Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

laptop playing random music


  • This topic is locked This topic is locked
36 replies to this topic

#1 DNAnet

DNAnet

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 22 November 2011 - 09:32 AM

Hi,

I have two issues I need assistance with: First, my daughter's laptop is playing random music, songs and commercials. There is nothing running in the background to account for this. I believe it is a virus. I have run Malwarebytes and the problem still persists. Second, there is a PC Repair virus?? that pops up wanting to scan the computer and warns that files are corrupt. Not sure where this program came from and how to get rid of it. Any help would be greatly appreciated. Thanks.

BC AdBot (Login to Remove)

 


#2 DNAnet

DNAnet
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 22 November 2011 - 09:33 AM

I forgot to add that this is a HP laptop running Windows 7.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:12 AM

Posted 22 November 2011 - 09:47 AM

Hello DNAnet and welcome

Please follow our Removal Guide here Remove PC Repair (Uninstall Guide) .
After reading how the malware is misleading you ...
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Also the other tool log.. A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 mobileman1

mobileman1

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 22 November 2011 - 12:46 PM

finally found redirect fixer for the rootkit that caused it at:
Malwarebyte.org forum

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:12 AM

Posted 22 November 2011 - 12:54 PM

Two of the tools were in the guide above .. The 3rd I did not use yet as we at BC Do Not recommend running it on your own as it will damage a lot a lot of machines. See the Blue text above this forum.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 DNAnet

DNAnet
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 29 November 2011 - 09:43 PM

Hi,

I tried to get into the computer to run the scan so I could post the scan log, however now I cannot even get windows to start. I cannot get into safe mode either. I keep getting the Startup Repair screen and the computer runs the repair and it just stays stuck on "attemping repairs". Not sure what to do now.

thanks

#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:12 AM

Posted 01 December 2011 - 12:18 AM

:welcome:

Lets give it a try. You will need a USB (Flash) pendrive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 DNAnet

DNAnet
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 01 December 2011 - 08:56 PM

Ok, I have done everything and am stuck at......

at command window type h:\frst.exe

when I type this I get this message...."The subsystem needed to support the image type is not present".

#9 DNAnet

DNAnet
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 01 December 2011 - 09:06 PM

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.0
Ran by SYSTEM at 2011-12-01 21:01:56
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2104104 2010-04-09] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-02-01] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-01-20] ()
HKLM\...\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)
HKLM\...\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe [107832 2009-08-19] (Hewlett-Packard )
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [172032 2010-04-25] (Sun Microsystems, Inc.)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-01-27] (Hewlett-Packard)
HKLM\...\Run: [MRT] "C:\Windows\system32\MRT.exe" /R [52174280 2011-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-04-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe" [240472 2009-11-30] (Microsoft Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288080 2009-07-17] (Microsoft Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED [3331944 2009-12-03] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" [149280 2010-04-25] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE [1599376 2011-08-09] (Bandoo Media, inc)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [1047208 2011-08-31] (Malwarebytes Corporation)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Kaitlyn\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Kaitlyn\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2010-01-22] (Hewlett-Packard Company)
HKU\Kaitlyn\...\Run: [DealRunner] C:\Program Files (x86)\DealRunner\DealRunner.exe [787040 2011-07-21] (Jackpot Rewards)
HKU\Kaitlyn\...\Run: [SearchEngineProtection] C:\Program Files (x86)\Gamesbar\SearchEngineProtection.exe [591248 2011-03-03] (Oberon Media )
HKU\Kaitlyn\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKU\Kaitlyn\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [1652736 2010-10-29] (AWS Convergence Technologies, Inc.)
HKU\Kaitlyn\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]
HKU\Kaitlyn\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-09-20] ()
HKU\Kaitlyn\...\Run: [AdobeData] rundll32.exe "C:\Users\Kaitlyn\AppData\Local\Adobe\AdobeData\Adobedata.DLL",DllRegisterServer [245760 2011-11-23] (Microsoft Corporation)
HKU\Kaitlyn\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5495680 2011-11-07] (SUPERAntiSpyware.com)
HKU\Kaitlyn\...\Run: [wftChmsSOh.exe] C:\ProgramData\wftChmsSOh.exe [x]
HKU\Kaitlyn\...\Run: [MicrosoftServiceNotifier] rundll32.exe "C:\ProgramData\MicrosoftServiceNotifier.dll",DllRegisterServer [x]
HKLM\...\Runonce: [MSPCLOCK] rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000} [x]
HKLM\...\Runonce: [MSPQM] rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196} [x]
HKLM\...\Runonce: [MSKSSRV] rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196} [x]
HKLM\...\Runonce: [MSTEE.CxTransform] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install [x]
HKLM\...\Runonce: [MSTEE.Splitter] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install [x]
HKLM\...\Runonce: [WDM_DRMKAUD] rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install [x]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe, [623368 2009-12-30] (DigitalPersona, Inc.)
Tcpip\Parameters: [DhcpNameServer] 68.87.73.246 68.87.71.230
AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
Lsa: [Notification Packages] DPPassFilter
scecli

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
2 Bandoo Coordinator; "C:\Program Files (x86)\Bandoo\Bandoo.exe" [2051472 2011-08-09] (Bandoo Media Inc.)
2 CinemaNow Service; C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [127984 2010-02-26] (CinemaNow, Inc.)
2 DpHost; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [444680 2009-12-30] (DigitalPersona, Inc.)
2 DvmMDES; "C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe" [338168 2010-03-05] (DeviceVM, Inc.)
2 HP Wireless Assistant Service; "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe" [102968 2010-01-27] (Hewlett-Packard)
2 hpsrv; C:\Windows\System32\Hpservice.exe [30520 2009-07-08] (Hewlett-Packard)
2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] ()
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation)
2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\SymcPCCULaunchSvc.exe /s [123320 2011-10-05] (Symantec Corporation)
2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\diMaster.dll" /prefetch:1 [132984 2011-03-16] (Symantec Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe [244736 2010-02-01] (IDT, Inc.)
2 vcsFPService; C:\Windows\system32\vcsFPService.exe [2184496 2010-01-06] (Validity Sensors, Inc.)

========================== Drivers (Whitelisted) =============

3 Accelerometer; C:\Windows\System32\DRIVERS\Accelerometer.sys [41272 2009-07-08] (Hewlett-Packard)
3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [6403584 2010-04-16] (ATI Technologies Inc.)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110929.001\BHDrvx64.sys [1152632 2011-09-29] (Symantec Corporation)
1 ccHP; C:\Windows\System32\drivers\NISx64\1109000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)
1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [20056 2009-11-11] (DeviceVM, Inc.)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2011-11-15] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2011-11-15] (Symantec Corporation)
0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [30008 2009-07-08] (Hewlett-Packard)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20111014.031\IDSvia64.sys [488568 2011-08-22] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20111014.024\ENG64.SYS [117880 2011-08-16] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20111014.024\EX64.SYS [2048632 2011-08-16] (Symantec Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\NISx64\1109000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMDS64.SYS [433200 2009-08-29] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2011-08-16] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\NISx64\1109000.00C\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)
2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2010-02-22] (CyberLink Corp.)
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-12-01 21:01 - 2011-12-01 21:02 - 0000000 ____D C:\FRST
2011-11-24 21:49 - 2011-11-24 21:51 - 0002265 ____A C:\Windows\IE9_main.log
2011-11-24 21:31 - 2011-11-24 21:31 - 0000000 ____D C:\Windows\System32\SPReview
2011-11-24 21:31 - 2011-11-24 21:31 - 0000000 ____D C:\Windows\System32\EventProviders
2011-11-24 21:30 - 2011-11-24 21:30 - 0000127 ____A C:\Windows\System32\MRT.INI
2011-11-24 21:28 - 2011-10-27 20:05 - 52174280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-11-24 20:52 - 2011-11-24 20:52 - 0003368 ____N C:\bootsqm.dat
2011-11-24 20:50 - 2011-11-24 20:50 - 0000000 __SHD C:\found.001
2011-11-24 17:53 - 2011-11-24 21:10 - 0000456 ____A C:\ProgramData\VBVlROeJQnw6d4
2011-11-24 17:53 - 2011-11-24 21:08 - 0000312 ____A C:\ProgramData\~VBVlROeJQnw6d4
2011-11-24 17:53 - 2011-11-24 21:08 - 0000240 ____A C:\ProgramData\~VBVlROeJQnw6d4r
2011-11-23 19:17 - 2011-11-23 19:17 - 0000000 ____D C:\Users\Kaitlyn\AppData\Roaming\SUPERAntiSpyware.com
2011-11-23 19:16 - 2011-11-23 19:17 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2011-11-23 19:16 - 2011-11-23 19:16 - 0001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2011-11-23 19:16 - 2011-11-23 19:16 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2011-11-19 20:50 - 2011-11-19 20:50 - 0001306 ____A C:\Users\Kaitlyn\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
2011-11-19 20:50 - 2011-11-19 20:50 - 0001306 ____A C:\Users\Kaitlyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
2011-11-19 20:50 - 2011-11-19 20:50 - 0000000 ____D C:\Users\Kaitlyn\Documents\OneNote Notebooks
2011-11-19 05:25 - 2011-11-19 05:25 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-11-19 05:25 - 2011-11-19 05:25 - 0000000 ____D C:\Windows\System32\Macromed
2011-11-19 05:13 - 2011-11-19 05:18 - 0194506 ____A C:\Windows\ntbtlog.txt
2011-11-19 05:12 - 2011-11-19 05:12 - 0000000 __SHD C:\found.000
2011-11-13 11:42 - 2011-11-13 11:42 - 0000000 ____D C:\Users\Kaitlyn\AppData\Roaming\Template
2011-11-13 11:42 - 2011-11-13 11:42 - 0000000 ____A C:\Users\Kaitlyn\AppData\Roaming\wklnhst.dat
2011-11-13 11:41 - 2011-11-13 11:41 - 0002508 ____A C:\Users\Kaitlyn\Documents\????Bad_Apple!! PV????????????????????.rar.torrent - Shortcut.lnk
2011-11-12 18:12 - 2011-11-12 18:12 - 0276286 ____A C:\Users\Kaitlyn\Documents\greensleves.vep
2011-11-12 08:10 - 2011-11-23 10:54 - 0100864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\srrstr.dll
2011-11-09 12:41 - 2011-11-09 12:41 - 0000000 ____D C:\Users\Kaitlyn\AppData\Roaming\W3i, LLC
2011-11-09 12:10 - 2011-11-09 12:10 - 0000000 ____D C:\Users\Kaitlyn\AppData\Local\Gibraltar
2011-11-08 16:28 - 2011-11-08 16:28 - 0000000 ____A C:\Users\Kaitlyn\AppData\Local\{74687C32-9C6B-4788-89F5-79157D125F43}
2011-11-08 12:21 - 2011-09-29 08:29 - 1923952 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-11-08 12:21 - 2011-09-28 20:03 - 3144704 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

============ 3 Months Modified Files and Folders =============

2011-12-01 21:02 - 2011-12-01 21:01 - 0000000 ____D C:\FRST
2011-11-29 11:06 - 2009-09-06 16:40 - 0000000 ____D C:\SwSetup
2011-11-25 13:15 - 2011-08-16 15:03 - 0000000 ____D C:\ProgramData\Recovery
2011-11-24 21:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2011-11-24 21:53 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2011-11-24 21:53 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Portable Devices
2011-11-24 21:53 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2011-11-24 21:53 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2011-11-24 21:53 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2011-11-24 21:53 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2011-11-24 21:53 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Portable Devices
2011-11-24 21:53 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2011-11-24 21:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2011-11-24 21:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2011-11-24 21:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2011-11-24 21:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2011-11-24 21:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2011-11-24 21:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2011-11-24 21:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2011-11-24 21:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2011-11-24 21:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2011-11-24 21:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2011-11-24 21:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sppui
2011-11-24 21:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2011-11-24 21:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2011-11-24 21:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2011-11-24 21:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\manifeststore
2011-11-24 21:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2011-11-24 21:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2011-11-24 21:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2011-11-24 21:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2011-11-24 21:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2011-11-24 21:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2011-11-24 21:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2011-11-24 21:53 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2011-11-24 21:51 - 2011-11-24 21:49 - 0002265 ____A C:\Windows\IE9_main.log
2011-11-24 21:51 - 2011-09-20 17:31 - 0000000 ____D C:\Users\Kaitlyn\AppData\Local\PMB Files
2011-11-24 21:51 - 2010-06-14 00:49 - 1696815 ____A C:\Windows\WindowsUpdate.log
2011-11-24 21:47 - 2009-07-13 18:36 - 0175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2011-11-24 21:47 - 2009-07-13 18:36 - 0152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2011-11-24 21:31 - 2011-11-24 21:31 - 0000000 ____D C:\Windows\System32\SPReview
2011-11-24 21:31 - 2011-11-24 21:31 - 0000000 ____D C:\Windows\System32\EventProviders
2011-11-24 21:31 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-11-24 21:31 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-11-24 21:30 - 2011-11-24 21:30 - 0000127 ____A C:\Windows\System32\MRT.INI
2011-11-24 21:27 - 2011-10-25 13:22 - 0000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-11-24 21:24 - 2011-08-16 17:46 - 0000000 ____D C:\Users\Kaitlyn\AppData\Local\CrashDumps
2011-11-24 21:23 - 2011-10-25 13:22 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-11-24 21:23 - 2011-09-01 17:20 - 0000414 ____A C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2011-11-24 21:22 - 2011-08-16 14:05 - 3015888896 __ASH C:\hiberfil.sys
2011-11-24 21:22 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-11-24 21:22 - 2009-07-13 20:51 - 0062007 ____A C:\Windows\setupact.log
2011-11-24 21:10 - 2011-11-24 17:53 - 0000456 ____A C:\ProgramData\VBVlROeJQnw6d4
2011-11-24 21:08 - 2011-11-24 17:53 - 0000312 ____A C:\ProgramData\~VBVlROeJQnw6d4
2011-11-24 21:08 - 2011-11-24 17:53 - 0000240 ____A C:\ProgramData\~VBVlROeJQnw6d4r
2011-11-24 20:52 - 2011-11-24 20:52 - 0003368 ____N C:\bootsqm.dat
2011-11-24 20:50 - 2011-11-24 20:50 - 0000000 __SHD C:\found.001
2011-11-24 18:07 - 2011-08-16 14:09 - 0000000 ____D C:\Users\Kaitlyn\AppData\Local\HuluDesktop
2011-11-24 17:55 - 2010-06-14 00:53 - 0377150 ____A C:\Windows\PFRO.log
2011-11-23 19:17 - 2011-11-23 19:17 - 0000000 ____D C:\Users\Kaitlyn\AppData\Roaming\SUPERAntiSpyware.com
2011-11-23 19:17 - 2011-11-23 19:16 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2011-11-23 19:16 - 2011-11-23 19:16 - 0001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2011-11-23 19:16 - 2011-11-23 19:16 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2011-11-23 15:13 - 2011-10-28 18:35 - 0000000 ____D C:\Users\Kaitlyn\AppData\Local\Adobe
2011-11-23 10:54 - 2011-11-12 08:10 - 0100864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\srrstr.dll
2011-11-22 12:05 - 2011-09-07 18:06 - 0000000 ____D C:\Users\Kaitlyn\AppData\Local\WeatherBug
2011-11-21 16:26 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2011-11-20 08:46 - 2010-04-25 09:39 - 0000000 ____D C:\ProgramData\Symantec
2011-11-20 08:18 - 2011-08-16 14:14 - 0000340 ____A C:\Windows\Tasks\HPCeeScheduleForKaitlyn.job
2011-11-19 20:50 - 2011-11-19 20:50 - 0001306 ____A C:\Users\Kaitlyn\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
2011-11-19 20:50 - 2011-11-19 20:50 - 0001306 ____A C:\Users\Kaitlyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
2011-11-19 20:50 - 2011-11-19 20:50 - 0000000 ____D C:\Users\Kaitlyn\Documents\OneNote Notebooks
2011-11-19 05:48 - 2011-08-16 14:14 - 0000000 ____D C:\Users\Kaitlyn\AppData\Local\VirtualStore
2011-11-19 05:38 - 2011-10-27 18:05 - 0000000 ____D C:\Users\Kaitlyn\AppData\Local\Microsoft Help
2011-11-19 05:25 - 2011-11-19 05:25 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-11-19 05:25 - 2011-11-19 05:25 - 0000000 ____D C:\Windows\System32\Macromed
2011-11-19 05:21 - 2011-09-07 17:55 - 0000000 ____D C:\Users\Kaitlyn\Tracing
2011-11-19 05:18 - 2011-11-19 05:13 - 0194506 ____A C:\Windows\ntbtlog.txt
2011-11-19 05:12 - 2011-11-19 05:12 - 0000000 __SHD C:\found.000
2011-11-13 16:28 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2011-11-13 11:42 - 2011-11-13 11:42 - 0000000 ____D C:\Users\Kaitlyn\AppData\Roaming\Template
2011-11-13 11:42 - 2011-11-13 11:42 - 0000000 ____A C:\Users\Kaitlyn\AppData\Roaming\wklnhst.dat
2011-11-13 11:41 - 2011-11-13 11:41 - 0002508 ____A C:\Users\Kaitlyn\Documents\????Bad_Apple!! PV????????????????????.rar.torrent - Shortcut.lnk
2011-11-12 18:12 - 2011-11-12 18:12 - 0276286 ____A C:\Users\Kaitlyn\Documents\greensleves.vep
2011-11-12 08:10 - 2011-09-07 18:03 - 0000000 ____D C:\Users\Kaitlyn\AppData\Local\Conduit
2011-11-10 12:58 - 2009-07-13 20:45 - 0384752 ____A C:\Windows\System32\FNTCACHE.DAT
2011-11-09 18:22 - 2011-08-16 14:09 - 0000000 ____D C:\Users\Kaitlyn\AppData\LocalLow
2011-11-09 18:17 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2011-11-09 18:10 - 2011-09-07 17:01 - 0003203 ____A C:\CD3rdPartyWrapper.log
2011-11-09 16:44 - 2009-07-13 21:08 - 0032576 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-11-09 12:42 - 2011-09-01 17:11 - 0000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2011-11-09 12:41 - 2011-11-09 12:41 - 0000000 ____D C:\Users\Kaitlyn\AppData\Roaming\W3i, LLC
2011-11-09 12:10 - 2011-11-09 12:10 - 0000000 ____D C:\Users\Kaitlyn\AppData\Local\Gibraltar
2011-11-08 19:19 - 2009-07-13 21:13 - 0778834 ____A C:\Windows\System32\PerfStringBackup.INI
2011-11-08 16:28 - 2011-11-08 16:28 - 0000000 ____A C:\Users\Kaitlyn\AppData\Local\{74687C32-9C6B-4788-89F5-79157D125F43}
2011-11-02 16:05 - 2011-09-25 14:21 - 0001182 ____A C:\Users\Kaitlyn\Desktop\ Mabinogi .lnk
2011-10-28 17:22 - 2011-10-28 17:22 - 0000000 ____D C:\Users\Kaitlyn\Documents\My Downloads
2011-10-28 15:47 - 2011-10-28 15:47 - 0002246 ____A C:\Users\Public\Desktop\The Sims™ 3 World Adventures.lnk
2011-10-28 15:30 - 2011-08-28 12:39 - 0000000 ____D C:\Program Files (x86)\Electronic Arts
2011-10-28 15:30 - 2010-04-25 08:41 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2011-10-28 14:13 - 2011-10-28 14:13 - 0000000 ___AH C:\Users\Kaitlyn\Desktop\sjpdgtspao.tmp
2011-10-28 13:08 - 2011-10-25 13:22 - 0000000 ____D C:\Users\Kaitlyn\AppData\Local\Google
2011-10-28 13:08 - 2011-08-16 14:09 - 0000000 ____D C:\Users\Kaitlyn\AppData\Local\DigitalPersona
2011-10-27 20:05 - 2011-11-24 21:28 - 52174280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-10-27 17:48 - 2011-10-27 17:42 - 0011860 ____A C:\Users\Kaitlyn\Documents\ss repourt.docx
2011-10-27 17:42 - 2011-10-27 17:42 - 0000000 __RSD C:\Users\Kaitlyn\Documents\My Stationery
2011-10-26 13:07 - 2011-10-26 13:07 - 0000000 ____D C:\Users\Kaitlyn\Documents\My Weblog Posts
2011-10-26 13:07 - 2011-10-26 13:07 - 0000000 ____D C:\Users\Kaitlyn\AppData\Roaming\Windows Live Writer
2011-10-26 13:07 - 2011-10-26 13:07 - 0000000 ____D C:\Users\Kaitlyn\AppData\Local\Windows Live Writer
2011-10-25 16:25 - 2011-10-25 16:25 - 0002210 ____A C:\Users\Public\Desktop\The Sims™ 3 Late Night.lnk
2011-10-25 13:23 - 2011-10-25 13:22 - 0000000 ____D C:\Program Files (x86)\Google
2011-10-21 18:28 - 2011-09-03 20:04 - 0000000 ____D C:\Program Files (x86)\Inbox Toolbar
2011-10-21 18:10 - 2011-09-03 20:05 - 0000000 ____D C:\Program Files (x86)\AppGraffiti
2011-10-18 13:08 - 2011-10-18 13:08 - 0000000 ____D C:\Users\Kaitlyn\AppData\Roaming\Origin
2011-10-18 13:08 - 2011-10-18 13:06 - 0000000 ____D C:\ProgramData\Origin
2011-10-18 13:07 - 2011-10-18 13:07 - 0000979 ____A C:\Users\Public\Desktop\Origin.lnk
2011-10-18 13:07 - 2011-10-18 13:07 - 0000000 ____D C:\Users\Kaitlyn\AppData\Local\Origin
2011-10-18 13:06 - 2011-10-18 13:06 - 0000537 ____A C:\Windows\KB893803v2.log
2011-10-18 13:06 - 2011-10-18 13:06 - 0000000 ____D C:\Program Files (x86)\Origin Games
2011-10-18 13:06 - 2011-10-18 13:06 - 0000000 ____D C:\Program Files (x86)\Origin
2011-10-18 13:06 - 2011-08-28 13:08 - 0000000 ____D C:\ProgramData\Electronic Arts
2011-10-18 13:04 - 2011-10-18 13:04 - 0002156 ____A C:\Users\Public\Desktop\The Sims™ 3 Pets.lnk
2011-10-15 16:16 - 2011-09-20 20:01 - 0000000 ____D C:\Users\Kaitlyn\AppData\Local\ElevatedDiagnostics
2011-10-12 11:39 - 2011-08-16 14:16 - 0002489 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2011-10-12 11:39 - 2010-06-14 01:15 - 0000000 ____D C:\Windows\System32\Drivers\NISx64
2011-10-09 14:26 - 2011-10-09 14:26 - 0000000 ____D C:\Users\Kaitlyn\Documents\AVS4YOU
2011-10-08 16:01 - 2011-10-07 19:08 - 0552150 ____A C:\Users\Kaitlyn\Documents\Anime disc 1.vep
2011-10-07 19:29 - 2011-10-07 19:17 - 0000000 ____D C:\Users\Kaitlyn\AppData\Roaming\Ulead Systems
2011-10-07 19:18 - 2011-10-07 19:18 - 0000000 ____D C:\Users\Kaitlyn\Documents\Corel VideoStudio Pro
2011-10-07 19:18 - 2011-08-16 20:38 - 0000000 ____D C:\Users\Kaitlyn\AppData\Roaming\Corel
2011-10-07 19:18 - 2010-04-25 10:46 - 0000000 ____D C:\ProgramData\Corel
2011-10-07 17:57 - 2011-10-07 17:57 - 0000000 ____D C:\Users\Kaitlyn\AppData\Roaming\AVS4YOU
2011-10-07 17:57 - 2011-10-07 17:57 - 0000000 ____D C:\ProgramData\AVS4YOU
2011-10-07 17:57 - 2011-08-16 14:13 - 0098792 ____A C:\Users\Kaitlyn\AppData\Local\GDIPFONTCACHEV1.DAT
2011-10-07 17:55 - 2011-10-07 17:55 - 0001293 ____A C:\Users\Kaitlyn\Desktop\AVS4YOU Software Navigator.lnk
2011-10-07 17:55 - 2011-10-07 17:52 - 0000000 ____D C:\Program Files (x86)\AVS4YOU
2011-10-07 17:54 - 2011-10-07 17:54 - 0001201 ____A C:\Users\Kaitlyn\Desktop\AVS Video Editor.lnk
2011-10-07 14:19 - 2011-08-28 13:08 - 0000000 ____D C:\Users\Kaitlyn\Documents\Electronic Arts
2011-10-07 14:17 - 2011-10-07 14:17 - 0002264 ____A C:\Users\Public\Desktop\The Sims™ 3 Create a World Tool - Beta.lnk
2011-10-05 13:17 - 2011-10-04 18:17 - 0013054 ____A C:\Users\Kaitlyn\Documents\The Alliance1.docx
2011-10-02 15:39 - 2011-10-02 15:39 - 0001428 ____A C:\Users\Kaitlyn\Desktop\Free Realms.lnk
2011-09-30 21:41 - 2011-10-13 11:05 - 9011200 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-09-30 20:34 - 2011-10-13 11:05 - 5990400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-09-30 19:25 - 2011-10-13 11:05 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-09-30 18:42 - 2011-10-13 11:05 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-09-29 08:29 - 2011-11-08 12:21 - 1923952 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-09-28 20:03 - 2011-11-08 12:21 - 3144704 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-09-25 16:31 - 2011-09-25 16:31 - 0001328 ____A C:\Users\Public\Desktop\Pirates of the Caribbean Online.lnk
2011-09-25 16:31 - 2011-09-25 16:31 - 0000000 ____D C:\Program Files (x86)\Disney
2011-09-25 14:21 - 2011-09-20 21:11 - 0000000 ___SD C:\Users\Kaitlyn\Documents\Mabinogi
2011-09-22 17:34 - 2011-09-22 17:34 - 0161337 ____A C:\Users\Kaitlyn\Documents\sebbychan.docx
2011-09-22 14:17 - 2011-09-22 14:10 - 0000000 ____D C:\ProgramData\NexonUS
2011-09-22 14:09 - 2011-09-22 14:09 - 0000000 ____D C:\Nexon
2011-09-20 21:44 - 2011-09-20 21:44 - 0001109 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2011-09-20 21:44 - 2011-09-20 21:44 - 0000000 ____D C:\Users\Kaitlyn\AppData\Roaming\Malwarebytes
2011-09-20 21:44 - 2011-09-20 21:44 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-09-20 21:44 - 2011-09-20 21:44 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-20 21:05 - 2011-09-20 17:31 - 2477595860 ____A C:\Users\Kaitlyn\Desktop\MabinogiSetup.exe
2011-09-20 21:05 - 2011-09-20 17:31 - 0000000 ____D C:\ProgramData\PMB Files
2011-09-20 20:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2011-09-20 17:31 - 2011-09-20 17:31 - 0000000 ____D C:\Program Files (x86)\Pando Networks
2011-09-19 17:53 - 2010-04-25 10:23 - 0000000 ____D C:\ProgramData\Adobe
2011-09-19 17:34 - 2011-08-28 13:00 - 0773050 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2011-09-17 13:37 - 2011-08-16 14:50 - 0000000 ____D C:\Users\Kaitlyn\AppData\Roaming\Adobe
2011-09-12 17:39 - 2011-09-12 17:39 - 0002202 ____A C:\Users\Public\Desktop\The Sims™ 3 Ambitions.lnk
2011-09-11 14:38 - 2011-09-11 14:38 - 0002220 ____A C:\Users\Public\Desktop\The Sims™ 3 Generations.lnk
2011-09-11 14:26 - 2011-09-11 14:26 - 0002086 ____A C:\Users\Public\Desktop\The Sims™ 3.lnk
2011-09-10 13:32 - 2011-09-10 13:29 - 0000000 ____D C:\Users\Kaitlyn\AppData\Roaming\Stardock
2011-09-10 13:29 - 2011-09-10 13:29 - 0001156 ____A C:\Users\Kaitlyn\Start Menu\Programs\Startup\Impulse Now.lnk
2011-09-10 13:29 - 2011-09-10 13:29 - 0001156 ____A C:\Users\Kaitlyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk
2011-09-10 13:29 - 2011-09-10 13:29 - 0000957 ____A C:\Users\Public\Desktop\Impulse.lnk
2011-09-10 13:29 - 2011-09-10 13:29 - 0000000 ____D C:\ProgramData\Stardock
2011-09-10 13:29 - 2011-09-10 13:29 - 0000000 ____D C:\ProgramData\Gibraltar
2011-09-10 13:29 - 2011-09-10 13:29 - 0000000 ____D C:\Program Files (x86)\Impulse
2011-09-10 13:29 - 2011-09-10 13:28 - 0000000 __HDC C:\ProgramData\{F17D9C21-2BB9-4DE6-A952-721D90A7029A}
2011-09-09 21:09 - 2011-09-09 19:29 - 0962261 ____A C:\Users\Kaitlyn\Documents\gir.docx
2011-09-08 16:40 - 2011-09-08 16:40 - 0070830 ____A C:\Users\Kaitlyn\Documents\FAIRY TAIL KEYS.docx
2011-09-07 18:06 - 2011-09-07 18:06 - 0000000 ____D C:\Users\Kaitlyn\AppData\Roaming\WeatherBug
2011-09-07 18:06 - 2011-09-07 18:06 - 0000000 ____D C:\Program Files (x86)\AWS
2011-09-07 18:03 - 2011-09-07 18:03 - 0000000 ____D C:\Program Files (x86)\Superfish
2011-09-07 18:03 - 2011-09-07 18:03 - 0000000 ____D C:\Program Files (x86)\Conduit
2011-09-07 18:03 - 2011-09-07 18:03 - 0000000 ____D C:\Program Files (x86)\Booksbario
2011-09-07 17:58 - 2011-09-07 17:58 - 0000000 ____D C:\ProgramData\Premium
2011-09-07 17:58 - 2011-09-07 17:58 - 0000000 ____D C:\ProgramData\InstallMate
2011-09-07 17:58 - 2011-09-07 17:58 - 0000000 ____D C:\Program Files (x86)\bflixtoolbar
2011-09-07 17:58 - 2011-09-07 17:57 - 0000000 ____D C:\Users\Kaitlyn\AppData\Roaming\vlc
2011-09-07 17:55 - 2011-09-07 17:55 - 0000000 ____D C:\Users\Kaitlyn\AppData\Roaming\Bandoo
2011-09-07 17:55 - 2011-09-07 17:55 - 0000000 ____D C:\Users\Kaitlyn\AppData\Local\Ilivid Player
2011-09-07 17:55 - 2011-09-07 17:55 - 0000000 ____D C:\ProgramData\Bandoo
2011-09-07 17:55 - 2011-09-07 17:54 - 0000000 ____D C:\Program Files (x86)\Bandoo
2011-09-07 17:55 - 2011-08-16 14:09 - 0000000 ____D C:\users\Kaitlyn
2011-09-07 17:54 - 2011-09-07 17:54 - 0000955 ____A C:\Users\Public\Desktop\iLivid Download Manager.lnk
2011-09-07 17:54 - 2011-09-07 17:54 - 0000000 __HDC C:\ProgramData\{94D867E5-DFF5-4374-ADEE-C3F5BE97F03A}
2011-09-07 17:54 - 2011-09-07 17:54 - 0000000 ____D C:\Program Files (x86)\iLivid
2011-09-07 17:54 - 2011-09-07 17:53 - 0000000 ____D C:\Program Files (x86)\Windows iLivid Toolbar
2011-09-07 17:53 - 2011-09-07 17:53 - 0000000 ____D C:\Users\Kaitlyn\AppData\Local\PackageAware

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 3834.9 MB
Available physical RAM: 3144.39 MB
Total Pagefile: 3833.05 MB
Available Pagefile: 3136.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:275.87 GB) (Free:193.87 GB) NTFS ==>[System with boot components]
2 Drive e: (RECOVERY) (Fixed) (Total:21.92 GB) (Free:3.2 GB) NTFS ==>[System with boot components]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: () (Removable) (Total:0.12 GB) (Free:0.12 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 123 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 275 GB 200 MB
Partition 3 Primary 21 GB 276 GB
Partition 4 Primary 103 MB 297 GB

Disk: 0
Partition 1
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==========================================================

Last Boot: 2011-10-24 13:31

======================= End Of Log ==========================

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,114 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:12 PM

Posted 04 December 2011 - 04:24 AM

Hello, JSntgRvr is having some connection problems so I will take over this topic.

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1

  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 DNAnet

DNAnet
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 04 December 2011 - 09:19 PM

Hi,

F12 is not taking me to a boot from CD option. I keep getting put back into Windows recovery and startup repair starts to run and keepings running and running.

#12 DNAnet

DNAnet
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 04 December 2011 - 09:24 PM

Ok, here is what I see when I get into Windows Boot Manager......

two options 1) Windows7 2)Windows Memory Diagnostic

but nothing for booting from CD.

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,114 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:12 PM

Posted 05 December 2011 - 01:53 AM

In that case, please tap F10 when you start the computer until the Edit Boot Options menu comes up. Let me know what is listed between the brackets ([............. ]) there.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 DNAnet

DNAnet
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 05 December 2011 - 09:10 PM

Hi,

I am not sure if I am in the right place. I hit F10 and get the setup utility and then under boot options is the following:

HP Quickweb <enabled>
CD-ROM Boot <enabled>
Floppy Boot <disabled>
Internal network adapter boot <enabled>

thank you.

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,114 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:12 PM

Posted 06 December 2011 - 02:15 AM

You need to tap F10 a little later (directly after the inital screen that displays device/BIOS options (or a manufacturer splash screen) goes black.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users