Author Topic: Trojan Horse in my Windows directory, read only so I cannot move to chest  (Read 48102 times)

0 Members and 1 Guest are viewing this topic.

Drejer

  • Guest
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003B37AE-21F5-5BC5-F5EB-CD60A8928696}" = AMD Accelerated Video Transcoding
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{35D00343-3BFA-46A1-C6DD-FFD770501E0B}" = AMD Drag and Drop Transcoding
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6397820D-9FC6-774C-1EF5-CBA09049E426}" = AMD Fuel
"{653B9326-BD45-53BE-681A-A49CAAEE8A3C}" = ccc-utility64
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}" = AMD Catalyst Install Manager
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{AAFE68DD-A2D5-BDBF-E1B2-CB01DEFD6EB0}" = AMD Media Foundation Decoders
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E06357A3-5F44-B1AE-F4BA-9DAC26A209C9}" = ccc-utility64
"Dell Support Center" = Dell Support Center
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D29B7E9-CDFF-807D-1D4E-FFB77D809836}" = CCC Help Italian
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13464292-6666-B2DB-1B0C-A3FE14DAD1F9}" = CCC Help Dutch
"{144D9816-818D-C36E-33A0-889A19C5EDA6}" = CCC Help Portuguese
"{18BED011-2EEF-1148-E90C-D6556565B2EC}" = CCC Help Polish
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C2435C-5B06-2E12-5087-116D8EF658B8}" = CCC Help Korean
"{26791563-0BDF-1FBE-CC21-994A09559CCE}" = Catalyst Control Center Graphics Previews Common
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{338CD56F-1CDC-CF32-33F6-DED2DF92284E}" = CCC Help French
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A25676C-038C-504A-FA32-F971B36BF7EE}" = Catalyst Control Center Graphics Previews Vista
"{3B8FF075-F41B-89DD-41F7-B90A6A01B8F8}" = Catalyst Control Center Graphics Full New
"{44453D07-5BDB-45F8-E3DF-20A7F76407D0}" = CCC Help Czech
"{46458556-5C46-79A9-A6FF-81DF1F8B2729}" = CCC Help Hungarian
"{466E1C7A-AEAF-2F55-26E2-A727B761AAB0}" = CCC Help Dutch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{50ED6ABB-078C-8B17-1181-DC6DDB4E52DC}" = Catalyst Control Center InstallProxy
"{519D68B8-A768-4CDC-E4C9-B115D49CED93}" = CCC Help Norwegian
"{51D383BC-D988-8C1E-FAA1-BC5260A32A87}" = CCC Help Polish
"{56E55229-CBE7-211E-0CD1-AB3712AF177A}" = CCC Help Danish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5A883D2B-D279-0D01-6E62-B810AFD8CC62}" = Catalyst Control Center InstallProxy
"{5CE2D957-59C2-4489-481E-2E38EAE59762}" = CCC Help Spanish
"{5DEB2BA0-0E1F-D5CB-A0C4-F738590BE973}" = Catalyst Control Center Core Implementation
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{6675371D-22CD-F426-DC4C-9DDF594D0BBE}" = CCC Help Chinese Traditional
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67A4760F-9804-CCF6-C319-27840ED77924}" = CCC Help Korean
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6839108F-BC82-30BC-776F-D635EDA2B3D4}" = CCC Help Russian
"{6B1ADEE1-1595-82C4-6FB9-97B65F68E9EE}" = CCC Help Swedish
"{6B206787-2964-D9D8-A1F6-7D98B6BCD7F9}" = CCC Help Hungarian
"{6BE5E4A9-D88B-532D-26E6-883C32BF098A}" = CCC Help Thai
"{6E0D26C1-4265-1D02-4D19-D0A8F6A463F8}" = AMD VISION Engine Control Center
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

Drejer

  • Guest
"{73EFFD76-009E-A554-AA1F-106DBE475525}" = CCC Help French
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{775FCAEB-C804-02B9-135F-D9A189A1CCDC}" = CCC Help English
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{77D41B26-31DE-4EBA-F974-26D67B728FDB}" = CCC Help Turkish
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7DD62206-7B6C-E32E-BD11-B49B3B089D16}" = CCC Help Danish
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{833FE2B0-DCD7-8995-6374-F69F1A84055F}" = CCC Help German
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D0BED50-BD2B-5EBA-7F04-5513F1B9EC74}" = CCC Help Thai
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9739158D-EDED-D628-9865-1460B5A7FAE3}" = CCC Help Portuguese
"{9809124C-0C4C-2367-7889-1E16D8EF1AAF}" = CCC Help Chinese Standard
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98C7AEBC-350A-52D6-6886-76FB98C6A503}" = Catalyst Control Center Graphics Full Existing
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A6E1EE9D-01DD-82FD-BDBC-193BCEF9FD5C}" = CCC Help Greek
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB13F192-49FC-A065-F15C-746B10CC43C8}" = CCC Help Japanese
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{AE548812-D611-608D-61C6-7E40F28573A2}" = CCC Help Russian
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{BC63AEF9-1367-9F7C-5926-52E56450EDCD}" = CCC Help Spanish
"{BE6F906F-9F86-5CED-E122-8C6A162295B8}" = Skins
"{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
"{C1E2D27F-B363-588E-8859-9EF7F4EBF418}" = CCC Help Chinese Traditional
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}" = Dell Marketplace Webslice IE8
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1E89604-DFBE-2DF8-BE82-A0076107AA32}" = CCC Help Finnish
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D76AC809-CCC1-6198-4970-A63FA5CF7DCB}" = CCC Help Swedish
"{D770F4B4-C422-45D9-8CEE-1B4C66E68CA8}" = Dell Stage
"{DA675EE2-4C04-9699-0EE2-7EF9FE7AB870}" = CCC Help German
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E06F7C95-4D68-63D9-2231-AA5F8E186FCB}" = CCC Help English
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E21A8F3C-1ACB-46B1-CE72-E9CF09549DED}" = Catalyst Control Center Localization All
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E2F52AC2-B925-C18F-E1AE-42FBD46ECAC7}" = CCC Help Czech

Drejer

  • Guest
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E50D9AC2-EB3C-3161-FF97-4E800D106D0E}" = CCC Help Norwegian
"{E649AC39-69C0-C6FE-0A54-4752DB5D1FD2}" = Catalyst Control Center Graphics Previews Common
"{E65DADC9-D6B1-6706-41DE-FA19149869E5}" = Catalyst Control Center Graphics Light
"{E9463114-898C-7C2A-2C47-E9ABC63F5D43}" = CCC Help Finnish
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBF60699-3D2E-6677-D504-5B4846171C8E}" = ccc-core-static
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F336F89D-8C5A-432C-8EA9-DA19377AD591}" = Dell MusicStage
"{F4044E58-9707-2918-1DA9-D3E400F0B699}" = CCC Help Japanese
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F70ACEA1-05C5-6D98-9C0C-F3AD818E1E33}" = CCC Help Chinese Standard
"{F835D378-5073-8C86-70EF-9A3B739F9897}" = CCC Help Greek
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF10AC4D-3349-99DA-3E58-5197CEA1D833}" = CCC Help Italian
"{FFD3A1EB-F550-3309-7AFE-17E4BB778423}" = Catalyst Control Center Localization All
"{FFEC93FF-C162-C0C3-B5E7-01214B0E5F2D}" = CCC Help Turkish
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast" = avast! Free Antivirus
"Dll-Files Fixer_is1" = Dll-Files Fixer
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"League of Legends 3.0.0" = League of Legends
"RaidCall" = RaidCall
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/29/2013 11:57:21 PM | Computer Name = DJ-PC | Source = Application Error | ID = 1000
Description = Faulting application name: stage_primary.exe, version: 1.4.173.0,
time stamp: 0x4d3e318e  Faulting module name: libumajin.dll, version: 2.7.9.2638,
time stamp: 0x4d33c4fc  Exception code: 0xc0000005  Fault offset: 0x000df7dc  Faulting
 process id: 0xef4  Faulting application start time: 0x01ce5ce9b380b235  Faulting application
 path: C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe  Faulting module
 path: C:\Program Files (x86)\Dell Stage\Dell Stage\libumajin.dll  Report Id: 06cdfdce-c8dd-11e2-99e5-f04da2ea25f9
 

Drejer

  • Guest
Error - 5/30/2013 12:21:57 AM | Computer Name = DJ-PC | Source = McLogEvent | ID = 5004
Description =
 
Error - 5/30/2013 12:21:57 AM | Computer Name = DJ-PC | Source = McLogEvent | ID = 5022
Description =
 
Error - 5/30/2013 12:21:57 AM | Computer Name = DJ-PC | Source = McLogEvent | ID = 5004
Description =
 
Error - 5/30/2013 12:21:57 AM | Computer Name = DJ-PC | Source = McLogEvent | ID = 5022
Description =
 
[ Dell Events ]
Error - 5/30/2013 12:43:27 AM | Computer Name = DJ-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 5/30/2013 12:57:37 AM | Computer Name = DJ-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
[ System Events ]
Error - 5/30/2013 12:27:13 AM | Computer Name = DJ-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom
 
Error - 5/30/2013 12:28:44 AM | Computer Name = DJ-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >

Drejer

  • Guest
Crossing my fingers that you don't find anything!

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Hi Drejer,

There is something that seems to have survived. Let's take care of it and see if there is anything else.

Please download

Farbar Recovery Scan Tool 64-Bit  and save it to your desktop.

Next, download and save to your Desktop the attached file fixlist.txt

Next

  • Right click FRST.exe and click "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Fix button.
  • FRST will process the script in Fixlist.txt
  • It will make a log (fixlog.txt) on the desktop. Please copy and paste it to your reply.

Next

Important

Reboot the computer.

Next

Open FRST and click the scan button.

Please post back with
  • fixlog.txt
  • FRST log


Drejer

  • Guest
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-05-2013
Ran by DJ at 2013-05-30 08:43:46 Run:1
Running from C:\Users\DJ\Desktop
Boot Mode: Normal
==============================================


=========  fsutil reparsepoint delete "C:\Program Files\Windows Defender\en-US" =========


========= End of CMD: =========


==== End of Fixlog ====

Drejer

  • Guest
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-05-2013
Ran by DJ (administrator) on 30-05-2013 08:48:47
Running from C:\Users\DJ\Desktop
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Farbar) C:\Users\DJ\Desktop\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8321568 2009-11-09] (Realtek Semiconductor)
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207350 2011-01-25] ()
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161088 2010-07-21] ()
HKLM-x32\...\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120032 2010-08-11] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161088 2010-07-21] ()
HKLM-x32\...\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120032 2010-08-11] ()
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [] 

HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKCU SearchScopes: DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.252.0.12

Drejer

  • Guest
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (South Park) - C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiakcboakkfknbginpmpfkcdmcmpnfm\1.6_0
CHR Extension: (Google Drive) - C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0
CHR Extension: (Google Search) - C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0
CHR Extension: (avast! Online Security) - C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.7_0
CHR Extension: (Reddit Enhancement Suite) - C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.2.0.1_0
CHR Extension: (Skype Click to Call) - C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0
CHR Extension: (ScriptSafe) - C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.13_0
CHR Extension: (Gmail) - C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR Extension: (League Streams) - C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\plbfmpfcbppeepkmbgphjpgldpgglbob\1.2.1_0

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-05-09] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378432 2013-05-09] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-05-09] ()

==================== NetSvcs (Whitelisted) ===================

Drejer

  • Guest
==================== One Month Created Files and Folders ========

2013-05-30 08:43 - 2013-05-30 08:43 - 00000000 ____D C:\FRST
2013-05-30 08:42 - 2013-05-30 08:42 - 01915774 ____A (Farbar) C:\Users\DJ\Desktop\FRST64.exe
2013-05-30 02:13 - 2013-05-30 02:56 - 00000000 ____D C:\Users\DJ\AppData\Roaming\Skype
2013-05-30 02:12 - 2013-05-30 02:12 - 01337448 ____A (Skype Technologies S.A.) C:\Users\DJ\Desktop\SkypeSetup.exe
2013-05-30 01:18 - 2013-05-30 01:18 - 00000000 ____D C:\Users\DJ\AppData\Roaming\LolClient
2013-05-30 01:14 - 2013-05-30 01:14 - 00771962 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-05-30 01:11 - 2009-11-25 14:47 - 01942856 ____A (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2013-05-30 01:11 - 2009-11-25 14:47 - 01130824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2013-05-30 01:11 - 2009-11-25 14:47 - 00444752 ____A (Microsoft Corporation) C:\Windows\System32\mscoree.dll
2013-05-30 01:11 - 2009-11-25 14:47 - 00320352 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
2013-05-30 01:11 - 2009-11-25 14:47 - 00297808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2013-05-30 01:11 - 2009-11-25 14:47 - 00295264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2013-05-30 01:11 - 2009-11-25 14:47 - 00109912 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHostProxy.dll
2013-05-30 01:11 - 2009-11-25 14:47 - 00099176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2013-05-30 01:11 - 2009-11-25 14:47 - 00049472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2013-05-30 01:11 - 2009-11-25 14:47 - 00048960 ____A (Microsoft Corporation) C:\Windows\System32\netfxperf.dll
2013-05-30 01:10 - 2013-05-30 01:10 - 00889416 ____A (Microsoft Corporation) C:\Users\DJ\Desktop\dotNetFx40_Full_setup.exe
2013-05-30 01:08 - 2013-05-30 01:08 - 00418351 ____A C:\Users\DJ\Desktop\bin.zip
2013-05-30 01:07 - 2013-05-30 01:07 - 00008779 ____A C:\Users\DJ\Desktop\FontResolutions.xml
2013-05-30 00:36 - 2013-05-30 00:36 - 00121374 ____A C:\Users\DJ\Desktop\OTL.Txt
2013-05-30 00:36 - 2013-05-30 00:36 - 00051520 ____A C:\Users\DJ\Desktop\Extras.Txt
2013-05-30 00:24 - 2013-05-30 00:24 - 00602112 ____A (OldTimer Tools) C:\Users\DJ\Desktop\OTL.exe
2013-05-30 00:07 - 2013-05-30 00:07 - 00107520 ____A C:\Windows\SysWOW64\libgcc_s_dw2-1.dll
2013-05-30 00:07 - 2013-04-11 16:12 - 00019392 ____A (Dll-Files.com) C:\Windows\System32\roboot64.exe
2013-05-30 00:05 - 2013-05-30 01:09 - 00000000 ____D C:\Riot Games
2013-05-30 00:05 - 2013-05-30 00:05 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-05-30 00:05 - 2008-07-31 10:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-05-30 00:05 - 2008-07-31 10:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-05-30 00:05 - 2008-07-12 08:18 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-05-30 00:05 - 2008-07-12 08:18 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-05-30 00:05 - 2008-07-12 08:18 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-05-30 00:03 - 2013-05-30 03:00 - 00000000 ____D C:\Users\DJ\AppData\Local\PMB Files
2013-05-30 00:03 - 2013-05-30 03:00 - 00000000 ____D C:\ProgramData\PMB Files
2013-05-30 00:03 - 2013-05-30 00:09 - 00000000 ____D C:\Program Files (x86)\LeagueWindowFIx
2013-05-30 00:03 - 2013-05-30 00:03 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-05-30 00:02 - 2013-05-30 00:02 - 00000000 ____D C:\Users\DJ\AppData\Roaming\Riot Games
2013-05-30 00:01 - 2013-05-30 00:01 - 32229024 ____A (Riot Games) C:\Users\DJ\Desktop\LeagueofLegends_NA_Installer_05_07_13.exe
2013-05-29 23:57 - 2013-05-29 23:57 - 00000000 ____D C:\Users\DJ\My Backup Files
2013-05-29 23:45 - 2013-05-29 23:45 - 00000000 ____D C:\Users\DJ\AppData\Roaming\raidcall
2013-05-29 23:44 - 2013-05-02 02:06 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-29 23:42 - 2013-05-30 01:18 - 00000000 ____D C:\Program Files (x86)\RaidCall
2013-05-29 23:42 - 2013-05-29 23:42 - 05517176 ____A C:\Users\DJ\Desktop\raidcall_v7.2.4.exe
2013-05-29 23:42 - 2013-05-29 23:42 - 00001009 ____A C:\Users\DJ\Desktop\RaidCall.lnk
2013-05-29 23:29 - 2013-05-29 23:29 - 00000000 ____D C:\Users\DJ\AppData\Local\Dell
2013-05-29 23:20 - 2013-05-29 23:20 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-05-29 23:20 - 2013-05-29 23:20 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-05-29 23:18 - 2013-05-29 23:20 - 00000000 ____D C:\ProgramData\AMD
2013-05-29 23:16 - 2013-05-29 23:19 - 00000000 ____D C:\Program Files\ATI Technologies
2013-05-29 23:16 - 2013-05-29 23:16 - 00000000 ____D C:\Program Files\ATI
2013-05-29 23:11 - 2013-05-29 23:11 - 00000000 ____D C:\Users\DJ\AppData\LocalGoogle
2013-05-29 23:11 - 2013-05-29 23:11 - 00000000 ____D C:\AMD

Drejer

  • Guest
2013-05-29 23:10 - 2013-05-29 23:10 - 00001884 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-05-29 23:10 - 2013-05-09 03:59 - 01025808 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-05-29 23:10 - 2013-05-09 03:59 - 00378432 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-05-29 23:10 - 2013-05-09 03:59 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-05-29 23:10 - 2013-05-09 03:59 - 00072016 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-05-29 23:10 - 2013-05-09 03:59 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-05-29 23:10 - 2013-05-09 03:59 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-05-29 23:10 - 2013-05-09 03:59 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-05-29 23:09 - 2013-05-29 23:09 - 00792704 ____A (AMD) C:\Users\DJ\Downloads\amddriverdownloader.exe
2013-05-29 23:09 - 2013-05-29 23:09 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-05-29 23:09 - 2013-05-09 03:59 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-05-29 23:09 - 2013-05-09 03:58 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-05-29 23:08 - 2013-05-29 23:08 - 00000000 ____D C:\ProgramData\AVAST Software
2013-05-29 23:08 - 2013-05-29 23:08 - 00000000 ____D C:\Program Files\AVAST Software
2013-05-29 23:08 - 2013-05-09 03:58 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-05-29 23:07 - 2013-05-29 23:07 - 117478104 ____A C:\Users\DJ\Downloads\avast_free_antivirus_setup.exe
2013-05-29 23:04 - 2013-05-30 08:46 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-29 23:04 - 2013-05-30 08:23 - 00000000 ____D C:\Users\DJ\AppData\Local\Google
2013-05-29 23:04 - 2013-05-30 08:09 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-29 23:04 - 2013-05-29 23:11 - 00000000 ____D C:\Program Files (x86)\Google
2013-05-29 23:04 - 2013-05-29 23:04 - 00002257 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-05-29 23:03 - 2013-05-29 23:04 - 00000000 ____D C:\Users\DJ\AppData\Local\Deployment
2013-05-29 23:03 - 2013-05-29 23:03 - 00000000 ____D C:\Users\DJ\AppData\Roaming\Macromedia
2013-05-29 23:03 - 2013-05-29 23:03 - 00000000 ____D C:\Users\DJ\AppData\Roaming\Adobe
2013-05-29 23:03 - 2013-05-29 23:03 - 00000000 ____D C:\Users\DJ\AppData\Local\Apps\2.0
2013-05-29 22:58 - 2012-02-15 01:27 - 01031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2013-05-29 22:58 - 2012-02-15 00:44 - 00826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2013-05-29 22:58 - 2012-02-14 23:47 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2013-05-29 22:58 - 2012-02-14 23:46 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2013-05-29 22:57 - 2013-05-29 22:57 - 00000000 ____D C:\Users\DJ\AppData\Roaming\Roxio
2013-05-29 22:57 - 2013-05-29 22:57 - 00000000 ____D C:\Users\DJ\AppData\Roaming\Dell Touch Zone
2013-05-29 22:57 - 2013-05-29 22:57 - 00000000 ____D C:\Users\DJ\AppData\Roaming\Dell
2013-05-29 22:56 - 2013-05-29 22:56 - 00000000 ____D C:\Users\DJ\AppData\Roaming\ATI
2013-05-29 22:56 - 2013-05-29 22:56 - 00000000 ____D C:\Users\DJ\AppData\Local\ATI
2013-05-29 22:55 - 2013-05-30 08:47 - 00000072 ____A C:\Windows\SysWOW64\ToasterLauncherLog.log
2013-05-29 22:55 - 2013-05-29 23:26 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-05-29 22:55 - 2013-05-29 23:26 - 00000422 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2013-05-29 22:55 - 2013-05-29 22:55 - 00011185 ____A C:\Windows\System32\TEST.log
2013-05-29 22:55 - 2013-05-29 22:55 - 00001055 ____A C:\Windows\System32\SENT.log
2013-05-29 22:55 - 2013-05-29 22:55 - 00000654 ____A C:\Windows\System32\RECV.log
2013-05-29 22:55 - 2013-05-29 22:55 - 00000000 ____D C:\Users\DJ\AppData\Local\VirtualStore
2013-05-29 22:53 - 2013-05-29 22:53 - 00074400 ____A C:\Users\DJ\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-29 22:53 - 2012-06-02 17:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2013-05-29 22:53 - 2012-06-02 17:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2013-05-29 22:53 - 2012-06-02 17:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2013-05-29 22:53 - 2012-06-02 17:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2013-05-29 22:52 - 2013-05-30 08:47 - 00000000 ____D C:\Users\DJ\AppData\Local\SoftThinks
2013-05-29 22:52 - 2013-05-29 23:57 - 00000000 ____D C:\users\DJ
2013-05-29 22:52 - 2013-05-29 22:52 - 00000020 ___SH C:\Users\DJ\ntuser.ini
2013-05-29 22:52 - 2013-05-29 22:52 - 00000000 ____D C:\Users\DJ\AppData\Local\Dell Edoc Viewer
2013-05-29 22:52 - 2012-06-02 17:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2013-05-29 22:52 - 2012-06-02 17:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2013-05-29 22:52 - 2012-06-02 17:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2013-05-29 22:52 - 2012-06-02 15:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2013-05-29 22:52 - 2012-06-02 15:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2013-05-29 22:52 - 2011-05-09 22:38 - 00000000 ___RD C:\Users\DJ\Desktop\Play Games
2013-05-29 22:28 - 2013-05-29 22:28 - 00000000 ____D C:\Windows\SMINST

Drejer

  • Guest
==================== One Month Modified Files and Folders =======

2013-05-30 08:47 - 2013-05-29 22:55 - 00000072 ____A C:\Windows\SysWOW64\ToasterLauncherLog.log
2013-05-30 08:47 - 2013-05-29 22:52 - 00000000 ____D C:\Users\DJ\AppData\Local\SoftThinks
2013-05-30 08:47 - 2011-05-09 22:22 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-05-30 08:46 - 2013-05-29 23:04 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-30 08:46 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-30 08:46 - 2009-07-13 23:51 - 00022038 ____A C:\Windows\setupact.log
2013-05-30 08:44 - 2009-07-14 00:10 - 01189890 ____A C:\Windows\WindowsUpdate.log
2013-05-30 08:43 - 2013-05-30 08:43 - 00000000 ____D C:\FRST
2013-05-30 08:42 - 2013-05-30 08:42 - 01915774 ____A (Farbar) C:\Users\DJ\Desktop\FRST64.exe
2013-05-30 08:23 - 2013-05-29 23:04 - 00000000 ____D C:\Users\DJ\AppData\Local\Google
2013-05-30 08:10 - 2009-07-13 23:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-30 08:10 - 2009-07-13 23:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-30 08:09 - 2013-05-29 23:04 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-30 08:09 - 2009-07-14 00:13 - 00778150 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-30 03:00 - 2013-05-30 00:03 - 00000000 ____D C:\Users\DJ\AppData\Local\PMB Files
2013-05-30 03:00 - 2013-05-30 00:03 - 00000000 ____D C:\ProgramData\PMB Files
2013-05-30 02:56 - 2013-05-30 02:13 - 00000000 ____D C:\Users\DJ\AppData\Roaming\Skype
2013-05-30 02:13 - 2011-05-09 22:24 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-05-30 02:13 - 2011-05-09 22:23 - 00000000 ____D C:\ProgramData\Skype
2013-05-30 02:12 - 2013-05-30 02:12 - 01337448 ____A (Skype Technologies S.A.) C:\Users\DJ\Desktop\SkypeSetup.exe
2013-05-30 01:18 - 2013-05-30 01:18 - 00000000 ____D C:\Users\DJ\AppData\Roaming\LolClient
2013-05-30 01:18 - 2013-05-29 23:42 - 00000000 ____D C:\Program Files (x86)\RaidCall
2013-05-30 01:14 - 2013-05-30 01:14 - 00771962 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-05-30 01:10 - 2013-05-30 01:10 - 00889416 ____A (Microsoft Corporation) C:\Users\DJ\Desktop\dotNetFx40_Full_setup.exe
2013-05-30 01:09 - 2013-05-30 00:05 - 00000000 ____D C:\Riot Games
2013-05-30 01:08 - 2013-05-30 01:08 - 00418351 ____A C:\Users\DJ\Desktop\bin.zip
2013-05-30 01:07 - 2013-05-30 01:07 - 00008779 ____A C:\Users\DJ\Desktop\FontResolutions.xml
2013-05-30 00:36 - 2013-05-30 00:36 - 00121374 ____A C:\Users\DJ\Desktop\OTL.Txt
2013-05-30 00:36 - 2013-05-30 00:36 - 00051520 ____A C:\Users\DJ\Desktop\Extras.Txt
2013-05-30 00:24 - 2013-05-30 00:24 - 00602112 ____A (OldTimer Tools) C:\Users\DJ\Desktop\OTL.exe
2013-05-30 00:09 - 2013-05-30 00:03 - 00000000 ____D C:\Program Files (x86)\LeagueWindowFIx
2013-05-30 00:07 - 2013-05-30 00:07 - 00107520 ____A C:\Windows\SysWOW64\libgcc_s_dw2-1.dll
2013-05-30 00:05 - 2013-05-30 00:05 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-05-30 00:03 - 2013-05-30 00:03 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-05-30 00:02 - 2013-05-30 00:02 - 00000000 ____D C:\Users\DJ\AppData\Roaming\Riot Games
2013-05-30 00:01 - 2013-05-30 00:01 - 32229024 ____A (Riot Games) C:\Users\DJ\Desktop\LeagueofLegends_NA_Installer_05_07_13.exe
2013-05-29 23:57 - 2013-05-29 23:57 - 00000000 ____D C:\Users\DJ\My Backup Files
2013-05-29 23:57 - 2013-05-29 22:52 - 00000000 ____D C:\users\DJ
2013-05-29 23:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Cursors
2013-05-29 23:45 - 2013-05-29 23:45 - 00000000 ____D C:\Users\DJ\AppData\Roaming\raidcall
2013-05-29 23:42 - 2013-05-29 23:42 - 05517176 ____A C:\Users\DJ\Desktop\raidcall_v7.2.4.exe
2013-05-29 23:42 - 2013-05-29 23:42 - 00001009 ____A C:\Users\DJ\Desktop\RaidCall.lnk
2013-05-29 23:29 - 2013-05-29 23:29 - 00000000 ____D C:\Users\DJ\AppData\Local\Dell
2013-05-29 23:26 - 2013-05-29 22:55 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-05-29 23:26 - 2013-05-29 22:55 - 00000422 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2013-05-29 23:26 - 2011-05-09 22:36 - 00000000 ____D C:\ProgramData\McAfee
2013-05-29 23:25 - 2011-05-10 00:26 - 00000000 ____D C:\dell
2013-05-29 23:25 - 2011-05-10 00:05 - 00015542 ____A C:\Windows\PFRO.log
2013-05-29 23:20 - 2013-05-29 23:20 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-05-29 23:20 - 2013-05-29 23:20 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-05-29 23:20 - 2013-05-29 23:18 - 00000000 ____D C:\ProgramData\AMD
2013-05-29 23:19 - 2013-05-29 23:16 - 00000000 ____D C:\Program Files\ATI Technologies
2013-05-29 23:17 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-05-29 23:16 - 2013-05-29 23:16 - 00000000 ____D C:\Program Files\ATI
2013-05-29 23:11 - 2013-05-29 23:11 - 00000000 ____D C:\Users\DJ\AppData\LocalGoogle
2013-05-29 23:11 - 2013-05-29 23:11 - 00000000 ____D C:\AMD
2013-05-29 23:11 - 2013-05-29 23:04 - 00000000 ____D C:\Program Files (x86)\Google
2013-05-29 23:10 - 2013-05-29 23:10 - 00001884 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-05-29 23:09 - 2013-05-29 23:09 - 00792704 ____A (AMD) C:\Users\DJ\Downloads\amddriverdownloader.exe
2013-05-29 23:09 - 2013-05-29 23:09 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-05-29 23:08 - 2013-05-29 23:08 - 00000000 ____D C:\ProgramData\AVAST Software
2013-05-29 23:08 - 2013-05-29 23:08 - 00000000 ____D C:\Program Files\AVAST Software
2013-05-29 23:07 - 2013-05-29 23:07 - 117478104 ____A C:\Users\DJ\Downloads\avast_free_antivirus_setup.exe
2013-05-29 23:04 - 2013-05-29 23:04 - 00002257 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-05-29 23:04 - 2013-05-29 23:03 - 00000000 ____D C:\Users\DJ\AppData\Local\Deployment
2013-05-29 23:03 - 2013-05-29 23:03 - 00000000 ____D C:\Users\DJ\AppData\Roaming\Macromedia
2013-05-29 23:03 - 2013-05-29 23:03 - 00000000 ____D C:\Users\DJ\AppData\Roaming\Adobe
2013-05-29 23:03 - 2013-05-29 23:03 - 00000000 ____D C:\Users\DJ\AppData\Local\Apps\2.0
2013-05-29 22:57 - 2013-05-29 22:57 - 00000000 ____D C:\Users\DJ\AppData\Roaming\Roxio
2013-05-29 22:57 - 2013-05-29 22:57 - 00000000 ____D C:\Users\DJ\AppData\Roaming\Dell Touch Zone
2013-05-29 22:57 - 2013-05-29 22:57 - 00000000 ____D C:\Users\DJ\AppData\Roaming\Dell
2013-05-29 22:56 - 2013-05-29 22:56 - 00000000 ____D C:\Users\DJ\AppData\Roaming\ATI
2013-05-29 22:56 - 2013-05-29 22:56 - 00000000 ____D C:\Users\DJ\AppData\Local\ATI
2013-05-29 22:55 - 2013-05-29 22:55 - 00011185 ____A C:\Windows\System32\TEST.log
2013-05-29 22:55 - 2013-05-29 22:55 - 00001055 ____A C:\Windows\System32\SENT.log
2013-05-29 22:55 - 2013-05-29 22:55 - 00000654 ____A C:\Windows\System32\RECV.log
2013-05-29 22:55 - 2013-05-29 22:55 - 00000000 ____D C:\Users\DJ\AppData\Local\VirtualStore
2013-05-29 22:53 - 2013-05-29 22:53 - 00074400 ____A C:\Users\DJ\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-29 22:52 - 2013-05-29 22:52 - 00000020 ___SH C:\Users\DJ\ntuser.ini
2013-05-29 22:52 - 2013-05-29 22:52 - 00000000 ____D C:\Users\DJ\AppData\Local\Dell Edoc Viewer
2013-05-29 22:51 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-05-29 22:51 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-05-29 22:47 - 2011-05-10 00:32 - 00000000 ____D C:\Windows\Panther
2013-05-29 22:28 - 2013-05-29 22:28 - 00000000 ____D C:\Windows\SMINST
2013-05-09 03:59 - 2013-05-29 23:10 - 01025808 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-05-09 03:59 - 2013-05-29 23:10 - 00378432 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-05-09 03:59 - 2013-05-29 23:10 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-05-09 03:59 - 2013-05-29 23:10 - 00072016 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-05-09 03:59 - 2013-05-29 23:10 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-05-09 03:59 - 2013-05-29 23:10 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-05-09 03:59 - 2013-05-29 23:10 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-05-09 03:59 - 2013-05-29 23:09 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-05-09 03:58 - 2013-05-29 23:09 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-05-09 03:58 - 2013-05-29 23:08 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-05-02 02:06 - 2013-05-29 23:44 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

Drejer

  • Guest
==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2011-05-10 00:05

==================== End Of Log ============================

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Hi Drejer,

How's the computer? Can you run Windows Defender?

Drejer

  • Guest
Yes, and I got the message no unwanted or harmful hardware detected.