Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects + Foolishly Attempted Solutions = BSOD on Boot


  • This topic is locked This topic is locked
13 replies to this topic

#1 DeadJenkins

DeadJenkins

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 18 October 2011 - 08:05 PM

Hello,

I seem to have done what every member of this forum warns everyone not to do: I tried to fix my malware with tools I'm not supposed to use without supervision.
I had a virus or something that deleted all my icons and pester me with fake scans. I used Malwarebytes to fix that.
Then I noticed that my Google searches were getting redirected.
The malware would redirect me to find-fast-answers every once in a while.

I tried Combofix and TDSSKiller which solved this problem for me a few months ago, which did not solve the issue. After a few hours of solution searching, I read somewhere that Hitman Pro fixes my very symptoms. Hitman Pro found a few things as well as a possibly infected boot file. I told it to repair everything.

I assume that's where it all went wrong.

I can no longer boot into Windows normal or safe mode. In normal, I get to the Windows logo, which then freezes for a sec and I get a BSOD with stop code 0x0000007b before restarting. In safe mode, the last driver that shows up on the screen is classpnp.sys before flashing a blue screen and restarting into Windows recovery (which I assume is also 0x0000007b, but I am not 100% sure).

I tried chkdsk, sfc, and the steps to fixmbr, to no avail, though I'm not 100% sure if I did it right, because the whole recovery mode thing confused me. I tried the automatic Windows repair, two system restores and a Use Last Known Good Configuration, none of which had any noticeable effect.

If possible, could somebody help me in getting my computer to boot into Windows again? (Preferably without full reinstall)
And if that is possible, could I also get help in removing the redirect virus?

Needless to say, I learned my lesson in trying to fix things with tools I don't fully understand.

Thank you!

Oh yeah, I'm on Windows 7 Professional x64

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:05 PM

Posted 19 October 2011 - 12:23 AM

Hello DeadJenkins,

Welcome to Bleeping Computer.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#3 DeadJenkins

DeadJenkins
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 19 October 2011 - 01:41 AM

Thank you for the fast reply!
Here is the log from FRST.txt:




Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.5
Ran by SYSTEM at 2011-10-19 02:25:04
Running from F:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436224 2010-11-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-09-08] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [449584 2011-07-06] (Malwarebytes Corporation)
HKLM-x32\...\Run: [VMware hqtray] "C:\Users\Simon\Downloads\VMware\hqtray.exe" [64112 2011-03-25] (VMware, Inc.)
HKU\Simon\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-01] (Valve Corporation)
HKU\Simon\...\Run: [F.lux] "C:\Users\Simon\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-28] ()
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

==================== Services (Whitelisted) ======

3 DAUpdaterSvc; C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [366640 2011-07-06] (Malwarebytes Corporation)
2 VMAuthdService; "C:\Users\Simon\Downloads\VMware\vmware-authd.exe" [113264 2011-03-25] (VMware, Inc.)
2 VMUSBArbService; "C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe" [539248 2011-03-25] (VMware, Inc.)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]
2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [x]
3 ufad-ws60; C:\Users\Simon\Downloads\VMware\vmware-ufad.exe -d "C:\Users\Simon\Downloads\VMware\\" -s ufad-p2v.xml [x]
2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [x]
2 VMware NAT Service; C:\Windows\system32\vmnat.exe [x]

========================== Drivers (Whitelisted) =============

3 Bridge; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] ()
2 hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [38512 2011-03-25] (VMware, Inc.)
3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [69736 2010-07-13] (ITE Tech. Inc. )
3 LHidFilt; C:\Windows\System32\DRIVERS\LHidFilt.Sys [63568 2010-08-24] (Logitech, Inc.)
3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [57936 2010-08-24] (Logitech, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25912 2011-07-06] (Malwarebytes Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ATK64AMD.sys [13680 2007-08-08] ()
1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [91568 2010-04-12] (PowerISO Computing, Inc.)
0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows ® Server 2003 DDK provider)
2 vmci; \??\C:\Windows\system32\drivers\vmci.sys [81008 2011-03-25] (VMware, Inc.)
3 vmkbd; \??\C:\Windows\system32\drivers\VMkbd.sys [31856 2011-03-25] (VMware, Inc.)
3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [20016 2011-03-25] (VMware, Inc.)
2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [45104 2011-03-25] (VMware, Inc.)
2 VMnetuserif; \??\C:\Windows\system32\drivers\vmnetuserif.sys [30320 2011-03-25] (VMware, Inc.)
2 vmx86; \??\C:\Windows\system32\drivers\vmx86.sys [68720 2011-03-25] (VMware, Inc.)
2 vstor2-ws60; \??\C:\Users\Simon\Downloads\VMware\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.)
3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [679936 2009-07-13] (Microsoft Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
2 tandpl; C:\Windows\System32\drivers\tandpl.sys [x]
3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-10-19 02:24 - 2011-10-19 02:25 - 0000000 ____D C:\FRST
2011-10-18 19:51 - 2009-07-13 15:29 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wimfsf.sys
2011-10-18 19:50 - 2009-07-13 17:45 - 0096320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sacdrv.sys
2011-10-18 19:50 - 2009-07-13 16:01 - 0027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ramdisk.sys
2011-10-18 19:50 - 2009-07-13 15:29 - 0098304 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fbwf.sys
2011-10-18 05:32 - 2011-10-18 05:32 - 0000000 ____A C:\Users\Simon\Desktop\thislog.txt
2011-10-17 13:59 - 2011-10-17 21:57 - 0000000 ____D C:\Users\All Users\Hitman Pro
2011-10-17 13:59 - 2011-10-17 21:57 - 0000000 ____D C:\ProgramData\Hitman Pro
2011-10-17 12:45 - 2011-10-17 12:45 - 0020277 ____A C:\ComboFix.txt
2011-10-17 05:38 - 2011-10-17 05:41 - 0081016 ____A C:\TDSSKiller.2.6.10.0_17.10.2011_09.38.10_log.txt
2011-10-17 05:37 - 2011-10-17 05:37 - 1540929 ____A C:\Users\Simon\Downloads\tdsskiller.zip
2011-10-17 05:37 - 2011-10-17 05:37 - 0000346 ____A C:\TDSSKiller.2.6.9.0_17.10.2011_09.37.11_log.txt
2011-10-17 00:32 - 2011-10-18 03:54 - 0000000 ___SD C:\ComboFix
2011-10-17 00:27 - 2011-10-17 00:28 - 0081014 ____A C:\TDSSKiller.2.6.9.0_17.10.2011_04.27.50_log.txt
2011-10-17 00:20 - 2011-10-17 00:22 - 0080980 ____A C:\TDSSKiller.2.6.9.0_17.10.2011_04.20.27_log.txt
2011-10-17 00:20 - 2010-12-31 21:14 - 0002254 ____A C:\Users\Simon\Downloads\eula.txt
2011-10-17 00:19 - 2011-10-17 00:19 - 0000414 ____A C:\TDSSKiller.2.5.15.0_17.10.2011_04.19.39_log.txt
2011-10-12 12:41 - 2011-10-12 12:41 - 2697508 ____A C:\Users\Simon\Documents\Project1.zip
2011-10-11 18:47 - 2011-10-17 09:41 - 0009625 ____A C:\Users\Simon\Documents\Keyboard Stuff.xlsx
2011-10-11 08:10 - 2011-10-11 08:11 - 25340733 ____A C:\Users\Simon\Downloads\gravitybone_v11.zip
2011-10-10 02:23 - 2011-10-10 02:23 - 0000056 ____A C:\Windows\setupact.log
2011-10-10 02:23 - 2011-10-10 02:23 - 0000000 ____A C:\Windows\setuperr.log
2011-10-08 17:11 - 2011-10-08 17:10 - 1915930 ____A C:\Users\Simon\Downloads\oregon-trail-deluxe.zip
2011-10-07 17:04 - 2011-10-07 17:04 - 3496848 ____A (Piriform Ltd) C:\Users\Simon\Downloads\ccsetup311.exe
2011-10-07 16:23 - 2007-09-13 20:59 - 45437153 ____A C:\Users\Simon\Downloads\FL Studio Bible.pdf
2011-10-07 16:22 - 2011-10-07 16:23 - 30785880 ____A C:\Users\Simon\Downloads\FL Studio Bible.zip
2011-10-07 12:37 - 2011-10-07 12:45 - 6432608 ____A (DigiPen ) C:\Users\Simon\Downloads\Nous_Setup.exe
2011-10-07 12:28 - 2011-10-07 12:28 - 0945120 ____A (techPowerUp (www.techpowerup.com)) C:\Users\Simon\Downloads\GPU-Z.0.5.5.exe
2011-10-06 12:44 - 2011-10-07 00:12 - 0017923 ____A C:\Users\Simon\Documents\CS 305 Essay Response 1.docx
2011-10-06 12:44 - 2011-10-06 12:44 - 0000162 ____A C:\Users\Simon\Documents\~$ 305 Essay Response 1.docx
2011-10-05 23:07 - 2011-10-05 23:08 - 0000000 ____D C:\Users\Simon\Documents\Replays
2011-10-05 17:05 - 2011-10-05 17:13 - 0000000 ____D C:\Users\Simon\Documents\Math 331
2011-10-05 07:00 - 2011-10-05 07:00 - 12230416 ____A C:\Users\Simon\Downloads\drjava-beta-20110822-r5448.exe
2011-10-05 06:59 - 2011-10-18 03:56 - 0000000 ____D C:\Users\Simon\Documents\CS 320
2011-10-05 06:57 - 2011-10-05 06:56 - 0000428 ____A C:\Users\Simon\Documents\TestLinkList.java
2011-10-05 06:56 - 2011-10-05 09:52 - 0003269 ____A C:\Users\Simon\Documents\CS 320 - Assignment 0 - Simon Zhang.zip
2011-10-02 20:29 - 2011-10-02 21:32 - 0011414 ____A C:\Users\Simon\Documents\Assignment A3.xlsx
2011-09-27 17:44 - 2011-09-27 17:45 - 0000000 ____D C:\Users\Simon\Documents\CS 311
2011-09-27 15:38 - 2011-08-15 10:32 - 0224048 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys
2011-09-27 15:38 - 2011-08-15 10:32 - 0128816 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys
2011-09-27 15:37 - 2011-09-27 15:37 - 0000000 ____D C:\Users\Simon\.VirtualBox
2011-09-27 15:26 - 2011-10-18 03:56 - 0000000 ____D C:\Program Files (x86)\Windows Installer Clean Up
2011-09-27 15:26 - 2011-10-18 03:29 - 0000000 ____D C:\Program Files (x86)\MSECACHE
2011-09-27 13:50 - 2011-09-27 17:07 - 0016506 ____A C:\Users\Simon\Documents\Funds Request 305.docx
2011-09-27 13:50 - 2011-09-27 13:50 - 0000162 ____A C:\Users\Simon\Documents\~$nds Request 305.docx
2011-09-27 13:20 - 2011-09-27 13:20 - 0446258 ____A C:\Windows\AutoKMS.exe
2011-09-27 12:45 - 2011-10-18 03:36 - 0000000 ____D C:\Users\Simon\Documents\Assignment A2
2011-09-26 23:10 - 2011-09-26 23:10 - 0000000 ____D C:\Users\Simon\Documents\Virtual Machines
2011-09-26 22:58 - 2011-10-18 03:57 - 0000000 ____D C:\Users\Simon\Downloads\VirtualBox
2011-09-26 22:41 - 2011-09-26 23:04 - 732112896 ____A C:\Users\Simon\Downloads\ubuntu-11.04-desktop-amd64.iso
2011-09-26 22:37 - 2011-09-26 22:37 - 0001354 ____A C:\Users\Simon\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
2011-09-26 22:37 - 2011-09-26 22:37 - 0001354 ____A C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
2011-09-26 22:35 - 2011-10-18 03:56 - 0000000 ____D C:\Users\Simon\AppData\Roaming\VMware
2011-09-26 22:35 - 2011-10-16 02:44 - 0000000 ____D C:\Users\Simon\AppData\Local\VMware
2011-09-26 22:23 - 2011-03-25 19:27 - 0081008 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmci.sys
2011-09-26 22:23 - 2011-03-25 19:27 - 0068720 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmx86.sys
2011-09-26 22:22 - 2011-09-26 22:22 - 0001024 ____A C:\.rnd
2011-09-26 22:22 - 2011-03-25 19:27 - 0968816 ____A (VMware, Inc.) C:\Windows\System32\vnetlib64.dll
2011-09-26 22:22 - 2011-03-25 19:26 - 0404080 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2011-09-26 22:22 - 2011-03-25 19:26 - 0334448 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2011-09-26 22:22 - 2011-03-25 19:25 - 0031856 ____A (VMware, Inc.) C:\Windows\System32\Drivers\VMkbd.sys
2011-09-26 22:22 - 2011-03-25 19:25 - 0030320 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnetuserif.sys
2011-09-26 22:22 - 2011-03-25 18:27 - 0038512 ____A (VMware, Inc.) C:\Windows\System32\Drivers\hcmon.sys
2011-09-26 22:21 - 2011-10-18 03:35 - 0000000 ____D C:\Users\All Users\VMware
2011-09-26 22:21 - 2011-10-18 03:35 - 0000000 ____D C:\ProgramData\VMware
2011-09-26 22:21 - 2011-09-26 22:21 - 0002069 ____A C:\Users\Public\Desktop\VMware Player.lnk
2011-09-26 18:04 - 2011-09-26 18:04 - 0119983 ____A C:\Users\Simon\Documents\Assignment A2.pdf
2011-09-26 13:20 - 2011-10-18 03:57 - 0000000 ____D C:\Users\Simon\Downloads\VMware
2011-09-23 23:49 - 2011-10-15 14:44 - 0000000 ____D C:\Users\Simon\riotsGamesLogs
2011-09-23 19:20 - 2011-09-23 19:20 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2011-09-22 16:35 - 2011-09-22 16:37 - 0000000 ____D C:\Users\Simon\Documents\Linguistics 101
2011-09-22 16:11 - 2011-09-22 16:06 - 0270378 ____A C:\Users\Simon\Downloads\Assignment A2.zip

============ 3 Months Modified Files and Folders =============

2011-10-19 02:25 - 2011-10-19 02:24 - 0000000 ____D C:\FRST
2011-10-18 05:32 - 2011-10-18 05:32 - 0000000 ____A C:\Users\Simon\Desktop\thislog.txt
2011-10-18 03:58 - 2011-03-16 19:18 - 0000000 ____D C:\Users\Simon\AppData\Roaming\SystemRequirementsLab
2011-10-18 03:57 - 2011-09-26 22:58 - 0000000 ____D C:\Users\Simon\Downloads\VirtualBox
2011-10-18 03:57 - 2011-09-26 13:20 - 0000000 ____D C:\Users\Simon\Downloads\VMware
2011-10-18 03:57 - 2011-07-11 19:01 - 0000000 ____D C:\Users\Simon\Downloads\xvi32
2011-10-18 03:57 - 2011-07-03 00:28 - 0000000 ____D C:\users\UpdatusUser
2011-10-18 03:57 - 2011-05-13 15:52 - 0000000 ____D C:\Users\Simon\Downloads\WLAN_NE771_PNP_WIN7_64_800197
2011-10-18 03:57 - 2011-05-13 09:54 - 0000000 ____D C:\Windows\ERDNT
2011-10-18 03:57 - 2011-05-13 09:39 - 0000000 ____D C:\Users\Simon\Downloads\tdsskiller
2011-10-18 03:57 - 2011-05-04 16:40 - 0000000 ____D C:\Users\Simon\Downloads\tsearch
2011-10-18 03:57 - 2011-04-25 17:19 - 0000000 ____D C:\Users\Simon\Downloads\Maintanence
2011-10-18 03:57 - 2011-03-24 16:49 - 0000000 ____D C:\Users\Simon\Downloads\MC Server
2011-10-18 03:57 - 2011-03-15 19:12 - 0000000 ____D C:\Windows\1C4551A64743409391E41477CD655043.TMP
2011-10-18 03:57 - 2011-03-01 10:35 - 0000000 ____D C:\Users\Simon\Downloads\spelunky_1_1
2011-10-18 03:57 - 2011-01-21 20:10 - 0000000 ____D C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2011-10-18 03:57 - 2011-01-19 16:26 - 0000000 ____D C:\Users\Simon\Downloads\wopt021
2011-10-18 03:57 - 2011-01-18 13:34 - 0000000 ____D C:\Users\Simon\Downloads\win7-9.2.0.113-whql
2011-10-18 03:57 - 2010-12-01 15:10 - 0000000 ____D C:\Users\Simon\Downloads\NewKMS.skypehunter
2011-10-18 03:57 - 2010-11-29 16:39 - 0000000 ____D C:\Windows\symbols
2011-10-18 03:57 - 2010-10-26 18:39 - 0000000 ____D C:\Users\Simon\Downloads\Office 2010
2011-10-18 03:57 - 2010-10-24 16:41 - 0000000 ____D C:\Users\Simon\Downloads\VGA_nVidia_V815118611_Vista64_Win7x64
2011-10-18 03:57 - 2010-10-24 16:14 - 0000000 ____D C:\users\Simon
2011-10-18 03:57 - 2009-07-13 23:46 - 0000000 ____D C:\Windows\ShellNew
2011-10-18 03:57 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2011-10-18 03:57 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2011-10-18 03:57 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2011-10-18 03:57 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\Setup
2011-10-18 03:57 - 2009-07-13 19:20 - 0000000 __RSD C:\Windows\Media
2011-10-18 03:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\TAPI
2011-10-18 03:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Recovery
2011-10-18 03:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\security
2011-10-18 03:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2011-10-18 03:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2011-10-18 03:56 - 2011-10-05 06:59 - 0000000 ____D C:\Users\Simon\Documents\CS 320
2011-10-18 03:56 - 2011-09-27 15:26 - 0000000 ____D C:\Program Files (x86)\Windows Installer Clean Up
2011-10-18 03:56 - 2011-09-26 22:35 - 0000000 ____D C:\Users\Simon\AppData\Roaming\VMware
2011-10-18 03:56 - 2011-08-23 19:01 - 0000000 ____D C:\Program Files\DIFX
2011-10-18 03:56 - 2011-07-25 16:03 - 0000000 ____D C:\Users\Simon\AppData\Local\Lunar_Giant_Studios
2011-10-18 03:56 - 2011-07-13 14:56 - 0000000 ____D C:\Users\Simon\Downloads\8-inch-2_3-samsung-update
2011-10-18 03:56 - 2011-07-11 19:30 - 0000000 ____D C:\Users\Simon\Downloads\DeusExe-v2
2011-10-18 03:56 - 2011-07-11 18:45 - 0000000 ____D C:\Users\Simon\Documents\Deus Ex - Invisible War
2011-10-18 03:56 - 2011-07-04 18:00 - 0000000 ____D C:\Users\Simon\Documents\ARES
2011-10-18 03:56 - 2011-07-03 00:28 - 0000000 ____D C:\Users\All Users\NVIDIA
2011-10-18 03:56 - 2011-07-03 00:28 - 0000000 ____D C:\ProgramData\NVIDIA
2011-10-18 03:56 - 2011-07-02 22:54 - 0000000 ____D C:\Users\Simon\Downloads\D3DOverrider
2011-10-18 03:56 - 2011-07-02 22:32 - 0000000 ____D C:\Users\Simon\AppData\Roaming\dvdcss
2011-10-18 03:56 - 2011-06-29 18:01 - 0000000 ____D C:\Users\Simon\AppData\Local\Aztaka
2011-10-18 03:56 - 2011-06-29 14:22 - 0000000 ____D C:\Users\Simon\Downloads\Indie Games
2011-10-18 03:56 - 2011-06-18 14:01 - 0000000 ____D C:\Users\Simon\AppData\Local\Apps\F.lux
2011-10-18 03:56 - 2011-06-16 02:57 - 0000000 ____D C:\Users\Simon\.android
2011-10-18 03:56 - 2011-05-06 14:15 - 0000000 ____D C:\Users\Simon\Downloads\df_31_25_win
2011-10-18 03:56 - 2011-04-25 17:29 - 0000000 ____D C:\Program Files (x86)\WinDirStat
2011-10-18 03:56 - 2011-04-25 17:27 - 0000000 ____D C:\Program Files\Speccy
2011-10-18 03:56 - 2011-04-25 17:26 - 0000000 ____D C:\Program Files\Defraggler
2011-10-18 03:56 - 2011-04-25 17:25 - 0000000 ____D C:\Program Files\CCleaner
2011-10-18 03:56 - 2011-04-16 12:51 - 0000000 ____D C:\Users\Simon\Downloads\DS SD
2011-10-18 03:56 - 2011-04-15 14:10 - 0000000 ____D C:\Program Files\TortoiseSVN
2011-10-18 03:56 - 2011-04-15 14:10 - 0000000 ____D C:\Program Files\Common Files\TortoiseOverlays
2011-10-18 03:56 - 2011-04-05 13:24 - 0000000 ____D C:\Python27
2011-10-18 03:56 - 2011-03-23 16:58 - 0000000 ____D C:\Program Files\Microsoft Security Client
2011-10-18 03:56 - 2011-03-16 19:18 - 0000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2011-10-18 03:56 - 2011-03-15 19:12 - 0000000 ____D C:\Users\All Users\Media Center Programs
2011-10-18 03:56 - 2011-03-15 19:12 - 0000000 ____D C:\ProgramData\Media Center Programs
2011-10-18 03:56 - 2011-02-25 23:41 - 0000000 ____D C:\Users\Simon\AppData\Roaming\Skype
2011-10-18 03:56 - 2011-02-25 23:41 - 0000000 ____D C:\Users\All Users\Skype
2011-10-18 03:56 - 2011-02-25 23:41 - 0000000 ____D C:\ProgramData\Skype
2011-10-18 03:56 - 2011-02-18 20:06 - 0000000 ____D C:\Users\Simon\AppData\Roaming\Ventrilo
2011-10-18 03:56 - 2011-02-18 20:06 - 0000000 ____D C:\Program Files\Ventrilo
2011-10-18 03:56 - 2011-02-05 02:15 - 0000000 ____D C:\Users\Simon\AppData\Local\Sheshunoff
2011-10-18 03:56 - 2011-01-19 17:47 - 0000000 ____D C:\Users\Simon\Downloads\atheros_v9.2.0.105_v1.31
2011-10-18 03:56 - 2011-01-18 19:37 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2011-10-18 03:56 - 2011-01-18 11:27 - 0000000 ____D C:\Users\Simon\AppData\Local\eSupport.com
2011-10-18 03:56 - 2010-12-29 00:32 - 0000000 ____D C:\Users\Simon\Documents\BFBC2
2011-10-18 03:56 - 2010-12-05 12:32 - 0000000 ____D C:\Users\Simon\AppData\Roaming\Ubisoft
2011-10-18 03:56 - 2010-12-01 19:39 - 0000000 ____D C:\Users\All Users\Apple Computer
2011-10-18 03:56 - 2010-12-01 19:39 - 0000000 ____D C:\Users\All Users\Apple
2011-10-18 03:56 - 2010-12-01 19:39 - 0000000 ____D C:\ProgramData\Apple Computer
2011-10-18 03:56 - 2010-12-01 19:39 - 0000000 ____D C:\ProgramData\Apple
2011-10-18 03:56 - 2010-11-29 16:39 - 0000000 ____D C:\Program Files\Microsoft Visual Studio 10.0
2011-10-18 03:56 - 2010-11-23 02:02 - 0000000 ____D C:\Users\Simon\AppData\Local\SKIDROW
2011-10-18 03:56 - 2010-11-23 02:00 - 0000000 ____D C:\Users\Simon\AppData\Local\4A Games
2011-10-18 03:56 - 2010-11-16 16:09 - 0000000 ____D C:\Users\Simon\Downloads\JDownloader_Portable_0.9.580_Multilingual
2011-10-18 03:56 - 2010-11-07 23:50 - 0000000 ____D C:\Program Files (x86)\VstPlugins
2011-10-18 03:56 - 2010-11-04 20:25 - 0000000 ____D C:\Users\All Users\Hewlett-Packard
2011-10-18 03:56 - 2010-11-04 20:25 - 0000000 ____D C:\ProgramData\Hewlett-Packard
2011-10-18 03:56 - 2010-11-01 21:04 - 0000000 ____D C:\Users\Simon\AppData\Roaming\vlc
2011-10-18 03:56 - 2010-10-30 20:23 - 0000000 ____D C:\Program Files\WinRAR
2011-10-18 03:56 - 2010-10-28 21:48 - 0000000 ____D C:\Program Files (x86)\WinSCP
2011-10-18 03:56 - 2010-10-26 18:02 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-10-18 03:56 - 2010-10-26 18:02 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-10-18 03:56 - 2010-10-25 18:45 - 0000000 ____D C:\Users\Simon\Documents\StarCraft II
2011-10-18 03:56 - 2010-10-25 09:48 - 0000000 ____D C:\Users\All Users\PMB Files
2011-10-18 03:56 - 2010-10-25 09:48 - 0000000 ____D C:\ProgramData\PMB Files
2011-10-18 03:56 - 2010-10-24 23:03 - 0000000 ____D C:\Users\Simon\Downloads\FastBoot_WIN7_32_WIN7_64_100
2011-10-18 03:56 - 2010-10-24 22:42 - 0000000 ____D C:\Users\Simon\Downloads\ATKHotkey_WIN7_32_WIN7_64_100052
2011-10-18 03:56 - 2010-10-24 20:31 - 0000000 ____D C:\Program Files (x86)\Steam
2011-10-18 03:56 - 2010-10-24 18:11 - 0000000 ____D C:\Users\Simon\Downloads\CardReader_Ricoh_WIN7_32_WIN7_64_36202
2011-10-18 03:56 - 2010-10-24 16:37 - 0000000 ____D C:\Users\All Users\Downloaded Installations
2011-10-18 03:56 - 2010-10-24 16:37 - 0000000 ____D C:\ProgramData\Downloaded Installations
2011-10-18 03:56 - 2010-10-24 16:37 - 0000000 ____D C:\Program Files\TrueSuite
2011-10-18 03:56 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2011-10-18 03:56 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2011-10-18 03:55 - 2011-09-06 19:06 - 0000000 ____D C:\Program Files (x86)\Dead Island
2011-10-18 03:55 - 2011-08-23 19:01 - 0000000 ____D C:\Program Files (x86)\Garmin
2011-10-18 03:55 - 2011-07-03 00:27 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2011-10-18 03:55 - 2011-06-29 18:01 - 0000000 ____D C:\Program Files (x86)\Aztaka
2011-10-18 03:55 - 2011-06-22 16:29 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-10-18 03:55 - 2011-05-13 00:54 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-18 03:55 - 2011-03-23 16:59 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2011-10-18 03:55 - 2011-03-15 19:00 - 0000000 ____D C:\Program Files (x86)\Dragon Age
2011-10-18 03:55 - 2011-03-03 21:14 - 0000000 ____D C:\Program Files (x86)\SpeedFan
2011-10-18 03:55 - 2011-02-25 23:41 - 0000000 ___RD C:\Program Files (x86)\Skype
2011-10-18 03:55 - 2011-01-12 10:31 - 0000000 ____D C:\Program Files (x86)\Samsung
2011-10-18 03:55 - 2011-01-08 10:36 - 0000000 ____D C:\Program Files (x86)\QPST
2011-10-18 03:55 - 2010-12-30 23:28 - 0000000 ____D C:\Program Files (x86)\Mount&Blade Warband
2011-10-18 03:55 - 2010-12-21 13:05 - 0000000 ____D C:\Program Files (x86)\Defcon
2011-10-18 03:55 - 2010-12-01 19:39 - 0000000 ____D C:\Program Files (x86)\QuickTime
2011-10-18 03:55 - 2010-12-01 19:39 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2011-10-18 03:55 - 2010-11-17 21:05 - 0000000 ____D C:\Program Files (x86)\Beyond Good and Evil
2011-10-18 03:55 - 2010-11-10 14:15 - 0000000 ____D C:\Program Files (x86)\PowerISO
2011-10-18 03:55 - 2010-11-09 21:41 - 0000000 ____D C:\Program Files (x86)\Notepad++
2011-10-18 03:55 - 2010-11-07 23:51 - 0000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2011-10-18 03:55 - 2010-10-26 18:29 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2011-10-18 03:55 - 2010-10-25 18:45 - 0000000 ____D C:\Program Files (x86)\StarCraft II
2011-10-18 03:55 - 2010-10-24 22:42 - 0000000 ____D C:\Program Files (x86)\ASUS
2011-10-18 03:55 - 2010-10-24 16:23 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-10-18 03:55 - 2010-10-24 16:19 - 0000000 ____D C:\Program Files (x86)\SecureW2
2011-10-18 03:55 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2011-10-18 03:54 - 2011-10-17 00:32 - 0000000 ___SD C:\ComboFix
2011-10-18 03:54 - 2011-08-13 13:41 - 0000000 ___RD C:\32788R22FWJFW
2011-10-18 03:54 - 2011-05-13 20:07 - 0000000 __SHD C:\$RECYCLE.BIN
2011-10-18 03:54 - 2011-04-13 14:45 - 0000000 ____D C:\Program Files (x86)\Ace of Spades
2011-10-18 03:54 - 2011-03-15 20:27 - 0000000 ____D C:\Fraps
2011-10-18 03:50 - 2010-10-24 18:02 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2011-10-18 03:50 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\winrm
2011-10-18 03:50 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\WCN
2011-10-18 03:50 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2011-10-18 03:50 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2011-10-18 03:50 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2011-10-18 03:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Web
2011-10-18 03:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Vss
2011-10-18 03:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\spp
2011-10-18 03:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2011-10-18 03:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\NetworkList
2011-10-18 03:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2011-10-18 03:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Msdtc
2011-10-18 03:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2011-10-18 03:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2011-10-18 03:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\IME
2011-10-18 03:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2011-10-18 03:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2011-10-18 03:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2011-10-18 03:49 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Performance
2011-10-18 03:49 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\ServiceProfiles
2011-10-18 03:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Speech
2011-10-18 03:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\schemas
2011-10-18 03:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Resources
2011-10-18 03:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2011-10-18 03:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PLA
2011-10-18 03:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2011-10-18 03:46 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Globalization
2011-10-18 03:46 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Branding
2011-10-18 03:44 - 2011-08-05 13:15 - 0000000 ____D C:\Users\Simon\Downloads\WinDD
2011-10-18 03:44 - 2011-07-03 00:28 - 0000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Macromedia
2011-10-18 03:44 - 2011-01-08 10:35 - 0000000 ____D C:\Users\Simon\Downloads\www.x-drivers.ru_qualcomm_qpst_2.7.323_(2008-09-19)
2011-10-18 03:43 - 2011-02-04 01:17 - 0000000 ____D C:\Users\Simon\Downloads\Papes
2011-10-18 03:43 - 2011-01-08 10:53 - 0000000 ____D C:\Users\Simon\Downloads\schu450
2011-10-18 03:43 - 2010-12-02 23:18 - 0000000 ____D C:\Users\Simon\Downloads\magical8bitPlug_for_win
2011-10-18 03:43 - 2010-11-23 17:56 - 0000000 ____D C:\Users\Simon\Downloads\Mount and Blade and Kanye East
2011-10-18 03:39 - 2011-04-04 19:47 - 0000000 ____D C:\Users\Simon\Downloads\DS Stuff
2011-10-18 03:39 - 2010-10-28 18:13 - 0000000 ____D C:\Users\Simon\Downloads\Eclipse-3.5-M7-snapshot
2011-10-18 03:38 - 2011-07-11 19:30 - 0000000 ____D C:\Users\Simon\Downloads\d3d10drv-v26
2011-10-18 03:38 - 2011-04-05 13:27 - 0000000 ____D C:\Users\Simon\Downloads\Django-1.3
2011-10-18 03:37 - 2011-06-18 13:41 - 0000000 ____D C:\Users\Simon\Downloads\AndroidStuff
2011-10-18 03:36 - 2011-09-27 12:45 - 0000000 ____D C:\Users\Simon\Documents\Assignment A2
2011-10-18 03:36 - 2011-04-05 13:41 - 0000000 ____D C:\Users\Simon\Documents\SimonSpace320
2011-10-18 03:36 - 2011-03-15 19:19 - 0000000 ____D C:\Users\Simon\Documents\BioWare
2011-10-18 03:36 - 2010-12-29 00:33 - 0000000 ____D C:\Users\Simon\AppData\Local\PunkBuster
2011-10-18 03:36 - 2010-12-10 02:05 - 0000000 ____D C:\Users\Simon\Documents\TempSpace
2011-10-18 03:36 - 2010-12-10 01:56 - 0000000 ____D C:\Users\Simon\Documents\Comp Sci 220
2011-10-18 03:36 - 2010-11-30 22:52 - 0000000 ____D C:\Users\Simon\AppData\Roaming\Broken Rules
2011-10-18 03:36 - 2010-11-17 19:56 - 0000000 ____D C:\Users\Simon\AppData\Roaming\.minecraft
2011-10-18 03:36 - 2010-11-09 21:41 - 0000000 ____D C:\Users\Simon\AppData\Roaming\Notepad++
2011-10-18 03:36 - 2010-10-28 18:55 - 0000000 ____D C:\Users\Simon\Documents\SimonSpace
2011-10-18 03:36 - 2010-10-26 07:09 - 0000000 ____D C:\Users\Simon\Documents\My Games
2011-10-18 03:36 - 2010-10-25 13:15 - 0000000 ____D C:\Users\Simon\AppData\Local\Adobe
2011-10-18 03:36 - 2010-10-25 13:15 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2011-10-18 03:36 - 2010-10-25 13:15 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2011-10-18 03:36 - 2010-10-24 18:02 - 0000000 ____D C:\Users\Simon\AppData\Roaming\Macromedia
2011-10-18 03:36 - 2010-10-24 18:02 - 0000000 ____D C:\Users\Simon\AppData\Roaming\Adobe
2011-10-18 03:36 - 2010-10-24 16:23 - 0000000 ____D C:\Users\Simon\AppData\Roaming\Mozilla
2011-10-18 03:36 - 2010-10-24 16:14 - 0000000 ____D C:\Users\Simon\AppData\LocalLow
2011-10-18 03:36 - 2009-07-13 23:45 - 0000000 ___RD C:\Users\Public\Recorded TV
2011-10-18 03:36 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Default
2011-10-18 03:35 - 2011-09-26 22:21 - 0000000 ____D C:\Users\All Users\VMware
2011-10-18 03:35 - 2011-09-26 22:21 - 0000000 ____D C:\ProgramData\VMware
2011-10-18 03:35 - 2011-06-23 13:57 - 0000000 ____D C:\Users\All Users\Logishrd
2011-10-18 03:35 - 2011-06-23 13:57 - 0000000 ____D C:\ProgramData\Logishrd
2011-10-18 03:35 - 2011-05-13 09:54 - 0000000 ____D C:\Qoobox
2011-10-18 03:35 - 2011-05-13 00:54 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-10-18 03:35 - 2011-05-13 00:54 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-10-18 03:35 - 2011-01-16 10:43 - 0000000 ____D C:\Users\All Users\CanonBJ
2011-10-18 03:35 - 2011-01-16 10:43 - 0000000 ____D C:\ProgramData\CanonBJ
2011-10-18 03:35 - 2010-10-25 18:45 - 0000000 ____D C:\Users\All Users\Blizzard Entertainment
2011-10-18 03:35 - 2010-10-25 18:45 - 0000000 ____D C:\ProgramData\Blizzard Entertainment
2011-10-18 03:35 - 2010-10-25 13:15 - 0000000 ____D C:\Users\All Users\Adobe
2011-10-18 03:35 - 2010-10-25 13:15 - 0000000 ____D C:\ProgramData\Adobe
2011-10-18 03:35 - 2010-10-25 12:24 - 0000000 ____D C:\Riot Games
2011-10-18 03:35 - 2009-07-13 23:47 - 0000000 ____D C:\Program Files\Windows Journal
2011-10-18 03:35 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2011-10-18 03:35 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2011-10-18 03:35 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Reference Assemblies
2011-10-18 03:35 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Windows NT
2011-10-18 03:34 - 2011-04-05 14:53 - 0000000 ____D C:\Program Files\MySQL
2011-10-18 03:34 - 2010-12-05 20:12 - 0000000 ____D C:\Program Files (x86)\Ubisoft
2011-10-18 03:34 - 2010-11-29 16:42 - 0000000 ____D C:\Program Files\Microsoft Synchronization Services
2011-10-18 03:34 - 2010-11-29 16:42 - 0000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2011-10-18 03:34 - 2010-11-29 16:39 - 0000000 ____D C:\Program Files\Microsoft Help Viewer
2011-10-18 03:34 - 2010-11-01 20:25 - 0000000 ____D C:\Program Files (x86)\VideoLAN
2011-10-18 03:34 - 2010-10-26 18:29 - 0000000 ____D C:\Program Files\Microsoft Office
2011-10-18 03:34 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\MSBuild
2011-10-18 03:34 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2011-10-18 03:34 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2011-10-18 03:34 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2011-10-18 03:34 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2011-10-18 03:34 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2011-10-18 03:34 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files (x86)\Windows NT
2011-10-18 03:33 - 2010-12-05 20:34 - 0000000 ____D C:\Program Files (x86)\Stunlock Studios
2011-10-18 03:30 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Reference Assemblies
2011-10-18 03:29 - 2011-09-27 15:26 - 0000000 ____D C:\Program Files (x86)\MSECACHE
2011-10-18 03:29 - 2010-12-05 20:33 - 0000000 ____D C:\Program Files (x86)\Microsoft XNA
2011-10-18 03:29 - 2010-11-29 16:40 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2011-10-18 03:29 - 2010-11-29 16:39 - 0000000 ____D C:\Program Files (x86)\Microsoft SDKs
2011-10-18 03:29 - 2010-11-07 23:50 - 0000000 ____D C:\Program Files (x86)\Outsim
2011-10-18 03:29 - 2010-10-26 18:44 - 0000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2011-10-18 03:29 - 2010-10-26 18:43 - 0000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2011-10-18 03:29 - 2010-10-26 18:43 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-10-18 03:29 - 2010-10-25 09:47 - 0000000 ____D C:\Program Files (x86)\Pando Networks
2011-10-18 03:28 - 2010-11-07 23:50 - 0000000 ____D C:\Program Files (x86)\Image-Line
2011-10-18 03:28 - 2010-10-28 18:49 - 0000000 ____D C:\Program Files (x86)\Java
2011-10-18 03:28 - 2010-10-26 18:29 - 0000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2011-10-18 03:28 - 2010-10-26 18:28 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2011-10-18 03:28 - 2010-10-25 12:24 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2011-10-18 03:27 - 2010-11-15 18:37 - 0000000 ____D C:\Program Files (x86)\Double Fine Productions
2011-10-18 03:26 - 2010-10-25 13:15 - 0000000 ____D C:\Program Files (x86)\Adobe
2011-10-18 03:25 - 2011-01-18 19:37 - 0000000 ____D C:\NVIDIA
2011-10-18 03:25 - 2010-11-28 19:40 - 0000000 ____D C:\Program Files (x86)\2K Games
2011-10-18 03:25 - 2010-10-26 18:01 - 0000000 ___RD C:\MSOCache
2011-10-18 03:24 - 2010-12-07 17:42 - 0000000 ____D C:\1M Edition
2011-10-17 21:57 - 2011-10-17 13:59 - 0000000 ____D C:\Users\All Users\Hitman Pro
2011-10-17 21:57 - 2011-10-17 13:59 - 0000000 ____D C:\ProgramData\Hitman Pro
2011-10-17 14:19 - 2011-04-15 14:12 - 0000000 ____D C:\Users\Simon\AppData\Local\TSVNCache
2011-10-17 13:12 - 2010-10-24 17:00 - 3220525056 __ASH C:\hiberfil.sys
2011-10-17 12:45 - 2011-10-17 12:45 - 0020277 ____A C:\ComboFix.txt
2011-10-17 09:41 - 2011-10-11 18:47 - 0009625 ____A C:\Users\Simon\Documents\Keyboard Stuff.xlsx
2011-10-17 05:41 - 2011-10-17 05:38 - 0081016 ____A C:\TDSSKiller.2.6.10.0_17.10.2011_09.38.10_log.txt
2011-10-17 05:37 - 2011-10-17 05:37 - 1540929 ____A C:\Users\Simon\Downloads\tdsskiller.zip
2011-10-17 05:37 - 2011-10-17 05:37 - 0000346 ____A C:\TDSSKiller.2.6.9.0_17.10.2011_09.37.11_log.txt
2011-10-17 05:18 - 2011-05-13 00:52 - 0000573 ____A C:\rkill.log
2011-10-17 00:28 - 2011-10-17 00:27 - 0081014 ____A C:\TDSSKiller.2.6.9.0_17.10.2011_04.27.50_log.txt
2011-10-17 00:24 - 2010-11-01 12:12 - 0000000 ____D C:\Windows\Minidump
2011-10-17 00:22 - 2011-10-17 00:20 - 0080980 ____A C:\TDSSKiller.2.6.9.0_17.10.2011_04.20.27_log.txt
2011-10-17 00:19 - 2011-10-17 00:19 - 0000414 ____A C:\TDSSKiller.2.5.15.0_17.10.2011_04.19.39_log.txt
2011-10-16 02:44 - 2011-09-26 22:35 - 0000000 ____D C:\Users\Simon\AppData\Local\VMware
2011-10-16 01:09 - 2010-11-25 11:01 - 0000000 ____D C:\Users\Simon\AppData\Local\ElevatedDiagnostics
2011-10-15 23:35 - 2010-10-25 09:48 - 0000000 ____D C:\Users\Simon\AppData\Local\PMB Files
2011-10-15 14:44 - 2011-09-23 23:49 - 0000000 ____D C:\Users\Simon\riotsGamesLogs
2011-10-14 18:12 - 2010-10-24 16:16 - 1308652 ____A C:\Windows\WindowsUpdate.log
2011-10-13 07:40 - 2010-10-28 21:48 - 0000600 ____A C:\Users\Simon\AppData\Roaming\winscp.rnd
2011-10-12 12:41 - 2011-10-12 12:41 - 2697508 ____A C:\Users\Simon\Documents\Project1.zip
2011-10-11 08:11 - 2011-10-11 08:10 - 25340733 ____A C:\Users\Simon\Downloads\gravitybone_v11.zip
2011-10-10 23:26 - 2011-02-01 19:02 - 0007602 ____A C:\Users\Simon\AppData\Local\Resmon.ResmonCfg
2011-10-10 02:31 - 2009-07-13 20:45 - 0014752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-10-10 02:31 - 2009-07-13 20:45 - 0014752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-10-10 02:23 - 2011-10-10 02:23 - 0000056 ____A C:\Windows\setupact.log
2011-10-10 02:23 - 2011-10-10 02:23 - 0000000 ____A C:\Windows\setuperr.log
2011-10-10 02:23 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-10-08 17:24 - 2009-07-13 21:13 - 0785670 ____A C:\Windows\System32\PerfStringBackup.INI
2011-10-08 17:10 - 2011-10-08 17:11 - 1915930 ____A C:\Users\Simon\Downloads\oregon-trail-deluxe.zip
2011-10-07 18:07 - 2010-10-24 17:59 - 0000000 ____D C:\Windows\Panther
2011-10-07 17:06 - 2011-05-13 10:00 - 0000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2011-10-07 17:04 - 2011-10-07 17:04 - 3496848 ____A (Piriform Ltd) C:\Users\Simon\Downloads\ccsetup311.exe
2011-10-07 16:23 - 2011-10-07 16:22 - 30785880 ____A C:\Users\Simon\Downloads\FL Studio Bible.zip
2011-10-07 12:45 - 2011-10-07 12:37 - 6432608 ____A (DigiPen ) C:\Users\Simon\Downloads\Nous_Setup.exe
2011-10-07 12:28 - 2011-10-07 12:28 - 0945120 ____A (techPowerUp (www.techpowerup.com)) C:\Users\Simon\Downloads\GPU-Z.0.5.5.exe
2011-10-07 00:12 - 2011-10-06 12:44 - 0017923 ____A C:\Users\Simon\Documents\CS 305 Essay Response 1.docx
2011-10-06 12:44 - 2011-10-06 12:44 - 0000162 ____A C:\Users\Simon\Documents\~$ 305 Essay Response 1.docx
2011-10-05 23:08 - 2011-10-05 23:07 - 0000000 ____D C:\Users\Simon\Documents\Replays
2011-10-05 17:13 - 2011-10-05 17:05 - 0000000 ____D C:\Users\Simon\Documents\Math 331
2011-10-05 09:55 - 2011-02-08 17:49 - 0001094 ____A C:\Users\Simon\.drjava
2011-10-05 09:52 - 2011-10-05 06:56 - 0003269 ____A C:\Users\Simon\Documents\CS 320 - Assignment 0 - Simon Zhang.zip
2011-10-05 07:00 - 2011-10-05 07:00 - 12230416 ____A C:\Users\Simon\Downloads\drjava-beta-20110822-r5448.exe
2011-10-05 06:59 - 2011-05-11 14:24 - 0015872 __ASH C:\Users\Simon\Documents\Thumbs.db
2011-10-05 06:56 - 2011-10-05 06:57 - 0000428 ____A C:\Users\Simon\Documents\TestLinkList.java
2011-10-02 21:32 - 2011-10-02 20:29 - 0011414 ____A C:\Users\Simon\Documents\Assignment A3.xlsx
2011-09-27 17:45 - 2011-09-27 17:44 - 0000000 ____D C:\Users\Simon\Documents\CS 311
2011-09-27 17:07 - 2011-09-27 13:50 - 0016506 ____A C:\Users\Simon\Documents\Funds Request 305.docx
2011-09-27 15:37 - 2011-09-27 15:37 - 0000000 ____D C:\Users\Simon\.VirtualBox
2011-09-27 13:50 - 2011-09-27 13:50 - 0000162 ____A C:\Users\Simon\Documents\~$nds Request 305.docx
2011-09-27 13:20 - 2011-09-27 13:20 - 0446258 ____A C:\Windows\AutoKMS.exe
2011-09-27 12:56 - 2010-11-04 10:29 - 0000600 ____A C:\Users\Simon\AppData\Local\PUTTY.RND
2011-09-26 23:10 - 2011-09-26 23:10 - 0000000 ____D C:\Users\Simon\Documents\Virtual Machines
2011-09-26 23:04 - 2011-09-26 22:41 - 732112896 ____A C:\Users\Simon\Downloads\ubuntu-11.04-desktop-amd64.iso
2011-09-26 22:37 - 2011-09-26 22:37 - 0001354 ____A C:\Users\Simon\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
2011-09-26 22:37 - 2011-09-26 22:37 - 0001354 ____A C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
2011-09-26 22:35 - 2011-08-22 20:22 - 0000434 _RASH C:\Users\All Users\ntuser.pol
2011-09-26 22:35 - 2011-08-22 20:22 - 0000434 _RASH C:\ProgramData\ntuser.pol
2011-09-26 22:22 - 2011-09-26 22:22 - 0001024 ____A C:\.rnd
2011-09-26 22:21 - 2011-09-26 22:21 - 0002069 ____A C:\Users\Public\Desktop\VMware Player.lnk
2011-09-26 22:21 - 2010-11-29 16:35 - 0798740 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2011-09-26 18:04 - 2011-09-26 18:04 - 0119983 ____A C:\Users\Simon\Documents\Assignment A2.pdf
2011-09-23 19:20 - 2011-09-23 19:20 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2011-09-22 16:37 - 2011-09-22 16:35 - 0000000 ____D C:\Users\Simon\Documents\Linguistics 101
2011-09-22 16:06 - 2011-09-22 16:11 - 0270378 ____A C:\Users\Simon\Downloads\Assignment A2.zip
2011-09-17 22:53 - 2011-09-17 22:53 - 0001066 ____A C:\Users\Public\Desktop\VLC media player.lnk
2011-09-17 22:48 - 2011-09-17 22:48 - 21073936 ____A C:\Users\Simon\Downloads\vlc-1.1.11-win32.exe
2011-09-15 20:42 - 2011-09-09 07:38 - 0000296 ____A C:\Users\Simon\Documents\sszhang_script.txt
2011-09-15 00:48 - 2011-09-15 20:39 - 0001284 ____A C:\Users\Simon\Documents\sprog.cc
2011-09-09 22:45 - 2011-09-09 22:45 - 0013521 ____A C:\Users\Simon\Downloads\hs_err_pid3448.log
2011-09-09 22:40 - 2011-09-09 22:40 - 0013530 ____A C:\Users\Simon\Downloads\hs_err_pid3664.log
2011-09-09 22:29 - 2011-09-09 22:29 - 0013522 ____A C:\Users\Simon\Downloads\hs_err_pid1708.log
2011-09-09 07:30 - 2011-09-09 07:38 - 0000952 ____A C:\Users\Simon\Documents\sszhang_top_output.txt
2011-09-06 19:41 - 2011-09-06 19:41 - 7878008 ____A (Microsoft Corporation) C:\Users\Simon\Downloads\Xbox360_64Eng.exe
2011-09-03 20:13 - 2011-09-03 20:12 - 83033092 ____A C:\Users\Simon\Documents\DATCARD.daa
2011-09-03 19:52 - 2011-09-03 19:49 - 196105569 ____A C:\Users\Simon\Documents\SPX_04273_002.daa
2011-08-25 15:32 - 2011-08-23 18:41 - 0000504 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2011-08-24 20:00 - 2011-08-22 23:18 - 0000000 ____D C:\Users\Simon\AppData\Local\dxhr
2011-08-23 19:01 - 2011-08-23 19:01 - 0000000 ____D C:\Users\Simon\AppData\Roaming\Garmin
2011-08-23 19:01 - 2011-08-23 19:00 - 7497000 ____A (Igor Pavlov) C:\Users\Simon\Downloads\WebUpdater_252.exe
2011-08-22 23:15 - 2011-08-22 23:15 - 0000000 ____D C:\Users\Simon\AppData\Local\28050
2011-08-22 20:21 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\GroupPolicy
2011-08-22 20:14 - 2011-08-22 20:15 - 1029489 ____A C:\Users\Simon\Downloads\Pixie_v1.0.6.apk
2011-08-22 19:55 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2011-08-15 10:32 - 2011-09-27 15:38 - 0224048 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys
2011-08-15 10:32 - 2011-09-27 15:38 - 0128816 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys
2011-08-15 10:32 - 2011-08-15 10:32 - 0320816 ____N (Oracle Corporation) C:\Windows\System32\VBoxNetFltNobj.dll
2011-08-15 10:32 - 2011-08-15 10:32 - 0146736 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetAdp.sys
2011-08-13 13:52 - 2011-08-13 13:52 - 1008092 ____A C:\Users\Simon\Downloads\rkill.scr
2011-08-13 13:52 - 2011-08-13 13:52 - 1008092 ____A C:\Users\Simon\Downloads\rkill.com
2011-08-13 13:52 - 2011-08-13 13:51 - 0066798 ____A C:\TDSSKiller.2.5.15.0_13.08.2011_17.51.00_log.txt
2011-08-13 13:52 - 2011-05-13 00:48 - 1008092 ____A C:\Users\Simon\Downloads\rkill.exe
2011-08-13 13:50 - 2011-08-13 13:50 - 1404720 ____A (Kaspersky Lab ZAO) C:\Users\Simon\Downloads\tdsskiller.exe
2011-08-11 18:06 - 2011-08-11 16:44 - 1063404 ____A C:\Users\Simon\Downloads\GPU-Z Sensor Log.txt
2011-08-11 16:08 - 2011-08-11 16:08 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{016888b8-6c6f-11de-8d1d-001e0bcde3ec}.TxR.blf
2011-08-05 13:15 - 2011-08-05 13:15 - 0184949 ____A C:\Users\Simon\Downloads\WinDD.zip
2011-08-01 18:17 - 2011-08-01 18:17 - 0000355 ____A C:\Users\Simon\Homegroup - Shortcut.lnk
2011-07-27 18:09 - 2011-07-27 18:09 - 0000000 ____D C:\Users\Simon\Downloads\Ghost_Story_(Fantasy)_(pdf,rtf,epub,lit,lrf,mobi,fb2,pdb)
2011-07-27 17:59 - 2011-07-27 17:58 - 7809909 ____A C:\Users\Simon\Downloads\Ghost_Story_(Fantasy)_(pdf,rtf,epub,lit,lrf,mobi,fb2,pdb).rar
2011-07-25 16:03 - 2011-07-25 16:03 - 0000000 ____D C:\Users\Simon\AppData\Local\LunarGiantStudios
2011-07-23 12:27 - 2011-07-23 12:27 - 1111554 ____A C:\Users\Simon\Downloads\wgt624v3_2_0_26_1_0_1_na_only.chk

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe
[2009-07-13 15:52] - [2009-07-13 17:39] - 0389120 ____A (Microsoft Corporation) 132328DF455B0028F13BF0ABEE51A63A

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe
[2009-07-13 15:56] - [2009-07-13 17:39] - 2868224 ____A (Microsoft Corporation) C235A51CB740E45FFA0EBFB9BAFCDA64

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4095.11 MB
Available physical RAM: 3494.31 MB
Total Pagefile: 4093.26 MB
Available Pagefile: 3480.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:297.99 GB) (Free:36.9 GB) NTFS
3 Drive f: () (Removable) (Total:0.94 GB) (Free:0.03 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==========================================================

Last Boot: 2011-10-11 20:35

======================= End Of Log ==========================

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:05 PM

Posted 19 October 2011 - 01:51 AM

Well done.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
cmd: bootrec /FixMbr
Control: 
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:05 PM

Posted 19 October 2011 - 01:52 AM

Also please restart the computer after fix and tell me how it went.

#6 DeadJenkins

DeadJenkins
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 19 October 2011 - 02:19 AM

And this is why qualified people are qualified. I swear I tried bootrec /FixMbr 5+ times (although following different guides each time) to no avail. I guess I did it wrong.

I am ecstatic to report that I am now able to boot into my laptop successfully!

Thank you so much!

Now, in the 30 seconds I took to test it, I have not been redirected at all. After booting in, my computer did say that the system restore completed successfully.
Does this mean I'm clear of the malware? Is there any way I can make sure?

Here's the fixlog.txt

Fix result of Farbars's Recovery Tool (FRST written by farbar version 2.2.5)
Ran by SYSTEM at 2011-10-19 03:07:32 R:1
Running from F:\

==============================================


========= bootrec /FixMbr =========

˙žT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


=========== Control: ===========

The operation completed successfully.

==== End of Control: ====

==== End of Fixlog ====

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:05 PM

Posted 19 October 2011 - 03:57 AM

Great. :thumbup2:

The MBR fix alone would not work. The second command was needed.

Please download Malwarebytes' Anti-Malware from one of these locations:
malwarebytes.org
majorgeeks.com
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#8 DeadJenkins

DeadJenkins
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 19 October 2011 - 06:37 AM

Only had one risk, which got removed.

The redirect I had before wasn't detected by Malwarebytes. Do you think I should worry about it?



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7979

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/19/2011 7:28:10 AM
mbam-log-2011-10-19 (07-28-10).txt

Scan type: Quick scan
Objects scanned: 191236
Time elapsed: 5 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\AutoKMS.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:05 PM

Posted 19 October 2011 - 07:59 AM

You don't need to worry about the redirect. It was TDL4 MBR infection and could not be removed with Malwarebytes. We ran it for other risks. The MBR infection and others infections are now taken care off. Besides, you have already run other tools too.

I would like to see if there are other vulnerabilities.

Please go to start => Run (or Windows key + R) => Copy and paste the entire bold line in the run-box and click OK:

"C:\Qoobox\Add-Remove Programs.txt"

A text file opens up, copy and paste the content to your reply.

#10 DeadJenkins

DeadJenkins
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 19 October 2011 - 10:38 AM

A.R.E.S.
Ace of Spades
Adobe AIR
Adobe Community Help
Adobe Dreamweaver CS5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
AI War: Fleet Command
And Yet It Moves
Apple Application Support
Apple Software Update
ASIO4ALL
Assassin's Creed II
ATK Hotkey
Atom Zombie Smasher
Audiosurf
Aztaka
Battlefield: Bad Company 2
Beat Hazard
Beyond Good and Evil
Bloodline Champions Beta
Counter-Strike: Source
Defcon v1.6
Delve Deeper
Deus Ex - Invisible War Unified Texture Pack, ver. 1.0
Deus Ex: Human Revolution
Deus Ex: Invisible War
Doc Clock: The Toasted Sandwich of Time
Dragon Age: Origins
eReg
Eufloria
F.lux
Fallout: New Vegas
FL Studio 9
Flotilla
Fraps (remove only)
Frozen Synapse
Garmin USB Drivers
Gish
Gratuitous Space Battles
Hardcore
IL Download Manager
Iron Grip: Warlord
Java Auto Updater
Java™ 6 Update 22
Java™ SE Development Kit 6 Update 22
Jolly Rover
League of Legends
Magicka
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 Express - ENU
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Monday Night Combat
Mount&Blade Warband
Mozilla Firefox 7.0.1 (x86 en-US)
Notepad++
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Pando Media Booster
Peggle Nights
PoiZone
Portal 2
PowerISO
Psychonauts
PunkBuster Services
QPST
QuickTime
Recettear: An Item Shop's Tale
reFX Nexus VSTi RTAS v2.2.0
Samsung USB Driver (MCCI 4.34) WHQL v3.4
Sawer
SecureW2 Enterprise Client 3.1.4 for Windows
Sid Meier's Civilization V
Skype™ 5.1
SpeedFan (remove only)
StarCraft II
Steam
System Requirements Lab
System Requirements Lab CYRI
System Requirements Lab for Intel
Team Fortress 2
tools-linux
Toxic Biohazard
Trine
Ubisoft Game Launcher
Vampire Bloodlines 1M Edition
VLC media player 1.1.11
VMware Player
VVVVVV
WinDirStat 1.1.2
Windows Installer Clean Up
WinSCP 4.2.9
World of Goo

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:05 PM

Posted 19 October 2011 - 10:48 AM

  • You need to install an antivirus program to have a proper protection. I recommend this good free antivirus:

    Avira
    • Download the installer from softpedia.com link as it has a secure download mirror.
    • Install it but if it asked you to install any additional toolbar select no or uncheck the option.
    • Update it then let it scan the computer and remove what it finds.
    • Copy and paste the content of the report to your reply.
  • To Clear the Java Runtime Environment (JRE) cache, do this:
    • Click Start > Settings > Control Panel.
    • Double-click the Java icon.
      -The Java Control Panel appears.
    • Click "Settings" under Temporary Internet Files.
      -The Temporary Files Settings dialog box appears.
    • Click "Delete Files".
      -The Delete Temporary Files dialog box appears.
      -There are three options on this window to clear the cache.
      • Delete Files
      • View Applications
      • View Applets
    • Click "OK" on Delete Temporary Files window.
      -Note: This deletes all the Downloaded Applications and Applets from the cache.
    • Click "OK" on Temporary Files Settings window.
    • Close the Java Control Panel.
    You can also view these instructions along with screenshots here.
  • Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
    Please update your Java to the latest version (Version 7).
    Please uninstall the following if Java didn't remove it automatically:

    Java™ 6 Update 22

Also please let me know how is the computer running.

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:05 PM

Posted 26 October 2011 - 11:18 AM

Are you still there?

#13 DeadJenkins

DeadJenkins
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 26 October 2011 - 11:25 AM

Hi,

Sorry, it's been a busy few days for me. I have not installed Avira yet, but I probably will eventually. I did clear the JRE. I updated to Java 6 Update 29 or so, but haven't yet to update to Java 7.
Everything seems to be in order for now. No sign of any redirects at least.

Thank you for all your help, also!

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:05 PM

Posted 31 October 2011 - 02:14 AM

You are most welcome. :)

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a Private Message and I will reopen it for you. If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users