Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2012 Ran by SYSTEM at 07-12-2012 01:55:16 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet002 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [] [x] HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10134560 2010-03-22] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [896032 2010-03-22] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation) HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation) HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1519016 2010-07-28] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-07-22] (TOSHIBA Corporation) HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation) HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1931024 2010-07-19] (Intel(R) Corporation) HKLM\...\Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash [1449984 2010-09-01] (Intel® Corporation) HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation) HKLM\...\Run: [MRT] "C:\windows\system32\MRT.exe" /R [66395536 2012-11-16] (Microsoft Corporation) HKLM-x32\...\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP [423936 2010-03-04] (TOSHIBA Electronics, Inc.) HKLM-x32\...\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [352256 2010-02-22] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295736 2011-02-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [x] HKLM-x32\...\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [x] HKLM-x32\...\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [552960 2010-09-23] (Toshiba) HKLM-x32\...\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" [115560 2011-02-10] (Symantec Corporation) HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.) HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [997320 2012-11-08] () HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [1022048 2012-09-04] () HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [x] HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-11-19] (LogMeIn Inc.) HKU\Experience\...\Run: [Best Buy pc app] C:\Users\Experience\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms [x] HKU\Guest\...\Run: [Best Buy pc app] C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms [398 2012-10-17] () HKU\Michael\...\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized [22465104 2012-02-07] (ooVoo LLC) HKU\Michael\...\Run: [Facebook Update] "C:\Users\Michael\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [x] HKU\Michael\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [x] HKU\Michael\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.) HKU\Michael\...\Run: [Google Update] "C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c [x] HKU\Michael\...\Run: [Zugo] Rundll32.exe C:\Users\Michael\AppData\Local\Zugo\mukfgwyz.dll,IZDSP_GetRoom [x] HKU\Michael\...\Run: [Toshiba] rundll32.exe "C:\Users\Michael\AppData\Local\VirtualStore\Toshiba\dmrpt.dll",DllRegisterServerW [413184 2012-11-20] () HKU\Michael\...\Run: [Windows Update Server] C:\Users\Michael\51a8247b-5762.exe [259072 2012-11-28] () HKU\Michael\...\Run: [AVG Secure Search] rundll32.exe "C:\Users\Michael\AppData\Local\Conduit\AVG Secure Search\mvljo.dll",CreateInstance [x] HKU\Michael\...\Run: [cleadt32] rundll32 "C:\Users\Michael\AppData\Local\Temp\cmdkepad.dll",CreateProcessNotify [x] HKU\Michael\...\Run: [fixmHost] rundll32 "C:\Users\Michael\AppData\Local\Temp\cmdkepad64.dll",CreateProcessNotify [x] HKU\Michael\...\Run: [KB00867457.exe] "C:\Users\Michael\AppData\Roaming\KB00867457.exe" [x] HKU\Michael\...\Run: [Uzazipfesu] C:\Users\Michael\AppData\Roaming\Odisqi\ymapf.exe [175616 2012-05-21] () HKU\Michael\...\Run: [SonyAgent] C:\windows\Temp\temp46.exe [769536 2012-09-04] () HKLM\...\RunOnce: [*Restore] C:\windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation) Winlogon\Notify\DfLogon: LogonDll.dll [X] HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$c025e8d8a8838a0c969a6cebb0edbcaa\n. ATTENTION! ====> ZeroAccess Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 75.75.75.75 75.75.76.76 Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy pc app.lnk ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File) Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy pc app.lnk ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File) ==================== Services (Whitelisted) =================== 2 ccEvtMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108392 2011-02-10] (Symantec Corporation) 2 ccSetMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108392 2011-02-10] (Symantec Corporation) 3 LiveUpdate; "C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE" [3093880 2010-09-07] (Symantec Corporation) 2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation) 2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation) 3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] () 4 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) 2 SmcService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe" [3249768 2011-02-10] (Symantec Corporation) 4 SNAC; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE" [428912 2011-02-10] (Symantec Corporation) 2 Symantec AntiVirus; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe" [1839776 2011-02-10] (Symantec Corporation) 2 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] () ==================== Drivers (Whitelisted) ===================== 1 avgtp; \??\C:\windows\system32\drivers\avgtpx64.sys [30568 2012-11-08] (AVG Technologies) 1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-10] (Symantec Corporation) 3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-10] (Symantec Corporation) 3 NAVENG; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20121130.016\ENG64.SYS [126112 2012-09-17] (Symantec Corporation) 3 NAVEX15; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20121130.016\EX64.SYS [2084000 2012-09-17] (Symantec Corporation) 1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [449072 2011-02-10] (Symantec Corporation) 3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [482352 2011-02-10] (Symantec Corporation) 1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2011-02-10] (Symantec Corporation) 3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [173616 2011-06-04] (Symantec Corporation) 3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.) 3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.) 3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.) 3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-12-01 11:49 - 2012-12-01 11:49 - 00895464 ____A (Oracle Corporation) C:\Users\Michael\Downloads\jxpiinstall.exe 2012-11-29 12:29 - 2012-12-02 20:22 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Odisqi 2012-11-29 12:29 - 2012-11-29 12:33 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Ohal 2012-11-29 12:29 - 2012-11-29 12:29 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Zozi 2012-11-29 11:06 - 2012-11-29 11:06 - 00000000 ____A C:\Users\All Users\LR325V.dat 2012-11-29 11:05 - 2012-11-29 11:05 - 00175616 ____A C:\Users\All Users\dc85YIXJ.exe 2012-11-29 11:05 - 2012-11-29 11:05 - 00000001 ____A C:\Users\All Users\dc85YIXJ.exe_.b 2012-11-29 11:05 - 2012-11-29 11:05 - 00000001 ____A C:\Users\All Users\dc85YIXJ.exe.b 2012-11-28 22:54 - 2012-11-28 22:54 - 00170854 ____A C:\Users\Michael\Downloads\themagichouse.zip 2012-11-28 22:54 - 2012-11-28 22:54 - 00170854 ____A C:\Users\Michael\Downloads\themagichouse(1).zip 2012-11-28 06:55 - 2012-11-28 06:55 - 00259072 __ASH C:\Users\Michael\51a8247b-5762.exe 2012-11-26 00:33 - 2012-11-26 00:33 - 00000761 ____A C:\Windows\System32\Drivers\etc\hosts.txt 2012-11-25 08:03 - 2012-11-25 19:29 - 00000192 ___AH C:\Users\All Users\-bZT35KtcS62UxZr 2012-11-25 08:03 - 2012-11-25 19:29 - 00000168 ___AH C:\Users\All Users\-bZT35KtcS62UxZ 2012-11-25 08:02 - 2012-11-25 19:27 - 00000368 ___AH C:\Users\All Users\bZT35KtcS62UxZ 2012-11-22 02:27 - 2012-11-22 02:27 - 00061048 ____A C:\Users\Michael\Downloads\X-RayMod_v031.zip 2012-11-22 02:27 - 2012-11-22 02:27 - 00061048 ____A C:\Users\Michael\Downloads\X-RayMod_v031(3).zip 2012-11-22 02:27 - 2012-11-22 02:27 - 00061048 ____A C:\Users\Michael\Downloads\X-RayMod_v031(2).zip 2012-11-22 02:27 - 2012-11-22 02:27 - 00061048 ____A C:\Users\Michael\Downloads\X-RayMod_v031(1).zip 2012-11-22 02:27 - 2012-11-22 02:27 - 00007768 ____A C:\Users\Michael\Downloads\FlyMod_v031.zip 2012-11-22 02:27 - 2012-11-22 02:27 - 00007768 ____A C:\Users\Michael\Downloads\FlyMod_v031(5).zip 2012-11-22 02:27 - 2012-11-22 02:27 - 00007768 ____A C:\Users\Michael\Downloads\FlyMod_v031(4).zip 2012-11-22 02:27 - 2012-11-22 02:27 - 00007768 ____A C:\Users\Michael\Downloads\FlyMod_v031(3).zip 2012-11-22 02:27 - 2012-11-22 02:27 - 00007768 ____A C:\Users\Michael\Downloads\FlyMod_v031(2).zip 2012-11-22 02:27 - 2012-11-22 02:27 - 00007768 ____A C:\Users\Michael\Downloads\FlyMod_v031(1).zip 2012-11-21 13:58 - 2012-11-21 13:58 - 00000000 ____D C:\Users\Michael\AppData\Roaming\MicroST 2012-11-20 01:16 - 2012-12-02 20:22 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2012-11-19 13:43 - 2012-12-02 20:22 - 00000000 ____D C:\Users\Michael\Documents\New folder (2) 2012-11-17 00:02 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf 2012-11-17 00:01 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys 2012-11-17 00:01 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys 2012-11-17 00:01 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll 2012-11-16 12:02 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-11-16 12:02 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-11-16 12:02 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-11-16 12:02 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-11-16 12:02 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-11-16 12:02 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-11-16 12:02 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url(113).dll 2012-11-16 12:02 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-11-16 12:02 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-11-16 12:02 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-11-16 12:02 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-11-16 12:02 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-11-16 12:02 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-11-16 12:02 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-11-16 12:02 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-11-16 12:02 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-11-16 12:02 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-11-16 12:02 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-11-16 12:02 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-11-16 12:02 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-11-16 12:02 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-11-16 12:02 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-11-16 12:02 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-11-16 12:02 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-11-16 12:02 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-11-16 12:02 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-11-16 12:02 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-11-16 12:02 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-11-16 12:02 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-11-16 12:02 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-11-16 12:02 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-11-16 12:02 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-11-16 11:58 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll 2012-11-16 11:58 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe 2012-11-16 11:58 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll 2012-11-16 11:58 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll 2012-11-16 11:58 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll 2012-11-16 11:58 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys 2012-11-16 11:58 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys 2012-11-16 11:58 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2012-11-15 05:08 - 2012-10-18 10:18 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-11-15 05:06 - 2012-09-25 14:39 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll 2012-11-15 05:06 - 2012-09-25 13:55 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll 2012-11-14 10:16 - 2012-11-14 10:16 - 00000000 ____D C:\Users\Michael\AppData\Local\Adobe 2012-11-12 00:01 - 2012-12-02 19:59 - 00000000 ____D C:\Users\Michael\Documents\TOSHIBA Web Camera Application ==================== One Month Modified Files and Folders ======= 2012-12-07 01:55 - 2012-12-07 01:55 - 00000000 ___DC C:\FRST 2012-12-02 20:23 - 2012-10-17 17:26 - 00000000 ____D C:\users\Guest 2012-12-02 20:23 - 2011-06-13 21:06 - 00000000 ____D C:\users\Michael 2012-12-02 20:23 - 2011-06-04 23:07 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-12-02 20:23 - 2011-06-03 16:09 - 00000000 ____D C:\users\Owner 2012-12-02 20:23 - 2009-07-13 19:20 - 00000000 ___RD C:\Users\Public\Libraries 2012-12-02 20:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2012-12-02 20:22 - 2012-11-29 12:29 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Odisqi 2012-12-02 20:22 - 2012-11-20 01:16 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2012-12-02 20:22 - 2012-11-19 13:43 - 00000000 ____D C:\Users\Michael\Documents\New folder (2) 2012-12-02 20:22 - 2012-10-24 19:24 - 00000000 ____D C:\Users\Michael\AppData\Local\LogMeIn Hamachi 2012-12-02 20:22 - 2012-10-24 19:23 - 00000000 ____D C:\Users\Michael\AppData\Local\Toshiba 2012-12-02 20:22 - 2012-10-21 11:07 - 00000000 ____D C:\Users\Michael\AppData\Local\VirtualStore 2012-12-02 20:22 - 2012-08-14 04:01 - 00000000 ____D C:\Users\Michael\AppData\Roaming\TS3Client 2012-12-02 20:22 - 2012-07-20 17:57 - 00000000 ____D C:\Users\All Users\7531CC9219ABEDFB284655C94F147CE7 2012-12-02 20:22 - 2012-03-01 16:37 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype 2012-12-02 20:22 - 2012-02-04 00:49 - 00000000 ____D C:\Users\Michael\AppData\Roaming\vlc 2012-12-02 20:22 - 2011-09-23 22:54 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Azureus 2012-12-02 20:22 - 2011-09-23 22:54 - 00000000 ____D C:\Users\Michael\.swt 2012-12-02 20:22 - 2011-06-25 14:19 - 00000000 ____D C:\Users\Michael\Support 2012-12-02 20:22 - 2011-06-25 14:19 - 00000000 ____D C:\Users\Michael\Scenario 2012-12-02 20:22 - 2011-06-25 14:19 - 00000000 ____D C:\Users\Michael\Data 2012-12-02 20:22 - 2011-06-24 06:44 - 00000000 ___HD C:\Program Files (x86)\Starcraft 2012-12-02 20:22 - 2011-06-04 14:09 - 00000000 ___RD C:\Users\Owner\Documents\Notes 2012-12-02 20:22 - 2011-06-04 13:10 - 00000000 ___HD C:\Users\All Users\Spybot - Search & Destroy 2012-12-02 20:22 - 2011-06-03 16:11 - 00000000 ____D C:\Users\Owner\AppData\Local\TOSHIBA_Corporation 2012-12-02 20:22 - 2011-06-03 16:09 - 00000000 ____D C:\Users\Owner\AppData\Local\VirtualStore 2012-12-02 20:22 - 2011-06-03 16:09 - 00000000 ____D C:\Users\Owner\AppData\Local\Toshiba 2012-12-02 20:22 - 2011-06-03 16:07 - 00000000 ____D C:\Users\Experience\AppData\Local\TOSHIBA_Corporation 2012-12-02 20:22 - 2010-11-22 22:32 - 00000000 ___HD C:\Users\All Users\Norton 2012-12-02 20:22 - 2010-11-22 22:26 - 00000000 ___HD C:\Users\All Users\Intel 2012-12-02 20:22 - 2010-10-28 20:07 - 00000000 ___HD C:\Users\All Users\Google 2012-12-02 20:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat 2012-12-02 20:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2012-12-02 20:20 - 2009-07-13 19:20 - 00000000 ___AD C:\Windows\System32\sysprep 2012-12-02 20:18 - 2012-10-22 21:55 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Malwarebytes 2012-12-02 20:18 - 2012-02-04 04:27 - 00000000 ____D C:\Users\Michael\AppData\Roaming\.minecraft 2012-12-02 20:18 - 2011-06-25 14:19 - 00000000 ____D C:\Users\Michael\Goodies 2012-12-02 20:18 - 2011-06-13 22:53 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Adobe 2012-12-02 20:18 - 2011-06-13 21:09 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Mozilla 2012-12-02 20:18 - 2011-06-13 21:07 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Intel 2012-12-02 20:18 - 2011-06-04 15:03 - 00000000 ____D C:\Users\Owner\AppData\Local\Microsoft Games 2012-12-02 20:18 - 2011-06-04 14:57 - 00000000 ____D C:\Users\Owner\AppData\Local\Google 2012-12-02 20:18 - 2011-06-04 12:19 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Mozilla 2012-12-02 20:18 - 2011-06-04 12:19 - 00000000 ____D C:\Users\Owner\AppData\Local\Mozilla 2012-12-02 20:18 - 2011-06-03 16:09 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Intel 2012-12-02 20:16 - 2012-10-22 21:54 - 00000000 ___HD C:\Users\All Users\Malwarebytes 2012-12-02 20:16 - 2012-10-17 17:27 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Intel 2012-12-02 20:16 - 2012-10-17 17:27 - 00000000 ____D C:\Users\Guest\AppData\Local\Apps\2.0 2012-12-02 20:16 - 2012-07-31 00:23 - 00000000 ___HD C:\Users\All Users\AVG Secure Search 2012-12-02 20:16 - 2012-03-04 13:24 - 00000000 ___HD C:\Users\All Users\IObit 2012-12-02 20:16 - 2011-11-30 18:37 - 00000000 ___HD C:\Users\All Users\Apple Computer 2012-12-02 20:16 - 2011-11-30 18:34 - 00000000 ___HD C:\Users\All Users\Apple 2012-12-02 20:16 - 2011-09-23 22:59 - 00000000 ___HD C:\Users\All Users\InstallMate 2012-12-02 20:16 - 2011-06-08 09:41 - 00000000 ___HD C:\Users\All Users\Skype Extras 2012-12-02 20:16 - 2011-06-08 09:40 - 00000000 ___HD C:\Users\All Users\Skype 2012-12-02 20:16 - 2011-06-04 11:45 - 00000000 ___HD C:\Users\All Users\Symantec 2012-12-02 20:16 - 2011-02-03 08:15 - 00000000 ____D C:\users\Experience 2012-12-02 20:16 - 2010-11-22 22:34 - 00000000 __HDC C:\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29} 2012-12-02 20:16 - 2010-11-22 22:19 - 00000000 ___HD C:\Users\All Users\Adobe 2012-12-02 20:16 - 2010-11-22 22:14 - 00000000 ___HD C:\Users\All Users\win7_64 2012-12-02 20:16 - 2010-11-22 22:14 - 00000000 ___HD C:\Users\All Users\win7_32 2012-12-02 20:16 - 2010-11-22 22:14 - 00000000 ___HD C:\Users\All Users\vista64 2012-12-02 20:16 - 2010-11-22 22:14 - 00000000 ___HD C:\Users\All Users\vista32 2012-12-02 20:16 - 2010-10-28 20:07 - 00000000 ___HD C:\Users\All Users\Toshiba 2012-12-02 20:16 - 2009-07-13 19:20 - 00000000 ___RD C:\users\Default 2012-12-02 20:15 - 2012-01-11 10:52 - 00000000 _RHDC C:\MSOCache 2012-12-02 19:59 - 2012-11-12 00:01 - 00000000 ____D C:\Users\Michael\Documents\TOSHIBA Web Camera Application 2012-12-02 19:39 - 2012-10-19 14:04 - 00000000 ____D C:\Users\Michael\Documents\FLASH 2 2012-12-02 19:39 - 2012-10-02 20:34 - 00000000 ____D C:\Users\Michael\Documents\flash 2012-12-01 11:49 - 2012-12-01 11:49 - 00895464 ____A (Oracle Corporation) C:\Users\Michael\Downloads\jxpiinstall.exe 2012-12-01 11:41 - 2010-11-22 22:03 - 01455913 ____A C:\Windows\WindowsUpdate.log 2012-12-01 10:58 - 2012-08-23 22:47 - 00000916 ___AH C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3015620711-2859195587-919546404-1005UA.job 2012-12-01 08:56 - 2012-03-23 16:46 - 00000936 ___AH C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3015620711-2859195587-919546404-1005UA.job 2012-12-01 07:30 - 2012-10-27 20:01 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps 2012-12-01 06:23 - 2012-10-12 21:24 - 00017920 ____A C:\Windows\System32\rpcnetp.exe 2012-12-01 06:23 - 2012-08-23 22:47 - 00000864 ___AH C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3015620711-2859195587-919546404-1005Core.job 2012-11-30 14:56 - 2012-03-23 16:46 - 00000914 ___AH C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3015620711-2859195587-919546404-1005Core.job 2012-11-29 12:33 - 2012-11-29 12:29 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Ohal 2012-11-29 12:29 - 2012-11-29 12:29 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Zozi 2012-11-29 11:06 - 2012-11-29 11:06 - 00000000 ____A C:\Users\All Users\LR325V.dat 2012-11-29 11:05 - 2012-11-29 11:05 - 00175616 ____A C:\Users\All Users\dc85YIXJ.exe 2012-11-29 11:05 - 2012-11-29 11:05 - 00000001 ____A C:\Users\All Users\dc85YIXJ.exe_.b 2012-11-29 11:05 - 2012-11-29 11:05 - 00000001 ____A C:\Users\All Users\dc85YIXJ.exe.b 2012-11-29 10:08 - 2009-07-13 20:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-11-29 10:08 - 2009-07-13 20:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-11-28 22:54 - 2012-11-28 22:54 - 00170854 ____A C:\Users\Michael\Downloads\themagichouse.zip 2012-11-28 22:54 - 2012-11-28 22:54 - 00170854 ____A C:\Users\Michael\Downloads\themagichouse(1).zip 2012-11-28 20:06 - 2012-10-13 01:32 - 00058288 ____A (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll 2012-11-28 20:06 - 2012-10-12 21:28 - 00017920 ____A C:\Windows\SysWOW64\rpcnetp.dll 2012-11-28 20:06 - 2010-11-22 22:28 - 00000050 ____A C:\Windows\System32\SupplicantTest.log 2012-11-28 20:06 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-11-28 20:06 - 2009-07-13 20:51 - 00050957 ____A C:\Windows\setupact.log 2012-11-28 19:59 - 2012-10-12 21:24 - 00017920 ____A C:\Windows\SysWOW64\rpcnetp.exe 2012-11-28 06:55 - 2012-11-28 06:55 - 00259072 __ASH C:\Users\Michael\51a8247b-5762.exe 2012-11-27 21:11 - 2010-10-28 20:10 - 00176560 ____A C:\Windows\PFRO.log 2012-11-26 00:33 - 2012-11-26 00:33 - 00000761 ____A C:\Windows\System32\Drivers\etc\hosts.txt 2012-11-26 00:28 - 2012-10-22 09:58 - 00007598 ____A C:\Users\Michael\AppData\Local\resmon.resmoncfg 2012-11-25 19:42 - 2012-10-22 09:27 - 00000000 ____D C:\Users\Michael\AppData\Local\WeatherBug 2012-11-25 19:29 - 2012-11-25 08:03 - 00000192 ___AH C:\Users\All Users\-bZT35KtcS62UxZr 2012-11-25 19:29 - 2012-11-25 08:03 - 00000168 ___AH C:\Users\All Users\-bZT35KtcS62UxZ 2012-11-25 19:27 - 2012-11-25 08:02 - 00000368 ___AH C:\Users\All Users\bZT35KtcS62UxZ 2012-11-25 07:58 - 2009-07-13 21:13 - 00005152 ____A C:\Windows\System32\PerfStringBackup.INI 2012-11-22 02:27 - 2012-11-22 02:27 - 00061048 ____A C:\Users\Michael\Downloads\X-RayMod_v031.zip 2012-11-22 02:27 - 2012-11-22 02:27 - 00061048 ____A C:\Users\Michael\Downloads\X-RayMod_v031(3).zip 2012-11-22 02:27 - 2012-11-22 02:27 - 00061048 ____A C:\Users\Michael\Downloads\X-RayMod_v031(2).zip 2012-11-22 02:27 - 2012-11-22 02:27 - 00061048 ____A C:\Users\Michael\Downloads\X-RayMod_v031(1).zip 2012-11-22 02:27 - 2012-11-22 02:27 - 00007768 ____A C:\Users\Michael\Downloads\FlyMod_v031.zip 2012-11-22 02:27 - 2012-11-22 02:27 - 00007768 ____A C:\Users\Michael\Downloads\FlyMod_v031(5).zip 2012-11-22 02:27 - 2012-11-22 02:27 - 00007768 ____A C:\Users\Michael\Downloads\FlyMod_v031(4).zip 2012-11-22 02:27 - 2012-11-22 02:27 - 00007768 ____A C:\Users\Michael\Downloads\FlyMod_v031(3).zip 2012-11-22 02:27 - 2012-11-22 02:27 - 00007768 ____A C:\Users\Michael\Downloads\FlyMod_v031(2).zip 2012-11-22 02:27 - 2012-11-22 02:27 - 00007768 ____A C:\Users\Michael\Downloads\FlyMod_v031(1).zip 2012-11-21 13:58 - 2012-11-21 13:58 - 00000000 ____D C:\Users\Michael\AppData\Roaming\MicroST 2012-11-20 22:54 - 2011-11-02 11:32 - 00109680 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT 2012-11-17 19:26 - 2012-10-19 13:59 - 00109680 ____A C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT 2012-11-17 19:15 - 2009-07-13 20:45 - 00414296 ____A C:\Windows\System32\FNTCACHE.DAT 2012-11-16 12:17 - 2012-01-11 10:52 - 00000000 ____D C:\Users\All Users\Microsoft Help 2012-11-16 11:59 - 2011-06-12 09:32 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-11-16 11:57 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini 2012-11-14 10:16 - 2012-11-14 10:16 - 00000000 ____D C:\Users\Michael\AppData\Local\Adobe 2012-11-08 08:04 - 2012-07-31 00:21 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys 2012-11-08 08:04 - 2012-07-31 00:20 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search ZeroAccess: C:\$Recycle.Bin\S-1-5-21-3015620711-2859195587-919546404-1005\$c025e8d8a8838a0c969a6cebb0edbcaa ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$c025e8d8a8838a0c969a6cebb0edbcaa ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-11-16 11:56:06 Restore point made on: 2012-11-17 00:00:44 Restore point made on: 2012-11-20 01:26:44 Restore point made on: 2012-11-24 14:42:46 Restore point made on: 2012-11-28 06:17:19 Restore point made on: 2012-12-01 11:51:23 ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 3890.67 MB Available physical RAM: 3301.96 MB Total Pagefile: 3888.82 MB Available Pagefile: 3284.6 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: (TI106045W0C) (Fixed) (Total:582.67 GB) (Free:520.92 GB) NTFS ==>[System with boot components (obtained from reading drive)] 2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)] 3 Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.14 GB) (Free:0 GB) UDF 4 Drive f: () (Removable) (Total:1.86 GB) (Free:1.79 GB) FAT 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 596 GB 0 B Disk 1 Online 1907 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 1500 MB 1024 KB Partition 2 Primary 582 GB 1501 MB Partition 3 Primary 12 GB 584 GB ================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D System NTFS Partition 1500 MB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C TI106045W0C NTFS Partition 582 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 17 (Suspicious Type) Hidden: Yes Active: No There is no volume associated with this partition. ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1907 MB 64 KB ================================================================================== Disk: 1 Partition 1 Type : 06 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F FAT Removable 1907 MB Healthy ========================================================= Last Boot: 2012-11-25 05:46 ==================== End Of Log =============================