TechSpot

Virus/Malware Help

Inactive
By finnclrk4
May 30, 2013
  1. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    I could not run AdwCleaner or Junkware Removal Tool as both crashed when I tried to run them. It seems the virus is stopping me from using them? I did run OTL although it came up with the error "Access violation at address 76F76628 in module 'iertutil.dll'. Read of address 20904F9E."

    Here are the txt files it produced:
    OTL.txt:

    OTL logfile created on: 31/05/2013 20:25:41 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Finn\Desktop
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    6.00 Gb Total Physical Memory | 4.43 Gb Available Physical Memory | 73.80% Memory free
    12.00 Gb Paging File | 10.45 Gb Available in Paging File | 87.11% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 298.09 Gb Total Space | 247.39 Gb Free Space | 82.99% Space Free | Partition Type: NTFS
    Drive D: | 372.61 Gb Total Space | 333.64 Gb Free Space | 89.54% Space Free | Partition Type: NTFS
    Drive K: | 3.74 Gb Total Space | 1.02 Gb Free Space | 27.35% Space Free | Partition Type: FAT32

    Computer Name: FINN-PC | User Name: Finn | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/05/31 20:24:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Finn\Desktop\OTL.exe
    PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2013/03/11 01:49:12 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
    DRV:64bit: - [2013/03/04 13:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/04/11 10:33:54 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2010/08/21 04:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 21:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
    DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 21:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3816028399-1038120349-2553551500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKU\S-1-5-21-3816028399-1038120349-2553551500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
    IE - HKU\S-1-5-21-3816028399-1038120349-2553551500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C1 22 68 69 46 5D CE 01 [binary data]
    IE - HKU\S-1-5-21-3816028399-1038120349-2553551500-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-3816028399-1038120349-2553551500-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3816028399-1038120349-2553551500-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://uk.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=GB&ver=5
    IE - HKU\S-1-5-21-3816028399-1038120349-2553551500-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)



    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage:
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
    CHR - Extension: Angry Birds = C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
    CHR - Extension: Google Docs = C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Burning Guitar = C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdiejcapkjkibllbcobbohjibfkoogmj\1_0\
    CHR - Extension: YouTube = C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Facebook Disconnect = C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0\
    CHR - Extension: Send from Gmail (by Google) = C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.13_0\
    CHR - Extension: Gmail = C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O3 - HKU\S-1-5-21-3816028399-1038120349-2553551500-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3816028399-1038120349-2553551500-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3816028399-1038120349-2553551500-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3816028399-1038120349-2553551500-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3816028399-1038120349-2553551500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-3816028399-1038120349-2553551500-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} Reg Error: Value error. (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A651C1AC-EC57-4725-8865-F7B31D3BA313}: DhcpNameServer = 192.168.1.254
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2013/05/12 20:35:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/05/31 20:24:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Finn\Desktop\OTL.exe
    [2013/05/31 20:24:06 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/05/31 20:23:43 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Finn\Desktop\JRT.exe
    [2013/05/31 19:42:29 | 000,000,000 | ---D | C] -- C:\FRST
    [2013/05/31 19:42:01 | 001,915,980 | ---- | C] (Farbar) -- C:\Users\Finn\Desktop\FRST64.exe
    [2013/05/31 19:29:54 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2013/05/31 19:28:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013/05/31 19:21:16 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2013/05/31 19:08:38 | 005,076,038 | R--- | C] (Swearware) -- C:\Users\Finn\Desktop\ComboFix.exe
    [2013/05/31 17:48:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2013/05/31 17:48:55 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
    [2013/05/31 17:11:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/05/31 17:11:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/05/31 17:11:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/05/31 17:11:43 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/05/31 17:11:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/05/31 16:46:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2013/05/31 13:32:49 | 000,000,000 | ---D | C] -- C:\Users\Finn\Desktop\mbar
    [2013/05/31 13:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    [2013/05/31 03:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
    [2013/05/31 03:36:04 | 000,061,216 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
    [2013/05/31 03:36:04 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
    [2013/05/31 03:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
    [2013/05/31 03:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
    [2013/05/31 03:22:43 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
    [2013/05/31 02:41:43 | 000,000,000 | ---D | C] -- C:\Users\Finn\Desktop\RK_Quarantine
    [2013/05/31 01:44:23 | 000,000,000 | R--D | C] -- C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2013/05/31 01:42:47 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Finn\Desktop\dds.com
    [2013/05/31 01:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/05/31 01:30:59 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/05/31 01:02:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2013/05/31 01:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2013/05/30 20:40:17 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
    [2013/05/30 18:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2013/05/30 18:54:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2013/05/30 18:54:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
    [2013/05/30 18:42:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
    [2013/05/30 06:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    [2013/05/29 23:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
    [2013/05/29 23:02:57 | 001,579,520 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
    [2013/05/29 22:54:13 | 001,579,520 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
    [2013/05/29 20:40:40 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Roaming\Spotify
    [2013/05/29 19:24:48 | 000,000,000 | ---D | C] -- C:\VritualRoot
    [2013/05/29 19:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
    [2013/05/29 19:05:09 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
    [2013/05/29 18:24:00 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Roaming\SUPERAntiSpyware.com
    [2013/05/29 18:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2013/05/29 18:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2013/05/29 18:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2013/05/29 17:44:36 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Local\NPE
    [2013/05/29 16:20:02 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Roaming\Malwarebytes
    [2013/05/29 16:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/05/29 16:19:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/05/29 16:19:39 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Local\Programs
    [2013/05/29 16:09:33 | 000,000,000 | ---D | C] -- C:\Users\Finn\Documents\Security
    [2013/05/29 14:32:20 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Roaming\uTorrent
    [2013/05/29 13:57:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2013/05/29 13:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2013/05/29 13:34:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\%LOCALAPPDATA%
    [2013/05/29 13:09:27 | 000,000,000 | ---D | C] -- C:\Users\Finn\Documents\GTA Vice City Mods
    [2013/05/29 12:50:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2013/05/29 12:50:16 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Local\Google
    [2013/05/29 12:49:56 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Local\Apps
    [2013/05/29 12:49:55 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Local\Deployment
    [2013/05/29 12:33:50 | 000,000,000 | ---D | C] -- C:\Users\Finn\Documents\Symantec
    [2013/05/29 11:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK
    [2013/05/28 23:23:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LOCALAPPDATA%
    [2013/05/28 23:13:08 | 000,000,000 | ---D | C] -- C:\Users\Finn\Documents\Mount&Blade Warband Savegames
    [2013/05/28 20:57:32 | 000,000,000 | ---D | C] -- C:\Users\Finn\Documents\Mount&Blade Warband
    [2013/05/28 14:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaners
    [2013/05/28 14:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
    [2013/05/28 13:38:58 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Local\Diagnostics
    [2013/05/26 18:03:44 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Roaming\Mount&Blade Warband
    [2013/05/26 16:39:59 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Local\CrashDumps
    [2013/05/26 16:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
    [2013/05/26 16:35:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    [2013/05/26 16:28:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games
    [2013/05/26 15:21:59 | 000,000,000 | ---D | C] -- C:\Users\Finn\Documents\GTA Vice City User Files
    [2013/05/26 15:21:59 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    [2013/05/26 13:44:33 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Local\2K Games
    [2013/05/26 13:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
    [2013/05/26 13:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
    [2013/05/26 13:29:59 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
    [2013/05/26 13:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
    [2013/05/26 13:29:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
    [2013/05/26 12:50:00 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Local\Microsoft Games
    [2013/05/24 04:49:14 | 000,000,000 | ---D | C] -- C:\NBRT
    [2013/05/23 20:20:46 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Roaming\Macromedia
    [2013/05/23 20:20:44 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Roaming\Adobe
    [2013/05/23 20:20:43 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Roaming\Tific
    [2013/05/23 20:20:42 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Local\Symantec
    [2013/05/23 20:20:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
    [2013/05/23 20:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2013/05/23 20:19:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
    [2013/05/23 20:19:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0500020.001
    [2013/05/23 20:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
    [2013/05/23 20:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
    [2013/05/23 20:18:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
    [2013/05/23 20:13:42 | 001,880,400 | R--- | C] (Bethesda Softworks) -- C:\Users\Finn\Desktop\Skyrim.exe
    [2013/05/23 20:10:53 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Local\Skyrim
    [2013/05/23 20:10:53 | 000,000,000 | ---D | C] -- C:\Users\Finn\Documents\My Games
    [2013/05/23 20:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
    [2013/05/23 20:01:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Elder Scrolls V Skyrim
    [2013/05/23 19:59:33 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Local\ElevatedDiagnostics
    [2013/05/23 18:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
    [2013/05/23 18:48:16 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
    [2013/05/23 08:48:13 | 000,000,000 | ---D | C] -- C:\Windows\Panther
    [2013/05/23 08:47:58 | 000,000,000 | ---D | C] -- C:\Boot
    [2013/05/23 01:53:12 | 000,000,000 | ---D | C] -- C:\Users\Finn\Documents\2Wire_Vista64USBdriver_In_Autorun_v3.0
    [2013/05/23 01:48:37 | 000,114,688 | ---- | C] (Atheros) -- C:\Windows\SysWow64\athcfg10.dll
    [2013/05/23 01:17:53 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Local\Innovative Solutions
    [2013/05/23 01:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
    [2013/05/23 01:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
    [2013/05/23 01:16:27 | 007,009,736 | ---- | C] (Innovative Solutions ) -- C:\Users\Finn\Documents\drivermax_7_13_cnet.exe
    [2013/05/23 01:03:43 | 000,000,000 | ---D | C] -- C:\Users\Finn\Documents\802.11g PCI Turbo Wireless Adapter
    [2013/05/23 01:03:10 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Roaming\WinRAR
    [2013/05/23 01:03:10 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2013/05/23 01:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2013/05/23 01:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2013/05/23 00:12:46 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Local\MigWiz
    [2013/05/23 00:11:12 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2013/05/23 00:05:07 | 000,000,000 | R--D | C] -- C:\Users\Finn\Searches
    [2013/05/23 00:05:07 | 000,000,000 | R--D | C] -- C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2013/05/23 00:05:06 | 000,000,000 | -H-D | C] -- C:\Users\Finn\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2013/05/23 00:04:53 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Roaming\Identities
    [2013/05/23 00:04:49 | 000,000,000 | R--D | C] -- C:\Users\Finn\Contacts
    [2013/05/23 00:04:47 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Local\VirtualStore
    [2013/05/23 00:04:27 | 000,000,000 | -HSD | C] -- C:\Users\Finn\AppData\Local\Temporary Internet Files
    [2013/05/23 00:04:27 | 000,000,000 | -HSD | C] -- C:\Users\Finn\Templates
    [2013/05/23 00:04:27 | 000,000,000 | -HSD | C] -- C:\Users\Finn\Start Menu
    [2013/05/23 00:04:27 | 000,000,000 | -HSD | C] -- C:\Users\Finn\SendTo
    [2013/05/23 00:04:27 | 000,000,000 | -HSD | C] -- C:\Users\Finn\Recent
    [2013/05/23 00:04:27 | 000,000,000 | -HSD | C] -- C:\Users\Finn\PrintHood
    [2013/05/23 00:04:27 | 000,000,000 | -HSD | C] -- C:\Users\Finn\Local Settings
    [2013/05/23 00:04:27 | 000,000,000 | -HSD | C] -- C:\Users\Finn\AppData\Local\History
    [2013/05/23 00:04:27 | 000,000,000 | -HSD | C] -- C:\Users\Finn\AppData\Local\Application Data
    [2013/05/23 00:04:26 | 000,000,000 | R--D | C] -- C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2013/05/23 00:04:26 | 000,000,000 | R--D | C] -- C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2013/05/23 00:04:26 | 000,000,000 | -HSD | C] -- C:\Users\Finn\NetHood
    [2013/05/23 00:04:26 | 000,000,000 | -HSD | C] -- C:\Users\Finn\Documents\My Videos
    [2013/05/23 00:04:26 | 000,000,000 | -HSD | C] -- C:\Users\Finn\Documents\My Pictures
    [2013/05/23 00:04:26 | 000,000,000 | -HSD | C] -- C:\Users\Finn\Documents\My Music
    [2013/05/23 00:04:26 | 000,000,000 | -HSD | C] -- C:\Users\Finn\My Documents
    [2013/05/23 00:04:26 | 000,000,000 | -HSD | C] -- C:\Users\Finn\Cookies
    [2013/05/23 00:04:26 | 000,000,000 | -HSD | C] -- C:\Users\Finn\Application Data
    [2013/05/23 00:04:26 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Local\Temp
    [2013/05/23 00:04:26 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Local\Microsoft
    [2013/05/23 00:04:26 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Roaming\Media Center Programs
    [2013/05/23 00:04:25 | 000,000,000 | --SD | C] -- C:\Users\Finn\AppData\Roaming\Microsoft
    [2013/05/23 00:04:25 | 000,000,000 | R--D | C] -- C:\Users\Finn\Videos
    [2013/05/23 00:04:25 | 000,000,000 | R--D | C] -- C:\Users\Finn\Saved Games
    [2013/05/23 00:04:25 | 000,000,000 | R--D | C] -- C:\Users\Finn\Pictures
    [2013/05/23 00:04:25 | 000,000,000 | R--D | C] -- C:\Users\Finn\Music
    [2013/05/23 00:04:25 | 000,000,000 | R--D | C] -- C:\Users\Finn\Links
    [2013/05/23 00:04:25 | 000,000,000 | R--D | C] -- C:\Users\Finn\Favorites
    [2013/05/23 00:04:25 | 000,000,000 | R--D | C] -- C:\Users\Finn\Downloads
    [2013/05/23 00:04:25 | 000,000,000 | R--D | C] -- C:\Users\Finn\Documents
    [2013/05/23 00:04:25 | 000,000,000 | R--D | C] -- C:\Users\Finn\Desktop
    [2013/05/23 00:04:25 | 000,000,000 | -H-D | C] -- C:\Users\Finn\AppData
    [2013/05/23 00:02:27 | 000,000,000 | ---D | C] -- C:\Recovery
    [2013/05/22 23:52:02 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2013/05/22 23:49:47 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
    [2013/05/22 20:30:47 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2013/05/20 20:12:26 | 000,000,000 | ---D | C] -- C:\Games
    [2013/05/19 11:54:27 | 000,097,176 | ---- | C] (Elaborate Bytes AG) -- C:\Windows\SysWow64\ElbyCDIO.dll
    [2013/05/19 03:00:52 | 000,000,000 | ---D | C] -- C:\d6196d965d6b437a870f139d18359e
    [2013/05/16 16:00:06 | 000,000,000 | ---D | C] -- C:\Uninstall
    [2013/05/16 16:00:06 | 000,000,000 | ---D | C] -- C:\src
    [2013/05/14 20:39:02 | 000,000,000 | ---D | C] -- C:\SWSetup
    [2013/05/13 19:27:46 | 000,000,000 | ---D | C] -- C:\NVIDIA
    [2013/05/12 21:46:45 | 000,000,000 | ---D | C] -- C:\08fc8c25c373be2b65
    [2013/05/12 20:37:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information
    [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
    [1 C:\Users\Finn\*.tmp files -> C:\Users\Finn\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/05/31 20:24:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Finn\Desktop\OTL.exe
    [2013/05/31 20:24:25 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/05/31 20:24:25 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/05/31 20:23:45 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Finn\Desktop\JRT.exe
    [2013/05/31 20:21:36 | 000,632,031 | ---- | M] () -- C:\Users\Finn\Desktop\adwcleaner.exe
    [2013/05/31 19:40:34 | 001,915,980 | ---- | M] (Farbar) -- C:\Users\Finn\Desktop\FRST64.exe
    [2013/05/31 19:33:42 | 000,722,200 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/05/31 19:33:42 | 000,623,290 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/05/31 19:33:42 | 000,111,280 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/05/31 19:29:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/05/31 19:29:19 | 536,322,047 | -HS- | M] () -- C:\hiberfil.sys
    [2013/05/31 19:05:24 | 005,076,038 | R--- | M] (Swearware) -- C:\Users\Finn\Desktop\ComboFix.exe
    [2013/05/31 19:00:30 | 632,796,628 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/05/31 12:49:20 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2013/05/31 03:27:14 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/05/31 02:45:29 | 000,791,040 | ---- | M] () -- C:\Users\Finn\Desktop\RogueKillerX64.exe
    [2013/05/31 01:46:12 | 001,470,504 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0500020.001\Cat.DB
    [2013/05/31 01:41:48 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Finn\Desktop\dds.com
    [2013/05/31 01:31:02 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/05/31 01:03:30 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2013/05/30 20:40:18 | 000,001,340 | ---- | M] () -- C:\Users\Finn\Desktop\Norton Installation Files.lnk
    [2013/05/30 20:40:18 | 000,001,244 | ---- | M] () -- C:\Users\Finn\Desktop\Norton Download Manager.lnk
    [2013/05/30 18:54:45 | 000,001,286 | ---- | M] () -- C:\Users\Finn\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2013/05/30 18:54:45 | 000,001,262 | ---- | M] () -- C:\Users\Finn\Desktop\Spybot - Search & Destroy.lnk
    [2013/05/28 21:06:02 | 000,003,133 | ---- | M] () -- C:\Users\Finn\Desktop\M&B Warband.lnk
    [2013/05/28 20:10:05 | 000,001,298 | ---- | M] () -- C:\Users\Finn\Desktop\GTA Vice City.lnk
    [2013/05/26 16:35:05 | 000,002,105 | ---- | M] () -- C:\Users\Public\Desktop\Mafia II.lnk
    [2013/05/23 18:45:20 | 000,000,000 | -H-- | M] () -- C:\Users\Finn\Documents\Default.rdp
    [2013/05/23 08:48:00 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2013/05/23 08:47:59 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved
    [2013/05/23 01:18:03 | 000,001,441 | ---- | M] () -- C:\Users\Finn\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/05/23 01:17:10 | 000,001,254 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
    [2013/05/23 01:12:16 | 001,588,760 | ---- | M] () -- C:\Users\Finn\Documents\SetupVirtualCloneDrive5460.exe
    [2013/05/23 01:10:52 | 007,009,736 | ---- | M] (Innovative Solutions ) -- C:\Users\Finn\Documents\drivermax_7_13_cnet.exe
    [2013/05/23 00:07:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2013/05/23 00:03:04 | 000,171,136 | RHS- | M] () -- C:\w7ldr
    [2013/05/22 23:52:56 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
    [2013/05/22 23:52:56 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
    [2013/05/19 11:54:27 | 000,097,176 | ---- | M] (Elaborate Bytes AG) -- C:\Windows\SysWow64\ElbyCDIO.dll
    [2013/05/12 22:13:01 | 000,000,211 | -H-- | M] () -- C:\Boot.BAK
    [2013/05/12 20:35:30 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2013/05/12 20:35:30 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2013/05/12 20:35:30 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2013/05/12 20:35:30 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
    [1 C:\Users\Finn\*.tmp files -> C:\Users\Finn\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/05/31 20:22:33 | 000,632,031 | ---- | C] () -- C:\Users\Finn\Desktop\adwcleaner.exe
    [2013/05/31 17:11:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/05/31 17:11:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/05/31 17:11:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/05/31 17:11:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/05/31 17:11:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/05/31 12:49:20 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2013/05/31 02:45:28 | 000,791,040 | ---- | C] () -- C:\Users\Finn\Desktop\RogueKillerX64.exe
    [2013/05/31 01:31:02 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/05/31 01:03:30 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2013/05/31 01:03:02 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2013/05/30 20:40:17 | 000,001,340 | ---- | C] () -- C:\Users\Finn\Desktop\Norton Installation Files.lnk
    [2013/05/30 20:40:17 | 000,001,244 | ---- | C] () -- C:\Users\Finn\Desktop\Norton Download Manager.lnk
    [2013/05/30 20:00:10 | 632,796,628 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2013/05/30 18:54:45 | 000,001,286 | ---- | C] () -- C:\Users\Finn\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2013/05/30 18:54:45 | 000,001,262 | ---- | C] () -- C:\Users\Finn\Desktop\Spybot - Search & Destroy.lnk
    [2013/05/29 23:02:57 | 000,264,654 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
    [2013/05/29 23:02:57 | 000,007,634 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
    [2013/05/28 21:06:02 | 000,003,133 | ---- | C] () -- C:\Users\Finn\Desktop\M&B Warband.lnk
    [2013/05/28 20:10:05 | 000,001,298 | ---- | C] () -- C:\Users\Finn\Desktop\GTA Vice City.lnk
    [2013/05/26 16:35:05 | 000,002,105 | ---- | C] () -- C:\Users\Public\Desktop\Mafia II.lnk
    [2013/05/23 20:20:32 | 001,470,504 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500020.001\Cat.DB
    [2013/05/23 18:45:20 | 000,000,000 | -H-- | C] () -- C:\Users\Finn\Documents\Default.rdp
    [2013/05/23 08:47:58 | 000,383,562 | RHS- | C] () -- C:\bootmgr
    [2013/05/23 08:08:00 | 000,000,211 | -H-- | C] () -- C:\Boot.BAK
    [2013/05/23 01:48:37 | 000,651,264 | R--- | C] () -- C:\Windows\SysWow64\libeay32.dll
    [2013/05/23 01:48:37 | 000,147,456 | R--- | C] () -- C:\Windows\SysWow64\ssleay32.dll
    [2013/05/23 01:18:03 | 000,001,441 | ---- | C] () -- C:\Users\Finn\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/05/23 01:17:10 | 000,001,254 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
    [2013/05/23 01:16:27 | 001,588,760 | ---- | C] () -- C:\Users\Finn\Documents\SetupVirtualCloneDrive5460.exe
    [2013/05/23 00:37:59 | 000,001,447 | ---- | C] () -- C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2013/05/23 00:07:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2013/05/23 00:05:15 | 000,001,413 | ---- | C] () -- C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    [2013/05/23 00:04:26 | 000,000,290 | ---- | C] () -- C:\Users\Finn\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2013/05/23 00:04:26 | 000,000,272 | ---- | C] () -- C:\Users\Finn\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2013/05/23 00:03:04 | 000,171,136 | RHS- | C] () -- C:\w7ldr
    [2013/05/22 23:52:43 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2013/05/22 23:52:32 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2013/05/22 23:48:55 | 536,322,047 | -HS- | C] () -- C:\hiberfil.sys
    [2013/05/22 22:55:31 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
    [2013/05/15 16:36:39 | 065,792,018 | ---- | C] () -- C:\KB835221_ALL_OS_ALL_LOC.zip
    [2013/05/12 21:34:58 | 000,250,048 | RHS- | C] () -- C:\ntldr
    [2013/05/12 21:34:58 | 000,047,564 | RHS- | C] () -- C:\NTDETECT.COM
    [2013/05/12 21:24:54 | 000,000,355 | RHS- | C] () -- C:\Boot.ini.saved
    [2013/05/12 20:35:30 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
    [2013/05/12 20:35:30 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
    [2013/05/12 20:35:30 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
    [2013/05/12 20:35:30 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT

    ========== ZeroAccess Check ==========

    [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2009/07/14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/05/29 00:07:04 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\Mount&Blade Warband
    [2013/05/29 20:41:50 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\Spotify
    [2013/05/23 20:20:43 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\Tific
    [2013/05/30 19:29:27 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\uTorrent

    ========== Purity Check ==========




    < End of report >
     
  2. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    Extras.txt:

    OTL Extras logfile created on: 31/05/2013 20:25:41 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Finn\Desktop
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    6.00 Gb Total Physical Memory | 4.43 Gb Available Physical Memory | 73.80% Memory free
    12.00 Gb Paging File | 10.45 Gb Available in Paging File | 87.11% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 298.09 Gb Total Space | 247.39 Gb Free Space | 82.99% Space Free | Partition Type: NTFS
    Drive D: | 372.61 Gb Total Space | 333.64 Gb Free Space | 89.54% Space Free | Partition Type: NTFS
    Drive K: | 3.74 Gb Total Space | 1.02 Gb Free Space | 27.35% Space Free | Partition Type: FAT32

    Computer Name: FINN-PC | User Name: Finn | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
    "Microsoft Security Client" = Microsoft Security Essentials
    "WinRAR archiver" = WinRAR 5.00 beta 4 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
    "{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
    "{4BAE4C76-44C3-418F-B715-6BBF5A65323E}" = TL-WN851ND Driver
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "ESET Online Scanner" = ESET Online Scanner v3
    "Mafia II_is1" = Mafia II
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "VirtualCloneDrive" = VirtualCloneDrive

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3816028399-1038120349-2553551500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "PC Cleaners" = PC Cleaners

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 31/05/2013 14:45:32 | Computer Name = Finn-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 8.0.7600.17267 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: afc Start
    Time: 01ce5e2ec537eabd Termination Time: 281 Application Path: C:\Program Files\Internet
    Explorer\iexplore.exe Report Id: 40cb10e7-ca22-11e2-8651-001bfcc5334d

    Error - 31/05/2013 14:46:47 | Computer Name = Finn-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 8.0.7600.17267 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1e4 Start
    Time: 01ce5e2f08989087 Termination Time: 219 Application Path: C:\Program Files\Internet
    Explorer\iexplore.exe Report Id: 6b6b02f0-ca22-11e2-8651-001bfcc5334d

    Error - 31/05/2013 15:19:38 | Computer Name = Finn-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: adwcleaner.exe, version: 2.3.0.1, time
    stamp: 0x4f25baec Faulting module name: iertutil.dll, version: 8.0.7600.17267, time
    stamp: 0x513187ba Exception code: 0xc0000005 Fault offset: 0x00106628 Faulting process
    id: 0xf18 Faulting application start time: 0x01ce5e33c9afd4f7 Faulting application
    path: C:\Users\Finn\Desktop\adwcleaner.exe Faulting module path: C:\Windows\syswow64\iertutil.dll
    Report
    Id: 08cd5521-ca27-11e2-8651-001bfcc5334d

    Error - 31/05/2013 15:19:43 | Computer Name = Finn-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: adwcleaner.exe, version: 2.3.0.1, time
    stamp: 0x4f25baec Faulting module name: iertutil.dll, version: 8.0.7600.17267, time
    stamp: 0x513187ba Exception code: 0xc0000005 Fault offset: 0x00106628 Faulting process
    id: 0x32c Faulting application start time: 0x01ce5e33ce288c85 Faulting application
    path: C:\Users\Finn\Desktop\adwcleaner.exe Faulting module path: C:\Windows\syswow64\iertutil.dll
    Report
    Id: 0c12fb2d-ca27-11e2-8651-001bfcc5334d

    Error - 31/05/2013 15:22:38 | Computer Name = Finn-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: adwcleaner.exe, version: 2.3.0.1, time
    stamp: 0x4f25baec Faulting module name: iertutil.dll, version: 8.0.7600.17267, time
    stamp: 0x513187ba Exception code: 0xc0000005 Fault offset: 0x00106628 Faulting process
    id: 0xf3c Faulting application start time: 0x01ce5e3434e1f580 Faulting application
    path: C:\Users\Finn\Desktop\adwcleaner.exe Faulting module path: C:\Windows\syswow64\iertutil.dll
    Report
    Id: 73de2266-ca27-11e2-8651-001bfcc5334d

    Error - 31/05/2013 15:22:49 | Computer Name = Finn-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: adwcleaner.exe, version: 2.3.0.1, time
    stamp: 0x4f25baec Faulting module name: iertutil.dll, version: 8.0.7600.17267, time
    stamp: 0x513187ba Exception code: 0xc0000005 Fault offset: 0x00106628 Faulting process
    id: 0xabc Faulting application start time: 0x01ce5e343ccc15fe Faulting application
    path: C:\Users\Finn\Desktop\adwcleaner.exe Faulting module path: C:\Windows\syswow64\iertutil.dll
    Report
    Id: 7a92d002-ca27-11e2-8651-001bfcc5334d

    Error - 31/05/2013 15:22:52 | Computer Name = Finn-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: adwcleaner.exe, version: 2.3.0.1, time
    stamp: 0x4f25baec Faulting module name: iertutil.dll, version: 8.0.7600.17267, time
    stamp: 0x513187ba Exception code: 0xc0000005 Fault offset: 0x00106628 Faulting process
    id: 0xe44 Faulting application start time: 0x01ce5e343eed9e9e Faulting application
    path: C:\Users\Finn\Desktop\adwcleaner.exe Faulting module path: C:\Windows\syswow64\iertutil.dll
    Report
    Id: 7cb458a1-ca27-11e2-8651-001bfcc5334d

    Error - 31/05/2013 15:22:59 | Computer Name = Finn-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: adwcleaner.exe, version: 2.3.0.1, time
    stamp: 0x4f25baec Faulting module name: iertutil.dll, version: 8.0.7600.17267, time
    stamp: 0x513187ba Exception code: 0xc0000005 Fault offset: 0x00106628 Faulting process
    id: 0xd90 Faulting application start time: 0x01ce5e3442a920b4 Faulting application
    path: C:\Users\Finn\Desktop\adwcleaner.exe Faulting module path: C:\Windows\syswow64\iertutil.dll
    Report
    Id: 806d7957-ca27-11e2-8651-001bfcc5334d

    Error - 31/05/2013 15:24:07 | Computer Name = Finn-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: JRT.exe, version: 1.2.0.715, time stamp:
    0x46a2c1e1 Faulting module name: iertutil.dll, version: 8.0.7600.17267, time stamp:
    0x513187ba Exception code: 0xc0000005 Fault offset: 0x00106628 Faulting process id:
    0xcc4 Faulting application start time: 0x01ce5e346ad0b23a Faulting application path:
    C:\Users\Finn\Desktop\JRT.exe Faulting module path: C:\Windows\syswow64\iertutil.dll
    Report
    Id: a93e0c90-ca27-11e2-8651-001bfcc5334d

    Error - 31/05/2013 15:24:20 | Computer Name = Finn-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: JRT.exe, version: 1.2.0.715, time stamp:
    0x46a2c1e1 Faulting module name: iertutil.dll, version: 8.0.7600.17267, time stamp:
    0x513187ba Exception code: 0xc0000005 Fault offset: 0x00106628 Faulting process id:
    0xfcc Faulting application start time: 0x01ce5e3472c8ad85 Faulting application path:
    C:\Users\Finn\Desktop\JRT.exe Faulting module path: C:\Windows\syswow64\iertutil.dll
    Report
    Id: b09b4e69-ca27-11e2-8651-001bfcc5334d

    Error - 31/05/2013 15:24:26 | Computer Name = Finn-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: JRT.exe, version: 1.2.0.715, time stamp:
    0x46a2c1e1 Faulting module name: iertutil.dll, version: 8.0.7600.17267, time stamp:
    0x513187ba Exception code: 0xc0000005 Fault offset: 0x00106628 Faulting process id:
    0xa58 Faulting application start time: 0x01ce5e3476e1ff33 Faulting application path:
    C:\Users\Finn\Desktop\JRT.exe Faulting module path: C:\Windows\syswow64\iertutil.dll
    Report
    Id: b4afdd57-ca27-11e2-8651-001bfcc5334d

    [ System Events ]
    Error - 31/05/2013 14:25:24 | Computer Name = Finn-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 31/05/2013 14:28:34 | Computer Name = Finn-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 31/05/2013 14:29:32 | Computer Name = Finn-PC | Source = Service Control Manager | ID = 7023
    Description = The Diagnostic Policy Service service terminated with the following
    error: %%5

    Error - 31/05/2013 14:33:47 | Computer Name = Finn-PC | Source = Service Control Manager | ID = 7022
    Description = The Windows Search service hung on starting.

    Error - 31/05/2013 14:41:38 | Computer Name = Finn-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR7.

    Error - 31/05/2013 14:41:40 | Computer Name = Finn-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR7.

    Error - 31/05/2013 15:12:05 | Computer Name = Finn-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR8.

    Error - 31/05/2013 15:12:07 | Computer Name = Finn-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR8.

    Error - 31/05/2013 15:22:21 | Computer Name = Finn-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR9.

    Error - 31/05/2013 15:22:22 | Computer Name = Finn-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR9.


    < End of report >
     
  3. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    Please retry AdwCleaner and JRT from safe mode.
     
  4. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    AdwCleaner[S1].txt:
    # AdwCleaner v2.301 - Logfile created 05/31/2013 at 21:04:24
    # Updated 16/05/2013 by Xplode
    # Operating system : Windows 7 Ultimate (64 bits)
    # User : Finn - FINN-PC
    # Boot Mode : Safe mode
    # Running from : C:\Users\Finn\Desktop\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****

    ***** [Registry] *****

    ***** [Internet Browsers] *****
    -\\ Internet Explorer v8.0.7600.17267
    [OK] Registry is clean.
    -\\ Google Chrome v [Unable to get version]
    File : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    *************************
    AdwCleaner[S1].txt - [649 octets] - [31/05/2013 21:04:24]
    ########## EOF - C:\AdwCleaner[S1].txt - [708 octets] ##########
    JRT.txt:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.9.4 (05.06.2013:1)
    OS: Windows 7 Ultimate x64
    Ran by Finn on 31/05/2013 at 21:02:32.77
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    ~~~ Services

    ~~~ Registry Values

    ~~~ Registry Keys
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

    ~~~ Files

    ~~~ Folders
    Successfully deleted: [Folder] "C:\ProgramData\pc1data"
    Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc cleaners"

    ~~~ Event Viewer Logs were cleared


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 31/05/2013 at 21:03:48.76
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  5. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    [​IMG] Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    IE - HKU\S-1-5-21-3816028399-1038120349-2553551500-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    O3 - HKU\S-1-5-21-3816028399-1038120349-2553551500-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKU\S-1-5-21-3816028399-1038120349-2553551500-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} Reg Error: Value error. (Reg Error: Key error.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
    [​IMG] Click Start button and in "Start search" type:
    cmd
    Hold CTRL and SHIFT buttons and press Enter.
    Command prompt window will open.
    Paste this in:
    chkdsk /f /r (<------watch for "spaces")
    Press Enter.
    Restart the computer.
    Chkdsk will run.
    Let me know if it found/fixed any issues.
     
  6. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    OTL log-
    All processes killed
    ========== OTL ==========
    HKU\S-1-5-21-3816028399-1038120349-2553551500-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
    Registry value HKEY_USERS\S-1-5-21-3816028399-1038120349-2553551500-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3816028399-1038120349-2553551500-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Finn
    ->Temp folder emptied: 1126274 bytes
    ->Temporary Internet Files folder emptied: 23392222 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 492 bytes

    User: Public

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 5758 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 28987650 bytes
    RecycleBin emptied: 269 bytes

    Total Files Cleaned = 51.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Finn

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Finn
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 05312013_222700

    Files\Folders moved on Reboot...
    C:\Users\Finn\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\Finn\AppData\Local\Temp\~DF40A538516FC3FA5C.TMP not found!
    File\Folder C:\Users\Finn\AppData\Local\Temp\~DF4F2A171169CC87EB.TMP not found!
    File\Folder C:\Users\Finn\AppData\Local\Temp\~DF56494CBCA02E642F.TMP not found!
    File\Folder C:\Users\Finn\AppData\Local\Temp\~DF584509FAF7A8D567.TMP not found!
    File\Folder C:\Users\Finn\AppData\Local\Temp\~DFAA408EBD2F661491.TMP not found!
    File\Folder C:\Users\Finn\AppData\Local\Temp\~DFB0310EA30B56B9F7.TMP not found!
    File\Folder C:\Users\Finn\AppData\Local\Temp\~DFBBD56A182C868517.TMP not found!
    File\Folder C:\Users\Finn\AppData\Local\Temp\~DFD8F5F18739F944A3.TMP not found!
    File\Folder C:\Users\Finn\AppData\Local\Temp\~DFF8B7122306DF69C6.TMP not found!
    File\Folder C:\Users\Finn\AppData\Local\Temp\~DFFEBAA9A672B77288.TMP not found!
    C:\Users\Finn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W6V0HJSX\4773[1].htm moved successfully.
    File\Folder C:\Users\Finn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W6V0HJSX\bg_body[1].png not found!
    File\Folder C:\Users\Finn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W6V0HJSX\butt/n_start[1].png not found!
    C:\Users\Finn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W6V0HJSX\syncuppixels[1].html moved successfully.
    C:\Users\Finn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\84GRFOOV\partner[1].htm moved successfully.
    C:\Users\Finn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3MN3V7EC\partner[3].htm moved successfully.
    C:\Users\Finn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2ZDORT2K\page-2[2].txt moved successfully.
    C:\Users\Finn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

    Files\Folders moved on Reboot...
    C:\Users\Finn\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\Finn\AppData\Local\Temp\~DF40A538516FC3FA5C.TMP not found!
    File\Folder C:\Users\Finn\AppData\Local\Temp\~DF4F2A171169CC87EB.TMP not found!
    File\Folder C:\Users\Finn\AppData\Local\Temp\~DF56494CBCA02E642F.TMP not found!
    File\Folder C:\Users\Finn\AppData\Local\Temp\~DF584509FAF7A8D567.TMP not found!
    File\Folder C:\Users\Finn\AppData\Local\Temp\~DFAA408EBD2F661491.TMP not found!
    File\Folder C:\Users\Finn\AppData\Local\Temp\~DFB0310EA30B56B9F7.TMP not found!
    File\Folder C:\Users\Finn\AppData\Local\Temp\~DFBBD56A182C868517.TMP not found!
    File\Folder C:\Users\Finn\AppData\Local\Temp\~DFD8F5F18739F944A3.TMP not found!
    File\Folder C:\Users\Finn\AppData\Local\Temp\~DFF8B7122306DF69C6.TMP not found!
    File\Folder C:\Users\Finn\AppData\Local\Temp\~DFFEBAA9A672B77288.TMP not found!
    File\Folder C:\Users\Finn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W6V0HJSX\4773[1].htm not found!
    File\Folder C:\Users\Finn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W6V0HJSX\bg_body[1].png not found!
    File\Folder C:\Users\Finn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W6V0HJSX\butt/n_start[1].png not found!
    File\Folder C:\Users\Finn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W6V0HJSX\syncuppixels[1].html not found!
    File\Folder C:\Users\Finn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\84GRFOOV\partner[1].htm not found!
    File\Folder C:\Users\Finn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3MN3V7EC\partner[3].htm not found!
    File\Folder C:\Users\Finn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2ZDORT2K\page-2[2].txt not found!
    C:\Users\Finn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  7. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    The cmd says: "The type of file is NTFS. Cannot lock current drive. Chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N)"
    What should I do?
     
  8. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    Yes and restart.
    chkdsk will run at the boot.
     
  9. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    How will I know if CHKDSK finds and fixes any problems?
     
  10. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    When chkdsk runs it'll display all info on your computer screen.

    Alternatively use different command:

    chkdsk /f /r > chkdisklog.txt (<------watch for "spaces")
    When computer is fully booted open Windows Explorer, copy and paste the content of the following file:
    C:\chkdisklog.txt
     
  11. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    I can't find the chkdisklog.txt file but I think CHKDSK may have found some problems and fixed them. I'm not sure though.
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    How is computer doing?

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  13. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    Checkup.txt

    Results of screen317's Security Check version 0.99.64
    Windows 7 x64 (UAC is enabled)
    Out of date service pack!!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    Spybot - Search & Destroy
    Malwarebytes Anti-Malware version 1.75.0.1300
    Google Chrome 27.0.1453.94
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Spybot Teatimer.exe is disabled!
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 5%
    ````````````````````End of Log``````````````````````

    FSS.txt

    Farbar Service Scanner Version: 31-05-2013 01
    Ran by Finn (administrator) on 02-06-2013 at 18:15:16
    Running from "C:\Users\Finn\Desktop"
    Windows 7 Ultimate (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============

    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2013-05-31 01:02] - [2010-04-09 12:06] - 1898376 ____A (Microsoft Corporation) 7FC877A25796D8ADF539E64703FCA7E1
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  14. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    I cannot run a full scan with ESET without my PC crashing but it tells me that I still have the same two trojans that I had before.
     
  15. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    Also, I had to do a System Restore because Windows was trying to update itself but couldn't because it couldn't access files due to virus I presume. Will any changes made with software you have told me to use, have to be redone?
     
  16. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    How far back did you go?
     
  17. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    I went back to the restore point you told me to make before using combofix
     
  18. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
     
  19. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-06-2013
    Ran by Finn (administrator) on 09-06-2013 12:43:18
    Running from C:\Users\Finn\Desktop
    Windows 7 Ultimate (X64) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Farbar) C:\Users\Finn\Desktop\FRST64 (1).exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
    HKCU\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
    MountPoints2: {aa0a64a2-c7c6-11e2-a2c6-806e6f6e6963} - E:\Autorun.exe
    MountPoints2: {c554931c-c331-11e2-a6f4-806e6f6e6963} - D:\Start.exe

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
    SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://uk.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=GB&ver=5
    BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    Chrome:
    =======
    CHR RestoreOnStartup: "hxxp://google.co.uk/"
    CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll No File
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
    CHR Extension: (Angry Birds) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0
    CHR Extension: (Google Docs) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
    CHR Extension: (Burning Guitar) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdiejcapkjkibllbcobbohjibfkoogmj\1_0
    CHR Extension: (YouTube) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
    CHR Extension: (Facebook Disconnect) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0
    CHR Extension: (Send from Gmail (by Google)) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.13_0
    CHR Extension: (Gmail) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

    ==================== Services (Whitelisted) =================

    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
    S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
    R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

    ==================== Drivers (Whitelisted) ====================

    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
    R1 ElbyCDIO; System32\Drivers\ElbyCDIO.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-06-09 12:43 - 2013-06-09 12:42 - 01919210 ____A (Farbar) C:\Users\Finn\Desktop\FRST64 (1).exe
    2013-06-09 12:42 - 2013-06-09 12:42 - 00000000 ____D C:\Windows\LastGood
    2013-06-09 12:02 - 2013-06-09 12:02 - 00285376 ____A C:\Windows\Minidump\060913-47361-01.dmp
    2013-06-05 20:39 - 2013-06-05 20:40 - 00284792 ____A C:\Windows\Minidump\060513-46925-01.dmp
    2013-06-05 20:28 - 2013-06-05 20:28 - 00288344 ____A C:\Windows\Minidump\060513-47471-01.dmp
    2013-06-05 20:16 - 2013-06-05 20:16 - 00285280 ____A C:\Windows\Minidump\060513-31543-01.dmp
    2013-06-05 20:13 - 2013-06-05 20:14 - 00285120 ____A C:\Windows\Minidump\060513-37986-01.dmp
    2013-06-05 18:07 - 2013-06-05 18:07 - 00003240 ____N C:\bootsqm.dat
    2013-06-02 18:15 - 2013-06-05 20:23 - 00002578 ____A C:\Users\Finn\Desktop\FSS.txt
    2013-06-02 18:13 - 2013-06-02 18:13 - 00001132 ____A C:\Users\Finn\Desktop\checkup.txt
    2013-05-31 22:27 - 2013-05-31 22:27 - 00000000 ____D C:\_OTL
    2013-05-31 21:04 - 2013-05-31 21:04 - 00000776 ____A C:\AdwCleaner[S1].txt
    2013-05-31 20:24 - 2013-06-06 04:51 - 00000000 ____D C:\JRT
    2013-05-31 19:42 - 2013-05-31 19:42 - 00000000 ____D C:\FRST
    2013-05-31 19:21 - 2013-06-06 05:04 - 00000000 ____D C:\ComboFix
    2013-05-31 17:48 - 2013-05-31 17:48 - 00000000 ___HD C:\Windows\AxInstSV
    2013-05-31 17:48 - 2013-05-31 17:48 - 00000000 ____D C:\Program Files (x86)\ESET
    2013-05-31 17:11 - 2013-06-06 04:51 - 00000000 ____D C:\Windows\erdnt
    2013-05-31 17:11 - 2013-05-31 17:11 - 00000000 ____D C:\Qoobox
    2013-05-31 16:46 - 2013-05-31 16:46 - 00000000 ____D C:\Windows\System32\Macromed
    2013-05-31 13:32 - 2013-05-31 13:46 - 00000000 ____D C:\Users\Finn\Desktop\mbar
    2013-05-31 12:49 - 2013-05-31 12:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2013-05-31 03:37 - 2013-05-31 03:37 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
    2013-05-31 03:36 - 2013-06-09 12:31 - 00000000 ____D C:\ProgramData\NVIDIA
    2013-05-31 03:36 - 2013-02-26 00:32 - 00061216 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
    2013-05-31 03:36 - 2013-02-26 00:32 - 00053024 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
    2013-05-31 03:36 - 2013-01-18 16:00 - 06390048 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
    2013-05-31 03:36 - 2013-01-18 16:00 - 03460896 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
    2013-05-31 03:36 - 2013-01-18 16:00 - 02558240 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
    2013-05-31 03:36 - 2013-01-18 16:00 - 00884512 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    2013-05-31 03:36 - 2013-01-18 16:00 - 00118560 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
    2013-05-31 03:36 - 2013-01-18 16:00 - 00063776 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
    2013-05-31 03:35 - 2013-05-31 03:37 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2013-05-31 03:35 - 2013-05-31 03:35 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2013-05-31 03:24 - 2013-05-31 03:24 - 00288008 ____A C:\Windows\Minidump\053113-21340-01.dmp
    2013-05-31 03:22 - 2013-05-31 03:22 - 00000000 ____D C:\Windows\CheckSur
    2013-05-31 03:17 - 2013-05-31 13:04 - 00004369 ____A C:\Windows\IE9_main.log
    2013-05-31 03:09 - 2012-03-01 07:54 - 00022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
    2013-05-31 03:09 - 2012-03-01 07:45 - 00220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2013-05-31 03:09 - 2012-03-01 07:40 - 00080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
    2013-05-31 03:09 - 2012-03-01 07:35 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
    2013-05-31 03:09 - 2012-03-01 06:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2013-05-31 03:09 - 2012-03-01 06:45 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
    2013-05-31 03:09 - 2012-03-01 06:40 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
    2013-05-31 03:01 - 2010-03-04 05:32 - 00243712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
    2013-05-31 02:45 - 2013-05-31 02:45 - 00791040 ____A C:\Users\Finn\Desktop\RogueKillerX64.exe
    2013-05-31 02:41 - 2013-05-31 02:48 - 00000000 ____D C:\Users\Finn\Desktop\RK_Quarantine
    2013-05-31 01:42 - 2013-05-31 01:41 - 00688992 ____R (Swearware) C:\Users\Finn\Desktop\dds.com
    2013-05-31 01:31 - 2013-05-31 01:31 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-05-31 01:30 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-05-31 01:26 - 2013-05-31 01:26 - 00284872 ____A C:\Windows\Minidump\053113-21902-01.dmp
    2013-05-31 01:23 - 2013-05-31 01:23 - 00285256 ____A C:\Windows\Minidump\053113-24632-01.dmp
    2013-05-31 01:17 - 2012-05-14 06:20 - 00956416 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
    2013-05-31 01:13 - 2012-09-25 23:39 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
    2013-05-31 01:13 - 2012-09-25 22:55 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
    2013-05-31 01:13 - 2012-09-06 18:38 - 00295792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
    2013-05-31 01:13 - 2012-06-16 06:25 - 00850944 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-05-31 01:13 - 2012-06-16 06:25 - 00609792 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-05-31 01:13 - 2012-06-16 05:37 - 00428032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-05-31 01:13 - 2012-06-16 05:36 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-05-31 01:13 - 2012-04-07 13:18 - 03213824 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2013-05-31 01:13 - 2012-04-07 12:34 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2013-05-31 01:12 - 2013-03-02 06:49 - 01499648 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-05-31 01:12 - 2013-03-02 06:49 - 01198080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-05-31 01:12 - 2013-03-02 06:49 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-05-31 01:12 - 2013-03-02 06:44 - 01026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
    2013-05-31 01:12 - 2013-03-02 06:43 - 09377280 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-05-31 01:12 - 2013-03-02 06:43 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-05-31 01:12 - 2013-03-02 06:43 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-05-31 01:12 - 2013-03-02 06:43 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2013-05-31 01:12 - 2013-03-02 06:43 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-05-31 01:12 - 2013-03-02 06:43 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2013-05-31 01:12 - 2013-03-02 06:42 - 12405760 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-05-31 01:12 - 2013-03-02 06:42 - 02463744 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-05-31 01:12 - 2013-03-02 06:42 - 00445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2013-05-31 01:12 - 2013-03-02 06:42 - 00256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2013-05-31 01:12 - 2013-03-02 06:42 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-05-31 01:12 - 2013-03-02 06:06 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-05-31 01:12 - 2013-03-02 06:05 - 01230848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-05-31 01:12 - 2013-03-02 06:05 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-05-31 01:12 - 2013-03-02 06:02 - 06032384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-05-31 01:12 - 2013-03-02 06:02 - 00627200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-05-31 01:12 - 2013-03-02 06:02 - 00606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
    2013-05-31 01:12 - 2013-03-02 06:02 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-05-31 01:12 - 2013-03-02 06:02 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2013-05-31 01:12 - 2013-03-02 06:01 - 11019776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-05-31 01:12 - 2013-03-02 06:01 - 02077184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-05-31 01:12 - 2013-03-02 06:01 - 00381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2013-05-31 01:12 - 2013-03-02 06:01 - 00185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2013-05-31 01:12 - 2013-03-02 06:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-05-31 01:12 - 2013-03-02 06:01 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-05-31 01:12 - 2013-03-02 05:38 - 00482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2013-05-31 01:12 - 2013-03-02 05:03 - 00386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2013-05-31 01:12 - 2013-03-02 04:56 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-05-31 01:12 - 2013-03-02 04:56 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2013-05-31 01:12 - 2013-03-02 04:30 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2013-05-31 01:12 - 2013-03-02 04:29 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-05-31 01:12 - 2013-03-02 04:29 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2013-05-31 01:11 - 2013-01-24 06:41 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
    2013-05-31 01:11 - 2012-07-04 23:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2013-05-31 01:11 - 2012-07-04 23:01 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2013-05-31 01:11 - 2012-07-04 23:01 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2013-05-31 01:11 - 2012-07-04 22:26 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2013-05-31 01:11 - 2012-07-04 22:23 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2013-05-31 01:11 - 2012-05-05 09:30 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
    2013-05-31 01:11 - 2012-05-05 08:44 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2013-05-31 01:11 - 2011-02-18 07:33 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\prevhost.exe
    2013-05-31 01:11 - 2011-02-18 06:33 - 00031232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
    2013-05-31 01:03 - 2013-05-31 01:03 - 00002154 ____A C:\Windows\epplauncher.mif
    2013-05-31 01:02 - 2013-05-31 01:03 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2013-05-31 01:02 - 2013-05-31 01:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2013-05-31 01:02 - 2010-04-09 12:06 - 01898376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2013-05-31 01:02 - 2010-04-09 12:06 - 00374664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2013-05-31 00:59 - 2013-03-19 07:19 - 05497688 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2013-05-31 00:59 - 2013-03-19 06:54 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2013-05-31 00:59 - 2013-03-19 06:06 - 03958120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2013-05-31 00:59 - 2013-03-19 06:06 - 03902312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2013-05-31 00:59 - 2013-03-19 05:53 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2013-05-31 00:59 - 2013-03-19 04:19 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
    2013-05-30 23:35 - 2013-05-30 23:35 - 00284792 ____A C:\Windows\Minidump\053013-18517-01.dmp
    2013-05-30 23:29 - 2013-05-30 23:29 - 00285112 ____A C:\Windows\Minidump\053013-21980-01.dmp
    2013-05-30 23:17 - 2013-05-30 23:17 - 00284952 ____A C:\Windows\Minidump\053013-22167-01.dmp
    2013-05-30 23:09 - 2013-05-30 23:10 - 00285448 ____A C:\Windows\Minidump\053013-19359-01.dmp
    2013-05-30 23:04 - 2013-05-30 23:04 - 00284632 ____A C:\Windows\Minidump\053013-19172-01.dmp
    2013-05-30 22:59 - 2013-05-30 22:59 - 00285896 ____A C:\Windows\Minidump\053013-43914-01.dmp
    2013-05-30 22:51 - 2011-12-16 09:42 - 00634368 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
    2013-05-30 22:51 - 2011-12-16 08:59 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
    2013-05-30 22:51 - 2011-10-15 07:25 - 00723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
    2013-05-30 22:51 - 2011-10-15 06:48 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
    2013-05-30 22:51 - 2011-08-27 06:40 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
    2013-05-30 22:51 - 2011-08-27 06:40 - 00331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
    2013-05-30 22:51 - 2011-08-27 05:43 - 00571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2013-05-30 22:51 - 2011-08-27 05:43 - 00233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
    2013-05-30 22:51 - 2011-05-24 12:21 - 00404992 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
    2013-05-30 22:51 - 2011-05-24 11:34 - 00145920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
    2013-05-30 22:51 - 2011-05-24 11:34 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
    2013-05-30 22:51 - 2011-05-24 11:34 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
    2013-05-30 22:51 - 2011-05-24 11:32 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
    2013-05-30 22:51 - 2011-02-23 06:15 - 00286720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
    2013-05-30 22:51 - 2011-02-23 06:15 - 00157696 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
    2013-05-30 22:51 - 2011-02-23 06:15 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
    2013-05-30 22:51 - 2011-02-23 06:15 - 00090624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
    2013-05-30 22:51 - 2011-02-12 07:14 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\FXSCOVER.exe
    2013-05-30 22:51 - 2011-02-05 13:41 - 00640896 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
    2013-05-30 22:51 - 2011-02-05 13:41 - 00556928 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
    2013-05-30 22:51 - 2011-02-05 13:41 - 00020352 ____A (Microsoft Corporation) C:\Windows\System32\kdusb.dll
    2013-05-30 22:51 - 2011-02-05 13:41 - 00019328 ____A (Microsoft Corporation) C:\Windows\System32\kd1394.dll
    2013-05-30 22:51 - 2011-02-05 13:41 - 00017792 ____A (Microsoft Corporation) C:\Windows\System32\kdcom.dll
    2013-05-30 22:51 - 2011-02-05 13:39 - 00603976 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
    2013-05-30 22:51 - 2011-02-05 13:39 - 00518160 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
    2013-05-30 22:51 - 2010-12-18 07:12 - 03138048 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
    2013-05-30 22:51 - 2010-12-18 07:08 - 01097216 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
    2013-05-30 22:51 - 2010-12-18 06:30 - 02690560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2013-05-30 22:51 - 2010-12-18 06:26 - 01034240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2013-05-30 22:51 - 2010-10-16 06:23 - 00112000 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
    2013-05-30 22:51 - 2010-08-31 05:32 - 00954752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc40.dll
    2013-05-30 22:51 - 2010-08-31 05:32 - 00954288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc40u.dll
    2013-05-30 22:51 - 2009-08-29 08:50 - 00046592 ____A (Microsoft Corporation) C:\Windows\System32\msasn1.dll
    2013-05-30 22:51 - 2009-08-29 07:57 - 00034816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msasn1.dll
    2013-05-30 22:50 - 2011-11-19 16:07 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
    2013-05-30 22:50 - 2011-11-19 15:06 - 00067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2013-05-30 22:50 - 2011-11-17 08:14 - 01739160 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
    2013-05-30 22:50 - 2011-11-17 06:41 - 01292592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2013-05-30 22:50 - 2010-10-16 06:17 - 00720896 ____A (Microsoft Corporation) C:\Windows\System32\odbc32.dll
    2013-05-30 22:50 - 2010-10-16 05:34 - 00573440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbc32.dll
    2013-05-30 22:50 - 2010-08-27 07:14 - 00236032 ____A (Microsoft Corporation) C:\Windows\System32\srvsvc.dll
    2013-05-30 22:50 - 2010-08-27 06:46 - 00009728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
    2013-05-30 22:50 - 2010-08-27 04:38 - 00463360 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
    2013-05-30 22:50 - 2010-08-27 04:37 - 00402944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
    2013-05-30 22:50 - 2010-08-27 04:37 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
    2013-05-30 22:38 - 2013-05-30 22:38 - 00284216 ____A C:\Windows\Minidump\053013-21559-01.dmp
    2013-05-30 21:12 - 2013-05-30 21:12 - 00287304 ____A C:\Windows\Minidump\053013-32526-01.dmp
    2013-05-30 21:00 - 2012-06-02 23:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2013-05-30 21:00 - 2012-06-02 23:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2013-05-30 21:00 - 2012-06-02 23:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2013-05-30 21:00 - 2012-06-02 23:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2013-05-30 20:40 - 2013-05-30 20:40 - 00001340 ____A C:\Users\Finn\Desktop\Norton Installation Files.lnk
    2013-05-30 20:40 - 2013-05-30 20:40 - 00001244 ____A C:\Users\Finn\Desktop\Norton Download Manager.lnk
    2013-05-30 20:00 - 2013-06-09 12:02 - 354645076 ____A C:\Windows\MEMORY.DMP
    2013-05-30 20:00 - 2013-05-30 20:00 - 00286376 ____A C:\Windows\Minidump\053013-57408-01.dmp
    2013-05-30 19:52 - 2013-05-30 19:52 - 04167680 ____A C:\Program Files (x86)\GUT279D.tmp
    2013-05-30 19:52 - 2013-05-30 19:52 - 00000000 ____D C:\Program Files (x86)\GUM278D.tmp
    2013-05-30 18:54 - 2013-06-06 05:04 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2013-05-30 18:54 - 2013-05-30 18:57 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
    2013-05-30 18:54 - 2013-05-30 18:54 - 00001262 ____A C:\Users\Finn\Desktop\Spybot - Search & Destroy.lnk
    2013-05-30 18:42 - 2013-05-30 18:42 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2013-05-30 16:11 - 2013-05-30 16:11 - 151247144 ____A (COMODO) C:\Users\Finn\Downloads\cispremium_installer.exe
    2013-05-30 16:08 - 2013-05-30 16:08 - 98142048 ____A (COMODO) C:\Users\Finn\Downloads\cfw_installer.exe
    2013-05-30 15:55 - 2012-06-02 23:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2013-05-30 15:55 - 2012-06-02 23:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2013-05-30 15:55 - 2012-06-02 23:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2013-05-30 15:55 - 2012-06-02 15:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2013-05-30 15:55 - 2012-06-02 15:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2013-05-30 15:54 - 2013-05-02 16:29 - 00278800 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2013-05-29 23:02 - 2011-08-17 19:39 - 01579520 ____A (Atheros Communications, Inc.) C:\Windows\System32\athrx.sys
    2013-05-29 23:02 - 2011-08-17 19:39 - 00007634 ____A C:\Windows\System32\athrextx.cat
    2013-05-29 22:54 - 2011-04-11 10:33 - 01579520 ____A (Atheros Communications, Inc.) C:\Windows\System32\Drivers\athrx.sys
    2013-05-29 20:40 - 2013-05-29 20:41 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Spotify
    2013-05-29 19:24 - 2013-05-29 19:24 - 00000000 ____D C:\VritualRoot
    2013-05-29 19:05 - 2013-05-30 07:43 - 00000000 ____D C:\ProgramData\Comodo
    2013-05-29 19:05 - 2013-05-29 19:05 - 00000000 ____D C:\Program Files\COMODO
    2013-05-29 18:24 - 2013-05-29 18:24 - 00000000 ____D C:\Users\Finn\AppData\Roaming\SUPERAntiSpyware.com
    2013-05-29 18:23 - 2013-05-30 07:43 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2013-05-29 18:23 - 2013-05-29 18:23 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2013-05-29 18:14 - 2013-05-31 13:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2013-05-29 17:44 - 2013-05-29 17:46 - 00000000 ____D C:\Users\Finn\AppData\Local\NPE
    2013-05-29 16:20 - 2013-05-29 16:20 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Malwarebytes
    2013-05-29 16:19 - 2013-05-31 01:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-05-29 16:19 - 2013-05-29 16:19 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-05-29 16:09 - 2013-05-30 07:43 - 00000000 ____D C:\Users\Finn\Documents\Security
    2013-05-29 14:32 - 2013-05-30 19:29 - 00000000 ____D C:\Users\Finn\AppData\Roaming\uTorrent
    2013-05-29 13:57 - 2013-05-29 13:58 - 00000000 ____D C:\ProgramData\AVAST Software
    2013-05-29 13:57 - 2013-05-29 13:58 - 00000000 ____D C:\Program Files\AVAST Software
    2013-05-29 13:34 - 2013-05-29 13:34 - 00000000 ____D C:\Windows\SysWOW64\%LOCALAPPDATA%
    2013-05-29 13:24 - 2013-05-30 20:40 - 00000000 ____D C:\Users\Public\Downloads\Norton
    2013-05-29 13:09 - 2013-05-29 13:09 - 00000000 ____D C:\Users\Finn\Documents\GTA Vice City Mods
    2013-05-29 12:50 - 2013-05-30 19:52 - 00000000 ____D C:\Program Files (x86)\Google
    2013-05-29 12:50 - 2013-05-29 12:52 - 00000000 ____D C:\Users\Finn\AppData\Local\Google
    2013-05-29 12:49 - 2013-05-30 19:52 - 00000000 ____D C:\Users\Finn\AppData\Local\Deployment
    2013-05-29 12:49 - 2013-05-30 18:41 - 00000000 ____D C:\Users\Finn\AppData\Local\Apps\2.0
    2013-05-29 12:33 - 2013-05-29 12:33 - 00000000 ____D C:\Users\Finn\Documents\Symantec
    2013-05-29 11:26 - 2013-05-30 19:29 - 00000000 ____D C:\ProgramData\TP-LINK
    2013-05-28 23:23 - 2013-06-06 05:02 - 00000000 ____D C:\Windows\System32\%LOCALAPPDATA%
    2013-05-28 23:13 - 2013-05-29 23:14 - 00000000 ____D C:\Users\Finn\Documents\Mount&Blade Warband Savegames
    2013-05-28 21:06 - 2013-05-28 21:06 - 00003133 ____A C:\Users\Finn\Desktop\M&B Warband.lnk
    2013-05-28 20:57 - 2013-05-28 23:19 - 00000000 ____D C:\Users\Finn\Documents\Mount&Blade Warband
    2013-05-28 20:10 - 2013-05-28 20:10 - 00001298 ____A C:\Users\Finn\Desktop\GTA Vice City.lnk
    2013-05-28 14:49 - 2013-06-06 05:04 - 00000000 ____D C:\ProgramData\PC1Data
    2013-05-28 14:49 - 2013-06-06 05:04 - 00000000 ____D C:\ProgramData\PC Cleaners
    2013-05-28 14:49 - 2013-05-28 14:49 - 00000735 ____A C:\Users\Finn\Desktop\PC Cleaner Pro.lnk
    2013-05-28 14:49 - 2013-05-28 14:22 - 05371088 ____A (PC Cleaners) C:\ProgramData\pclunst.exe
    2013-05-28 14:47 - 2013-06-09 12:42 - 00008182 ____A C:\Windows\setupact.log
    2013-05-28 14:47 - 2013-05-28 14:47 - 00000000 ____A C:\Windows\setuperr.log
    2013-05-26 18:03 - 2013-05-29 00:07 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Mount&Blade Warband
    2013-05-26 16:39 - 2013-06-05 20:41 - 00000000 ____D C:\Users\Finn\AppData\Local\CrashDumps
    2013-05-26 16:36 - 2013-05-31 03:37 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
     
  20. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    2013-05-26 16:35 - 2013-05-26 16:35 - 00002105 ____A C:\Users\Public\Desktop\Mafia II.lnk
    2013-05-26 16:28 - 2013-05-26 16:28 - 00000000 ____D C:\Program Files (x86)\2K Games
    2013-05-26 15:21 - 2013-05-26 15:46 - 00000000 ____D C:\Users\Finn\Documents\GTA Vice City User Files
    2013-05-26 13:44 - 2013-05-26 13:44 - 00000000 ____D C:\Users\Finn\AppData\Local\2K Games
    2013-05-26 13:29 - 2013-05-26 13:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2013-05-26 13:29 - 2013-05-26 13:29 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
    2013-05-26 12:50 - 2013-06-06 05:00 - 00000000 ____D C:\Users\Finn\AppData\Local\Microsoft Games
    2013-05-24 04:49 - 2013-05-24 04:49 - 00000000 ____D C:\NBRT
    2013-05-23 20:20 - 2013-05-31 02:36 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
    2013-05-23 20:20 - 2013-05-23 20:20 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Tific
    2013-05-23 20:20 - 2013-05-23 20:20 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Macromedia
    2013-05-23 20:20 - 2013-05-23 20:20 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Adobe
    2013-05-23 20:20 - 2013-05-23 20:20 - 00000000 ____D C:\Users\Finn\AppData\Local\Symantec
    2013-05-23 20:20 - 2010-08-21 04:59 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
    2013-05-23 20:20 - 2010-08-21 04:59 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
    2013-05-23 20:20 - 2010-08-21 04:59 - 00034152 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
    2013-05-23 20:19 - 2013-05-31 14:12 - 00000000 ____D C:\ProgramData\Norton
    2013-05-23 20:19 - 2013-05-30 07:43 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
    2013-05-23 20:13 - 2011-11-10 15:06 - 01880400 ___RA (Bethesda Softworks) C:\Users\Finn\Desktop\Skyrim.exe
    2013-05-23 20:10 - 2013-05-23 20:10 - 00000000 ____D C:\Users\Finn\Documents\My Games
    2013-05-23 20:10 - 2013-05-23 20:10 - 00000000 ____D C:\Users\Finn\AppData\Local\Skyrim
    2013-05-23 20:09 - 2010-02-04 10:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
    2013-05-23 20:09 - 2010-02-04 10:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
    2013-05-23 20:09 - 2010-02-04 10:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
    2013-05-23 20:09 - 2010-02-04 10:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
    2013-05-23 20:09 - 2010-02-04 10:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
    2013-05-23 20:09 - 2010-02-04 10:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
    2013-05-23 20:09 - 2010-02-04 10:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
    2013-05-23 20:09 - 2010-02-04 10:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
    2013-05-23 20:09 - 2009-09-04 17:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
    2013-05-23 20:09 - 2009-09-04 17:44 - 00515416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
    2013-05-23 20:09 - 2009-09-04 17:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
    2013-05-23 20:09 - 2009-09-04 17:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
    2013-05-23 20:09 - 2009-09-04 17:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
    2013-05-23 20:09 - 2009-09-04 17:44 - 00069464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
    2013-05-23 20:09 - 2009-09-04 17:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
    2013-05-23 20:09 - 2009-09-04 17:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
    2013-05-23 20:09 - 2009-09-04 17:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
    2013-05-23 20:09 - 2009-09-04 17:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
    2013-05-23 20:09 - 2009-09-04 17:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
    2013-05-23 20:09 - 2009-09-04 17:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
    2013-05-23 20:09 - 2009-09-04 17:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
    2013-05-23 20:09 - 2009-09-04 17:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
    2013-05-23 20:09 - 2009-09-04 17:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
    2013-05-23 20:09 - 2009-09-04 17:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
    2013-05-23 20:09 - 2009-03-16 14:18 - 00521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
    2013-05-23 20:09 - 2009-03-16 14:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
    2013-05-23 20:09 - 2009-03-16 14:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
    2013-05-23 20:09 - 2009-03-16 14:18 - 00174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
    2013-05-23 20:09 - 2009-03-16 14:18 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
    2013-05-23 20:09 - 2009-03-16 14:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
    2013-05-23 20:09 - 2009-03-09 15:27 - 05425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
    2013-05-23 20:09 - 2009-03-09 15:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
    2013-05-23 20:09 - 2009-03-09 15:27 - 02430312 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
    2013-05-23 20:09 - 2009-03-09 15:27 - 01846632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
    2013-05-23 20:09 - 2009-03-09 15:27 - 00520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
    2013-05-23 20:09 - 2009-03-09 15:27 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
    2013-05-23 20:09 - 2008-10-27 10:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
    2013-05-23 20:09 - 2008-10-27 10:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
    2013-05-23 20:09 - 2008-10-27 10:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
    2013-05-23 20:09 - 2008-10-27 10:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
    2013-05-23 20:09 - 2008-10-27 10:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
    2013-05-23 20:09 - 2008-10-27 10:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
    2013-05-23 20:09 - 2008-10-27 10:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
    2013-05-23 20:09 - 2008-10-27 10:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
    2013-05-23 20:09 - 2008-10-15 06:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
    2013-05-23 20:09 - 2008-10-15 06:22 - 04379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
    2013-05-23 20:09 - 2008-10-15 06:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
    2013-05-23 20:09 - 2008-10-15 06:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
    2013-05-23 20:09 - 2008-10-15 06:22 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
    2013-05-23 20:09 - 2008-10-15 06:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
    2013-05-23 20:09 - 2008-07-31 10:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
    2013-05-23 20:09 - 2008-07-31 10:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
    2013-05-23 20:09 - 2008-07-31 10:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
    2013-05-23 20:09 - 2008-07-31 10:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
    2013-05-23 20:09 - 2008-07-31 10:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
    2013-05-23 20:09 - 2008-07-31 10:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
    2013-05-23 20:09 - 2008-07-10 11:01 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
    2013-05-23 20:09 - 2008-07-10 11:00 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
    2013-05-23 20:09 - 2008-07-10 11:00 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
    2013-05-23 20:09 - 2008-07-10 11:00 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
    2013-05-23 20:09 - 2008-07-10 11:00 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
    2013-05-23 20:09 - 2008-07-10 11:00 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
    2013-05-23 20:09 - 2008-05-30 14:19 - 00511496 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
    2013-05-23 20:09 - 2008-05-30 14:19 - 00507400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
    2013-05-23 20:09 - 2008-05-30 14:18 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
    2013-05-23 20:09 - 2008-05-30 14:18 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
    2013-05-23 20:09 - 2008-05-30 14:17 - 00068104 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
    2013-05-23 20:09 - 2008-05-30 14:17 - 00065032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
    2013-05-23 20:09 - 2008-05-30 14:17 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
    2013-05-23 20:09 - 2008-05-30 14:16 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
    2013-05-23 20:09 - 2008-05-30 14:11 - 04991496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
    2013-05-23 20:09 - 2008-05-30 14:11 - 03850760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
    2013-05-23 20:09 - 2008-05-30 14:11 - 01941528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
    2013-05-23 20:09 - 2008-05-30 14:11 - 01491992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
    2013-05-23 20:09 - 2008-05-30 14:11 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
    2013-05-23 20:09 - 2008-05-30 14:11 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
    2013-05-23 20:09 - 2008-03-05 16:04 - 00489480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
    2013-05-23 20:09 - 2008-03-05 16:03 - 00479752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
    2013-05-23 20:09 - 2008-03-05 16:03 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
    2013-05-23 20:09 - 2008-03-05 16:03 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
    2013-05-23 20:09 - 2008-03-05 16:00 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
    2013-05-23 20:09 - 2008-03-05 16:00 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
    2013-05-23 20:09 - 2008-03-05 15:56 - 04910088 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
    2013-05-23 20:09 - 2008-03-05 15:56 - 03786760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
    2013-05-23 20:09 - 2008-03-05 15:56 - 01860120 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
    2013-05-23 20:09 - 2008-03-05 15:56 - 01420824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
    2013-05-23 20:09 - 2008-02-05 23:07 - 00529424 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
    2013-05-23 20:09 - 2008-02-05 23:07 - 00462864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
    2013-05-23 20:09 - 2007-10-22 03:40 - 00411656 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
    2013-05-23 20:09 - 2007-10-22 03:39 - 00267272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
    2013-05-23 20:09 - 2007-10-22 03:37 - 00021000 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
    2013-05-23 20:09 - 2007-10-22 03:37 - 00017928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
    2013-05-23 20:09 - 2007-10-12 15:14 - 05081608 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
    2013-05-23 20:09 - 2007-10-12 15:14 - 03734536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
    2013-05-23 20:09 - 2007-10-12 15:14 - 02006552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
    2013-05-23 20:09 - 2007-10-12 15:14 - 01374232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
    2013-05-23 20:09 - 2007-10-02 09:56 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
    2013-05-23 20:09 - 2007-10-02 09:56 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
    2013-05-23 20:09 - 2007-07-20 00:57 - 00411496 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
    2013-05-23 20:09 - 2007-07-20 00:57 - 00267112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
    2013-05-23 20:09 - 2007-07-19 18:14 - 05073256 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll
    2013-05-23 20:09 - 2007-07-19 18:14 - 03727720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
    2013-05-23 20:09 - 2007-07-19 18:14 - 01985904 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
    2013-05-23 20:09 - 2007-07-19 18:14 - 01358192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
    2013-05-23 20:09 - 2007-07-19 18:14 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
    2013-05-23 20:09 - 2007-07-19 18:14 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
    2013-05-23 20:09 - 2007-06-20 20:49 - 00409960 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
    2013-05-23 20:09 - 2007-06-20 20:46 - 00266088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
    2013-05-23 20:09 - 2007-05-16 16:45 - 04496232 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
    2013-05-23 20:09 - 2007-05-16 16:45 - 03497832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
    2013-05-23 20:09 - 2007-05-16 16:45 - 01401200 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
    2013-05-23 20:09 - 2007-05-16 16:45 - 01124720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
    2013-05-23 20:09 - 2007-05-16 16:45 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
    2013-05-23 20:09 - 2007-05-16 16:45 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
    2013-05-23 20:08 - 2013-05-26 13:33 - 00010843 ____A C:\Windows\DirectX.log
    2013-05-23 20:08 - 2007-04-04 18:55 - 00403304 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
    2013-05-23 20:08 - 2007-04-04 18:55 - 00261480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
    2013-05-23 20:08 - 2007-04-04 18:54 - 00107368 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
    2013-05-23 20:08 - 2007-04-04 18:53 - 00081768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
    2013-05-23 20:08 - 2007-03-15 16:57 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
    2013-05-23 20:08 - 2007-03-15 16:57 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
    2013-05-23 20:08 - 2007-03-12 16:42 - 04494184 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
    2013-05-23 20:08 - 2007-03-12 16:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
    2013-05-23 20:08 - 2007-03-12 16:42 - 01400176 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
    2013-05-23 20:08 - 2007-03-12 16:42 - 01123696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
    2013-05-23 20:08 - 2007-03-05 12:42 - 00017688 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
    2013-05-23 20:08 - 2007-03-05 12:42 - 00015128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
    2013-05-23 20:08 - 2007-01-24 15:27 - 00393576 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
    2013-05-23 20:08 - 2007-01-24 15:27 - 00255848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
    2013-05-23 20:08 - 2006-12-08 12:02 - 00251672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
    2013-05-23 20:08 - 2006-12-08 12:00 - 00390424 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
    2013-05-23 20:08 - 2006-11-29 13:06 - 04398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
    2013-05-23 20:08 - 2006-11-29 13:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
    2013-05-23 20:08 - 2006-11-29 13:06 - 00469264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
    2013-05-23 20:08 - 2006-11-29 13:06 - 00440080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
    2013-05-23 20:08 - 2006-09-28 16:05 - 03977496 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
    2013-05-23 20:08 - 2006-09-28 16:05 - 02414360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
    2013-05-23 20:08 - 2006-09-28 16:05 - 00237848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
    2013-05-23 20:08 - 2006-09-28 16:04 - 00364824 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
    2013-05-23 20:08 - 2006-07-28 09:31 - 00083736 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
    2013-05-23 20:08 - 2006-07-28 09:30 - 00363288 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
    2013-05-23 20:08 - 2006-07-28 09:30 - 00236824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
    2013-05-23 20:08 - 2006-07-28 09:30 - 00062744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
    2013-05-23 20:08 - 2006-05-31 07:24 - 00230168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
    2013-05-23 20:08 - 2006-05-31 07:22 - 00354072 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
    2013-05-23 20:08 - 2006-03-31 12:41 - 03927248 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
    2013-05-23 20:08 - 2006-03-31 12:40 - 02388176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
    2013-05-23 20:08 - 2006-03-31 12:40 - 00352464 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
    2013-05-23 20:08 - 2006-03-31 12:39 - 00229584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
    2013-05-23 20:08 - 2006-03-31 12:39 - 00083664 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
    2013-05-23 20:08 - 2006-03-31 12:39 - 00062672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
    2013-05-23 20:08 - 2006-02-03 08:43 - 03830992 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
    2013-05-23 20:08 - 2006-02-03 08:43 - 02332368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
    2013-05-23 20:08 - 2006-02-03 08:42 - 00355536 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
    2013-05-23 20:08 - 2006-02-03 08:42 - 00230096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
    2013-05-23 20:08 - 2006-02-03 08:41 - 00016592 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
    2013-05-23 20:08 - 2006-02-03 08:41 - 00014032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
    2013-05-23 20:08 - 2005-12-05 18:09 - 03815120 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
    2013-05-23 20:08 - 2005-12-05 18:09 - 02323664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
    2013-05-23 20:08 - 2005-07-22 19:59 - 03807440 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
    2013-05-23 20:08 - 2005-07-22 19:59 - 02319568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
    2013-05-23 20:08 - 2005-05-26 15:34 - 03767504 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
    2013-05-23 20:08 - 2005-05-26 15:34 - 02297552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
    2013-05-23 20:08 - 2005-03-18 17:19 - 03823312 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
    2013-05-23 20:08 - 2005-03-18 17:19 - 02337488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
    2013-05-23 20:08 - 2005-02-05 19:45 - 03544272 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
    2013-05-23 20:08 - 2005-02-05 19:45 - 02222800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
    2013-05-23 20:01 - 2013-05-23 20:10 - 00000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim
    2013-05-23 19:58 - 2013-05-30 20:21 - 00246442 ____A C:\Windows\ntbtlog.txt.bak
    2013-05-23 18:48 - 2013-05-24 04:19 - 00000000 ____D C:\Users\Finn\048298C9A4D3490B9FF9AB023A9238F3.TMP
    2013-05-23 18:48 - 2013-05-24 04:19 - 00000000 ____D C:\Program Files (x86)\Steam
    2013-05-23 18:45 - 2013-05-23 18:45 - 00000000 ___AH C:\Users\Finn\Documents\Default.rdp
    2013-05-23 18:42 - 2013-05-31 02:38 - 00020310 ____A C:\Windows\PFRO.log
    2013-05-23 08:48 - 2013-05-22 23:55 - 00000000 ____D C:\Windows\Panther
    2013-05-23 08:47 - 2009-07-14 02:38 - 00383562 _RASH C:\bootmgr
    2013-05-23 08:08 - 2013-05-12 22:13 - 00000211 ____H C:\Boot.BAK
    2013-05-23 01:58 - 2013-05-23 01:56 - 21707032 ____A (Hewlett-Packard Company ) C:\Users\Finn\Documents\sp47895.exe
    2013-05-23 01:53 - 2013-05-30 07:43 - 00000000 ____D C:\Users\Finn\Documents\2Wire_Vista64USBdriver_In_Autorun_v3.0
    2013-05-23 01:48 - 2003-05-31 20:15 - 00114688 ____A (Atheros) C:\Windows\SysWOW64\athcfg10.dll
    2013-05-23 01:48 - 2003-05-31 20:10 - 00651264 ___RA C:\Windows\SysWOW64\libeay32.dll
    2013-05-23 01:48 - 2003-05-31 20:10 - 00450560 ___RA (Meetinghouse Data Communications) C:\Windows\SysWOW64\AegisE5.dll
    2013-05-23 01:48 - 2003-05-31 20:10 - 00327680 ___RA (Meetinghouse Data Communications) C:\Windows\SysWOW64\AegisE2.dll
    2013-05-23 01:48 - 2003-05-31 20:10 - 00147456 ___RA C:\Windows\SysWOW64\ssleay32.dll
    2013-05-23 01:17 - 2013-05-23 01:17 - 00001254 ____A C:\Users\Public\Desktop\Virtual CloneDrive.lnk
    2013-05-23 01:17 - 2013-05-23 01:17 - 00000000 ____D C:\Users\Finn\AppData\Local\Innovative Solutions
    2013-05-23 01:16 - 2013-05-23 01:16 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
    2013-05-23 01:16 - 2013-05-23 01:12 - 01588760 ____A C:\Users\Finn\Documents\SetupVirtualCloneDrive5460.exe
    2013-05-23 01:16 - 2013-05-23 01:10 - 07009736 ____A (Innovative Solutions ) C:\Users\Finn\Documents\drivermax_7_13_cnet.exe
    2013-05-23 01:03 - 2013-05-30 07:43 - 00000000 ____D C:\Users\Finn\Documents\802.11g PCI Turbo Wireless Adapter
    2013-05-23 01:03 - 2013-05-23 01:03 - 00000000 ____D C:\Users\Finn\AppData\Roaming\WinRAR
    2013-05-23 01:03 - 2013-05-23 01:03 - 00000000 ____D C:\Program Files\WinRAR
    2013-05-23 00:12 - 2013-05-31 03:29 - 00058016 ____A C:\Users\Finn\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-05-23 00:12 - 2013-05-28 14:52 - 00000000 ___DC C:\Users\Finn\AppData\Local\MigWiz
    2013-05-23 00:11 - 2013-06-09 12:02 - 00000000 ____D C:\Windows\Minidump
    2013-05-23 00:07 - 2013-05-23 00:07 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
    2013-05-23 00:04 - 2013-06-05 20:16 - 00000000 ____D C:\users\Finn
    2013-05-23 00:04 - 2013-05-23 00:04 - 00000020 ___SH C:\Users\Finn\ntuser.ini
    2013-05-23 00:04 - 2013-05-23 00:04 - 00000000 ____D C:\Users\Finn\AppData\Local\VirtualStore
    2013-05-23 00:03 - 2013-05-23 00:03 - 00171136 _RASH C:\w7ldr
    2013-05-23 00:02 - 2013-05-23 00:02 - 00000000 ____D C:\Recovery
    2013-05-22 23:52 - 2013-05-22 23:52 - 00001313 ____A C:\Windows\TSSysprep.log
    2013-05-22 23:51 - 2013-06-09 12:35 - 01942110 ____A C:\Windows\WindowsUpdate.log
    2013-05-22 22:55 - 2013-05-23 08:48 - 00008192 _RASH C:\BOOTSECT.BAK
    2013-05-20 20:12 - 2013-05-20 20:12 - 00000000 ____D C:\Games
    2013-05-19 11:54 - 2013-05-19 11:54 - 00097176 ____A (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll
    2013-05-19 03:00 - 2013-05-19 03:01 - 00000000 ____D C:\d6196d965d6b437a870f139d18359e
    2013-05-18 18:24 - 2013-05-18 18:24 - 00001020 ____A C:\GEARDIFx_uninstall.log
    2013-05-17 22:39 - 2013-05-17 22:39 - 00003982 ____A C:\GEARDIFx_install.log
    2013-05-16 16:00 - 2013-05-16 16:01 - 00000000 ____D C:\Uninstall
    2013-05-16 16:00 - 2013-05-16 16:00 - 00000000 ____D C:\src
    2013-05-15 16:36 - 2004-08-27 17:26 - 00002155 ____A C:\hotfix.txt
    2013-05-15 16:36 - 2004-08-27 17:03 - 65792018 ____A C:\KB835221_ALL_OS_ALL_LOC.zip
    2013-05-15 16:36 - 2004-03-17 11:27 - 00005243 ____A C:\KB835221_Readme.txt
    2013-05-14 20:39 - 2013-05-23 01:58 - 00000000 ____D C:\SWSetup
    2013-05-13 19:27 - 2013-05-13 19:27 - 00000000 ____D C:\NVIDIA
    2013-05-12 21:46 - 2013-05-22 20:39 - 00000000 ____D C:\08fc8c25c373be2b65
    2013-05-12 21:34 - 2008-04-14 00:01 - 00250048 _RASH C:\ntldr
    2013-05-12 21:34 - 2008-04-13 22:13 - 00047564 _RASH C:\NTDETECT.COM
    2013-05-12 21:24 - 2013-05-23 08:47 - 00000355 _RASH C:\Boot.ini.saved
    2013-05-12 20:35 - 2013-05-12 20:35 - 00000000 _RASH C:\MSDOS.SYS
    2013-05-12 20:35 - 2013-05-12 20:35 - 00000000 _RASH C:\IO.SYS
    2013-05-12 20:35 - 2013-05-12 20:35 - 00000000 ____A C:\CONFIG.SYS
    2013-05-12 20:35 - 2013-05-12 20:35 - 00000000 ____A C:\AUTOEXEC.BAT

    ==================== One Month Modified Files and Folders =======

    2013-06-09 12:44 - 2013-05-22 23:51 - 01942110 ____A C:\Windows\WindowsUpdate.log
    2013-06-09 12:42 - 2013-06-09 12:43 - 01919210 ____A (Farbar) C:\Users\Finn\Desktop\FRST64 (1).exe
    2013-06-09 12:42 - 2013-06-09 12:42 - 00000000 ____D C:\Windows\LastGood
    2013-06-09 12:42 - 2013-05-28 14:47 - 00008182 ____A C:\Windows\setupact.log
    2013-06-09 12:37 - 2009-07-14 06:13 - 00722200 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-06-09 12:37 - 2009-07-14 05:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-06-09 12:37 - 2009-07-14 05:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-06-09 12:31 - 2013-05-31 03:36 - 00000000 ____D C:\ProgramData\NVIDIA
    2013-06-09 12:31 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-06-09 12:02 - 2013-06-09 12:02 - 00285376 ____A C:\Windows\Minidump\060913-47361-01.dmp
    2013-06-09 12:02 - 2013-05-30 20:00 - 354645076 ____A C:\Windows\MEMORY.DMP
    2013-06-09 12:02 - 2013-05-23 00:11 - 00000000 ____D C:\Windows\Minidump
    2013-06-06 05:04 - 2013-05-31 19:21 - 00000000 ____D C:\ComboFix
    2013-06-06 05:04 - 2013-05-30 18:54 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2013-06-06 05:04 - 2013-05-28 14:49 - 00000000 ____D C:\ProgramData\PC1Data
    2013-06-06 05:04 - 2013-05-28 14:49 - 00000000 ____D C:\ProgramData\PC Cleaners
    2013-06-06 05:04 - 2009-07-14 08:46 - 00000000 ____D C:\Program Files\Windows Journal
    2013-06-06 05:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\MUI
    2013-06-06 05:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
    2013-06-06 05:02 - 2013-05-28 23:23 - 00000000 ____D C:\Windows\System32\%LOCALAPPDATA%
    2013-06-06 05:02 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
    2013-06-06 05:01 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\servicing
    2013-06-06 05:00 - 2013-05-26 12:50 - 00000000 ____D C:\Users\Finn\AppData\Local\Microsoft Games
    2013-06-06 05:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
    2013-06-06 04:51 - 2013-05-31 20:24 - 00000000 ____D C:\JRT
    2013-06-06 04:51 - 2013-05-31 17:11 - 00000000 ____D C:\Windows\erdnt
    2013-06-05 20:46 - 2009-07-14 06:08 - 00018222 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2013-06-05 20:41 - 2013-05-26 16:39 - 00000000 ____D C:\Users\Finn\AppData\Local\CrashDumps
    2013-06-05 20:40 - 2013-06-05 20:39 - 00284792 ____A C:\Windows\Minidump\060513-46925-01.dmp
    2013-06-05 20:29 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\System
    2013-06-05 20:28 - 2013-06-05 20:28 - 00288344 ____A C:\Windows\Minidump\060513-47471-01.dmp
    2013-06-05 20:23 - 2013-06-02 18:15 - 00002578 ____A C:\Users\Finn\Desktop\FSS.txt
    2013-06-05 20:16 - 2013-06-05 20:16 - 00285280 ____A C:\Windows\Minidump\060513-31543-01.dmp
    2013-06-05 20:16 - 2013-05-23 00:04 - 00000000 ____D C:\users\Finn
    2013-06-05 20:14 - 2013-06-05 20:13 - 00285120 ____A C:\Windows\Minidump\060513-37986-01.dmp
    2013-06-05 18:07 - 2013-06-05 18:07 - 00003240 ____N C:\bootsqm.dat
    2013-06-02 18:13 - 2013-06-02 18:13 - 00001132 ____A C:\Users\Finn\Desktop\checkup.txt
    2013-05-31 22:27 - 2013-05-31 22:27 - 00000000 ____D C:\_OTL
    2013-05-31 21:04 - 2013-05-31 21:04 - 00000776 ____A C:\AdwCleaner[S1].txt
    2013-05-31 19:42 - 2013-05-31 19:42 - 00000000 ____D C:\FRST
    2013-05-31 17:48 - 2013-05-31 17:48 - 00000000 ___HD C:\Windows\AxInstSV
    2013-05-31 17:48 - 2013-05-31 17:48 - 00000000 ____D C:\Program Files (x86)\ESET
    2013-05-31 17:11 - 2013-05-31 17:11 - 00000000 ____D C:\Qoobox
    2013-05-31 16:46 - 2013-05-31 16:46 - 00000000 ____D C:\Windows\System32\Macromed
    2013-05-31 14:46 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
    2013-05-31 14:12 - 2013-05-23 20:19 - 00000000 ____D C:\ProgramData\Norton
    2013-05-31 13:46 - 2013-05-31 13:32 - 00000000 ____D C:\Users\Finn\Desktop\mbar
    2013-05-31 13:46 - 2013-05-29 18:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2013-05-31 13:04 - 2013-05-31 03:17 - 00004369 ____A C:\Windows\IE9_main.log
    2013-05-31 12:49 - 2013-05-31 12:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2013-05-31 03:37 - 2013-05-31 03:37 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
    2013-05-31 03:37 - 2013-05-31 03:35 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2013-05-31 03:37 - 2013-05-26 16:36 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2013-05-31 03:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
    2013-05-31 03:35 - 2013-05-31 03:35 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2013-05-31 03:29 - 2013-05-23 00:12 - 00058016 ____A C:\Users\Finn\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-05-31 03:27 - 2009-07-14 05:45 - 00275712 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-05-31 03:24 - 2013-05-31 03:24 - 00288008 ____A C:\Windows\Minidump\053113-21340-01.dmp
    2013-05-31 03:22 - 2013-05-31 03:22 - 00000000 ____D C:\Windows\CheckSur
    2013-05-31 02:48 - 2013-05-31 02:41 - 00000000 ____D C:\Users\Finn\Desktop\RK_Quarantine
    2013-05-31 02:45 - 2013-05-31 02:45 - 00791040 ____A C:\Users\Finn\Desktop\RogueKillerX64.exe
    2013-05-31 02:38 - 2013-05-23 18:42 - 00020310 ____A C:\Windows\PFRO.log
    2013-05-31 02:36 - 2013-05-23 20:20 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
    2013-05-31 01:41 - 2013-05-31 01:42 - 00688992 ____R (Swearware) C:\Users\Finn\Desktop\dds.com
    2013-05-31 01:31 - 2013-05-31 01:31 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-05-31 01:31 - 2013-05-29 16:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-05-31 01:26 - 2013-05-31 01:26 - 00284872 ____A C:\Windows\Minidump\053113-21902-01.dmp
    2013-05-31 01:23 - 2013-05-31 01:23 - 00285256 ____A C:\Windows\Minidump\053113-24632-01.dmp
    2013-05-31 01:03 - 2013-05-31 01:03 - 00002154 ____A C:\Windows\epplauncher.mif
    2013-05-31 01:03 - 2013-05-31 01:02 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2013-05-31 01:02 - 2013-05-31 01:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2013-05-30 23:35 - 2013-05-30 23:35 - 00284792 ____A C:\Windows\Minidump\053013-18517-01.dmp
    2013-05-30 23:29 - 2013-05-30 23:29 - 00285112 ____A C:\Windows\Minidump\053013-21980-01.dmp
    2013-05-30 23:17 - 2013-05-30 23:17 - 00284952 ____A C:\Windows\Minidump\053013-22167-01.dmp
    2013-05-30 23:10 - 2013-05-30 23:09 - 00285448 ____A C:\Windows\Minidump\053013-19359-01.dmp
    2013-05-30 23:04 - 2013-05-30 23:04 - 00284632 ____A C:\Windows\Minidump\053013-19172-01.dmp
    2013-05-30 22:59 - 2013-05-30 22:59 - 00285896 ____A C:\Windows\Minidump\053013-43914-01.dmp
    2013-05-30 22:38 - 2013-05-30 22:38 - 00284216 ____A C:\Windows\Minidump\053013-21559-01.dmp
    2013-05-30 21:12 - 2013-05-30 21:12 - 00287304 ____A C:\Windows\Minidump\053013-32526-01.dmp
    2013-05-30 20:40 - 2013-05-30 20:40 - 00001340 ____A C:\Users\Finn\Desktop\Norton Installation Files.lnk
    2013-05-30 20:40 - 2013-05-30 20:40 - 00001244 ____A C:\Users\Finn\Desktop\Norton Download Manager.lnk
    2013-05-30 20:40 - 2013-05-29 13:24 - 00000000 ____D C:\Users\Public\Downloads\Norton
    2013-05-30 20:21 - 2013-05-23 19:58 - 00246442 ____A C:\Windows\ntbtlog.txt.bak
    2013-05-30 20:00 - 2013-05-30 20:00 - 00286376 ____A C:\Windows\Minidump\053013-57408-01.dmp
    2013-05-30 19:52 - 2013-05-30 19:52 - 04167680 ____A C:\Program Files (x86)\GUT279D.tmp
    2013-05-30 19:52 - 2013-05-30 19:52 - 00000000 ____D C:\Program Files (x86)\GUM278D.tmp
    2013-05-30 19:52 - 2013-05-29 12:50 - 00000000 ____D C:\Program Files (x86)\Google
    2013-05-30 19:52 - 2013-05-29 12:49 - 00000000 ____D C:\Users\Finn\AppData\Local\Deployment
    2013-05-30 19:29 - 2013-05-29 14:32 - 00000000 ____D C:\Users\Finn\AppData\Roaming\uTorrent
    2013-05-30 19:29 - 2013-05-29 11:26 - 00000000 ____D C:\ProgramData\TP-LINK
    2013-05-30 18:57 - 2013-05-30 18:54 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
    2013-05-30 18:54 - 2013-05-30 18:54 - 00001262 ____A C:\Users\Finn\Desktop\Spybot - Search & Destroy.lnk
    2013-05-30 18:42 - 2013-05-30 18:42 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2013-05-30 18:41 - 2013-05-29 12:49 - 00000000 ____D C:\Users\Finn\AppData\Local\Apps\2.0
    2013-05-30 16:11 - 2013-05-30 16:11 - 151247144 ____A (COMODO) C:\Users\Finn\Downloads\cispremium_installer.exe
    2013-05-30 16:08 - 2013-05-30 16:08 - 98142048 ____A (COMODO) C:\Users\Finn\Downloads\cfw_installer.exe
    2013-05-30 07:43 - 2013-05-29 19:05 - 00000000 ____D C:\ProgramData\Comodo
    2013-05-30 07:43 - 2013-05-29 18:23 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2013-05-30 07:43 - 2013-05-29 16:09 - 00000000 ____D C:\Users\Finn\Documents\Security
    2013-05-30 07:43 - 2013-05-23 20:19 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
    2013-05-30 07:43 - 2013-05-23 01:53 - 00000000 ____D C:\Users\Finn\Documents\2Wire_Vista64USBdriver_In_Autorun_v3.0
    2013-05-30 07:43 - 2013-05-23 01:03 - 00000000 ____D C:\Users\Finn\Documents\802.11g PCI Turbo Wireless Adapter
    2013-05-30 07:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2013-05-29 23:14 - 2013-05-28 23:13 - 00000000 ____D C:\Users\Finn\Documents\Mount&Blade Warband Savegames
    2013-05-29 20:41 - 2013-05-29 20:40 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Spotify
    2013-05-29 19:24 - 2013-05-29 19:24 - 00000000 ____D C:\VritualRoot
    2013-05-29 19:05 - 2013-05-29 19:05 - 00000000 ____D C:\Program Files\COMODO
    2013-05-29 18:24 - 2013-05-29 18:24 - 00000000 ____D C:\Users\Finn\AppData\Roaming\SUPERAntiSpyware.com
    2013-05-29 18:23 - 2013-05-29 18:23 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2013-05-29 17:46 - 2013-05-29 17:44 - 00000000 ____D C:\Users\Finn\AppData\Local\NPE
    2013-05-29 16:20 - 2013-05-29 16:20 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Malwarebytes
    2013-05-29 16:19 - 2013-05-29 16:19 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-05-29 13:58 - 2013-05-29 13:57 - 00000000 ____D C:\ProgramData\AVAST Software
    2013-05-29 13:58 - 2013-05-29 13:57 - 00000000 ____D C:\Program Files\AVAST Software
    2013-05-29 13:34 - 2013-05-29 13:34 - 00000000 ____D C:\Windows\SysWOW64\%LOCALAPPDATA%
    2013-05-29 13:09 - 2013-05-29 13:09 - 00000000 ____D C:\Users\Finn\Documents\GTA Vice City Mods
    2013-05-29 12:52 - 2013-05-29 12:50 - 00000000 ____D C:\Users\Finn\AppData\Local\Google
    2013-05-29 12:33 - 2013-05-29 12:33 - 00000000 ____D C:\Users\Finn\Documents\Symantec
    2013-05-29 00:07 - 2013-05-26 18:03 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Mount&Blade Warband
    2013-05-28 23:19 - 2013-05-28 20:57 - 00000000 ____D C:\Users\Finn\Documents\Mount&Blade Warband
    2013-05-28 21:06 - 2013-05-28 21:06 - 00003133 ____A C:\Users\Finn\Desktop\M&B Warband.lnk
    2013-05-28 20:10 - 2013-05-28 20:10 - 00001298 ____A C:\Users\Finn\Desktop\GTA Vice City.lnk
    2013-05-28 14:52 - 2013-05-23 00:12 - 00000000 ___DC C:\Users\Finn\AppData\Local\MigWiz
    2013-05-28 14:49 - 2013-05-28 14:49 - 00000735 ____A C:\Users\Finn\Desktop\PC Cleaner Pro.lnk
    2013-05-28 14:47 - 2013-05-28 14:47 - 00000000 ____A C:\Windows\setuperr.log
    2013-05-28 14:22 - 2013-05-28 14:49 - 05371088 ____A (PC Cleaners) C:\ProgramData\pclunst.exe
    2013-05-26 16:35 - 2013-05-26 16:35 - 00002105 ____A C:\Users\Public\Desktop\Mafia II.lnk
    2013-05-26 16:28 - 2013-05-26 16:28 - 00000000 ____D C:\Program Files (x86)\2K Games
    2013-05-26 15:46 - 2013-05-26 15:21 - 00000000 ____D C:\Users\Finn\Documents\GTA Vice City User Files
    2013-05-26 13:44 - 2013-05-26 13:44 - 00000000 ____D C:\Users\Finn\AppData\Local\2K Games
    2013-05-26 13:33 - 2013-05-23 20:08 - 00010843 ____A C:\Windows\DirectX.log
    2013-05-26 13:29 - 2013-05-26 13:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2013-05-26 13:29 - 2013-05-26 13:29 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
    2013-05-24 04:49 - 2013-05-24 04:49 - 00000000 ____D C:\NBRT
    2013-05-24 04:19 - 2013-05-23 18:48 - 00000000 ____D C:\Users\Finn\048298C9A4D3490B9FF9AB023A9238F3.TMP
    2013-05-24 04:19 - 2013-05-23 18:48 - 00000000 ____D C:\Program Files (x86)\Steam
    2013-05-23 20:20 - 2013-05-23 20:20 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Tific
    2013-05-23 20:20 - 2013-05-23 20:20 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Macromedia
    2013-05-23 20:20 - 2013-05-23 20:20 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Adobe
    2013-05-23 20:20 - 2013-05-23 20:20 - 00000000 ____D C:\Users\Finn\AppData\Local\Symantec
    2013-05-23 20:10 - 2013-05-23 20:10 - 00000000 ____D C:\Users\Finn\Documents\My Games
    2013-05-23 20:10 - 2013-05-23 20:10 - 00000000 ____D C:\Users\Finn\AppData\Local\Skyrim
    2013-05-23 20:10 - 2013-05-23 20:01 - 00000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim
    2013-05-23 18:45 - 2013-05-23 18:45 - 00000000 ___AH C:\Users\Finn\Documents\Default.rdp
    2013-05-23 08:48 - 2013-05-22 22:55 - 00008192 _RASH C:\BOOTSECT.BAK
    2013-05-23 08:47 - 2013-05-12 21:24 - 00000355 _RASH C:\Boot.ini.saved
    2013-05-23 08:47 - 2009-07-14 06:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
    2013-05-23 08:47 - 2009-07-14 06:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
    2013-05-23 08:47 - 2009-07-14 05:45 - 00000000 ____D C:\Windows\Setup
    2013-05-23 01:58 - 2013-05-14 20:39 - 00000000 ____D C:\SWSetup
    2013-05-23 01:56 - 2013-05-23 01:58 - 21707032 ____A (Hewlett-Packard Company ) C:\Users\Finn\Documents\sp47895.exe
    2013-05-23 01:17 - 2013-05-23 01:17 - 00001254 ____A C:\Users\Public\Desktop\Virtual CloneDrive.lnk
    2013-05-23 01:17 - 2013-05-23 01:17 - 00000000 ____D C:\Users\Finn\AppData\Local\Innovative Solutions
    2013-05-23 01:16 - 2013-05-23 01:16 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
    2013-05-23 01:16 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\System32\restore
    2013-05-23 01:12 - 2013-05-23 01:16 - 01588760 ____A C:\Users\Finn\Documents\SetupVirtualCloneDrive5460.exe
    2013-05-23 01:10 - 2013-05-23 01:16 - 07009736 ____A (Innovative Solutions ) C:\Users\Finn\Documents\drivermax_7_13_cnet.exe
    2013-05-23 01:03 - 2013-05-23 01:03 - 00000000 ____D C:\Users\Finn\AppData\Roaming\WinRAR
    2013-05-23 01:03 - 2013-05-23 01:03 - 00000000 ____D C:\Program Files\WinRAR
    2013-05-23 00:07 - 2013-05-23 00:07 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
    2013-05-23 00:04 - 2013-05-23 00:04 - 00000020 ___SH C:\Users\Finn\ntuser.ini
    2013-05-23 00:04 - 2013-05-23 00:04 - 00000000 ____D C:\Users\Finn\AppData\Local\VirtualStore
    2013-05-23 00:03 - 2013-05-23 00:03 - 00171136 _RASH C:\w7ldr
    2013-05-23 00:02 - 2013-05-23 00:02 - 00000000 ____D C:\Recovery
    2013-05-23 00:02 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\Recovery
    2013-05-22 23:55 - 2013-05-23 08:48 - 00000000 ____D C:\Windows\Panther
    2013-05-22 23:52 - 2013-05-22 23:52 - 00001313 ____A C:\Windows\TSSysprep.log
    2013-05-22 23:52 - 2009-07-14 05:46 - 00001774 ____A C:\Windows\DtcInstall.log
    2013-05-22 23:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\sysprep
    2013-05-22 23:49 - 2009-07-14 08:46 - 00000000 ____D C:\Windows\CSC
    2013-05-22 20:39 - 2013-05-12 21:46 - 00000000 ____D C:\08fc8c25c373be2b65
    2013-05-20 20:12 - 2013-05-20 20:12 - 00000000 ____D C:\Games
    2013-05-19 11:54 - 2013-05-19 11:54 - 00097176 ____A (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll
    2013-05-19 03:01 - 2013-05-19 03:00 - 00000000 ____D C:\d6196d965d6b437a870f139d18359e
    2013-05-18 18:24 - 2013-05-18 18:24 - 00001020 ____A C:\GEARDIFx_uninstall.log
    2013-05-17 22:39 - 2013-05-17 22:39 - 00003982 ____A C:\GEARDIFx_install.log
    2013-05-16 16:01 - 2013-05-16 16:00 - 00000000 ____D C:\Uninstall
    2013-05-16 16:00 - 2013-05-16 16:00 - 00000000 ____D C:\src
    2013-05-13 19:27 - 2013-05-13 19:27 - 00000000 ____D C:\NVIDIA
    2013-05-12 22:13 - 2013-05-23 08:08 - 00000211 ____H C:\Boot.BAK
    2013-05-12 20:35 - 2013-05-12 20:35 - 00000000 _RASH C:\MSDOS.SYS
    2013-05-12 20:35 - 2013-05-12 20:35 - 00000000 _RASH C:\IO.SYS
    2013-05-12 20:35 - 2013-05-12 20:35 - 00000000 ____A C:\CONFIG.SYS
    2013-05-12 20:35 - 2013-05-12 20:35 - 00000000 ____A C:\AUTOEXEC.BAT

    Files to move or delete:
    ====================
    C:\ProgramData\pclunst.exe

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2013-06-04 19:55

    ==================== End Of Log ============================
     
  21. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    That looks good.

    Now, your computer is definitely lacking some Windows updates including Service Pack 1.

    Create new restore point and try to run Eset scan again.
    Possibly use different browser to run Eset.

    Do NOT allow any Windows updates yet.
     
  22. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    Would you like me to include ESET scan log in next reply?
     
  23. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    Yes.
     
  24. finnclrk4

    finnclrk4 TS Rookie Topic Starter Posts: 44

    ESET Online Scanner still crashes with BSOD but the two trojans that were in the ESET log before are detected almost immediately and are the only two that the ESET scanner detected last time so I doubt I have gotten any other viruses in the meantime. So my computer is still infected with these two trojans.
     
  25. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    I can't comment without seeing file names and their locations.

    Please click HERE to download Kaspersky Virus Removal Tool.

    • Double click on the file you just downloaded and let it install.
    • It will install to your desktop (be patient; it may take a while).
    • Accept license agreement and click "Start" button.
    • Click on Settings button [​IMG]
      • In Scan scope leave pre-checked items as they're and also checkmark My Computer
      • In Actions checkmark Select action: (disinfect; delete if disinfection fails) instead of preselected Prompt on detection
    • Click on Automatic Scan tab and then click on Start scanning button.
    • Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
    • When the scan is done NO log will be produced.
    • Click on Report button [​IMG] then on Automatic Scan report tab.
    • Right click anywhere within right pane, click Select All then right click again and click Copy.
    • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
    • You can save this on the desktop.
    • Post the contents of the document in your next reply.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.