TechSpot

Computer issues

By alhoover81
Jun 12, 2012
  1. I am working on fixing my sister's laptop, but the issues go past me expertise Windows will freeze, nothing on the internet will load, games aren't loading, etc. I have ran ccleaner and tried running malwarebytes, but for some reason it will nt run the scan without freezing the computer. Hopefully someone here can help me out.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
    Complete as many steps as you can.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. alhoover81

    alhoover81 TS Rookie Topic Starter Posts: 72

    Ok, I will start running that today. I wanted to reply so that you know I got your reply.
     
  4. alhoover81

    alhoover81 TS Rookie Topic Starter Posts: 72

    I am unable to remove AVG anti virus on the computer. I have Trend I am wanting to put on it. Also Malware will not run at all. It will start up and start to scan and then the computer will go black, and just stop running. I will also add I have tried using the AVG uninstaller, but it will not un-install it.
     
  5. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Complete as many steps as you can.
     
  6. alhoover81

    alhoover81 TS Rookie Topic Starter Posts: 72

    So far gmer.log is the only one I have been able to get. But the computer just stops opening anything and I have to keep shutting it down. It wants to do a windows update, but will not actually update, any pointers on what I need to do. It will say Installing 1 of 3, but it never progresses at all. I am really not having any luck with her computer. Honestly I am about ready to tell her to take it to Best Buy Geek Squad.
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    What Windows version is it?
     
  8. alhoover81

    alhoover81 TS Rookie Topic Starter Posts: 72

    Windows 7 64 bit
     
  9. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  10. alhoover81

    alhoover81 TS Rookie Topic Starter Posts: 72

    ok here is the gmer log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-06-16 13:51:00
    Windows 6.1.7601 Service Pack 1
    Running: gmer.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713c20e4d
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713c20e4d (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----
     
  11. alhoover81

    alhoover81 TS Rookie Topic Starter Posts: 72

    Scan result of Farbar Recovery Scan Tool Version: 16-06-2012
    Ran by SYSTEM at 17-06-2012 14:27:11
    Running from H:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
    HKLM\...\Run: [AmIcoSinglun64] "C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [323072 2009-08-17] (AlcorMicro Co., Ltd.)
    HKLM\...\Run: [SysTrayApp] "C:\Program Files\IDT\WDM\sttray64.exe" [487424 2010-02-01] (IDT, Inc.)
    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-07-28] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-07-28] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-07-28] (Intel Corporation)
    HKLM\...\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL "" [1304792 2012-02-27] (Trend Micro Inc.)
    HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [213824 2012-02-27] (Trend Micro Inc.)
    HKLM-x32\...\Run: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [284696 2010-03-03] (Intel Corporation)
    HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [54576 2008-12-08] (Hewlett-Packard)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
    HKU\Bambi\...\Run: [LightScribe Control Panel] "C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden [2363392 2010-02-22] (Hewlett-Packard Company)
    HKU\Bambi\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [5252408 2010-06-01] (Yahoo! Inc.)
    HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
    HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.1.254

    ==================== Services (Whitelisted) ======

    2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
    2 CinemaNow Service; C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [127984 2010-02-26] (CinemaNow, Inc.)
    3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [206072 2010-10-12] (WildTangent, Inc.)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
    2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe [244736 2010-02-01] (IDT, Inc.)
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2010-03-18] (Intel Corporation)
    2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [x]

    ========================== Drivers (Whitelisted) =============

    1 DVMIO; C:\Windows\System32\Drivers\DVMIO.sys [20056 2009-11-11] (DeviceVM, Inc.)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
    1 tmactmon; C:\Windows\System32\Drivers\tmactmon.sys [91920 2011-07-12] (Trend Micro Inc.)
    1 tmcomm; C:\Windows\System32\Drivers\tmcomm.sys [167696 2011-07-12] (Trend Micro Inc.)
    1 tmevtmgr; C:\Windows\System32\Drivers\tmevtmgr.sys [70928 2011-07-12] (Trend Micro Inc.)
    1 tmtdi; C:\Windows\System32\Drivers\tmtdi.sys [105744 2011-08-02] (Trend Micro Inc.)
    4 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [x]
    2 TMAgent; [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-06-17 11:14 - 2012-06-17 11:15 - 01402507 ____A C:\Users\Bambi\Downloads\FRST64 (1).exe
    2012-06-17 11:14 - 2012-06-17 11:14 - 01402507 ____A C:\Users\Bambi\Downloads\FRST64.exe
    2012-06-17 04:37 - 2012-06-17 04:37 - 00000000 ____D C:\d9d5ddce9680ba57aa7d
    2012-06-16 14:51 - 2012-06-17 11:15 - 00735528 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-16 10:50 - 2012-06-16 10:51 - 00000407 ____A C:\Users\Bambi\Desktop\gmer.log
    2012-06-16 06:37 - 2012-06-16 06:36 - 00302592 ____A C:\Users\Bambi\Desktop\gmer.exe
    2012-06-16 06:36 - 2012-06-16 06:36 - 00302592 ____A C:\Users\Bambi\Downloads\37ky3ct8.exe
    2012-06-15 17:36 - 2012-06-15 17:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-15 17:36 - 2012-06-15 17:36 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-15 17:36 - 2012-04-04 12:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-15 17:35 - 2012-06-15 17:35 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Bambi\Downloads\mbam-setup-1.61.0.1400 (1).exe
    2012-06-15 17:31 - 2012-06-15 17:31 - 00001445 ____A C:\Users\Bambi\Desktop\Trend Micro Titanium Maximum Security 2012.lnk
    2012-06-15 17:31 - 2012-06-15 17:31 - 00000000 ____D C:\Users\Bambi\AppData\Local\Trend Micro
    2012-06-15 17:30 - 2011-08-02 12:58 - 00105744 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmtdi.sys
    2012-06-15 17:30 - 2011-07-12 03:13 - 00167696 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
    2012-06-15 17:30 - 2011-07-12 03:13 - 00091920 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmactmon.sys
    2012-06-15 17:30 - 2011-07-12 03:13 - 00070928 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmevtmgr.sys
    2012-06-15 17:27 - 2012-06-15 17:27 - 00000056 ____A C:\Windows\System32\SupportTool.exe.bat
    2012-06-15 17:25 - 2012-06-15 17:26 - 00000000 ____D C:\Program Files\Trend Micro
    2012-06-15 17:24 - 2012-06-15 19:35 - 00000000 ____D C:\Users\All Users\Trend Micro
    2012-06-15 16:59 - 2012-06-15 16:59 - 00069060 ____A C:\Users\Bambi\Downloads\avgremover_msilog.txt
    2012-06-15 16:58 - 2012-06-15 16:58 - 02899344 ____A (AVG Technologies CZ, s.r.o.) C:\Users\Bambi\Downloads\avg_remover_stf_x64_2012_2125.exe
    2012-06-15 16:49 - 2012-06-15 16:49 - 01973368 ____A (AVG Technologies CZ, s.r.o.) C:\Users\Bambi\Downloads\avg_remover_stf_x86_2012_2125 (3).exe
    2012-06-15 16:47 - 2012-06-15 16:47 - 01973368 ____A (AVG Technologies CZ, s.r.o.) C:\Users\Bambi\Downloads\avg_remover_stf_x86_2012_2125 (2).exe
    2012-06-15 15:49 - 2012-06-15 15:49 - 00000000 ____D C:\c06da7117cc25262e4
    2012-06-15 15:31 - 2012-06-15 15:31 - 00065536 __ASH C:\Windows\System32\config\COMPONENTS{4df736df-b727-11e1-af7b-94d13f8b064a}.TxR.blf
    2012-06-15 15:31 - 2012-06-15 15:31 - 00000000 ____D C:\29d463a9302e3f21aa16
    2012-06-15 14:38 - 2012-06-15 14:38 - 00000000 ____D C:\a65d93deee7eea615ce5a021986df7
    2012-06-15 13:50 - 2012-06-15 13:50 - 00000000 ____D C:\bd1d40b4838f99cfd4320530fea2
    2012-06-15 13:24 - 2012-06-03 20:28 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-15 12:51 - 2012-06-15 12:51 - 03879304 ____A (AVG Technologies) C:\Users\Bambi\Downloads\avg_avct_stb_all_2012_2180.exe
    2012-06-15 12:49 - 2012-06-15 17:10 - 00436102 ____A C:\Users\Bambi\Downloads\avgremover.log
    2012-06-15 12:49 - 2012-06-15 12:49 - 01973368 ____A (AVG Technologies CZ, s.r.o.) C:\Users\Bambi\Downloads\avg_remover_stf_x86_2012_2125 (1).exe
    2012-06-15 12:48 - 2012-06-15 12:48 - 01973368 ____A (AVG Technologies CZ, s.r.o.) C:\Users\Bambi\Downloads\avg_remover_stf_x86_2012_2125.exe
    2012-06-15 12:06 - 2012-06-15 12:06 - 00065536 __ASH C:\Windows\System32\config\COMPONENTS{32fbb9a8-b5a3-11e1-bdf8-85ab3ebe957d}.TxR.blf
    2012-06-15 11:12 - 2012-06-15 11:40 - 00000000 ____D C:\f5ace8dbfc14bd31c5e2bfa78a7f
    2012-06-15 11:11 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-06-15 11:11 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2012-06-15 10:59 - 2012-06-15 10:59 - 00081774 ____A C:\Windows\ntbtlog.txt
    2012-06-15 10:23 - 2012-06-15 10:23 - 00000000 ____D C:\ff22b4c89c37d9e62fb2bfb3160193ff
    2012-06-15 10:09 - 2012-06-15 16:59 - 00000000 ____D C:\Users\Bambi\AppData\Local\AVG Secure Search
    2012-06-15 09:52 - 2012-06-15 09:52 - 00000000 __ASH C:\ProgramData.LOG2
    2012-06-15 09:52 - 2012-06-15 09:52 - 00000000 __ASH C:\ProgramData.LOG1
    2012-06-15 09:37 - 2012-06-15 17:02 - 00008634 ____A C:\Windows\PFRO.log
    2012-06-15 05:08 - 2012-06-15 05:08 - 00000000 ____D C:\Windows\System32\SPReview
    2012-06-15 05:07 - 2012-06-15 05:07 - 00000000 ____D C:\Windows\System32\EventProviders
    2012-06-15 04:39 - 2012-06-17 11:14 - 00002269 ____A C:\Windows\setupact.log
    2012-06-15 04:39 - 2012-06-15 04:39 - 00000000 ____A C:\Windows\setuperr.log
    2012-06-13 18:43 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-13 18:43 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-13 18:43 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-13 18:43 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-13 18:43 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-13 18:43 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-13 18:43 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-13 18:43 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-13 18:43 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-13 18:43 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-13 18:43 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-13 18:43 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-13 18:43 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-13 18:43 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-13 18:43 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-13 18:43 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-13 18:43 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-13 18:43 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-13 18:43 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-13 18:43 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-13 18:43 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-13 18:43 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-13 18:43 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-13 18:43 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-13 18:43 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-13 18:43 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-13 18:43 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-13 18:43 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-13 16:17 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-13 16:17 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-13 16:17 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-13 16:17 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-13 16:17 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-13 16:17 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-13 16:17 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-13 16:17 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-13 16:17 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-13 16:17 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-13 16:17 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-13 16:17 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-13 16:17 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-13 16:17 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-06-13 09:24 - 2012-06-13 09:23 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-06-13 09:24 - 2012-06-13 09:23 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-06-13 09:24 - 2012-06-13 09:23 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-06-13 09:24 - 2012-06-13 09:23 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-06-13 09:23 - 2012-06-13 09:23 - 00000000 ____D C:\Program Files (x86)\Java
    2012-06-13 05:08 - 2012-06-13 05:08 - 00000840 ____A C:\Users\Bambi\Desktop\CCleaner.lnk
    2012-06-12 18:22 - 2012-06-12 18:22 - 00000000 __SHD C:\found.000
    2012-06-12 17:50 - 2012-06-12 17:50 - 00000000 ____D C:\Program Files\CCleaner
    2012-06-12 17:49 - 2012-06-12 17:50 - 03862112 ____A (Piriform Ltd) C:\Users\Bambi\Downloads\ccsetup319.exe
    2012-06-10 12:27 - 2012-06-10 12:27 - 00000000 ____D C:\Users\All Users\Recovery
    2012-06-07 09:07 - 2012-06-07 09:07 - 00250356 ____A C:\Users\Bambi\Documents\fingerhutnumber.docx
    2012-06-05 10:32 - 2012-06-05 10:33 - 12378184 ____A (Acresso Software Inc.) C:\Users\Bambi\Downloads\InstallWizard101 (1).exe
    2012-06-05 10:30 - 2012-06-05 10:32 - 00000000 ____A C:\Users\Bambi\Downloads\InstallWizard101.exe
    2012-06-04 08:37 - 2012-06-04 08:37 - 00016854 ____A C:\Users\Bambi\Documents\Family monthly budget1.xlsx
    2012-06-04 08:36 - 2012-06-04 08:36 - 00016075 ____A C:\Users\Bambi\Documents\Personal monthly budget1.xlsx
    2012-06-04 08:06 - 2012-06-04 08:06 - 00000000 ____D C:\Users\Bambi\AppData\Local\Adobe
    2012-05-28 08:38 - 2012-05-28 08:38 - 00000000 ____D C:\Users\Bambi\AppData\Roaming\AVG2012
    2012-05-28 08:37 - 2012-06-15 17:10 - 00000000 ____D C:\Users\All Users\AVG2012
    2012-05-28 08:37 - 2012-06-15 10:08 - 00000000 ___HD C:\$AVG
    2012-05-28 08:35 - 2012-05-28 08:35 - 00000000 ____D C:\Program Files (x86)\AVG
    2012-05-28 08:27 - 2012-05-28 08:27 - 00000000 ____D C:\Users\Bambi\AppData\Roaming\Malwarebytes
    2012-05-28 08:27 - 2012-05-28 08:27 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-05-28 08:26 - 2012-05-28 08:26 - 03878424 ____A (AVG Technologies) C:\Users\Bambi\Downloads\avg_free_stb_all_2012_2176_cnet.exe
    2012-05-28 08:24 - 2012-05-28 08:26 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Bambi\Downloads\mbam-setup-1.61.0.1400.exe
    2012-05-23 16:44 - 2012-03-02 22:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
    2012-05-23 16:44 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2012-05-22 10:59 - 2012-03-30 03:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-05-22 10:59 - 2012-03-16 23:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys


    ============ 3 Months Modified Files and Folders =============

    2012-06-17 14:27 - 2012-06-17 14:27 - 00000000 ____D C:\FRST
    2012-06-17 11:19 - 2010-05-24 16:55 - 02026963 ____A C:\Windows\WindowsUpdate.log
    2012-06-17 11:15 - 2012-06-17 11:14 - 01402507 ____A C:\Users\Bambi\Downloads\FRST64 (1).exe
    2012-06-17 11:15 - 2012-06-16 14:51 - 00735528 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-17 11:14 - 2012-06-17 11:14 - 01402507 ____A C:\Users\Bambi\Downloads\FRST64.exe
    2012-06-17 11:14 - 2012-06-15 04:39 - 00002269 ____A C:\Windows\setupact.log
    2012-06-17 11:06 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-17 11:06 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-17 10:59 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-17 10:47 - 2012-04-29 12:38 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3223509678-1295575551-4009238847-1000UA.job
    2012-06-17 04:37 - 2012-06-17 04:37 - 00000000 ____D C:\d9d5ddce9680ba57aa7d
    2012-06-16 12:43 - 2012-04-29 12:38 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3223509678-1295575551-4009238847-1000Core.job
    2012-06-16 12:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2012-06-16 10:51 - 2012-06-16 10:50 - 00000407 ____A C:\Users\Bambi\Desktop\gmer.log
    2012-06-16 06:36 - 2012-06-16 06:37 - 00302592 ____A C:\Users\Bambi\Desktop\gmer.exe
    2012-06-16 06:36 - 2012-06-16 06:36 - 00302592 ____A C:\Users\Bambi\Downloads\37ky3ct8.exe
    2012-06-15 19:35 - 2012-06-15 17:24 - 00000000 ____D C:\Users\All Users\Trend Micro
    2012-06-15 17:37 - 2012-06-15 17:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-15 17:36 - 2012-06-15 17:36 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-15 17:35 - 2012-06-15 17:35 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Bambi\Downloads\mbam-setup-1.61.0.1400 (1).exe
    2012-06-15 17:31 - 2012-06-15 17:31 - 00001445 ____A C:\Users\Bambi\Desktop\Trend Micro Titanium Maximum Security 2012.lnk
    2012-06-15 17:31 - 2012-06-15 17:31 - 00000000 ____D C:\Users\Bambi\AppData\Local\Trend Micro
    2012-06-15 17:27 - 2012-06-15 17:27 - 00000056 ____A C:\Windows\System32\SupportTool.exe.bat
    2012-06-15 17:26 - 2012-06-15 17:25 - 00000000 ____D C:\Program Files\Trend Micro
    2012-06-15 17:10 - 2012-06-15 12:49 - 00436102 ____A C:\Users\Bambi\Downloads\avgremover.log
    2012-06-15 17:10 - 2012-05-28 08:37 - 00000000 ____D C:\Users\All Users\AVG2012
    2012-06-15 17:02 - 2012-06-15 09:37 - 00008634 ____A C:\Windows\PFRO.log
    2012-06-15 16:59 - 2012-06-15 16:59 - 00069060 ____A C:\Users\Bambi\Downloads\avgremover_msilog.txt
    2012-06-15 16:59 - 2012-06-15 10:09 - 00000000 ____D C:\Users\Bambi\AppData\Local\AVG Secure Search
    2012-06-15 16:58 - 2012-06-15 16:58 - 02899344 ____A (AVG Technologies CZ, s.r.o.) C:\Users\Bambi\Downloads\avg_remover_stf_x64_2012_2125.exe
    2012-06-15 16:49 - 2012-06-15 16:49 - 01973368 ____A (AVG Technologies CZ, s.r.o.) C:\Users\Bambi\Downloads\avg_remover_stf_x86_2012_2125 (3).exe
    2012-06-15 16:47 - 2012-06-15 16:47 - 01973368 ____A (AVG Technologies CZ, s.r.o.) C:\Users\Bambi\Downloads\avg_remover_stf_x86_2012_2125 (2).exe
    2012-06-15 15:49 - 2012-06-15 15:49 - 00000000 ____D C:\c06da7117cc25262e4
    2012-06-15 15:31 - 2012-06-15 15:31 - 00065536 __ASH C:\Windows\System32\config\COMPONENTS{4df736df-b727-11e1-af7b-94d13f8b064a}.TxR.blf
    2012-06-15 15:31 - 2012-06-15 15:31 - 00000000 ____D C:\29d463a9302e3f21aa16
    2012-06-15 14:38 - 2012-06-15 14:38 - 00000000 ____D C:\a65d93deee7eea615ce5a021986df7
    2012-06-15 14:34 - 2009-07-13 20:45 - 00420608 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-15 13:50 - 2012-06-15 13:50 - 00000000 ____D C:\bd1d40b4838f99cfd4320530fea2
    2012-06-15 13:18 - 2011-02-28 18:21 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-06-15 12:51 - 2012-06-15 12:51 - 03879304 ____A (AVG Technologies) C:\Users\Bambi\Downloads\avg_avct_stb_all_2012_2180.exe
    2012-06-15 12:49 - 2012-06-15 12:49 - 01973368 ____A (AVG Technologies CZ, s.r.o.) C:\Users\Bambi\Downloads\avg_remover_stf_x86_2012_2125 (1).exe
    2012-06-15 12:48 - 2012-06-15 12:48 - 01973368 ____A (AVG Technologies CZ, s.r.o.) C:\Users\Bambi\Downloads\avg_remover_stf_x86_2012_2125.exe
    2012-06-15 12:06 - 2012-06-15 12:06 - 00065536 __ASH C:\Windows\System32\config\COMPONENTS{32fbb9a8-b5a3-11e1-bdf8-85ab3ebe957d}.TxR.blf
    2012-06-15 11:40 - 2012-06-15 11:12 - 00000000 ____D C:\f5ace8dbfc14bd31c5e2bfa78a7f
    2012-06-15 10:59 - 2012-06-15 10:59 - 00081774 ____A C:\Windows\ntbtlog.txt
    2012-06-15 10:23 - 2012-06-15 10:23 - 00000000 ____D C:\ff22b4c89c37d9e62fb2bfb3160193ff
    2012-06-15 10:09 - 2011-02-12 19:07 - 00000000 ____D C:\Users\Bambi\AppData\LocalLow
    2012-06-15 10:08 - 2012-05-28 08:37 - 00000000 ___HD C:\$AVG
    2012-06-15 09:52 - 2012-06-15 09:52 - 00000000 __ASH C:\ProgramData.LOG2
    2012-06-15 09:52 - 2012-06-15 09:52 - 00000000 __ASH C:\ProgramData.LOG1
    2012-06-15 09:52 - 2009-07-13 18:34 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts
    2012-06-15 09:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\config\TxR
    2012-06-15 09:39 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
    2012-06-15 09:39 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
    2012-06-15 09:39 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
    2012-06-15 09:39 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
    2012-06-15 09:39 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
    2012-06-15 09:39 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
    2012-06-15 09:39 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
    2012-06-15 09:39 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2012-06-15 09:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\sppui
    2012-06-15 09:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
    2012-06-15 09:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
    2012-06-15 09:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
    2012-06-15 09:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
    2012-06-15 09:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\es-ES
    2012-06-15 09:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
    2012-06-15 09:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\da-DK
    2012-06-15 09:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\cs-CZ
    2012-06-15 09:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
    2012-06-15 09:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
    2012-06-15 09:39 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
    2012-06-15 09:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sppui
    2012-06-15 09:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Setup
    2012-06-15 09:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\oobe
    2012-06-15 09:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
    2012-06-15 09:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\manifeststore
    2012-06-15 09:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\es-ES
    2012-06-15 09:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
    2012-06-15 09:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\da-DK
    2012-06-15 09:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\cs-CZ
    2012-06-15 09:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
    2012-06-15 05:17 - 2009-07-13 18:36 - 00175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
    2012-06-15 05:17 - 2009-07-13 18:36 - 00152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
    2012-06-15 05:08 - 2012-06-15 05:08 - 00000000 ____D C:\Windows\System32\SPReview
    2012-06-15 05:07 - 2012-06-15 05:07 - 00000000 ____D C:\Windows\System32\EventProviders
    2012-06-15 04:39 - 2012-06-15 04:39 - 00000000 ____A C:\Windows\setuperr.log
    2012-06-13 13:57 - 2010-05-17 05:30 - 00000000 ____D C:\Program Files\Hewlett-Packard
    2012-06-13 13:55 - 2010-05-24 17:17 - 00000000 ____D C:\Program Files (x86)\Downloaded Installations
    2012-06-13 09:23 - 2012-06-13 09:24 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-06-13 09:23 - 2012-06-13 09:24 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-06-13 09:23 - 2012-06-13 09:24 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-06-13 09:23 - 2012-06-13 09:24 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-06-13 09:23 - 2012-06-13 09:23 - 00000000 ____D C:\Program Files (x86)\Java
    2012-06-13 09:23 - 2011-09-03 17:31 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-06-13 08:51 - 2009-09-06 16:40 - 00000000 ____D C:\SwSetup
    2012-06-13 06:10 - 2011-02-12 19:12 - 00113928 ____A C:\Users\Bambi\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-06-13 06:09 - 2010-05-24 17:16 - 00000000 ____D C:\Users\All Users\Norton
    2012-06-13 05:35 - 2011-02-14 06:36 - 00000000 ____D C:\Users\Bambi\AppData\Roaming\Skype
    2012-06-13 05:35 - 2011-02-12 19:33 - 00000000 ____D C:\Users\Bambi\AppData\Local\CrashDumps
    2012-06-13 05:35 - 2009-09-06 17:57 - 00000000 ____D C:\Windows\Panther
    2012-06-13 05:08 - 2012-06-13 05:08 - 00000840 ____A C:\Users\Bambi\Desktop\CCleaner.lnk
    2012-06-12 18:22 - 2012-06-12 18:22 - 00000000 __SHD C:\found.000
    2012-06-12 17:50 - 2012-06-12 17:50 - 00000000 ____D C:\Program Files\CCleaner
    2012-06-12 17:50 - 2012-06-12 17:49 - 03862112 ____A (Piriform Ltd) C:\Users\Bambi\Downloads\ccsetup319.exe
    2012-06-12 17:48 - 2012-04-29 12:40 - 00002401 ____A C:\Users\Bambi\Desktop\Google Chrome.lnk
    2012-06-10 12:27 - 2012-06-10 12:27 - 00000000 ____D C:\Users\All Users\Recovery
    2012-06-08 08:15 - 2010-05-17 06:00 - 00000000 ____D C:\Users\All Users\WildTangent
    2012-06-07 10:38 - 2012-04-14 09:45 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForBambi.job
    2012-06-07 09:07 - 2012-06-07 09:07 - 00250356 ____A C:\Users\Bambi\Documents\fingerhutnumber.docx
    2012-06-05 12:37 - 2010-05-17 05:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-06-05 10:33 - 2012-06-05 10:32 - 12378184 ____A (Acresso Software Inc.) C:\Users\Bambi\Downloads\InstallWizard101 (1).exe
    2012-06-05 10:32 - 2012-06-05 10:30 - 00000000 ____A C:\Users\Bambi\Downloads\InstallWizard101.exe
    2012-06-04 08:37 - 2012-06-04 08:37 - 00016854 ____A C:\Users\Bambi\Documents\Family monthly budget1.xlsx
    2012-06-04 08:36 - 2012-06-04 08:36 - 00016075 ____A C:\Users\Bambi\Documents\Personal monthly budget1.xlsx
    2012-06-04 08:06 - 2012-06-04 08:06 - 00000000 ____D C:\Users\Bambi\AppData\Local\Adobe
    2012-06-03 20:28 - 2012-06-15 13:24 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-03 10:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2012-05-28 08:38 - 2012-05-28 08:38 - 00000000 ____D C:\Users\Bambi\AppData\Roaming\AVG2012
    2012-05-28 08:35 - 2012-05-28 08:35 - 00000000 ____D C:\Program Files (x86)\AVG
    2012-05-28 08:27 - 2012-05-28 08:27 - 00000000 ____D C:\Users\Bambi\AppData\Roaming\Malwarebytes
    2012-05-28 08:27 - 2012-05-28 08:27 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-05-28 08:26 - 2012-05-28 08:26 - 03878424 ____A (AVG Technologies) C:\Users\Bambi\Downloads\avg_free_stb_all_2012_2176_cnet.exe
    2012-05-28 08:26 - 2012-05-28 08:24 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Bambi\Downloads\mbam-setup-1.61.0.1400.exe
    2012-05-28 08:26 - 2011-09-03 17:23 - 00000000 ____D C:\Program Files (x86)\LivingPlay Games
    2012-05-23 06:04 - 2010-05-17 07:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2012-05-22 19:05 - 2011-02-12 19:07 - 00000000 ____D C:\users\Bambi
    2012-05-17 18:47 - 2012-06-13 18:43 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:16 - 2012-06-13 18:43 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:06 - 2012-06-13 18:43 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 17:59 - 2012-06-13 18:43 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 17:59 - 2012-06-13 18:43 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 17:58 - 2012-06-13 18:43 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 17:58 - 2012-06-13 18:43 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 17:56 - 2012-06-13 18:43 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 17:55 - 2012-06-13 18:43 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 17:55 - 2012-06-13 18:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 17:54 - 2012-06-13 18:43 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 17:51 - 2012-06-13 18:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 17:51 - 2012-06-13 18:43 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 17:47 - 2012-06-13 18:43 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 15:11 - 2012-06-13 18:43 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 14:48 - 2012-06-13 18:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 14:45 - 2012-06-13 18:43 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 14:36 - 2012-06-13 18:43 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 14:35 - 2012-06-13 18:43 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 14:35 - 2012-06-13 18:43 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 14:33 - 2012-06-13 18:43 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 14:31 - 2012-06-13 18:43 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 14:29 - 2012-06-13 18:43 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 14:29 - 2012-06-13 18:43 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-13 18:43 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 14:25 - 2012-06-13 18:43 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 14:24 - 2012-06-13 18:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 14:20 - 2012-06-13 18:43 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-14 17:32 - 2012-06-13 16:17 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-11 13:56 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
    2012-05-04 03:06 - 2012-06-13 16:17 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 03:00 - 2012-06-15 11:11 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-05-04 02:03 - 2012-06-13 16:17 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-13 16:17 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-04 01:59 - 2012-06-15 11:11 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2012-05-03 03:42 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2012-05-02 12:57 - 2012-05-02 12:57 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2012-05-02 12:57 - 2012-05-02 12:57 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
    2012-05-02 12:57 - 2012-05-02 12:57 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2012-05-02 12:57 - 2012-05-02 12:57 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2012-05-02 12:57 - 2012-05-02 12:57 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
    2012-05-02 12:57 - 2012-05-02 12:57 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
    2012-05-02 12:57 - 2012-05-02 12:57 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2012-05-02 12:57 - 2012-05-02 12:57 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2012-05-02 12:57 - 2012-05-02 12:57 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
    2012-05-02 12:57 - 2012-05-02 12:57 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2012-05-02 12:57 - 2012-05-02 12:57 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2012-05-02 12:57 - 2012-05-02 12:57 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2012-05-02 12:57 - 2012-05-02 12:57 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2012-05-02 12:57 - 2012-05-02 12:57 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
    2012-05-02 12:57 - 2012-05-02 12:57 - 00072822 ____A C:\Windows\SysWOW64\ieuinit.inf
    2012-05-02 12:57 - 2012-05-02 12:57 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2012-05-02 12:57 - 2012-05-02 12:57 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2012-05-02 12:57 - 2012-05-02 12:57 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
    2012-05-02 12:57 - 2012-05-02 12:57 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2012-05-02 12:57 - 2012-05-02 12:57 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2012-05-02 12:57 - 2012-05-02 12:57 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2012-05-02 12:57 - 2012-05-02 12:57 - 00000000 ____A C:\Windows\System32\tdc.ocx
    2012-05-02 12:57 - 2012-05-02 12:57 - 00000000 ____A C:\Windows\System32\ieuinit.inf
    2012-05-02 03:53 - 2012-05-02 03:53 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
    2012-05-02 03:53 - 2012-05-02 03:53 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
    2012-04-30 21:40 - 2012-06-13 16:17 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-29 12:38 - 2011-02-16 15:47 - 00000000 ____D C:\Users\Bambi\AppData\Local\Google
    2012-04-29 12:38 - 2011-02-16 15:46 - 00000000 ____D C:\Users\Bambi\AppData\Local\Deployment
    2012-04-27 19:55 - 2012-06-13 16:17 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-23 21:37 - 2012-06-13 16:17 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 21:37 - 2012-06-13 16:17 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 21:37 - 2012-06-13 16:17 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 20:36 - 2012-06-13 16:17 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 20:36 - 2012-06-13 16:17 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 20:36 - 2012-06-13 16:17 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-14 09:49 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
    2012-04-07 04:31 - 2012-06-13 16:17 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-04-07 03:26 - 2012-06-13 16:17 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-04-04 12:56 - 2012-06-15 17:36 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-03-30 03:35 - 2012-05-22 10:59 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 18%
    Total physical RAM: 3893.86 MB
    Available physical RAM: 3183.38 MB
    Total Pagefile: 3892.01 MB
    Available Pagefile: 3175.75 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:447.46 GB) (Free:395.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive e: (RECOVERY) (Fixed) (Total:18.01 GB) (Free:2.61 GB) NTFS
    3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
    5 Drive h: (USB DISK) (Removable) (Total:14.72 GB) (Free:14.72 GB) FAT32
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 14 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 199 MB 1024 KB
    Partition 2 Primary 447 GB 200 MB
    Partition 3 Primary 18 GB 447 GB
    Partition 4 Primary 103 MB 465 GB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

    ======================================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 447 GB Healthy

    ======================================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E RECOVERY NTFS Partition 18 GB Healthy

    ======================================================================================================

    Disk: 0
    Partition 4
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

    ======================================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 14 GB 7448 KB

    ======================================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H USB DISK FAT32 Removable 14 GB Healthy

    ======================================================================================================

    ==========================================================

    Last Boot: 2012-06-16 07:16

    ======================= End Of Log ==========================
     
  12. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I don't see anything malicious.

    I suggest you start new topic in Windows forum.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...