Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI DOJ Greenpack virus


  • This topic is locked This topic is locked
5 replies to this topic

#1 Patj3916

Patj3916

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 20 December 2012 - 11:41 PM

Hello all, I recently was infected by the "FBI DOJ Greenpak virus" and my local computer charged me $80.00 to clean my computer. Two days later I got the same virus with a slightly different official looking full page scam wanting money to unlock my computer. Using my wife's computer I searched and found all the remedies none which worked on my computer. Here is the problem, the virus was also in my Safe Mode so that approach does not work because when I signed in while in safe mode the virus took over that screen also. Even though I am not a computer geek I feel if the computer store can get into my system and remove this overwhelming virus I should be able to do the same. The computer tech said I would need to know how to move around in DOS. Is it that complicated or can a novice accomplish the same results?
Best Regards,
Pat

Edited by Orange Blossom, 21 December 2012 - 12:18 AM.
Move to AII from Windows 7. ~ OB


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:28 PM

Posted 21 December 2012 - 11:23 AM

I'll report this topic to appropriate helpers.
Hold on...

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:28 PM

Posted 21 December 2012 - 05:10 PM

Hello and welcome to BleepingComputer! :welcome:

My name is Thisisu and I will be helping you with your malware related computer problems.

I do have some basic rules while we are working together so please read and follow them:


  • Be specific!
    • If you come across a problem while performing any of the steps listed here, do not simply state "It did not work." Tell me the exact error you encountered if one was given to you. For example, this is a much better response: "When I ran the ____ tool, an error box appeared on my screen and said 'Illegal operation attempted on a registry key that has been marked for deletion.'. There is only an 'OK' button in the box."
  • Do not run any scans/fixes on your own!
    • If at any time you feel that you can handle the rest of your computer problems on your own without my help, just let me know! I will not be offended as there are others that need help with their computers. However, do not perform scans and/or fixes that I have not asked you to do on your own and then expect me to continue helping you because I will not!
  • I will close the topic if I have not heard a response from you within 72 hours.
    • If you are going to be away, just let me know and I will leave the topic open until you can return.

Let's begin:


  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flash drive into the infected PC.
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html


    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[/list]

#4 Patj3916

Patj3916
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 21 December 2012 - 07:33 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-12-2012
Ran by Owner at 21-12-2012 18:26:29
Running from E:\
Service Pack 1 (X86) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2012-12-21 18:22 - 2012-12-21 18:26 - 00000000 ____D C:\FRST
2012-12-21 18:20 - 2012-12-21 18:21 - 00907988 ____A (Farbar) C:\Users\Owner\Downloads\FRST.exe
2012-12-21 09:58 - 2012-12-16 08:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-21 09:58 - 2012-12-16 08:13 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-20 18:36 - 2012-12-21 18:15 - 00000112 ____A C:\Windows\setupact.log
2012-12-20 18:36 - 2012-12-20 18:36 - 00001942 ____A C:\Windows\PFRO.log
2012-12-20 18:36 - 2012-12-20 18:36 - 00000000 ____A C:\Windows\setuperr.log
2012-12-20 13:38 - 2012-12-20 13:38 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-12-20 13:37 - 2012-12-20 18:33 - 00000000 ____D C:\Windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-12-18 11:57 - 2012-12-18 11:57 - 00000000 ____D C:\Users\Owner\AppData\Roaming\AVG2013
2012-12-18 11:48 - 2012-12-18 11:48 - 00000935 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2012-12-18 11:47 - 2012-12-18 11:49 - 00000000 ____D C:\Users\All Users\AVG2013
2012-12-18 11:47 - 2012-12-18 11:47 - 00000000 ___HD C:\$AVG
2012-12-18 11:44 - 2012-12-18 12:56 - 00000000 ____D C:\Users\Owner\AppData\Local\Avg2013
2012-12-17 15:38 - 2012-12-17 15:41 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-17 15:38 - 2012-09-29 19:54 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-12-17 15:13 - 2012-11-13 20:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-17 15:13 - 2012-11-13 20:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-17 15:13 - 2012-11-13 20:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-17 15:13 - 2012-11-13 19:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-17 15:13 - 2012-11-13 19:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-17 15:13 - 2012-11-13 19:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-17 15:13 - 2012-11-13 19:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-17 15:13 - 2012-11-13 19:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-17 15:13 - 2012-11-13 19:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-17 15:13 - 2012-11-13 19:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-17 15:13 - 2012-11-13 19:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-17 15:13 - 2012-11-13 19:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-17 15:13 - 2012-11-13 19:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-17 15:13 - 2012-11-13 19:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-17 15:13 - 2012-11-13 19:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-17 15:13 - 2012-11-13 19:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-17 15:00 - 2012-11-21 20:56 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-17 15:00 - 2012-11-01 23:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-17 15:00 - 2012-10-04 10:47 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-17 15:00 - 2012-10-04 10:43 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-17 15:00 - 2012-10-04 10:43 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-17 15:00 - 2012-10-04 10:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-17 15:00 - 2012-10-04 10:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-17 15:00 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-17 15:00 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-17 15:00 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-17 15:00 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-17 15:00 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-17 15:00 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-17 15:00 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-17 15:00 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-17 15:00 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-17 15:00 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-17 15:00 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-17 15:00 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-17 15:00 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-17 15:00 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-17 15:00 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-17 15:00 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-17 15:00 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-17 15:00 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-17 15:00 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-17 15:00 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-17 15:00 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-17 15:00 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-17 15:00 - 2012-10-04 08:57 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-17 15:00 - 2012-10-04 08:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-17 15:00 - 2012-10-04 08:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-17 15:00 - 2012-10-04 08:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-17 15:00 - 2012-10-04 08:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-17 14:59 - 2012-11-08 22:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-17 14:53 - 2012-12-17 14:53 - 00001413 ____A C:\Users\Owner\Desktop\Internet Explorer (2).lnk
2012-12-17 14:49 - 2012-12-17 14:49 - 00014119 ____A C:\ComboFix.txt
2012-12-13 21:25 - 2012-12-13 21:25 - 00000000 ____D C:\Users\Owner\AppData\Roaming\GTek
2012-12-13 21:25 - 2012-12-13 21:25 - 00000000 ____D C:\Users\All Users\Gtek
2012-12-12 13:44 - 2012-12-17 15:41 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-12-05 20:12 - 2012-12-05 20:12 - 00002117 ____A C:\Users\Owner\Desktop\Microsoft Security Essentials.lnk
2012-12-05 20:09 - 2012-12-05 20:10 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-12-03 03:24 - 2012-12-03 03:24 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TuneUp Software
2012-12-03 03:17 - 2012-12-21 16:52 - 00000000 ____D C:\Users\All Users\MFAData
2012-12-03 03:17 - 2012-12-03 03:17 - 00000000 ____D C:\Users\Owner\AppData\Local\MFAData
2012-11-27 22:51 - 2012-11-27 23:03 - 00000000 ____D C:\Users\Owner\AppData\Local\SwvUpdater
2012-11-27 22:39 - 2012-12-21 18:25 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-27 22:39 - 2012-12-21 18:17 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-27 22:39 - 2012-11-27 22:39 - 00000000 ____D C:\Program Files\GUMEC8F.tmp
2012-11-27 22:38 - 2012-12-17 16:29 - 00000000 ____D C:\Users\All Users\Google
2012-11-26 07:49 - 2012-08-23 08:48 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2012-11-26 07:49 - 2012-08-23 08:44 - 00014848 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2012-11-26 07:49 - 2012-08-23 08:41 - 00027136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys
2012-11-26 07:49 - 2012-08-23 08:40 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2012-11-26 07:49 - 2012-08-23 08:10 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2012-11-26 07:49 - 2012-08-23 08:10 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2012-11-26 07:49 - 2012-08-23 07:52 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2012-11-26 07:49 - 2012-08-23 07:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2012-11-26 07:49 - 2012-08-23 07:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2012-11-26 07:49 - 2012-08-23 07:32 - 00032768 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2012-11-26 07:49 - 2012-08-23 07:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2012-11-26 07:49 - 2012-08-23 05:40 - 00056320 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2012-11-26 07:49 - 2012-08-23 05:32 - 00317440 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2012-11-26 07:49 - 2012-08-23 05:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2012-11-26 07:49 - 2012-08-23 05:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2012-11-26 07:49 - 2012-08-23 04:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2012-11-26 07:49 - 2012-08-23 04:08 - 02739712 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-11-26 07:49 - 2012-08-23 02:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2012-11-26 07:46 - 2012-08-24 11:05 - 00136560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-11-26 07:46 - 2012-08-24 11:02 - 00369856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-11-26 07:46 - 2012-08-24 10:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-11-26 07:46 - 2012-08-24 10:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-11-26 07:46 - 2012-08-24 10:56 - 01039360 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-11-23 16:44 - 2012-11-24 13:34 - 00000000 ____D C:\Users\Owner\Documents\Battlefield Heroes
2012-11-22 23:12 - 2006-05-25 15:52 - 00162304 ____A C:\Windows\System32\ztvunrar36.dll
2012-11-22 23:05 - 2012-11-22 23:05 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Bandoo
2012-11-21 22:09 - 2012-11-23 08:25 - 00000386 ____A C:\Windows\System32\checkdnsid.xml
2012-11-21 21:48 - 2012-11-21 21:48 - 00000385 ____A C:\Windows\System32\user_gensett.xml
2012-11-21 21:48 - 2012-11-21 21:48 - 00000385 ____A C:\Users\Owner\AppData\Roaminguser_gensett.xml
2012-11-21 21:47 - 2012-11-21 21:47 - 00000000 ____D C:\Users\All Users\BDLogging
2012-11-21 21:46 - 2007-04-11 10:11 - 00511328 ____A (Microsoft Corporation) C:\Windows\capicom.dll
2012-11-21 21:42 - 2012-11-26 07:52 - 00000000 ____D C:\Program Files\Bitdefender
2012-11-21 21:13 - 2012-11-24 09:35 - 00000000 __SHD C:\Windows\System32\AI_RecycleBin
2012-11-21 18:19 - 2012-11-21 18:19 - 00001413 ____A C:\Users\Owner\Desktop\Internet Explorer.lnk
2012-11-21 18:09 - 2012-11-21 18:10 - 00000000 ____D C:\c5cd9f745207649b8fdb74edcad2
2012-11-21 18:04 - 2012-11-21 18:05 - 00000000 ____D C:\57fcfaa7833fa88a4534b6cab2ba9b97


==================== One Month Modified Files and Folders ========

2012-12-21 18:26 - 2012-12-21 18:22 - 00000000 ____D C:\FRST
2012-12-21 18:25 - 2012-11-27 22:39 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-12-21 18:24 - 2012-12-21 18:23 - 00000212 ____A C:\Users\Owner\Downloads\Search.txt
2012-12-21 18:21 - 2012-12-21 18:20 - 00907988 ____A (Farbar) C:\Users\Owner\Downloads\FRST.exe
2012-12-21 18:21 - 2009-07-13 22:34 - 00022720 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-21 18:21 - 2009-07-13 22:34 - 00022720 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-21 18:20 - 2010-11-20 15:01 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-21 18:19 - 2012-01-26 17:26 - 01544908 ____A C:\Windows\WindowsUpdate.log
2012-12-21 18:17 - 2012-11-27 22:39 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-12-21 18:17 - 2012-02-04 10:03 - 00000312 ____A C:\Windows\Tasks\GlaryInitialize.job
2012-12-21 18:15 - 2012-12-20 18:36 - 00000112 ____A C:\Windows\setupact.log
2012-12-21 18:15 - 2009-07-13 22:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-21 18:15 - 2009-07-13 22:33 - 00308528 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-21 17:47 - 2012-04-10 04:41 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-21 16:52 - 2012-12-03 03:17 - 00000000 ____D C:\Users\All Users\MFAData
2012-12-20 18:36 - 2012-12-20 18:36 - 00001942 ____A C:\Windows\PFRO.log
2012-12-20 18:36 - 2012-12-20 18:36 - 00000000 ____A C:\Windows\setuperr.log
2012-12-20 18:33 - 2012-12-20 13:37 - 00000000 ____D C:\Windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-12-20 13:38 - 2012-12-20 13:38 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-12-20 13:37 - 2012-05-28 14:17 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-12-19 09:29 - 2012-10-28 13:55 - 00000000 ____D C:\Users\Owner\AppData\Local\WeatherBug
2012-12-18 12:56 - 2012-12-18 11:44 - 00000000 ____D C:\Users\Owner\AppData\Local\Avg2013
2012-12-18 11:57 - 2012-12-18 11:57 - 00000000 ____D C:\Users\Owner\AppData\Roaming\AVG2013
2012-12-18 11:49 - 2012-12-18 11:47 - 00000000 ____D C:\Users\All Users\AVG2013
2012-12-18 11:48 - 2012-12-18 11:48 - 00000935 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2012-12-18 11:48 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\DriverStore
2012-12-18 11:47 - 2012-12-18 11:47 - 00000000 ___HD C:\$AVG
2012-12-18 11:47 - 2012-01-28 00:11 - 00000000 ____D C:\Program Files\AVG
2012-12-18 11:21 - 2012-01-27 11:48 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2012-12-17 17:17 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\rescache
2012-12-17 16:31 - 2012-07-18 11:22 - 00000000 ____D C:\Windows\erdnt
2012-12-17 16:31 - 2012-02-04 10:14 - 00000000 ____D C:\Users\Owner\AppData\Roaming\GlarySoft
2012-12-17 16:31 - 2012-02-04 10:03 - 00000000 ____D C:\Program Files\Glary Utilities
2012-12-17 16:31 - 2012-01-27 09:28 - 00000000 ____D C:\Windows\System32\Macromed
2012-12-17 16:31 - 2010-11-20 18:38 - 00000000 ____D C:\Windows\System32\winrm
2012-12-17 16:31 - 2009-07-13 22:52 - 00000000 ____D C:\Windows\Offline Web Pages
2012-12-17 16:31 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\wfp
2012-12-17 16:31 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\NDF
2012-12-17 16:31 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\registration
2012-12-17 16:31 - 2009-07-13 20:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2012-12-17 16:30 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Microsoft.NET
2012-12-17 16:29 - 2012-11-27 22:38 - 00000000 ____D C:\Users\All Users\Google
2012-12-17 15:47 - 2012-04-10 04:41 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-12-17 15:47 - 2012-01-27 09:28 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-12-17 15:41 - 2012-12-17 15:38 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-17 15:41 - 2012-12-12 13:44 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-12-17 15:20 - 2012-02-14 18:13 - 00000000 ____D C:\Users\All Users\Skype
2012-12-17 15:13 - 2012-01-26 16:29 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-12-17 15:10 - 2012-01-26 15:51 - 65087872 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-12-17 14:53 - 2012-12-17 14:53 - 00001413 ____A C:\Users\Owner\Desktop\Internet Explorer (2).lnk
2012-12-17 14:49 - 2012-12-17 14:49 - 00014119 ____A C:\ComboFix.txt
2012-12-17 14:49 - 2012-07-18 11:22 - 00000000 ____D C:\Qoobox
2012-12-17 14:46 - 2009-07-13 20:04 - 00000215 ____A C:\Windows\system.ini
2012-12-17 14:34 - 2012-01-26 15:30 - 00000000 ____D C:\users\Owner
2012-12-16 08:13 - 2012-12-21 09:58 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-16 08:13 - 2012-12-21 09:58 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-13 21:25 - 2012-12-13 21:25 - 00000000 ____D C:\Users\Owner\AppData\Roaming\GTek
2012-12-13 21:25 - 2012-12-13 21:25 - 00000000 ____D C:\Users\All Users\Gtek
2012-12-11 01:58 - 2012-01-26 17:22 - 00000000 ____D C:\Windows\Panther
2012-12-11 00:20 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\LiveKernelReports
2012-12-09 00:56 - 2012-10-27 11:23 - 00000000 ____D C:\Users\Owner\Documents\Battlefield Play4Free
2012-12-06 20:12 - 2012-07-22 19:49 - 00008192 ____A C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-06 20:01 - 2007-06-15 12:13 - 00000000 ____D C:\Users\Owner\Documents\Pat
2012-12-05 20:24 - 2012-05-19 10:35 - 00000000 ____D C:\Program Files\PC Speed Maximizer
2012-12-05 20:12 - 2012-12-05 20:12 - 00002117 ____A C:\Users\Owner\Desktop\Microsoft Security Essentials.lnk
2012-12-05 20:11 - 2012-01-28 18:45 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-12-05 20:10 - 2012-12-05 20:09 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-12-05 20:10 - 2012-01-27 11:46 - 00001945 ____A C:\Windows\epplauncher.mif
2012-12-05 19:53 - 2012-01-28 18:45 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2012-12-05 19:44 - 2012-01-23 10:33 - 00000329 ____A C:\Users\Owner\Downloads\.picasa.ini
2012-12-03 03:24 - 2012-12-03 03:24 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TuneUp Software
2012-12-03 03:17 - 2012-12-03 03:17 - 00000000 ____D C:\Users\Owner\AppData\Local\MFAData
2012-11-30 19:16 - 2012-02-04 10:03 - 00001024 ____A C:\Users\Owner\Desktop\Glary Utilities.lnk
2012-11-28 19:01 - 2012-01-27 11:48 - 00000000 ____D C:\Program Files\Google
2012-11-28 18:10 - 2012-01-26 16:31 - 00000000 ____D C:\Windows\PCHEALTH
2012-11-28 16:54 - 2012-01-29 01:08 - 00000000 ____D C:\Program Files\CCleaner
2012-11-28 16:54 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\AppCompat
2012-11-28 09:43 - 2012-01-29 01:08 - 00000965 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-11-27 23:03 - 2012-11-27 22:51 - 00000000 ____D C:\Users\Owner\AppData\Local\SwvUpdater
2012-11-27 22:39 - 2012-11-27 22:39 - 00000000 ____D C:\Program Files\GUMEC8F.tmp
2012-11-27 16:04 - 2012-05-29 05:27 - 00282104 ____A C:\Windows\System32\PnkBstrB.xtr
2012-11-27 16:04 - 2012-05-29 05:27 - 00234768 ____A C:\Windows\System32\PnkBstrB.ex0
2012-11-26 07:52 - 2012-11-21 21:42 - 00000000 ____D C:\Program Files\Bitdefender
2012-11-26 06:53 - 2012-05-28 14:17 - 00138056 ____A C:\Users\Owner\AppData\Roaming\PnkBstrK.sys
2012-11-25 18:56 - 2012-02-27 22:51 - 00000000 ____D C:\Program Files\Common Files\BitDefender
2012-11-24 17:59 - 2012-02-14 18:14 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2012-11-24 13:34 - 2012-11-23 16:44 - 00000000 ____D C:\Users\Owner\Documents\Battlefield Heroes
2012-11-24 09:36 - 2012-01-29 16:19 - 00000000 ____D C:\AeriaGames
2012-11-24 09:35 - 2012-11-21 21:13 - 00000000 __SHD C:\Windows\System32\AI_RecycleBin
2012-11-24 09:35 - 2012-06-01 13:00 - 00000000 ____D C:\Users\All Users\Aeria Games
2012-11-23 21:31 - 2009-05-19 11:46 - 00000000 ____D C:\Users\Owner\Documents\My Scans
2012-11-23 16:53 - 2012-05-29 05:27 - 00000000 ____D C:\Users\Owner\AppData\Local\PunkBuster
2012-11-23 16:30 - 2012-10-27 10:52 - 00000000 ____D C:\Program Files\EA Games
2012-11-23 08:25 - 2012-11-21 22:09 - 00000386 ____A C:\Windows\System32\checkdnsid.xml
2012-11-22 23:18 - 2012-02-28 17:51 - 00000000 ____D C:\Program Files\Trojan Remover
2012-11-22 23:05 - 2012-11-22 23:05 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Bandoo
2012-11-21 21:48 - 2012-11-21 21:48 - 00000385 ____A C:\Windows\System32\user_gensett.xml
2012-11-21 21:48 - 2012-11-21 21:48 - 00000385 ____A C:\Users\Owner\AppData\Roaminguser_gensett.xml
2012-11-21 21:47 - 2012-11-21 21:47 - 00000000 ____D C:\Users\All Users\BDLogging
2012-11-21 21:39 - 2012-02-27 22:48 - 00000000 ____D C:\Users\Owner\AppData\Roaming\QuickScan
2012-11-21 21:06 - 2009-07-13 22:52 - 00000000 ____D C:\Program Files\DVD Maker
2012-11-21 21:06 - 2009-07-13 20:37 - 00000000 __RSD C:\Windows\Media
2012-11-21 21:06 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Cursors
2012-11-21 20:56 - 2012-12-17 15:00 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-21 20:46 - 2012-11-20 08:07 - 00000000 ____D C:\Program Files\Common Files\Skype
2012-11-21 20:46 - 2012-11-18 13:35 - 00000000 ____D C:\Program Files\Conduit
2012-11-21 20:46 - 2012-08-30 08:47 - 00000000 ____D C:\Program Files\Common Files\PC Tools
2012-11-21 20:46 - 2012-08-30 00:55 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-11-21 20:46 - 2012-08-24 17:47 - 00000000 ____D C:\Program Files\Microsoft SkyDrive
2012-11-21 20:46 - 2012-08-24 17:46 - 00000000 ____D C:\Users\All Users\Microsoft SkyDrive
2012-11-21 20:46 - 2012-07-22 21:10 - 00000000 ____D C:\Program Files\GUMC673.tmp
2012-11-21 20:46 - 2012-03-24 10:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-11-21 20:46 - 2012-02-19 23:45 - 00000000 ____D C:\Program Files\Speccy
2012-11-21 20:46 - 2012-02-19 23:22 - 00000000 ____D C:\Program Files\Synaptics
2012-11-21 20:46 - 2012-02-19 16:14 - 00000000 ____D C:\Program Files\Common Files\Steam
2012-11-21 20:46 - 2012-02-14 18:13 - 00000000 ___RD C:\Program Files\Skype
2012-11-21 20:46 - 2012-02-09 11:22 - 00000000 ____D C:\Program Files\HTC
2012-11-21 20:46 - 2012-02-05 19:07 - 00000000 ____D C:\Program Files\Panda Security
2012-11-21 20:46 - 2012-01-27 14:22 - 00000000 ____D C:\Users\All Users\HP Product Assistant
2012-11-21 20:46 - 2012-01-27 14:20 - 00000000 ____D C:\Program Files\Common Files\HP
2012-11-21 20:46 - 2012-01-27 12:45 - 00000000 ____D C:\Program Files\Common Files\Hewlett-Packard
2012-11-21 20:46 - 2012-01-27 12:43 - 00000000 ____D C:\Program Files\HP
2012-11-21 20:46 - 2012-01-27 12:04 - 00000000 ____D C:\Users\All Users\PC Drivers HeadQuarters
2012-11-21 20:46 - 2012-01-27 11:32 - 00000000 ____D C:\Users\All Users\Hewlett-Packard
2012-11-21 20:46 - 2012-01-27 11:11 - 00000000 ____D C:\Users\All Users\HP
2012-11-21 20:46 - 2012-01-27 09:36 - 00000000 ____D C:\Program Files\Windows Live
2012-11-21 20:46 - 2012-01-27 09:27 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-11-21 20:46 - 2012-01-26 16:31 - 00000000 ____D C:\Program Files\Microsoft.NET
2012-11-21 20:46 - 2012-01-26 16:31 - 00000000 ____D C:\Program Files\Microsoft Works
2012-11-21 20:46 - 2012-01-26 16:31 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2012-11-21 20:46 - 2012-01-26 16:29 - 00000000 ____D C:\Program Files\Microsoft Office
2012-11-21 20:46 - 2010-11-20 18:47 - 00000000 ____D C:\Program Files\Windows Journal
2012-11-21 20:46 - 2009-07-13 22:52 - 00000000 ____D C:\Program Files\Windows Sidebar
2012-11-21 20:46 - 2009-07-13 22:52 - 00000000 ____D C:\Program Files\Windows Portable Devices
2012-11-21 20:46 - 2009-07-13 22:52 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2012-11-21 20:46 - 2009-07-13 22:52 - 00000000 ____D C:\Program Files\Windows Defender
2012-11-21 20:46 - 2009-07-13 22:52 - 00000000 ____D C:\Program Files\Reference Assemblies
2012-11-21 20:46 - 2009-07-13 22:52 - 00000000 ____D C:\Program Files\MSBuild
2012-11-21 20:46 - 2009-07-13 22:52 - 00000000 ____D C:\Program Files\Microsoft Games
2012-11-21 20:46 - 2009-07-13 20:37 - 00000000 ____D C:\Program Files\Windows NT
2012-11-21 20:46 - 2009-07-13 20:37 - 00000000 ____D C:\Program Files\Common Files\System
2012-11-21 20:46 - 2009-07-13 20:37 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-11-21 20:46 - 2009-07-13 20:37 - 00000000 ____D C:\Program Files\Common Files\Services
2012-11-21 20:45 - 2012-05-13 10:04 - 00000000 ____D C:\Windows\System32\Adobe
2012-11-21 20:45 - 2012-04-08 11:51 - 00000000 ____D C:\Windows\.jagex_cache_32
2012-11-21 20:45 - 2012-03-26 02:11 - 00000000 ____D C:\Windows\pss
2012-11-21 20:45 - 2012-02-16 03:07 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-11-21 20:45 - 2012-02-03 17:25 - 00000000 ____D C:\Windows\Hewlett-Packard
2012-11-21 20:45 - 2010-11-20 18:46 - 00000000 ____D C:\Windows\ShellNew
2012-11-21 20:45 - 2009-07-13 22:52 - 00000000 ____D C:\Windows\Performance
2012-11-21 20:45 - 2009-07-13 22:52 - 00000000 ____D C:\Windows\addins
2012-11-21 20:45 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\de-DE
2012-11-21 20:45 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\com
2012-11-21 20:45 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\bg-BG
2012-11-21 20:45 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\ar-SA
2012-11-21 20:45 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2012-11-21 20:45 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Speech
2012-11-21 20:45 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\security
2012-11-21 20:45 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\schemas
2012-11-21 20:45 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Resources
2012-11-21 20:45 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\PLA
2012-11-21 20:45 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\L2Schemas
2012-11-21 20:45 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\IME
2012-11-21 20:45 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Help
2012-11-21 20:45 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Globalization
2012-11-21 20:45 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Branding
2012-11-21 20:44 - 2010-11-20 18:38 - 00000000 ____D C:\Windows\System32\WCN
2012-11-21 20:44 - 2010-11-20 18:38 - 00000000 ____D C:\Windows\System32\slmgr
2012-11-21 20:44 - 2010-11-20 18:38 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2012-11-21 20:44 - 2009-07-13 22:52 - 00000000 ____D C:\Windows\twain_32
2012-11-21 20:44 - 2009-07-13 22:52 - 00000000 ____D C:\Windows\System32\WindowsPowerShell
2012-11-21 20:44 - 2009-07-13 22:52 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2012-11-21 20:44 - 2009-07-13 22:52 - 00000000 ____D C:\Windows\System32\restore
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\TAPI
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\zh-TW
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\zh-HK
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\zh-CN
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\uk-UA
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\tr-TR
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\th-TH
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\sv-SE
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\sr-Latn-CS
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\spp
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\spool
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\Speech
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\SMI
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\sl-SI
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\sk-SK
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\ru-RU
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\ro-RO
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\ras
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\pt-PT
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\pt-BR
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\pl-PL
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\nl-NL
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\NetworkList
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\nb-NO
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\MUI
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\Msdtc
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\lv-LV
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\lt-LT
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\ko-KR
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\ja-JP
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\it-IT
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\IME
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\icsxml
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\ias
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\hu-HU
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\hr-HR
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\he-IL
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\GroupPolicy
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\fr-FR
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\fi-FI
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\et-EE
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\el-GR
2012-11-21 20:44 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system
2012-11-21 18:19 - 2012-11-21 18:19 - 00001413 ____A C:\Users\Owner\Desktop\Internet Explorer.lnk
2012-11-21 18:10 - 2012-11-21 18:09 - 00000000 ____D C:\c5cd9f745207649b8fdb74edcad2
2012-11-21 18:05 - 2012-11-21 18:04 - 00000000 ____D C:\57fcfaa7833fa88a4534b6cab2ba9b97
2012-11-21 10:39 - 2012-01-26 16:18 - 00068696 ____A C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-21 02:29 - 2012-09-12 09:22 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE

ZeroAccess:
C:\Windows\Installer\{12ed301e-4e8b-6c14-c61b-1c65bcdc4911}
C:\Windows\Installer\{12ed301e-4e8b-6c14-c61b-1c65bcdc4911}\L
C:\Windows\Installer\{12ed301e-4e8b-6c14-c61b-1c65bcdc4911}\U

ZeroAccess:
C:\Users\Owner\AppData\Local\{12ed301e-4e8b-6c14-c61b-1c65bcdc4911}
C:\Users\Owner\AppData\Local\{12ed301e-4e8b-6c14-c61b-1c65bcdc4911}\L
C:\Users\Owner\AppData\Local\{12ed301e-4e8b-6c14-c61b-1c65bcdc4911}\U

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 3838.04 MB
Available physical RAM: 2461.21 MB
Total Pagefile: 7674.38 MB
Available Pagefile: 6219.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.64 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:148.95 GB) (Free:94.82 GB) NTFS
3 Drive e: (KINGSTON) (Removable) (Total:14.53 GB) (Free:14.38 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 14 GB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 148 GB 101 MB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 148 GB Healthy Boot

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 4032 KB

=========================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E KINGSTON FAT32 Removable 14 GB Healthy

=========================================================

Last Boot: 2012-12-15 00:54

==================== End Of Log ============================

#5 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:28 PM

Posted 21 December 2012 - 07:41 PM

Are you able to boot into Windows? Because this log suggests that you did not scan from the Recovery Environment command prompt.

#6 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:28 PM

Posted 26 December 2012 - 04:58 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users