Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

black screen mouse issue

Started by honnybee , Mar 10 2016 09:26 AM

  • Please log in to reply

#1
honnybee
Posted 10 March 2016 - 09:26 AM

honnybee

    Member

  • Member
  • PipPip
  • 38 posts

Hello this past week I have been locked out my labtop everytime the windows login screen should come up I see a black screen with mouse, I have tried all options to get in, safe mode doesn't work all advanced options can't help me, I can't use restore points in other threads informed me when its that serious it might be a virus someone adviced me to use the Kaspersky rescue disk 10 it wouldn't let me scan because of database corruption, I did startup repair it said boot configuration corruption,when opening task mangaer through command prompt it shows that explorer.exe isn't there, I'm sure this is virus related and might be the zeroaccess virus, when I tried to use the window defender offline it couldn't scan because it needed to do an update and it couldn't do that because it didn't let it connect to the internet, I tried using frst I think the steps is you scan it, it saves a notepad file to flashdrive you rename it fixlist.txt  and restart your computer and click fix, but when I do it it says warning you don't know what your doing and gets out, and I tried accessing kaspersky tdsskiller through  command prompt, but said I need something to access it from command prompt from recover options window. The only ways I can do anything to the computer is through command prompt on recover options and downloading a bootable usb. I know this issue is fixable by getting to the virus its just making it real difficult getting to it, I really need a program that I can access my computer through bootable usb or through command prompts from recover options to get rid of the zero access virus.

 

Heres the scan I got from frst

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by SYSTEM on MININT-9HARCDA (09-03-2016 23:04:51)
Running from g:\
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 10
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9636896 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [208384 2009-11-04] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-20] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [320880 2009-08-26] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2009-10-24] (Sony Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-16] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-17] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$70fcdb70c5b8d46645f03adef7c0c75c\n. <==== ATTENTION
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\Default\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\Default User\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\owner\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-14] (Google Inc.)
HKU\owner\...\Run: [Google Update**.d<*>] => "C:\Users\owner\AppData\Local\Google\Desktop\Install\{70fcdb70-c5b8-d466-45f0-3adef7c0c75c}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{70fcdb70-c5b8-d466-45f0-3adef7c0c75c}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)
HKU\owner\...\Run: [Google Update] => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-11] (Google Inc.)
HKU\owner\...\Run: [pronto] => C:\Program Files (x86)\Blackboard\Blackboard IM\blackboardim.exe [23053400 2012-07-06] ()
HKU\owner\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\TEMP\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk [2010-01-14]
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk [2010-01-14]
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012-08-26]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2010-04-17]
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * lsdelete

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-10] (AVAST Software)
S2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2152720 2015-04-05] (Lavasoft Limited)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [257936 2010-08-12] (Sony Corporation)
S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-10-15] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-10-15] (Sony Corporation)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-09-14] (Sony Corporation)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642416 2009-09-14] (Sony Corporation)
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{70fcdb70-c5b8-d466-45f0-3adef7c0c75c}\   \...\ﯹ๛\{70fcdb70-c5b8-d466-45f0-3adef7c0c75c}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-10] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-02-10] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-02-10] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-10] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-10] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-02-10] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-26] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-10] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-10] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-11-20] ()
S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-11-03] (Lavasoft AB)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] ()
S3 ecxncijc; \??\C:\Windows\system32\drivers\ngiodriver_x64 [X]
S3 epmnvwyv; \??\C:\Windows\system32\drivers\ngiodriver_x64 [X]
S2 MSSQL$DDNI; no ImagePath
S2 Oasis2Service; no ImagePath

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\Apfiltr.sys 1661F9C9E4B0049FA0A5E30264375A87
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys C130BC4A51B1382B2BE8E44579EC4C0A
C:\Windows\system32\drivers\aswHwid.sys 7E66DFE6B62C6C34FD6B09DB6169E9F6
C:\Windows\system32\drivers\aswKbd.sys AECE9E699CAC76DC993BB988652B5AD8
C:\Windows\system32\drivers\aswMonFlt.sys 259ABA699202DCE45815128D7BEAE41E
C:\Windows\system32\drivers\aswRdr2.sys 0866D5FE02D614501B7B4AD5E1BC7B53
C:\Windows\System32\Drivers\aswRvrt.sys 0AA12ADF5F87B4A70BDBAED77F54B978
C:\Windows\system32\drivers\aswSnx.sys C445C4459ADC7A04E02D4646980515FC
C:\Windows\system32\drivers\aswSP.sys 43F46E7D103F46EC345B1056BDD2A60B
C:\Windows\system32\drivers\aswStm.sys 219D0E2348629FAE4E6E3478C21B23D6
C:\Windows\System32\Drivers\aswVmm.sys 9949BBD5BB70C4D317B7549896132579
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 0ACC06FCF46F64ED4F11E57EE461C1F4
C:\Windows\System32\DRIVERS\atikmdag.sys 89A3D56CE4044F35B9D08DD37193BBFC
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\drivers\btusbflt.sys 6E04458E98DAF28826482E41A7A62DF5
C:\Windows\System32\drivers\btwaudio.sys 4BDBDB86ABBA924E029FB2683BE7C505
C:\Windows\system32\drivers\btwavdt.sys 5C849BD7C78791C5CEE9F4651D7FE38D
C:\Windows\System32\DRIVERS\btwl2cap.sys 6149301DC3F81D6F9667A3FBAC410975
C:\Windows\system32\drivers\btwrchid.sys 3E1991AFA851A36DC978B0A1B0535C8B
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys 073A606333B6F7BBF20AA856DF7F0997
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 31D1AFF484D8A0906CF8D44251EC390F
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\Impcd.sys 36FDF367A1DABFF903E2214023D71368
C:\Windows\System32\drivers\RTKVHD64.sys 0F144E5F46CB9043004B5E84AA4BCA6A
C:\Windows\System32\DRIVERS\IntcDAud.sys 408B401CD7CDB075C7470B0FF7BA8D0B
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
\??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys 9A7FA6371F68335FD3C3D6488BC5A9F8
C:\Windows\System32\DRIVERS\Lbd.sys C8B3131857931AE76798A741CC52B021
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys E453ACF4E7D44E5530B5D5F2B9CA8563
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys AED797CCA02783296C68AA10D0CFF8A9
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\system32\drivers\rimssne64.sys 5CA4ABD888B602551B59BAA26941C167
C:\Windows\system32\drivers\risdsne64.sys BB6E138AEB351728959DA5E2731D8140
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\drivers\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\SFEP.sys 70F9C476B62DE4F2823E918A6C181ADE
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys B62A953F2BF3922C8764A29C34A22899
C:\Windows\System32\DRIVERS\tcpip.sys B62A953F2BF3922C8764A29C34A22899
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\yk62x64.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-28 03:06 - 2016-03-07 12:37 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-02-28 03:06 - 2016-03-07 12:37 - 00001922 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2016-02-28 03:04 - 2016-02-10 02:32 - 00398152 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2016-02-20 17:46 - 2016-03-03 14:55 - 00003622 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2016-02-19 04:39 - 2016-02-19 04:39 - 00024995 _____ C:\Windows\RGID673.tmp
2016-02-11 02:49 - 2016-03-07 12:37 - 00001037 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-02-11 02:49 - 2016-03-07 12:37 - 00001037 _____ C:\ProgramData\Desktop\Avast SafeZone Browser.lnk
2016-02-11 02:49 - 2016-02-28 03:06 - 00003052 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1455187739
2016-02-10 02:33 - 2016-02-10 02:31 - 00037144 _____ (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2016-02-10 02:32 - 2016-02-10 02:32 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-02-10 02:31 - 2016-02-10 02:31 - 00478128 _____ (AVAST Software) C:\Windows\System32\Drivers\aswNdisFlt.sys
2016-02-03 21:43 - 2016-02-03 21:44 - 02600244 _____ C:\Users\owner\Downloads\Ch 5 Version 2(2).pptx
2016-01-18 21:47 - 2016-01-18 21:47 - 00024995 _____ C:\Windows\RGI43C4.tmp
2016-01-17 00:40 - 2016-03-07 12:41 - 00044119 _____ C:\Users\owner\Documents\parking.pdf
2016-01-17 00:38 - 2016-01-17 00:38 - 00042858 _____ C:\Users\owner\Downloads\document.pdf
2015-12-26 04:46 - 2015-12-26 22:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-22 00:53 - 2015-12-22 00:53 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-12-15 05:02 - 2015-12-15 05:02 - 00024995 _____ C:\Windows\RGI70D2.tmp
2016-03-07 12:41 - 00023900 _____ C:\Users\owner\Documents\Fin-423-Exit Survey Fall 2015.docx
2015-12-11 05:17 - 2015-12-11 05:17 - 00000162 ____H C:\Users\owner\Documents\~$n-423-Exit Survey Fall 2015.docx
2015-12-10 23:49 - 2015-12-10 23:49 - 00479920 _____ C:\Windows\System32\s000005.dat

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-08 01:05 - 2010-04-10 15:10 - 00000000 ____D C:\users\owner
2016-03-08 00:03 - 2010-06-27 14:12 - 06503870 _____ C:\Windows\ntbtlog.txt
2016-03-07 12:37 - 2011-11-20 16:23 - 00001060 _____ C:\Users\Public\Desktop\Ad-Aware.lnk
2016-03-07 12:37 - 2011-11-20 16:23 - 00001060 _____ C:\ProgramData\Desktop\Ad-Aware.lnk
2016-03-07 12:37 - 2011-08-30 15:56 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-07 12:37 - 2011-08-30 15:56 - 00001147 _____ C:\ProgramData\Desktop\Mozilla Firefox.lnk
2016-03-07 12:37 - 2010-04-10 15:10 - 00000020 ___SH C:\Users\owner\ntuser.ini
2016-03-07 12:37 - 2010-01-14 05:35 - 00001031 _____ C:\Users\Public\Desktop\Best Buy Software Installer.lnk
2016-03-07 12:37 - 2010-01-14 05:35 - 00001031 _____ C:\ProgramData\Desktop\Best Buy Software Installer.lnk
2016-03-07 12:36 - 2015-11-02 02:28 - 00000383 _____ C:\ftconfig.ini
2016-03-07 12:36 - 2012-11-17 18:44 - 00000009 _____ C:\END
2016-03-07 12:36 - 2012-03-24 00:25 - 00000237 _____ C:\user.js
2016-03-07 12:36 - 2012-02-16 07:37 - 00000510 _____ C:\settings.ini
2016-03-07 12:36 - 2011-08-11 19:52 - 00002688 _____ C:\{75A1F188-D10C-47C6-BC9B-90D81BBCE53C}
2016-03-07 12:36 - 2010-06-20 14:53 - 00302997 _____ C:\test.xml
2016-03-07 12:36 - 2009-12-15 11:53 - 00003872 ____H C:\version
2016-03-07 12:36 - 2009-01-21 21:40 - 00000073 ____H C:\splash.idx
2016-03-07 12:36 - 2007-11-07 07:53 - 00242176 _____ C:\VC_RED.MSI
2016-03-07 12:36 - 2007-11-07 07:50 - 01927956 _____ C:\VC_RED.cab
2016-03-07 12:36 - 2007-11-07 07:44 - 00855040 _____ (Microsoft Corporation) C:\install.exe
2016-03-07 12:36 - 2007-11-07 07:44 - 00096272 _____ (Microsoft Corporation) C:\install.res.1036.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00095248 _____ (Microsoft Corporation) C:\install.res.3082.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00095248 _____ (Microsoft Corporation) C:\install.res.1031.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00094224 _____ (Microsoft Corporation) C:\install.res.1040.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00090128 _____ (Microsoft Corporation) C:\install.res.1033.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00080400 _____ (Microsoft Corporation) C:\install.res.1041.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00078864 _____ (Microsoft Corporation) C:\install.res.1042.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00075280 _____ (Microsoft Corporation) C:\install.res.1028.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00074768 _____ (Microsoft Corporation) C:\install.res.2052.dll
2016-03-07 12:36 - 2007-11-07 07:00 - 00017734 _____ C:\eula.3082.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00017734 _____ C:\eula.2052.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00017734 _____ C:\eula.1042.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00017734 _____ C:\eula.1040.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00017734 _____ C:\eula.1036.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00017734 _____ C:\eula.1031.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00017734 _____ C:\eula.1028.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00010134 _____ C:\eula.1033.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00005686 _____ C:\vcredist.bmp
2016-03-07 12:36 - 2007-11-07 07:00 - 00001110 _____ C:\globdata.ini
2016-03-07 12:36 - 2007-11-07 07:00 - 00000843 _____ C:\install.ini
2016-03-07 12:36 - 2007-11-07 07:00 - 00000118 _____ C:\eula.1041.txt
2016-02-12 21:50 - 2015-11-12 05:30 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-02-10 02:35 - 2014-04-15 22:43 - 00287016 _____ (AVAST Software) C:\Windows\System32\Drivers\aswVmm.sys
2016-02-10 02:32 - 2014-04-24 22:10 - 00037656 _____ (AVAST Software) C:\Windows\System32\Drivers\aswHwid.sys
2016-02-10 02:32 - 2014-04-15 22:43 - 00165344 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2016-02-10 02:32 - 2014-04-15 22:43 - 00107792 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2016-02-10 02:32 - 2014-04-15 22:43 - 00103064 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2016-02-10 02:32 - 2014-04-15 22:43 - 00074544 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRvrt.sys
2016-02-10 02:32 - 2014-04-15 22:40 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-10 02:31 - 2014-04-15 22:43 - 01065720 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2016-02-10 02:31 - 2014-04-15 22:42 - 00000000 ____D C:\Program Files\AVAST Software
2016-02-10 01:26 - 2012-05-08 04:26 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-10 01:26 - 2012-05-08 04:26 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-10 01:26 - 2011-11-20 15:20 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
ZeroAccess:
C:\Users\owner\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$70fcdb70c5b8d46645f03adef7c0c75c

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1798455190-986609235-2888039337-1001\$70fcdb70c5b8d46645f03adef7c0c75c

==================== Known DLLs (Whitelisted) =========================

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64

==================== EXE Association (Whitelisted) =============

==================== Restore Points =========================

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=Y:
path                    \bootmgr
description             Windows Boot Manager
locale                  en-us
inherit                 {globalsettings}
default                 {default}
resumeobject            {7a82d5b2-7634-11e1-8e2d-bce9bfac6809}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30
noerrordisplay          No
custom:26000025         Yes

Windows Boot Loader
-------------------
identifier              {7a82d5b3-7634-11e1-8e2d-bce9bfac6809}
device                  locate=\windows\{bd2ab1c0-2289-472b-a7ff-1ae5d1f2ab81}
path                    \windows\system32\winload.exe
description             Microsoft Windows
locale                  en-us
loadoptions             DDISABLE_INTEGRITY_CHECKS
inherit                 {bootloadersettings}
nointegritychecks       Yes
custom:17000077         352321653
osdevice                locate=\windows\{bd2ab1c0-2289-472b-a7ff-1ae5d1f2ab81}
systemroot              \windows
custom:22000005         \windows\{bd2ab1c0-2289-472b-a7ff-1ae5d1f2ab81}
resumeobject            {7a82d5b2-7634-11e1-8e2d-bce9bfac6809}
nx                      OptIn
pae                     Default
driverloadfailurepolicy UseErrorControl
custom:250000c2         1
detecthal               Yes
nocrashautoreboot       Yes
uselegacyapicmode       Yes

Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7 Home Premium (recovered)
locale                  en-US
recoverysequence        {ae696999-e5d7-11e5-881e-931eb9452383}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows

Windows Boot Loader
-------------------
identifier              {ae696999-e5d7-11e5-881e-931eb9452383}
device                  ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{ae69699a-e5d7-11e5-881e-931eb9452383}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment (recovered)
locale                 
osdevice                ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{ae69699a-e5d7-11e5-881e-931eb9452383}
systemroot              \windows
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {7a82d5b2-7634-11e1-8e2d-bce9bfac6809}
device                  locate=unknown
path                    \windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-us
inherit                 {resumeloadersettings}
custom:17000077         352321653
filedevice              partition=C:
filepath                \hiberfil.sys
custom:25000008         1
pae                     Yes
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-us
inherit                 {globalsettings}
badmemoryaccess         Yes
custom:17000077         352321653

EMS Settings
------------
identifier              {emssettings}
bootems                 No

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {ae69699a-e5d7-11e5-881e-931eb9452383}
ramdisksdidevice        partition=E:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 3758.1 MB
Available physical RAM: 3042.57 MB
Total Virtual: 3756.25 MB
Available Virtual: 3039.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:289.23 GB) (Free:119.45 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:8.77 GB) (Free:0.82 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (ROS_SysRec7_64) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive g: (USB20FD) (Removable) (Total:14.84 GB) (Free:14.84 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 5BC53D8B)
Partition 1: (Not Active) - (Size=8.8 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=289.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=14.9 GB) - (Type=0C)

LastRegBack: 2016-03-03 04:26

==================== End of FRST.txt ============================


  • 0

Advertisements

#2
RKinner
Posted 10 March 2016 - 10:37 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

FRST says you have a ZeroAccess infection.  Let's see if it will let us remove it.

 

 

 
Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix
A fix log will be generated please post that 
 
Then run another FRST Scan and post that log.  

 


  • 0

#3
honnybee
Posted 10 March 2016 - 11:09 PM

honnybee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Hello RKinner, thanks for the help, heres the files you asked for

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by SYSTEM on MININT-TCTD49A (10-03-2016 20:23:51)
Running from g:\
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 10
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9636896 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [208384 2009-11-04] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-20] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [320880 2009-08-26] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2009-10-24] (Sony Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-16] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-17] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\Default\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\Default User\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\owner\...\Run: [pronto] => C:\Program Files (x86)\Blackboard\Blackboard IM\blackboardim.exe [23053400 2012-07-06] ()
HKU\owner\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\TEMP\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012-08-26]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2010-04-17]
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-10] (AVAST Software)
S2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2152720 2015-04-05] (Lavasoft Limited)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [257936 2010-08-12] (Sony Corporation)
S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-10-15] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-10-15] (Sony Corporation)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-09-14] (Sony Corporation)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642416 2009-09-14] (Sony Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-10] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-02-10] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-02-10] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-10] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-10] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-02-10] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-26] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-10] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-10] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-11-20] ()
S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-11-03] (Lavasoft AB)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-10 01:17 - 2016-03-10 01:17 - 00000000 ____D C:\Windows\Microsoft Antimalware
2016-03-09 22:30 - 2016-03-10 20:23 - 00000000 ____D C:\FRST
2016-03-08 01:05 - 2016-03-08 02:01 - 00000000 __RDC C:\Users\owner\Documents - Copy
2016-03-07 16:28 - 2016-03-07 16:28 - 00000073 _____ C:\Windows\{bd2ab1c0-2289-472b-a7ff-1ae5d1f2ab81}
2016-03-05 16:38 - 2016-03-05 16:38 - 00000073 _____ C:\Windows\{0e181dfa-a9c6-42f1-be45-da009128c5e7}
2016-03-05 13:45 - 2016-03-05 13:45 - 00000073 _____ C:\Windows\{5ba0b36a-7e0e-4a91-8e39-ec740b9c9044}
2016-03-05 12:04 - 2016-03-05 12:04 - 00000073 _____ C:\Windows\{8c8a0033-b747-4b34-b51c-d3850e34b1a5}
2016-03-03 17:44 - 2016-03-03 17:44 - 00000000 __SHD C:\$$PendingFiles
2016-03-03 15:04 - 2016-03-03 15:04 - 00000000 __SHD C:\found.006
2016-03-03 14:56 - 2016-03-03 14:56 - 00000000 _____ C:\Users\owner\AppData\Local\{8F897928-CA4D-46F2-BF58-72A7329789E8}
2016-03-01 06:28 - 2016-03-01 06:30 - 03530859 _____ C:\Users\owner\Downloads\BA 405 Ch 3 Slides V2(1).pptx
2016-03-01 06:28 - 2016-03-01 06:30 - 02782854 _____ C:\Users\owner\Downloads\BA405 Chapter 4 V2 Spring 2016(1).pptx
2016-03-01 06:28 - 2016-03-01 06:30 - 02600244 _____ C:\Users\owner\Downloads\Ch 5 Version 2(2)(2).pptx
2016-03-01 00:54 - 2016-03-01 00:55 - 02782854 _____ C:\Users\owner\Downloads\BA405 Chapter 4 V2 Spring 2016.pptx
2016-03-01 00:54 - 2016-03-01 00:54 - 02600244 _____ C:\Users\owner\Downloads\Ch 5 Version 2(2)(1).pptx
2016-02-28 04:35 - 2016-03-07 12:29 - 21131496 ____H C:\Users\owner\Documents\~WRL0043.tmp
2016-02-28 04:35 - 2016-03-07 12:29 - 17639868 ____H C:\Users\owner\Documents\~WRL2377.tmp
2016-02-28 03:06 - 2016-03-07 12:37 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-02-28 03:06 - 2016-03-07 12:37 - 00001922 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2016-02-28 03:04 - 2016-02-10 02:32 - 00398152 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2016-02-20 17:46 - 2016-03-03 14:55 - 00003622 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2016-02-19 04:39 - 2016-02-19 04:39 - 00024995 _____ C:\Windows\RGID673.tmp
2016-02-14 22:09 - 2016-02-14 22:09 - 03530859 _____ C:\Users\owner\Downloads\BA 405 Ch 3 Slides V2.pptx
2016-02-11 02:49 - 2016-03-07 12:37 - 00001037 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-02-11 02:49 - 2016-03-07 12:37 - 00001037 _____ C:\ProgramData\Desktop\Avast SafeZone Browser.lnk
2016-02-11 02:49 - 2016-02-28 03:06 - 00003052 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1455187739
2016-02-10 02:33 - 2016-02-10 02:31 - 00037144 _____ (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2016-02-10 02:32 - 2016-02-10 02:32 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-02-10 02:31 - 2016-02-10 02:31 - 00478128 _____ (AVAST Software) C:\Windows\System32\Drivers\aswNdisFlt.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-10 20:23 - 2010-01-14 05:35 - 00000000 ____D C:\Program Files\Best Buy Software Installer
2016-03-09 23:13 - 2010-06-27 14:12 - 06646742 _____ C:\Windows\ntbtlog.txt
2016-03-08 01:05 - 2010-04-10 15:10 - 00000000 ____D C:\users\owner
2016-03-07 12:37 - 2015-09-24 05:58 - 00001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-03-07 12:37 - 2015-09-24 05:58 - 00001964 _____ C:\ProgramData\Desktop\McAfee Security Scan Plus.lnk
2016-03-07 12:37 - 2014-12-16 01:31 - 00002438 _____ C:\Users\Public\Desktop\TI NoteFolio Creator.lnk
2016-03-07 12:37 - 2014-12-16 01:31 - 00002438 _____ C:\ProgramData\Desktop\TI NoteFolio Creator.lnk
2016-03-07 12:37 - 2014-12-16 01:29 - 00001019 _____ C:\Users\Public\Desktop\TI Connect.lnk
2016-03-07 12:37 - 2014-12-16 01:29 - 00001019 _____ C:\ProgramData\Desktop\TI Connect.lnk
2016-03-07 12:37 - 2014-04-17 23:47 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2016-03-07 12:37 - 2014-04-17 23:47 - 00002019 _____ C:\ProgramData\Desktop\Adobe Reader XI.lnk
2016-03-07 12:37 - 2014-04-15 22:43 - 36818984 _____ (Dropbox, Inc.) C:\Users\Public\Desktop\DropboxInstallerAvast.exe
2016-03-07 12:37 - 2014-04-15 22:43 - 36818984 _____ (Dropbox, Inc.) C:\ProgramData\Desktop\DropboxInstallerAvast.exe
2016-03-07 12:37 - 2013-03-01 05:11 - 00001136 _____ C:\Users\Public\Desktop\NOOK Study.lnk
2016-03-07 12:37 - 2013-03-01 05:11 - 00001136 _____ C:\ProgramData\Desktop\NOOK Study.lnk
2016-03-07 12:37 - 2012-11-23 00:52 - 00000979 _____ C:\Users\Public\Desktop\WinSCP.lnk
2016-03-07 12:37 - 2012-11-23 00:52 - 00000979 _____ C:\ProgramData\Desktop\WinSCP.lnk
2016-03-07 12:37 - 2012-10-28 23:55 - 00001082 _____ C:\Users\Public\Desktop\KeyFinder.lnk
2016-03-07 12:37 - 2012-10-28 23:55 - 00001082 _____ C:\ProgramData\Desktop\KeyFinder.lnk
2016-03-07 12:37 - 2012-09-22 17:35 - 00002141 _____ C:\Users\Public\Desktop\VAIO Transfer Support.lnk
2016-03-07 12:37 - 2012-09-22 17:35 - 00002141 _____ C:\ProgramData\Desktop\VAIO Transfer Support.lnk
2016-03-07 12:37 - 2012-09-18 01:19 - 00001315 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
2016-03-07 12:37 - 2012-09-18 01:19 - 00001315 _____ C:\ProgramData\Desktop\HP Solution Center.lnk
2016-03-07 12:37 - 2012-09-02 18:53 - 00002178 _____ C:\Users\Public\Desktop\Adobe Digital Editions.lnk
2016-03-07 12:37 - 2012-09-02 18:53 - 00002178 _____ C:\ProgramData\Desktop\Adobe Digital Editions.lnk
2016-03-07 12:37 - 2012-08-06 16:24 - 00001207 _____ C:\Users\Public\Desktop\Blackboard IM.lnk
2016-03-07 12:37 - 2012-08-06 16:24 - 00001207 _____ C:\ProgramData\Desktop\Blackboard IM.lnk
2016-03-07 12:37 - 2011-11-20 16:23 - 00001060 _____ C:\Users\Public\Desktop\Ad-Aware.lnk
2016-03-07 12:37 - 2011-11-20 16:23 - 00001060 _____ C:\ProgramData\Desktop\Ad-Aware.lnk
2016-03-07 12:37 - 2011-08-30 15:56 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-07 12:37 - 2011-08-30 15:56 - 00001147 _____ C:\ProgramData\Desktop\Mozilla Firefox.lnk
2016-03-07 12:37 - 2010-04-10 15:10 - 00000020 ___SH C:\Users\owner\ntuser.ini
2016-03-07 12:37 - 2010-01-14 05:35 - 00001031 _____ C:\Users\Public\Desktop\Best Buy Software Installer.lnk
2016-03-07 12:37 - 2010-01-14 05:35 - 00001031 _____ C:\ProgramData\Desktop\Best Buy Software Installer.lnk
2016-03-07 12:36 - 2015-11-02 02:28 - 00000383 _____ C:\ftconfig.ini
2016-03-07 12:36 - 2012-11-17 18:44 - 00000009 _____ C:\END
2016-03-07 12:36 - 2012-03-24 00:25 - 00000237 _____ C:\user.js
2016-03-07 12:36 - 2012-02-16 07:37 - 00000510 _____ C:\settings.ini
2016-03-07 12:36 - 2011-08-11 19:52 - 00002688 _____ C:\{75A1F188-D10C-47C6-BC9B-90D81BBCE53C}
2016-03-07 12:36 - 2010-06-20 14:53 - 00302997 _____ C:\test.xml
2016-03-07 12:36 - 2009-12-15 11:53 - 00003872 ____H C:\version
2016-03-07 12:36 - 2009-01-21 21:40 - 00000073 ____H C:\splash.idx
2016-03-07 12:36 - 2007-11-07 07:53 - 00242176 _____ C:\VC_RED.MSI
2016-03-07 12:36 - 2007-11-07 07:50 - 01927956 _____ C:\VC_RED.cab
2016-03-07 12:36 - 2007-11-07 07:44 - 00855040 _____ (Microsoft Corporation) C:\install.exe
2016-03-07 12:36 - 2007-11-07 07:44 - 00096272 _____ (Microsoft Corporation) C:\install.res.1036.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00095248 _____ (Microsoft Corporation) C:\install.res.3082.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00095248 _____ (Microsoft Corporation) C:\install.res.1031.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00094224 _____ (Microsoft Corporation) C:\install.res.1040.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00090128 _____ (Microsoft Corporation) C:\install.res.1033.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00080400 _____ (Microsoft Corporation) C:\install.res.1041.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00078864 _____ (Microsoft Corporation) C:\install.res.1042.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00075280 _____ (Microsoft Corporation) C:\install.res.1028.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00074768 _____ (Microsoft Corporation) C:\install.res.2052.dll
2016-03-07 12:36 - 2007-11-07 07:00 - 00017734 _____ C:\eula.3082.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00017734 _____ C:\eula.2052.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00017734 _____ C:\eula.1042.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00017734 _____ C:\eula.1040.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00017734 _____ C:\eula.1036.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00017734 _____ C:\eula.1031.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00017734 _____ C:\eula.1028.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00010134 _____ C:\eula.1033.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00005686 _____ C:\vcredist.bmp
2016-03-07 12:36 - 2007-11-07 07:00 - 00001110 _____ C:\globdata.ini
2016-03-07 12:36 - 2007-11-07 07:00 - 00000843 _____ C:\install.ini
2016-03-07 12:36 - 2007-11-07 07:00 - 00000118 _____ C:\eula.1041.txt
2016-03-07 12:29 - 2015-11-17 06:17 - 01212562 ____H C:\Users\owner\Documents\~WRL3628.tmp
2016-03-07 12:29 - 2015-11-17 06:17 - 00165070 ____H C:\Users\owner\Documents\~WRL3439.tmp
2016-03-07 12:29 - 2015-11-17 06:17 - 00160839 ____H C:\Users\owner\Documents\~WRL3924.tmp
2016-03-07 12:29 - 2015-11-17 06:17 - 00157456 ____H C:\Users\owner\Documents\~WRL0990.tmp
2016-03-07 12:29 - 2015-11-17 06:17 - 00156993 ____H C:\Users\owner\Documents\~WRL0042.tmp
2016-03-07 12:29 - 2015-11-17 06:17 - 00144589 ____H C:\Users\owner\Documents\~WRL1530.tmp
2016-03-07 12:29 - 2015-11-17 06:17 - 00134821 ____H C:\Users\owner\Documents\~WRL2623.tmp
2016-03-07 12:29 - 2015-11-17 06:17 - 00127104 ____H C:\Users\owner\Documents\~WRL1688.tmp
2016-03-07 12:29 - 2015-11-12 18:39 - 00022008 ____H C:\Users\owner\Documents\~WRL1341.tmp
2016-03-07 12:29 - 2015-11-12 18:39 - 00019004 ____H C:\Users\owner\Documents\~WRL3420.tmp
2016-03-07 12:29 - 2015-11-12 18:39 - 00016532 ____H C:\Users\owner\Documents\~WRL1785.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 97154329 ____H C:\Users\owner\Documents\~WRL0404.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 91842221 ____H C:\Users\owner\Documents\~WRL3014.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 84396089 ____H C:\Users\owner\Documents\~WRL0628.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 84390854 ____H C:\Users\owner\Documents\~WRL1267.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 81452891 ____H C:\Users\owner\Documents\~WRL0738.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 76026127 ____H C:\Users\owner\Documents\~WRL2464.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 52004223 ____H C:\Users\owner\Documents\~WRL3524.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 355036824 ____H C:\Users\owner\Documents\~WRL3230.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 327574024 ____H C:\Users\owner\Documents\~WRL1324.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 312212081 ____H C:\Users\owner\Documents\~WRL2424.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 292484312 ____H C:\Users\owner\Documents\~WRL2684.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 288603136 ____H C:\Users\owner\Documents\~WRL1133.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 264440638 ____H C:\Users\owner\Documents\~WRL2625.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 250581497 ____H C:\Users\owner\Documents\~WRL3813.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 240275843 ____H C:\Users\owner\Documents\~WRL3068.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 236352138 ____H C:\Users\owner\Documents\~WRL0935.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 220168680 ____H C:\Users\owner\Documents\~WRL1862.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 196249435 ____H C:\Users\owner\Documents\~WRL3896.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 192695071 ____H C:\Users\owner\Documents\~WRL0625.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 182108765 ____H C:\Users\owner\Documents\~WRL2324.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 174174784 ____H C:\Users\owner\Documents\~WRL3048.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 167276833 ____H C:\Users\owner\Documents\~WRL1531.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 165942841 ____H C:\Users\owner\Documents\~WRL1403.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 161527162 ____H C:\Users\owner\Documents\~WRL2192.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 159912347 ____H C:\Users\owner\Documents\~WRL1229.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 154148769 ____H C:\Users\owner\Documents\~WRL3044.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 145518736 ____H C:\Users\owner\Documents\~WRL0614.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 127041482 ____H C:\Users\owner\Documents\~WRL1374.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 107908199 ____H C:\Users\owner\Documents\~WRL0361.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 06060213 ____H C:\Users\owner\Documents\~WRL0041.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 04651951 ____H C:\Users\owner\Documents\~WRL0742.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 01127213 ____H C:\Users\owner\Documents\~WRL1798.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 00033669 ____H C:\Users\owner\Documents\~WRL3876.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 00018371 ____H C:\Users\owner\Documents\~WRL1996.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 00014269 ____H C:\Users\owner\Documents\~WRL0114.tmp
2016-03-07 12:29 - 2015-10-01 20:14 - 00013499 ____H C:\Users\owner\Documents\~WRL1189.tmp
2016-03-07 12:29 - 2015-09-16 14:05 - 00014102 ____H C:\Users\owner\Documents\~WRL0040.tmp
2016-03-07 12:29 - 2015-09-15 13:15 - 00014119 ____H C:\Users\owner\Documents\~WRL2622.tmp
2016-03-07 12:29 - 2015-09-02 08:06 - 60282656 ____H C:\Users\owner\Documents\~WRL0646.tmp
2016-03-07 12:29 - 2015-09-02 08:06 - 420528936 ____H C:\Users\owner\Documents\~WRL1319.tmp
2016-03-07 12:29 - 2015-09-02 08:06 - 41071986 ____H C:\Users\owner\Documents\~WRL0035.tmp
2016-03-07 12:29 - 2015-09-02 08:06 - 405811698 ____H C:\Users\owner\Documents\~WRL1318.tmp
2016-03-07 12:29 - 2015-09-02 08:06 - 401256234 ____H C:\Users\owner\Documents\~WRL2020.tmp
2016-03-07 12:29 - 2015-09-02 08:06 - 386181969 ____H C:\Users\owner\Documents\~WRL3063.tmp
2016-03-07 12:29 - 2015-09-02 08:06 - 33198173 ____H C:\Users\owner\Documents\~WRL0096.tmp
2016-03-07 12:29 - 2015-09-02 08:06 - 315625603 ____H C:\Users\owner\Documents\~WRL0374.tmp
2016-03-07 12:29 - 2015-09-02 08:06 - 289031572 ____H C:\Users\owner\Documents\~WRL2339.tmp
2016-03-07 12:29 - 2015-09-02 08:06 - 251746660 ____H C:\Users\owner\Documents\~WRL2372.tmp
2016-03-07 12:29 - 2015-09-02 08:06 - 239095672 ____H C:\Users\owner\Documents\~WRL2963.tmp
2016-03-07 12:29 - 2015-09-02 08:06 - 232607439 ____H C:\Users\owner\Documents\~WRL2690.tmp
2016-03-07 12:29 - 2015-09-02 08:06 - 223298544 ____H C:\Users\owner\Documents\~WRL0039.tmp
2016-03-07 12:29 - 2015-09-02 08:06 - 216024945 ____H C:\Users\owner\Documents\~WRL3504.tmp
2016-03-07 12:29 - 2015-09-02 08:06 - 205418977 ____H C:\Users\owner\Documents\~WRL3539.tmp
2016-03-07 12:29 - 2015-09-02 08:06 - 199143445 ____H C:\Users\owner\Documents\~WRL3863.tmp
2016-03-07 12:29 - 2015-09-02 08:06 - 194821153 ____H C:\Users\owner\Documents\~WRL3454.tmp
2016-03-07 12:29 - 2015-09-02 08:06 - 189999685 ____H C:\Users\owner\Documents\~WRL0038.tmp
2016-03-07 12:29 - 2015-09-02 08:06 - 183940518 ____H C:\Users\owner\Documents\~WRL2903.tmp
2016-03-07 12:29 - 2015-09-02 08:06 - 180099642 ____H C:\Users\owner\Documents\~WRL1280.tmp
2016-03-07 12:29 - 2015-09-02 08:06 - 171936416 ____H C:\Users\owner\Documents\~WRL0100.tmp
2016-03-07 12:29 - 2015-09-02 08:06 - 141553421 ____H C:\Users\owner\Documents\~WRL0037.tmp
2016-03-07 12:29 - 2015-08-21 22:37 - 92413009 ____H C:\Users\owner\Documents\~WRL1602.tmp
2016-03-07 12:29 - 2015-08-21 22:37 - 58174903 ____H C:\Users\owner\Documents\~WRL1409.tmp
2016-03-07 12:29 - 2015-08-21 22:37 - 55095819 ____H C:\Users\owner\Documents\~WRL0033.tmp
2016-03-07 12:29 - 2015-08-21 22:37 - 52848157 ____H C:\Users\owner\Documents\~WRL2830.tmp
2016-03-07 12:29 - 2015-08-21 22:37 - 405403772 ____H C:\Users\owner\Documents\~WRL1880.tmp
2016-03-07 12:29 - 2015-08-21 22:37 - 403611655 ____H C:\Users\owner\Documents\~WRL1690.tmp
2016-03-07 12:29 - 2015-08-21 22:37 - 399298619 ____H C:\Users\owner\Documents\~WRL0660.tmp
2016-03-07 12:29 - 2015-08-21 22:37 - 39475324 ____H C:\Users\owner\Documents\~WRL3727.tmp
2016-03-07 12:29 - 2015-08-21 22:37 - 366721683 ____H C:\Users\owner\Documents\~WRL1098.tmp
2016-03-07 12:29 - 2015-08-21 22:37 - 353973570 ____H C:\Users\owner\Documents\~WRL1501.tmp
2016-03-07 12:29 - 2015-08-21 22:37 - 280863945 ____H C:\Users\owner\Documents\~WRL0034.tmp
2016-03-07 12:29 - 2015-08-21 22:37 - 275622522 ____H C:\Users\owner\Documents\~WRL0367.tmp
2016-03-07 12:29 - 2015-08-21 22:37 - 236517363 ____H C:\Users\owner\Documents\~WRL0783.tmp
2016-03-07 12:29 - 2015-08-21 22:37 - 203928185 ____H C:\Users\owner\Documents\~WRL0366.tmp
2016-03-07 12:29 - 2015-08-21 22:37 - 175384694 ____H C:\Users\owner\Documents\~WRL2981.tmp
2016-03-07 12:29 - 2015-08-21 22:37 - 16582416 ____H C:\Users\owner\Documents\~WRL2970.tmp
2016-03-07 12:29 - 2015-08-21 22:37 - 129626909 ____H C:\Users\owner\Documents\~WRL3966.tmp
2016-03-07 12:29 - 2015-08-21 22:37 - 06815727 ____H C:\Users\owner\Documents\~WRL0175.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 80396690 ____H C:\Users\owner\Documents\~WRL0031.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 78431972 ____H C:\Users\owner\Documents\~WRL2229.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 46457459 ____H C:\Users\owner\Documents\~WRL0272.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 454949850 ____H C:\Users\owner\Documents\~WRL3739.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 440805473 ____H C:\Users\owner\Documents\~WRL0624.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 440043117 ____H C:\Users\owner\Documents\~WRL1268.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 434765070 ____H C:\Users\owner\Documents\~WRL2126.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 434764135 ____H C:\Users\owner\Documents\~WRL3329.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 433782596 ____H C:\Users\owner\Documents\~WRL3237.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 433781837 ____H C:\Users\owner\Documents\~WRL0256.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 432800311 ____H C:\Users\owner\Documents\~WRL2099.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 431624251 ____H C:\Users\owner\Documents\~WRL2252.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 431622361 ____H C:\Users\owner\Documents\~WRL0223.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 431618871 ____H C:\Users\owner\Documents\~WRL3604.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 428656949 ____H C:\Users\owner\Documents\~WRL1945.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 428654916 ____H C:\Users\owner\Documents\~WRL3596.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 425963764 ____H C:\Users\owner\Documents\~WRL0772.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 425960181 ____H C:\Users\owner\Documents\~WRL0365.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 425955180 ____H C:\Users\owner\Documents\~WRL3649.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 424602258 ____H C:\Users\owner\Documents\~WRL1110.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 424595289 ____H C:\Users\owner\Documents\~WRL2990.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 424565365 ____H C:\Users\owner\Documents\~WRL3496.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 424230546 ____H C:\Users\owner\Documents\~WRL0284.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 424220445 ____H C:\Users\owner\Documents\~WRL2828.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 409307702 ____H C:\Users\owner\Documents\~WRL2994.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 409033711 ____H C:\Users\owner\Documents\~WRL2735.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 409006720 ____H C:\Users\owner\Documents\~WRL0649.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 406793167 ____H C:\Users\owner\Documents\~WRL2812.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 392674401 ____H C:\Users\owner\Documents\~WRL2550.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 378937337 ____H C:\Users\owner\Documents\~WRL1407.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 362320784 ____H C:\Users\owner\Documents\~WRL1266.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 326354623 ____H C:\Users\owner\Documents\~WRL4044.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 292836566 ____H C:\Users\owner\Documents\~WRL2567.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 268558324 ____H C:\Users\owner\Documents\~WRL3350.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 216391142 ____H C:\Users\owner\Documents\~WRL1237.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 209695167 ____H C:\Users\owner\Documents\~WRL0932.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 176861445 ____H C:\Users\owner\Documents\~WRL0032.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 166719070 ____H C:\Users\owner\Documents\~WRL0241.tmp
2016-03-07 12:29 - 2015-05-25 11:14 - 07199661 ____H C:\Users\owner\Documents\~WRL2221.tmp
2016-03-07 12:29 - 2015-05-01 05:48 - 00016714 ____H C:\Users\owner\Documents\~WRL0904.tmp
2016-03-07 12:29 - 2015-04-27 05:54 - 01234216 ____H C:\Users\owner\Documents\~WRL3723.tmp
2016-03-07 12:29 - 2015-04-22 21:32 - 00266752 _____ C:\Users\owner\Documents\spy sharpe.xls
2016-03-07 12:29 - 2015-04-22 21:30 - 00266752 _____ C:\Users\owner\Documents\spy sharpe.xla
2016-03-07 12:29 - 2015-04-08 18:20 - 70279339 ____H C:\Users\owner\Documents\~WRL0947.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 55511803 ____H C:\Users\owner\Documents\~WRL1272.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 45436391 ____H C:\Users\owner\Documents\~WRL1444.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 431757754 ____H C:\Users\owner\Documents\~WRL1521.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 414579362 ____H C:\Users\owner\Documents\~WRL0344.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 392283703 ____H C:\Users\owner\Documents\~WRL2731.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 392283579 ____H C:\Users\owner\Documents\~WRL2612.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 392283395 ____H C:\Users\owner\Documents\~WRL2587.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 389420252 ____H C:\Users\owner\Documents\~WRL3304.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 389038838 ____H C:\Users\owner\Documents\~WRL0718.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 388482903 ____H C:\Users\owner\Documents\~WRL3690.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 375736111 ____H C:\Users\owner\Documents\~WRL1579.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 371444979 ____H C:\Users\owner\Documents\~WRL0036.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 369563685 ____H C:\Users\owner\Documents\~WRL3787.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 356830005 ____H C:\Users\owner\Documents\~WRL3658.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 355365680 ____H C:\Users\owner\Documents\~WRL2449.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 355250824 ____H C:\Users\owner\Documents\~WRL0061.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 355167418 ____H C:\Users\owner\Documents\~WRL0960.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 34297268 ____H C:\Users\owner\Documents\~WRL1545.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 315901424 ____H C:\Users\owner\Documents\~WRL2952.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 315895686 ____H C:\Users\owner\Documents\~WRL1294.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 315895564 ____H C:\Users\owner\Documents\~WRL3708.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 295305495 ____H C:\Users\owner\Documents\~WRL0895.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 269010759 ____H C:\Users\owner\Documents\~WRL1484.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 269004305 ____H C:\Users\owner\Documents\~WRL0859.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 268999160 ____H C:\Users\owner\Documents\~WRL2783.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 268739207 ____H C:\Users\owner\Documents\~WRL0349.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 266722812 ____H C:\Users\owner\Documents\~WRL0130.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 266496318 ____H C:\Users\owner\Documents\~WRL2495.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 253431215 ____H C:\Users\owner\Documents\~WRL1911.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 23852505 ____H C:\Users\owner\Documents\~WRL3243.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 230467759 ____H C:\Users\owner\Documents\~WRL2703.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 223388246 ____H C:\Users\owner\Documents\~WRL1310.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 217885965 ____H C:\Users\owner\Documents\~WRL2239.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 207929731 ____H C:\Users\owner\Documents\~WRL2226.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 200459695 ____H C:\Users\owner\Documents\~WRL1522.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 200459672 ____H C:\Users\owner\Documents\~WRL3232.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 144216132 ____H C:\Users\owner\Documents\~WRL0225.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 144215170 ____H C:\Users\owner\Documents\~WRL1079.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 144198697 ____H C:\Users\owner\Documents\~WRL2419.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 144184531 ____H C:\Users\owner\Documents\~WRL3587.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 144184419 ____H C:\Users\owner\Documents\~WRL3227.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 138332296 ____H C:\Users\owner\Documents\~WRL0354.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 138332207 ____H C:\Users\owner\Documents\~WRL2349.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 126859397 ____H C:\Users\owner\Documents\~WRL2807.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 120090663 ____H C:\Users\owner\Documents\~WRL1983.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 113740577 ____H C:\Users\owner\Documents\~WRL2346.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 106824798 ____H C:\Users\owner\Documents\~WRL1430.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 106654583 ____H C:\Users\owner\Documents\~WRL0087.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 106650349 ____H C:\Users\owner\Documents\~WRL3497.tmp
2016-03-07 12:29 - 2015-04-08 18:20 - 100525040 ____H C:\Users\owner\Documents\~WRL3405.tmp
2016-03-07 12:29 - 2015-03-03 01:41 - 436201041 ____H C:\Users\owner\Documents\~WRL3873.tmp
2016-03-07 12:29 - 2015-03-03 01:41 - 410426249 ____H C:\Users\owner\Documents\~WRL1427.tmp
2016-03-07 12:29 - 2015-03-03 01:41 - 403466736 ____H C:\Users\owner\Documents\~WRL3396.tmp
2016-03-07 12:29 - 2015-03-03 01:41 - 385327593 ____H C:\Users\owner\Documents\~WRL1927.tmp
2016-03-07 12:29 - 2015-03-03 01:41 - 384271130 ____H C:\Users\owner\Documents\~WRL2469.tmp
2016-03-07 12:29 - 2015-03-03 01:41 - 382072931 ____H C:\Users\owner\Documents\~WRL2710.tmp
2016-03-07 12:29 - 2015-03-03 01:41 - 382072820 ____H C:\Users\owner\Documents\~WRL3169.tmp
2016-03-07 12:29 - 2015-03-03 01:41 - 382072757 ____H C:\Users\owner\Documents\~WRL2862.tmp
2016-03-07 12:29 - 2015-03-03 01:41 - 360753515 ____H C:\Users\owner\Documents\~WRL0568.tmp
2016-03-07 12:29 - 2015-03-03 01:41 - 334704316 ____H C:\Users\owner\Documents\~WRL0116.tmp
2016-03-07 12:29 - 2015-03-03 01:41 - 325463769 ____H C:\Users\owner\Documents\~WRL3895.tmp
2016-03-07 12:29 - 2015-03-03 01:41 - 315899542 ____H C:\Users\owner\Documents\~WRL1788.tmp
2016-03-07 12:29 - 2015-03-03 01:41 - 312005525 ____H C:\Users\owner\Documents\~WRL2598.tmp
2016-03-07 12:29 - 2015-03-03 01:41 - 311132517 ____H C:\Users\owner\Documents\~WRL0985.tmp
2016-03-07 12:29 - 2015-03-03 01:41 - 311094307 ____H C:\Users\owner\Documents\~WRL2319.tmp
2016-03-07 12:29 - 2015-03-03 01:41 - 304097082 ____H C:\Users\owner\Documents\~WRL2971.tmp
2016-03-07 12:29 - 2015-03-03 01:41 - 281207846 ____H C:\Users\owner\Documents\~WRL2752.tmp
2016-03-07 12:29 - 2015-03-03 01:41 - 259234240 ____H C:\Users\owner\Documents\~WRL2162.tmp
2016-03-07 12:29 - 2015-03-03 01:41 - 241414051 ____H C:\Users\owner\Documents\~WRL3607.tmp
2016-03-07 12:29 - 2015-03-03 01:41 - 234138763 ____H C:\Users\owner\Documents\~WRL0030.tmp
2016-03-07 12:29 - 2015-03-03 01:41 - 227270392 ____H C:\Users\owner\Documents\~WRL0029.tmp
2016-03-07 12:29 - 2015-03-03 01:41 - 221707397 ____H C:\Users\owner\Documents\~WRL0982.tmp
2016-03-07 12:29 - 2015-03-03 01:41 - 213715535 ____H C:\Users\owner\Documents\~WRL1965.tmp
2016-03-07 12:29 - 2014-12-09 01:27 - 00207394 ____H C:\Users\owner\Documents\~WRL0027.tmp
2016-03-07 12:29 - 2014-08-02 21:31 - 00104306 ____H C:\Users\owner\Documents\~WRL0301.tmp
2016-03-07 12:29 - 2014-08-02 21:31 - 00092440 ____H C:\Users\owner\Documents\~WRL3548.tmp
2016-03-07 12:29 - 2014-08-02 21:31 - 00088815 ____H C:\Users\owner\Documents\~WRL3578.tmp
2016-03-07 12:29 - 2014-08-02 17:39 - 00363987 _____ C:\Users\owner\Documents\Chapter 14.pdf
2016-03-07 12:29 - 2014-08-02 17:39 - 00181004 _____ C:\Users\owner\Documents\Chapter 12.pdf
2016-03-07 12:29 - 2014-08-02 17:38 - 00222632 _____ C:\Users\owner\Documents\Chapter 10.pdf
2016-03-07 12:29 - 2014-07-23 06:45 - 00272370 ____H C:\Users\owner\Documents\~WRL3431.tmp
2016-03-07 12:29 - 2014-07-22 18:30 - 00907181 _____ C:\Users\owner\Documents\Chapter 4.pdf
2016-03-07 12:29 - 2014-07-22 18:30 - 00433623 _____ C:\Users\owner\Documents\Chapter 2.pdf
2016-03-07 12:29 - 2014-07-22 18:30 - 00225441 _____ C:\Users\owner\Documents\Chapter 5.pdf
2016-03-07 12:29 - 2014-07-22 18:30 - 00168700 _____ C:\Users\owner\Documents\Chapter 3.pdf
2016-03-07 12:29 - 2014-07-22 18:29 - 00478369 _____ C:\Users\owner\Documents\Chapter 1.pdf
2016-03-07 12:29 - 2014-07-01 17:20 - 00335360 _____ C:\Users\owner\Documents\Chapter 19 Lecture Slides REV.ppt
2016-03-07 12:29 - 2014-07-01 17:19 - 00597504 _____ C:\Users\owner\Documents\Chapter 14 Lecture Slides REV-1.ppt
2016-03-07 12:29 - 2014-07-01 17:19 - 00499200 _____ C:\Users\owner\Documents\Chapter 11 Lecture Slides.ppt
2016-03-07 12:29 - 2014-07-01 17:19 - 00391168 _____ C:\Users\owner\Documents\Chapter 13 Lecture Slides.ppt
2016-03-07 12:29 - 2014-07-01 17:18 - 00692224 _____ C:\Users\owner\Documents\Chapter 6 CL Lecture Slides.ppt
2016-03-07 12:29 - 2014-07-01 17:17 - 00378025 _____ C:\Users\owner\Documents\Chapter 4 Lecture Slides(1).pptx
2016-03-07 12:29 - 2014-07-01 17:14 - 00635392 _____ C:\Users\owner\Documents\Chapter 5 Lecture Slides-1.ppt
2016-03-07 12:29 - 2014-06-30 00:43 - 00257843 ____H C:\Users\owner\Documents\~WRL3883.tmp
2016-03-07 12:29 - 2014-06-22 00:52 - 00017312 ____H C:\Users\owner\Documents\~WRL2427.tmp
2016-03-07 12:29 - 2014-06-22 00:52 - 00013015 ____H C:\Users\owner\Documents\~WRL3139.tmp
2016-03-07 12:29 - 2014-06-10 23:31 - 00017513 ____H C:\Users\owner\Documents\~WRL1981.tmp
2016-03-07 12:29 - 2014-06-10 23:31 - 00013505 ____H C:\Users\owner\Documents\~WRL3363.tmp
2016-03-07 12:29 - 2014-06-01 23:28 - 00032595 ____H C:\Users\owner\Documents\~WRL2499.tmp
2016-03-07 12:29 - 2014-06-01 23:28 - 00031007 ____H C:\Users\owner\Documents\~WRL3151.tmp
2016-03-07 12:29 - 2014-06-01 23:28 - 00023619 ____H C:\Users\owner\Documents\~WRL3498.tmp
2016-03-07 12:29 - 2014-06-01 23:28 - 00022849 ____H C:\Users\owner\Documents\~WRL2153.tmp
2016-03-07 12:29 - 2014-06-01 23:28 - 00019001 ____H C:\Users\owner\Documents\~WRL1269.tmp
2016-03-07 12:29 - 2014-05-18 21:30 - 00404942 ____H C:\Users\owner\Documents\~WRL1122.tmp
2016-03-07 12:29 - 2014-05-18 21:30 - 00402334 ____H C:\Users\owner\Documents\~WRL2604.tmp
2016-03-07 12:29 - 2014-05-18 21:30 - 00400955 ____H C:\Users\owner\Documents\~WRL1137.tmp
2016-03-07 12:29 - 2014-05-18 21:30 - 00399803 ____H C:\Users\owner\Documents\~WRL4017.tmp
2016-03-07 12:29 - 2014-05-18 21:30 - 00396305 ____H C:\Users\owner\Documents\~WRL0375.tmp
2016-03-07 12:29 - 2014-02-26 04:38 - 00019957 ____H C:\Users\owner\Documents\~WRL2394.tmp
2016-03-07 12:29 - 2014-02-26 04:38 - 00019234 ____H C:\Users\owner\Documents\~WRL0028.tmp
2016-03-07 12:29 - 2014-02-26 04:38 - 00018765 ____H C:\Users\owner\Documents\~WRL2212.tmp
2016-03-07 12:29 - 2014-02-26 04:38 - 00016391 ____H C:\Users\owner\Documents\~WRL1129.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00940520 ____H C:\Users\owner\Documents\~WRL0996.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00622134 ____H C:\Users\owner\Documents\~WRL0955.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00467486 ____H C:\Users\owner\Documents\~WRL2917.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00463811 ____H C:\Users\owner\Documents\~WRL3523.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00390337 ____H C:\Users\owner\Documents\~WRL3767.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00389761 ____H C:\Users\owner\Documents\~WRL3949.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00388859 ____H C:\Users\owner\Documents\~WRL1928.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00387032 ____H C:\Users\owner\Documents\~WRL2658.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00383159 ____H C:\Users\owner\Documents\~WRL1406.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00369210 ____H C:\Users\owner\Documents\~WRL3531.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00366948 ____H C:\Users\owner\Documents\~WRL4091.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00356715 ____H C:\Users\owner\Documents\~WRL1223.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00354573 ____H C:\Users\owner\Documents\~WRL3090.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00353289 ____H C:\Users\owner\Documents\~WRL0283.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00349177 ____H C:\Users\owner\Documents\~WRL1003.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00344388 ____H C:\Users\owner\Documents\~WRL2958.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00343686 ____H C:\Users\owner\Documents\~WRL1209.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00341014 ____H C:\Users\owner\Documents\~WRL0164.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00340995 ____H C:\Users\owner\Documents\~WRL0072.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00337766 ____H C:\Users\owner\Documents\~WRL3042.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00337534 ____H C:\Users\owner\Documents\~WRL1900.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00337128 ____H C:\Users\owner\Documents\~WRL1461.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00332668 ____H C:\Users\owner\Documents\~WRL1067.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00325080 ____H C:\Users\owner\Documents\~WRL3266.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00324189 ____H C:\Users\owner\Documents\~WRL3812.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00323644 ____H C:\Users\owner\Documents\~WRL1440.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00316836 ____H C:\Users\owner\Documents\~WRL3030.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00300590 ____H C:\Users\owner\Documents\~WRL3706.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00299843 ____H C:\Users\owner\Documents\~WRL2620.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00292299 ____H C:\Users\owner\Documents\~WRL2641.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00287539 ____H C:\Users\owner\Documents\~WRL3874.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00287261 ____H C:\Users\owner\Documents\~WRL3626.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00286411 ____H C:\Users\owner\Documents\~WRL2468.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00268512 ____H C:\Users\owner\Documents\~WRL2035.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00257466 ____H C:\Users\owner\Documents\~WRL1264.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00256753 ____H C:\Users\owner\Documents\~WRL3846.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00247882 ____H C:\Users\owner\Documents\~WRL2895.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00241153 ____H C:\Users\owner\Documents\~WRL3395.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00230990 ____H C:\Users\owner\Documents\~WRL0209.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00228119 ____H C:\Users\owner\Documents\~WRL3308.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00227646 ____H C:\Users\owner\Documents\~WRL4014.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00227104 ____H C:\Users\owner\Documents\~WRL3249.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00222267 ____H C:\Users\owner\Documents\~WRL3438.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00221345 ____H C:\Users\owner\Documents\~WRL1195.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00219942 ____H C:\Users\owner\Documents\~WRL0098.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00216094 ____H C:\Users\owner\Documents\~WRL3173.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00214540 ____H C:\Users\owner\Documents\~WRL0981.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00214488 ____H C:\Users\owner\Documents\~WRL3385.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00214216 ____H C:\Users\owner\Documents\~WRL3691.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00207481 ____H C:\Users\owner\Documents\~WRL3166.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00205756 ____H C:\Users\owner\Documents\~WRL1826.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00204620 ____H C:\Users\owner\Documents\~WRL2200.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00203859 ____H C:\Users\owner\Documents\~WRL2603.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00201382 ____H C:\Users\owner\Documents\~WRL0699.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00200954 ____H C:\Users\owner\Documents\~WRL0315.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00200475 ____H C:\Users\owner\Documents\~WRL1142.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00200269 ____H C:\Users\owner\Documents\~WRL0814.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00197765 ____H C:\Users\owner\Documents\~WRL2398.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00195397 ____H C:\Users\owner\Documents\~WRL3492.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00195017 ____H C:\Users\owner\Documents\~WRL0604.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00194186 ____H C:\Users\owner\Documents\~WRL3334.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00194169 ____H C:\Users\owner\Documents\~WRL0965.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00193037 ____H C:\Users\owner\Documents\~WRL3779.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00192914 ____H C:\Users\owner\Documents\~WRL0192.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00192221 ____H C:\Users\owner\Documents\~WRL1140.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00191453 ____H C:\Users\owner\Documents\~WRL3010.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00191371 ____H C:\Users\owner\Documents\~WRL1445.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00191325 ____H C:\Users\owner\Documents\~WRL2280.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00191121 ____H C:\Users\owner\Documents\~WRL1616.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00187151 ____H C:\Users\owner\Documents\~WRL1947.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00187079 ____H C:\Users\owner\Documents\~WRL3722.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00186864 ____H C:\Users\owner\Documents\~WRL3171.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00183223 ____H C:\Users\owner\Documents\~WRL3879.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00180716 ____H C:\Users\owner\Documents\~WRL1918.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00180636 ____H C:\Users\owner\Documents\~WRL2159.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00175868 ____H C:\Users\owner\Documents\~WRL3915.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00175418 ____H C:\Users\owner\Documents\~WRL0858.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00175244 ____H C:\Users\owner\Documents\~WRL0806.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00169017 ____H C:\Users\owner\Documents\~WRL0711.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00168850 ____H C:\Users\owner\Documents\~WRL2619.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00165906 ____H C:\Users\owner\Documents\~WRL2459.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00165496 ____H C:\Users\owner\Documents\~WRL3762.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00165337 ____H C:\Users\owner\Documents\~WRL0862.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00161992 ____H C:\Users\owner\Documents\~WRL0305.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00161833 ____H C:\Users\owner\Documents\~WRL3480.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00161667 ____H C:\Users\owner\Documents\~WRL0930.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00161490 ____H C:\Users\owner\Documents\~WRL3777.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00161331 ____H C:\Users\owner\Documents\~WRL4087.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00160442 ____H C:\Users\owner\Documents\~WRL1710.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00159607 ____H C:\Users\owner\Documents\~WRL0369.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00158042 ____H C:\Users\owner\Documents\~WRL2630.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00157138 ____H C:\Users\owner\Documents\~WRL2150.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00141245 ____H C:\Users\owner\Documents\~WRL1811.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00138342 ____H C:\Users\owner\Documents\~WRL2227.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00138223 ____H C:\Users\owner\Documents\~WRL1405.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00128038 ____H C:\Users\owner\Documents\~WRL1850.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00127960 ____H C:\Users\owner\Documents\~WRL0026.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00122742 ____H C:\Users\owner\Documents\~WRL2042.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00122299 ____H C:\Users\owner\Documents\~WRL0025.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00120462 ____H C:\Users\owner\Documents\~WRL0024.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00118940 ____H C:\Users\owner\Documents\~WRL2897.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00107580 ____H C:\Users\owner\Documents\~WRL2834.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00104906 ____H C:\Users\owner\Documents\~WRL0844.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00094129 ____H C:\Users\owner\Documents\~WRL1439.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00093964 ____H C:\Users\owner\Documents\~WRL0023.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00091990 ____H C:\Users\owner\Documents\~WRL1711.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00086225 ____H C:\Users\owner\Documents\~WRL2596.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00079108 ____H C:\Users\owner\Documents\~WRL1477.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00074475 ____H C:\Users\owner\Documents\~WRL3753.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00067983 ____H C:\Users\owner\Documents\~WRL3808.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00066717 ____H C:\Users\owner\Documents\~WRL0022.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00066357 ____H C:\Users\owner\Documents\~WRL0021.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00062649 ____H C:\Users\owner\Documents\~WRL0070.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00061924 ____H C:\Users\owner\Documents\~WRL1443.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00059428 ____H C:\Users\owner\Documents\~WRL1665.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00058739 ____H C:\Users\owner\Documents\~WRL0020.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00054680 ____H C:\Users\owner\Documents\~WRL0019.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00053140 ____H C:\Users\owner\Documents\~WRL2781.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00052172 ____H C:\Users\owner\Documents\~WRL1975.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00051257 ____H C:\Users\owner\Documents\~WRL0018.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00048912 ____H C:\Users\owner\Documents\~WRL0017.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00048743 ____H C:\Users\owner\Documents\~WRL3920.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00046412 ____H C:\Users\owner\Documents\~WRL0016.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00046004 ____H C:\Users\owner\Documents\~WRL0319.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00045871 ____H C:\Users\owner\Documents\~WRL2689.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00041032 ____H C:\Users\owner\Documents\~WRL2055.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00040339 ____H C:\Users\owner\Documents\~WRL0015.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00040314 ____H C:\Users\owner\Documents\~WRL0014.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00038557 ____H C:\Users\owner\Documents\~WRL3715.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00032733 ____H C:\Users\owner\Documents\~WRL1792.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00030539 ____H C:\Users\owner\Documents\~WRL3975.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00029824 ____H C:\Users\owner\Documents\~WRL1802.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00029513 ____H C:\Users\owner\Documents\~WRL0657.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00027992 ____H C:\Users\owner\Documents\~WRL0013.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00025807 ____H C:\Users\owner\Documents\~WRL1709.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00022330 ____H C:\Users\owner\Documents\~WRL0084.tmp
2016-03-07 12:29 - 2014-02-13 00:12 - 00020057 ____H C:\Users\owner\Documents\~WRL2546.tmp
2016-03-07 12:29 - 2013-10-28 01:36 - 00255658 ____H C:\Users\owner\Documents\~WRL0012.tmp
2016-03-07 12:29 - 2013-10-28 01:36 - 00255300 ____H C:\Users\owner\Documents\~WRL1944.tmp
2016-03-07 12:29 - 2013-10-28 01:36 - 00013813 ____H C:\Users\owner\Documents\~WRL3535.tmp
2016-03-07 12:29 - 2013-10-28 01:36 - 00013521 ____H C:\Users\owner\Documents\~WRL0648.tmp
2016-03-07 12:29 - 2013-09-25 01:56 - 00014612 ____H C:\Users\owner\Documents\~WRL3761.tmp
2016-03-07 12:29 - 2013-09-25 01:56 - 00012848 ____H C:\Users\owner\Documents\~WRL2026.tmp
2016-03-07 12:29 - 2013-05-11 19:26 - 00015772 ____H C:\Users\owner\Documents\~WRL2072.tmp
2016-03-07 12:29 - 2013-04-24 01:24 - 00012784 ____H C:\Users\owner\Documents\~WRL0011.tmp
2016-03-07 12:29 - 2013-03-18 21:26 - 00013704 ____H C:\Users\owner\Documents\~WRL0835.tmp
2016-03-07 12:29 - 2013-03-18 21:26 - 00013406 ____H C:\Users\owner\Documents\~WRL0010.tmp
2016-03-07 12:29 - 2013-02-05 03:57 - 00013173 ____H C:\Users\owner\Documents\~WRL1692.tmp
2016-03-07 12:29 - 2013-01-03 04:18 - 00021443 ____H C:\Users\owner\Documents\~WRL0282.tmp
2016-03-07 12:29 - 2012-12-02 06:26 - 00013907 ____H C:\Users\owner\Documents\~WRL2849.tmp
2016-03-07 12:29 - 2012-11-21 03:04 - 00013985 ____H C:\Users\owner\Documents\~WRL1231.tmp
2016-03-07 12:29 - 2012-10-02 21:44 - 00015551 ____H C:\Users\owner\Documents\~WRL0009.tmp
2016-03-07 12:29 - 2012-10-02 21:44 - 00014663 ____H C:\Users\owner\Documents\~WRL2969.tmp
2016-03-07 12:29 - 2012-05-08 04:06 - 00028448 ____H C:\Users\owner\Documents\~WRL0008.tmp
2016-03-07 12:29 - 2012-05-06 03:32 - 00014040 ____H C:\Users\owner\Documents\~WRL3086.tmp
2016-03-07 12:29 - 2012-05-06 03:32 - 00013655 ____H C:\Users\owner\Documents\~WRL4058.tmp
2016-03-07 12:29 - 2012-04-30 02:24 - 00110188 _____ C:\Users\owner\Documents\Chapter 13 Scrambled-1.pptx
2016-03-07 12:29 - 2012-04-29 10:18 - 00013662 ____H C:\Users\owner\Documents\~WRL1995.tmp
2016-03-07 12:29 - 2012-04-29 10:18 - 00013403 ____H C:\Users\owner\Documents\~WRL0006.tmp
2016-03-07 12:29 - 2012-04-24 03:59 - 00013183 ____H C:\Users\owner\Documents\~WRL0424.tmp
2016-03-07 12:29 - 2012-04-14 20:39 - 00181557 _____ C:\Users\owner\Documents\Chapter 4 Scrambled.pptx
2016-03-07 12:29 - 2012-04-14 20:39 - 00157370 _____ C:\Users\owner\Documents\Chapter 5 Scrambled.pptx
2016-03-07 12:29 - 2012-04-14 20:38 - 00179933 _____ C:\Users\owner\Documents\Chapter 2 Scrambled.pptx
2016-03-07 12:29 - 2012-04-14 20:38 - 00111569 _____ C:\Users\owner\Documents\Chapter 3 Scrambled.pptx
2016-03-07 12:29 - 2012-04-14 20:37 - 00192955 _____ C:\Users\owner\Documents\Chapter 1 Scrambled.pptx
2016-03-07 12:29 - 2012-04-05 03:00 - 00026595 ____H C:\Users\owner\Documents\~WRL0005.tmp
2016-03-07 12:29 - 2012-04-05 03:00 - 00014704 ____H C:\Users\owner\Documents\~WRL0743.tmp
2016-03-07 12:29 - 2012-04-05 03:00 - 00013946 ____H C:\Users\owner\Documents\~WRL2164.tmp
2016-03-07 12:29 - 2012-04-05 00:22 - 00435564 _____ C:\Users\owner\Documents\epr.htm
2016-03-07 12:29 - 2012-03-25 05:58 - 00015342 ____H C:\Users\owner\Documents\~WRL0007.tmp
2016-03-07 12:29 - 2012-03-25 05:58 - 00014322 ____H C:\Users\owner\Documents\~WRL0004.tmp
2016-03-07 12:29 - 2011-12-05 00:14 - 00018308 ____H C:\Users\owner\Documents\~WRL0126.tmp
2016-03-07 12:29 - 2011-11-28 01:07 - 00017308 ____H C:\Users\owner\Documents\~WRL3878.tmp
2016-03-07 12:29 - 2011-11-26 03:00 - 00017191 ____H C:\Users\owner\Documents\~WRL1701.tmp
2016-03-07 12:29 - 2011-11-26 03:00 - 00013467 ____H C:\Users\owner\Documents\~WRL1055.tmp
2016-03-07 12:29 - 2011-03-08 22:18 - 02336843 ____H C:\Users\owner\Documents\Buddhism for PP 2.pptx
2016-03-05 22:59 - 2009-07-13 20:45 - 00003072 _____ C:\Windows\System32\umstartup.etl
2016-03-03 17:50 - 2009-07-13 20:45 - 00003072 _____ C:\Windows\System32\umstartup000.etl
2016-03-03 14:55 - 2013-06-10 11:31 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2016-03-03 14:55 - 2013-06-03 03:20 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2016-03-03 14:55 - 2012-11-17 18:46 - 00000370 ____H C:\Windows\Tasks\VaudiXUpdaterTask{F2A09392-928B-4B6C-8529-C725BE4B293E}.job
2016-03-03 14:55 - 2010-01-14 04:27 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-03 14:55 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-03 14:54 - 2015-12-04 00:40 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-03-03 14:54 - 2012-08-30 21:19 - 00000000 ____D C:\Windows\System32\Tasks\Sony Corporation
2016-03-03 14:54 - 2012-05-08 04:27 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2016-03-03 14:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2016-03-03 14:53 - 2010-01-14 04:36 - 00000000 __RHD C:\MSOCache
2016-03-03 14:50 - 2009-07-13 20:45 - 00014144 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-03 14:50 - 2009-07-13 20:45 - 00014144 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-28 19:47 - 2010-01-14 04:27 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-28 19:46 - 2014-02-01 13:33 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1798455190-986609235-2888039337-1001UA.job
2016-02-28 19:46 - 2012-05-08 04:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-28 18:32 - 2012-01-17 20:46 - 00129080 _____ C:\Windows\System32\GDIPFONTCACHEV1.DAT
2016-02-28 18:23 - 2014-04-15 22:45 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-02-28 03:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-02-26 16:03 - 2014-04-15 22:43 - 00463744 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2016-02-21 22:04 - 2014-02-01 13:33 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1798455190-986609235-2888039337-1001Core.job
2016-02-19 01:04 - 2011-08-14 15:21 - 00000000 ___HD C:\Users\owner\AppData\Local\CrashDumps
2016-02-18 03:17 - 2011-11-23 16:27 - 00000064 _____ C:\Windows\SysWOW64\rp_stats.dat
2016-02-18 03:17 - 2011-11-23 16:27 - 00000044 _____ C:\Windows\SysWOW64\rp_rules.dat
2016-02-12 21:50 - 2015-11-12 05:30 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-02-10 02:35 - 2014-04-15 22:43 - 00287016 _____ (AVAST Software) C:\Windows\System32\Drivers\aswVmm.sys
2016-02-10 02:32 - 2014-04-24 22:10 - 00037656 _____ (AVAST Software) C:\Windows\System32\Drivers\aswHwid.sys
2016-02-10 02:32 - 2014-04-15 22:43 - 00165344 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2016-02-10 02:32 - 2014-04-15 22:43 - 00107792 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2016-02-10 02:32 - 2014-04-15 22:43 - 00103064 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2016-02-10 02:32 - 2014-04-15 22:43 - 00074544 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRvrt.sys
2016-02-10 02:32 - 2014-04-15 22:40 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-10 02:31 - 2014-04-15 22:43 - 01065720 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2016-02-10 02:31 - 2014-04-15 22:42 - 00000000 ____D C:\Program Files\AVAST Software
2016-02-10 01:26 - 2012-05-08 04:26 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-10 01:26 - 2012-05-08 04:26 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-10 01:26 - 2011-11-20 15:20 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 19%
Total physical RAM: 3758.1 MB
Available physical RAM: 3034.68 MB
Total Virtual: 3756.25 MB
Available Virtual: 3026.93 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:289.23 GB) (Free:119.32 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:8.77 GB) (Free:0.82 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (ROS_SysRec7_64) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive g: () (Removable) (Total:0.24 GB) (Free:0.22 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 5BC53D8B)
Partition 1: (Not Active) - (Size=8.8 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=289.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 249.3 MB) (Disk ID: 00102FCC)
Partition 1: (Active) - (Size=249 MB) - (Type=06)
 
 
LastRegBack: 2016-03-03 04:26
 
==================== End of FRST.txt ============================

Attached Files


  • 0

#4
RKinner
Posted 11 March 2016 - 06:08 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

FRST log is not showing ZeroAccess now.  However, I am seeing 

 

2016-03-03 15:04 - 2016-03-03 15:04 - 00000000 __SHD C:\found.006

 

This is where it puts files that it recovered from bad sectors on the hard drive.  The fact that it is up to 006 indicates that this is an ongoing problem so we are probably looking at a hard drive that is failing.  I am also seeing in the ntbtlog.txt that it is having problems loading some of the chipset files:

 

Did not load driver @hal.inf,%acpi_amd64.devicedesc%;ACPI x64-based PC
Did not load driver @battery.inf,%*compbatt.devicedesc%;Microsoft Composite Battery
Did not load driver @battery.inf,%*compbatt.devicedesc%;Microsoft Composite Battery
Did not load driver @battery.inf,%*compbatt.devicedesc%;Microsoft Composite Battery
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor
Did not load driver @cpu.inf,%intelppm.devicedesc%;Intel Processor

 

 

 

 

 

From your command prompt type:

sfc  /scannow

Does this run or do you get an error?


  • 0

#5
honnybee
Posted 11 March 2016 - 07:16 AM

honnybee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
It says it's beginning scan then starts another line saying there is system repairs pending which requires reboot your complete restart windows and run again. I did that still shows up the same thing.
  • 0

#6
RKinner
Posted 11 March 2016 - 08:11 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

OK.  Let's run another fixlog.  I want to remove a few files that I missed earlier and look at some others to see what they do and also look at the contents of the found.006 folder.

 

 

 
Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix
A fix log will be generated please post that 

 


  • 0

#7
honnybee
Posted 11 March 2016 - 08:41 AM

honnybee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Heres the fix log

Attached Files


  • 0

#8
RKinner
Posted 11 March 2016 - 08:46 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

I left a colon out so three lines didn't work.  Try it again:

 

 

 

 
Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix
A fix log will be generated please post that 

  • 0

#9
honnybee
Posted 11 March 2016 - 08:54 AM

honnybee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Heres the new fix log

Attached Files


  • 0

#10
RKinner
Posted 11 March 2016 - 09:15 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

C:\user.js

 

C:\settings.ini

 

are both malware related.  The ftconfig.ini file claims it is McAfee but seems odd.  I think we will get rid of all three.

 

 
Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix
A fix log will be generated please post that 
 
Can you run 
 
 
chkdsk /f C:
 
from the command prompt?
 
 
You may want to download hirem's boot disk and burn it to a CD (or a USB) using another PC.
 
 
 
Download is near the bottom where it says:
 
Filename: Hirens.BootCD.15.2.zip
 
 
This a BIG! Zip File so save it.  Then right click on it and Extract all.  Put a blank CD in the drive and then double click on BurnToCD.cmd.  When it finishes you boot off it and run the MiniXP program.  This will give you a fake XP desktop. 
 
For USB boot see:
 
 
 

  • 0

Advertisements

#11
honnybee
Posted 11 March 2016 - 09:40 AM

honnybee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Heres the fixlog, I ran the command line you wrote it says it doesn't recognize "chdsk", I can't do the downloads right now since I'm operating from a mac I can get them later in the day, but when I do get it what should I do and can you explain the status of my computer so far. thanks.

Attached Files


  • 0

#12
RKinner
Posted 11 March 2016 - 11:27 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Hirem's will allow you to rescue any files on the PC.  It also has several anti-virus scans on it.  There are also several useful utilities (and many that are no longer useful).  An alternative would be the AVG Rescue disk which is here:

http://www.geekstogo...ystem-tutorial/


  • 0

#13
honnybee
Posted 11 March 2016 - 03:27 PM

honnybee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
I was able to download hirem onto USB and boot into it, I also bought roguekiller premium based on a suggestion on another forum. What should I do now.
  • 0

#14
RKinner
Posted 11 March 2016 - 04:17 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

There are several anti-virus programs on Hiren's.  Some of them won't work if they can't update but some will work so I'd try a couple of scans.  I don't suppose the fake XP is good enough to actually run programs like rogue killer but you can try.  


  • 0

#15
honnybee
Posted 12 March 2016 - 03:50 AM

honnybee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Hello Rkinner I scanned my computer with the malwarebytes that was in the Hiren system 6 viruses showed up, two days  before I was also able to use a windows defender offline on a usb to boot from it  was able to get rid of four viruses, I also used the tdsskiller installed there it said it found nothing, I checked it with another tdsskiller that I downloaded separately onto a usb it showed up with the same results. Today I'm going to download roguekiller and the one specifically for command prompts and scan my computer with that. I also did another frst scan of my computer for you to see. How is the status of my computer now and is it ready or close to being booted properly. Thanks

Attached Files

  • Attached File  FRST.txt   58.17KB   564 downloads

  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP