Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess rootkit.


  • This topic is locked This topic is locked
51 replies to this topic

#16 Depraved

Depraved
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 02 August 2013 - 05:41 PM

Computer is running much quicker and smoother now, still not able to install microsoft security essentials though.



BC AdBot (Login to Remove)

 


#17 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:30 AM

Posted 02 August 2013 - 06:24 PM

Okay let's see if we can get that working:

 

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Let me know how things go. If you at any point have trouble using FRST, please stop and post back here to let me know.



#18 Depraved

Depraved
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 02 August 2013 - 06:50 PM

I don't have a flash drive right now, I can go get one over the weekend though so this is going to take me at least 24hr to get done.



#19 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:30 AM

Posted 02 August 2013 - 07:07 PM

No problem, take all the time you need.



#20 Depraved

Depraved
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 04 August 2013 - 12:01 PM

Well I haven't had a chance to go grab a flash drive yet, would an sd card work instead?



#21 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:30 AM

Posted 04 August 2013 - 12:46 PM

Yeah I think so, just make sure it's large enough



#22 Depraved

Depraved
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 04 August 2013 - 11:02 PM

Yup that didn't work haha, okay I'm going to go get one of those things tomorrow. thanks and sorry for making you wait!



#23 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:30 AM

Posted 04 August 2013 - 11:28 PM

No problem, take all the time you need :)



#24 Depraved

Depraved
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 08 August 2013 - 12:51 AM

Well I bought a flash drive and before I could even plug it in, my son dropped it in a cup of water wooot! I'll be going back for another one tomorrow, uhm an update on the computer until then, it's never overheated before, ever, it gets a little warm when it's been running a big game, but today I thought it was going to explode it was so hot, I don't know why, it's always kept on a flat surface like a desk or table, I make sure it never touches a bed or couch or my lap, I've learnt from others mistakes lol. It's also lagging again on the internet or opening things, playing games etc. 



#25 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:30 AM

Posted 08 August 2013 - 11:20 AM

Okay, no worries. Take all the time you need. Let me know if you encounter any trouble with those instructions :)



#26 Depraved

Depraved
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 12 August 2013 - 02:08 PM

I'll post the results later, moved over the weekend sorry I'm taking so long, seems like whenever I try to get something done something else pops up ugh!! :P



#27 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:30 AM

Posted 12 August 2013 - 04:38 PM

No problem. Take all the time you need :)



#28 Depraved

Depraved
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 17 August 2013 - 07:16 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-08-2013 (ATTENTION: ====> FRST version is 13 days old and could be outdated)
Ran by SYSTEM on 17-08-2013 17:00:14
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [CyCpIo] - C:\Program Files\Cypress\TrackPad\CyCpIo.exe [2352640 2011-05-20] (Cypress Semiconductor Corporation)
HKLM\...\Run: [CyHidWin] - C:\Program Files\Cypress\TrackPad\CyHidWin.exe [2356224 2011-05-25] (Cypress Semiconductor, Inc.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7214696 2011-05-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-05-17] (Realtek Semiconductor)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [483424 2012-02-01] ()
HKLM\...\Run: [IntelliType Pro] - c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [x]
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj [2835443 2012-02-01] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-01] ()
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKU\Mcx1-SAMMI-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION 
HKU\Sammi\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6581488 2013-08-16] (SUPERAntiSpyware)
HKU\Sammi\...\Run: [Facebook Update] - C:\Users\Sammi\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-03] (Facebook Inc.)
HKU\Sammi\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\Sammi\...\Run: [BitTorrent] - C:\Users\Sammi\AppData\Roaming\BitTorrent\BitTorrent.exe [1127000 2013-08-13] (BitTorrent Inc.)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Sammi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
 
==================== Services (Whitelisted) =================
 
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-10] (SUPERAntiSpyware.com)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 cyhid; C:\Windows\System32\DRIVERS\cyhid.sys [108032 2011-06-07] (Windows ® Win 7 DDK provider)
S3 cykbfltrService; C:\Windows\System32\DRIVERS\cykbfltr.sys [11264 2011-05-25] (Cypress Semiconductor, Inc.)
S3 cymfltrService; C:\Windows\System32\DRIVERS\cymfltr.sys [70656 2011-05-22] (Cypress Semiconductor, Inc.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [34304 2012-01-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2012-02-22] (ManyCam LLC)
S3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11524096 2013-04-18] (Intel Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284008 2012-12-03] (NVIDIA Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [48024 2013-01-28] (Windows ® Win 7 DDK provider)
S3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [194456 2013-01-28] (Windows ® Win 7 DDK provider)
S3 btmaudio; system32\drivers\btmaud.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S1 nnllnaqz; \??\C:\Windows\system32\drivers\nnllnaqz.sys [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-08-17 17:00 - 2013-08-17 17:00 - 00000000 ____D C:\FRST
2013-08-15 05:00 - 2013-07-24 22:54 - 17830400 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-15 05:00 - 2013-07-24 22:37 - 02312704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-15 05:00 - 2013-07-24 22:35 - 10926080 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-15 05:00 - 2013-07-24 22:31 - 01346560 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-15 05:00 - 2013-07-24 22:30 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-15 05:00 - 2013-07-24 22:29 - 01494528 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-08-15 05:00 - 2013-07-24 22:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-08-15 05:00 - 2013-07-24 22:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-15 05:00 - 2013-07-24 22:28 - 02147840 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-15 05:00 - 2013-07-24 22:28 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-15 05:00 - 2013-07-24 22:28 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-15 05:00 - 2013-07-24 22:28 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-08-15 05:00 - 2013-07-24 22:28 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-08-15 05:00 - 2013-07-24 22:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-15 05:00 - 2013-07-24 22:27 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-08-15 05:00 - 2013-07-24 22:26 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-15 05:00 - 2013-07-24 21:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 05:00 - 2013-07-24 21:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 05:00 - 2013-07-24 21:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 05:00 - 2013-07-24 21:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 05:00 - 2013-07-24 21:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 05:00 - 2013-07-24 21:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-08-15 05:00 - 2013-07-24 21:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-15 05:00 - 2013-07-24 21:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 05:00 - 2013-07-24 21:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 05:00 - 2013-07-24 21:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 05:00 - 2013-07-24 21:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 05:00 - 2013-07-24 21:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-08-15 05:00 - 2013-07-24 21:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-08-15 05:00 - 2013-07-24 21:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 05:00 - 2013-07-24 21:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 05:00 - 2013-07-24 21:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-14 07:19 - 2013-07-18 20:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-14 07:19 - 2013-07-18 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 07:19 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-14 07:19 - 2013-07-09 00:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-14 07:19 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-14 07:19 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-14 07:19 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 07:19 - 2013-07-08 23:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 07:19 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 07:19 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 07:18 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-14 07:18 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 07:18 - 2013-07-09 01:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-14 07:18 - 2013-07-09 00:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-08-14 07:18 - 2013-07-09 00:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-08-14 07:18 - 2013-07-09 00:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-14 07:18 - 2013-07-09 00:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 07:18 - 2013-07-09 00:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 07:18 - 2013-07-08 23:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 07:18 - 2013-07-08 23:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 07:18 - 2013-07-08 23:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 07:18 - 2013-07-08 21:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 07:18 - 2013-07-08 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 07:18 - 2013-07-08 21:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 07:18 - 2013-07-08 21:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 07:18 - 2013-07-06 01:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-14 07:18 - 2013-06-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-08-13 23:10 - 2013-08-13 23:10 - 00000875 _____ C:\Users\Sammi\Desktop\BitTorrent.lnk
2013-08-04 17:15 - 2013-08-04 17:15 - 01788733 _____ (Farbar) C:\Users\Sammi\Downloads\FRST64 (1).exe
2013-08-02 18:28 - 2013-08-02 18:28 - 01781485 _____ (Farbar) C:\Users\Sammi\Downloads\FRST64.exe
2013-08-02 17:40 - 2013-08-02 17:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-08-02 17:36 - 2013-08-02 17:36 - 00002997 _____ C:\AdwCleaner[S2].txt
2013-08-02 17:32 - 2013-08-02 17:32 - 00000000 ____D C:\_OTL
2013-08-02 15:29 - 2013-08-02 15:29 - 00000355 _____ C:\Users\Sammi\Downloads\Homegroup - Shortcut.lnk
2013-08-02 14:13 - 2013-08-02 14:13 - 00003050 _____ C:\Users\Sammi\Downloads\ESET.txt
2013-08-02 12:26 - 2013-08-02 12:26 - 02347384 _____ (ESET) C:\Users\Sammi\Downloads\esetsmartinstaller_enu.exe
2013-08-02 12:26 - 2013-08-02 12:26 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-02 12:25 - 2013-08-02 12:25 - 00133362 _____ C:\Users\Sammi\Downloads\OTL.Txt
2013-08-02 12:25 - 2013-08-02 12:25 - 00048938 _____ C:\Users\Sammi\Downloads\Extras.Txt
2013-08-02 12:20 - 2013-08-02 12:20 - 00003609 _____ C:\Users\Sammi\Desktop\JRT.txt
2013-08-02 12:15 - 2013-08-02 12:15 - 00602112 _____ (OldTimer Tools) C:\Users\Sammi\Downloads\OTL.exe
2013-08-02 12:15 - 2013-08-02 12:15 - 00004027 _____ C:\AdwCleaner[R1].txt
2013-08-02 12:14 - 2013-08-02 12:14 - 00666633 _____ C:\Users\Sammi\Downloads\AdwCleaner.exe
2013-08-02 12:14 - 2013-08-02 12:14 - 00560799 _____ (Oleg N. Scherbakov) C:\Users\Sammi\Downloads\JRT.exe
2013-08-02 01:11 - 2013-08-02 01:11 - 13813944 _____ (Microsoft Corporation) C:\Users\Sammi\Downloads\mseinstall (1).exe
2013-08-01 23:57 - 2013-08-01 23:57 - 00891098 _____ C:\Users\Sammi\Downloads\SecurityCheck (1).exe
2013-08-01 23:52 - 2013-08-01 23:52 - 00032254 _____ C:\Users\Sammi\Desktop\combofix.txt
2013-08-01 23:51 - 2013-08-01 23:51 - 00032254 _____ C:\ComboFix.txt
2013-08-01 23:47 - 2013-08-01 23:47 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-08-01 21:11 - 2013-08-01 21:11 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\Sammi\Downloads\tdsskiller.exe
2013-08-01 14:20 - 2013-08-01 14:20 - 00000000 ____D C:\ProgramData\Fenomen Games
2013-08-01 14:20 - 2013-08-01 14:20 - 00000000 ____D C:\Program Files (x86)\Lamp of Aladdin
2013-08-01 14:19 - 2013-08-01 14:19 - 00003246 _____ C:\Windows\System32\Tasks\{3DD7C08F-6569-4EED-AB73-38377E1A9A67}
2013-07-31 15:15 - 2013-07-31 16:00 - 00014224 _____ C:\Users\Sammi\Documents\TrainingSchedule.xlsx
2013-07-31 12:39 - 2013-07-31 12:40 - 00002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-31 12:39 - 2013-07-31 12:40 - 00002261 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2013-07-31 12:16 - 2013-07-31 12:16 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-07-31 10:53 - 2013-07-31 10:53 - 00000000 ____D C:\Users\Sammi\AppData\Roaming\Palaplay
2013-07-31 10:43 - 2013-07-31 10:43 - 00000218 _____ C:\Users\Sammi\AppData\Local\recently-used.xbel
2013-07-31 10:06 - 2013-07-31 10:43 - 00000000 ____D C:\Users\Sammi\AppData\Roaming\BitLord
2013-07-31 10:06 - 2013-07-31 10:28 - 00000000 ____D C:\Users\Sammi\Documents\BitLord
2013-07-31 10:06 - 2013-07-31 10:06 - 00000000 ____D C:\Users\Sammi\AppData\Roaming\Python-Eggs
2013-07-31 10:05 - 2013-07-31 10:30 - 00000000 ____D C:\Program Files (x86)\BitLord 2
2013-07-31 10:05 - 2013-07-31 10:05 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-07-31 10:05 - 2013-07-31 10:05 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-07-31 10:05 - 2013-07-31 10:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-31 01:08 - 2013-07-31 01:08 - 04405267 _____ C:\Drive_C.dat
2013-07-31 01:08 - 2013-07-31 01:08 - 00341407 _____ C:\Drive_C.xml
2013-07-31 01:05 - 2013-07-31 10:51 - 00000000 ____D C:\Program Files (x86)\Runtime Software
2013-07-30 15:37 - 2013-07-30 15:38 - 00026189 _____ C:\Users\Sammi\Desktop\dds.txt
2013-07-30 15:37 - 2013-07-30 15:38 - 00009749 _____ C:\Users\Sammi\Desktop\attach.txt
2013-07-30 15:36 - 2013-07-30 15:36 - 00688992 ____R (Swearware) C:\Users\Sammi\Downloads\dds.com
2013-07-29 00:52 - 2013-07-29 00:52 - 00010236 _____ C:\Users\Sammi\Desktop\Rkill.txt
2013-07-29 00:51 - 2013-07-29 00:52 - 01844864 _____ (Bleeping Computer, LLC) C:\Users\Sammi\Downloads\rkill.exe
2013-07-29 00:38 - 2013-07-29 00:38 - 13399154 _____ C:\Users\Sammi\Downloads\mbar-1.06.0.1004.zip
2013-07-29 00:38 - 2013-07-29 00:38 - 00000000 ____D C:\Users\Sammi\Documents\mbar-1.06.0.1004
2013-07-29 00:29 - 2013-07-29 00:29 - 00033025 _____ C:\Users\Sammi\Downloads\Result.txt
2013-07-29 00:29 - 2013-07-29 00:29 - 00033025 _____ C:\Users\Sammi\Desktop\Result.txt
2013-07-29 00:28 - 2013-07-29 00:28 - 00760937 _____ (Farbar) C:\Users\Sammi\Downloads\MiniToolBox.exe
2013-07-29 00:28 - 2013-07-29 00:28 - 00357145 _____ (Farbar) C:\Users\Sammi\Downloads\FSS.exe
2013-07-29 00:28 - 2013-07-29 00:28 - 00002631 _____ C:\Users\Sammi\Downloads\FSS.txt
2013-07-29 00:28 - 2013-07-29 00:28 - 00002631 _____ C:\Users\Sammi\Desktop\FSS.txt
2013-07-29 00:27 - 2013-07-29 00:27 - 00000769 _____ C:\Users\Sammi\Desktop\checkup.txt
2013-07-29 00:25 - 2013-07-29 00:25 - 00891098 _____ C:\Users\Sammi\Downloads\SecurityCheck.exe
2013-07-24 00:55 - 2013-07-24 01:27 - 00000000 ____D C:\ProgramData\Artist Colony
2013-07-24 00:55 - 2013-07-24 00:55 - 00002088 _____ C:\Users\Sammi\Desktop\Artist Colony.lnk
2013-07-24 00:55 - 2013-07-24 00:55 - 00000000 ____D C:\Users\Sammi\AppData\Local\Artist Colony
2013-07-21 19:18 - 2013-07-21 19:18 - 00000000 ____D C:\Users\Sammi\AppData\Roaming\Stand O'Food 3
2013-07-21 16:32 - 2013-07-21 16:32 - 00000000 ____D C:\e90942a14ac551ff4a4d
2013-07-21 12:38 - 2013-07-21 12:39 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-07-21 12:21 - 2013-07-21 12:42 - 00000000 ____D C:\dacd1b4375d89bc20028c7
2013-07-21 12:10 - 2013-07-21 12:11 - 13475464 _____ (Microsoft Corporation) C:\Users\Sammi\Downloads\mseinstall.exe
2013-07-21 03:04 - 2013-07-21 03:04 - 00000000 ____D C:\Users\Sammi\AppData\Roaming\Roxio Log Files
2013-07-20 09:55 - 2013-07-20 09:55 - 00000000 ____D C:\Users\Sammi\AppData\Roaming\Elephant Games
2013-07-20 09:47 - 2013-07-21 17:02 - 00000000 ____D C:\Windows\Mystery Trackers 5 - Silent Hollow Collector's Edition
171
 
==================== One Month Modified Files and Folders =======
 
2013-08-17 18:55 - 2013-06-29 05:03 - 00212969 _____ C:\Windows\IE10_main.log
2013-08-17 18:55 - 2011-09-22 16:07 - 01982182 _____ C:\Windows\WindowsUpdate.log
2013-08-17 18:54 - 2013-05-26 20:41 - 00013387 _____ C:\Windows\setupact.log
2013-08-17 18:54 - 2011-10-05 17:47 - 00000000 ____D C:\Users\Sammi\AppData\Roaming\BitTorrent
2013-08-17 18:34 - 2012-04-14 13:58 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-17 18:07 - 2012-08-07 12:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-17 17:49 - 2012-08-27 02:28 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3707478246-1993061971-1580713667-1001UA.job
2013-08-17 17:00 - 2013-08-17 17:00 - 00000000 ____D C:\FRST
2013-08-17 15:01 - 2013-05-25 17:07 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2013-08-17 02:05 - 2011-11-16 22:09 - 00000000 ____D C:\Users\Sammi\AppData\Roaming\vlc
2013-08-16 21:34 - 2012-04-14 13:58 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-16 20:49 - 2012-08-27 02:28 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3707478246-1993061971-1580713667-1001Core.job
2013-08-16 18:26 - 2012-04-05 23:40 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-15 10:16 - 2012-03-24 22:02 - 00000000 ____D C:\Users\Sammi\AppData\Roaming\Skype
2013-08-15 10:14 - 2011-09-22 16:35 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-08-15 10:14 - 2011-09-22 16:35 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-08-15 10:14 - 2011-09-22 16:28 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-08-15 05:31 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-15 05:31 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-15 05:30 - 2009-07-14 00:13 - 00780046 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-15 05:25 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-15 05:24 - 2009-07-14 00:08 - 00032570 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-15 05:23 - 2013-05-26 21:07 - 00015674 _____ C:\Windows\PFRO.log
2013-08-15 05:23 - 2011-09-22 16:03 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-15 05:01 - 2013-07-16 05:00 - 00000000 ____D C:\Windows\System32\MRT
2013-08-15 05:01 - 2011-10-15 04:56 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-08-14 10:38 - 2013-02-14 07:08 - 01227776 ___SH C:\Users\Sammi\Downloads\Thumbs.db
2013-08-13 23:10 - 2013-08-13 23:10 - 00000875 _____ C:\Users\Sammi\Desktop\BitTorrent.lnk
2013-08-13 02:59 - 2011-09-22 16:30 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-13 02:59 - 2011-09-22 16:29 - 00000000 ____D C:\ProgramData\Skype
2013-08-04 17:15 - 2013-08-04 17:15 - 01788733 _____ (Farbar) C:\Users\Sammi\Downloads\FRST64 (1).exe
2013-08-02 18:28 - 2013-08-02 18:28 - 01781485 _____ (Farbar) C:\Users\Sammi\Downloads\FRST64.exe
2013-08-02 17:40 - 2013-08-02 17:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-08-02 17:40 - 2013-07-06 02:06 - 00002150 _____ C:\Windows\epplauncher.mif
2013-08-02 17:36 - 2013-08-02 17:36 - 00002997 _____ C:\AdwCleaner[S2].txt
2013-08-02 17:34 - 2012-08-14 17:41 - 00000258 __RSH C:\ProgramData\ntuser.pol
2013-08-02 17:32 - 2013-08-02 17:32 - 00000000 ____D C:\_OTL
2013-08-02 15:29 - 2013-08-02 15:29 - 00000355 _____ C:\Users\Sammi\Downloads\Homegroup - Shortcut.lnk
2013-08-02 14:13 - 2013-08-02 14:13 - 00003050 _____ C:\Users\Sammi\Downloads\ESET.txt
2013-08-02 12:26 - 2013-08-02 12:26 - 02347384 _____ (ESET) C:\Users\Sammi\Downloads\esetsmartinstaller_enu.exe
2013-08-02 12:26 - 2013-08-02 12:26 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-02 12:25 - 2013-08-02 12:25 - 00133362 _____ C:\Users\Sammi\Downloads\OTL.Txt
2013-08-02 12:25 - 2013-08-02 12:25 - 00048938 _____ C:\Users\Sammi\Downloads\Extras.Txt
2013-08-02 12:20 - 2013-08-02 12:20 - 00003609 _____ C:\Users\Sammi\Desktop\JRT.txt
2013-08-02 12:15 - 2013-08-02 12:15 - 00602112 _____ (OldTimer Tools) C:\Users\Sammi\Downloads\OTL.exe
2013-08-02 12:15 - 2013-08-02 12:15 - 00004027 _____ C:\AdwCleaner[R1].txt
2013-08-02 12:14 - 2013-08-02 12:14 - 00666633 _____ C:\Users\Sammi\Downloads\AdwCleaner.exe
2013-08-02 12:14 - 2013-08-02 12:14 - 00560799 _____ (Oleg N. Scherbakov) C:\Users\Sammi\Downloads\JRT.exe
2013-08-02 05:01 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-02 05:01 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-02 01:11 - 2013-08-02 01:11 - 13813944 _____ (Microsoft Corporation) C:\Users\Sammi\Downloads\mseinstall (1).exe
2013-08-01 23:57 - 2013-08-01 23:57 - 00891098 _____ C:\Users\Sammi\Downloads\SecurityCheck (1).exe
2013-08-01 23:52 - 2013-08-01 23:52 - 00032254 _____ C:\Users\Sammi\Desktop\combofix.txt
2013-08-01 23:51 - 2013-08-01 23:51 - 00032254 _____ C:\ComboFix.txt
2013-08-01 23:51 - 2013-05-25 18:46 - 00000000 ____D C:\Qoobox
2013-08-01 23:48 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2013-08-01 23:47 - 2013-08-01 23:47 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-08-01 23:47 - 2012-11-28 16:41 - 00000000 ____D C:\Windows\erdnt
2013-08-01 23:47 - 2009-07-13 21:34 - 73924608 _____ C:\Windows\System32\config\SOFTWARE.bak
2013-08-01 23:47 - 2009-07-13 21:34 - 27787264 _____ C:\Windows\System32\config\SYSTEM.bak
2013-08-01 23:47 - 2009-07-13 21:34 - 01572864 _____ C:\Windows\System32\config\DEFAULT.bak
2013-08-01 23:47 - 2009-07-13 21:34 - 00262144 _____ C:\Windows\System32\config\SECURITY.bak
2013-08-01 23:47 - 2009-07-13 21:34 - 00262144 _____ C:\Windows\System32\config\SAM.bak
2013-08-01 23:39 - 2013-05-25 18:43 - 05097176 ____R (Swearware) C:\Users\Sammi\Desktop\ComboFix.exe
2013-08-01 23:17 - 2011-10-05 21:28 - 00000000 ____D C:\Users\Sammi\AppData\Local\Deployment
2013-08-01 21:11 - 2013-08-01 21:11 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\Sammi\Downloads\tdsskiller.exe
2013-08-01 14:20 - 2013-08-01 14:20 - 00000000 ____D C:\ProgramData\Fenomen Games
2013-08-01 14:20 - 2013-08-01 14:20 - 00000000 ____D C:\Program Files (x86)\Lamp of Aladdin
2013-08-01 14:19 - 2013-08-01 14:19 - 00003246 _____ C:\Windows\System32\Tasks\{3DD7C08F-6569-4EED-AB73-38377E1A9A67}
2013-07-31 16:00 - 2013-07-31 15:15 - 00014224 _____ C:\Users\Sammi\Documents\TrainingSchedule.xlsx
2013-07-31 12:42 - 2013-02-10 17:43 - 00000000 ____D C:\Users\Sammi\AppData\Roaming\SoftGrid Client
2013-07-31 12:40 - 2013-07-31 12:39 - 00002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-31 12:40 - 2013-07-31 12:39 - 00002261 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2013-07-31 12:16 - 2013-07-31 12:16 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-07-31 10:53 - 2013-07-31 10:53 - 00000000 ____D C:\Users\Sammi\AppData\Roaming\Palaplay
2013-07-31 10:53 - 2013-01-27 13:34 - 00000000 ____D C:\Users\Sammi\Documents\The.Best.of.Big.Fish.Games.(Until.2010).Pack-FG
2013-07-31 10:52 - 2013-01-27 13:39 - 00000000 ____D C:\Program Files (x86)\Games
2013-07-31 10:51 - 2013-07-31 01:05 - 00000000 ____D C:\Program Files (x86)\Runtime Software
2013-07-31 10:43 - 2013-07-31 10:43 - 00000218 _____ C:\Users\Sammi\AppData\Local\recently-used.xbel
2013-07-31 10:43 - 2013-07-31 10:06 - 00000000 ____D C:\Users\Sammi\AppData\Roaming\BitLord
2013-07-31 10:30 - 2013-07-31 10:05 - 00000000 ____D C:\Program Files (x86)\BitLord 2
2013-07-31 10:28 - 2013-07-31 10:06 - 00000000 ____D C:\Users\Sammi\Documents\BitLord
2013-07-31 10:06 - 2013-07-31 10:06 - 00000000 ____D C:\Users\Sammi\AppData\Roaming\Python-Eggs
2013-07-31 10:05 - 2013-07-31 10:05 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-07-31 10:05 - 2013-07-31 10:05 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-07-31 10:05 - 2013-07-31 10:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-31 01:08 - 2013-07-31 01:08 - 04405267 _____ C:\Drive_C.dat
2013-07-31 01:08 - 2013-07-31 01:08 - 00341407 _____ C:\Drive_C.xml
2013-07-30 17:34 - 2012-04-14 13:58 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-30 15:38 - 2013-07-30 15:37 - 00026189 _____ C:\Users\Sammi\Desktop\dds.txt
2013-07-30 15:38 - 2013-07-30 15:37 - 00009749 _____ C:\Users\Sammi\Desktop\attach.txt
2013-07-30 15:36 - 2013-07-30 15:36 - 00688992 ____R (Swearware) C:\Users\Sammi\Downloads\dds.com
2013-07-29 00:52 - 2013-07-29 00:52 - 00010236 _____ C:\Users\Sammi\Desktop\Rkill.txt
2013-07-29 00:52 - 2013-07-29 00:51 - 01844864 _____ (Bleeping Computer, LLC) C:\Users\Sammi\Downloads\rkill.exe
2013-07-29 00:44 - 2011-10-12 23:25 - 00000000 ____D C:\Users\Sammi\AppData\Local\Microsoft Games
2013-07-29 00:38 - 2013-07-29 00:38 - 13399154 _____ C:\Users\Sammi\Downloads\mbar-1.06.0.1004.zip
2013-07-29 00:38 - 2013-07-29 00:38 - 00000000 ____D C:\Users\Sammi\Documents\mbar-1.06.0.1004
2013-07-29 00:29 - 2013-07-29 00:29 - 00033025 _____ C:\Users\Sammi\Downloads\Result.txt
2013-07-29 00:29 - 2013-07-29 00:29 - 00033025 _____ C:\Users\Sammi\Desktop\Result.txt
2013-07-29 00:28 - 2013-07-29 00:28 - 00760937 _____ (Farbar) C:\Users\Sammi\Downloads\MiniToolBox.exe
2013-07-29 00:28 - 2013-07-29 00:28 - 00357145 _____ (Farbar) C:\Users\Sammi\Downloads\FSS.exe
2013-07-29 00:28 - 2013-07-29 00:28 - 00002631 _____ C:\Users\Sammi\Downloads\FSS.txt
2013-07-29 00:28 - 2013-07-29 00:28 - 00002631 _____ C:\Users\Sammi\Desktop\FSS.txt
2013-07-29 00:27 - 2013-07-29 00:27 - 00000769 _____ C:\Users\Sammi\Desktop\checkup.txt
2013-07-29 00:25 - 2013-07-29 00:25 - 00891098 _____ C:\Users\Sammi\Downloads\SecurityCheck.exe
2013-07-28 21:53 - 2011-10-06 22:48 - 00000000 ____D C:\Users\Sammi\AppData\Roaming\.minecraft
2013-07-28 21:42 - 2013-05-28 02:51 - 00000000 ____D C:\Users\Sammi\AppData\Roaming\uTorrent
2013-07-25 04:25 - 2013-08-14 07:18 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-25 03:57 - 2013-08-14 07:18 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-24 22:54 - 2013-08-15 05:00 - 17830400 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-24 22:37 - 2013-08-15 05:00 - 02312704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-24 22:35 - 2013-08-15 05:00 - 10926080 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-24 22:31 - 2013-08-15 05:00 - 01346560 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-24 22:30 - 2013-08-15 05:00 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-24 22:29 - 2013-08-15 05:00 - 01494528 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-24 22:29 - 2013-08-15 05:00 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-24 22:29 - 2013-08-15 05:00 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-24 22:28 - 2013-08-15 05:00 - 02147840 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-24 22:28 - 2013-08-15 05:00 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-24 22:28 - 2013-08-15 05:00 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-24 22:28 - 2013-08-15 05:00 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-24 22:28 - 2013-08-15 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-24 22:27 - 2013-08-15 05:00 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-24 22:27 - 2013-08-15 05:00 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-24 22:26 - 2013-08-15 05:00 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-24 21:40 - 2013-08-15 05:00 - 12334080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-24 21:32 - 2013-08-15 05:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-24 21:30 - 2013-08-15 05:00 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-24 21:26 - 2013-08-15 05:00 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-24 21:26 - 2013-08-15 05:00 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-24 21:25 - 2013-08-15 05:00 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-24 21:24 - 2013-08-15 05:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-24 21:24 - 2013-08-15 05:00 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-24 21:23 - 2013-08-15 05:00 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-24 21:23 - 2013-08-15 05:00 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-24 21:23 - 2013-08-15 05:00 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-24 21:23 - 2013-08-15 05:00 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-24 21:23 - 2013-08-15 05:00 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-24 21:22 - 2013-08-15 05:00 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-24 21:22 - 2013-08-15 05:00 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-24 21:22 - 2013-08-15 05:00 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-24 01:27 - 2013-07-24 00:55 - 00000000 ____D C:\ProgramData\Artist Colony
2013-07-24 00:55 - 2013-07-24 00:55 - 00002088 _____ C:\Users\Sammi\Desktop\Artist Colony.lnk
2013-07-24 00:55 - 2013-07-24 00:55 - 00000000 ____D C:\Users\Sammi\AppData\Local\Artist Colony
2013-07-22 20:54 - 2012-11-25 19:10 - 00000000 ____D C:\JRT
2013-07-22 17:15 - 2013-05-25 17:06 - 00000000 ____D C:\Program Files\My Dell
2013-07-22 17:15 - 2011-10-05 18:00 - 00000000 ____D C:\ProgramData\PCDr
2013-07-21 19:18 - 2013-07-21 19:18 - 00000000 ____D C:\Users\Sammi\AppData\Roaming\Stand O'Food 3
2013-07-21 17:04 - 2009-07-13 23:45 - 00283360 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-21 17:02 - 2013-07-20 09:47 - 00000000 ____D C:\Windows\Mystery Trackers 5 - Silent Hollow Collector's Edition
2013-07-21 17:02 - 2013-07-13 13:07 - 00000000 ____D C:\Windows\SysWOW64\3056
2013-07-21 17:02 - 2012-12-15 00:15 - 00000000 ____D C:\Windows\SysWOW64\Atheros_L1e
2013-07-21 17:02 - 2012-12-11 13:27 - 00000000 ____D C:\users\Mcx1-SAMMI-PC
2013-07-21 17:02 - 2012-11-25 12:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-21 17:02 - 2012-09-17 16:57 - 00000000 ____D C:\Windows\SysWOW64\1017
2013-07-21 17:02 - 2012-04-06 00:22 - 00000000 ____D C:\Windows\System32\Macromed
2013-07-21 17:02 - 2011-11-27 23:01 - 00000000 ____D C:\Windows\SysWOW64\3020
2013-07-21 17:02 - 2011-11-10 03:08 - 00000000 ____D C:\Windows\SysWOW64\xlive
2013-07-21 17:02 - 2011-10-05 19:05 - 00000000 ____D C:\users\Sammi
2013-07-21 17:02 - 2011-09-22 18:01 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-07-21 17:02 - 2011-09-22 16:07 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-07-21 17:02 - 2011-09-22 16:03 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-07-21 17:02 - 2010-11-21 02:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-21 17:02 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Recovery
2013-07-21 17:02 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-07-21 17:02 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-21 16:32 - 2013-07-21 16:32 - 00000000 ____D C:\e90942a14ac551ff4a4d
2013-07-21 16:18 - 2011-10-05 19:05 - 00059968 _____ C:\Users\Sammi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-21 13:13 - 2012-08-16 18:54 - 00138846 _____ C:\Users\Sammi\Documents\cc_20120816_165430.reg
2013-07-21 12:42 - 2013-07-21 12:21 - 00000000 ____D C:\dacd1b4375d89bc20028c7
2013-07-21 12:39 - 2013-07-21 12:38 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-07-21 12:11 - 2013-07-21 12:10 - 13475464 _____ (Microsoft Corporation) C:\Users\Sammi\Downloads\mseinstall.exe
2013-07-21 03:08 - 2011-09-22 16:45 - 00000000 ____D C:\ProgramData\Sonic
2013-07-21 03:08 - 2011-09-22 16:44 - 00000000 ____D C:\Program Files (x86)\Roxio
2013-07-21 03:05 - 2011-10-05 19:09 - 00000000 ____D C:\Users\Sammi\AppData\Roaming\Roxio
2013-07-21 03:05 - 2011-09-22 16:44 - 00000000 ____D C:\ProgramData\Roxio
2013-07-21 03:04 - 2013-07-21 03:04 - 00000000 ____D C:\Users\Sammi\AppData\Roaming\Roxio Log Files
2013-07-21 03:01 - 2012-06-29 22:41 - 00000000 ____D C:\ProgramData\PlayFirst
2013-07-21 02:54 - 2011-11-10 03:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2013-07-21 02:44 - 2011-10-12 01:28 - 00000000 ____D C:\games
2013-07-21 02:41 - 2011-10-05 17:51 - 00000000 ____D C:\Windows\Minidump
2013-07-21 02:36 - 2011-10-12 01:17 - 00000000 ____D C:\Users\Sammi\AppData\Local\Adobe
2013-07-21 02:34 - 2012-08-07 12:58 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-21 02:34 - 2012-04-06 00:22 - 00692104 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-21 02:34 - 2011-09-22 16:07 - 00071048 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-20 20:37 - 2012-03-09 05:31 - 00000000 ____D C:\Users\Sammi\AppData\Roaming\Vso
2013-07-20 20:27 - 2013-06-30 21:08 - 00000000 ____D C:\Users\Sammi\Documents\ConvertXtoDVD
2013-07-20 09:55 - 2013-07-20 09:55 - 00000000 ____D C:\Users\Sammi\AppData\Roaming\Elephant Games
2013-07-20 09:49 - 2009-07-13 18:19 - 00328704 _____ (Microsoft Corporation) C:\Windows\System32\services.exe
2013-07-18 20:58 - 2013-08-14 07:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-07-18 20:41 - 2013-08-14 07:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\Sammi\jagex_cl_runescape_LIVE.dat
C:\Users\Sammi\jagex_runescape_preferences.dat
C:\Users\Sammi\jagex_runescape_preferences2.dat
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-08-08 05:00:14
Restore point made on: 2013-08-09 08:31:12
Restore point made on: 2013-08-10 05:00:14
Restore point made on: 2013-08-11 05:00:56
Restore point made on: 2013-08-11 21:00:18
Restore point made on: 2013-08-12 05:00:14
Restore point made on: 2013-08-13 05:00:14
Restore point made on: 2013-08-14 05:00:17
Restore point made on: 2013-08-15 05:00:17
Restore point made on: 2013-08-16 05:00:19
Restore point made on: 2013-08-17 05:00:25
Restore point made on: 2013-08-17 18:55:01
 
==================== Memory info =========================== 
 
Percentage of memory in use: 9%
Total physical RAM: 8086.17 MB
Available physical RAM: 7300.25 MB
Total Pagefile: 8084.37 MB
Available Pagefile: 7292.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:679 GB) (Free:235.69 GB) NTFS (Disk=0 Partition=3)
Drive d: (RECOVERY) (Fixed) (Total:19.53 GB) (Free:11.21 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive e: (KINGSTON) (Removable) (Total:7.26 GB) (Free:7.26 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=679 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=0C)
 
 
LastRegBack: 2013-08-15 05:54
 
==================== End Of Log ============================

 



#29 Depraved

Depraved
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 17 August 2013 - 07:18 PM

VOILA! Once again sorry for the super long time to get this done lol 



#30 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:30 AM

Posted 17 August 2013 - 09:19 PM

(ATTENTION: ====> FRST version is 13 days old and could be outdated)

Go ahead and download a new copy of FRST and go through the same procedure. Please post the new FRST.txt in your next reply.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users