Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/ATRAPS.Gen2 Infection


  • This topic is locked This topic is locked
18 replies to this topic

#1 daledon

daledon

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 13 October 2012 - 08:59 PM

Avira keeps popping up with security alert stating TR\ATRAPS.Gen2 was found and access to file was denied.
I have updated Avira and MalwareBytes and scaneed in safe mode then ran TDSSKiller with no success in removing the virus.

Attached below are frsults from Avira scan, Malwarebytes scan and DDS Log. The GMER scan came up empty.

I would appreciate any help that could be provided in removing the infection

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:21 AM

Posted 13 October 2012 - 09:36 PM

Hello daledon,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


Do you have a USB Flash Drive you can use?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 daledon

daledon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 14 October 2012 - 05:30 AM

fireman4it,

I appreciate you taking the time to assist.

Yes I have a USB flashdrive

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:21 AM

Posted 14 October 2012 - 05:18 PM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list][/quote]

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 daledon

daledon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 14 October 2012 - 07:28 PM

\dds.com
2012-10-13 18:44 - 2012-10-13 18:44 - 00706431 ____A (Swearware) C:\Users\Owner\Downloads\dds.com
2012-10-13 18:40 - 2012-10-13 18:40 - 00050477 ____A C:\Users\Owner\Downloads\Defogger.exe
2012-10-13 18:40 - 2012-10-13 18:40 - 00000472 ____A C:\Users\Owner\Desktop\defogger_disable.log
2012-10-13 18:40 - 2012-10-13 18:40 - 00000000 ____A C:\Users\Owner\defogger_reenable
2012-10-13 15:02 - 2012-10-13 15:02 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-10-13 14:59 - 2012-10-13 14:59 - 00000000 ____D C:\Users\Owner\Downloads\tdsskiller
2012-10-13 14:55 - 2012-10-13 14:58 - 02193278 ____A C:\Users\Owner\Downloads\tdsskiller.zip
2012-10-13 14:49 - 2012-10-13 20:49 - 00027102 ____A C:\Users\Owner\Desktop\AVSCAN-20121013-124748-0E83F3C4.LOG
2012-10-13 09:24 - 2012-10-13 09:24 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{18C973E0-143E-4B1B-870C-0612A1968EA7}
2012-10-13 09:24 - 2012-10-13 09:24 - 00000000 ____D C:\Users\Owner\Local Settings\{18C973E0-143E-4B1B-870C-0612A1968EA7}
2012-10-13 09:24 - 2012-10-13 09:24 - 00000000 ____D C:\Users\Owner\AppData\Local\{18C973E0-143E-4B1B-870C-0612A1968EA7}
2012-10-12 19:09 - 2012-10-12 19:09 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{83C5EE94-F574-45C5-B319-01A95E1DC11B}
2012-10-12 19:09 - 2012-10-12 19:09 - 00000000 ____D C:\Users\Owner\Local Settings\{83C5EE94-F574-45C5-B319-01A95E1DC11B}
2012-10-12 19:09 - 2012-10-12 19:09 - 00000000 ____D C:\Users\Owner\AppData\Local\{83C5EE94-F574-45C5-B319-01A95E1DC11B}
2012-10-12 07:09 - 2012-10-12 07:09 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{61BE0640-475C-4BE0-9C80-C160CAD2B06D}
2012-10-12 07:09 - 2012-10-12 07:09 - 00000000 ____D C:\Users\Owner\Local Settings\{61BE0640-475C-4BE0-9C80-C160CAD2B06D}
2012-10-12 07:09 - 2012-10-12 07:09 - 00000000 ____D C:\Users\Owner\AppData\Local\{61BE0640-475C-4BE0-9C80-C160CAD2B06D}
2012-10-09 09:25 - 2012-10-09 09:25 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{1B79EDA5-B5C3-46D9-B31D-29F54CF78AF9}
2012-10-09 09:25 - 2012-10-09 09:25 - 00000000 ____D C:\Users\Owner\Local Settings\{1B79EDA5-B5C3-46D9-B31D-29F54CF78AF9}
2012-10-09 09:25 - 2012-10-09 09:25 - 00000000 ____D C:\Users\Owner\AppData\Local\{1B79EDA5-B5C3-46D9-B31D-29F54CF78AF9}
2012-10-08 11:52 - 2012-10-08 11:53 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{B3C983EC-A790-4851-8DEF-4392BBFA7DE7}
2012-10-08 11:52 - 2012-10-08 11:53 - 00000000 ____D C:\Users\Owner\Local Settings\{B3C983EC-A790-4851-8DEF-4392BBFA7DE7}
2012-10-08 11:52 - 2012-10-08 11:53 - 00000000 ____D C:\Users\Owner\AppData\Local\{B3C983EC-A790-4851-8DEF-4392BBFA7DE7}
2012-10-06 11:02 - 2012-10-06 11:02 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{3D1D2C88-5371-4185-A1FC-EFAFA7429198}
2012-10-06 11:02 - 2012-10-06 11:02 - 00000000 ____D C:\Users\Owner\Local Settings\{3D1D2C88-5371-4185-A1FC-EFAFA7429198}
2012-10-06 11:02 - 2012-10-06 11:02 - 00000000 ____D C:\Users\Owner\AppData\Local\{3D1D2C88-5371-4185-A1FC-EFAFA7429198}
2012-10-05 13:11 - 2012-10-05 13:11 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{DEA88D1A-167D-4282-BB4E-77699E4700B3}
2012-10-05 13:11 - 2012-10-05 13:11 - 00000000 ____D C:\Users\Owner\Local Settings\{DEA88D1A-167D-4282-BB4E-77699E4700B3}
2012-10-05 13:11 - 2012-10-05 13:11 - 00000000 ____D C:\Users\Owner\AppData\Local\{DEA88D1A-167D-4282-BB4E-77699E4700B3}
2012-10-02 19:59 - 2012-10-02 20:00 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{39533318-6D67-4281-A115-D3A0E4B13891}
2012-10-02 19:59 - 2012-10-02 20:00 - 00000000 ____D C:\Users\Owner\Local Settings\{39533318-6D67-4281-A115-D3A0E4B13891}
2012-10-02 19:59 - 2012-10-02 20:00 - 00000000 ____D C:\Users\Owner\AppData\Local\{39533318-6D67-4281-A115-D3A0E4B13891}
2012-10-01 08:42 - 2012-10-01 08:42 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{D2ABE449-27CC-4DAE-890F-C03DCAA81DC6}
2012-10-01 08:42 - 2012-10-01 08:42 - 00000000 ____D C:\Users\Owner\Local Settings\{D2ABE449-27CC-4DAE-890F-C03DCAA81DC6}
2012-10-01 08:42 - 2012-10-01 08:42 - 00000000 ____D C:\Users\Owner\AppData\Local\{D2ABE449-27CC-4DAE-890F-C03DCAA81DC6}
2012-09-30 05:23 - 2012-09-30 05:24 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{0C71B14A-1488-4413-BCAB-504F4B85EDFC}
2012-09-30 05:23 - 2012-09-30 05:24 - 00000000 ____D C:\Users\Owner\Local Settings\{0C71B14A-1488-4413-BCAB-504F4B85EDFC}
2012-09-30 05:23 - 2012-09-30 05:24 - 00000000 ____D C:\Users\Owner\AppData\Local\{0C71B14A-1488-4413-BCAB-504F4B85EDFC}
2012-09-29 15:41 - 2012-09-29 15:42 - 02037185 ____A C:\Windows\System32\Drivers\Cat.DB
2012-09-29 15:41 - 2012-06-22 14:35 - 00251560 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-09-29 15:37 - 2012-09-29 15:37 - 00000000 ____D C:\Users\Owner\Application Data\TestApp
2012-09-29 15:37 - 2012-09-29 15:37 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TestApp
2012-09-29 15:37 - 2012-09-29 15:37 - 00000000 ____D C:\Users\All Users\PC Tools
2012-09-29 15:37 - 2012-09-29 15:37 - 00000000 ____D C:\Users\All Users\Application Data\PC Tools
2012-09-29 14:51 - 2012-09-29 14:51 - 00291464 ____A C:\Windows\Minidump\092912-26910-01.dmp
2012-09-29 14:07 - 2012-09-29 14:51 - 586603179 ____A C:\Windows\MEMORY.DMP
2012-09-29 14:07 - 2012-09-29 14:51 - 00000000 ____D C:\Windows\Minidump
2012-09-29 14:07 - 2012-09-29 14:07 - 00291464 ____A C:\Windows\Minidump\092912-29952-01.dmp
2012-09-29 12:04 - 2012-09-29 12:04 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{BC6396E9-FD33-4696-B70E-51B6CBFB3909}
2012-09-29 12:04 - 2012-09-29 12:04 - 00000000 ____D C:\Users\Owner\Local Settings\{BC6396E9-FD33-4696-B70E-51B6CBFB3909}
2012-09-29 12:04 - 2012-09-29 12:04 - 00000000 ____D C:\Users\Owner\AppData\Local\{BC6396E9-FD33-4696-B70E-51B6CBFB3909}
2012-09-29 08:30 - 2012-09-29 08:30 - 00025166 ____A C:\Users\Owner\Desktop\AVSCAN-20120928-215651-289516CC.LOG
2012-09-28 20:49 - 2012-09-28 20:49 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{16221BDF-6D47-485D-AF00-247BB88DD4A2}
2012-09-28 20:49 - 2012-09-28 20:49 - 00000000 ____D C:\Users\Owner\Local Settings\{16221BDF-6D47-485D-AF00-247BB88DD4A2}
2012-09-28 20:49 - 2012-09-28 20:49 - 00000000 ____D C:\Users\Owner\AppData\Local\{16221BDF-6D47-485D-AF00-247BB88DD4A2}
2012-09-28 04:51 - 2012-09-28 04:52 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{D23DECBA-6604-4705-A6B2-3C0D265169FA}
2012-09-28 04:51 - 2012-09-28 04:52 - 00000000 ____D C:\Users\Owner\Local Settings\{D23DECBA-6604-4705-A6B2-3C0D265169FA}
2012-09-28 04:51 - 2012-09-28 04:52 - 00000000 ____D C:\Users\Owner\AppData\Local\{D23DECBA-6604-4705-A6B2-3C0D265169FA}
2012-09-27 16:51 - 2012-09-27 16:51 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{6EFBDB28-69A8-4882-8AEF-9A0C3F21E433}
2012-09-27 16:51 - 2012-09-27 16:51 - 00000000 ____D C:\Users\Owner\Local Settings\{6EFBDB28-69A8-4882-8AEF-9A0C3F21E433}
2012-09-27 16:51 - 2012-09-27 16:51 - 00000000 ____D C:\Users\Owner\AppData\Local\{6EFBDB28-69A8-4882-8AEF-9A0C3F21E433}
2012-09-27 04:51 - 2012-09-27 04:51 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{0BC840AF-59E0-481D-AC93-55738F1BBAA3}
2012-09-27 04:51 - 2012-09-27 04:51 - 00000000 ____D C:\Users\Owner\Local Settings\{0BC840AF-59E0-481D-AC93-55738F1BBAA3}
2012-09-27 04:51 - 2012-09-27 04:51 - 00000000 ____D C:\Users\Owner\AppData\Local\{0BC840AF-59E0-481D-AC93-55738F1BBAA3}
2012-09-26 10:22 - 2012-09-26 10:22 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{13567E0D-D46F-4DBC-B3B8-954345F1AFB6}
2012-09-26 10:22 - 2012-09-26 10:22 - 00000000 ____D C:\Users\Owner\Local Settings\{13567E0D-D46F-4DBC-B3B8-954345F1AFB6}
2012-09-26 10:22 - 2012-09-26 10:22 - 00000000 ____D C:\Users\Owner\AppData\Local\{13567E0D-D46F-4DBC-B3B8-954345F1AFB6}
2012-09-25 20:35 - 2012-09-25 20:35 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{D91938D3-80B1-48EA-8640-E8715D9CA858}
2012-09-25 20:35 - 2012-09-25 20:35 - 00000000 ____D C:\Users\Owner\Local Settings\{D91938D3-80B1-48EA-8640-E8715D9CA858}
2012-09-25 20:35 - 2012-09-25 20:35 - 00000000 ____D C:\Users\Owner\AppData\Local\{D91938D3-80B1-48EA-8640-E8715D9CA858}
2012-09-25 20:15 - 2012-09-25 20:15 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-09-25 18:40 - 2012-08-24 06:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-25 18:40 - 2012-08-24 05:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-25 18:40 - 2012-08-24 05:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-25 18:40 - 2012-08-24 05:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-25 18:40 - 2012-08-24 05:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-25 18:40 - 2012-08-24 05:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-25 18:40 - 2012-08-24 05:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-25 18:40 - 2012-08-24 05:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-25 18:40 - 2012-08-24 05:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-25 18:40 - 2012-08-24 05:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-25 18:40 - 2012-08-24 05:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-25 18:40 - 2012-08-24 05:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-25 18:40 - 2012-08-24 05:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-25 18:40 - 2012-08-24 05:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-25 18:40 - 2012-08-24 05:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-25 18:40 - 2012-08-24 05:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-25 18:40 - 2012-08-24 02:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-25 18:40 - 2012-08-24 02:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-25 18:40 - 2012-08-24 01:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-09-25 18:40 - 2012-08-24 01:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-09-25 18:40 - 2012-08-24 01:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-25 18:40 - 2012-08-24 01:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-25 18:40 - 2012-08-24 01:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-25 18:40 - 2012-08-24 01:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-25 18:40 - 2012-08-24 01:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-09-25 18:40 - 2012-08-24 01:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-09-25 18:40 - 2012-08-24 01:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-09-25 18:40 - 2012-08-24 01:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-09-25 18:40 - 2012-08-24 01:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-25 18:40 - 2012-08-24 01:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-25 18:40 - 2012-08-24 01:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-25 18:40 - 2012-08-24 01:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-25 18:35 - 2012-08-02 12:55 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-25 18:35 - 2012-08-02 12:05 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-09-25 18:35 - 2012-07-18 12:31 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-09-25 18:35 - 2012-07-04 17:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-09-25 18:35 - 2012-07-04 17:01 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-09-25 18:35 - 2012-07-04 17:01 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-09-25 18:35 - 2012-07-04 16:26 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-09-25 18:35 - 2012-07-04 16:23 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-09-25 18:35 - 2012-05-05 03:30 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-09-25 18:35 - 2012-05-05 02:44 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-09-25 18:35 - 2012-02-11 01:36 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-09-25 18:35 - 2012-02-11 01:29 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-09-25 18:35 - 2012-02-11 01:29 - 00067584 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-09-25 18:35 - 2012-02-11 00:44 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-09-25 18:34 - 2012-05-14 00:20 - 00956416 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-09-25 15:37 - 2012-09-25 15:39 - 00000000 ____D C:\Users\All Users\Application Data\59EA100F3D8232EF00A559E96B5965DE
2012-09-25 15:37 - 2012-09-25 15:39 - 00000000 ____D C:\Users\All Users\59EA100F3D8232EF00A559E96B5965DE
2012-09-25 07:43 - 2012-09-25 07:43 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{3130C1E5-D79C-4CE4-AF77-C5058C020B65}
2012-09-25 07:43 - 2012-09-25 07:43 - 00000000 ____D C:\Users\Owner\Local Settings\{3130C1E5-D79C-4CE4-AF77-C5058C020B65}
2012-09-25 07:43 - 2012-09-25 07:43 - 00000000 ____D C:\Users\Owner\AppData\Local\{3130C1E5-D79C-4CE4-AF77-C5058C020B65}
2012-09-24 19:43 - 2012-09-24 19:43 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{4FB80114-B51C-4AE0-A2EA-2501A7A76E87}
2012-09-24 19:43 - 2012-09-24 19:43 - 00000000 ____D C:\Users\Owner\Local Settings\{4FB80114-B51C-4AE0-A2EA-2501A7A76E87}
2012-09-24 19:43 - 2012-09-24 19:43 - 00000000 ____D C:\Users\Owner\AppData\Local\{4FB80114-B51C-4AE0-A2EA-2501A7A76E87}
2012-09-24 07:17 - 2012-09-24 07:18 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{32A43CB9-D0AD-4F44-9469-F800CAFB2FF8}
2012-09-24 07:17 - 2012-09-24 07:18 - 00000000 ____D C:\Users\Owner\Local Settings\{32A43CB9-D0AD-4F44-9469-F800CAFB2FF8}
2012-09-24 07:17 - 2012-09-24 07:18 - 00000000 ____D C:\Users\Owner\AppData\Local\{32A43CB9-D0AD-4F44-9469-F800CAFB2FF8}
2012-09-23 11:15 - 2012-09-23 11:15 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{421898ED-A211-4749-9AD6-220E87BB2AF2}
2012-09-23 11:15 - 2012-09-23 11:15 - 00000000 ____D C:\Users\Owner\Local Settings\{421898ED-A211-4749-9AD6-220E87BB2AF2}
2012-09-23 11:15 - 2012-09-23 11:15 - 00000000 ____D C:\Users\Owner\AppData\Local\{421898ED-A211-4749-9AD6-220E87BB2AF2}
2012-09-22 20:48 - 2012-09-22 20:48 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{EF85DE2B-276D-4DCE-8521-0E9A0F4A0D5C}
2012-09-22 20:48 - 2012-09-22 20:48 - 00000000 ____D C:\Users\Owner\Local Settings\{EF85DE2B-276D-4DCE-8521-0E9A0F4A0D5C}
2012-09-22 20:48 - 2012-09-22 20:48 - 00000000 ____D C:\Users\Owner\AppData\Local\{EF85DE2B-276D-4DCE-8521-0E9A0F4A0D5C}
2012-09-22 09:12 - 2012-09-22 09:12 - 00001480 ____A C:\Users\Public\Desktop\Adobe Application Manager.lnk
2012-09-22 09:12 - 2012-09-22 09:12 - 00001480 ____A C:\Users\All Users\Desktop\Adobe Application Manager.lnk
2012-09-22 08:48 - 2012-09-22 08:48 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{775C3381-E323-4F6F-A248-D96C8C2824CD}
2012-09-22 08:48 - 2012-09-22 08:48 - 00000000 ____D C:\Users\Owner\Local Settings\{775C3381-E323-4F6F-A248-D96C8C2824CD}
2012-09-22 08:48 - 2012-09-22 08:48 - 00000000 ____D C:\Users\Owner\AppData\Local\{775C3381-E323-4F6F-A248-D96C8C2824CD}
2012-09-21 16:57 - 2012-09-21 16:57 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{D1175156-27A4-45F6-B431-9FFB5CE8D98E}
2012-09-21 16:57 - 2012-09-21 16:57 - 00000000 ____D C:\Users\Owner\Local Settings\{D1175156-27A4-45F6-B431-9FFB5CE8D98E}
2012-09-21 16:57 - 2012-09-21 16:57 - 00000000 ____D C:\Users\Owner\AppData\Local\{D1175156-27A4-45F6-B431-9FFB5CE8D98E}
2012-09-21 04:56 - 2012-09-21 04:56 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{C6325AE2-4ACB-4586-B679-0B329095617F}
2012-09-21 04:56 - 2012-09-21 04:56 - 00000000 ____D C:\Users\Owner\Local Settings\{C6325AE2-4ACB-4586-B679-0B329095617F}
2012-09-21 04:56 - 2012-09-21 04:56 - 00000000 ____D C:\Users\Owner\AppData\Local\{C6325AE2-4ACB-4586-B679-0B329095617F}
2012-09-21 04:52 - 2012-09-21 04:52 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{DF15A81D-0A66-4D15-B594-95B3C1165B65}
2012-09-21 04:52 - 2012-09-21 04:52 - 00000000 ____D C:\Users\Owner\Local Settings\{DF15A81D-0A66-4D15-B594-95B3C1165B65}
2012-09-21 04:52 - 2012-09-21 04:52 - 00000000 ____D C:\Users\Owner\AppData\Local\{DF15A81D-0A66-4D15-B594-95B3C1165B65}
2012-09-20 12:51 - 2012-09-20 12:51 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{319A96AC-2A8E-42CD-83B6-044B9086A574}
2012-09-20 12:51 - 2012-09-20 12:51 - 00000000 ____D C:\Users\Owner\Local Settings\{319A96AC-2A8E-42CD-83B6-044B9086A574}
2012-09-20 12:51 - 2012-09-20 12:51 - 00000000 ____D C:\Users\Owner\AppData\Local\{319A96AC-2A8E-42CD-83B6-044B9086A574}
2012-09-19 20:29 - 2012-09-19 20:30 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{64B5589A-9995-4049-AEFE-2A38DEC14F9F}
2012-09-19 20:29 - 2012-09-19 20:30 - 00000000 ____D C:\Users\Owner\Local Settings\{64B5589A-9995-4049-AEFE-2A38DEC14F9F}
2012-09-19 20:29 - 2012-09-19 20:30 - 00000000 ____D C:\Users\Owner\AppData\Local\{64B5589A-9995-4049-AEFE-2A38DEC14F9F}
2012-09-19 07:42 - 2012-09-19 07:42 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{73B66670-34B4-458D-A7F2-613ECDF6B122}
2012-09-19 07:42 - 2012-09-19 07:42 - 00000000 ____D C:\Users\Owner\Local Settings\{73B66670-34B4-458D-A7F2-613ECDF6B122}
2012-09-19 07:42 - 2012-09-19 07:42 - 00000000 ____D C:\Users\Owner\AppData\Local\{73B66670-34B4-458D-A7F2-613ECDF6B122}
2012-09-18 18:02 - 2012-09-18 18:02 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{2206DDF1-D71D-4617-A613-803F634AA647}
2012-09-18 18:02 - 2012-09-18 18:02 - 00000000 ____D C:\Users\Owner\Local Settings\{2206DDF1-D71D-4617-A613-803F634AA647}
2012-09-18 18:02 - 2012-09-18 18:02 - 00000000 ____D C:\Users\Owner\AppData\Local\{2206DDF1-D71D-4617-A613-803F634AA647}
2012-09-18 06:01 - 2012-09-18 06:01 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{8555A3F0-41CA-4B03-AE46-5F26EEE5AD9B}
2012-09-18 06:01 - 2012-09-18 06:01 - 00000000 ____D C:\Users\Owner\Local Settings\{8555A3F0-41CA-4B03-AE46-5F26EEE5AD9B}
2012-09-18 06:01 - 2012-09-18 06:01 - 00000000 ____D C:\Users\Owner\AppData\Local\{8555A3F0-41CA-4B03-AE46-5F26EEE5AD9B}
2012-09-17 18:01 - 2012-09-17 18:01 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{ADF7BC0B-4EF4-452D-848D-45D6B0650D5C}
2012-09-17 18:01 - 2012-09-17 18:01 - 00000000 ____D C:\Users\Owner\Local Settings\{ADF7BC0B-4EF4-452D-848D-45D6B0650D5C}
2012-09-17 18:01 - 2012-09-17 18:01 - 00000000 ____D C:\Users\Owner\AppData\Local\{ADF7BC0B-4EF4-452D-848D-45D6B0650D5C}
2012-09-17 04:45 - 2012-09-17 04:46 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{47B05582-C781-43BB-AA9E-80124BAFB170}
2012-09-17 04:45 - 2012-09-17 04:46 - 00000000 ____D C:\Users\Owner\Local Settings\{47B05582-C781-43BB-AA9E-80124BAFB170}
2012-09-17 04:45 - 2012-09-17 04:46 - 00000000 ____D C:\Users\Owner\AppData\Local\{47B05582-C781-43BB-AA9E-80124BAFB170}
2012-09-16 07:10 - 2012-09-16 07:11 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{471BDFB7-C150-439B-A580-3F542B26C68F}
2012-09-16 07:10 - 2012-09-16 07:11 - 00000000 ____D C:\Users\Owner\Local Settings\{471BDFB7-C150-439B-A580-3F542B26C68F}
2012-09-16 07:10 - 2012-09-16 07:11 - 00000000 ____D C:\Users\Owner\AppData\Local\{471BDFB7-C150-439B-A580-3F542B26C68F}
2012-09-15 18:33 - 2012-09-15 18:33 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{EB5CBC39-A203-42F0-A130-7EAFB3ADDA2D}
2012-09-15 18:33 - 2012-09-15 18:33 - 00000000 ____D C:\Users\Owner\Local Settings\{EB5CBC39-A203-42F0-A130-7EAFB3ADDA2D}
2012-09-15 18:33 - 2012-09-15 18:33 - 00000000 ____D C:\Users\Owner\AppData\Local\{EB5CBC39-A203-42F0-A130-7EAFB3ADDA2D}
2012-09-15 06:32 - 2012-09-15 06:33 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{182D8E58-46E7-4CE8-8DC0-FD7D6A684270}
2012-09-15 06:32 - 2012-09-15 06:33 - 00000000 ____D C:\Users\Owner\Local Settings\{182D8E58-46E7-4CE8-8DC0-FD7D6A684270}
2012-09-15 06:32 - 2012-09-15 06:33 - 00000000 ____D C:\Users\Owner\AppData\Local\{182D8E58-46E7-4CE8-8DC0-FD7D6A684270}
2012-09-14 13:26 - 2012-09-14 13:26 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{EBE5DA01-88D0-475D-8246-5928EBEBC419}
2012-09-14 13:26 - 2012-09-14 13:26 - 00000000 ____D C:\Users\Owner\Local Settings\{EBE5DA01-88D0-475D-8246-5928EBEBC419}
2012-09-14 13:26 - 2012-09-14 13:26 - 00000000 ____D C:\Users\Owner\AppData\Local\{EBE5DA01-88D0-475D-8246-5928EBEBC419}

==================== 3 Months Modified Files ==================

2012-10-14 19:13 - 2010-05-10 18:58 - 00002405 ____A C:\Windows\TMFilter.log
2012-10-14 19:03 - 2010-12-13 15:48 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-14 11:57 - 2010-12-13 15:48 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-13 20:49 - 2012-10-13 14:49 - 00027102 ____A C:\Users\Owner\Desktop\AVSCAN-20121013-124748-0E83F3C4.LOG
2012-10-13 20:33 - 2012-10-13 20:33 - 00000000 ____A C:\Users\Owner\Desktop\ark.log
2012-10-13 19:51 - 2012-10-13 19:51 - 00294216 ____A C:\Users\Owner\Desktop\gmer.zip
2012-10-13 18:50 - 2012-10-13 18:50 - 00302592 ____A C:\Users\Owner\Downloads\8rhgbi4r.exe
2012-10-13 18:49 - 2012-10-13 18:47 - 00026096 ____A C:\Users\Owner\Desktop\dds.txt
2012-10-13 18:45 - 2012-10-13 18:45 - 00706431 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2012-10-13 18:44 - 2012-10-13 18:44 - 00706431 ____A (Swearware) C:\Users\Owner\Downloads\dds.com
2012-10-13 18:40 - 2012-10-13 18:40 - 00050477 ____A C:\Users\Owner\Downloads\Defogger.exe
2012-10-13 18:40 - 2012-10-13 18:40 - 00000472 ____A C:\Users\Owner\Desktop\defogger_disable.log
2012-10-13 18:40 - 2012-10-13 18:40 - 00000000 ____A C:\Users\Owner\defogger_reenable
2012-10-13 18:40 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-13 18:40 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-13 18:32 - 2012-07-25 20:47 - 00000414 ____A C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2012-10-13 18:32 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-13 18:32 - 2009-07-13 23:51 - 00049343 ____A C:\Windows\setupact.log
2012-10-13 17:20 - 2009-07-14 00:13 - 00726142 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-13 17:16 - 2010-04-12 12:05 - 00694490 ____A C:\Windows\PFRO.log
2012-10-13 14:58 - 2012-10-13 14:55 - 02193278 ____A C:\Users\Owner\Downloads\tdsskiller.zip
2012-10-12 20:37 - 2012-07-25 20:47 - 00000438 ____A C:\Windows\Tasks\PC Optimizer Pro Updates.job
2012-10-10 15:15 - 2011-05-01 19:22 - 00002336 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-10-10 15:15 - 2011-05-01 19:22 - 00002336 ____A C:\Users\All Users\Desktop\Google Chrome.lnk
2012-09-29 15:42 - 2012-09-29 15:41 - 02037185 ____A C:\Windows\System32\Drivers\Cat.DB
2012-09-29 14:51 - 2012-09-29 14:51 - 00291464 ____A C:\Windows\Minidump\092912-26910-01.dmp
2012-09-29 14:51 - 2012-09-29 14:07 - 586603179 ____A C:\Windows\MEMORY.DMP
2012-09-29 14:13 - 2009-07-14 00:10 - 01126236 ____A C:\Windows\WindowsUpdate.log
2012-09-29 14:07 - 2012-09-29 14:07 - 00291464 ____A C:\Windows\Minidump\092912-29952-01.dmp
2012-09-29 08:30 - 2012-09-29 08:30 - 00025166 ____A C:\Users\Owner\Desktop\AVSCAN-20120928-215651-289516CC.LOG
2012-09-25 19:43 - 2009-07-13 23:45 - 05265064 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-22 09:12 - 2012-09-22 09:12 - 00001480 ____A C:\Users\Public\Desktop\Adobe Application Manager.lnk
2012-09-22 09:12 - 2012-09-22 09:12 - 00001480 ____A C:\Users\All Users\Desktop\Adobe Application Manager.lnk
2012-09-21 04:53 - 2011-12-28 07:09 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-21 04:53 - 2011-12-28 07:09 - 00001071 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-07 16:04 - 2011-12-26 09:22 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-03 18:33 - 2012-07-25 20:01 - 00013579 ____A C:\Users\Owner\Desktop\server.log
2012-08-31 20:27 - 2012-08-31 20:27 - 00015680 ____A C:\Users\Owner\Desktop\hs_err_pid7284.log
2012-08-31 16:47 - 2012-08-31 16:47 - 00052736 ____A (Technic) C:\Users\Owner\Downloads\TechnicLauncher (1).exe
2012-08-30 23:43 - 2010-05-10 18:34 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-24 06:15 - 2012-09-25 18:40 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 05:39 - 2012-09-25 18:40 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 05:31 - 2012-09-25 18:40 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 05:22 - 2012-09-25 18:40 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 05:21 - 2012-09-25 18:40 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 05:20 - 2012-09-25 18:40 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 05:18 - 2012-09-25 18:40 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 05:17 - 2012-09-25 18:40 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 05:14 - 2012-09-25 18:40 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 05:14 - 2012-09-25 18:40 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 05:13 - 2012-09-25 18:40 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 05:12 - 2012-09-25 18:40 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 05:11 - 2012-09-25 18:40 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 05:10 - 2012-09-25 18:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 05:09 - 2012-09-25 18:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 05:04 - 2012-09-25 18:40 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-24 02:27 - 2012-09-25 18:40 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-24 02:03 - 2012-09-25 18:40 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-24 01:59 - 2012-09-25 18:40 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-24 01:51 - 2012-09-25 18:40 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-24 01:51 - 2012-09-25 18:40 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-24 01:51 - 2012-09-25 18:40 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-24 01:49 - 2012-09-25 18:40 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-24 01:48 - 2012-09-25 18:40 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-24 01:47 - 2012-09-25 18:40 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-24 01:47 - 2012-09-25 18:40 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-24 01:47 - 2012-09-25 18:40 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-24 01:45 - 2012-09-25 18:40 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-24 01:44 - 2012-09-25 18:40 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-24 01:44 - 2012-09-25 18:40 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-24 01:43 - 2012-09-25 18:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-24 01:40 - 2012-09-25 18:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-21 19:19 - 2012-08-21 19:19 - 00015684 ____A C:\Users\Owner\Downloads\hs_err_pid7028.log
2012-08-21 19:06 - 2012-08-21 19:06 - 00052736 ____A (Technic) C:\Users\Owner\Desktop\TechnicLauncher.exe
2012-08-21 18:25 - 2012-08-21 18:25 - 14665243 ____A C:\Users\Owner\Downloads\Tekkit_Server_3.1.2 (1).zip
2012-08-21 10:24 - 2012-08-21 10:23 - 14665243 ____A C:\Users\Owner\Downloads\Tekkit_Server_3.1.2.zip
2012-08-09 20:50 - 2012-08-03 21:43 - 00260880 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-08-07 10:21 - 2012-07-25 20:01 - 00000495 ____A C:\Users\Owner\Desktop\server.properties
2012-08-07 10:21 - 2012-07-25 20:01 - 00000110 ____A C:\Users\Owner\Desktop\banned-players.txt
2012-08-07 10:21 - 2012-07-25 20:01 - 00000110 ____A C:\Users\Owner\Desktop\banned-ips.txt
2012-08-07 10:21 - 2012-07-25 20:01 - 00000010 ____A C:\Users\Owner\Desktop\ops.txt
2012-08-07 10:21 - 2012-07-25 20:01 - 00000000 ____A C:\Users\Owner\Desktop\white-list.txt
2012-08-03 20:06 - 2010-04-12 10:27 - 00065594 ____A C:\Windows\DirectX.log
2012-08-02 12:55 - 2012-09-25 18:35 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 12:05 - 2012-09-25 18:35 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-07-25 20:37 - 2012-07-25 20:37 - 00001900 ____A C:\Users\Owner\Desktop\Free Music Downloads.lnk
2012-07-25 20:37 - 2012-07-25 20:37 - 00001900 ____A C:\Users\Owner\Desktop\Free Dolphin Screensaver.lnk
2012-07-25 20:24 - 2012-07-25 20:24 - 00278561 ____A C:\Users\Owner\Downloads\Minecraft.exe
2012-07-25 20:18 - 2012-07-25 20:18 - 00000482 ____A C:\Users\Owner\Desktop\server.log.1
2012-07-23 13:52 - 2011-09-06 18:41 - 00000526 ____A C:\Users\Owner\Application Data\wklnhst.dat
2012-07-23 13:52 - 2011-09-06 18:41 - 00000526 ____A C:\Users\Owner\AppData\Roaming\wklnhst.dat
2012-07-18 12:31 - 2012-09-25 18:35 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys


ZeroAccess:
C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}
C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\@
C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\L
C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\U
C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\L\00000004.@
C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\U\00000004.@
C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\U\00000008.@
C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\U\000000cb.@
C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\U\80000000.@
C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\U\80000032.@
C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-29 13:52:17
Restore point made on: 2012-09-29 14:13:43
Restore point made on: 2012-09-29 14:14:06
Restore point made on: 2012-09-29 15:06:28
Restore point made on: 2012-09-29 16:09:48
Restore point made on: 2012-09-29 16:14:04
Restore point made on: 2012-09-29 16:16:07
Restore point made on: 2012-09-29 16:17:22
Restore point made on: 2012-09-30 05:28:38
Restore point made on: 2012-10-03 05:46:57
Restore point made on: 2012-10-07 05:54:15
Restore point made on: 2012-10-07 19:00:02
Restore point made on: 2012-10-07 19:03:27
Restore point made on: 2012-10-09 09:36:26
Restore point made on: 2012-10-13 11:39:49
Restore point made on: 2012-10-13 18:27:57

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8055.12 MB
Available physical RAM: 7257.46 MB
Total Pagefile: 8053.27 MB
Available Pagefile: 7257.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:916.57 GB) (Free:54.16 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]
8 Drive j: (USB20FD) (Removable) (Total:7.53 GB) (Free:5.98 GB) FAT32
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 7728 MB 0 B
Disk 6 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 298 MB 31 KB
Partition 2 Primary 14 GB 299 MB
Partition 3 Primary 916 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 FAT Partition 298 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E RECOVERY NTFS Partition 14 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 916 GB Healthy

=========================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7727 MB 31 KB

==================================================================================

Disk: 5
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J USB20FD FAT32 Removable 7727 MB Healthy

=========================================================

Last Boot: 2012-10-06 11:22

==================== End Of Log =============================

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:21 AM

Posted 14 October 2012 - 08:28 PM

1.
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.




2.
We need to find a replacement file on your system

Please do the following:

  • boot into System Recovery Options and run FRST64.
  • Type the following in the edit box after "Search:" so it looks like this:

    Search: services.exe

Click Search button and post the log it makes to your reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 daledon

daledon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 15 October 2012 - 06:00 AM

Below are the logs as requested


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-10-2012
Ran by SYSTEM at 2012-10-15 06:53:13 Run:1
Running from J:\

==============================================

C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

==== End of Fixlog ====


Farbar Recovery Scan Tool (x64) Version: 14-10-2012
Ran by SYSTEM at 2012-10-15 06:54:49
Running from J:\

================== Search: "Search:services.exe" ===================

====== End Of Search ======

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:21 AM

Posted 15 October 2012 - 06:32 PM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    services.exe
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 daledon

daledon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 15 October 2012 - 07:57 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 20:54 on 15/10/2012 by Owner
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "services.exe"
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

-= EOF =-

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:21 AM

Posted 15 October 2012 - 08:11 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe  C:\Windows\System32\services.exe 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 daledon

daledon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 16 October 2012 - 04:05 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-10-2012
Ran by SYSTEM at 2012-10-16 04:27:23 Run:2
Running from K:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:21 AM

Posted 16 October 2012 - 04:34 PM

How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 daledon

daledon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 16 October 2012 - 05:19 PM

Everything seems to be fine now. I really appreciate all your help.
I do have a question for you regarding prevention. I have been running Avira (free version) and Malwarebytes (pay version) and still ended up with this virus. Any suggestions on programs to prevent infection? I got this virus when I did a windows update, not sure if I got it there or if it was already lurking on my system.

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:21 AM

Posted 16 October 2012 - 05:57 PM

I do have a question for you regarding prevention. I have been running Avira (free version) and Malwarebytes (pay version) and still ended up with this virus

I will give you more information about prevention when we are all finished up. I run Avira free on my machine. Windows update didnt infect you you probably already where and didn't know it. We will now check for any leftovers from the infection.



1.
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Avira or TrendMicro.


2.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


3.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


Things to include in your next reply::
MBAM log
Eset log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 daledon

daledon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 17 October 2012 - 06:07 AM

Trend Micro is now removed. This was leftover from when the machine was new.

Malwarebytes Anti-Malware was already installed. THe log of the latest scan is below aas well as the ESET Scan

I did get a notification of a virus from Avira. w32/Patched.uc windows virus


Malwarebytes Anti-Malware (PRO) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.16.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

Protection: Enabled

10/16/2012 7:17:50 PM
mbam-log-2012-10-16 (19-17-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212091
Time elapsed: 7 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



ESET Scan

C:\FRST\Quarantine\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\U\00000004.@ Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\U\000000cb.@ Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\U\80000000.@ Win64/Sirefef.AP trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\U\80000032.@ probably a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\U\80000064.@ Win64/Sirefef.AN trojan cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Shop to Win 27\Toolbar.dll Win32/Toolbar.BHO.B application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.10.2012_15.59.13\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.10.2012_15.59.13\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.10.2012_15.59.13\zasubsys0000\zafs0000\tsk0004.dta Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.10.2012_15.59.13\zasubsys0000\zafs0000\tsk0008.dta probably a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.10.2012_15.59.13\zasubsys0000\zafs0000\tsk0009.dta Win64/Sirefef.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.10.2012_15.59.13\zasubsys0001\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.10.2012_15.59.13\zasubsys0001\zafs0000\tsk0001.dta Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.10.2012_15.59.13\zasubsys0001\zafs0000\tsk0004.dta Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.10.2012_15.59.13\zasubsys0001\zafs0000\tsk0008.dta probably a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.10.2012_15.59.13\zasubsys0001\zafs0000\tsk0009.dta Win64/Sirefef.AN trojan cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\FCTB000100565\Toolbar\Toolbar.dll Win32/Toolbar.BHO.B application cleaned by deleting - quarantined




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users