Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Installed Hitman Pro and Now Computer won't boot


  • This topic is locked This topic is locked
6 replies to this topic

#1 renephotographer

renephotographer

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 03 February 2013 - 10:47 AM

Mod Edit:MOVED to Virus, Trojan, Spyware, and Malware Removal Logs ~~boopme


I'm stumped and frustrated that I fell victim to this program that caused my computer to crash. After installing Hitman Pro (I installed it because of all the Google Redirect probelems I was having) it did it's scan then told me it needed to reboot. However it will not reboot. I've gotten as far as being able to run the Farbar Recovery Tool; but have no idea what to do now. Any help is so much appreciated. Here is the log:

You can view the tour here:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-02-2013 02
Ran by SYSTEM at 03-02-2013 10:11:51
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16395880 2009-10-03] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1813288 2009-08-16] (Synaptics Incorporated)
HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [lxdimon.exe] "C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe" [434864 2007-07-16] ()
HKLM\...\Run: [lxdiamon] "C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe" [25264 2007-07-16] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SmartSoft PDF Printer Agent] "C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe" [52984 2012-06-05] ()
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-07-12] ()
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6937216 2009-10-09] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r [237693 2008-12-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd [x]
HKLM-x32\...\Run: [lxdimon.exe] "C:\Program Files (x86) (x86)\Lexmark 3500-4500 Series\lxdimon.exe" [434856 2009-04-27] ()
HKLM-x32\...\Run: [lxdiamon] "C:\Program Files (x86) (x86)\Lexmark 3500-4500 Series\lxdiamon.exe" [25256 2009-04-27] ()
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-10-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [996616 2009-08-30] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2011-01-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-03-01] (Apple Inc.)
HKLM-x32\...\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3825176 2012-11-13] (Safer-Networking Ltd.)
HKU\Guest\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-09-07] (Google Inc.)
HKU\Rene Scott\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
HKU\Rene Scott\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-09-07] (Google Inc.)
HKU\Rene Scott\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5629312 2012-11-01] (SUPERAntiSpyware.com)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\Guest\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\Rene Scott\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com)
2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-16] (ArcSoft Inc.)
2 AdobeActiveFileMonitor; C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [98304 2004-10-04] ()
2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
2 DefaultTabUpdate; "C:\Users\Rene Scott\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe" [107520 2012-07-24] ()
2 lxdi_device; C:\Windows\system32\lxdicoms.exe -service [876976 2007-06-11] ( )
2 lxdi_device; C:\Windows\SysWow64\lxdicoms.exe -service [517040 2007-06-11] ( )
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
2 PhotoshopElementsDeviceConnect; C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [118784 2004-10-04] ()
2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [386424 2010-02-24] (SupportSoft, Inc.)
2 Akamai; C:\program files (x86)\common files\akamai\netsession_win_d76cf65.dll [x]

==================== Drivers (Whitelisted) =====================

2 ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1806400 2009-06-05] ()
3 taphss6; C:\Windows\System32\Drivers\taphss6.sys [40712 2012-11-14] (Anchorfree Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [x]
3 tmlwf; [x]
3 tmwfp; [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-02-01 12:23 - 2013-02-01 15:59 - 00000000 ____D C:\Users\All Users\HitmanPro
2013-02-01 12:23 - 2013-02-01 15:59 - 00000000 ____D C:\Program Files (x86)\MixiDJ
2013-02-01 11:38 - 2013-02-01 11:38 - 00000547 ____A C:\Users\Rene Scott\Downloads\download
2013-01-31 13:55 - 2013-01-31 13:55 - 00194265 ____A C:\Users\Rene Scott\AppData\Local\census.cache
2013-01-31 13:55 - 2013-01-31 13:55 - 00127981 ____A C:\Users\Rene Scott\AppData\Local\ars.cache
2013-01-31 13:46 - 2013-01-31 13:46 - 00000036 ____A C:\Users\Rene Scott\AppData\Local\housecall.guid.cache
2013-01-31 08:57 - 2013-01-31 08:57 - 00000162 ___AH C:\Users\Rene Scott\Desktop\~$yer Virtual Tour Tips.htm
2013-01-31 05:44 - 2013-01-31 05:46 - 00000000 ____D C:\Users\Rene Scott\Desktop\Jim Chapman
2013-01-30 13:07 - 2013-01-30 13:07 - 00005393 ____A C:\Users\Rene Scott\Desktop\GLnJ2H5R.htm.part.htm
2013-01-30 10:26 - 2013-01-31 08:35 - 00000000 ____D C:\Users\Rene Scott\Desktop\Chester Village Green
2013-01-28 13:22 - 2013-01-31 08:41 - 00000000 ____D C:\Users\Rene Scott\Desktop\Wooferton
2013-01-28 07:55 - 2013-01-28 07:55 - 00000000 ____D C:\Users\Rene Scott\Desktop\BFR
2013-01-28 07:55 - 2013-01-28 07:55 - 00000000 ____D C:\Users\Rene Scott\Desktop\AKI
2013-01-28 07:54 - 2013-01-28 07:54 - 00000000 ____D C:\Users\Rene Scott\Desktop\spins
2013-01-27 13:52 - 2013-01-27 13:53 - 00264198 ____A C:\Users\Rene Scott\Desktop\Flyer Virtual Tour Tips.htm
2013-01-27 13:52 - 2013-01-27 13:53 - 00000000 ____D C:\Users\Rene Scott\Desktop\Flyer Virtual Tour Tips_files
2013-01-27 12:25 - 2013-01-27 12:25 - 00016440 ____A C:\Users\Rene Scott\Desktop\Book1.xlsx
2013-01-25 12:30 - 2013-01-26 07:27 - 00000000 ____D C:\Users\Rene Scott\Desktop\Laurel Cove
2013-01-25 12:08 - 2013-01-25 17:19 - 00000000 ____D C:\Users\Rene Scott\Desktop\RIO VISTA
2013-01-22 11:42 - 2013-01-24 08:02 - 00000000 ____D C:\Users\Rene Scott\Desktop\Gildenborough
2013-01-19 14:16 - 2013-02-01 17:03 - 00000000 ____D C:\Users\Rene Scott\Documents\tdsskiller
2013-01-19 09:04 - 2013-01-21 09:07 - 00000000 ____D C:\Users\Rene Scott\Desktop\Goodell
2013-01-18 07:59 - 2013-01-27 01:57 - 00000520 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c5ba3641-a80b-49e8-b364-557e8f4772c6.job
2013-01-18 07:59 - 2013-01-27 01:57 - 00000520 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 653792b4-ddc7-4b3d-8a54-9de254e1c8ea.job
2013-01-18 07:59 - 2013-01-19 18:01 - 00001854 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-01-18 07:59 - 2013-01-18 07:59 - 00000000 ____D C:\Users\Rene Scott\AppData\Roaming\SUPERAntiSpyware.com
2013-01-18 07:58 - 2013-01-18 07:59 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-01-18 07:58 - 2013-01-18 07:58 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2013-01-17 13:50 - 2013-01-17 13:50 - 00000000 ____D C:\Users\Rene Scott\DNG Nassington
2013-01-17 04:54 - 2013-01-17 04:55 - 00000000 ____D C:\Users\Rene Scott\Desktop\Olympus 1-15
2013-01-16 06:20 - 2013-01-16 06:20 - 00000000 ____D C:\Windows\Sun
2013-01-15 04:38 - 2013-01-21 14:06 - 00000000 ____D C:\Users\Rene Scott\Desktop\RRJ
2013-01-14 15:59 - 2013-01-14 16:01 - 00190791 ____A C:\InspectionDownLoadXML_1_14_2013.xml
2013-01-11 15:11 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20130111-181148.backup
2013-01-10 17:50 - 2013-01-10 17:50 - 00002179 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-01-10 17:50 - 2009-01-25 09:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2013-01-10 17:31 - 2013-02-01 17:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-01-10 17:31 - 2013-01-10 17:31 - 00000000 ____D C:\Users\All Users\Mozilla
2013-01-09 12:35 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2013-01-09 12:35 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-01-09 12:35 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-01-09 12:35 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-01-09 12:35 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
2013-01-09 12:35 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
2013-01-09 12:35 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
2013-01-09 12:35 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
2013-01-09 12:35 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
2013-01-09 12:35 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
2013-01-09 12:35 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
2013-01-09 12:35 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
2013-01-09 12:35 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
2013-01-09 12:35 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
2013-01-09 12:35 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
2013-01-09 12:35 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
2013-01-09 12:35 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
2013-01-09 12:35 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
2013-01-09 12:35 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-01-09 12:35 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-01-09 12:35 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-01-09 12:35 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-01-09 12:35 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-01-09 12:35 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-01-09 12:35 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-01-09 12:35 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-01-09 12:35 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-01-09 12:35 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-01-09 12:35 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-01-09 12:35 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-01-09 12:35 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-01-09 12:35 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-01-09 12:35 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-01-09 12:35 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-01-09 12:35 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-01-09 12:35 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-01-09 12:35 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-01-09 12:35 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-01-09 12:35 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-01-09 12:35 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-01-09 12:35 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-01-09 12:35 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-01-09 12:35 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-01-09 12:35 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-01-09 12:35 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-01-09 12:35 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-01-09 12:35 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-01-09 12:35 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-09 12:35 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
2013-01-09 12:35 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls
2013-01-09 12:35 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-01-09 12:35 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-01-09 12:35 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-01-09 12:35 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-01-09 12:35 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-01-09 12:35 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-01-09 12:35 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-01-09 12:35 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-01-09 12:35 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-01-09 12:35 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-01-09 12:34 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-01-09 12:34 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe


==================== One Month Modified Files and Folders =======

2013-02-01 17:03 - 2013-01-19 14:16 - 00000000 ____D C:\Users\Rene Scott\Documents\tdsskiller
2013-02-01 17:03 - 2013-01-10 17:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-02-01 17:03 - 2012-12-20 11:48 - 00000000 ____D C:\rei
2013-02-01 17:03 - 2012-11-21 18:36 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-02-01 17:03 - 2012-08-18 11:07 - 00000000 ____D C:\Users\Rene Scott\AppData\Roaming\PanoramaStudio2
2013-02-01 17:03 - 2011-05-06 11:42 - 00000000 ____D C:\users\Guest
2013-02-01 17:03 - 2010-08-05 19:04 - 00000000 ____D C:\Users\All Users\FLEXnet
2013-02-01 17:03 - 2010-05-20 17:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-02-01 17:03 - 2010-04-17 15:56 - 00000000 ____D C:\users\Rene Scott
2013-02-01 17:03 - 2009-12-23 15:32 - 00000000 ____D C:\Users\All Users\P4G
2013-02-01 17:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-02-01 17:02 - 2012-12-04 12:33 - 00000000 ____D C:\Users\Rene Scott\Desktop\olympus
2013-02-01 17:02 - 2012-11-14 12:06 - 00000000 ___RD C:\Users\Rene Scott\Dropbox
2013-02-01 17:02 - 2012-11-14 12:03 - 00000000 ____D C:\Users\Rene Scott\AppData\Roaming\Dropbox
2013-02-01 17:02 - 2010-05-02 07:25 - 00000000 ____D C:\Users\Rene Scott\Desktop\Rene Pics
2013-02-01 17:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-02-01 17:00 - 2010-09-07 15:06 - 00000000 ___HD C:\Users\Rene Scott\AppData\Local\Google
2013-02-01 16:59 - 2009-12-23 15:07 - 00000000 __RHD C:\MSOCache
2013-02-01 16:48 - 2012-12-27 12:43 - 00000000 ____D C:\Program Files (x86)\Playbryte
2013-02-01 15:59 - 2013-02-01 12:23 - 00000000 ____D C:\Users\All Users\HitmanPro
2013-02-01 15:59 - 2013-02-01 12:23 - 00000000 ____D C:\Program Files (x86)\MixiDJ
2013-02-01 15:59 - 2012-12-12 11:41 - 00000000 ____D C:\Program Files (x86)\InfoAtoms
2013-02-01 12:23 - 2012-12-12 11:41 - 00000009 ____A C:\END
2013-02-01 12:22 - 2012-12-12 11:41 - 00000000 ____D C:\Users\Rene Scott\AppData\Local\CRE
2013-02-01 11:44 - 2012-11-14 14:50 - 00000000 ____D C:\Users\Rene Scott\AppData\Local\CrashDumps
2013-02-01 11:38 - 2013-02-01 11:38 - 00000547 ____A C:\Users\Rene Scott\Downloads\download
2013-02-01 05:27 - 2012-12-20 11:58 - 00004792 ____A C:\Users\Rene Scott\Desktop\Rkill.txt
2013-01-31 13:55 - 2013-01-31 13:55 - 00194265 ____A C:\Users\Rene Scott\AppData\Local\census.cache
2013-01-31 13:55 - 2013-01-31 13:55 - 00127981 ____A C:\Users\Rene Scott\AppData\Local\ars.cache
2013-01-31 13:46 - 2013-01-31 13:46 - 00000036 ____A C:\Users\Rene Scott\AppData\Local\housecall.guid.cache
2013-01-31 08:57 - 2013-01-31 08:57 - 00000162 ___AH C:\Users\Rene Scott\Desktop\~$yer Virtual Tour Tips.htm
2013-01-31 08:41 - 2013-01-28 13:22 - 00000000 ____D C:\Users\Rene Scott\Desktop\Wooferton
2013-01-31 08:35 - 2013-01-30 10:26 - 00000000 ____D C:\Users\Rene Scott\Desktop\Chester Village Green
2013-01-31 05:46 - 2013-01-31 05:44 - 00000000 ____D C:\Users\Rene Scott\Desktop\Jim Chapman
2013-01-30 13:07 - 2013-01-30 13:07 - 00005393 ____A C:\Users\Rene Scott\Desktop\GLnJ2H5R.htm.part.htm
2013-01-28 07:55 - 2013-01-28 07:55 - 00000000 ____D C:\Users\Rene Scott\Desktop\BFR
2013-01-28 07:55 - 2013-01-28 07:55 - 00000000 ____D C:\Users\Rene Scott\Desktop\AKI
2013-01-28 07:54 - 2013-01-28 07:54 - 00000000 ____D C:\Users\Rene Scott\Desktop\spins
2013-01-27 13:53 - 2013-01-27 13:52 - 00264198 ____A C:\Users\Rene Scott\Desktop\Flyer Virtual Tour Tips.htm
2013-01-27 13:53 - 2013-01-27 13:52 - 00000000 ____D C:\Users\Rene Scott\Desktop\Flyer Virtual Tour Tips_files
2013-01-27 12:25 - 2013-01-27 12:25 - 00016440 ____A C:\Users\Rene Scott\Desktop\Book1.xlsx
2013-01-27 01:57 - 2013-01-18 07:59 - 00000520 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c5ba3641-a80b-49e8-b364-557e8f4772c6.job
2013-01-27 01:57 - 2013-01-18 07:59 - 00000520 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 653792b4-ddc7-4b3d-8a54-9de254e1c8ea.job
2013-01-27 01:57 - 2010-09-07 15:06 - 00000906 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-27 01:57 - 2009-12-23 15:11 - 01777237 ____A C:\Windows\WindowsUpdate.log
2013-01-26 13:22 - 2010-09-07 15:06 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-26 11:09 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-26 11:09 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-26 07:27 - 2013-01-25 12:30 - 00000000 ____D C:\Users\Rene Scott\Desktop\Laurel Cove
2013-01-26 06:50 - 2012-07-24 07:23 - 00000424 ____A C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2013-01-26 06:50 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-26 06:50 - 2009-07-13 20:51 - 00167883 ____A C:\Windows\setupact.log
2013-01-25 17:19 - 2013-01-25 12:08 - 00000000 ____D C:\Users\Rene Scott\Desktop\RIO VISTA
2013-01-24 08:02 - 2013-01-22 11:42 - 00000000 ____D C:\Users\Rene Scott\Desktop\Gildenborough
2013-01-23 16:34 - 2009-12-23 15:27 - 01213332 ____A C:\Windows\PFRO.log
2013-01-23 12:04 - 2012-07-24 07:23 - 00000448 ____A C:\Windows\Tasks\PC Optimizer Pro Updates.job
2013-01-21 17:56 - 2009-07-13 21:13 - 00736642 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-21 14:07 - 2010-07-24 19:49 - 00000000 ____D C:\Users\Rene Scott\Desktop\Completed Tours
2013-01-21 14:06 - 2013-01-15 04:38 - 00000000 ____D C:\Users\Rene Scott\Desktop\RRJ
2013-01-21 09:07 - 2013-01-19 09:04 - 00000000 ____D C:\Users\Rene Scott\Desktop\Goodell
2013-01-19 18:01 - 2013-01-18 07:59 - 00001854 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-01-18 16:30 - 2012-08-20 05:59 - 00000000 ____D C:\Users\Rene Scott\Desktop\2012 TOUR VA Homes
2013-01-18 15:31 - 2009-12-23 15:33 - 00002232 ____A C:\Windows\System32\AutoRunFilter.ini
2013-01-18 15:31 - 2009-12-23 15:33 - 00002167 ____A C:\Windows\System32\ServiceFilter.ini
2013-01-18 11:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-01-18 07:59 - 2013-01-18 07:59 - 00000000 ____D C:\Users\Rene Scott\AppData\Roaming\SUPERAntiSpyware.com
2013-01-18 07:59 - 2013-01-18 07:58 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-01-18 07:58 - 2013-01-18 07:58 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2013-01-18 05:13 - 2010-07-02 11:52 - 00000000 ___HD C:\Users\Rene Scott\AppData\Local\Deployment
2013-01-17 13:50 - 2013-01-17 13:50 - 00000000 ____D C:\Users\Rene Scott\DNG Nassington
2013-01-17 04:55 - 2013-01-17 04:54 - 00000000 ____D C:\Users\Rene Scott\Desktop\Olympus 1-15
2013-01-16 06:20 - 2013-01-16 06:20 - 00000000 ____D C:\Windows\Sun
2013-01-16 06:09 - 2012-12-16 11:10 - 00000000 ____D C:\Users\Rene Scott\Desktop\Completed Properties Folder RRJ
2013-01-16 05:40 - 2012-11-14 14:54 - 00002261 ____A C:\Users\Rene Scott\Desktop\Google Chrome.lnk
2013-01-15 05:16 - 2012-07-03 10:23 - 00000000 ____D C:\Users\Rene Scott\LapNet
2013-01-14 16:01 - 2013-01-14 15:59 - 00190791 ____A C:\InspectionDownLoadXML_1_14_2013.xml
2013-01-13 15:24 - 2013-01-01 17:15 - 00000966 ____A C:\Users\Public\Desktop\Smart PDF Creator.lnk
2013-01-13 15:24 - 2012-08-18 11:07 - 00000942 ____A C:\Users\Public\Desktop\PanoramaStudio 2.lnk
2013-01-11 16:21 - 2012-12-20 12:02 - 00117704 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2013-01-11 15:11 - 2009-07-13 18:34 - 00444830 ___RA C:\Windows\System32\Drivers\etc\hosts.20130118-104818.backup
2013-01-11 14:39 - 2012-11-19 13:20 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2013-01-11 04:18 - 2012-07-24 07:23 - 00000000 ____D C:\Program Files (x86)\Free Offers from Freeze.com
2013-01-10 19:39 - 2012-07-24 07:23 - 00000000 ____D C:\Users\All Users\W3i
2013-01-10 17:50 - 2013-01-10 17:50 - 00002179 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-01-10 17:50 - 2012-11-19 13:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-01-10 17:31 - 2013-01-10 17:31 - 00000000 ____D C:\Users\All Users\Mozilla
2013-01-10 04:15 - 2009-07-13 20:45 - 05000248 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-09 18:36 - 2012-08-10 10:46 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-01-09 18:35 - 2009-12-23 15:08 - 00000000 ____D C:\Users\All Users\Microsoft Help
2013-01-09 12:04 - 2013-01-01 17:17 - 00000000 ____D C:\Program Files\Smart PDF Creator Pro
2013-01-09 12:03 - 2013-01-01 17:19 - 00000000 ____A C:\Users\Rene Scott\Documents\SmartSoft PDF Printer Port
2013-01-08 04:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-01-06 15:37 - 2010-05-19 15:10 - 00000000 ___HD C:\Users\Rene Scott\AppData\Local\Microsoft Help
2013-01-05 07:45 - 2012-12-20 12:10 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-01-05 07:45 - 2012-12-20 12:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-18 11:10:04
Restore point made on: 2013-01-27 02:10:01

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3957.19 MB
Available physical RAM: 3361.57 MB
Total Pagefile: 3955.34 MB
Available Pagefile: 3348.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:446.21 GB) (Free:301.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (KINGSTON) (Removable) (Total:14.53 GB) (Free:14.41 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 13 MB
Disk 1 Online 14 GB 0 B

Partitions of Disk 0:
===============

Disk ID: 76692CA8

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 19 GB 1024 KB
Partition 2 Primary 446 GB 19 GB

==================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 446 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: C3072E18

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E KINGSTON FAT32 Removable 14 GB Healthy

=========================================================

Last Boot: 2013-01-25 01:02

==================== End Of Log =============================

Edited by boopme, 03 February 2013 - 11:18 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:45 AM

Posted 03 February 2013 - 01:31 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

TDL4: custom:26000022 <===== ATTENTION!


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 renephotographer

renephotographer
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 03 February 2013 - 02:48 PM

Unbelieveable! Thank you! Working absolutely fine now, gosh so glad I logged in! Thank you thank you!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-02-2013 02
Ran by SYSTEM at 2013-02-03 14:40:03 Run:1
Running from E:\

==============================================


The operation completed successfully.
The operation completed successfully.

==== End of Fixlog ====

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:45 AM

Posted 03 February 2013 - 03:17 PM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:45 AM

Posted 06 February 2013 - 02:04 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:45 AM

Posted 09 February 2013 - 07:59 PM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

  • Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:45 AM

Posted 12 February 2013 - 01:12 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users