Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS for months---unable to fix!


  • This topic is locked This topic is locked
82 replies to this topic

#1 pminga

pminga

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 15 May 2012 - 08:46 PM

I've spent hundreds of hours trying to remove the TDSS rootkit but have had no success. Also unable to start firewall (screen shows it's started but it isn't). OS is Windows 7 64 bit, so couldn't run GMER. Any downloaded Anti-virus programs either run only once with minimal results (find 1 tracking cookie, for example) or never run at all. The second time any of the programs are run they find nothing.

All five computers are infected. Bought a new computer but it got rootkit as well (through router, I think). Took two different computers in for repair (to Best Buy and Office Depot)--in both cases the techs said there was no virus. So frustrating!Suspect rootkit is in boot sector.

Unable to delete many many files, try to change security permissions but frequently unable to do this as well. Many files are listed but "not available" or "inaccessible".

I'm out of options and sure could use some assistance.

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:26 PM

Posted 16 May 2012 - 08:20 PM

while you have infected computers all connected through the same router there is risk of re-infection, so I suggest taking them off the network until we can clean up and reset the router.
we'll do one computer at a time:

please run the following:


For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 pminga

pminga
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 18 May 2012 - 06:32 PM

Hi CatByte,

Thanks for responding so quickly.

Once I figured out that the virus seemed to be spreading via the router I disassembled my home network. I connect to the internet via modem now, and I'm using only one machine-an HP with a Windows7 64 bit OS.

I downloaded the Farber Recovery Scan Tool as requested. Everything went well until I typed in the command "D:\FRST64.exe". Instead of the program starting I received the message "System cannot find file." I verified the file name and drive and tried again with the same result. I also tried to change to the D: drive and received the message "Access is denied". Finally, I tried to view the directory on the D: drive and received the same "Access is denied" message.

I did notice some unusual things while attempting to run the Farber program--
the command prompt, which I would expect to be C:\, is X:\. When I chose "Computer" to find the flash drive letter drive X: was named "Boot" and had 2.43 MB used out of 3.73 GB. When I open My Computer in Windows, however, drive H: shows 3.03 MB free of 3.73 GB and drive X: does not appear at all. described as the boot drive--it has only 2.43 MB used out of

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:26 PM

Posted 18 May 2012 - 06:36 PM

you need to use the drive letter of your USB, which will likely be E or F

in the recovery environment the drive letters change because of the hidden recovery partition which is only accessible through the recovery environment

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 pminga

pminga
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 18 May 2012 - 07:46 PM

Sorry, CatByte, I must have posted my reply without realizing it.

Here's a revision of my last paragraph in the previous post...

I did notice some unusual things while attempting to run the Farber program
1. The command prompt, which I had expected to be C:\, is X:\Windows\System32.
2. When I chose notepad>computer to find the flash drive letter, it showed drive C: (System Reserved) 61.5 MB free of 99.9 MB; drive D: ; drive E: 535 GB free of 698 GB; and drive X: (Boot)31.1 MB free of 33.5 MB.
3. When I open Windows>My Computer, it showed drive C: 535 GB free of 698 GB; and drive H: 3.03 MB free of 3.73 GB. Drive H: is where the flash drive is actually located.
4. The notepad>computer screen also showed the OS as Windows 6.1.7600.
5. Since I knew that the flash drive was actually mounted to drive H: I also entered the command to run the Farber tool as H:\FRST64.exe. I received the response "Device not ready".

Finally I ran the tool in the incorrect way, just so I could send you something. The log attached says right up front that it was run incorrectly, but it was the best I could do.

Thanks for your help,

pminga

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:26 PM

Posted 18 May 2012 - 08:37 PM

ok, the recovery environment isn't recognizing the USB

here's a couple of things to try:

  • format the USB
  • try a different USB
  • shut down the computer, unplug the power supply for 30 seconds, plug back in > re boot

oh and the log didn't attach

Edited by CatByte, 18 May 2012 - 08:38 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 pminga

pminga
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 20 May 2012 - 03:56 AM

Thanks for the hints, I tried a different USB and finally got FRST64 to run! Hooray!

I hope the FRST.txt file is attached...

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:26 PM

Posted 20 May 2012 - 08:51 AM

Hi

We need to find a replacement file on your system

please do the following:


  • boot into System Recovery Options and run FRST64.

    Type the following in the edit box after "Search:" so it looks like this:

    Search: svchost.exe

    Click Search button and post the log it makes to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 pminga

pminga
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 22 May 2012 - 02:57 AM

Hi, CatByte,

The new FRST64 log and the search: svchost.exe log are attached.

pminga


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:26 PM

Posted 22 May 2012 - 06:03 PM

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
Replace: C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe C:\Windows\System32\svchost.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 pminga

pminga
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 23 May 2012 - 06:21 PM

Hi, Cat,

I completed the procedure you gave me without a problem, but when I attempted to restart the pc (either normally or in safe mode) the Windows logo came on as usual, then it faded to black with only the arrow cursor showing and never went any further. The modem continued to show PC activity, but after 10 minutes the screen was still black.

I'm working on another pc at this point. The most recent FRST64.exe and log files are attached.

pminga

Unable to attach them, so I printed them here...

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 19-05-2012
Ran by SYSTEM at 2012-05-23 15:15:23 Run:1
Running from J:\

==============================================

C:\Windows\System32\svchost.exe moved successfully.
Could not replece C:\Windows\System32\svchost.exe.

==== End of Fixlog ====


Scan result of Farbar Recovery Scan Tool Version: 19-05-2012
Ran by SYSTEM at 23-05-2012 15:14:12
Running from J:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet003

========================== Registry (Whitelisted) =============

HKLM-x32\...\Run: [avp] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [202296 2011-04-24] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [217256 2011-07-29] (Visicom Media Inc. (Powered by Panda Security))
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Owner\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5464448 2011-07-28] (SUPERAntiSpyware.com)
HKLM-x32\...\runonceex: [Flags] 128
HKLM-x32\...\runonceex: [Title] UnHackMe Rootkit Check
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

==================== Services (Whitelisted) ======

2 AppHostSvc; C:\Windows\SysWow64\inetsrv\apphostsvc.dll [61440 2010-11-20] (Microsoft Corporation)
4 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [192776 2011-08-02] (AVG Technologies CZ, s.r.o.)
2 AVP; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" -r [202296 2011-04-24] (Kaspersky Lab ZAO)
2 CISVC; C:\Windows\System32\CISVC.EXE [19456 2009-07-13] (Microsoft Corporation)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [27136 2009-07-13] ()
2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
3 MatSvc; "C:\Program Files\Microsoft Fix it Center\Matsvc.exe" [343856 2011-06-13] (Microsoft Corporation)
4 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
4 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208 2009-05-15] (Nero AG)
4 nmservice; "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" [647216 2009-07-07] (Cisco Systems, Inc.)
2 Secunia PSI Agent; "C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service [994360 2011-10-13] (Secunia)
2 Secunia Update Agent; "C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service [399416 2011-10-13] (Secunia)
2 simptcp; C:\Windows\System32\tcpsvcs.exe [10240 2009-07-13] (Microsoft Corporation)
2 simptcp; C:\Windows\SysWow64\tcpsvcs.exe [9216 2009-07-13] (Microsoft Corporation)
2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
2 SNMP; C:\Windows\SysWow64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
4 vToolbarUpdater; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [909152 2012-01-25] ()
2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation)
3 WAS; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation)
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

3 AVGIDSDriver; C:\Windows\System32\Drivers\AVGIDSDriver.sys [120400 2011-07-11] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\Drivers\AVGIDSEH.sys [26704 2011-07-11] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\Drivers\AVGIDSFilter.sys [29776 2011-07-11] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [283728 2011-10-07] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [46672 2011-08-08] (AVG Technologies CZ, s.r.o.)
4 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [37456 2011-09-13] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [375376 2011-07-11] (AVG Technologies CZ, s.r.o.)
0 KL1; C:\Windows\System32\Drivers\KL1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
1 kl2; C:\Windows\System32\Drivers\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [615728 2011-04-20] (Kaspersky Lab)
1 KLIM6; C:\Windows\System32\Drivers\KLIM6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
3 klmouflt; C:\Windows\System32\Drivers\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 netr7364; C:\Windows\System32\Drivers\netr7364.sys [726816 2010-02-24] (Ralink Technology, Corp.)
0 Partizan; C:\Windows\SysWow64\Drivers\Partizan.sys [35816 2012-05-15] (Greatis Software)
3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [17976 2010-09-01] (Secunia)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-23 13:30 - 2012-05-23 13:30 - 0001469 ____A C:\Users\Alvegren\Desktop\Bleeping 5_23.rtf
2012-05-23 13:21 - 2012-05-23 13:21 - 0000000 ____D C:\Users\Alvegren\AppData\Roaming\Adobe
2012-05-23 12:58 - 2012-05-23 12:58 - 0062192 ____A C:\Users\Alvegren\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-21 23:59 - 2012-05-21 23:59 - 0125897 ____A C:\Users\Owner\Desktop\Infected with TDSS for months---unable to fix! 2.rtf
2012-05-21 23:42 - 2012-05-21 23:49 - 0051294 ____A C:\Windows\ntbtlog.txt
2012-05-21 23:35 - 2012-05-21 23:36 - 0001102 ____A C:\Users\Owner\Desktop\Search.txt
2012-05-21 23:34 - 2012-05-21 23:35 - 0088074 ____A C:\Users\Owner\Desktop\FRST.txt
2012-05-21 21:35 - 2012-05-21 21:35 - 0062192 ____A C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-21 10:01 - 2012-05-21 10:01 - 0283912 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-21 10:01 - 2012-05-21 10:01 - 0000766 ____A C:\Windows\PFRO.log
2012-05-20 21:57 - 2012-05-20 21:57 - 0000000 ____D C:\Users\All Users\GhostFleet
2012-05-20 21:57 - 2012-05-20 21:57 - 0000000 ____D C:\ProgramData\GhostFleet
2012-05-20 21:56 - 2012-05-20 21:58 - 0000000 ____D C:\Users\Owner\AppData\Roaming\GhostFleet
2012-05-20 21:05 - 2012-05-23 13:51 - 0000336 ____A C:\Windows\setupact.log
2012-05-20 21:05 - 2012-05-20 21:05 - 0000000 ____A C:\Windows\setuperr.log
2012-05-20 20:58 - 2012-05-20 20:58 - 0002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-05-20 18:24 - 2012-05-20 19:22 - 0000000 ____D C:\Users\Alvegren\AppData\Local\Microsoft Games
2012-05-20 18:22 - 2012-05-23 13:23 - 0000000 ____D C:\Users\Alvegren\AppData\Local\antiphishing-vmninternethelper1_1dn
2012-05-20 18:21 - 2012-05-23 13:22 - 0000000 ____D C:\Users\Alvegren\AppData\LocalLow
2012-05-20 18:21 - 2012-05-20 18:21 - 0000174 ___SH C:\Users\Public\desktop.ini
2012-05-20 18:21 - 2012-05-20 18:21 - 0000174 ___SH C:\Users\Alvegren\Start Menu\Programs\Startup\desktop.ini
2012-05-20 18:21 - 2012-05-20 18:21 - 0000174 ___SH C:\Users\Alvegren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-05-20 18:21 - 2012-05-20 18:21 - 0000020 ___SH C:\Users\Alvegren\ntuser.ini
2012-05-20 18:21 - 2012-05-20 18:21 - 0000000 __SHD C:\Users\Alvegren\Templates
2012-05-20 18:21 - 2012-05-20 18:21 - 0000000 __SHD C:\Users\Alvegren\Start Menu
2012-05-20 18:21 - 2012-05-20 18:21 - 0000000 __SHD C:\Users\Alvegren\PrintHood
2012-05-20 18:21 - 2012-05-20 18:21 - 0000000 __SHD C:\Users\Alvegren\NetHood
2012-05-20 18:21 - 2012-05-20 18:21 - 0000000 __SHD C:\Users\Alvegren\My Documents
2012-05-20 18:21 - 2012-05-20 18:21 - 0000000 __SHD C:\Users\Alvegren\Documents\My Videos
2012-05-20 18:21 - 2012-05-20 18:21 - 0000000 __SHD C:\Users\Alvegren\Documents\My Pictures
2012-05-20 18:21 - 2012-05-20 18:21 - 0000000 __SHD C:\Users\Alvegren\Documents\My Music
2012-05-20 18:21 - 2012-05-20 18:21 - 0000000 __SHD C:\Users\Alvegren\AppData\Local\Temporary Internet Files
2012-05-20 18:21 - 2012-05-20 18:21 - 0000000 __SHD C:\Users\Alvegren\AppData\Local\History
2012-05-20 18:21 - 2012-05-20 18:21 - 0000000 ____D C:\Users\Alvegren\AppData\Local\VirtualStore
2012-05-20 18:21 - 2012-05-20 18:21 - 0000000 ____D C:\users\Alvegren
2012-05-20 18:21 - 2012-05-13 02:22 - 0000000 ____D C:\Users\Alvegren\AppData\Roaming\Media Center Programs
2012-05-20 18:21 - 2011-04-13 23:33 - 0000000 ____D C:\Users\Alvegren\AppData\Roaming\Macromedia
2012-05-20 04:25 - 2012-05-20 04:25 - 0084444 ____A C:\Users\Owner\Documents\FRST.txt
2012-05-20 02:38 - 2012-05-20 02:38 - 0000389 ____A C:\Users\Owner\Desktop\CD Drive - Shortcut.lnk
2012-05-20 00:56 - 2012-05-20 00:56 - 0000248 ____A C:\Users\Owner\Desktop\TDSS Conversation.url
2012-05-19 23:17 - 2012-05-19 23:17 - 0000515 ____A C:\Users\Owner\Desktop\Infected with TDSS for months---unable to fix!.url
2012-05-19 23:15 - 2012-05-19 23:15 - 1393595 ____A C:\Users\Owner\Downloads\FRST64.exe
2012-05-19 23:12 - 2012-05-19 23:12 - 0337639 ____A C:\Users\Owner\Downloads\FSS.exe
2012-05-19 22:59 - 2012-05-19 22:59 - 0161162 ____A C:\Users\Owner\Documents\Florentine Crostini.rtf
2012-05-19 22:55 - 2012-01-26 08:46 - 0033280 ____A C:\Users\Owner\Desktop\Pharmacy Claims Summary-2011.xls
2012-05-19 22:55 - 2012-01-26 08:46 - 0000000 ____A C:\Users\Owner\Desktop\Vision Claims Summary-2011.xls
2012-05-19 22:54 - 2012-01-26 08:46 - 0174080 ____A C:\Users\Owner\Desktop\Medical & Dental Claims Summary-2011.xls
2012-05-19 22:54 - 2012-01-26 08:46 - 0025600 ____A C:\Users\Owner\Desktop\Paypal Account Payments-2011xls.xls
2012-05-19 22:53 - 2012-01-26 08:46 - 1927168 ____A C:\Users\Owner\Desktop\Charitable Contributions MASTER Worksheet.xls
2012-05-19 22:03 - 2012-05-19 22:03 - 0000822 ____A C:\Users\Owner\Documents\BHN Order--add 2nd converter.rtf
2012-05-19 20:44 - 2012-05-19 20:44 - 0055384 ____A C:\Users\Owner\Downloads\Find-and-install-printer-drivers at Microsoft.htm
2012-05-19 20:42 - 2012-05-19 20:42 - 3895848 ____A C:\Users\Owner\Downloads\HP Print & Scan Dr.exe
2012-05-19 20:41 - 2012-05-19 20:41 - 1283432 ____A C:\Users\Owner\Downloads\HP Printer D1520 dot4patch_reboot.exe
2012-05-19 19:45 - 2012-05-19 19:45 - 0000000 ____D C:\Users\Owner\AppData\Roaming\PlayFirst
2012-05-19 19:45 - 2012-05-19 19:45 - 0000000 ____D C:\Users\All Users\PlayFirst
2012-05-19 19:45 - 2012-05-19 19:45 - 0000000 ____D C:\ProgramData\PlayFirst
2012-05-18 20:08 - 2012-05-19 19:45 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Merscom
2012-05-18 20:08 - 2012-05-19 19:45 - 0000000 ____D C:\Users\All Users\Merscom
2012-05-18 20:08 - 2012-05-19 19:45 - 0000000 ____D C:\ProgramData\Merscom
2012-05-18 20:06 - 2010-06-02 03:55 - 0527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2012-05-18 20:06 - 2010-06-02 03:55 - 0518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2012-05-18 20:06 - 2010-06-02 03:55 - 0239960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2012-05-18 20:06 - 2010-06-02 03:55 - 0176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2012-05-18 20:06 - 2010-06-02 03:55 - 0077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2012-05-18 20:06 - 2010-06-02 03:55 - 0074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2012-05-18 20:06 - 2010-05-26 10:41 - 2526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2012-05-18 20:06 - 2010-05-26 10:41 - 2401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2012-05-18 20:06 - 2010-05-26 10:41 - 2106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2012-05-18 20:06 - 2010-05-26 10:41 - 1998168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2012-05-18 20:06 - 2010-05-26 10:41 - 1907552 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2012-05-18 20:06 - 2010-05-26 10:41 - 1868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2012-05-18 20:06 - 2010-05-26 10:41 - 0511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2012-05-18 20:06 - 2010-05-26 10:41 - 0470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2012-05-18 20:06 - 2010-05-26 10:41 - 0276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2012-05-18 20:06 - 2010-05-26 10:41 - 0248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2012-05-18 20:06 - 2010-02-04 09:01 - 0530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2012-05-18 20:06 - 2010-02-04 09:01 - 0528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2012-05-18 20:06 - 2010-02-04 09:01 - 0238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2012-05-18 20:06 - 2010-02-04 09:01 - 0176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2012-05-18 20:06 - 2010-02-04 09:01 - 0078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2012-05-18 20:06 - 2010-02-04 09:01 - 0074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2012-05-18 20:06 - 2010-02-04 09:01 - 0024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2012-05-18 20:06 - 2010-02-04 09:01 - 0022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2012-05-18 20:06 - 2009-09-04 16:44 - 0517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2012-05-18 20:06 - 2009-09-04 16:44 - 0515416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2012-05-18 20:06 - 2009-09-04 16:44 - 0238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2012-05-18 20:06 - 2009-09-04 16:44 - 0176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2012-05-18 20:06 - 2009-09-04 16:44 - 0073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2012-05-18 20:06 - 2009-09-04 16:44 - 0069464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2012-05-18 20:06 - 2009-09-04 16:29 - 5554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2012-05-18 20:06 - 2009-09-04 16:29 - 5501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2012-05-18 20:06 - 2009-09-04 16:29 - 2582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2012-05-18 20:06 - 2009-09-04 16:29 - 2475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2012-05-18 20:06 - 2009-09-04 16:29 - 1974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2012-05-18 20:06 - 2009-09-04 16:29 - 1892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2012-05-18 20:06 - 2009-09-04 16:29 - 0523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2012-05-18 20:06 - 2009-09-04 16:29 - 0453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2012-05-18 20:06 - 2009-09-04 16:29 - 0285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2012-05-18 20:06 - 2009-09-04 16:29 - 0235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2012-05-18 20:06 - 2009-03-16 13:18 - 0521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2012-05-18 20:06 - 2009-03-16 13:18 - 0517448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2012-05-18 20:06 - 2009-03-16 13:18 - 0235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2012-05-18 20:06 - 2009-03-16 13:18 - 0174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2012-05-18 20:06 - 2009-03-16 13:18 - 0024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2012-05-18 20:06 - 2009-03-16 13:18 - 0022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2012-05-18 20:06 - 2009-03-09 14:27 - 5425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2012-05-18 20:06 - 2009-03-09 14:27 - 4178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2012-05-18 20:06 - 2009-03-09 14:27 - 2430312 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
2012-05-18 20:06 - 2009-03-09 14:27 - 0520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
2012-05-18 20:06 - 2008-10-27 09:04 - 0518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2012-05-18 20:06 - 2008-10-27 09:04 - 0514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2012-05-18 20:06 - 2008-10-27 09:04 - 0235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2012-05-18 20:06 - 2008-10-27 09:04 - 0175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2012-05-18 20:06 - 2008-10-27 09:04 - 0074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2012-05-18 20:06 - 2008-10-27 09:04 - 0070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2012-05-18 20:06 - 2008-10-27 09:04 - 0025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2012-05-18 20:06 - 2008-10-27 09:04 - 0023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2012-05-18 20:06 - 2008-10-15 05:22 - 5631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2012-05-18 20:06 - 2008-10-15 05:22 - 4379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2012-05-18 20:06 - 2008-10-15 05:22 - 2605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2012-05-18 20:06 - 2008-10-15 05:22 - 2036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2012-05-18 20:06 - 2008-10-15 05:22 - 0519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2012-05-18 20:06 - 2008-10-15 05:22 - 0452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2012-05-18 20:06 - 2008-07-31 09:41 - 0238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2012-05-18 20:06 - 2008-07-31 09:41 - 0177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2012-05-18 20:06 - 2008-07-31 09:41 - 0072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2012-05-18 20:06 - 2008-07-31 09:41 - 0068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2012-05-18 20:06 - 2008-07-31 09:40 - 0513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2012-05-18 20:06 - 2008-07-31 09:40 - 0509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2012-05-18 20:06 - 2008-07-10 10:01 - 0467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2012-05-18 20:06 - 2008-07-10 10:00 - 4992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2012-05-18 20:06 - 2008-07-10 10:00 - 3851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2012-05-18 20:06 - 2008-07-10 10:00 - 1942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2012-05-18 20:06 - 2008-07-10 10:00 - 1493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2012-05-18 20:06 - 2008-07-10 10:00 - 0540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2012-05-18 20:06 - 2008-05-30 13:19 - 0511496 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
2012-05-18 20:06 - 2008-05-30 13:19 - 0507400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2012-05-18 20:06 - 2008-05-30 13:18 - 0238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2012-05-18 20:06 - 2008-05-30 13:18 - 0177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
2012-05-18 20:06 - 2008-05-30 13:17 - 0068104 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
2012-05-18 20:06 - 2008-05-30 13:17 - 0065032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2012-05-18 20:06 - 2008-05-30 13:17 - 0025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2012-05-18 20:06 - 2008-05-30 13:16 - 0028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
2012-05-18 20:06 - 2008-05-30 13:11 - 4991496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
2012-05-18 20:06 - 2008-05-30 13:11 - 3850760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2012-05-18 20:06 - 2008-05-30 13:11 - 1941528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
2012-05-18 20:06 - 2008-05-30 13:11 - 1491992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2012-05-18 20:06 - 2008-05-30 13:11 - 0540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
2012-05-18 20:06 - 2008-05-30 13:11 - 0467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2012-05-18 20:06 - 2008-03-05 15:04 - 0489480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
2012-05-18 20:06 - 2008-03-05 15:03 - 0479752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2012-05-18 20:06 - 2008-03-05 15:03 - 0238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2012-05-18 20:06 - 2008-03-05 15:03 - 0177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
2012-05-18 20:06 - 2008-03-05 15:00 - 0028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
2012-05-18 20:06 - 2008-03-05 15:00 - 0025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2012-05-18 20:06 - 2008-03-05 14:56 - 4910088 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
2012-05-18 20:06 - 2008-03-05 14:56 - 3786760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2012-05-18 20:06 - 2008-03-05 14:56 - 1860120 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
2012-05-18 20:06 - 2008-03-05 14:56 - 1420824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2012-05-18 20:06 - 2008-02-05 22:07 - 0529424 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
2012-05-18 20:06 - 2008-02-05 22:07 - 0462864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2012-05-18 20:06 - 2007-10-22 02:40 - 0411656 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
2012-05-18 20:06 - 2007-10-22 02:39 - 0267272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2012-05-18 20:06 - 2007-10-22 02:37 - 0021000 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
2012-05-18 20:06 - 2007-10-22 02:37 - 0017928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2012-05-18 20:06 - 2007-10-12 14:14 - 5081608 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
2012-05-18 20:06 - 2007-10-12 14:14 - 3734536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2012-05-18 20:06 - 2007-10-12 14:14 - 2006552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
2012-05-18 20:06 - 2007-10-12 14:14 - 1374232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2012-05-18 20:06 - 2007-10-02 08:56 - 0508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
2012-05-18 20:06 - 2007-10-02 08:56 - 0444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2012-05-18 20:06 - 2007-07-19 17:14 - 1985904 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
2012-05-18 20:06 - 2007-07-19 17:14 - 1358192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2012-05-18 20:06 - 2007-07-19 17:14 - 0508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
2012-05-18 20:06 - 2007-07-19 17:14 - 0444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2012-05-18 20:06 - 2007-06-20 19:49 - 0409960 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
2012-05-18 20:06 - 2007-06-20 19:46 - 0266088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2012-05-18 20:06 - 2007-05-16 15:45 - 4496232 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
2012-05-18 20:06 - 2007-05-16 15:45 - 3497832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2012-05-18 20:06 - 2007-05-16 15:45 - 1401200 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
2012-05-18 20:06 - 2007-05-16 15:45 - 1124720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2012-05-18 20:06 - 2007-05-16 15:45 - 0506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
2012-05-18 20:06 - 2007-05-16 15:45 - 0443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2012-05-18 20:06 - 2007-04-04 17:55 - 0403304 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
2012-05-18 20:06 - 2007-04-04 17:55 - 0261480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2012-05-18 20:06 - 2007-04-04 17:54 - 0107368 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
2012-05-18 20:06 - 2007-04-04 17:53 - 0081768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2012-05-18 20:06 - 2007-03-15 15:57 - 0506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
2012-05-18 20:06 - 2007-03-15 15:57 - 0443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2012-05-18 20:06 - 2007-03-12 15:42 - 4494184 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
2012-05-18 20:06 - 2007-03-12 15:42 - 3495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2012-05-18 20:06 - 2007-03-12 15:42 - 1400176 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
2012-05-18 20:06 - 2007-03-12 15:42 - 1123696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2012-05-18 20:06 - 2007-03-05 11:42 - 0017688 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
2012-05-18 20:06 - 2007-03-05 11:42 - 0015128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2012-05-18 20:06 - 2007-01-24 14:27 - 0393576 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
2012-05-18 20:06 - 2007-01-24 14:27 - 0255848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2012-05-18 20:06 - 2006-12-08 11:02 - 0251672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2012-05-18 20:06 - 2006-12-08 11:00 - 0390424 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
2012-05-18 20:06 - 2006-11-29 12:06 - 4398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
2012-05-18 20:06 - 2006-11-29 12:06 - 3426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2012-05-18 20:06 - 2006-11-29 12:06 - 0469264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
2012-05-18 20:06 - 2006-11-29 12:06 - 0440080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2012-05-18 20:06 - 2006-09-28 15:05 - 3977496 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
2012-05-18 20:06 - 2006-09-28 15:05 - 2414360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2012-05-18 20:06 - 2006-09-28 15:05 - 0237848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2012-05-18 20:06 - 2006-09-28 15:04 - 0364824 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
2012-05-18 20:06 - 2006-07-28 08:31 - 0083736 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
2012-05-18 20:06 - 2006-07-28 08:30 - 0363288 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
2012-05-18 20:06 - 2006-07-28 08:30 - 0236824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2012-05-18 20:06 - 2006-07-28 08:30 - 0062744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2012-05-18 20:06 - 2006-05-31 06:24 - 0230168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2012-05-18 20:06 - 2006-05-31 06:22 - 0354072 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
2012-05-18 20:06 - 2006-03-31 11:41 - 3927248 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
2012-05-18 20:06 - 2006-03-31 11:40 - 0352464 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
2012-05-18 20:06 - 2006-03-31 11:39 - 0229584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2012-05-18 20:06 - 2006-03-31 11:39 - 0083664 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
2012-05-18 20:06 - 2006-03-31 11:39 - 0062672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2012-05-18 20:06 - 2006-02-03 07:43 - 3830992 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
2012-05-18 20:06 - 2006-02-03 07:43 - 2332368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2012-05-18 20:06 - 2006-02-03 07:42 - 0355536 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
2012-05-18 20:06 - 2006-02-03 07:42 - 0230096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2012-05-18 20:06 - 2006-02-03 07:41 - 0016592 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
2012-05-18 20:06 - 2006-02-03 07:41 - 0014032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2012-05-18 20:06 - 2005-12-05 17:09 - 3815120 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
2012-05-18 20:06 - 2005-12-05 17:09 - 2323664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2012-05-18 20:06 - 2005-07-22 18:59 - 3807440 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
2012-05-18 20:06 - 2005-07-22 18:59 - 2319568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2012-05-18 20:06 - 2005-05-26 14:34 - 3767504 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
2012-05-18 20:06 - 2005-05-26 14:34 - 2297552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2012-05-18 20:06 - 2005-03-18 16:19 - 3823312 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
2012-05-18 20:06 - 2005-03-18 16:19 - 2337488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2012-05-18 20:06 - 2005-02-05 18:45 - 3544272 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
2012-05-18 20:06 - 2005-02-05 18:45 - 2222800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2012-05-18 19:06 - 2012-05-18 19:06 - 0000000 ____D C:\Program Files (x86)\National Geographic Collector's Pack
2012-05-18 14:39 - 2012-05-18 14:39 - 0000000 __SHD C:\found.004
2012-05-18 07:47 - 2012-05-19 23:00 - 0001913 ____A C:\Users\Owner\Desktop\Document.rtf
2012-05-18 07:46 - 2012-05-18 07:46 - 0000271 ____A C:\Users\Owner\Desktop\Replying To Infected with TDSS for months---unable to fix! - BleepingComputer.com.url
2012-05-18 03:40 - 2012-05-18 03:41 - 0000000 ____D C:\Users\Public\Documents\RegRunInfo
2012-05-18 03:05 - 2012-05-18 03:05 - 1392549 ____A C:\Users\Owner\Downloads\Farber Recovery Scan Tool 64 Bit.exe
2012-05-18 03:03 - 2012-05-23 15:14 - 0000000 ____D C:\FRST
2012-05-17 15:36 - 2012-05-17 18:06 - 0006241 ____A C:\Users\Owner\Desktop\pat latest.rtf
2012-05-17 11:18 - 2012-05-17 11:18 - 0000000 __SHD C:\found.003
2012-05-16 13:10 - 2012-05-15 15:47 - 0001110 ____A C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
2012-05-16 13:09 - 2012-05-16 14:05 - 0015379 ____A C:\Users\Owner\Documents\psilog.txt
2012-05-15 19:40 - 2012-05-23 13:55 - 0249778 ____A C:\Windows\WindowsUpdate.log
2012-05-15 19:01 - 2012-05-15 19:01 - 0547347 ____A C:\Users\Owner\Desktop\B79_QSG_2011.pdf
2012-05-15 19:01 - 2012-05-15 19:01 - 0032876 ____A C:\Users\Owner\Desktop\De-scaling_instructions.pdf
2012-05-15 19:00 - 2012-05-15 19:00 - 2039984 ____A C:\Users\Owner\Desktop\B79_UCG_ENG_2011_NB_r2.pdf
2012-05-15 18:59 - 2012-05-15 18:59 - 2855328 ____A C:\Users\Owner\Desktop\B77_UseCareGuide17.pdf
2012-05-15 18:50 - 2012-05-15 18:50 - 0011390 ____A C:\Users\Owner\Desktop\Kissners.rtf
2012-05-15 18:29 - 2012-05-15 18:29 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-15 18:29 - 2012-05-15 18:29 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-15 17:21 - 2012-05-15 17:21 - 0048822 ____A C:\Users\Owner\Desktop\Attach.txt
2012-05-15 17:21 - 2012-05-15 17:21 - 0014932 ____A C:\Users\Owner\Desktop\DDS.txt
2012-05-15 17:16 - 2012-05-15 17:16 - 0000000 ____A C:\Users\Owner\defogger_reenable
2012-05-15 17:13 - 2012-05-23 13:51 - 0000250 ____A C:\Windows\SysWOW64\PARTIZAN.TXT
2012-05-15 17:04 - 2012-05-15 17:04 - 0214060 ____A C:\Users\Owner\Desktop\regrunlog.txt
2012-05-15 17:03 - 2012-05-15 17:03 - 0332288 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.new
2012-05-15 17:02 - 2012-05-15 17:03 - 0000228 ____A C:\Windows\System32\Partizan.RRI
2012-05-15 17:02 - 2012-05-15 17:02 - 0039184 ____A (Greatis Software) C:\Windows\System32\Partizan.exe
2012-05-15 16:58 - 2012-05-18 03:41 - 0000000 ____D C:\Users\All Users\RegRun
2012-05-15 16:58 - 2012-05-18 03:41 - 0000000 ____D C:\ProgramData\RegRun
2012-05-15 16:58 - 2012-05-15 17:04 - 0000000 ____D C:\Users\Owner\Documents\RegRun2
2012-05-15 16:58 - 2012-05-15 17:00 - 0000000 ____D C:\Program Files (x86)\UnHackMe
2012-05-15 16:58 - 2012-05-15 16:58 - 0039184 ____A (Greatis Software) C:\Windows\SysWOW64\Partizan.exe
2012-05-15 16:58 - 2012-05-15 16:58 - 0035816 ____A (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2012-05-15 16:58 - 2012-05-15 16:58 - 0000947 ____A C:\Users\Owner\Desktop\UnHackMe.lnk
2012-05-15 16:58 - 2012-05-15 16:58 - 0000418 ____A C:\Windows\Tasks\UnHackMe Task Scheduler.job
2012-05-15 16:58 - 2012-05-15 16:58 - 0000002 RASHOT C:\Windows\winstart.bat
2012-05-15 16:58 - 2012-05-15 16:58 - 0000002 RASHOT C:\Windows\SysWOW64\CONFIG.NT
2012-05-15 16:58 - 2012-05-15 16:58 - 0000002 RASHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2012-05-15 16:58 - 2012-05-04 12:17 - 0012800 ____A (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2012-05-15 16:56 - 2012-05-20 00:41 - 0000000 ____D C:\Users\All Users\Anti-phishing Domain Advisor
2012-05-15 16:56 - 2012-05-20 00:41 - 0000000 ____D C:\ProgramData\Anti-phishing Domain Advisor
2012-05-15 16:56 - 2012-05-15 19:34 - 0000000 ____D C:\Program Files (x86)\I Want This
2012-05-15 16:56 - 2012-05-15 19:34 - 0000000 ____D C:\Program Files (x86)\blekkotb_soc
2012-05-15 16:56 - 2012-05-15 16:56 - 0000000 ____D C:\Users\Owner\AppData\Local\I Want This
2012-05-15 16:56 - 2012-05-15 16:56 - 0000000 ____D C:\Users\Owner\AppData\Local\antiphishing-vmninternethelper1_1dn
2012-05-15 16:56 - 2012-05-15 16:56 - 0000000 ____D C:\Users\All Users\blekko toolbars
2012-05-15 16:56 - 2012-05-15 16:56 - 0000000 ____D C:\ProgramData\blekko toolbars
2012-05-15 16:45 - 2012-05-15 16:45 - 0007586 ____A C:\Users\Owner\Downloads\WinDefend.reg
2012-05-15 16:45 - 2012-05-15 16:45 - 0005256 ____A C:\Users\Owner\Downloads\wscsvc.reg
2012-05-15 16:39 - 2012-05-15 16:39 - 0176940 ____A C:\Users\Owner\Downloads\BFE.reg
2012-05-15 16:38 - 2012-05-15 16:38 - 0006396 ____A C:\Users\Owner\Downloads\MpsSvc.reg
2012-05-15 16:22 - 2012-05-15 16:22 - 0139264 ____A C:\Users\Owner\Downloads\SystemLook.exe
2012-05-15 15:57 - 2012-05-15 15:57 - 0000000 ____D C:\Windows\Sun
2012-05-15 15:44 - 2012-05-15 15:44 - 0000000 ____D C:\Users\Owner\AppData\Local\Secunia PSI
2012-05-15 15:44 - 2012-05-15 15:44 - 0000000 ____D C:\Program Files (x86)\Secunia
2012-05-15 00:24 - 2012-05-15 00:24 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-15 00:23 - 2012-05-15 00:23 - 6286448 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\Silverlight.exe
2012-05-15 00:05 - 2012-05-15 00:05 - 0000000 ____A C:\Windows\System32\getservice.txt
2012-05-15 00:04 - 2012-05-15 00:04 - 0000000 ____D C:\Users\Owner\Documents\getservices
2012-05-14 22:13 - 2012-05-14 22:14 - 0000000 ____D C:\Users\Owner\Downloads\HiHack This
2012-05-14 21:36 - 2012-05-15 17:03 - 0000000 ____D C:\Program Files (x86)\Cobian Backup 11
2012-05-14 21:32 - 2012-05-14 21:35 - 19585536 ____N (Luis Cobian, CobianSoft) C:\Users\Owner\Downloads\cbSetup.exe
2012-05-13 15:35 - 2012-05-13 15:39 - 0000000 ____D C:\Users\Owner\Documents\Ortho
2012-05-13 04:05 - 2012-05-13 04:05 - 0004096 ____A C:\Windows\d3dx.dat
2012-05-13 02:37 - 2012-05-13 02:37 - 0000000 ____D C:\Windows\Temporary Internet Files
2012-05-13 02:37 - 2012-05-13 02:37 - 0000000 ____D C:\Windows\History
2012-05-13 02:22 - 2012-05-13 02:22 - 0000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2012-05-13 02:22 - 2012-05-13 02:22 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2012-05-13 02:22 - 2012-05-13 02:22 - 0000000 ____D C:\Program Files\Reference Assemblies
2012-05-13 02:22 - 2012-05-13 02:22 - 0000000 ____D C:\Program Files\MSBuild
2012-05-13 02:22 - 2012-05-13 02:22 - 0000000 ____D C:\Program Files (x86)\Reference Assemblies
2012-05-13 02:22 - 2012-05-13 02:22 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-05-13 02:11 - 2012-05-13 02:11 - 0051387 ____N C:\Users\Owner\Downloads\NETFx4RTM.htm
2012-05-13 01:36 - 2012-05-13 01:36 - 0000000 ____D C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2012-05-13 01:35 - 2012-05-13 01:36 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-05-13 00:57 - 2012-05-13 00:57 - 0015399 ____N C:\Users\Owner\Documents\Document2.rtf
2012-05-13 00:56 - 2012-05-13 01:35 - 0001808 ____N C:\Users\Owner\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-05-13 00:56 - 2012-05-13 00:56 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-05-13 00:56 - 2012-05-13 00:56 - 0000000 ____D C:\Users\All Users\!SASCORE
2012-05-13 00:56 - 2012-05-13 00:56 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-05-13 00:56 - 2012-05-13 00:56 - 0000000 ____D C:\ProgramData\!SASCORE
2012-05-12 23:58 - 2012-05-12 23:58 - 0000357 ____N C:\Users\Owner\Downloads\Result.txt
2012-05-12 23:42 - 2012-05-12 23:42 - 0772552 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-05-12 23:42 - 2012-05-12 23:42 - 0227784 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-05-12 23:42 - 2012-05-12 23:42 - 0174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-12 23:42 - 2012-05-12 23:42 - 0174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-12 23:42 - 2012-05-12 23:42 - 0000000 ____D C:\Program Files (x86)\Java
2012-05-12 23:41 - 2012-05-12 23:41 - 0892360 ____N (Oracle Corporation) C:\Users\Owner\Downloads\JavaSetup7u4.exe
2012-05-12 20:53 - 2012-05-18 21:02 - 0002344 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-05-12 20:51 - 2012-05-12 20:51 - 3654896 ____N (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup318.exe
2012-05-12 20:31 - 2012-05-12 20:32 - 0000000 ____D C:\Users\Owner\Downloads\EZPCFax
2012-05-12 16:23 - 2012-05-17 18:22 - 0027467 ____A C:\Users\Owner\Desktop\Result.txt
2012-05-12 16:22 - 2012-05-12 16:22 - 0396041 ____N C:\Users\Owner\Downloads\MiniToolBox.exe
2012-05-12 16:07 - 2012-05-12 16:08 - 0000000 ____D C:\Users\Owner\Documents\Samsung Model A107 Phone
2012-05-12 13:51 - 2012-03-30 22:05 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-12 13:51 - 2012-03-30 20:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-12 13:51 - 2012-03-30 20:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-12 13:51 - 2012-03-30 19:10 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 13:51 - 2012-03-30 03:35 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-12 13:51 - 2012-03-16 23:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-12 13:51 - 2012-03-02 22:35 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-12 13:51 - 2012-03-02 21:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-10 22:32 - 2012-05-10 22:32 - 0000857 ____N C:\Users\Owner\.recently-used.xbel
2012-05-10 15:49 - 2012-05-10 16:21 - 0000000 ____D C:\Users\Owner\Documents\Networks
2012-05-10 15:48 - 2012-05-19 23:08 - 0000000 ____D C:\Users\Owner\Documents\Viruses
2012-05-10 15:48 - 2012-05-10 15:48 - 0001159 ____N C:\Users\Owner\Documents\How to Hack into Windows.txt
2012-05-10 14:43 - 2012-05-10 14:44 - 0000000 ____D C:\Users\Owner\AppData\Roaming\AVG
2012-05-10 14:42 - 2012-05-10 14:42 - 0001146 ____N C:\Users\Owner\Desktop\AVG PC Tuneup 2011.lnk
2012-05-10 14:19 - 2012-05-10 14:19 - 0662016 ____N C:\Users\Owner\Downloads\MicrosoftFixit50123_msi
2012-05-10 04:20 - 2012-05-10 04:20 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Princess Isabella
2012-05-10 00:20 - 2012-05-10 02:35 - 0002178 ____N C:\Users\Owner\Documents\Summary of IRA Activity.rtf
2012-05-09 20:26 - 2012-05-09 20:26 - 0258660 ____N C:\Users\Owner\Downloads\PdfDocument (5).pdf
2012-05-09 20:23 - 2012-05-09 20:23 - 1016170 ____A C:\Users\Owner\Downloads\PdfDocument (4).pdf
2012-05-09 20:21 - 2012-05-09 20:21 - 0063081 ____N C:\Users\Owner\Downloads\PdfDocument (3).pdf
2012-05-09 20:18 - 2012-05-09 20:18 - 0059602 ____N C:\Users\Owner\Downloads\PdfDocument (2).pdf
2012-05-09 20:16 - 2012-05-09 20:16 - 1195866 ____A C:\Users\Owner\Downloads\PdfDocument (1).pdf
2012-05-09 20:14 - 2012-05-13 02:29 - 0000000 ____D C:\Users\Owner\Documents\Prudential
2012-05-09 20:13 - 2012-05-09 20:13 - 0270847 ____N C:\Users\Owner\Downloads\PdfDocument.pdf
2012-05-07 02:34 - 2012-05-19 23:03 - 0000000 ___RD C:\Users\Owner\Desktop\Viruses
2012-05-03 12:05 - 2012-05-03 12:05 - 0000000 __SHD C:\found.002
2012-04-30 21:35 - 2012-04-30 21:35 - 0000000 __SHD C:\found.001
2012-04-30 20:56 - 2012-04-30 20:56 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-30 20:56 - 2012-04-04 14:56 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-30 20:23 - 2012-04-30 20:27 - 1832040 ____N (Microsoft Corporation) C:\Users\Owner\Downloads\NDP40-KB2656368-ia64.exe
2012-04-30 20:10 - 2012-04-30 20:10 - 0047180 ____N C:\Users\Owner\Documents\cc_20120430_211001.reg
2012-04-30 19:46 - 2012-04-30 19:46 - 0000000 __SHD C:\found.000
2012-04-30 15:31 - 2012-02-27 23:34 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-30 15:31 - 2012-02-27 23:02 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-30 15:31 - 2012-02-27 22:56 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-30 15:31 - 2012-02-27 22:50 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-30 15:31 - 2012-02-27 22:49 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-30 15:31 - 2012-02-27 22:48 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-30 15:31 - 2012-02-27 22:48 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-30 15:31 - 2012-02-27 22:47 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-30 15:31 - 2012-02-27 22:45 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-30 15:31 - 2012-02-27 22:43 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-30 15:31 - 2012-02-27 22:43 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-30 15:31 - 2012-02-27 22:42 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-30 15:31 - 2012-02-27 22:39 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-30 15:31 - 2012-02-27 17:52 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-30 15:31 - 2012-02-27 17:27 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-30 15:31 - 2012-02-27 17:18 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-30 15:31 - 2012-02-27 17:12 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-30 15:31 - 2012-02-27 17:11 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-30 15:31 - 2012-02-27 17:11 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-30 15:31 - 2012-02-27 17:09 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-30 15:31 - 2012-02-27 17:08 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-30 15:31 - 2012-02-27 17:06 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-30 15:31 - 2012-02-27 17:04 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-30 15:31 - 2012-02-27 17:03 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-30 15:31 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-30 15:31 - 2012-02-27 16:59 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-30 15:30 - 2012-02-29 22:46 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-30 15:30 - 2012-02-29 22:38 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-30 15:30 - 2012-02-29 22:33 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-30 15:30 - 2012-02-29 22:28 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-30 15:30 - 2012-02-29 21:37 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-30 15:30 - 2012-02-29 21:33 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-30 15:30 - 2012-02-29 21:29 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-30 15:14 - 2012-04-30 15:14 - 0031537 ____N C:\Users\Owner\Documents\USAA Auto Ins.rtf
2012-04-29 17:34 - 2012-04-29 17:34 - 0002967 ____N C:\Users\Owner\Documents\Weak network signal info.rtf
2012-04-28 21:02 - 2012-05-20 02:33 - 0000129 ____A C:\Users\Owner\AppData\Roaming\default.rss
2012-04-28 20:43 - 2012-04-29 10:31 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-04-28 20:43 - 2012-04-29 10:31 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-04-28 20:43 - 2012-04-29 10:31 - 0000000 ____D C:\Program Files\Spybot - Search & Destroy
2012-04-28 20:35 - 2012-04-29 10:31 - 0000000 ____D C:\Program Files (x86)\ARO 2012
2012-04-28 20:35 - 2012-04-28 20:35 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Sammsoft
2012-04-28 19:00 - 2012-04-29 10:31 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-04-25 13:11 - 2012-04-25 13:11 - 0000387 ____N C:\Users\Owner\Downloads\Pat Neptune.txt

============ 3 Months Modified Files and Folders =============

2012-05-23 15:14 - 2012-05-18 03:03 - 0000000 ____D C:\FRST
2012-05-23 13:55 - 2012-05-15 19:40 - 0249778 ____A C:\Windows\WindowsUpdate.log
2012-05-23 13:55 - 2012-03-19 02:06 - 0327680 ____A C:\Windows\System32\Ikeext.etl
2012-05-23 13:55 - 2009-07-13 20:45 - 0015824 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-23 13:55 - 2009-07-13 20:45 - 0015824 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-23 13:53 - 2012-02-25 00:52 - 0000000 ____D C:\Users\All Users\Kaspersky Lab
2012-05-23 13:53 - 2012-02-25 00:52 - 0000000 ____D C:\ProgramData\Kaspersky Lab
2012-05-23 13:51 - 2012-05-20 21:05 - 0000336 ____A C:\Windows\setupact.log
2012-05-23 13:51 - 2012-05-15 17:13 - 0000250 ____A C:\Windows\SysWOW64\PARTIZAN.TXT
2012-05-23 13:51 - 2010-10-04 15:53 - 2146836480 __ASH C:\hiberfil.sys
2012-05-23 13:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\tracing
2012-05-23 13:30 - 2012-05-23 13:30 - 0001469 ____A C:\Users\Alvegren\Desktop\Bleeping 5_23.rtf
2012-05-23 13:23 - 2012-05-20 18:22 - 0000000 ____D C:\Users\Alvegren\AppData\Local\antiphishing-vmninternethelper1_1dn
2012-05-23 13:22 - 2012-05-20 18:21 - 0000000 ____D C:\Users\Alvegren\AppData\LocalLow
2012-05-23 13:21 - 2012-05-23 13:21 - 0000000 ____D C:\Users\Alvegren\AppData\Roaming\Adobe
2012-05-23 13:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-05-23 12:58 - 2012-05-23 12:58 - 0062192 ____A C:\Users\Alvegren\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-23 12:10 - 2009-07-13 21:13 - 0225414 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-22 00:08 - 2011-07-25 00:18 - 0000000 ___RD C:\Users\Owner\Documents\Computer
2012-05-22 00:06 - 2012-04-04 02:01 - 0000000 ____D C:\Users\Owner\Documents\Recipes
2012-05-22 00:04 - 2011-07-25 00:17 - 0000000 ___RD C:\Users\Owner\Desktop\Home
2012-05-21 23:59 - 2012-05-21 23:59 - 0125897 ____A C:\Users\Owner\Desktop\Infected with TDSS for months---unable to fix! 2.rtf
2012-05-21 23:49 - 2012-05-21 23:42 - 0051294 ____A C:\Windows\ntbtlog.txt
2012-05-21 23:36 - 2012-05-21 23:35 - 0001102 ____A C:\Users\Owner\Desktop\Search.txt
2012-05-21 23:35 - 2012-05-21 23:34 - 0088074 ____A C:\Users\Owner\Desktop\FRST.txt
2012-05-21 21:47 - 2012-03-19 04:14 - 0000000 ___RD C:\Users\Owner\Desktop\Games
2012-05-21 21:35 - 2012-05-21 21:35 - 0062192 ____A C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-21 10:01 - 2012-05-21 10:01 - 0283912 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-21 10:01 - 2012-05-21 10:01 - 0000766 ____A C:\Windows\PFRO.log
2012-05-20 21:58 - 2012-05-20 21:56 - 0000000 ____D C:\Users\Owner\AppData\Roaming\GhostFleet
2012-05-20 21:57 - 2012-05-20 21:57 - 0000000 ____D C:\Users\All Users\GhostFleet
2012-05-20 21:57 - 2012-05-20 21:57 - 0000000 ____D C:\ProgramData\GhostFleet
2012-05-20 21:05 - 2012-05-20 21:05 - 0000000 ____A C:\Windows\setuperr.log
2012-05-20 20:58 - 2012-05-20 20:58 - 0002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-05-20 20:58 - 2011-04-13 23:33 - 0000000 ____D C:\Users\All Users\Adobe
2012-05-20 20:58 - 2011-04-13 23:33 - 0000000 ____D C:\ProgramData\Adobe
2012-05-20 20:21 - 2010-10-04 17:06 - 0000000 ____D C:\users\Owner
2012-05-20 19:50 - 2011-08-13 11:31 - 0000000 ____D C:\Program Files\CCleaner
2012-05-20 19:22 - 2012-05-20 18:24 - 0000000 ____D C:\Users\Alvegren\AppData\Local\Microsoft Games
2012-05-20 18:21 - 2012-05-20 18:21 - 0000174 ___SH C:\Users\Public\desktop.ini
2012-05-20 18:21 - 2012-05-20 18:21 - 0000174 ___SH C:\Users\Alvegren\Start Menu\Programs\Startup\desktop.ini
2012-05-20 18:21 - 2012-05-20 18:21 - 0000174 ___SH C:\Users\Alvegren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-05-20 18:21 - 2012-05-20 18:21 - 0000020 ___SH C:\Users\Alvegren\ntuser.ini
2012-05-20 18:21 - 2012-05-20 18:21 - 0000000 __SHD C:\Users\Alvegren\Templates
2012-05-20 18:21 - 2012-05-20 18:21 - 0000000 __SHD C:\Users\Alvegren\Start Menu
2012-05-20 18:21 - 2012-05-20 18:21 - 0000000 __SHD C:\Users\Alvegren\PrintHood
2012-05-20 18:21 - 2012-05-20 18:21 - 0000000 __SHD C:\Users\Alvegren\NetHood
2012-05-20 18:21 - 2012-05-20 18:21 - 0000000 __SHD C:\Users\Alvegren\My Documents
2012-05-20 18:21 - 2012-05-20 18:21 - 0000000 __SHD C:\Users\Alvegren\Documents\My Videos
2012-05-20 18:21 - 2012-05-20 18:21 - 0000000 __SHD C:\Users\Alvegren\Documents\My Pictures
2012-05-20 18:21 - 2012-05-20 18:21 - 0000000 __SHD C:\Users\Alvegren\Documents\My Music
2012-05-20 18:21 - 2012-05-20 18:21 - 0000000 __SHD C:\Users\Alvegren\AppData\Local\Temporary Internet Files
2012-05-20 18:21 - 2012-05-20 18:21 - 0000000 __SHD C:\Users\Alvegren\AppData\Local\History
2012-05-20 18:21 - 2012-05-20 18:21 - 0000000 ____D C:\Users\Alvegren\AppData\Local\VirtualStore
2012-05-20 18:21 - 2012-05-20 18:21 - 0000000 ____D C:\users\Alvegren
2012-05-20 18:21 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-05-20 04:25 - 2012-05-20 04:25 - 0084444 ____A C:\Users\Owner\Documents\FRST.txt
2012-05-20 02:48 - 2010-10-04 17:06 - 0000000 ____D C:\Users\Owner\AppData\LocalLow
2012-05-20 02:39 - 2012-04-09 02:14 - 0000000 ____D C:\0ec75eff179108d0f317240aef13a6
2012-05-20 02:38 - 2012-05-20 02:38 - 0000389 ____A C:\Users\Owner\Desktop\CD Drive - Shortcut.lnk
2012-05-20 02:33 - 2012-04-28 21:02 - 0000129 ____A C:\Users\Owner\AppData\Roaming\default.rss
2012-05-20 00:56 - 2012-05-20 00:56 - 0000248 ____A C:\Users\Owner\Desktop\TDSS Conversation.url
2012-05-20 00:41 - 2012-05-15 16:56 - 0000000 ____D C:\Users\All Users\Anti-phishing Domain Advisor
2012-05-20 00:41 - 2012-05-15 16:56 - 0000000 ____D C:\ProgramData\Anti-phishing Domain Advisor
2012-05-19 23:17 - 2012-05-19 23:17 - 0000515 ____A C:\Users\Owner\Desktop\Infected with TDSS for months---unable to fix!.url
2012-05-19 23:15 - 2012-05-19 23:15 - 1393595 ____A C:\Users\Owner\Downloads\FRST64.exe
2012-05-19 23:12 - 2012-05-19 23:12 - 0337639 ____A C:\Users\Owner\Downloads\FSS.exe
2012-05-19 23:08 - 2012-05-10 15:48 - 0000000 ____D C:\Users\Owner\Documents\Viruses
2012-05-19 23:03 - 2012-05-07 02:34 - 0000000 ___RD C:\Users\Owner\Desktop\Viruses
2012-05-19 23:02 - 2012-03-10 00:45 - 0000000 ____D C:\Users\Owner\Documents\Virtual
2012-05-19 23:00 - 2012-05-18 07:47 - 0001913 ____A C:\Users\Owner\Desktop\Document.rtf
2012-05-19 22:59 - 2012-05-19 22:59 - 0161162 ____A C:\Users\Owner\Documents\Florentine Crostini.rtf
2012-05-19 22:03 - 2012-05-19 22:03 - 0000822 ____A C:\Users\Owner\Documents\BHN Order--add 2nd converter.rtf
2012-05-19 20:44 - 2012-05-19 20:44 - 0055384 ____A C:\Users\Owner\Downloads\Find-and-install-printer-drivers at Microsoft.htm
2012-05-19 20:42 - 2012-05-19 20:42 - 3895848 ____A C:\Users\Owner\Downloads\HP Print & Scan Dr.exe
2012-05-19 20:41 - 2012-05-19 20:41 - 1283432 ____A C:\Users\Owner\Downloads\HP Printer D1520 dot4patch_reboot.exe
2012-05-19 19:45 - 2012-05-19 19:45 - 0000000 ____D C:\Users\Owner\AppData\Roaming\PlayFirst
2012-05-19 19:45 - 2012-05-19 19:45 - 0000000 ____D C:\Users\All Users\PlayFirst
2012-05-19 19:45 - 2012-05-19 19:45 - 0000000 ____D C:\ProgramData\PlayFirst
2012-05-19 19:45 - 2012-05-18 20:08 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Merscom
2012-05-19 19:45 - 2012-05-18 20:08 - 0000000 ____D C:\Users\All Users\Merscom
2012-05-19 19:45 - 2012-05-18 20:08 - 0000000 ____D C:\ProgramData\Merscom
2012-05-18 21:02 - 2012-05-12 20:53 - 0002344 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-05-18 19:06 - 2012-05-18 19:06 - 0000000 ____D C:\Program Files (x86)\National Geographic Collector's Pack
2012-05-18 19:06 - 2010-10-26 01:06 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-05-18 14:39 - 2012-05-18 14:39 - 0000000 __SHD C:\found.004
2012-05-18 07:46 - 2012-05-18 07:46 - 0000271 ____A C:\Users\Owner\Desktop\Replying To Infected with TDSS for months---unable to fix! - BleepingComputer.com.url
2012-05-18 03:41 - 2012-05-18 03:40 - 0000000 ____D C:\Users\Public\Documents\RegRunInfo
2012-05-18 03:41 - 2012-05-15 16:58 - 0000000 ____D C:\Users\All Users\RegRun
2012-05-18 03:41 - 2012-05-15 16:58 - 0000000 ____D C:\ProgramData\RegRun
2012-05-18 03:05 - 2012-05-18 03:05 - 1392549 ____A C:\Users\Owner\Downloads\Farber Recovery Scan Tool 64 Bit.exe
2012-05-17 18:22 - 2012-05-12 16:23 - 0027467 ____A C:\Users\Owner\Desktop\Result.txt
2012-05-17 18:06 - 2012-05-17 15:36 - 0006241 ____A C:\Users\Owner\Desktop\pat latest.rtf
2012-05-17 16:17 - 2011-04-13 23:36 - 0000000 ____D C:\Windows\SysWOW64\Adobe
2012-05-17 16:17 - 2010-10-07 13:20 - 0000000 ____D C:\Users\Owner\AppData\Local\Google
2012-05-17 16:17 - 2010-10-07 13:19 - 0000000 ____D C:\Program Files (x86)\Google
2012-05-17 16:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2012-05-17 16:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-05-17 16:14 - 2010-10-15 02:27 - 0000000 ____D C:\inetpub
2012-05-17 15:23 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-05-17 11:18 - 2012-05-17 11:18 - 0000000 __SHD C:\found.003
2012-05-16 14:30 - 2009-07-13 23:44 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-05-16 14:05 - 2012-05-16 13:09 - 0015379 ____A C:\Users\Owner\Documents\psilog.txt
2012-05-15 19:34 - 2012-05-15 16:56 - 0000000 ____D C:\Program Files (x86)\I Want This
2012-05-15 19:34 - 2012-05-15 16:56 - 0000000 ____D C:\Program Files (x86)\blekkotb_soc
2012-05-15 19:01 - 2012-05-15 19:01 - 0547347 ____A C:\Users\Owner\Desktop\B79_QSG_2011.pdf
2012-05-15 19:01 - 2012-05-15 19:01 - 0032876 ____A C:\Users\Owner\Desktop\De-scaling_instructions.pdf
2012-05-15 19:00 - 2012-05-15 19:00 - 2039984 ____A C:\Users\Owner\Desktop\B79_UCG_ENG_2011_NB_r2.pdf
2012-05-15 18:59 - 2012-05-15 18:59 - 2855328 ____A C:\Users\Owner\Desktop\B77_UseCareGuide17.pdf
2012-05-15 18:50 - 2012-05-15 18:50 - 0011390 ____A C:\Users\Owner\Desktop\Kissners.rtf
2012-05-15 18:29 - 2012-05-15 18:29 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-15 18:29 - 2012-05-15 18:29 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-15 18:29 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-05-15 17:21 - 2012-05-15 17:21 - 0048822 ____A C:\Users\Owner\Desktop\Attach.txt
2012-05-15 17:21 - 2012-05-15 17:21 - 0014932 ____A C:\Users\Owner\Desktop\DDS.txt
2012-05-15 17:16 - 2012-05-15 17:16 - 0000000 ____A C:\Users\Owner\defogger_reenable
2012-05-15 17:04 - 2012-05-15 17:04 - 0214060 ____A C:\Users\Owner\Desktop\regrunlog.txt
2012-05-15 17:04 - 2012-05-15 16:58 - 0000000 ____D C:\Users\Owner\Documents\RegRun2
2012-05-15 17:03 - 2012-05-15 17:03 - 0332288 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.new
2012-05-15 17:03 - 2012-05-15 17:02 - 0000228 ____A C:\Windows\System32\Partizan.RRI
2012-05-15 17:03 - 2012-05-14 21:36 - 0000000 ____D C:\Program Files (x86)\Cobian Backup 11
2012-05-15 17:02 - 2012-05-15 17:02 - 0039184 ____A (Greatis Software) C:\Windows\System32\Partizan.exe
2012-05-15 17:00 - 2012-05-15 16:58 - 0000000 ____D C:\Program Files (x86)\UnHackMe
2012-05-15 16:58 - 2012-05-15 16:58 - 0039184 ____A (Greatis Software) C:\Windows\SysWOW64\Partizan.exe
2012-05-15 16:58 - 2012-05-15 16:58 - 0035816 ____A (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2012-05-15 16:58 - 2012-05-15 16:58 - 0000947 ____A C:\Users\Owner\Desktop\UnHackMe.lnk
2012-05-15 16:58 - 2012-05-15 16:58 - 0000418 ____A C:\Windows\Tasks\UnHackMe Task Scheduler.job
2012-05-15 16:58 - 2012-05-15 16:58 - 0000002 RASHOT C:\Windows\winstart.bat
2012-05-15 16:58 - 2012-05-15 16:58 - 0000002 RASHOT C:\Windows\SysWOW64\CONFIG.NT
2012-05-15 16:58 - 2012-05-15 16:58 - 0000002 RASHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2012-05-15 16:56 - 2012-05-15 16:56 - 0000000 ____D C:\Users\Owner\AppData\Local\I Want This
2012-05-15 16:56 - 2012-05-15 16:56 - 0000000 ____D C:\Users\Owner\AppData\Local\antiphishing-vmninternethelper1_1dn
2012-05-15 16:56 - 2012-05-15 16:56 - 0000000 ____D C:\Users\All Users\blekko toolbars
2012-05-15 16:56 - 2012-05-15 16:56 - 0000000 ____D C:\ProgramData\blekko toolbars
2012-05-15 16:45 - 2012-05-15 16:45 - 0007586 ____A C:\Users\Owner\Downloads\WinDefend.reg
2012-05-15 16:45 - 2012-05-15 16:45 - 0005256 ____A C:\Users\Owner\Downloads\wscsvc.reg
2012-05-15 16:39 - 2012-05-15 16:39 - 0176940 ____A C:\Users\Owner\Downloads\BFE.reg
2012-05-15 16:38 - 2012-05-15 16:38 - 0006396 ____A C:\Users\Owner\Downloads\MpsSvc.reg
2012-05-15 16:22 - 2012-05-15 16:22 - 0139264 ____A C:\Users\Owner\Downloads\SystemLook.exe
2012-05-15 16:08 - 2011-05-29 01:20 - 0000000 ____D C:\Windows\SysWOW64\RTCOM
2012-05-15 15:57 - 2012-05-15 15:57 - 0000000 ____D C:\Windows\Sun
2012-05-15 15:47 - 2012-05-16 13:10 - 0001110 ____A C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
2012-05-15 15:44 - 2012-05-15 15:44 - 0000000 ____D C:\Users\Owner\AppData\Local\Secunia PSI
2012-05-15 15:44 - 2012-05-15 15:44 - 0000000 ____D C:\Program Files (x86)\Secunia
2012-05-15 14:01 - 2009-07-13 21:08 - 0032574 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-15 00:24 - 2012-05-15 00:24 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-15 00:24 - 2010-10-04 17:06 - 0000000 ____D C:\Users\Owner\AppData\Local\VirtualStore
2012-05-15 00:23 - 2012-05-15 00:23 - 6286448 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\Silverlight.exe
2012-05-15 00:05 - 2012-05-15 00:05 - 0000000 ____A C:\Windows\System32\getservice.txt
2012-05-15 00:04 - 2012-05-15 00:04 - 0000000 ____D C:\Users\Owner\Documents\getservices
2012-05-14 22:14 - 2012-05-14 22:13 - 0000000 ____D C:\Users\Owner\Downloads\HiHack This
2012-05-14 21:35 - 2012-05-14 21:32 - 19585536 ____N (Luis Cobian, CobianSoft) C:\Users\Owner\Downloads\cbSetup.exe
2012-05-13 15:39 - 2012-05-13 15:35 - 0000000 ____D C:\Users\Owner\Documents\Ortho
2012-05-13 13:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-05-13 04:05 - 2012-05-13 04:05 - 0004096 ____A C:\Windows\d3dx.dat
2012-05-13 04:05 - 2012-02-19 06:59 - 0000000 ____D C:\Program Files (x86)\Gogii 4-Pack
2012-05-13 02:57 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-05-13 02:37 - 2012-05-13 02:37 - 0000000 ____D C:\Windows\Temporary Internet Files
2012-05-13 02:37 - 2012-05-13 02:37 - 0000000 ____D C:\Windows\History
2012-05-13 02:34 - 2011-08-14 10:38 - 0000000 ____D C:\Users\Owner\Documents\Windows 7
2012-05-13 02:29 - 2012-05-09 20:14 - 0000000 ____D C:\Users\Owner\Documents\Prudential
2012-05-13 02:28 - 2011-04-17 00:10 - 0000000 ____D C:\Users\Owner\Documents\HOA
2012-05-13 02:22 - 2012-05-20 18:21 - 0000000 ____D C:\Users\Alvegren\AppData\Roaming\Media Center Programs
2012-05-13 02:22 - 2012-05-13 02:22 - 0000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2012-05-13 02:22 - 2012-05-13 02:22 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2012-05-13 02:22 - 2012-05-13 02:22 - 0000000 ____D C:\Program Files\Reference Assemblies
2012-05-13 02:22 - 2012-05-13 02:22 - 0000000 ____D C:\Program Files\MSBuild
2012-05-13 02:22 - 2012-05-13 02:22 - 0000000 ____D C:\Program Files (x86)\Reference Assemblies
2012-05-13 02:22 - 2012-05-13 02:22 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-05-13 02:22 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-05-13 02:22 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Microsoft Games
2012-05-13 02:22 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-05-13 02:22 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\inetsrv
2012-05-13 02:22 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spool
2012-05-13 02:22 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\inetsrv
2012-05-13 02:22 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-05-13 02:11 - 2012-05-13 02:11 - 0051387 ____N C:\Users\Owner\Downloads\NETFx4RTM.htm
2012-05-13 01:36 - 2012-05-13 01:36 - 0000000 ____D C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2012-05-13 01:36 - 2012-05-13 01:35 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-05-13 01:35 - 2012-05-13 00:56 - 0001808 ____N C:\Users\Owner\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-05-13 00:57 - 2012-05-13 00:57 - 0015399 ____N C:\Users\Owner\Documents\Document2.rtf
2012-05-13 00:56 - 2012-05-13 00:56 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-05-13 00:56 - 2012-05-13 00:56 - 0000000 ____D C:\Users\All Users\!SASCORE
2012-05-13 00:56 - 2012-05-13 00:56 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-05-13 00:56 - 2012-05-13 00:56 - 0000000 ____D C:\ProgramData\!SASCORE
2012-05-13 00:11 - 2012-02-07 11:57 - 0000000 ____D C:\Users\Owner\Downloads\Rootkit
2012-05-12 23:58 - 2012-05-12 23:58 - 0000357 ____N C:\Users\Owner\Downloads\Result.txt
2012-05-12 23:42 - 2012-05-12 23:42 - 0772552 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-05-12 23:42 - 2012-05-12 23:42 - 0227784 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-05-12 23:42 - 2012-05-12 23:42 - 0174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-12 23:42 - 2012-05-12 23:42 - 0174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-12 23:42 - 2012-05-12 23:42 - 0000000 ____D C:\Program Files (x86)\Java
2012-05-12 23:42 - 2011-04-01 06:04 - 0687560 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-05-12 23:41 - 2012-05-12 23:41 - 0892360 ____N (Oracle Corporation) C:\Users\Owner\Downloads\JavaSetup7u4.exe
2012-05-12 21:13 - 2012-02-15 22:42 - 0000000 ____D C:\Windows\pss
2012-05-12 20:53 - 2011-10-07 04:29 - 0000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-05-12 20:51 - 2012-05-12 20:51 - 3654896 ____N (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup318.exe
2012-05-12 20:32 - 2012-05-12 20:31 - 0000000 ____D C:\Users\Owner\Downloads\EZPCFax
2012-05-12 16:22 - 2012-05-12 16:22 - 0396041 ____N C:\Users\Owner\Downloads\MiniToolBox.exe
2012-05-12 16:08 - 2012-05-12 16:07 - 0000000 ____D C:\Users\Owner\Documents\Samsung Model A107 Phone
2012-05-12 13:54 - 2010-10-15 02:19 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-10 23:27 - 2012-01-08 03:31 - 0000000 ____D C:\Users\All Users\MFAData
2012-05-10 23:27 - 2012-01-08 03:31 - 0000000 ____D C:\ProgramData\MFAData
2012-05-10 23:01 - 2010-10-07 13:19 - 0000000 ____D C:\Users\All Users\Google
2012-05-10 23:01 - 2010-10-07 13:19 - 0000000 ____D C:\ProgramData\Google
2012-05-10 22:36 - 2011-11-01 14:44 - 0000000 ____D C:\Users\Owner\.gimp-2.6
2012-05-10 22:32 - 2012-05-10 22:32 - 0000857 ____N C:\Users\Owner\.recently-used.xbel
2012-05-10 16:22 - 2012-03-10 07:36 - 0000000 ____D C:\Users\Owner\Documents\Spybot
2012-05-10 16:21 - 2012-05-10 15:49 - 0000000 ____D C:\Users\Owner\Documents\Networks
2012-05-10 16:21 - 2012-02-27 20:23 - 0000000 ____D C:\Users\Owner\Documents\HP 1520 Printer
2012-05-10 16:18 - 2012-02-07 12:27 - 0000000 ____D C:\Users\Owner\Documents\AVG
2012-05-10 15:48 - 2012-05-10 15:48 - 0001159 ____N C:\Users\Owner\Documents\How to Hack into Windows.txt
2012-05-10 15:42 - 2011-05-16 12:15 - 0014451 _____ C:\Users\Owner\Documents\Mildew Prevention and Removal.txt
2012-05-10 15:09 - 2011-10-03 01:40 - 0000000 ____D C:\Users\Owner\Downloads\Windows 7 Upgrade Advisor
2012-05-10 15:07 - 2011-04-06 14:57 - 0000000 ____D C:\Users\Owner\Downloads\Keyfinder
2012-05-10 15:06 - 2011-04-06 15:01 - 0000000 ____D C:\Users\Owner\Downloads\File Viewers
2012-05-10 15:05 - 2011-08-13 11:27 - 0000000 ____D C:\Users\Owner\Downloads\CCleaner
2012-05-10 15:05 - 2011-07-22 02:44 - 0000000 ____D C:\Users\Owner\Downloads\GE
2012-05-10 14:44 - 2012-05-10 14:43 - 0000000 ____D C:\Users\Owner\AppData\Roaming\AVG
2012-05-10 14:42 - 2012-05-10 14:42 - 0001146 ____N C:\Users\Owner\Desktop\AVG PC Tuneup 2011.lnk
2012-05-10 14:42 - 2012-01-08 03:38 - 0000000 ____D C:\Program Files (x86)\AVG
2012-05-10 14:19 - 2012-05-10 14:19 - 0662016 ____N C:\Users\Owner\Downloads\MicrosoftFixit50123_msi
2012-05-10 04:20 - 2012-05-10 04:20 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Princess Isabella
2012-05-10 03:48 - 2011-07-25 00:21 - 0000000 ___RD C:\Users\Owner\Desktop\Research
2012-05-10 02:35 - 2012-05-10 00:20 - 0002178 ____N C:\Users\Owner\Documents\Summary of IRA Activity.rtf
2012-05-10 00:17 - 2012-04-09 00:13 - 0000000 ____D C:\Users\Owner\Desktop\2011 Taxes & Forms
2012-05-09 20:26 - 2012-05-09 20:26 - 0258660 ____N C:\Users\Owner\Downloads\PdfDocument (5).pdf
2012-05-09 20:23 - 2012-05-09 20:23 - 1016170 ____A C:\Users\Owner\Downloads\PdfDocument (4).pdf
2012-05-09 20:21 - 2012-05-09 20:21 - 0063081 ____N C:\Users\Owner\Downloads\PdfDocument (3).pdf
2012-05-09 20:18 - 2012-05-09 20:18 - 0059602 ____N C:\Users\Owner\Downloads\PdfDocument (2).pdf
2012-05-09 20:16 - 2012-05-09 20:16 - 1195866 ____A C:\Users\Owner\Downloads\PdfDocument (1).pdf
2012-05-09 20:13 - 2012-05-09 20:13 - 0270847 ____N C:\Users\Owner\Downloads\PdfDocument.pdf
2012-05-08 17:47 - 2011-04-06 15:06 - 0000000 ____D C:\Users\Owner\Documents\Security
2012-05-06 21:17 - 2011-05-10 22:16 - 0000000 ____D C:\Users\Owner\Downloads\Malwarebytes
2012-05-06 21:14 - 2011-04-01 05:59 - 0000000 ____D C:\Users\Owner\Downloads\Microsoft Security Essentials
2012-05-04 13:06 - 2012-01-11 06:26 - 0000000 ___RD C:\Users\Owner\Desktop\Art
2012-05-04 12:17 - 2012-05-15 16:58 - 0012800 ____A (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2012-05-03 12:05 - 2012-05-03 12:05 - 0000000 __SHD C:\found.002
2012-04-30 21:35 - 2012-04-30 21:35 - 0000000 __SHD C:\found.001
2012-04-30 20:56 - 2012-04-30 20:56 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-30 20:56 - 2011-04-11 03:57 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-30 20:48 - 2011-08-01 20:04 - 0002150 ____A C:\Windows\epplauncher.mif
2012-04-30 20:27 - 2012-04-30 20:23 - 1832040 ____N (Microsoft Corporation) C:\Users\Owner\Downloads\NDP40-KB2656368-ia64.exe
2012-04-30 20:10 - 2012-04-30 20:10 - 0047180 ____N C:\Users\Owner\Documents\cc_20120430_211001.reg
2012-04-30 19:46 - 2012-04-30 19:46 - 0000000 __SHD C:\found.000
2012-04-30 18:50 - 2011-05-10 22:20 - 0000000 ____D C:\Users\Owner\AppData\System
2012-04-30 15:58 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2012-04-30 15:14 - 2012-04-30 15:14 - 0031537 ____N C:\Users\Owner\Documents\USAA Auto Ins.rtf
2012-04-30 14:34 - 2012-01-08 03:39 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2012-04-29 17:34 - 2012-04-29 17:34 - 0002967 ____N C:\Users\Owner\Documents\Weak network signal info.rtf
2012-04-29 14:00 - 2011-10-03 04:09 - 0000000 ____D C:\Users\Owner\AppData\Local\PC Drivers Headquarters
2012-04-29 10:31 - 2012-04-28 20:43 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-04-29 10:31 - 2012-04-28 20:43 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-04-29 10:31 - 2012-04-28 20:43 - 0000000 ____D C:\Program Files\Spybot - Search & Destroy
2012-04-29 10:31 - 2012-04-28 20:35 - 0000000 ____D C:\Program Files (x86)\ARO 2012
2012-04-29 10:31 - 2012-04-28 19:00 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-04-29 10:31 - 2011-11-14 15:51 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Leadertech
2012-04-29 10:31 - 2010-10-11 10:38 - 0000000 ____D C:\Users\All Users\Real
2012-04-29 10:31 - 2010-10-11 10:38 - 0000000 ____D C:\ProgramData\Real
2012-04-28 23:14 - 2011-08-21 09:21 - 0000000 ____D C:\Users\Owner\AppData\Roaming\ATNSOFT
2012-04-28 21:10 - 2010-10-07 20:14 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Google
2012-04-28 20:35 - 2012-04-28 20:35 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Sammsoft
2012-04-25 18:33 - 2011-05-10 22:17 - 0000000 ____D C:\Users\Owner\Downloads\Taxes
2012-04-25 13:11 - 2012-04-25 13:11 - 0000387 ____N C:\Users\Owner\Downloads\Pat Neptune.txt
2012-04-16 08:30 - 2012-04-16 04:57 - 0005098 ____N C:\Users\Owner\Documents\Medicare Supplement Plans Chart.rtf
2012-04-16 07:05 - 2012-04-17 20:15 - 0200310 ____N C:\Users\Owner\Documents\Medicare Supplement Plans.rtf
2012-04-16 04:13 - 2012-04-16 04:13 - 0065536 __ASH C:\Windows\System32\config\components{7ac207f0-64f9-11e1-844f-0026182aa606}.TxR.blf
2012-04-11 07:27 - 2009-07-13 20:45 - 0018432 _____ C:\Windows\System32\umstartup.etl
2012-04-09 18:48 - 2012-04-17 20:14 - 64530433 ____N C:\Users\Owner\Documents\UHC Med claims 1.rtf
2012-04-04 14:56 - 2012-04-30 20:56 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-31 08:42 - 2011-08-21 09:21 - 0000000 ____D C:\Program Files (x86)\ATNSOFT Key Remapper
2012-03-31 08:42 - 2011-06-23 10:35 - 0000000 ____D C:\Program Files (x86)\JRE
2012-03-31 08:42 - 2011-05-10 15:53 - 0000000 ____D C:\Program Files (x86)\bfgclient
2012-03-31 08:40 - 2011-04-06 15:04 - 0000000 ____D C:\Program Files (x86)\Magical Jelly Bean
2012-03-31 08:40 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\addins
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-TW
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-HK
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-CN
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\uk-UA
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\tr-TR
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\th-TH
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sv-SE
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sl-SI
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sk-SK
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ru-RU
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ro-RO
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ras
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pt-PT
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pt-BR
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pl-PL
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\nl-NL
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\nb-NO
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\lv-LV
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\lt-LT
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ko-KR
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ja-JP
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\it-IT
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\icsxml
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\hu-HU
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\hr-HR
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\he-IL
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\fr-FR
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\fi-FI
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\et-EE
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\el-GR
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\de-DE
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\bg-BG
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ar-SA
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-03-31 08:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2012-03-30 22:05 - 2012-05-12 13:51 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-12 13:51 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-12 13:51 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-12 13:51 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-12 13:51 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-30 02:39 - 2012-03-30 02:39 - 0000328 ____A C:\Users\Owner\Desktop\Front USB Port (E).lnk
2012-03-24 23:08 - 2009-07-13 20:45 - 0064512 ____A C:\Windows\System32\umstartup000.etl
2012-03-24 20:51 - 2012-02-27 00:04 - 0023732 _____ C:\Users\Owner\Documents\HDDEraseReadMe.txt
2012-03-24 20:49 - 2011-08-05 08:05 - 0003053 ____N C:\Users\Owner\Documents\220V.odt
2012-03-24 20:32 - 2011-04-14 17:25 - 0000000 ____D C:\0080fdd2747b0af84a
2012-03-23 02:11 - 2012-03-23 02:10 - 0000000 ____D C:\Users\All Users\The Mirror Mysteries
2012-03-23 02:11 - 2012-03-23 02:10 - 0000000 ____D C:\ProgramData\The Mirror Mysteries
2012-03-23 01:23 - 2012-03-23 01:23 - 0000000 ____D C:\Users\Owner\AppData\Roaming\EscapeTheMuseum2
2012-03-18 12:58 - 2011-04-14 16:22 - 0000000 ____D C:\Users\Owner\Downloads\.Gimp-2.6
2012-03-18 12:49 - 2011-07-19 17:16 - 0000000 ____D C:\Users\Owner\Documents\Remote Assistance Logs
2012-03-18 09:45 - 2012-03-18 09:45 - 0825891 ____N C:\Windows\MEMORY.DMP
2012-03-18 08:20 - 2012-02-20 23:52 - 0000238 ____A C:\Users\All Users\ayg_saver.log
2012-03-18 08:20 - 2012-02-20 23:52 - 0000238 ____A C:\ProgramData\ayg_saver.log
2012-03-16 23:58 - 2012-05-12 13:51 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-10 02:13 - 2012-03-10 02:13 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Cat's Eye Games
2012-03-10 00:17 - 2012-03-10 00:17 - 0525544 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-03-10 00:16 - 2012-03-10 00:15 - 0000000 ____D C:\Users\Owner\Downloads\Java
2012-03-09 14:27 - 2011-05-10 15:52 - 0000000 ____D C:\BigFishGamesCache
2012-03-09 13:28 - 2012-03-09 13:28 - 0000000 ____D C:\Users\Owner\AppData\Roaming\MumboJumbo
2012-03-09 11:34 - 2011-04-01 06:05 - 0006104 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-03-09 11:33 - 2012-02-25 00:53 - 0152233 ____A C:\Windows\System32\Drivers\klin.dat
2012-03-09 11:33 - 2012-02-25 00:53 - 0107177 ____A C:\Windows\System32\Drivers\klick.dat
2012-03-09 09:18 - 2012-03-09 09:18 - 0116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\65470837.sys
2012-03-06 08:34 - 2012-03-06 08:34 - 51054352 ____A (PC Cleaners Inc.) C:\Program Files\PCCleaners.exe
2012-03-06 08:34 - 2012-03-06 08:34 - 0000000 ____D C:\Users\Owner\AppData\Roaming\PCPro
2012-03-06 08:34 - 2012-03-06 08:34 - 0000000 ____D C:\Users\Owner\AppData\Roaming\PC Cleaners
2012-03-06 08:34 - 2012-03-06 08:34 - 0000000 ____D C:\Users\All Users\PC1Data
2012-03-06 08:34 - 2012-03-06 08:34 - 0000000 ____D C:\ProgramData\PC1Data
2012-03-06 08:34 - 2012-03-06 08:34 - 0000000 ____D C:\Program Files\Bases
2012-03-06 08:33 - 2012-03-06 08:34 - 5276432 ____A (PC Cleaners) C:\Windows\uninst.exe
2012-03-06 01:12 - 2010-10-04 17:06 - 0000356 ___SH C:\Users\Owner\Start Menu\Programs\Startup\desktop.ini
2012-03-06 01:12 - 2010-10-04 17:06 - 0000356 ___SH C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-03-02 22:35 - 2012-05-12 13:51 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-02 22:19 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-03-02 22:19 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\GroupPolicy
2012-03-02 22:18 - 2012-02-13 22:02 - 0000000 ____D C:\Windows\Windows Defender Offline
2012-03-02 22:18 - 2010-10-07 13:19 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-03-02 22:17 - 2011-10-24 17:07 - 0000000 ____D C:\Windows\System32\Macromed
2012-03-02 22:15 - 2012-02-19 05:06 - 0000000 ____D C:\Program Files (x86)\On Hand Software
2012-03-02 22:15 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-03-02 22:14 - 2012-02-25 00:52 - 0000000 ____D C:\Program Files (x86)\Kaspersky Lab
2012-03-02 21:51 - 2011-04-11 03:58 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-02 21:51 - 2011-04-11 03:58 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-02 21:31 - 2012-05-12 13:51 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-01 23:06 - 2012-03-01 23:06 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Vast Studios
2012-02-29 22:46 - 2012-04-30 15:30 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:38 - 2012-04-30 15:30 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:33 - 2012-04-30 15:30 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:28 - 2012-04-30 15:30 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:37 - 2012-04-30 15:30 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:33 - 2012-04-30 15:30 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:29 - 2012-04-30 15:30 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-27 23:34 - 2012-04-30 15:31 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-04-30 15:31 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-04-30 15:31 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-04-30 15:31 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-04-30 15:31 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-04-30 15:31 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-04-30 15:31 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-04-30 15:31 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-04-30 15:31 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-04-30 15:31 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-04-30 15:31 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-04-30 15:31 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-04-30 15:31 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 21:06 - 2011-12-28 10:39 - 7920740 ____N C:\Users\Owner\Documents\USB
2012-02-27 17:52 - 2012-04-30 15:31 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-04-30 15:31 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-04-30 15:31 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-04-30 15:31 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-04-30 15:31 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-04-30 15:31 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-04-30 15:31 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-04-30 15:31 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-04-30 15:31 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-04-30 15:31 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-04-30 15:31 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-04-30 15:31 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-04-30 15:31 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-27 07:36 - 2012-02-27 07:36 - 0000000 ____D C:\Users\Owner\Downloads\WD
2012-02-26 20:56 - 2012-02-26 20:56 - 0002975 ____N C:\Users\Owner\Desktop\HiJackThis.lnk
2012-02-25 00:54 - 2012-02-25 00:54 - 0017408 _____ C:\Users\Owner\AppData\Local\WebpageIcons.db

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2009-07-13 15:31] - [2009-07-13 17:39] - 0027136 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\svchost.exe IS INFECTED. <===== ATTENTION!

C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8191.18 MB
Available physical RAM: 7293.6 MB
Total Pagefile: 8189.33 MB
Available Pagefile: 7270.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:698.54 GB) (Free:517.83 GB) NTFS
7 Drive j: (Lexar) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 3824 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 698 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 698 GB Healthy

======================================================================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 24 KB

======================================================================================================

Disk: 5
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J Lexar FAT32 Removable 3823 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-21 10:31

======================= End Of Log ==========================

Edited by pminga, 23 May 2012 - 06:26 PM.


#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:26 PM

Posted 23 May 2012 - 07:06 PM

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
Last Boot: 2012-05-21 10:31
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

NEXT

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 pminga

pminga
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 27 May 2012 - 02:54 AM

Hi again, Cat,

The first part of your instructions went fine, except that the normal reboot still went to black after the Windows logo displayed and never went any further. The most recent FRST.txt file and Fixlog file are attached.


I've downloaded ComboFix, but before running it I want to make sure that it's OK to run it on a 64 bit system now? Just checking, please confirm.

I also want to remind you that I don't have a working anti-virus or anti-malware program--I've downloaded many of them, but while they appear to run, none of them ever finds anything more serious than a single tracking cookie, and after running one time they never find anything after that. The Kaspersky anti-virus program has been taken over by the virus and despite my best efforts I haven't been able to remove or disable it--the error message usually says something like "access is forbidden", "your profile doesn't permit access to this file", etc.

Thanks again for your assistance--I have faith that one day soon a miracle will happen and one of my PCs will be rootkit-, virus- and malware-free!

pminga

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:26 PM

Posted 27 May 2012 - 05:26 AM

yes, ComboFix can be run on 64bit machines,

please run unhide.exe first though


Please download Unhide.exe to your desktop:
  • Double-click on the Unhide.exe icon on your desktop and allow the program to run.
  • This program will remove the hidden attributes from all the files on your system.
  • Note: If you had purposely hidden any files, then you will need to hide them again after this tool has run.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 pminga

pminga
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 30 May 2012 - 07:28 PM

Cat--

When I try to run unhide.exe I get a message which says "Sussystem needed to support the image type is not present". What am I doing wrong?

Thanks,

pat




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users