Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirecting virus


  • This topic is locked This topic is locked
25 replies to this topic

#1 gkwannab

gkwannab

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 07 November 2012 - 02:35 PM

Hi, I was hoping you could help me to get rid of a redirecting virus on my computer. Two different Tech people have worked on my computer to get rid of this virus, but have failed. There were some rootkit viruses on here and they got rid of some, but something is still redirecting my computer to different sites. I've also used different virus software and keep finding viruses, but never get rid of this one. Please help. Thanks!

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:01 AM

Posted 07 November 2012 - 02:50 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Note:
If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Thanks and again sorry for the delay.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 gkwannab

gkwannab
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 14 November 2012 - 10:51 AM

Thank you, I'll download these on my flash drive and run the scans on my computer.

#4 gkwannab

gkwannab
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 14 November 2012 - 02:26 PM

Here are the logs from my computer:
I also accidentally disabled a couple of drivers and don't know how to reinstall them. I've tried downloading and using the cd that came with the computer, but neither of these worked. I do have the windows cd that came with the computer.

Attached Files



#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:01 AM

Posted 14 November 2012 - 09:18 PM

Can you please explain to me exactly what is going on with your computer? Not what you think you have done. What is exactly the problem at this point and time.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 gkwannab

gkwannab
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 15 November 2012 - 10:11 AM

When I was searching the internet, my computer was redirected and I would have to click the "back" button several times to bring the search to the page I was trying to connect to. I ran several virus removal programs and then began searching the internet for solutions to the virus that was redirecting my computer.

There are 3 things happening: A virus that redirects my computer when I search the web, now I can't connect to the web, and I can't connect to the intranet.

I've attached a file with the 3 messages that appear when I try to do these things. Thanks for your help.

Attached File  InternetServerNotFound.doc   69KB   1 downloads

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:01 AM

Posted 15 November 2012 - 11:18 PM

Hello,

First off we need to get the machine clean before we worry about getting its internet connection back.




For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 gkwannab

gkwannab
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 16 November 2012 - 02:15 AM

I forgot to say that I've been unable to back up my files. I tried different backup programs and they haven't worked. My computer also is unable to find any restore points. Should I still follow these instructions?

#9 gkwannab

gkwannab
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 16 November 2012 - 02:37 AM

I had been using Unstoppable Roadkill to back up the files, but lately the computer stops and when I get back to work, the computer says it recovered or restarted. I haven't backed up the files while working lately because it slows down my computer so much.

#10 gkwannab

gkwannab
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 16 November 2012 - 11:53 AM

I am in the process of backing up the files in C:\ in the computer....I'll run the scan that you recommended after that. Thanks!


Edited by gkwannab, 16 November 2012 - 05:11 PM.


#11 gkwannab

gkwannab
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 19 November 2012 - 05:40 PM

Hi, I ran the scan tool and here is the text:
Again, I appreciate all of your help. Have a good day. Juliette

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2012
Ran by SYSTEM at 19-11-2012 16:28:27
Running from I:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet [2041192 2012-10-10] ()
HKU\mapping\...\Run: [Google Update] "C:\Users\mapping\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-03-21] (Google Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\TdmNotify.lnk
ShortcutTarget: TdmNotify.lnk -> C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com)
2 Browser Manager; C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe [2400800 2012-11-02] ()
4 Cwbrxd; C:\Windows\CWBRXD.EXE [94208 2010-01-15] (IBM Corporation)
4 dkab_device; C:\Windows\system32\DKabcoms.exe -service [1054960 2009-06-09] ( )
4 dkab_device; C:\Windows\SysWow64\DKabcoms.exe -service [603376 2009-06-09] ( )
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
4 tcsd_win32.exe; "C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [1273856 2008-11-12] ()

==================== Drivers (Whitelisted) =====================

2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-23] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-23] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-23] (AVAST Software)
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
3 Partizan; C:\Windows\SysWow64\Drivers\Partizan.sys [34760 2012-11-05] (Greatis Software)
3 RegGuard; C:\Windows\SysWow64\Drivers\RegGuard.sys [29584 2012-10-10] (Greatis Software)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-11-19 13:42 - 2012-11-19 13:42 - 00000000 ____D C:\FRST
2012-11-15 06:47 - 2012-11-15 06:47 - 00000000 ____A C:\Users\JULIETTEC-PC\defogger_reenable
2012-11-14 09:50 - 2012-11-14 09:50 - 00028390 ____A C:\Users\JULIETTEC-PC\Desktop\attach.txt
2012-11-14 09:50 - 2012-11-14 09:49 - 00026164 ____A C:\Users\JULIETTEC-PC\Desktop\dds.txt
2012-11-14 09:46 - 2012-11-15 06:42 - 00000000 ____D C:\Users\JULIETTEC-PC\Desktop\BleepingComputer
2012-11-13 10:03 - 2012-11-13 10:04 - 00000000 ___DC C:\Users\JULIETTEC-PC\AppData\Local\MigWiz
2012-11-12 15:59 - 2012-11-12 15:59 - 00289264 ____A C:\Windows\Minidump\111212-27206-01.dmp
2012-11-10 04:37 - 2012-11-12 15:59 - 1045184625 ____A C:\Windows\MEMORY.DMP
2012-11-10 04:37 - 2012-11-10 04:37 - 00291376 ____A C:\Windows\Minidump\111012-47049-01.dmp
2012-11-09 12:06 - 2012-11-09 12:06 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\InstallShield
2012-11-08 07:31 - 2012-11-08 07:31 - 00000000 ____D C:\Users\JULIETTEC-PC\backup
2012-11-08 07:29 - 2012-11-08 07:29 - 00000000 ____D C:\$WINDOWS.~BT
2012-11-08 06:09 - 2012-11-07 18:15 - 00025477 ____A C:\Users\JULIETTEC-PC\Desktop\raspppoe1.zip
2012-11-07 15:04 - 2012-11-07 15:04 - 00000000 ____D C:\Program Files (x86)\DLLSuite
2012-11-07 14:06 - 2012-11-19 13:43 - 00327680 ____A C:\Windows\System32\Ikeext.etl
2012-11-07 12:28 - 2012-11-07 12:28 - 00688901 ____R (Swearware) C:\Users\JULIETTEC-PC\Downloads\dds.scr
2012-11-07 11:53 - 2012-11-08 12:25 - 00000000 ____D C:\Users\JULIETTEC-PC\Desktop\RK_Quarantine
2012-11-07 11:51 - 2012-11-07 11:51 - 00662016 ____A C:\Users\JULIETTEC-PC\Downloads\RogueKiller.exe
2012-11-07 11:47 - 2012-11-07 11:47 - 00050477 ____A C:\Users\JULIETTEC-PC\Downloads\Defogger.exe
2012-11-07 06:46 - 2012-11-09 14:20 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2012-11-07 06:38 - 2012-11-07 06:41 - 19620864 ____A (Luis Cobian, CobianSoft) C:\Users\JULIETTEC-PC\Downloads\cbSetup.exe
2012-11-07 06:02 - 2012-11-07 06:03 - 00996720 ____A (Solid State Networks) C:\Users\JULIETTEC-PC\Downloads\install_flashplayer11x32axau_mssd_aih.exe
2012-11-06 08:12 - 2012-11-06 08:12 - 01679264 ____A (Bleeping Computer, LLC) C:\Users\JULIETTEC-PC\Downloads\rkill.com
2012-11-06 07:45 - 2012-11-06 07:46 - 01153912 ____A (Emsi Software GmbH) C:\Users\JULIETTEC-PC\Downloads\BlitzBlank.exe
2012-11-06 06:33 - 2012-11-06 06:38 - 00000000 ___SD C:\32788R22FWJFW
2012-11-05 11:18 - 2012-11-05 11:18 - 00034760 ____A (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2012-11-05 11:18 - 2012-11-05 11:18 - 00032480 ____A (Greatis Software) C:\Windows\SysWOW64\Partizan.exe
2012-11-05 05:56 - 2012-11-05 05:56 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Local\Apple
2012-11-02 06:39 - 2012-11-02 13:00 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\Apple Computer
2012-11-02 06:39 - 2012-11-02 06:39 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Local\Apple Computer
2012-11-02 06:38 - 2012-11-02 06:38 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\Amazon
2012-11-02 06:37 - 2012-11-02 06:37 - 00002217 ____A C:\Users\Public\Desktop\Amazon Cloud Player.lnk
2012-11-02 06:36 - 2012-11-02 06:37 - 02964128 ____A C:\Users\JULIETTEC-PC\Downloads\AmazonMP3DownloaderInstall(2).exe
2012-11-02 05:11 - 2012-11-02 05:11 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\Xerox
2012-11-01 13:35 - 2012-11-05 07:04 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Local\ESRI
2012-11-01 13:35 - 2012-11-01 13:35 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\NVIDIA
2012-11-01 13:35 - 2012-11-01 13:35 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\ESRI
2012-11-01 13:27 - 2012-11-01 13:27 - 00000000 ____D C:\Users\All Users\FLEXnet
2012-11-01 13:22 - 2012-11-08 06:15 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Local\VirtualStore
2012-11-01 13:21 - 2012-11-01 13:21 - 00000000 ____D C:\Program Files (x86)\ArcGIS
2012-11-01 13:07 - 2012-11-01 13:35 - 00181816 ____A C:\Users\JULIETTEC-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-01 12:55 - 2012-11-01 12:55 - 00000000 ____D C:\MATS
2012-11-01 12:52 - 2012-11-01 12:52 - 00347424 ____A (Microsoft Corporation) C:\Users\JULIETTEC-PC\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe
2012-11-01 12:38 - 2012-11-05 07:28 - 00000000 ____D C:\Users\All Users\Browser Manager
2012-11-01 12:38 - 2012-11-01 12:38 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\Babylon
2012-11-01 12:38 - 2012-11-01 12:38 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Local\Savings Sidekick
2012-11-01 12:38 - 2012-11-01 12:38 - 00000000 ____D C:\Users\All Users\Babylon
2012-11-01 12:36 - 2012-11-01 12:36 - 00373472 ____A (Softonic) C:\Users\JULIETTEC-PC\Downloads\SoftonicDownloader_for_microsoft-windows-installer.exe
2012-11-01 12:35 - 2012-11-01 12:35 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Local\Macromedia
2012-11-01 12:34 - 2012-11-01 12:34 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Local\Mozilla
2012-11-01 12:17 - 2012-11-01 12:17 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Local\Citrix
2012-11-01 12:14 - 2012-11-01 12:14 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Local\Deployment
2012-11-01 12:14 - 2012-11-01 12:14 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Local\Apps\2.0
2012-11-01 11:23 - 2012-11-01 11:23 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\SUPERAntiSpyware.com
2012-11-01 10:50 - 2012-11-09 15:00 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Local\Google
2012-11-01 10:43 - 2012-11-01 10:43 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\WinRAR
2012-11-01 06:25 - 2012-11-01 06:25 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Local\Adobe
2012-11-01 05:37 - 2012-11-01 05:37 - 00153256 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2012-10-30 13:05 - 2012-11-15 15:02 - 00001312 ____A C:\Users\JULIETTEC-PC\Desktop\JULIETTEPRT.WS
2012-10-30 12:44 - 2012-11-13 13:15 - 00001181 ____A C:\Users\JULIETTEC-PC\Desktop\JULIETTE2.WS
2012-10-30 12:42 - 2012-11-13 13:44 - 00001279 ____A C:\Users\JULIETTEC-PC\Desktop\JULIETTE1.WS
2012-10-30 12:42 - 2012-10-30 12:42 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\IBM
2012-10-30 12:20 - 2012-10-30 12:41 - 00000030 ____A C:\Windows\epcswin.ini
2012-10-30 12:17 - 2012-10-30 16:38 - 322076672 ____A C:\Users\JULIETTEC-PC\Documents\ArcGIS_Desktop_101_129026.iso
2012-10-30 12:16 - 2012-11-01 10:48 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\Download Manager
2012-10-30 11:52 - 2012-11-15 14:16 - 00000000 ____D C:\Users\JULIETTEC-PC\Desktop\Phone_Numbers
2012-10-30 11:50 - 2012-11-09 14:36 - 00000000 ____D C:\Users\JULIETTEC-PC\Desktop\malware tools
2012-10-30 11:50 - 2012-10-30 13:30 - 00000000 ____D C:\Users\JULIETTEC-PC\Desktop\Jenny_L
2012-10-30 11:50 - 2012-10-30 11:51 - 00000000 ____D C:\Users\JULIETTEC-PC\Desktop\NewArcGis
2012-10-30 11:50 - 2012-10-30 11:50 - 00000000 ____D C:\Users\JULIETTEC-PC\Desktop\Hwy 281 Buffer
2012-10-30 11:44 - 2012-10-30 11:44 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-30 11:44 - 2012-10-30 11:44 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\Malwarebytes
2012-10-30 11:29 - 2012-11-01 12:34 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\Mozilla
2012-10-30 11:29 - 2012-10-30 11:29 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Local\Thunderbird
2012-10-30 11:12 - 2012-10-30 11:12 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\Thunderbird
2012-10-30 11:10 - 2012-11-01 06:25 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\Adobe
2012-10-30 11:10 - 2012-10-30 11:10 - 00000000 ____D C:\Users\JULIETTEC-PC\Desktop\Geospan Data
2012-10-30 11:10 - 2012-10-30 11:10 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\Macromedia
2012-10-30 11:10 - 2012-10-22 10:23 - 00001539 ____A C:\Users\JULIETTEC-PC\Desktop\Internet Explorer.lnk
2012-10-30 11:10 - 2012-10-19 11:07 - 01026048 __ASH C:\Users\JULIETTEC-PC\Desktop\Thumbs.db
2012-10-30 11:10 - 2012-08-21 12:41 - 01583230 ____A C:\Users\JULIETTEC-PC\Desktop\Unmapped.dbf
2012-10-30 11:10 - 2012-08-16 11:58 - 00001092 ____A C:\Users\JULIETTEC-PC\Desktop\join.me.lnk
2012-10-30 11:10 - 2012-07-27 11:40 - 00000564 ____A C:\Users\JULIETTEC-PC\Desktop\JimWellsNoPlats.mxd - Shortcut.lnk
2012-10-30 11:10 - 2011-10-12 10:45 - 00000769 ____A C:\Users\JULIETTEC-PC\Desktop\parcelLibraryViewer.exe - Shortcut.lnk
2012-10-30 11:10 - 2011-04-28 06:15 - 00001292 ____A C:\Users\JULIETTEC-PC\Desktop\GeoIS.exe - Shortcut.lnk
2012-10-30 11:10 - 2011-04-11 08:00 - 32871936 ____A C:\Users\JULIETTEC-PC\Desktop\Jim Wells.mxd
2012-10-30 11:10 - 2011-03-24 12:29 - 00002009 ____A C:\Users\JULIETTEC-PC\Desktop\Deed Transfers (LENOVO-5895DEAF) - Shortcut.lnk
2012-10-30 11:09 - 2012-11-15 06:47 - 00000000 ____D C:\users\JULIETTEC-PC
2012-10-30 11:09 - 2012-10-30 11:09 - 00000020 ___SH C:\Users\JULIETTEC-PC\ntuser.ini
2012-10-30 10:56 - 2012-10-30 10:56 - 00000000 ____D C:\Users\User\AppData\Roaming\Thunderbird
2012-10-30 10:53 - 2012-10-30 10:53 - 00000000 ____D C:\Users\User\AppData\Roaming\Mozilla
2012-10-30 10:53 - 2012-10-30 10:53 - 00000000 ____D C:\Users\User\AppData\Local\Thunderbird
2012-10-30 10:37 - 2012-10-30 10:37 - 00000000 ____D C:\Users\User\Desktop\Geospan Data
2012-10-30 10:34 - 2012-10-30 10:34 - 00000000 ____D C:\Users\JULIETTEC-PC\AA_PHONE_NUMBERS
2012-10-30 10:34 - 2012-10-30 10:34 - 00000000 ____D C:\Users\JULIETTEC-PC\.vec
2012-10-30 10:34 - 2012-10-30 10:34 - 00000000 ____D C:\Users\JULIETTEC-PC\.metadata
2012-10-30 10:34 - 2012-10-30 10:34 - 00000000 ____D C:\Users\JULIETTEC-PC\.idlerc
2012-10-30 10:34 - 2012-06-28 12:32 - 00000000 ____D C:\Users\JULIETTEC-PC\ArcGIS_10.1_Upgrade
2012-10-30 10:28 - 2012-10-30 10:28 - 00000000 ____D C:\Users\User\AppData\Roaming\Macromedia
2012-10-30 10:26 - 2012-10-30 10:26 - 00000020 __ASH C:\Users\User\ntuser.ini
2012-10-30 10:26 - 2012-10-30 10:26 - 00000000 ____D C:\Users\User\AppData\Roaming\Adobe
2012-10-30 09:08 - 2012-10-22 08:39 - 00000000 ____A C:\Windows\System32\Drivers\etc\hosts.20121030-120855.backup
2012-10-30 07:24 - 2012-10-30 07:24 - 00153256 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2012-10-30 05:42 - 2012-10-23 02:18 - 00984144 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-10-30 05:42 - 2012-10-23 02:18 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-10-30 05:42 - 2012-10-23 02:18 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-10-30 05:42 - 2012-10-23 02:17 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-10-30 05:42 - 2012-10-15 08:59 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-10-30 05:41 - 2012-10-30 05:41 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-10-30 05:41 - 2012-10-30 05:41 - 00000000 ____D C:\Program Files\AVAST Software
2012-10-30 05:41 - 2012-10-23 02:17 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-10-30 05:41 - 2012-10-23 02:17 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-10-30 05:30 - 2012-10-30 05:30 - 00001264 ____A C:\Users\Public\Desktop\Spybot - Search & Destroy.lnk
2012-10-30 05:26 - 2012-11-06 10:04 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-10-30 05:26 - 2012-10-30 05:26 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-10-30 05:26 - 2012-10-30 05:26 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-10-24 11:19 - 2012-10-24 11:40 - 332323615 ____A C:\Users\JULIETTEC-PC\Downloads\Windows6.1-KB947821-v24-x64.msu.wtycyaw.partial
2012-10-24 11:15 - 2012-08-23 05:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2012-10-24 11:15 - 2012-08-23 05:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2012-10-24 11:14 - 2012-08-23 06:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2012-10-24 11:14 - 2012-08-23 06:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2012-10-24 11:14 - 2012-08-23 06:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2012-10-24 11:14 - 2012-08-23 05:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2012-10-24 11:14 - 2012-08-23 05:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2012-10-24 11:14 - 2012-08-23 05:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2012-10-24 11:14 - 2012-08-23 05:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2012-10-24 11:14 - 2012-08-23 05:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2012-10-24 11:14 - 2012-08-23 05:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2012-10-24 11:14 - 2012-08-23 05:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2012-10-24 11:14 - 2012-08-23 04:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2012-10-24 11:14 - 2012-08-23 03:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2012-10-24 11:14 - 2012-08-23 03:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2012-10-24 11:14 - 2012-08-23 03:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2012-10-24 11:14 - 2012-08-23 03:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2012-10-24 11:14 - 2012-08-23 02:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2012-10-24 11:14 - 2012-08-23 02:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2012-10-24 11:14 - 2012-08-23 02:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2012-10-24 11:14 - 2012-08-23 02:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2012-10-24 11:14 - 2012-08-23 01:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-10-24 11:14 - 2012-08-23 00:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2012-10-24 11:14 - 2012-08-23 00:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2012-10-24 11:13 - 2012-10-24 11:13 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-10-24 10:53 - 2012-08-24 10:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-10-24 10:53 - 2012-08-24 10:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-10-24 10:53 - 2012-08-24 10:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-10-24 10:53 - 2012-08-24 10:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-10-24 10:53 - 2012-08-24 10:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-10-24 10:53 - 2012-08-24 08:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-10-24 10:53 - 2012-08-24 08:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-10-24 10:53 - 2012-08-24 08:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-10-24 10:53 - 2012-08-24 08:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-10-24 10:53 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-10-24 10:53 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-10-24 10:46 - 2012-09-27 21:32 - 62968832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-10-24 10:44 - 2012-10-24 10:45 - 16985648 ____A (Microsoft Corporation) C:\Users\JULIETTEC-PC\Downloads\Windows-KB890830-V4.13.exe
2012-10-24 06:19 - 2012-10-24 06:51 - 414033788 ____A C:\Users\JULIETTEC-PC\Downloads\ArcReader101Windows.zip
2012-10-24 06:04 - 2012-11-08 07:29 - 00026448 ____A C:\Windows\diagwrn.xml
2012-10-24 06:04 - 2012-11-08 07:29 - 00001908 ____A C:\Windows\diagerr.xml
2012-10-22 13:54 - 2012-10-24 07:09 - 00005142 ____A C:\Windows\KB893803v2.log
2012-10-22 13:52 - 2012-10-22 13:52 - 00000000 ____D C:\Users\JULIETTEC-PC\Documents\ArcGIS 10.1
2012-10-22 11:26 - 2012-11-01 12:17 - 00103272 ____A C:\Users\JULIETTEC-PC\GoToAssistDownloadHelper.exe
2012-10-22 08:30 - 2012-10-22 08:30 - 00002119 ____A C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
2012-10-22 08:30 - 2012-10-22 08:30 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-10-22 08:30 - 2012-10-22 08:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-10-22 08:29 - 2012-10-22 08:29 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2012-10-22 08:25 - 2012-10-22 08:25 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2012-10-22 08:25 - 2012-10-22 08:24 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-10-22 08:25 - 2012-10-22 08:24 - 00289768 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-10-22 08:25 - 2012-10-22 08:24 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2012-10-22 08:22 - 2012-10-22 08:22 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-10-22 08:22 - 2012-10-22 08:22 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-10-22 08:19 - 2012-10-22 08:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-10-22 08:19 - 2012-10-22 08:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-10-22 08:16 - 2012-11-02 10:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-10-22 08:16 - 2012-10-22 08:16 - 00001153 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-10-22 06:42 - 2012-10-08 05:20 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Desktop\mbam-setup-1.65.0.1400.exe
2012-10-22 06:41 - 2012-10-22 06:41 - 00181816 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2012-10-22 06:41 - 2012-10-22 06:41 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2012-10-22 06:41 - 2012-10-22 06:41 - 00000000 ____D C:\Users\Administrator\Documents\IBM
2012-10-22 06:41 - 2012-10-22 06:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2012-10-22 06:41 - 2012-10-22 06:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel Corporation
2012-10-22 06:41 - 2012-10-22 06:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\IBM
2012-10-22 06:41 - 2012-10-22 06:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2012-10-22 06:41 - 2012-10-22 06:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2012-10-22 06:41 - 2012-10-22 01:53 - 00000000 ____D C:\users\Administrator
2012-10-22 05:30 - 2012-10-22 05:30 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-10-22 05:30 - 2012-10-22 05:30 - 00000000 ____D C:\Program Files\iTunes
2012-10-22 05:30 - 2012-10-22 05:30 - 00000000 ____D C:\Program Files\iPod
2012-10-22 05:30 - 2012-10-22 05:30 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-10-22 05:30 - 2012-10-22 02:13 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-22 05:30 - 2012-08-21 10:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys

==================== One Month Modified Files and Folders =======

2012-11-19 13:43 - 2012-11-07 14:06 - 00327680 ____A C:\Windows\System32\Ikeext.etl
2012-11-19 13:43 - 2009-07-13 21:10 - 01478131 ____A C:\Windows\WindowsUpdate.log
2012-11-19 13:42 - 2012-11-19 13:42 - 00000000 ____D C:\FRST
2012-11-19 13:41 - 2009-07-13 21:13 - 00779306 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-19 13:30 - 2011-03-23 12:29 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-19 12:47 - 2012-10-10 06:41 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-19 11:15 - 2009-07-13 20:45 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-19 11:15 - 2009-07-13 20:45 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-19 11:08 - 2011-03-23 12:29 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-19 11:07 - 2012-10-10 13:20 - 00014042 ____A C:\Windows\setupact.log
2012-11-19 11:07 - 2011-03-16 23:21 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-11-19 11:07 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-19 11:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2012-11-16 13:34 - 2011-10-11 12:05 - 00000000 ____D C:\GMap Projects
2012-11-15 15:02 - 2012-10-30 13:05 - 00001312 ____A C:\Users\JULIETTEC-PC\Desktop\JULIETTEPRT.WS
2012-11-15 14:16 - 2012-10-30 11:52 - 00000000 ____D C:\Users\JULIETTEC-PC\Desktop\Phone_Numbers
2012-11-15 06:47 - 2012-11-15 06:47 - 00000000 ____A C:\Users\JULIETTEC-PC\defogger_reenable
2012-11-15 06:47 - 2012-10-30 11:09 - 00000000 ____D C:\users\JULIETTEC-PC
2012-11-15 06:42 - 2012-11-14 09:46 - 00000000 ____D C:\Users\JULIETTEC-PC\Desktop\BleepingComputer
2012-11-14 09:50 - 2012-11-14 09:50 - 00028390 ____A C:\Users\JULIETTEC-PC\Desktop\attach.txt
2012-11-14 09:49 - 2012-11-14 09:50 - 00026164 ____A C:\Users\JULIETTEC-PC\Desktop\dds.txt
2012-11-13 13:44 - 2012-10-30 12:42 - 00001279 ____A C:\Users\JULIETTEC-PC\Desktop\JULIETTE1.WS
2012-11-13 13:15 - 2012-10-30 12:44 - 00001181 ____A C:\Users\JULIETTEC-PC\Desktop\JULIETTE2.WS
2012-11-13 10:04 - 2012-11-13 10:03 - 00000000 ___DC C:\Users\JULIETTEC-PC\AppData\Local\MigWiz
2012-11-13 06:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-11-12 15:59 - 2012-11-12 15:59 - 00289264 ____A C:\Windows\Minidump\111212-27206-01.dmp
2012-11-12 15:59 - 2012-11-10 04:37 - 1045184625 ____A C:\Windows\MEMORY.DMP
2012-11-12 15:59 - 2011-11-13 17:06 - 00000000 ____D C:\Windows\Minidump
2012-11-10 04:37 - 2012-11-10 04:37 - 00291376 ____A C:\Windows\Minidump\111012-47049-01.dmp
2012-11-09 15:00 - 2012-11-01 10:50 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Local\Google
2012-11-09 14:36 - 2012-10-30 11:50 - 00000000 ____D C:\Users\JULIETTEC-PC\Desktop\malware tools
2012-11-09 14:20 - 2012-11-07 06:46 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2012-11-09 12:06 - 2012-11-09 12:06 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\InstallShield
2012-11-09 12:06 - 2011-03-16 21:45 - 00000000 ____D C:\Program Files (x86)\Intel
2012-11-08 12:25 - 2012-11-07 11:53 - 00000000 ____D C:\Users\JULIETTEC-PC\Desktop\RK_Quarantine
2012-11-08 07:31 - 2012-11-08 07:31 - 00000000 ____D C:\Users\JULIETTEC-PC\backup
2012-11-08 07:29 - 2012-11-08 07:29 - 00000000 ____D C:\$WINDOWS.~BT
2012-11-08 07:29 - 2012-10-24 06:04 - 00026448 ____A C:\Windows\diagwrn.xml
2012-11-08 07:29 - 2012-10-24 06:04 - 00001908 ____A C:\Windows\diagerr.xml
2012-11-08 07:15 - 2012-10-10 13:20 - 00000000 ____A C:\Windows\setuperr.log
2012-11-08 06:15 - 2012-11-01 13:22 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Local\VirtualStore
2012-11-07 18:15 - 2012-11-08 06:09 - 00025477 ____A C:\Users\JULIETTEC-PC\Desktop\raspppoe1.zip
2012-11-07 15:04 - 2012-11-07 15:04 - 00000000 ____D C:\Program Files (x86)\DLLSuite
2012-11-07 14:11 - 2011-03-21 11:24 - 00181816 ____A C:\Users\mapping\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-07 12:28 - 2012-11-07 12:28 - 00688901 ____R (Swearware) C:\Users\JULIETTEC-PC\Downloads\dds.scr
2012-11-07 11:51 - 2012-11-07 11:51 - 00662016 ____A C:\Users\JULIETTEC-PC\Downloads\RogueKiller.exe
2012-11-07 11:47 - 2012-11-07 11:47 - 00050477 ____A C:\Users\JULIETTEC-PC\Downloads\Defogger.exe
2012-11-07 11:16 - 2012-07-11 05:20 - 00002413 ____A C:\Windows\SysWOW64\lgAxconfig.ini
2012-11-07 06:41 - 2012-11-07 06:38 - 19620864 ____A (Luis Cobian, CobianSoft) C:\Users\JULIETTEC-PC\Downloads\cbSetup.exe
2012-11-07 06:03 - 2012-11-07 06:02 - 00996720 ____A (Solid State Networks) C:\Users\JULIETTEC-PC\Downloads\install_flashplayer11x32axau_mssd_aih.exe
2012-11-06 10:04 - 2012-10-30 05:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-11-06 09:18 - 2012-10-10 13:20 - 00011484 ____A C:\Windows\PFRO.log
2012-11-06 08:12 - 2012-11-06 08:12 - 01679264 ____A (Bleeping Computer, LLC) C:\Users\JULIETTEC-PC\Downloads\rkill.com
2012-11-06 07:46 - 2012-11-06 07:45 - 01153912 ____A (Emsi Software GmbH) C:\Users\JULIETTEC-PC\Downloads\BlitzBlank.exe
2012-11-06 07:08 - 2012-10-10 08:35 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-11-06 06:43 - 2011-03-24 12:17 - 00000895 ____A C:\Windows\ODBC.INI
2012-11-06 06:38 - 2012-11-06 06:33 - 00000000 ___SD C:\32788R22FWJFW
2012-11-06 06:32 - 2012-10-10 13:02 - 04997881 ____A (Swearware) C:\Users\JULIETTEC-PC\Downloads\ComboFix.exe
2012-11-05 11:18 - 2012-11-05 11:18 - 00034760 ____A (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2012-11-05 11:18 - 2012-11-05 11:18 - 00032480 ____A (Greatis Software) C:\Windows\SysWOW64\Partizan.exe
2012-11-05 07:28 - 2012-11-01 12:38 - 00000000 ____D C:\Users\All Users\Browser Manager
2012-11-05 07:04 - 2012-11-01 13:35 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Local\ESRI
2012-11-05 05:56 - 2012-11-05 05:56 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Local\Apple
2012-11-02 13:00 - 2012-11-02 06:39 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\Apple Computer
2012-11-02 11:26 - 2009-07-13 19:20 - 00000000 ___RD C:\Users\Public\Libraries
2012-11-02 11:21 - 2011-03-23 12:30 - 00000000 ____D C:\Users\JULIETTEC-PC\TAX_Sales
2012-11-02 10:14 - 2012-10-22 08:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-11-02 06:39 - 2012-11-02 06:39 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Local\Apple Computer
2012-11-02 06:38 - 2012-11-02 06:38 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\Amazon
2012-11-02 06:37 - 2012-11-02 06:37 - 00002217 ____A C:\Users\Public\Desktop\Amazon Cloud Player.lnk
2012-11-02 06:37 - 2012-11-02 06:36 - 02964128 ____A C:\Users\JULIETTEC-PC\Downloads\AmazonMP3DownloaderInstall(2).exe
2012-11-02 06:37 - 2012-05-21 06:04 - 00000000 ____D C:\Program Files (x86)\Amazon
2012-11-02 06:10 - 2012-07-30 10:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-11-02 05:11 - 2012-11-02 05:11 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\Xerox
2012-11-02 05:06 - 2009-07-13 20:45 - 00589200 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-01 13:57 - 2012-02-27 07:40 - 00000000 ____D C:\GISDATA
2012-11-01 13:51 - 2011-03-21 13:44 - 00000000 ____D C:\Users\JULIETTEC-PC\Documents\ArcGIS
2012-11-01 13:35 - 2012-11-01 13:35 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\NVIDIA
2012-11-01 13:35 - 2012-11-01 13:35 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\ESRI
2012-11-01 13:35 - 2012-11-01 13:07 - 00181816 ____A C:\Users\JULIETTEC-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-01 13:27 - 2012-11-01 13:27 - 00000000 ____D C:\Users\All Users\FLEXnet
2012-11-01 13:21 - 2012-11-01 13:21 - 00000000 ____D C:\Program Files (x86)\ArcGIS
2012-11-01 12:55 - 2012-11-01 12:55 - 00000000 ____D C:\MATS
2012-11-01 12:52 - 2012-11-01 12:52 - 00347424 ____A (Microsoft Corporation) C:\Users\JULIETTEC-PC\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe
2012-11-01 12:38 - 2012-11-01 12:38 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\Babylon
2012-11-01 12:38 - 2012-11-01 12:38 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Local\Savings Sidekick
2012-11-01 12:38 - 2012-11-01 12:38 - 00000000 ____D C:\Users\All Users\Babylon
2012-11-01 12:36 - 2012-11-01 12:36 - 00373472 ____A (Softonic) C:\Users\JULIETTEC-PC\Downloads\SoftonicDownloader_for_microsoft-windows-installer.exe
2012-11-01 12:35 - 2012-11-01 12:35 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Local\Macromedia
2012-11-01 12:34 - 2012-11-01 12:34 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Local\Mozilla
2012-11-01 12:34 - 2012-10-30 11:29 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\Mozilla
2012-11-01 12:17 - 2012-11-01 12:17 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Local\Citrix
2012-11-01 12:17 - 2012-10-22 11:26 - 00103272 ____A C:\Users\JULIETTEC-PC\GoToAssistDownloadHelper.exe
2012-11-01 12:14 - 2012-11-01 12:14 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Local\Deployment
2012-11-01 12:14 - 2012-11-01 12:14 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Local\Apps\2.0
2012-11-01 11:23 - 2012-11-01 11:23 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\SUPERAntiSpyware.com
2012-11-01 10:48 - 2012-10-30 12:16 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\Download Manager
2012-11-01 10:43 - 2012-11-01 10:43 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\WinRAR
2012-11-01 06:25 - 2012-11-01 06:25 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Local\Adobe
2012-11-01 06:25 - 2012-10-30 11:10 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\Adobe
2012-11-01 05:37 - 2012-11-01 05:37 - 00153256 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2012-10-30 16:38 - 2012-10-30 12:17 - 322076672 ____A C:\Users\JULIETTEC-PC\Documents\ArcGIS_Desktop_101_129026.iso
2012-10-30 13:30 - 2012-10-30 11:50 - 00000000 ____D C:\Users\JULIETTEC-PC\Desktop\Jenny_L
2012-10-30 12:42 - 2012-10-30 12:42 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\IBM
2012-10-30 12:41 - 2012-10-30 12:20 - 00000030 ____A C:\Windows\epcswin.ini
2012-10-30 11:51 - 2012-10-30 11:50 - 00000000 ____D C:\Users\JULIETTEC-PC\Desktop\NewArcGis
2012-10-30 11:50 - 2012-10-30 11:50 - 00000000 ____D C:\Users\JULIETTEC-PC\Desktop\Hwy 281 Buffer
2012-10-30 11:44 - 2012-10-30 11:44 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-30 11:44 - 2012-10-30 11:44 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\Malwarebytes
2012-10-30 11:44 - 2012-09-17 06:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-30 11:29 - 2012-10-30 11:29 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Local\Thunderbird
2012-10-30 11:12 - 2012-10-30 11:12 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\Thunderbird
2012-10-30 11:10 - 2012-10-30 11:10 - 00000000 ____D C:\Users\JULIETTEC-PC\Desktop\Geospan Data
2012-10-30 11:10 - 2012-10-30 11:10 - 00000000 ____D C:\Users\JULIETTEC-PC\AppData\Roaming\Macromedia
2012-10-30 11:09 - 2012-10-30 11:09 - 00000020 ___SH C:\Users\JULIETTEC-PC\ntuser.ini
2012-10-30 10:56 - 2012-10-30 10:56 - 00000000 ____D C:\Users\User\AppData\Roaming\Thunderbird
2012-10-30 10:53 - 2012-10-30 10:53 - 00000000 ____D C:\Users\User\AppData\Roaming\Mozilla
2012-10-30 10:53 - 2012-10-30 10:53 - 00000000 ____D C:\Users\User\AppData\Local\Thunderbird
2012-10-30 10:37 - 2012-10-30 10:37 - 00000000 ____D C:\Users\User\Desktop\Geospan Data
2012-10-30 10:34 - 2012-10-30 10:34 - 00000000 ____D C:\Users\JULIETTEC-PC\AA_PHONE_NUMBERS
2012-10-30 10:34 - 2012-10-30 10:34 - 00000000 ____D C:\Users\JULIETTEC-PC\.vec
2012-10-30 10:34 - 2012-10-30 10:34 - 00000000 ____D C:\Users\JULIETTEC-PC\.metadata
2012-10-30 10:34 - 2012-10-30 10:34 - 00000000 ____D C:\Users\JULIETTEC-PC\.idlerc
2012-10-30 10:28 - 2012-10-30 10:28 - 00000000 ____D C:\Users\User\AppData\Roaming\Macromedia
2012-10-30 10:26 - 2012-10-30 10:26 - 00000020 __ASH C:\Users\User\ntuser.ini
2012-10-30 10:26 - 2012-10-30 10:26 - 00000000 ____D C:\Users\User\AppData\Roaming\Adobe
2012-10-30 10:07 - 2012-09-24 16:34 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-10-30 07:26 - 2011-12-08 12:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2012-10-30 07:24 - 2012-10-30 07:24 - 00153256 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2012-10-30 05:41 - 2012-10-30 05:41 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-10-30 05:41 - 2012-10-30 05:41 - 00000000 ____D C:\Program Files\AVAST Software
2012-10-30 05:30 - 2012-10-30 05:30 - 00001264 ____A C:\Users\Public\Desktop\Spybot - Search & Destroy.lnk
2012-10-30 05:30 - 2011-04-06 11:24 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-10-30 05:26 - 2012-10-30 05:26 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-10-30 05:26 - 2012-10-30 05:26 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-10-24 16:27 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-10-24 11:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-10-24 11:40 - 2012-10-24 11:19 - 332323615 ____A C:\Users\JULIETTEC-PC\Downloads\Windows6.1-KB947821-v24-x64.msu.wtycyaw.partial
2012-10-24 11:13 - 2012-10-24 11:13 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-10-24 11:12 - 2011-03-16 23:21 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-10-24 10:45 - 2012-10-24 10:44 - 16985648 ____A (Microsoft Corporation) C:\Users\JULIETTEC-PC\Downloads\Windows-KB890830-V4.13.exe
2012-10-24 07:09 - 2012-10-22 13:54 - 00005142 ____A C:\Windows\KB893803v2.log
2012-10-24 06:51 - 2012-10-24 06:19 - 414033788 ____A C:\Users\JULIETTEC-PC\Downloads\ArcReader101Windows.zip
2012-10-23 02:18 - 2012-10-30 05:42 - 00984144 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-10-23 02:18 - 2012-10-30 05:42 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-10-23 02:18 - 2012-10-30 05:42 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-10-23 02:17 - 2012-10-30 05:42 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-10-23 02:17 - 2012-10-30 05:41 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-10-23 02:17 - 2012-10-30 05:41 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-10-22 13:52 - 2012-10-22 13:52 - 00000000 ____D C:\Users\JULIETTEC-PC\Documents\ArcGIS 10.1
2012-10-22 11:59 - 2011-03-21 13:37 - 00000000 ____D C:\Users\All Users\FlexNet_Old
2012-10-22 11:08 - 2012-03-09 07:57 - 00000000 ____D C:\Program Files\Bonjour
2012-10-22 10:59 - 2011-10-03 12:25 - 00000000 ____D C:\Windows\pss
2012-10-22 10:23 - 2012-10-30 11:10 - 00001539 ____A C:\Users\JULIETTEC-PC\Desktop\Internet Explorer.lnk
2012-10-22 10:21 - 2012-10-10 13:05 - 00000000 ____D C:\Qoobox
2012-10-22 08:46 - 2011-03-16 23:52 - 00000000 ____D C:\dell
2012-10-22 08:39 - 2012-10-30 09:08 - 00000000 ____A C:\Windows\System32\Drivers\etc\hosts.20121030-120855.backup
2012-10-22 08:39 - 2009-07-13 18:34 - 00000000 ____A C:\Windows\System32\Drivers\etc\networks
2012-10-22 08:30 - 2012-10-22 08:30 - 00002119 ____A C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
2012-10-22 08:30 - 2012-10-22 08:30 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-10-22 08:30 - 2012-10-22 08:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-10-22 08:30 - 2011-04-06 11:18 - 00001945 ____A C:\Windows\epplauncher.mif
2012-10-22 08:29 - 2012-10-22 08:29 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2012-10-22 08:29 - 2011-03-23 12:33 - 00000000 ____D C:\Users\All Users\Adobe
2012-10-22 08:25 - 2012-10-22 08:25 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2012-10-22 08:24 - 2012-10-22 08:25 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-10-22 08:24 - 2012-10-22 08:25 - 00289768 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-10-22 08:24 - 2012-10-22 08:25 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2012-10-22 08:24 - 2011-03-16 21:43 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-10-22 08:24 - 2011-03-16 21:43 - 00189416 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-10-22 08:24 - 2011-03-16 21:43 - 00188904 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-10-22 08:24 - 2011-03-16 21:43 - 00000000 ____D C:\Program Files\Java
2012-10-22 08:22 - 2012-10-22 08:22 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-10-22 08:22 - 2012-10-22 08:22 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-10-22 08:22 - 2012-09-24 16:31 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2012-10-22 08:22 - 2012-09-24 16:31 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-10-22 08:22 - 2012-09-24 16:31 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-10-22 08:22 - 2011-03-16 21:43 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-10-22 08:22 - 2011-03-16 21:43 - 00000000 ____D C:\Program Files (x86)\Java
2012-10-22 08:19 - 2012-10-22 08:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-10-22 08:19 - 2012-10-22 08:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-10-22 08:17 - 2012-10-10 06:41 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-10-22 08:17 - 2012-10-10 06:41 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-10-22 08:16 - 2012-10-22 08:16 - 00001153 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-10-22 07:45 - 2012-09-24 16:33 - 00000000 ____D C:\Users\All Users\SecTaskMan
2012-10-22 06:41 - 2012-10-22 06:41 - 00181816 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2012-10-22 06:41 - 2012-10-22 06:41 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2012-10-22 06:41 - 2012-10-22 06:41 - 00000000 ____D C:\Users\Administrator\Documents\IBM
2012-10-22 06:41 - 2012-10-22 06:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2012-10-22 06:41 - 2012-10-22 06:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel Corporation
2012-10-22 06:41 - 2012-10-22 06:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\IBM
2012-10-22 06:41 - 2012-10-22 06:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2012-10-22 06:41 - 2012-10-22 06:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2012-10-22 05:30 - 2012-10-22 05:30 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-10-22 05:30 - 2012-10-22 05:30 - 00000000 ____D C:\Program Files\iTunes
2012-10-22 05:30 - 2012-10-22 05:30 - 00000000 ____D C:\Program Files\iPod
2012-10-22 05:30 - 2012-10-22 05:30 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-10-22 05:30 - 2012-03-09 07:58 - 00000000 ____D C:\Users\All Users\Apple Computer
2012-10-22 02:13 - 2012-10-22 05:30 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-22 01:53 - 2012-10-22 06:41 - 00000000 ____D C:\users\Administrator
2012-10-22 01:53 - 2011-03-21 11:23 - 00000000 ____D C:\users\mapping

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-10 12:27:08
Restore point made on: 2012-10-10 12:32:39
Restore point made on: 2012-10-10 13:23:20
Restore point made on: 2012-10-11 06:38:49
Restore point made on: 2012-10-16 05:09:25
Restore point made on: 2012-10-19 05:19:35
Restore point made on: 2012-10-19 11:02:24
Restore point made on: 2012-10-19 11:06:41
Restore point made on: 2012-10-22 08:44:35

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 8125.59 MB
Available physical RAM: 7057.13 MB
Total Pagefile: 8123.74 MB
Available Pagefile: 7047.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:920.32 GB) (Free:668.68 GB) NTFS
2 Drive e: (WIN_7_PROFESSIONAL) (CDROM) (Total:5.75 GB) (Free:0 GB) UDF
3 Drive f: (RALLY2) (Removable) (Total:3.73 GB) (Free:0.62 GB) FAT32
4 Drive g: (External Backup) (Fixed) (Total:465.76 GB) (Free:209.51 GB) NTFS
5 Drive h: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
6 Drive i: () (Removable) (Total:1.91 GB) (Free:1.72 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (RECOVERY) (Fixed) (Total:10.76 GB) (Free:4.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive y: detected. Check for MBR/Partition infection.

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 3824 MB 0 B
Disk 2 Online 465 GB 1024 KB
Disk 3 Online 1953 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 10 GB 40 MB
Partition 3 Primary 920 GB 10 GB
Partition 4 Primary 10 MB 931 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y RECOVERY NTFS Partition 10 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 920 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 24 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F RALLY2 FAT32 Removable 3823 MB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 31 KB

==================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 G External Ba NTFS Partition 465 GB Healthy

=========================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1952 MB 122 KB

==================================================================================

Disk: 3
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I FAT Removable 1952 MB Healthy

=========================================================

Last Boot: 2012-11-15 07:13

==================== End Of Log =============================



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:01 AM

Posted 19 November 2012 - 06:11 PM

Hello,


Please Run the following tools and post their logs.

1.
Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


3.
Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    Posted Image
  • Click the Search button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.

4.
Please download Listparts
Please download Listparts64
Run the tool, click Scan and post the log (Result.txt) it makes.


Things to include in your next reply::
TdssKiller log
Combofix.txt
AdwCleaner log
Results.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 gkwannab

gkwannab
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 19 November 2012 - 10:09 PM

Since I'm not able to get online right now, is there another way to install the Windows Recovery Console? If I don't have a way to install it, should I still run the ComboFix?

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:01 AM

Posted 19 November 2012 - 10:51 PM

Go ahead and run it without it.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 gkwannab

gkwannab
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 20 November 2012 - 03:58 PM

I was unable to run the TDSSKiller. I downloaded it to my flash drive and tried to run it on my computer. I moved it from the flash drive to my computer desktop. It failed to even open. I tried downloading it again and changed the name like the website suggested and still I cannot open or run the tool. I also tried running as administrator and I believe I have full administrator priviledges on the computer. So I didn't run any of the other tools either. I didn't want to ruin anything further. What should I do next and could you list any alternatives in case I can't run the tools in order that you list them? It seems that the settings for this tool is set as Windows 7 XP Service Pak 3. My computer has Windows 7 Professional Service Pak 1. I'm not sure if compatibility is an issue or not. Thanks.

Edited by gkwannab, 20 November 2012 - 04:00 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users