller.log
2012-06-15 07:24 - 2012-06-15 05:11 - 73077479 ____A C:\Windows\FSISU.log
2012-06-15 07:24 - 2012-06-15 05:11 - 01331031 ____A C:\Windows\FSDEPH.log
2012-06-15 07:24 - 2012-06-15 05:11 - 00026578 ____A C:\Windows\fsavunin.log
2012-06-15 07:24 - 2012-06-15 05:11 - 00008035 ____A C:\Windows\FSGKIAIN.log
2012-06-15 07:24 - 2012-06-15 05:11 - 00003418 ____A C:\Windows\FSLDIN.LOG
2012-06-15 07:24 - 2012-06-15 05:11 - 00000827 ____A C:\Windows\FSGUIINS.LOG
2012-06-15 07:24 - 2012-06-15 05:11 - 00000643 ____A C:\Windows\fstnbins.LOG
2012-06-15 07:24 - 2012-06-15 05:11 - 00000584 ____A C:\Windows\HELPINST.LOG
2012-06-15 07:24 - 2012-04-24 00:45 - 00000000 ____D C:\Users\All Users\f-secure
2012-06-15 07:23 - 2012-06-15 07:23 - 00001845 ____A C:\Windows\FSPSUNI.LOG
2012-06-15 07:23 - 2012-06-15 07:23 - 00001564 ____A C:\Windows\FSASWUNI.LOG
2012-06-15 07:23 - 2012-06-15 07:23 - 00001193 ____A C:\Windows\FSGEMINST.LOG
2012-06-15 07:23 - 2012-06-15 07:23 - 00000110 ____A C:\Windows\FSAVES_inst.log
2012-06-15 07:23 - 2012-06-15 05:11 - 00028804 ____A C:\Windows\fwesinst.log
2012-06-15 07:23 - 2012-06-15 05:11 - 00024109 ____A C:\Windows\FSSSINST.log
2012-06-15 07:23 - 2012-06-15 05:11 - 00021236 ____A C:\Windows\fwinst.log
2012-06-15 07:23 - 2012-06-15 05:11 - 00010171 ____A C:\Windows\FSSCINST.log
2012-06-15 07:23 - 2012-06-15 05:11 - 00000980 ____A C:\Windows\fsgadget.log
2012-06-15 07:22 - 2012-04-23 01:52 - 00000000 ____D C:\Users\All Users\DatacardService
2012-06-15 06:59 - 2012-06-15 06:59 - 00000000 ____D C:\Program Files (x86)\IMinent Toolbar
2012-06-15 06:58 - 2011-09-19 05:08 - 00000000 ____D C:\Users\Jimmy\Downloads\eMule
2012-06-15 06:58 - 2011-09-17 01:50 - 00000000 ____D C:\Users\All Users\eMule
2012-06-15 06:57 - 2012-06-15 06:57 - 00000000 ____D C:\Program Files (x86)\eMule
2012-06-15 06:54 - 2012-06-15 06:54 - 03605456 ____A C:\Users\Jimmy\Downloads\emule050a (1).exe
2012-06-15 06:51 - 2012-06-15 06:51 - 03605456 ____A C:\Users\Jimmy\Downloads\emule050a.exe
2012-06-15 06:27 - 2012-06-15 06:25 - 00077347 ____A C:\Windows\fshfcntl.log
2012-06-15 06:27 - 2012-06-15 06:25 - 00034573 ____A C:\Windows\fsiuupd.log
2012-06-15 06:27 - 2012-06-15 06:25 - 00020998 ____A C:\Windows\ih8.hotfix.xml.log
2012-06-15 06:27 - 2012-06-15 05:10 - 00074895 ____A C:\Windows\ih8.config.xml.log
2012-06-15 06:25 - 2012-06-15 06:25 - 00000000 ____A C:\Windows\fsiugeneric.log
2012-06-15 05:13 - 2012-06-15 05:13 - 00033408 ____A C:\Windows\SysWOW64\Drivers\fsbts.sys
2012-06-15 05:13 - 2012-06-15 05:13 - 00000613 ____A C:\Windows\fsav_db_setup.log
2012-06-15 05:13 - 2012-06-15 05:11 - 02043925 ____A C:\Windows\FSSFM.log
2012-06-15 05:13 - 2012-06-15 05:11 - 01363954 ____A C:\Windows\FSSETUP.log
2012-06-15 05:13 - 2012-06-15 05:11 - 00249455 ____A C:\Windows\FSPROD.log
2012-06-15 05:13 - 2012-06-15 05:11 - 00212622 ____A C:\Windows\RunSetup.log
2012-06-15 05:13 - 2012-06-15 05:11 - 00098944 ____A C:\Windows\fsauains.LOG
2012-06-15 05:13 - 2012-06-15 05:11 - 00049358 ____A C:\Windows\FSAVINST.LOG
2012-06-15 05:13 - 2012-06-15 05:11 - 00023168 ____A C:\Windows\fsmainst.log
2012-06-15 05:13 - 2012-06-15 05:11 - 00010155 ____A C:\Windows\FSAVCSIN.LOG
2012-06-15 05:13 - 2012-06-15 05:11 - 00009612 ____A C:\Windows\FSSYSUPD.LOG
2012-06-15 05:13 - 2012-06-15 05:11 - 00006566 ____A C:\Windows\FSPSINST.LOG
2012-06-15 05:13 - 2012-06-15 05:11 - 00005596 ____A C:\Windows\FSASWINS.LOG
2012-06-15 05:13 - 2012-06-15 05:11 - 00003653 ____A C:\Windows\FSGemini.LOG
2012-06-15 05:13 - 2012-06-15 05:11 - 00002288 ____A C:\Windows\DAASINST.LOG
2012-06-15 05:13 - 2012-06-15 05:11 - 00002045 ____A C:\Windows\fsdginst.log
2012-06-15 05:13 - 2012-06-15 05:10 - 00069828 ____A C:\Windows\fsinstaller.log
2012-06-15 05:11 - 2012-06-15 05:11 - 01361118 ____A C:\Windows\fssgpex.LOG
2012-06-15 05:11 - 2012-06-15 05:11 - 00028863 ____A C:\Windows\preconfig.log
2012-06-15 05:11 - 2012-06-15 05:11 - 00005380 ____A C:\Windows\ih8.fssg.xml.log
2012-06-15 05:11 - 2012-06-15 05:11 - 00002807 ____A C:\Windows\FSPRODRM.LOG
2012-06-15 05:11 - 2012-06-15 05:11 - 00000421 ____A C:\Windows\CSCOZARM.LOG
2012-06-15 05:11 - 2012-06-15 05:11 - 00000229 ____A C:\Windows\FSAUASUB.LOG
2012-06-15 05:11 - 2012-04-24 00:46 - 00000000 ____D C:\Users\All Users\fssg
2012-06-15 05:10 - 2012-06-15 05:10 - 00002658 ____A C:\Windows\Q-Klez.log
2012-06-15 05:10 - 2012-06-15 05:10 - 00001417 ____A C:\Windows\fswil.log
2012-06-15 05:10 - 2012-06-15 05:10 - 00000197 ____A C:\Windows\fsihcomptest.log
2012-06-15 04:01 - 2012-06-15 04:01 - 00000000 ____D C:\Users\Jimmy\Documents\Nero Home
2012-06-15 03:21 - 2012-06-15 03:21 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{6259EE9E-C608-4279-9411-A2ADF8259445}
2012-06-14 13:05 - 2012-04-14 11:54 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\SprillRichiEng
2012-06-14 12:28 - 2012-06-14 12:28 - 00000000 ____D C:\Users\Jimmy\AppData\Local\Oberon Games
2012-06-14 12:25 - 2012-06-14 12:25 - 00000000 ____D C:\Users\Jimmy\AppData\Local\Microsoft Games
2012-06-14 10:01 - 2012-06-14 10:01 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{EB09072B-6613-41C2-81F7-8D0C6DB9EA6C}
2012-06-14 10:01 - 2012-06-14 10:01 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{46E89D4B-C06A-4DAD-BD16-3EB57E66F756}
2012-06-14 06:26 - 2011-10-30 10:39 - 00000000 ____D C:\Users\Jimmy\Desktop\Nuova cartella
2012-06-13 13:55 - 2012-06-13 13:55 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{65F92EAA-457B-4800-BDD2-5EF075BE0B05}
2012-06-13 13:55 - 2012-06-13 13:55 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{5570BA70-F2EB-467E-B52D-04BEA61E0206}
2012-06-13 03:52 - 2011-09-17 01:31 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\vlc
2012-06-13 02:42 - 2012-05-22 16:30 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\Media Finder
2012-06-13 00:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-06-12 23:11 - 2009-07-13 20:45 - 00307424 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-12 23:03 - 2011-09-17 04:44 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-12 22:55 - 2012-06-12 22:55 - 00000000 ____D C:\Users\Jimmy\AppData\Local\AVG Secure Search
2012-06-12 22:55 - 2012-06-12 22:54 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-06-12 22:54 - 2012-06-12 22:54 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-06-12 22:54 - 2011-09-17 02:45 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-06-12 22:53 - 2011-09-17 03:18 - 00000000 ___HD C:\$AVG
2012-06-12 17:58 - 2012-06-12 17:58 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{5F486AB2-F1F3-4706-AD87-D023CA6DF774}
2012-06-12 16:05 - 2012-06-12 16:05 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{7FE4C373-C792-49F6-B156-77B7D5072D8F}
2012-06-12 16:05 - 2012-06-12 16:04 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{E0E01516-7FF7-483C-8F2A-20D3918ACF61}
2012-06-12 16:04 - 2012-06-12 16:04 - 00000000 ___HD C:\Users\Jimmy\Desktop\Download
2012-06-12 14:51 - 2012-05-22 16:30 - 00001204 ____A C:\1.txt
2012-06-12 12:40 - 2012-06-12 12:40 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{F1ED040B-BF42-4D90-B511-0BD82C438FA0}
2012-06-12 12:40 - 2012-06-12 12:39 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{7922EB17-EF2E-4239-8431-0D69F8B6D98C}
2012-06-12 10:29 - 2012-06-12 10:29 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{4FF33220-95B0-4F58-A764-2DED23611315}
2012-06-12 10:29 - 2012-06-12 10:28 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{7236C12E-B4F5-45D6-BF5A-76BCFB936FA1}
2012-06-11 23:25 - 2012-06-11 23:25 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{12069F52-AD17-480A-AF49-3DD0F14EE562}
2012-06-11 18:49 - 2011-09-15 16:28 - 00002363 ____A C:\Users\Jimmy\Desktop\Google Chrome.lnk
2012-06-11 16:51 - 2012-06-11 16:51 - 00638041 ____A C:\Users\Jimmy\Downloads\Codec-Installer (9).exe
2012-06-11 15:07 - 2012-06-11 15:07 - 00637834 ____A C:\Users\Jimmy\Downloads\Codec-Installer (8).exe
2012-06-11 15:06 - 2012-06-11 15:06 - 00638041 ____A C:\Users\Jimmy\Downloads\Codec-Installer (7).exe
2012-06-11 11:08 - 2012-06-11 11:08 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{E28CDDAA-25CE-4F3D-9D89-DDD026DDE4D3}
2012-06-11 11:08 - 2012-06-11 11:07 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{B905FCFA-097C-449B-98C8-C3BDA3987A22}
2012-06-11 01:04 - 2012-06-11 01:03 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{BC8A38F1-9B74-45F7-BD77-FEB2C00FC0A2}
2012-06-11 01:03 - 2012-06-11 01:02 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{934F4DEA-0F9D-46D6-ABF7-0D0DD5374662}
2012-06-11 00:04 - 2012-06-11 00:04 - 00637802 ____A C:\Users\Jimmy\Downloads\Codec-Installer (6).exe
2012-06-10 12:47 - 2011-09-15 16:39 - 00000000 ____D C:\Users\Jimmy\AppData\Local\Windows Live
2012-06-10 12:25 - 2012-06-10 12:25 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{BD859A83-57BB-4869-A2B7-8C6CFEE3B945}
2012-06-10 08:09 - 2012-06-10 08:08 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{8B94439E-DD5C-46F4-BC15-8446FCDA81E0}
2012-06-10 08:08 - 2012-06-10 08:08 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{068030A9-B7B5-43DE-95A6-33E0407C5DEB}
2012-06-10 06:10 - 2012-06-10 06:10 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{F402F4FF-BAB3-4A56-B084-BB0882229D7D}
2012-06-09 15:21 - 2012-06-09 15:20 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{66B19E38-D57B-49C7-A10B-F2BAAF27EC36}
2012-06-08 10:35 - 2011-09-17 01:08 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\OfferBox
2012-06-07 13:07 - 2012-06-07 13:07 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{15DD37C5-374D-4EF0-8D12-CEC04A45045A}
2012-06-06 04:56 - 2012-06-06 04:56 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{374945B8-3F79-48FA-85A8-6A04A68FC046}
2012-06-06 04:55 - 2012-06-06 04:55 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{61E8C087-9701-48E0-B648-6351204568EF}
2012-06-06 04:55 - 2012-06-06 04:55 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{08001DEC-ADB4-4A5A-9BEC-8BE97AFE2F57}
2012-06-06 02:56 - 2012-06-06 02:56 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{DFFE8F2B-2796-44F4-8460-5B1C25F3BFCC}
2012-06-06 02:13 - 2012-05-22 16:22 - 00000000 ____D C:\Users\Jimmy\Downloads\Nuova cartella
2012-06-06 00:49 - 2012-06-06 00:49 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{5F227B36-8ADF-4C2B-9AA0-1EBC861C24AF}
2012-06-01 14:30 - 2012-06-01 14:23 - 02385216 ____A (Musiclab, LLC ) C:\Users\Jimmy\Downloads\BearShareV10it.exe
2012-05-31 10:53 - 2012-05-31 10:53 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{DDB54662-5370-47DE-8EC6-F1245413B45A}
2012-05-31 10:53 - 2012-05-31 10:53 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{2BA143A4-545C-465B-AD9D-4C8F89B5235D}
2012-05-27 12:13 - 2012-05-27 12:12 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{64AE12AD-B800-4BEA-9A40-9130C40EAA8D}
2012-05-27 07:49 - 2012-05-27 07:49 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{112D0148-7E6E-4784-8408-40A5CB2F83D5}
2012-05-26 12:32 - 2012-05-26 12:32 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{EAD4848D-4D02-4895-9B1B-94C335D159B5}
2012-05-26 09:32 - 2010-11-20 23:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-05-26 08:57 - 2012-05-26 08:52 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{B372EC0E-A0A7-46D0-B8DD-0FADEFBB291A}
2012-05-26 08:52 - 2012-05-26 08:52 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{84E2A360-5C79-4B86-8C8D-1C6D3EDDA6C8}
2012-05-25 08:26 - 2012-05-25 08:26 - 00000666 ____A C:\Users\Jimmy\Documents\Raccolte - collegamento.lnk
2012-05-24 07:54 - 2012-05-24 07:54 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\TunesNINJA
2012-05-24 07:54 - 2012-05-24 07:54 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\IncomingFiles
2012-05-24 06:39 - 2012-05-24 06:39 - 00154544 ____A C:\emule.bmp
2012-05-22 16:35 - 2012-05-22 16:25 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{4C4738EA-A32D-425C-BE92-938494F4A3D9}
2012-05-22 16:30 - 2012-05-22 16:30 - 00001490 ____A C:\user.js
2012-05-22 16:30 - 2012-05-22 16:30 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\Mozilla
2012-05-22 16:30 - 2012-05-22 16:30 - 00000000 ____D C:\Program Files (x86)\BabylonToolbar
2012-05-22 16:27 - 2012-05-22 16:27 - 00000000 ____D C:\Users\Jimmy\AppData\Local\I Want This
2012-05-22 16:25 - 2012-05-22 16:25 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\Babylon
2012-05-22 16:25 - 2012-05-22 16:25 - 00000000 ____D C:\Users\Jimmy\AppData\Local\Babylon
2012-05-22 16:25 - 2012-05-22 16:25 - 00000000 ____D C:\Users\All Users\Babylon
2012-05-21 14:41 - 2011-09-28 08:27 - 00000000 ____D C:\Users\Jimmy\Desktop\FILM
2012-05-21 07:29 - 2012-05-21 07:29 - 00944264 ____A (Skype Technologies S.A.) C:\Users\Jimmy\Downloads\SkypeSetup (5).exe
2012-05-21 07:28 - 2012-05-21 07:28 - 00944264 ____A (Skype Technologies S.A.) C:\Users\Jimmy\Downloads\SkypeSetup (4).exe
2012-05-20 09:53 - 2012-05-20 09:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-20 09:53 - 2012-05-20 09:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-20 06:20 - 2012-05-20 06:20 - 00944264 ____A (Skype Technologies S.A.) C:\Users\Jimmy\Downloads\SkypeSetup (3).exe
2012-05-20 06:20 - 2012-05-20 06:20 - 00944264 ____A (Skype Technologies S.A.) C:\Users\Jimmy\Downloads\SkypeSetup (2).exe
2012-05-17 18:47 - 2012-06-12 22:58 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-12 22:58 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-12 22:58 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-12 22:58 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-12 22:58 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-12 22:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-12 22:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-12 22:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-12 22:58 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-12 22:58 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-12 22:58 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-12 22:58 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-12 22:58 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-12 22:58 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-12 22:58 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-12 22:58 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-12 22:58 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-12 22:58 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-12 22:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-12 22:58 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-12 22:58 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-12 22:58 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-12 22:58 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-12 22:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-12 22:58 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-12 22:58 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-12 22:58 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-12 22:58 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-17 04:57 - 2012-05-17 04:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_onda_lq_cdc_ecm_01009.Wdf
2012-05-17 04:57 - 2012-05-17 04:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_onda_lq_cdc_acm_01009.Wdf
2012-05-17 04:55 - 2012-05-17 04:55 - 00001220 ____A C:\Users\Public\Desktop\Onda Connection Manager.lnk
2012-05-17 04:55 - 2012-05-17 04:55 - 00000000 ____D C:\Program Files (x86)\P R C
2012-05-17 04:55 - 2012-05-17 04:55 - 00000000 ____D C:\Program Files (x86)\Onda Connection Manager
2012-05-14 17:32 - 2012-06-12 22:03 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 03:32 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-11 07:09 - 2012-05-11 07:09 - 00000000 ____A C:\Windows\setuperr.log
2012-05-11 07:09 - 2011-06-07 23:10 - 00000000 ____D C:\Users\All Users\McAfee
2012-05-11 07:09 - 2011-06-07 23:10 - 00000000 ____D C:\Program Files (x86)\McAfee
2012-05-11 06:21 - 2011-09-17 02:24 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\uTorrent
2012-05-11 06:21 - 2007-07-11 17:49 - 00000000 ____D C:\Windows\Panther
2012-05-11 06:19 - 2012-05-11 06:18 - 03654896 ____A (Piriform Ltd) C:\Users\Jimmy\Downloads\ccsetup318.exe
2012-05-11 06:19 - 2011-09-15 16:31 - 00000826 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-05-11 06:19 - 2011-09-15 16:31 - 00000000 ____D C:\Program Files\CCleaner
2012-05-09 20:54 - 2012-05-09 20:51 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{D165DA1B-6CFE-4530-BC22-326C9CBBFE9C}
2012-05-09 11:17 - 2011-09-24 07:05 - 00000000 ____D C:\Users\Jimmy\Desktop\MIKI IREN
2012-05-09 11:16 - 2011-09-17 02:09 - 00000000 ____D C:\Users\Jimmy\AppData\Local\WinZip
2012-05-09 10:31 - 2012-05-09 10:31 - 10002905 ____A C:\Users\Jimmy\Downloads\Ciao!.zip
2012-05-09 10:31 - 2012-05-09 10:31 - 10002791 ____A C:\Users\Jimmy\Downloads\foto (4).rar
2012-05-09 10:29 - 2012-05-09 10:30 - 00118381 ____A C:\Users\Jimmy\Documents\download (1).htm
2012-05-09 10:29 - 2012-05-09 10:29 - 00118376 ____A C:\Users\Jimmy\Documents\download.htm
2012-05-09 10:29 - 2012-05-09 10:28 - 10002791 ____A C:\Users\Jimmy\Downloads\foto (3).rar
2012-05-09 10:29 - 2012-05-09 10:28 - 10002791 ____A C:\Users\Jimmy\Downloads\foto (1).rar
2012-05-09 10:20 - 2012-05-09 10:20 - 00000000 ____D C:\Users\Jimmy\AppData\Local\{F76242E1-3D21-44D1-ACD2-58805236EBBA}
2012-05-09 06:27 - 2012-05-09 06:27 - 00055960 ____A C:\Windows\System32\Drivers\fsbts.sys
2012-05-09 06:26 - 2012-05-09 06:25 - 10002791 ____A C:\Users\Jimmy\Downloads\foto.rar
2012-05-09 06:26 - 2012-05-09 06:25 - 10002791 ____A C:\Users\Jimmy\Downloads\foto (2).rar
2012-05-07 11:17 - 2012-05-07 11:17 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-05-07 11:17 - 2011-09-15 16:37 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-05-07 09:13 - 2012-05-07 09:13 - 01119024 ____A (Microsoft Corporation) C:\Users\Jimmy\Downloads\IE9-Windows7-x64-ita.exe
2012-05-07 09:13 - 2012-05-07 09:13 - 01119024 ____A (Microsoft Corporation) C:\Users\Jimmy\Downloads\IE9-Windows7-x64-ita (1).exe
2012-05-07 09:08 - 2012-05-07 09:08 - 05837464 ____A (Uniblue Systems Ltd ) C:\Users\Jimmy\Downloads\speedupmypc (7).exe
2012-05-07 09:08 - 2012-05-07 09:08 - 05837464 ____A (Uniblue Systems Ltd ) C:\Users\Jimmy\Downloads\speedupmypc (6).exe
2012-05-07 09:08 - 2012-05-07 09:08 - 00944264 ____A (Skype Technologies S.A.) C:\Users\Jimmy\Downloads\SkypeSetup (1).exe
2012-05-07 09:01 - 2012-05-07 09:01 - 00944264 ____A (Skype Technologies S.A.) C:\Users\Jimmy\Downloads\SkypeSetup.exe
2012-05-07 09:00 - 2012-05-07 09:00 - 05837464 ____A (Uniblue Systems Ltd ) C:\Users\Jimmy\Downloads\speedupmypc (5).exe
2012-05-07 08:58 - 2012-05-07 08:58 - 05837464 ____A (Uniblue Systems Ltd ) C:\Users\Jimmy\Downloads\speedupmypc (4).exe
2012-05-07 08:57 - 2012-05-07 08:57 - 05837464 ____A (Uniblue Systems Ltd ) C:\Users\Jimmy\Downloads\speedupmypc (3).exe
2012-05-07 08:57 - 2012-05-07 08:57 - 05837464 ____A (Uniblue Systems Ltd ) C:\Users\Jimmy\Downloads\speedupmypc (2).exe
2012-05-07 08:57 - 2012-05-07 08:57 - 05837464 ____A (Uniblue Systems Ltd ) C:\Users\Jimmy\Downloads\speedupmypc (1).exe
2012-05-07 08:51 - 2012-05-07 08:49 - 05837464 ____A (Uniblue Systems Ltd ) C:\Users\Jimmy\Downloads\speedupmypc.exe
2012-05-04 03:06 - 2012-06-12 22:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-12 22:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-12 22:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 04:59 - 2012-05-03 04:58 - 03219568 ____A (Badoo) C:\Users\Jimmy\Downloads\badoo.desktop.installer-1.6.48.exe
2012-05-02 10:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-05-02 09:37 - 2012-05-02 09:37 - 00823376 ____A (Iminent) C:\Users\Jimmy\Downloads\IminentSetup{2.Us85kKaP.1} (4).exe
2012-05-02 09:37 - 2012-05-02 09:37 - 00823376 ____A (Iminent) C:\Users\Jimmy\Downloads\IminentSetup{2.Us85kKaP.1} (3).exe
2012-05-02 09:36 - 2012-05-02 09:36 - 00823376 ____A (Iminent) C:\Users\Jimmy\Downloads\IminentSetup{2.Us85kKaP.1}.exe
2012-05-02 09:36 - 2012-05-02 09:36 - 00823376 ____A (Iminent) C:\Users\Jimmy\Downloads\IminentSetup{2.Us85kKaP.1} (2).exe
2012-05-02 09:36 - 2012-05-02 09:36 - 00823376 ____A (Iminent) C:\Users\Jimmy\Downloads\IminentSetup{2.Us85kKaP.1} (1).exe
2012-04-30 21:40 - 2012-06-12 22:03 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-28 15:54 - 2012-04-28 15:54 - 00889968 ____A (Babylon Ltd.) C:\Users\Jimmy\Downloads\Babylon9_setup (1).exe
2012-04-27 19:55 - 2012-06-12 22:03 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-12 22:03 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-12 22:03 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-12 22:03 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 17:15 - 2012-04-25 17:15 - 00889968 ____A (Babylon Ltd.) C:\Users\Jimmy\Downloads\Babylon9_setup.exe
2012-04-24 10:43 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2012-04-24 00:53 - 2012-04-24 00:53 - 00000000 ____D C:\PROGRAM FILES (X86) (X86)
2012-04-24 00:46 - 2012-04-24 00:48 - 00572592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp50.dll
2012-04-23 21:37 - 2012-06-12 22:03 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-12 22:03 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-12 22:03 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-12 22:03 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-12 22:03 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-12 22:03 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-23 02:10 - 2012-04-23 02:10 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2012-04-23 02:10 - 2012-04-23 02:10 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2012-04-23 02:09 - 2012-04-23 02:09 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2012-04-23 02:09 - 2012-04-23 02:09 - 00000000 ____D C:\Users\All Users\Connection Manager
2012-04-23 02:08 - 2012-04-23 02:09 - 01490656 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01007.dll
2012-04-23 02:08 - 2012-04-23 02:09 - 01490656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfCoInstaller01007.dll
2012-04-23 02:01 - 2012-04-14 09:00 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\Intelli-studio
2012-04-18 18:50 - 2012-04-18 18:50 - 00028480 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys
2012-04-14 13:07 - 2012-04-14 13:07 - 00000000 ____D C:\Users\Jimmy\AppData\Roaming\TitanicMystery
2012-04-14 13:07 - 2012-04-14 13:07 - 00000000 ____D C:\Users\All Users\1912 Titanic Mystery
2012-04-14 12:05 - 2012-04-14 12:05 - 00000000 ____D C:\Users\Jimmy\AppData\Local\2DBoy
2012-04-14 12:05 - 2012-04-14 12:05 - 00000000 ____D C:\Users\All Users\2DBoy
2012-04-14 09:00 - 2012-04-14 09:00 - 00001980 ____A C:\Users\Public\Desktop\Intelli-studio.lnk
2012-04-14 09:00 - 2012-04-14 09:00 - 00000000 ____D C:\Program Files (x86)\SAMSUNG
2012-04-07 04:31 - 2012-06-12 22:03 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-12 22:03 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-04 07:52 - 2012-04-04 07:52 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-04-04 07:52 - 2012-04-04 07:52 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-04-04 05:56 - 2012-06-18 06:30 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-30 03:35 - 2012-05-11 13:58 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

ZeroAccess:
C:\Windows\Installer\{2adda509-e304-d9fa-4b02-a668f8eca5c2}
C:\Windows\Installer\{2adda509-e304-d9fa-4b02-a668f8eca5c2}\@
C:\Windows\Installer\{2adda509-e304-d9fa-4b02-a668f8eca5c2}\L
C:\Windows\Installer\{2adda509-e304-d9fa-4b02-a668f8eca5c2}\U

ZeroAccess:
C:\Users\Jimmy\AppData\Local\{2adda509-e304-d9fa-4b02-a668f8eca5c2}
C:\Users\Jimmy\AppData\Local\{2adda509-e304-d9fa-4b02-a668f8eca5c2}\@
C:\Users\Jimmy\AppData\Local\{2adda509-e304-d9fa-4b02-a668f8eca5c2}\L
C:\Users\Jimmy\AppData\Local\{2adda509-e304-d9fa-4b02-a668f8eca5c2}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 3947.86 MB
Available physical RAM: 3259.23 MB
Total Pagefile: 3946.06 MB
Available Pagefile: 3248.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Acer) (Fixed) (Total:450.66 GB) (Free:335.98 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:1.74 GB) NTFS
4 Drive g: (KINGSTON) (Removable) (Total:7.33 GB) (Free:7.33 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

N. disco Stato Dimensioni Disponibile Din GPT
-------- ------------- ------------- ------------- --- ---
Disco 0 Online 465 Gbytes 0 byte
Disco 1 Online 7526 Mbytes 0 byte

Partitions of Disk 0:
===============

Partizione ### Tipo Dim. Offset
--------------- ---------------- ------- -------
Partizione 1 Ripristino 15 Gb 1024 Kb
Partizione 2 Primario 100 Mb 15 Gb
Partizione 3 Primario 450 Gb 15 Gb

======================================================================================================

Disk: 0
Partizione 1
Tipo : 27
Nascosta: S
Attiva: No

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partizione 15 Gb Integro Nascosto

======================================================================================================

Disk: 0
Partizione 2
Tipo : 07
Nascosta: No
Attiva: Si

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partizione 100 Mb Integro

======================================================================================================

Disk: 0
Partizione 3
Tipo : 07
Nascosta: No
Attiva: No

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Acer NTFS Partizione 450 Gb Integro

======================================================================================================

Partitions of Disk 1:
===============

Partizione ### Tipo Dim. Offset
--------------- ---------------- ------- -------
Partizione 1 Primario 7525 Mb 16 Kb

======================================================================================================

Disk: 1
Partizione 1
Tipo : 0B
Nascosta: No
Attiva: Si

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G KINGSTON FAT32 Rimovibile 7525 Mb Integro

======================================================================================================

==========================================================

Last Boot: 2012-06-11 16:17

======================= End Of Log ==========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to UBCD and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

 

[Giacomo]

Thx again for helping me sir, this is the log :
Farbar Recovery Scan Tool Version: 20-06-2012
Ran by SYSTEM at 2012-06-21 09:35:10
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

 

[Broni]

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next....

See if you can boot normally.

If so....

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!