ForceTrooper
Posts: 36 +0
I got a notification today from AVG that trojan virus Win64/Patched.A in services.exe could not be removed because the original file had been replaced with malware. I've run AVG, McAfee, and MalwareBytes with no success. AVG keeps saying it can only be removed manually. I've done some reading on this and seen what other people have done to fix the problem. I've run FRST on my system and I've pasted the logs below. I'm pretty much lost as to what to do next. I'd appreciate any help you can give.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-10-2012
Ran by User at 20-10-2012 21:26:54
Running from I:\
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.The operation completed successfully.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.
==================== One Month Created Files and Folders ========
2012-10-20 20:07 - 2012-10-20 21:26 - 00000000 ____D C:\FRST
2012-10-20 17:55 - 2012-10-20 19:11 - 00002396 ____A C:\Users\Grover\Desktop\avgrep.txt
2012-10-20 11:45 - 2012-08-23 11:31 - 00021880 ____A (AVG) C:\Windows\SysWOW64\authuitu.dll
2012-10-20 11:45 - 2012-08-23 11:31 - 00021880 ____A (AVG) C:\Windows\System32\authuitu.dll
2012-10-20 11:44 - 2012-10-20 11:44 - 00000000 ____D C:\Users\Grover\AppData\Roaming\AVG
2012-10-20 11:43 - 2012-10-20 11:45 - 00000000 ____D C:\Users\All Users\AVG
2012-10-20 11:43 - 2012-10-20 11:43 - 00000000 __SHD C:\Users\All Users\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-10-20 11:01 - 2012-10-20 11:01 - 00002767 ____A C:\Users\Public\Desktop\SyncUP.lnk
2012-10-20 10:59 - 2012-10-20 10:59 - 00002148 ____A C:\Users\Public\Desktop\Nero Blu-ray Player.lnk
2012-10-20 10:53 - 2012-10-20 11:43 - 58674136 ____A (AVG) C:\Users\Grover\Desktop\avg_tuh_stf_all_2013_2_24c4.exe
2012-10-20 10:42 - 2012-10-20 10:43 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-10-19 22:29 - 2012-08-30 12:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-19 22:29 - 2012-08-30 12:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-10-19 22:29 - 2012-08-30 12:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-19 22:29 - 2012-08-30 12:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-19 22:29 - 2012-08-20 12:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-10-19 22:29 - 2012-08-20 12:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-10-19 22:29 - 2012-08-20 12:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-10-19 22:29 - 2012-08-20 12:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\setup16.exe
2012-10-19 22:29 - 2012-08-20 12:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-10-19 22:29 - 2012-08-20 12:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-19 22:29 - 2012-08-20 12:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-10-19 22:29 - 2012-08-20 12:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-19 22:29 - 2012-08-20 12:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-10-19 22:29 - 2012-08-20 12:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wow32.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 10:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-10-19 22:29 - 2012-08-20 10:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\instnm.exe
2012-10-19 22:29 - 2012-08-20 10:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-10-19 22:29 - 2012-08-20 10:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\user.exe
2012-10-19 22:29 - 2012-08-20 10:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 10:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 10:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 10:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 10:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 10:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 10:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 10:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-19 22:28 - 2012-08-24 11:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-19 22:28 - 2012-08-24 11:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-19 22:27 - 2012-09-14 13:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-19 22:27 - 2012-09-14 13:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-19 22:27 - 2012-08-10 18:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-19 22:27 - 2012-08-10 18:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-19 22:25 - 2012-06-01 23:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-19 22:25 - 2012-06-01 23:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-19 22:25 - 2012-06-01 23:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-19 22:25 - 2012-06-01 23:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-19 22:25 - 2012-06-01 23:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-10-19 22:25 - 2012-06-01 23:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-19 20:54 - 2012-10-20 10:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-19 20:54 - 2012-10-19 20:54 - 00000000 ____D C:\Users\Grover\AppData\Roaming\Malwarebytes
2012-10-19 20:54 - 2012-10-19 20:54 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-10-19 19:47 - 2012-10-19 19:55 - 92121088 ____A C:\Users\Grover\Downloads\avg_arl_cdi_all_120_120823a5226.iso
2012-10-16 20:41 - 2012-10-19 21:09 - 00000000 __SHD C:\Users\Grover\AppData\Roaming\System
2012-10-13 17:13 - 2012-10-13 17:17 - 47740019 ____A C:\Users\Grover\Desktop\mister_rogers_remixed_garden_of_your_mind_pbs_digital_studios_youtube.wmv
2012-10-13 17:04 - 2012-10-13 17:06 - 11259964 ____A C:\Users\Grover\Downloads\PBS' autotuned 'Mister Rogers' remix that will blow your mind Guyism.mp4
2012-10-12 11:43 - 1994-12-31 19:00 - 00000044 ____A C:\Users\Grover\Desktop\Track05.cda
2012-10-12 11:18 - 2012-10-12 11:18 - 00000000 ____A C:\Users\Grover\AppData\Local\rx_image32.Cache
2012-10-12 10:29 - 2012-10-19 22:06 - 00000000 ____D C:\Users\Grover\Documents\e-Sword
2012-10-12 00:19 - 2012-10-19 22:07 - 00000000 ____D C:\Program Files (x86)\e-Sword
2012-10-10 17:20 - 2012-10-19 22:17 - 00000000 ____D C:\Users\Grover\Documents\Fax
2012-10-05 16:37 - 2012-10-19 22:07 - 00000000 ___DC C:\Users\All Users\{5EB42881-1E29-48E3-9E86-E4B71E83A651}
2012-10-05 16:37 - 2012-10-05 16:37 - 00000000 ____D C:\Users\All Users\Transparent
2012-10-05 16:37 - 2012-10-05 16:37 - 00000000 ____D C:\Program Files (x86)\Transparent
2012-10-05 16:37 - 2012-10-05 16:37 - 00000000 ____D C:\ImportReports
2012-10-05 16:25 - 2012-10-05 16:37 - 00005430 ____A C:\Users\Grover\BykiDownloader.log
2012-09-23 03:00 - 2012-08-24 02:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-23 03:00 - 2012-08-24 02:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-23 03:00 - 2012-08-24 02:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-23 03:00 - 2012-08-24 02:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-23 03:00 - 2012-08-24 01:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-09-23 03:00 - 2012-08-24 01:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-23 03:00 - 2012-08-24 01:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-09-23 03:00 - 2012-08-24 01:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-23 03:00 - 2012-08-24 01:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-23 03:00 - 2012-08-24 01:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet(14752).dll
2012-09-23 03:00 - 2012-08-24 01:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-23 03:00 - 2012-08-24 01:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet(14752).dll
2012-09-23 03:00 - 2012-08-24 01:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-23 03:00 - 2012-08-24 01:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon(14747).dll
2012-09-23 03:00 - 2012-08-24 01:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-23 03:00 - 2012-08-24 01:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon(14747).dll
2012-09-23 03:00 - 2012-08-24 01:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-23 03:00 - 2012-08-24 01:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-23 03:00 - 2012-08-24 01:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-23 03:00 - 2012-08-24 01:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-23 03:00 - 2012-08-24 01:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-09-23 03:00 - 2012-08-24 01:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-23 03:00 - 2012-08-24 01:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-09-23 03:00 - 2012-08-24 01:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-23 03:00 - 2012-08-24 01:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-09-23 03:00 - 2012-08-24 01:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-23 03:00 - 2012-08-24 01:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-09-23 03:00 - 2012-08-24 01:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-23 03:00 - 2012-08-24 01:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-23 03:00 - 2012-08-24 01:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil(14721).dll
2012-09-23 03:00 - 2012-08-24 01:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-23 03:00 - 2012-08-24 01:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil(14721).dll
2012-09-23 03:00 - 2012-08-24 01:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-23 03:00 - 2012-08-24 01:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-23 03:00 - 2012-08-24 01:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-23 03:00 - 2012-08-24 01:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-23 03:00 - 2012-08-24 01:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-23 03:00 - 2012-08-24 01:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-22 20:05 - 2012-09-10 15:25 - 00002693 ____A C:\Users\Grover\Desktop\Microsoft Office Word 2007.lnk
2012-09-21 22:37 - 2012-09-21 22:38 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2012-09-21 22:37 - 2012-09-21 22:38 - 00000000 ____D C:\Windows\System32\Adobe
2012-09-20 13:45 - 2012-09-20 13:45 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2012-09-20 13:45 - 2012-09-20 13:45 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
==================== 3 Months Modified Files ==================
2012-10-21 00:20 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-21 00:20 - 2009-07-13 23:51 - 00038918 ____A C:\Windows\setupact.log
2012-10-20 23:13 - 2012-02-13 19:06 - 01796178 ____A C:\Windows\WindowsUpdate.log
2012-10-20 23:10 - 2010-11-20 22:47 - 00034810 ____A C:\Windows\PFRO.log
2012-10-20 19:11 - 2012-10-20 17:55 - 00002396 ____A C:\Users\Grover\Desktop\avgrep.txt
2012-10-20 17:43 - 2012-09-17 09:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-20 11:43 - 2012-10-20 10:53 - 58674136 ____A (AVG) C:\Users\Grover\Desktop\avg_tuh_stf_all_2013_2_24c4.exe
2012-10-20 11:01 - 2012-10-20 11:01 - 00002767 ____A C:\Users\Public\Desktop\SyncUP.lnk
2012-10-20 10:59 - 2012-10-20 10:59 - 00002148 ____A C:\Users\Public\Desktop\Nero Blu-ray Player.lnk
2012-10-19 22:44 - 2012-09-17 09:25 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-10-19 22:44 - 2012-09-17 09:25 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-10-19 22:44 - 2012-02-13 19:09 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-10-19 22:44 - 2012-02-13 19:09 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-10-19 22:31 - 2012-09-09 01:21 - 00000967 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2012-10-19 22:19 - 2012-09-08 23:49 - 00084712 ____A C:\Users\Grover\AppData\Local\GDIPFONTCACHEV1.DAT
2012-10-19 19:55 - 2012-10-19 19:47 - 92121088 ____A C:\Users\Grover\Downloads\avg_arl_cdi_all_120_120823a5226.iso
2012-10-13 17:17 - 2012-10-13 17:13 - 47740019 ____A C:\Users\Grover\Desktop\mister_rogers_remixed_garden_of_your_mind_pbs_digital_studios_youtube.wmv
2012-10-13 17:06 - 2012-10-13 17:04 - 11259964 ____A C:\Users\Grover\Downloads\PBS' autotuned 'Mister Rogers' remix that will blow your mind Guyism.mp4
2012-10-12 11:18 - 2012-10-12 11:18 - 00000000 ____A C:\Users\Grover\AppData\Local\rx_image32.Cache
2012-10-05 16:37 - 2012-10-05 16:25 - 00005430 ____A C:\Users\Grover\BykiDownloader.log
2012-09-14 13:28 - 2012-10-19 22:27 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-14 13:28 - 2012-10-19 22:27 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-10 15:25 - 2012-09-22 20:05 - 00002693 ____A C:\Users\Grover\Desktop\Microsoft Office Word 2007.lnk
2012-09-09 09:08 - 2012-09-09 09:07 - 00295164 ____A C:\Windows\msxml4-KB973688-enu.LOG
2012-09-09 09:06 - 2012-09-09 09:05 - 00296626 ____A C:\Windows\msxml4-KB954430-enu.LOG
2012-09-09 08:54 - 2011-02-10 11:10 - 00772558 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-09-09 08:54 - 2011-02-10 11:10 - 00772558 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-09 01:00 - 2012-09-09 01:00 - 04411392 ____A (AVG Technologies) C:\Users\Grover\Downloads\avg_free_stb_all_2013_2667_cnet.exe
2012-09-08 23:53 - 2012-02-13 19:34 - 34665846 ____A C:\Windows\RPSETUP.EXE.LOG
2012-09-08 23:47 - 2012-09-08 23:47 - 00000020 ___SH C:\Users\Grover\ntuser.ini
2012-08-30 12:12 - 2012-10-19 22:29 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 12:12 - 2012-10-19 22:29 - 03968880 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-08-30 12:12 - 2012-10-19 22:29 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-30 12:12 - 2012-10-19 22:29 - 03914096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-24 11:57 - 2012-10-19 22:28 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 11:57 - 2012-10-19 22:28 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 02:27 - 2012-09-23 03:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-24 02:27 - 2012-09-23 03:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:03 - 2012-09-23 03:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-24 02:03 - 2012-09-23 03:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 01:59 - 2012-09-23 03:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-24 01:59 - 2012-09-23 03:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 01:51 - 2012-09-23 03:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-24 01:51 - 2012-09-23 03:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 01:51 - 2012-09-23 03:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-24 01:51 - 2012-09-23 03:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet(14752).dll
2012-08-24 01:51 - 2012-09-23 03:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 01:51 - 2012-09-23 03:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet(14752).dll
2012-08-24 01:51 - 2012-09-23 03:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-24 01:51 - 2012-09-23 03:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon(14747).dll
2012-08-24 01:51 - 2012-09-23 03:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 01:51 - 2012-09-23 03:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon(14747).dll
2012-08-24 01:49 - 2012-09-23 03:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-24 01:49 - 2012-09-23 03:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 01:48 - 2012-09-23 03:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-24 01:48 - 2012-09-23 03:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 01:47 - 2012-09-23 03:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-24 01:47 - 2012-09-23 03:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 01:47 - 2012-09-23 03:00 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-24 01:47 - 2012-09-23 03:00 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 01:47 - 2012-09-23 03:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-24 01:47 - 2012-09-23 03:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 01:45 - 2012-09-23 03:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-24 01:45 - 2012-09-23 03:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 01:44 - 2012-09-23 03:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-24 01:44 - 2012-09-23 03:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil(14721).dll
2012-08-24 01:44 - 2012-09-23 03:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 01:44 - 2012-09-23 03:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil(14721).dll
2012-08-24 01:44 - 2012-09-23 03:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-24 01:44 - 2012-09-23 03:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 01:43 - 2012-09-23 03:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-24 01:43 - 2012-09-23 03:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 01:40 - 2012-09-23 03:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-24 01:40 - 2012-09-23 03:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 11:31 - 2012-10-20 11:45 - 00021880 ____A (AVG) C:\Windows\SysWOW64\authuitu.dll
2012-08-23 11:31 - 2012-10-20 11:45 - 00021880 ____A (AVG) C:\Windows\System32\authuitu.dll
2012-08-20 12:40 - 2012-10-19 22:29 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-08-20 12:40 - 2012-10-19 22:29 - 00014336 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-08-20 12:38 - 2012-10-19 22:29 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-08-20 12:38 - 2012-10-19 22:29 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\setup16.exe
2012-08-20 12:37 - 2012-10-19 22:29 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-08-20 12:37 - 2012-10-19 22:29 - 01114112 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-20 12:37 - 2012-10-19 22:29 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-08-20 12:37 - 2012-10-19 22:29 - 00274944 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-20 12:37 - 2012-10-19 22:29 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-08-20 12:37 - 2012-10-19 22:29 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wow32.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 10:38 - 2012-10-19 22:29 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-08-20 10:38 - 2012-10-19 22:29 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\instnm.exe
2012-08-20 10:38 - 2012-10-19 22:29 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-08-20 10:38 - 2012-10-19 22:29 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\user.exe
2012-08-20 10:33 - 2012-10-19 22:29 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 10:33 - 2012-10-19 22:29 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 10:33 - 2012-10-19 22:29 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 10:33 - 2012-10-19 22:29 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 10:33 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 10:33 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 10:33 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-20 10:33 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-10 18:56 - 2012-10-19 22:27 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-08-10 18:56 - 2012-10-19 22:27 - 00542208 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-02 11:57 - 2012-09-12 09:33 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-08-02 11:57 - 2012-09-12 09:33 - 00490496 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
ZeroAccess:
C:\Windows\Installer\{97c7df4b-dbf1-bd74-1c25-6de286f718ee}
C:\Windows\Installer\{97c7df4b-dbf1-bd74-1c25-6de286f718ee}\L
C:\Windows\Installer\{97c7df4b-dbf1-bd74-1c25-6de286f718ee}\U
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2012-02-13 20:57] - [2012-02-13 20:57] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0833024 ____A (Microsoft Corporation) 5E0DB2D8B2750543CD2EBB9EA8E6CDD3
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
==================== Memory info ===========================
Percentage of memory in use: 37%
Total physical RAM: 5886.98 MB
Available physical RAM: 3684.29 MB
Total Pagefile: 11772.14 MB
Available Pagefile: 9076.04 MB
Total Virtual: 4095.88 MB
Available Virtual: 3991.61 MB
==================== Partitions =============================
1 Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:869.59 GB) NTFS
2 Drive d: (AVG Restore Disc) (CDROM) (Total:0.69 GB) (Free:0.68 GB) UDF
7 Drive I: () (Removable) (Total:3.73 GB) (Free:3.68 GB) FAT32
8 Drive j: () (Removable) (Total:7.47 GB) (Free:2.59 GB) FAT32
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 7667 MB 0 B
Disk 6 Online 3819 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 916 GB 14 GB
=========================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
There is no volume associated with this partition.
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 RECOVERY NTFS Partition 14 GB Healthy System (partition with boot components)
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 916 GB Healthy Boot
=========================================================
Partitions of Disk 5:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7655 MB 22 KB
=========================================================
Disk: 5
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J FAT32 Removable 7655 MB Healthy
=========================================================
Partitions of Disk 6:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3818 MB 16 KB
=========================================================
Disk: 6
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 I FAT32 Removable 3818 MB Healthy
=========================================================
==================== End Of Log ============================
Farbar Recovery Scan Tool (x86) Version: 15-10-2012
Ran by User at 2012-10-20 21:30:21
Running from I:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
=== End Of Search ===
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-10-2012
Ran by User at 20-10-2012 21:26:54
Running from I:\
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.The operation completed successfully.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.
==================== One Month Created Files and Folders ========
2012-10-20 20:07 - 2012-10-20 21:26 - 00000000 ____D C:\FRST
2012-10-20 17:55 - 2012-10-20 19:11 - 00002396 ____A C:\Users\Grover\Desktop\avgrep.txt
2012-10-20 11:45 - 2012-08-23 11:31 - 00021880 ____A (AVG) C:\Windows\SysWOW64\authuitu.dll
2012-10-20 11:45 - 2012-08-23 11:31 - 00021880 ____A (AVG) C:\Windows\System32\authuitu.dll
2012-10-20 11:44 - 2012-10-20 11:44 - 00000000 ____D C:\Users\Grover\AppData\Roaming\AVG
2012-10-20 11:43 - 2012-10-20 11:45 - 00000000 ____D C:\Users\All Users\AVG
2012-10-20 11:43 - 2012-10-20 11:43 - 00000000 __SHD C:\Users\All Users\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-10-20 11:01 - 2012-10-20 11:01 - 00002767 ____A C:\Users\Public\Desktop\SyncUP.lnk
2012-10-20 10:59 - 2012-10-20 10:59 - 00002148 ____A C:\Users\Public\Desktop\Nero Blu-ray Player.lnk
2012-10-20 10:53 - 2012-10-20 11:43 - 58674136 ____A (AVG) C:\Users\Grover\Desktop\avg_tuh_stf_all_2013_2_24c4.exe
2012-10-20 10:42 - 2012-10-20 10:43 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-10-19 22:29 - 2012-08-30 12:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-19 22:29 - 2012-08-30 12:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-10-19 22:29 - 2012-08-30 12:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-19 22:29 - 2012-08-30 12:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-19 22:29 - 2012-08-20 12:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-10-19 22:29 - 2012-08-20 12:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-10-19 22:29 - 2012-08-20 12:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-10-19 22:29 - 2012-08-20 12:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\setup16.exe
2012-10-19 22:29 - 2012-08-20 12:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-10-19 22:29 - 2012-08-20 12:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-19 22:29 - 2012-08-20 12:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-10-19 22:29 - 2012-08-20 12:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-19 22:29 - 2012-08-20 12:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-10-19 22:29 - 2012-08-20 12:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wow32.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 10:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-10-19 22:29 - 2012-08-20 10:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\instnm.exe
2012-10-19 22:29 - 2012-08-20 10:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-10-19 22:29 - 2012-08-20 10:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\user.exe
2012-10-19 22:29 - 2012-08-20 10:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 10:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 10:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 10:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 10:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 10:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 10:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-19 22:29 - 2012-08-20 10:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-19 22:28 - 2012-08-24 11:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-19 22:28 - 2012-08-24 11:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-19 22:27 - 2012-09-14 13:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-19 22:27 - 2012-09-14 13:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-19 22:27 - 2012-08-10 18:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-19 22:27 - 2012-08-10 18:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-19 22:25 - 2012-06-01 23:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-19 22:25 - 2012-06-01 23:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-19 22:25 - 2012-06-01 23:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-19 22:25 - 2012-06-01 23:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-19 22:25 - 2012-06-01 23:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-10-19 22:25 - 2012-06-01 23:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-19 20:54 - 2012-10-20 10:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-19 20:54 - 2012-10-19 20:54 - 00000000 ____D C:\Users\Grover\AppData\Roaming\Malwarebytes
2012-10-19 20:54 - 2012-10-19 20:54 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-10-19 19:47 - 2012-10-19 19:55 - 92121088 ____A C:\Users\Grover\Downloads\avg_arl_cdi_all_120_120823a5226.iso
2012-10-16 20:41 - 2012-10-19 21:09 - 00000000 __SHD C:\Users\Grover\AppData\Roaming\System
2012-10-13 17:13 - 2012-10-13 17:17 - 47740019 ____A C:\Users\Grover\Desktop\mister_rogers_remixed_garden_of_your_mind_pbs_digital_studios_youtube.wmv
2012-10-13 17:04 - 2012-10-13 17:06 - 11259964 ____A C:\Users\Grover\Downloads\PBS' autotuned 'Mister Rogers' remix that will blow your mind Guyism.mp4
2012-10-12 11:43 - 1994-12-31 19:00 - 00000044 ____A C:\Users\Grover\Desktop\Track05.cda
2012-10-12 11:18 - 2012-10-12 11:18 - 00000000 ____A C:\Users\Grover\AppData\Local\rx_image32.Cache
2012-10-12 10:29 - 2012-10-19 22:06 - 00000000 ____D C:\Users\Grover\Documents\e-Sword
2012-10-12 00:19 - 2012-10-19 22:07 - 00000000 ____D C:\Program Files (x86)\e-Sword
2012-10-10 17:20 - 2012-10-19 22:17 - 00000000 ____D C:\Users\Grover\Documents\Fax
2012-10-05 16:37 - 2012-10-19 22:07 - 00000000 ___DC C:\Users\All Users\{5EB42881-1E29-48E3-9E86-E4B71E83A651}
2012-10-05 16:37 - 2012-10-05 16:37 - 00000000 ____D C:\Users\All Users\Transparent
2012-10-05 16:37 - 2012-10-05 16:37 - 00000000 ____D C:\Program Files (x86)\Transparent
2012-10-05 16:37 - 2012-10-05 16:37 - 00000000 ____D C:\ImportReports
2012-10-05 16:25 - 2012-10-05 16:37 - 00005430 ____A C:\Users\Grover\BykiDownloader.log
2012-09-23 03:00 - 2012-08-24 02:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-23 03:00 - 2012-08-24 02:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-23 03:00 - 2012-08-24 02:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-23 03:00 - 2012-08-24 02:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-23 03:00 - 2012-08-24 01:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-09-23 03:00 - 2012-08-24 01:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-23 03:00 - 2012-08-24 01:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-09-23 03:00 - 2012-08-24 01:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-23 03:00 - 2012-08-24 01:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-23 03:00 - 2012-08-24 01:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet(14752).dll
2012-09-23 03:00 - 2012-08-24 01:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-23 03:00 - 2012-08-24 01:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet(14752).dll
2012-09-23 03:00 - 2012-08-24 01:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-23 03:00 - 2012-08-24 01:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon(14747).dll
2012-09-23 03:00 - 2012-08-24 01:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-23 03:00 - 2012-08-24 01:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon(14747).dll
2012-09-23 03:00 - 2012-08-24 01:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-23 03:00 - 2012-08-24 01:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-23 03:00 - 2012-08-24 01:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-23 03:00 - 2012-08-24 01:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-23 03:00 - 2012-08-24 01:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-09-23 03:00 - 2012-08-24 01:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-23 03:00 - 2012-08-24 01:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-09-23 03:00 - 2012-08-24 01:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-23 03:00 - 2012-08-24 01:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-09-23 03:00 - 2012-08-24 01:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-23 03:00 - 2012-08-24 01:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-09-23 03:00 - 2012-08-24 01:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-23 03:00 - 2012-08-24 01:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-23 03:00 - 2012-08-24 01:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil(14721).dll
2012-09-23 03:00 - 2012-08-24 01:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-23 03:00 - 2012-08-24 01:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil(14721).dll
2012-09-23 03:00 - 2012-08-24 01:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-23 03:00 - 2012-08-24 01:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-23 03:00 - 2012-08-24 01:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-23 03:00 - 2012-08-24 01:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-23 03:00 - 2012-08-24 01:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-23 03:00 - 2012-08-24 01:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-22 20:05 - 2012-09-10 15:25 - 00002693 ____A C:\Users\Grover\Desktop\Microsoft Office Word 2007.lnk
2012-09-21 22:37 - 2012-09-21 22:38 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2012-09-21 22:37 - 2012-09-21 22:38 - 00000000 ____D C:\Windows\System32\Adobe
2012-09-20 13:45 - 2012-09-20 13:45 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2012-09-20 13:45 - 2012-09-20 13:45 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
==================== 3 Months Modified Files ==================
2012-10-21 00:20 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-21 00:20 - 2009-07-13 23:51 - 00038918 ____A C:\Windows\setupact.log
2012-10-20 23:13 - 2012-02-13 19:06 - 01796178 ____A C:\Windows\WindowsUpdate.log
2012-10-20 23:10 - 2010-11-20 22:47 - 00034810 ____A C:\Windows\PFRO.log
2012-10-20 19:11 - 2012-10-20 17:55 - 00002396 ____A C:\Users\Grover\Desktop\avgrep.txt
2012-10-20 17:43 - 2012-09-17 09:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-20 11:43 - 2012-10-20 10:53 - 58674136 ____A (AVG) C:\Users\Grover\Desktop\avg_tuh_stf_all_2013_2_24c4.exe
2012-10-20 11:01 - 2012-10-20 11:01 - 00002767 ____A C:\Users\Public\Desktop\SyncUP.lnk
2012-10-20 10:59 - 2012-10-20 10:59 - 00002148 ____A C:\Users\Public\Desktop\Nero Blu-ray Player.lnk
2012-10-19 22:44 - 2012-09-17 09:25 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-10-19 22:44 - 2012-09-17 09:25 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-10-19 22:44 - 2012-02-13 19:09 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-10-19 22:44 - 2012-02-13 19:09 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-10-19 22:31 - 2012-09-09 01:21 - 00000967 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2012-10-19 22:19 - 2012-09-08 23:49 - 00084712 ____A C:\Users\Grover\AppData\Local\GDIPFONTCACHEV1.DAT
2012-10-19 19:55 - 2012-10-19 19:47 - 92121088 ____A C:\Users\Grover\Downloads\avg_arl_cdi_all_120_120823a5226.iso
2012-10-13 17:17 - 2012-10-13 17:13 - 47740019 ____A C:\Users\Grover\Desktop\mister_rogers_remixed_garden_of_your_mind_pbs_digital_studios_youtube.wmv
2012-10-13 17:06 - 2012-10-13 17:04 - 11259964 ____A C:\Users\Grover\Downloads\PBS' autotuned 'Mister Rogers' remix that will blow your mind Guyism.mp4
2012-10-12 11:18 - 2012-10-12 11:18 - 00000000 ____A C:\Users\Grover\AppData\Local\rx_image32.Cache
2012-10-05 16:37 - 2012-10-05 16:25 - 00005430 ____A C:\Users\Grover\BykiDownloader.log
2012-09-14 13:28 - 2012-10-19 22:27 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-14 13:28 - 2012-10-19 22:27 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-10 15:25 - 2012-09-22 20:05 - 00002693 ____A C:\Users\Grover\Desktop\Microsoft Office Word 2007.lnk
2012-09-09 09:08 - 2012-09-09 09:07 - 00295164 ____A C:\Windows\msxml4-KB973688-enu.LOG
2012-09-09 09:06 - 2012-09-09 09:05 - 00296626 ____A C:\Windows\msxml4-KB954430-enu.LOG
2012-09-09 08:54 - 2011-02-10 11:10 - 00772558 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-09-09 08:54 - 2011-02-10 11:10 - 00772558 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-09 01:00 - 2012-09-09 01:00 - 04411392 ____A (AVG Technologies) C:\Users\Grover\Downloads\avg_free_stb_all_2013_2667_cnet.exe
2012-09-08 23:53 - 2012-02-13 19:34 - 34665846 ____A C:\Windows\RPSETUP.EXE.LOG
2012-09-08 23:47 - 2012-09-08 23:47 - 00000020 ___SH C:\Users\Grover\ntuser.ini
2012-08-30 12:12 - 2012-10-19 22:29 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 12:12 - 2012-10-19 22:29 - 03968880 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-08-30 12:12 - 2012-10-19 22:29 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-30 12:12 - 2012-10-19 22:29 - 03914096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-24 11:57 - 2012-10-19 22:28 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 11:57 - 2012-10-19 22:28 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 02:27 - 2012-09-23 03:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-24 02:27 - 2012-09-23 03:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:03 - 2012-09-23 03:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-24 02:03 - 2012-09-23 03:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 01:59 - 2012-09-23 03:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-24 01:59 - 2012-09-23 03:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 01:51 - 2012-09-23 03:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-24 01:51 - 2012-09-23 03:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 01:51 - 2012-09-23 03:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-24 01:51 - 2012-09-23 03:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet(14752).dll
2012-08-24 01:51 - 2012-09-23 03:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 01:51 - 2012-09-23 03:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet(14752).dll
2012-08-24 01:51 - 2012-09-23 03:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-24 01:51 - 2012-09-23 03:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon(14747).dll
2012-08-24 01:51 - 2012-09-23 03:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 01:51 - 2012-09-23 03:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon(14747).dll
2012-08-24 01:49 - 2012-09-23 03:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-24 01:49 - 2012-09-23 03:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 01:48 - 2012-09-23 03:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-24 01:48 - 2012-09-23 03:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 01:47 - 2012-09-23 03:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-24 01:47 - 2012-09-23 03:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 01:47 - 2012-09-23 03:00 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-24 01:47 - 2012-09-23 03:00 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 01:47 - 2012-09-23 03:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-24 01:47 - 2012-09-23 03:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 01:45 - 2012-09-23 03:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-24 01:45 - 2012-09-23 03:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 01:44 - 2012-09-23 03:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-24 01:44 - 2012-09-23 03:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil(14721).dll
2012-08-24 01:44 - 2012-09-23 03:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 01:44 - 2012-09-23 03:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil(14721).dll
2012-08-24 01:44 - 2012-09-23 03:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-24 01:44 - 2012-09-23 03:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 01:43 - 2012-09-23 03:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-24 01:43 - 2012-09-23 03:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 01:40 - 2012-09-23 03:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-24 01:40 - 2012-09-23 03:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 11:31 - 2012-10-20 11:45 - 00021880 ____A (AVG) C:\Windows\SysWOW64\authuitu.dll
2012-08-23 11:31 - 2012-10-20 11:45 - 00021880 ____A (AVG) C:\Windows\System32\authuitu.dll
2012-08-20 12:40 - 2012-10-19 22:29 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-08-20 12:40 - 2012-10-19 22:29 - 00014336 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-08-20 12:38 - 2012-10-19 22:29 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-08-20 12:38 - 2012-10-19 22:29 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\setup16.exe
2012-08-20 12:37 - 2012-10-19 22:29 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-08-20 12:37 - 2012-10-19 22:29 - 01114112 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-20 12:37 - 2012-10-19 22:29 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-08-20 12:37 - 2012-10-19 22:29 - 00274944 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-20 12:37 - 2012-10-19 22:29 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-08-20 12:37 - 2012-10-19 22:29 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wow32.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 10:38 - 2012-10-19 22:29 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-08-20 10:38 - 2012-10-19 22:29 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\instnm.exe
2012-08-20 10:38 - 2012-10-19 22:29 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-08-20 10:38 - 2012-10-19 22:29 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\user.exe
2012-08-20 10:33 - 2012-10-19 22:29 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 10:33 - 2012-10-19 22:29 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 10:33 - 2012-10-19 22:29 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 10:33 - 2012-10-19 22:29 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 10:33 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 10:33 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 10:33 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-20 10:33 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-10 18:56 - 2012-10-19 22:27 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-08-10 18:56 - 2012-10-19 22:27 - 00542208 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-02 11:57 - 2012-09-12 09:33 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-08-02 11:57 - 2012-09-12 09:33 - 00490496 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
ZeroAccess:
C:\Windows\Installer\{97c7df4b-dbf1-bd74-1c25-6de286f718ee}
C:\Windows\Installer\{97c7df4b-dbf1-bd74-1c25-6de286f718ee}\L
C:\Windows\Installer\{97c7df4b-dbf1-bd74-1c25-6de286f718ee}\U
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2012-02-13 20:57] - [2012-02-13 20:57] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0833024 ____A (Microsoft Corporation) 5E0DB2D8B2750543CD2EBB9EA8E6CDD3
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
==================== Memory info ===========================
Percentage of memory in use: 37%
Total physical RAM: 5886.98 MB
Available physical RAM: 3684.29 MB
Total Pagefile: 11772.14 MB
Available Pagefile: 9076.04 MB
Total Virtual: 4095.88 MB
Available Virtual: 3991.61 MB
==================== Partitions =============================
1 Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:869.59 GB) NTFS
2 Drive d: (AVG Restore Disc) (CDROM) (Total:0.69 GB) (Free:0.68 GB) UDF
7 Drive I: () (Removable) (Total:3.73 GB) (Free:3.68 GB) FAT32
8 Drive j: () (Removable) (Total:7.47 GB) (Free:2.59 GB) FAT32
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 7667 MB 0 B
Disk 6 Online 3819 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 916 GB 14 GB
=========================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
There is no volume associated with this partition.
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 RECOVERY NTFS Partition 14 GB Healthy System (partition with boot components)
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 916 GB Healthy Boot
=========================================================
Partitions of Disk 5:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7655 MB 22 KB
=========================================================
Disk: 5
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J FAT32 Removable 7655 MB Healthy
=========================================================
Partitions of Disk 6:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3818 MB 16 KB
=========================================================
Disk: 6
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 I FAT32 Removable 3818 MB Healthy
=========================================================
==================== End Of Log ============================
Farbar Recovery Scan Tool (x86) Version: 15-10-2012
Ran by User at 2012-10-20 21:30:21
Running from I:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
=== End Of Search ===