Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2013 04
Ran by Paul Rowan (administrator) on 12-06-2013 17:24:06
Running from C:\Users\Paul Rowan\Desktop
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Aventail Corporation) C:\Windows\system32\ngvpnmgr.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(HP) C:\Windows\system32\HPSIsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(O2Micro International) C:\Windows\system32\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\sysWOW64\SDIOAssist.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\system32\prevhost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Microsoft Corporation) C:\PROGRA~2\MICROS~2\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [IntelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless [4805936 2012-08-23] (Intel(R) Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-02-13] (IDT, Inc.)
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [682904 2012-09-20] (Alps Electric Co., Ltd.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [ISUSPM] "C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler [x]
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
MountPoints2: {269efed7-5a7a-11e2-97d2-415645000030} - E:\IVDApp.exe
MountPoints2: {7f5b148f-5f1a-11e2-8b80-415645000030} - E:\SISetup.exe
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2012-06-28] (Nullsoft, Inc.)
HKU\Administrator\...\Run: [Akamai NetSession Interface] "C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.altavista.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/?ocid=iehp
URLSearchHook: (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: getsav-in 5.0 - {B191C6E6-0B41-46B8-A2D3-85365587B2B7} - C:\Users\Paul Rowan\AppData\Local\getsav-in\ie\getsav-in_1370913901.dll ()
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {32E7B36C-7960-4A42-B83B-D8AFD0AAEF2B}
http://dizun95pzobbc.cloudfront.net/INDBrowser.CAB
DPF: HKLM-x32 {99E63F21-514B-4C2B-9170-D25D54F65D5B}
http://dizun95pzobbc.cloudfront.net/VBIXDPlayer.CAB
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
==================== Services (Whitelisted) =================
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [163840 2011-11-30] (Broadcom Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()
R2 NgVpnMgr; C:\Windows\system32\ngvpnmgr.exe [510536 2011-09-22] (Aventail Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [19968 2012-11-07] (Marvell Semiconductor, Inc.)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11523072 2012-09-30] (Intel Corporation)
S3 NgFilter; C:\Windows\System32\DRIVERS\ngfilter.sys [26184 2011-09-22] (Aventail Corporation)
R3 NgLog; C:\Windows\System32\DRIVERS\nglog.sys [31304 2011-09-22] (Aventail Corporation)
R3 NgVpn; C:\Windows\System32\DRIVERS\ngvpn.sys [103496 2011-09-22] (Aventail Corporation)
R3 NgWfp; C:\Windows\System32\DRIVERS\ngwfp.sys [28744 2011-09-22] (Aventail Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-12 17:22 - 2013-06-12 17:22 - 00000000 ____D C:\FRST
2013-06-12 17:20 - 2013-06-12 17:20 - 01920280 ____A (Farbar) C:\Users\Paul Rowan\Desktop\FRST64.exe
2013-06-12 00:03 - 2013-06-12 00:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-11 23:46 - 2013-06-11 23:46 - 00001622 ____A C:\Users\Paul Rowan\Desktop\RKreport[2]_D_06112013_02d2346.txt
2013-06-11 23:40 - 2013-06-11 23:40 - 00001558 ____A C:\Users\Paul Rowan\Desktop\RKreport[1]_S_06112013_02d2340.txt
2013-06-11 23:39 - 2013-06-11 23:45 - 00000000 ____D C:\Users\Paul Rowan\Desktop\RK_Quarantine
2013-06-11 23:37 - 2013-06-11 23:38 - 00791040 ____A C:\Users\Paul Rowan\Desktop\RogueKillerX64.exe
2013-06-11 22:46 - 2013-06-11 22:46 - 00006860 ____A C:\Users\Paul Rowan\Desktop\attach.txt
2013-06-11 22:46 - 2013-06-11 22:45 - 00019325 ____A C:\Users\Paul Rowan\Desktop\dds.txt
2013-06-11 21:37 - 2013-06-11 21:37 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-11 21:37 - 2013-06-11 21:37 - 00000000 ____D C:\Users\Paul Rowan\AppData\Roaming\Malwarebytes
2013-06-11 21:37 - 2013-06-11 21:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-11 21:36 - 2013-06-11 21:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-11 21:36 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-11 21:28 - 2013-06-11 21:28 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-06-11 21:28 - 2013-05-09 03:58 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-06-11 21:26 - 2013-06-11 21:26 - 00000000 ____D C:\Program Files\AVAST Software
2013-06-11 21:25 - 2013-06-11 21:26 - 00000000 ____D C:\ProgramData\AVAST Software
2013-06-11 21:08 - 2013-06-11 21:25 - 117478104 ____A C:\Users\Paul Rowan\Downloads\avast_free_antivirus_setup.exe
2013-06-11 09:56 - 2013-06-11 09:56 - 00000808 ____A C:\Users\Paul Rowan\Desktop\JRT.txt
2013-06-11 09:53 - 2013-06-11 09:53 - 00000000 ____D C:\Windows\ERUNT
2013-06-11 09:53 - 2013-06-11 09:53 - 00000000 ____D C:\JRT
2013-06-11 09:52 - 2013-06-11 09:52 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Paul Rowan\Desktop\JRT.exe
2013-06-11 08:57 - 2013-06-11 09:12 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-11 08:57 - 2013-06-11 08:59 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-06-11 08:57 - 2013-06-11 08:57 - 00001258 ____A C:\Users\Paul Rowan\Desktop\Spybot - Search & Destroy.lnk
2013-06-10 20:31 - 2013-06-10 20:31 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-10 20:30 - 2013-06-10 20:30 - 00000000 ____D C:\Users\Paul Rowan\AppData\Roaming\Zeon
2013-06-10 20:30 - 2013-06-10 20:30 - 00000000 ____D C:\ProgramData\FLEXnet
2013-06-10 20:26 - 2013-06-10 20:26 - 00000000 ____D C:\Users\Paul Rowan\AppData\Local\getsav-in
2013-06-10 20:25 - 2013-06-10 20:32 - 00000000 ____D C:\ProgramData\Yahoo!
2013-06-10 20:19 - 2013-06-10 20:19 - 00000000 ____D C:\ProgramData\APN
2013-06-03 21:46 - 2013-06-03 21:46 - 00000979 ____A C:\Users\Public\Desktop\Winamp.lnk
2013-06-03 21:46 - 2009-09-04 17:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-06-03 21:46 - 2006-09-28 16:05 - 02414360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2013-06-03 21:45 - 2013-06-03 22:59 - 00000000 ____D C:\Users\Paul Rowan\AppData\Roaming\Winamp
2013-06-03 21:45 - 2013-06-03 21:46 - 00000000 ____D C:\Program Files (x86)\Winamp
2013-05-15 18:08 - 2013-06-11 20:33 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-05-15 18:07 - 2013-05-15 18:07 - 00061304 ____A C:\Users\Paul Rowan\g2mdlhlpx.exe
2013-05-15 18:07 - 2013-05-15 18:07 - 00000000 ____D C:\Users\Paul Rowan\AppData\Local\Deployment
2013-05-15 18:07 - 2013-05-15 18:07 - 00000000 ____D C:\Users\Paul Rowan\AppData\Local\Apps\2.0
2013-05-15 03:02 - 2013-05-05 16:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 03:02 - 2013-05-05 16:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 03:02 - 2013-05-05 14:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-15 03:02 - 2013-05-05 14:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 03:01 - 2013-04-04 20:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 03:01 - 2013-04-04 20:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 03:01 - 2013-04-04 20:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-15 03:01 - 2013-04-04 20:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-15 03:01 - 2013-04-04 19:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-15 03:01 - 2013-04-04 19:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-15 03:01 - 2013-04-04 19:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-15 03:01 - 2013-04-04 19:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-15 03:01 - 2013-04-04 19:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 03:01 - 2013-04-04 19:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-15 03:01 - 2013-04-04 19:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 03:01 - 2013-04-04 19:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 03:01 - 2013-04-04 19:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-15 03:01 - 2013-04-04 19:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 03:01 - 2013-04-04 17:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-15 03:01 - 2013-04-04 17:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-15 03:01 - 2013-04-04 17:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-15 03:01 - 2013-04-04 17:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-15 03:01 - 2013-04-04 17:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-15 03:01 - 2013-04-04 17:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-15 03:01 - 2013-04-04 16:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-15 03:01 - 2013-04-04 16:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-15 03:01 - 2013-04-04 16:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-15 03:01 - 2013-04-04 16:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-15 03:01 - 2013-04-04 16:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 03:01 - 2013-04-04 16:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-15 03:01 - 2013-04-04 16:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-15 03:01 - 2013-04-04 16:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-14 19:32 - 2013-04-10 01:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-14 19:32 - 2013-04-10 01:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-14 19:32 - 2013-04-09 22:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-14 19:32 - 2013-03-19 00:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-14 19:32 - 2013-03-19 00:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-14 19:32 - 2013-02-27 01:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-14 19:32 - 2013-02-27 00:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-14 19:32 - 2013-02-27 00:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-14 19:32 - 2013-02-27 00:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-14 19:32 - 2013-02-27 00:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-14 19:32 - 2013-02-26 23:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-14 19:32 - 2013-02-26 23:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-14 19:32 - 2013-02-26 23:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-14 19:32 - 2011-02-03 06:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
==================== One Month Modified Files and Folders =======
2013-06-12 17:22 - 2013-06-12 17:22 - 00000000 ____D C:\FRST
2013-06-12 17:20 - 2013-06-12 17:20 - 01920280 ____A (Farbar) C:\Users\Paul Rowan\Desktop\FRST64.exe
2013-06-12 17:14 - 2013-01-08 12:16 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-12 15:05 - 2013-01-07 16:31 - 01357964 ____A C:\Windows\WindowsUpdate.log
2013-06-12 10:14 - 2013-01-08 12:16 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 10:14 - 2013-01-08 12:16 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 09:52 - 2009-07-14 00:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-12 00:03 - 2013-06-12 00:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-11 23:55 - 2009-07-13 23:45 - 00022208 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-11 23:55 - 2009-07-13 23:45 - 00022208 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-11 23:46 - 2013-06-11 23:46 - 00001622 ____A C:\Users\Paul Rowan\Desktop\RKreport[2]_D_06112013_02d2346.txt
2013-06-11 23:45 - 2013-06-11 23:39 - 00000000 ____D C:\Users\Paul Rowan\Desktop\RK_Quarantine
2013-06-11 23:40 - 2013-06-11 23:40 - 00001558 ____A C:\Users\Paul Rowan\Desktop\RKreport[1]_S_06112013_02d2340.txt
2013-06-11 23:38 - 2013-06-11 23:37 - 00791040 ____A C:\Users\Paul Rowan\Desktop\RogueKillerX64.exe
2013-06-11 22:46 - 2013-06-11 22:46 - 00006860 ____A C:\Users\Paul Rowan\Desktop\attach.txt
2013-06-11 22:45 - 2013-06-11 22:46 - 00019325 ____A C:\Users\Paul Rowan\Desktop\dds.txt
2013-06-11 21:37 - 2013-06-11 21:37 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-11 21:37 - 2013-06-11 21:37 - 00000000 ____D C:\Users\Paul Rowan\AppData\Roaming\Malwarebytes
2013-06-11 21:37 - 2013-06-11 21:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-11 21:37 - 2013-06-11 21:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-11 21:28 - 2013-06-11 21:28 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-06-11 21:26 - 2013-06-11 21:26 - 00000000 ____D C:\Program Files\AVAST Software
2013-06-11 21:26 - 2013-06-11 21:25 - 00000000 ____D C:\ProgramData\AVAST Software
2013-06-11 21:25 - 2013-06-11 21:08 - 117478104 ____A C:\Users\Paul Rowan\Downloads\avast_free_antivirus_setup.exe
2013-06-11 20:33 - 2013-05-15 18:08 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-06-11 20:27 - 2013-01-09 11:46 - 00000000 ____D C:\backup
2013-06-11 09:56 - 2013-06-11 09:56 - 00000808 ____A C:\Users\Paul Rowan\Desktop\JRT.txt
2013-06-11 09:53 - 2013-06-11 09:53 - 00000000 ____D C:\Windows\ERUNT
2013-06-11 09:53 - 2013-06-11 09:53 - 00000000 ____D C:\JRT
2013-06-11 09:52 - 2013-06-11 09:52 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Paul Rowan\Desktop\JRT.exe
2013-06-11 09:31 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-11 09:31 - 2009-07-13 23:51 - 00032523 ____A C:\Windows\setupact.log
2013-06-11 09:12 - 2013-06-11 08:57 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-11 08:59 - 2013-06-11 08:57 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-06-11 08:57 - 2013-06-11 08:57 - 00001258 ____A C:\Users\Paul Rowan\Desktop\Spybot - Search & Destroy.lnk
2013-06-10 20:33 - 2010-11-20 22:47 - 00042774 ____A C:\Windows\PFRO.log
2013-06-10 20:32 - 2013-06-10 20:25 - 00000000 ____D C:\ProgramData\Yahoo!
2013-06-10 20:31 - 2013-06-10 20:31 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-10 20:30 - 2013-06-10 20:30 - 00000000 ____D C:\Users\Paul Rowan\AppData\Roaming\Zeon
2013-06-10 20:30 - 2013-06-10 20:30 - 00000000 ____D C:\ProgramData\FLEXnet
2013-06-10 20:30 - 2013-01-07 15:00 - 00000000 ____D C:\Users\Paul Rowan\AppData\Local\Downloaded Installations
2013-06-10 20:26 - 2013-06-10 20:26 - 00000000 ____D C:\Users\Paul Rowan\AppData\Local\getsav-in
2013-06-10 20:19 - 2013-06-10 20:19 - 00000000 ____D C:\ProgramData\APN
2013-06-05 21:48 - 2013-01-12 13:10 - 00002038 ___AH C:\Users\Paul Rowan\Documents\Default.rdp
2013-06-05 20:28 - 2013-01-20 21:12 - 00000072 ____A C:\Users\Public\LMDebug.log
2013-06-05 14:28 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-06-03 22:59 - 2013-06-03 21:45 - 00000000 ____D C:\Users\Paul Rowan\AppData\Roaming\Winamp
2013-06-03 21:46 - 2013-06-03 21:46 - 00000979 ____A C:\Users\Public\Desktop\Winamp.lnk
2013-06-03 21:46 - 2013-06-03 21:45 - 00000000 ____D C:\Program Files (x86)\Winamp
2013-05-15 18:07 - 2013-05-15 18:07 - 00061304 ____A C:\Users\Paul Rowan\g2mdlhlpx.exe
2013-05-15 18:07 - 2013-05-15 18:07 - 00000000 ____D C:\Users\Paul Rowan\AppData\Local\Deployment
2013-05-15 18:07 - 2013-05-15 18:07 - 00000000 ____D C:\Users\Paul Rowan\AppData\Local\Apps\2.0
2013-05-15 18:07 - 2013-01-07 14:43 - 00000000 ____D C:\users\Paul Rowan
2013-05-15 08:01 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-05-15 03:27 - 2009-07-13 23:45 - 00418136 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-15 03:08 - 2013-01-08 12:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-15 03:06 - 2013-01-07 16:00 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-03 16:11
==================== End Of Log ============================