Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor/Rootkit warning: ZeroAccess


  • This topic is locked This topic is locked
85 replies to this topic

#1 awhitesoxfan

awhitesoxfan

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 04 August 2013 - 11:31 AM

This computer is infected with a rootkit called ZeroAccess. You will need to change all passwords after this and pay attention to do not homebanking. Don't use the machine now for other goals then malware removal.



===



You have called a Rootkit ZeroAccess and is difficult to remove, so I would suggest you post a DDS-log into the forum Virus, Trojan, Spyware, and Malware Removal Logs.



:step1: Read this topic: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/



:step2: Post a new topic with the DDS-log http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/



:step3: A malware expert will help you there









DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
Run by Kelly at 12:14:50 on 2013-08-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8105.6351 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
F:\kickstarter.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\Explorer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [SansaDispatch] C:\Users\Kelly\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{8D2438A6-2588-4DF4-A295-2194DFF8A06C} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{FF69B6A4-ADBF-43B9-A3EC-7C9A19B7AD19} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{FF69B6A4-ADBF-43B9-A3EC-7C9A19B7AD19}\2656C6B696E6E2162383 : DHCPNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-10-15 55856]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-7-31 109352]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-10-15 1692480]
R3 cleanhlp;cleanhlp;C:\EEK\Run\cleanhlp64.sys [2013-8-3 57032]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-15 317440]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-15 539240]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-7-31 32000]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-18 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-08-04 13:46:50 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-04 13:04:10 -------- d-----w- C:\Users\Kelly\AppData\Roaming\SUPERAntiSpyware.com
2013-08-04 13:04:08 -------- d-----w- C:\Users\Kelly\AppData\Local\Google
2013-08-04 13:03:58 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-08-04 13:03:58 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-08-04 13:03:26 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{915F65F2-536F-4430-9B3B-5284E8B0138F}\offreg.dll
2013-08-04 10:48:24 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{915F65F2-536F-4430-9B3B-5284E8B0138F}\mpengine.dll
2013-08-03 19:58:17 -------- d-----w- C:\Program Files (x86)\ESET
2013-08-03 18:26:27 -------- d-----w- C:\TDSSKiller_Quarantine
2013-08-03 18:20:25 -------- d-----w- C:\Users\Kelly\AppData\Local\Diagnostics
2013-08-03 18:05:35 -------- d-----w- C:\Users\Kelly\AppData\Local\Apple Computer
2013-08-03 16:42:16 -------- d-----w- C:\Users\Kelly\AppData\Local\Programs
2013-08-03 15:57:18 -------- d-----w- C:\EEK
2013-08-03 13:32:52 -------- d-----w- C:\ProgramData\VirtualizedApplications
2013-08-03 13:32:34 -------- d-----w- C:\Users\Kelly\AppData\Local\Apple
2013-08-01 14:08:16 -------- d-----w- C:\Users\Kelly\AppData\Roaming\Fingertapps
2013-08-01 14:08:15 -------- d-----w- C:\Users\Kelly\AppData\Roaming\Dell
2013-08-01 14:08:04 -------- d-----w- C:\Users\Kelly\AppData\Roaming\Dell Touch Zone
2013-07-31 19:06:16 -------- d-----w- C:\Users\Kelly\AppData\Local\SoftThinks
2013-07-31 19:05:43 -------- d-----w- C:\ProgramData\HitmanPro
2013-07-31 18:05:03 -------- d-----w- C:\Emergency
2013-07-31 15:18:12 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5449B531-0276-42DD-8C46-5B26ED3361CB}\mpengine.dll
2013-07-31 14:37:59 32000 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2013-07-31 14:37:57 -------- d-----w- C:\Program Files\HitmanPro
2013-07-14 19:11:16 -------- d-----w- C:\Users\Kelly\AppData\Roaming\SanDisk
2013-07-14 17:48:25 -------- d-----w- C:\Program Files (x86)\OverDrive Media Console
2013-07-10 10:57:04 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 10:57:04 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-10 10:57:04 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-10 10:57:04 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 10:57:04 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-10 10:57:04 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-10 10:57:04 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-10 10:57:03 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-10 10:57:03 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-10 10:57:02 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-10 10:57:02 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-10 10:56:57 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-10 10:56:54 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 10:56:54 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-10 10:56:54 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-10 10:56:54 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-10 10:56:54 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 10:56:50 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-10 10:56:50 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
.
==================== Find3M ====================
.
2013-06-12 12:33:09 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 12:33:09 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll






2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 12:15:04.70 ===============

BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:17 AM

Posted 04 August 2013 - 11:34 AM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.
  • IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

     
    Having said that....   vegeta_zps7f4345cf.gif   Let's get going!!  
    ----------
     
    aswmbr-1-1.jpg Please download aswMBR to your desktop.
    • Double click the aswMBR icon to run it.
    • Click the Scan button to start scan.
    • If you are asked to update the Avast Virus database please allow it to do so.
    • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
    aswmbrscan.jpg
    Click the image to enlarge it
    ----------
     
    adwcleaner.jpgAdwCleaner
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • You will be prompted to restart your computer. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    ----------

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 awhitesoxfan

awhitesoxfan
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 04 August 2013 - 12:59 PM

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-04 13:37:13
-----------------------------
13:37:13.145    OS Version: Windows x64 6.1.7601 Service Pack 1
13:37:13.145    Number of processors: 4 586 0x2A07
13:37:13.161    ComputerName: KELLY-PC  UserName: Kelly
13:37:14.097    Initialize success
13:46:52.172    AVAST engine defs: 13080400
13:50:34.706    The log file has been saved successfully to "C:\Users\Kelly\Desktop\aswMBR.txt"
 



#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:17 AM

Posted 04 August 2013 - 04:49 PM

That was all that was made by aswMBR?  Don't forget about AdwCleaner as well.


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 awhitesoxfan

awhitesoxfan
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 04 August 2013 - 06:54 PM

While I was trying to run AdwCleaner, I got the "blue screen"

The infected computer will not reboot

This was a problem when the computer caught ransomware

I tried to run AVG rescue and disconnect the internet , but it did not work.

Maybe the aswMBR did not run completely.

Please advise.

#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:17 AM

Posted 04 August 2013 - 08:55 PM

So if I understand correctly....the infected system will not boot now and you are using another computer to contact us here?  If that is the case, please do  the following...
 
FRST.jpgFRST
 
Download the 64 bit version for your system of FRST and save it to a flash drive.
 
Plug the flashdrive into the infected PC.
 
Enter System Recovery Options
 
To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter 
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 awhitesoxfan

awhitesoxfan
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 05 August 2013 - 06:33 AM

Where do I get Windows installation disc?



#8 awhitesoxfan

awhitesoxfan
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 05 August 2013 - 07:42 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-08-2013<br />Ran by SYSTEM on 05-08-2013 08:32:01<br />Running from G:\<br />Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)<br />Internet Explorer Version 10<br />Boot Mode: Recovery<br /><br />The current controlset is ControlSet001<br /><strong>ATTENTION!:=====&gt; FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.</strong><br /><br />==================== Registry (Whitelisted) ==================<br /><br />HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [207845 2011-04-29] ()<br />HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)<br />Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]<br />HKLM-x32\...\Run: [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe [4144448 2010-11-10] (Dell, Inc.)<br />HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)<br />HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)<br />HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)<br />HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()<br />HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj [2825741 2011-04-29] ()<br />HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)<br />HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)<br />HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)<br />HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)<br />HKU\Kelly\...\Run: [SansaDispatch] - C:\Users\Kelly\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [613888 2013-07-14] (SanDisk Corporation)<br />HKU\Kelly\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5622512 2013-05-14] (SUPERAntiSpyware.com)<br /><br />==================== Services (Whitelisted) =================<br /><br />S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)<br />S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-07-31] (SurfRight B.V.)<br /><br />==================== Drivers (Whitelisted) ====================<br /><br />S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57032 2013-08-02] (Emsisoft GmbH)<br />S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57032 2013-08-02] (Emsisoft GmbH)<br />S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32000 2013-07-31] ()<br />S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)<br />S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)<br />S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)<br />S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)<br />S3 catchme; \??\C:\ComboFix\catchme.sys [x]<br /><br />==================== NetSvcs (Whitelisted) ===================<br /><br /><br />==================== One Month Created Files and Folders ========<br /><br />2013-08-04 12:50 - 2013-08-04 12:50 - 00000477 _____ C:\Users\Kelly\Desktop\aswMBR.txt<br />2013-08-04 11:42 - 2013-08-04 12:37 - 04745728 _____ (AVAST Software) C:\Users\Kelly\Downloads\aswMBR.exe<br />2013-08-04 11:15 - 2013-08-04 11:15 - 00015939 _____ C:\Users\Kelly\Desktop\dds.txt<br />2013-08-04 11:15 - 2013-08-04 11:15 - 00010917 _____ C:\Users\Kelly\Desktop\attach.txt<br />2013-08-04 08:46 - 2013-08-04 08:58 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)<br />2013-08-04 08:05 - 2013-08-04 08:05 - 00002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk<br />2013-08-04 08:05 - 2013-08-04 08:05 - 00002261 _____ C:\ProgramData\Desktop\Google Chrome.lnk<br />2013-08-04 08:04 - 2013-08-04 12:14 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job<br />2013-08-04 08:04 - 2013-08-04 08:14 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job<br />2013-08-04 08:04 - 2013-08-04 08:09 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA<br />2013-08-04 08:04 - 2013-08-04 08:09 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore<br />2013-08-04 08:04 - 2013-08-04 08:05 - 00000000 ____D C:\Users\Kelly\AppData\Local\Google<br />2013-08-04 08:04 - 2013-08-04 08:05 - 00000000 ____D C:\Program Files (x86)\Google<br />2013-08-04 08:04 - 2013-08-04 08:04 - 00003584 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 74bea932-c441-4bc5-8f67-d41e98b5ebc2<br />2013-08-04 08:04 - 2013-08-04 08:04 - 00003510 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 032753cb-4702-4af1-a5bb-ae4f6d1a0310<br />2013-08-04 08:04 - 2013-08-04 08:04 - 00001770 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk<br />2013-08-04 08:04 - 2013-08-04 08:04 - 00001770 _____ C:\ProgramData\Desktop\SUPERAntiSpyware Free Edition.lnk<br />2013-08-04 08:04 - 2013-08-04 08:04 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 74bea932-c441-4bc5-8f67-d41e98b5ebc2.job<br />2013-08-04 08:04 - 2013-08-04 08:04 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 032753cb-4702-4af1-a5bb-ae4f6d1a0310.job<br />2013-08-04 08:04 - 2013-08-04 08:04 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\SUPERAntiSpyware.com<br />2013-08-04 08:03 - 2013-08-04 08:04 - 00000000 ____D C:\Program Files\SUPERAntiSpyware<br />2013-08-04 08:03 - 2013-08-04 08:03 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com<br />2013-08-03 14:58 - 2013-08-03 14:58 - 00000000 ____D C:\Program Files (x86)\ESET<br />2013-08-03 13:58 - 2013-08-03 13:58 - 00000660 _____ C:\Users\Kelly\Desktop\HitmanPro_x64 - Shortcut.lnk<br />2013-08-03 13:54 - 2013-08-03 13:54 - 00000673 _____ C:\Users\Kelly\Desktop\tdsskiller - Shortcut (2).lnk<br />2013-08-03 13:26 - 2013-08-03 13:26 - 00000000 ____D C:\TDSSKiller_Quarantine<br />2013-08-03 13:05 - 2013-08-03 13:05 - 00000000 ____D C:\Users\Kelly\AppData\Local\Apple Computer<br />2013-08-03 12:35 - 2013-08-03 12:35 - 00000639 _____ C:\Users\Kelly\Desktop\tdsskiller - Shortcut.lnk<br />2013-08-03 12:21 - 2013-08-03 12:21 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Macromedia<br />2013-08-03 10:57 - 2013-08-03 10:57 - 00000548 _____ C:\Users\Kelly\Desktop\Emsisoft Emergency Kit.lnk<br />2013-08-03 10:57 - 2013-08-03 10:57 - 00000000 ____D C:\EEK<br />2013-08-03 10:05 - 2013-08-03 10:05 - 00002174 _____ C:\Users\Kelly\Desktop\Rkill notepad.txt<br />2013-08-03 10:01 - 2013-08-03 10:04 - 00002174 _____ C:\Users\Kelly\Desktop\Rkill.txt<br />2013-08-03 09:19 - 2013-08-03 09:19 - 00074856 _____ C:\Users\Kelly\AppData\Local\GDIPFONTCACHEV1.DAT<br />2013-08-03 08:32 - 2013-08-03 08:32 - 00000000 ____D C:\Users\Kelly\AppData\Local\Apple<br />2013-08-03 08:32 - 2013-08-03 08:32 - 00000000 ____D C:\ProgramData\VirtualizedApplications<br />2013-08-01 14:36 - 2013-08-01 14:36 - 00000478 _____ C:\Users\Public\Desktop\Emergency Backup.lnk<br />2013-08-01 14:36 - 2013-08-01 14:36 - 00000478 _____ C:\ProgramData\Desktop\Emergency Backup.lnk<br />2013-08-01 09:08 - 2013-08-01 09:08 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Dell Touch Zone<br />2013-08-01 09:08 - 2013-08-01 09:08 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Dell<br />2013-08-01 09:07 - 2013-08-04 07:17 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Apple Computer<br />2013-08-01 09:07 - 2013-08-01 09:07 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Leadertech<br />2013-07-31 14:06 - 2013-07-31 14:06 - 00000000 ____D C:\Users\Kelly\AppData\Local\SoftThinks<br />2013-07-31 14:05 - 2013-07-31 14:05 - 00000000 ____D C:\ProgramData\HitmanPro<br />2013-07-31 13:05 - 2013-08-01 14:36 - 00000000 ____D C:\Emergency<br />2013-07-31 09:41 - 2013-07-31 09:41 - 00001402 _____ C:\Windows\System32\HitmanPro_20130731_1041.log<br />2013-07-31 09:37 - 2013-08-01 11:48 - 00000000 ____D C:\Program Files\HitmanPro<br />2013-07-31 09:37 - 2013-07-31 10:18 - 00032000 _____ C:\Windows\System32\Drivers\hitmanpro37.sys<br />2013-07-31 09:37 - 2013-07-31 10:18 - 00001783 _____ C:\Users\Public\Desktop\HitmanPro.lnk<br />2013-07-31 09:37 - 2013-07-31 10:18 - 00001783 _____ C:\ProgramData\Desktop\HitmanPro.lnk<br />2013-07-14 14:11 - 2013-08-01 11:48 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\SanDisk<br />2013-07-14 12:48 - 2013-08-01 11:48 - 00000000 ____D C:\Program Files (x86)\OverDrive Media Console<br />2013-07-14 12:48 - 2013-07-14 12:48 - 00002519 _____ C:\Users\Public\Desktop\OverDrive Media Console.lnk<br />2013-07-14 12:48 - 2013-07-14 12:48 - 00002519 _____ C:\ProgramData\Desktop\OverDrive Media Console.lnk<br />2013-07-11 02:03 - 2013-06-11 18:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll<br />2013-07-11 02:03 - 2013-06-11 18:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll<br />2013-07-11 02:03 - 2013-06-11 18:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll<br />2013-07-11 02:03 - 2013-06-11 18:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll<br />2013-07-11 02:03 - 2013-06-11 18:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll<br />2013-07-11 02:03 - 2013-06-11 18:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll<br />2013-07-11 02:03 - 2013-06-11 18:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll<br />2013-07-11 02:03 - 2013-06-11 18:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll<br />2013-07-11 02:03 - 2013-06-11 18:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll<br />2013-07-11 02:03 - 2013-06-11 18:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll<br />2013-07-11 02:03 - 2013-06-11 18:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll<br />2013-07-11 02:03 - 2013-06-11 18:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll<br />2013-07-11 02:03 - 2013-06-11 18:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll<br />2013-07-11 02:03 - 2013-06-11 18:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll<br />2013-07-11 02:03 - 2013-06-11 18:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll<br />2013-07-11 02:03 - 2013-06-11 18:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe<br />2013-07-11 02:03 - 2013-06-11 18:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll<br />2013-07-11 02:03 - 2013-06-11 18:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll<br />2013-07-11 02:03 - 2013-06-11 18:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll<br />2013-07-11 02:03 - 2013-06-11 18:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll<br />2013-07-11 02:03 - 2013-06-11 18:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll<br />2013-07-11 02:03 - 2013-06-11 18:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll<br />2013-07-11 02:03 - 2013-06-11 18:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll<br />2013-07-11 02:03 - 2013-06-11 18:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll<br />2013-07-11 02:03 - 2013-06-11 18:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll<br />2013-07-11 02:03 - 2013-06-11 18:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll<br />2013-07-11 02:03 - 2013-06-11 18:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll<br />2013-07-11 02:03 - 2013-06-11 17:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe<br />2013-07-11 02:03 - 2013-06-11 17:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe<br />2013-07-11 02:03 - 2013-06-06 22:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb<br />2013-07-11 02:03 - 2013-06-06 21:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb<br />2013-07-10 05:57 - 2013-06-04 01:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll<br />2013-07-10 05:57 - 2013-06-03 23:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll<br />2013-07-10 05:57 - 2013-05-06 01:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL<br />2013-07-10 05:57 - 2013-05-05 23:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL<br />2013-07-10 05:56 - 2013-06-04 22:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys<br />2013-07-10 05:56 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll<br />2013-07-10 05:56 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll<br />126<br /><br />==================== One Month Modified Files and Folders =======<br /><br />2013-08-05 08:30 - 2013-08-05 08:30 - 00000000 ____D C:\FRST<br />2013-08-04 12:50 - 2013-08-04 12:50 - 00000477 _____ C:\Users\Kelly\Desktop\aswMBR.txt<br />2013-08-04 12:40 - 2011-10-15 01:26 - 02052807 _____ C:\Windows\WindowsUpdate.log<br />2013-08-04 12:37 - 2013-08-04 11:42 - 04745728 _____ (AVAST Software) C:\Users\Kelly\Downloads\aswMBR.exe<br />2013-08-04 12:33 - 2012-04-24 09:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job<br />2013-08-04 12:14 - 2013-08-04 08:04 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job<br />2013-08-04 11:15 - 2013-08-04 11:15 - 00015939 _____ C:\Users\Kelly\Desktop\dds.txt<br />2013-08-04 11:15 - 2013-08-04 11:15 - 00010917 _____ C:\Users\Kelly\Desktop\attach.txt<br />2013-08-04 08:58 - 2013-08-04 08:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)<br />2013-08-04 08:39 - 2009-07-14 00:13 - 00779788 _____ C:\Windows\System32\PerfStringBackup.INI<br />2013-08-04 08:14 - 2013-08-04 08:04 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job<br />2013-08-04 08:09 - 2013-08-04 08:04 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA<br />2013-08-04 08:09 - 2013-08-04 08:04 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore<br />2013-08-04 08:05 - 2013-08-04 08:05 - 00002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk<br />2013-08-04 08:05 - 2013-08-04 08:05 - 00002261 _____ C:\ProgramData\Desktop\Google Chrome.lnk<br />2013-08-04 08:05 - 2013-08-04 08:04 - 00000000 ____D C:\Users\Kelly\AppData\Local\Google<br />2013-08-04 08:05 - 2013-08-04 08:04 - 00000000 ____D C:\Program Files (x86)\Google<br />2013-08-04 08:04 - 2013-08-04 08:04 - 00003584 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 74bea932-c441-4bc5-8f67-d41e98b5ebc2<br />2013-08-04 08:04 - 2013-08-04 08:04 - 00003510 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 032753cb-4702-4af1-a5bb-ae4f6d1a0310<br />2013-08-04 08:04 - 2013-08-04 08:04 - 00001770 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk<br />2013-08-04 08:04 - 2013-08-04 08:04 - 00001770 _____ C:\ProgramData\Desktop\SUPERAntiSpyware Free Edition.lnk<br />2013-08-04 08:04 - 2013-08-04 08:04 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 74bea932-c441-4bc5-8f67-d41e98b5ebc2.job<br />2013-08-04 08:04 - 2013-08-04 08:04 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 032753cb-4702-4af1-a5bb-ae4f6d1a0310.job<br />2013-08-04 08:04 - 2013-08-04 08:04 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\SUPERAntiSpyware.com<br />2013-08-04 08:04 - 2013-08-04 08:03 - 00000000 ____D C:\Program Files\SUPERAntiSpyware<br />2013-08-04 08:03 - 2013-08-04 08:03 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com<br />2013-08-04 07:28 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0<br />2013-08-04 07:28 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0<br />2013-08-04 07:17 - 2013-08-01 09:07 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Apple Computer<br />2013-08-03 17:00 - 2012-09-25 07:57 - 00000466 _____ C:\Windows\Tasks\ParetoLogic Registration.job<br />2013-08-03 14:58 - 2013-08-03 14:58 - 00000000 ____D C:\Program Files (x86)\ESET<br />2013-08-03 13:58 - 2013-08-03 13:58 - 00000660 _____ C:\Users\Kelly\Desktop\HitmanPro_x64 - Shortcut.lnk<br />2013-08-03 13:54 - 2013-08-03 13:54 - 00000673 _____ C:\Users\Kelly\Desktop\tdsskiller - Shortcut (2).lnk<br />2013-08-03 13:26 - 2013-08-03 13:26 - 00000000 ____D C:\TDSSKiller_Quarantine<br />2013-08-03 13:05 - 2013-08-03 13:05 - 00000000 ____D C:\Users\Kelly\AppData\Local\Apple Computer<br />2013-08-03 13:05 - 2012-01-06 18:33 - 00000000 ____D C:\ProgramData\Apple Computer<br />2013-08-03 12:35 - 2013-08-03 12:35 - 00000639 _____ C:\Users\Kelly\Desktop\tdsskiller - Shortcut.lnk<br />2013-08-03 12:21 - 2013-08-03 12:21 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Macromedia<br />2013-08-03 11:42 - 2012-07-02 09:16 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk<br />2013-08-03 11:42 - 2012-07-02 09:16 - 00001115 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk<br />2013-08-03 11:42 - 2012-07-02 09:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware<br />2013-08-03 10:57 - 2013-08-03 10:57 - 00000548 _____ C:\Users\Kelly\Desktop\Emsisoft Emergency Kit.lnk<br />2013-08-03 10:57 - 2013-08-03 10:57 - 00000000 ____D C:\EEK<br />2013-08-03 10:56 - 2012-06-27 07:01 - 00012622 _____ C:\Windows\setupact.log<br />2013-08-03 10:05 - 2013-08-03 10:05 - 00002174 _____ C:\Users\Kelly\Desktop\Rkill notepad.txt<br />2013-08-03 10:04 - 2013-08-03 10:01 - 00002174 _____ C:\Users\Kelly\Desktop\Rkill.txt<br />2013-08-03 09:19 - 2013-08-03 09:19 - 00074856 _____ C:\Users\Kelly\AppData\Local\GDIPFONTCACHEV1.DAT<br />2013-08-03 09:02 - 2011-10-15 02:06 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks<br />2013-08-03 09:02 - 2011-10-15 02:06 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks<br />2013-08-03 08:47 - 2011-10-15 01:41 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup<br />2013-08-03 08:32 - 2013-08-03 08:32 - 00000000 ____D C:\Users\Kelly\AppData\Local\Apple<br />2013-08-03 08:32 - 2013-08-03 08:32 - 00000000 ____D C:\ProgramData\VirtualizedApplications<br />2013-08-03 08:22 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT<br />2013-08-01 14:36 - 2013-08-01 14:36 - 00000478 _____ C:\Users\Public\Desktop\Emergency Backup.lnk<br />2013-08-01 14:36 - 2013-08-01 14:36 - 00000478 _____ C:\ProgramData\Desktop\Emergency Backup.lnk<br />2013-08-01 14:36 - 2013-07-31 13:05 - 00000000 ____D C:\Emergency<br />2013-08-01 14:35 - 2011-12-16 12:54 - 00000000 ____D C:\users\Kelly<br />2013-08-01 12:00 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal<br />2013-08-01 11:58 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media<br />2013-08-01 11:55 - 2012-06-26 20:02 - 00000000 ____D C:\Windows\Minidump<br />2013-08-01 11:53 - 2010-11-21 02:16 - 00000000 ____D C:\Windows\ShellNew<br />2013-08-01 11:53 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\WinBioPlugIns<br />2013-08-01 11:53 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Offline Web Pages<br />2013-08-01 11:53 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\addins<br />2013-08-01 11:53 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar<br />2013-08-01 11:53 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Portable Devices<br />2013-08-01 11:53 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer<br />2013-08-01 11:53 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender<br />2013-08-01 11:53 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker<br />2013-08-01 11:53 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar<br />2013-08-01 11:53 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices<br />2013-08-01 11:53 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer<br />2013-08-01 11:53 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\TAPI<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\uk-UA<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\th-TH<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sppui<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sl-SI<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sk-SK<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Setup<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ro-RO<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Recovery<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ras<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\oobe<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\icsxml<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\hr-HR<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\com<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\bg-BG<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\zh-HK<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\uk-UA<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\tr-TR<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\th-TH<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sysprep<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sr-Latn-CS<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sppui<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sl-SI<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sk-SK<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Setup<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ro-RO<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ras<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\oobe<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Msdtc<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\migwiz<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\manifeststore<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\lv-LV<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\lt-LT<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\icsxml<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ias<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\hr-HR<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\he-IL<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\et-EE<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Dism<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\com<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\bg-BG<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ar-SA<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\servicing<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\L2Schemas<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\IME<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Cursors<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System<br />2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Services<br />2013-08-01 11:50 - 2011-10-15 01:28 - 00000000 ____D C:\Windows\SysWOW64\Macromed<br />2013-08-01 11:50 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\SysWOW64\winrm<br />2013-08-01 11:50 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\SysWOW64\WCN<br />2013-08-01 11:50 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\SysWOW64\slmgr<br />2013-08-01 11:50 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts<br />2013-08-01 11:50 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\SysWOW64\WindowsPowerShell<br />2013-08-01 11:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\spp<br />2013-08-01 11:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Speech<br />2013-08-01 11:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\NetworkList<br />2013-08-01 11:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\MUI<br />2013-08-01 11:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Msdtc<br />2013-08-01 11:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\IME<br />2013-08-01 11:49 - 2012-02-13 08:34 - 00000000 ____D C:\Windows\System32\Macromed<br />2013-08-01 11:49 - 2012-01-06 18:33 - 00000000 ____D C:\Windows\System32\Tasks\Apple<br />2013-08-01 11:49 - 2011-12-17 12:23 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform<br />2013-08-01 11:49 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\System32\winrm<br />2013-08-01 11:49 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\System32\WCN<br />2013-08-01 11:49 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\System32\slmgr<br />2013-08-01 11:49 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts<br />2013-08-01 11:49 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\WindowsPowerShell<br />2013-08-01 11:49 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\restore<br />2013-08-01 11:49 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Performance<br />2013-08-01 11:49 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD<br />2013-08-01 11:49 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\Setup<br />2013-08-01 11:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\spp<br />2013-08-01 11:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\spool<br />2013-08-01 11:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Speech<br />2013-08-01 11:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\SMI<br />2013-08-01 11:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NetworkList<br />2013-08-01 11:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF<br />2013-08-01 11:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\MUI<br />2013-08-01 11:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\IME<br />2013-08-01 11:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Speech<br />2013-08-01 11:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\security<br />2013-08-01 11:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\schemas<br />2013-08-01 11:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Resources<br />2013-08-01 11:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PLA<br />2013-08-01 11:48 - 2013-07-31 09:37 - 00000000 ____D C:\Program Files\HitmanPro<br />2013-08-01 11:48 - 2013-07-14 14:11 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\SanDisk<br />2013-08-01 11:48 - 2013-07-14 12:48 - 00000000 ____D C:\Program Files (x86)\OverDrive Media Console<br />2013-08-01 11:48 - 2013-06-09 10:20 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69<br />2013-08-01 11:48 - 2013-06-09 10:20 - 00000000 ____D C:\Program Files\iTunes<br />2013-08-01 11:48 - 2013-06-09 10:20 - 00000000 ____D C:\Program Files\iPod<br />2013-08-01 11:48 - 2013-06-09 10:20 - 00000000 ____D C:\Program Files (x86)\iTunes<br />2013-08-01 11:48 - 2013-06-09 10:17 - 00000000 ____D C:\Program Files (x86)\QuickTime<br />2013-08-01 11:48 - 2013-05-17 07:46 - 00000000 ____D C:\Program Files\AVAST Software<br />2013-08-01 11:48 - 2013-03-18 08:01 - 00000000 ____D C:\Users\Kelly\AppData\Local\HP<br />2013-08-01 11:48 - 2013-03-18 08:01 - 00000000 ____D C:\ProgramData\HP<br />2013-08-01 11:48 - 2013-02-18 13:02 - 00000000 ____D C:\ProgramData\3AEBC5F1A44E322500003AEB8B0B3743<br />2013-08-01 11:48 - 2013-01-29 18:40 - 00000000 ___RD C:\Users\Kelly\Desktop\Iphone 1-29-13<br />2013-08-01 11:48 - 2012-09-25 07:56 - 00000000 ____D C:\ProgramData\Cached Installations<br />2013-08-01 11:48 - 2012-09-05 02:01 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Skype<br />2013-08-01 11:48 - 2012-07-02 09:16 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Malwarebytes<br />2013-08-01 11:48 - 2012-07-02 09:16 - 00000000 ____D C:\ProgramData\Malwarebytes<br />2013-08-01 11:48 - 2012-04-24 15:43 - 00000000 ____D C:\ProgramData\Virtualized Applications<br />2013-08-01 11:48 - 2012-04-24 10:31 - 00000000 ____D C:\Program Files (x86)\DownloadXCtrl.com<br />2013-08-01 11:48 - 2012-04-16 14:58 - 00000000 ____D C:\Windows\ERDNT<br />2013-08-01 11:48 - 2012-04-16 14:58 - 00000000 ____D C:\Qoobox<br />2013-08-01 11:48 - 2012-03-21 17:34 - 00000000 ____D C:\Program Files (x86)\Coupons<br />2013-08-01 11:48 - 2012-02-02 10:47 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\IObit<br />2013-08-01 11:48 - 2012-02-02 10:47 - 00000000 ____D C:\ProgramData\IObit<br />2013-08-01 11:48 - 2012-02-02 10:47 - 00000000 ____D C:\Program Files (x86)\IObit<br />2013-08-01 11:48 - 2012-02-01 03:17 - 00000000 ____D C:\found.000<br />2013-08-01 11:48 - 2012-01-21 12:51 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Macrovision<br />2013-08-01 11:48 - 2012-01-08 14:46 - 00000000 ___SD C:\Users\Kelly\Documents\My Data Sources<br />2013-08-01 11:48 - 2012-01-06 18:33 - 00000000 ____D C:\Program Files (x86)\Apple Software Update<br />2013-08-01 11:48 - 2012-01-06 18:32 - 00000000 ____D C:\ProgramData\Apple<br />2013-08-01 11:48 - 2012-01-06 18:32 - 00000000 ____D C:\Program Files\Common Files\Apple<br />2013-08-01 11:48 - 2012-01-06 18:32 - 00000000 ____D C:\Program Files\Bonjour<br />2013-08-01 11:48 - 2012-01-06 18:32 - 00000000 ____D C:\Program Files (x86)\Bonjour<br />2013-08-01 11:48 - 2012-01-02 10:44 - 00000000 ____D C:\ProgramData\Microsoft Help<br />2013-08-01 11:48 - 2011-12-17 12:24 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\SoftGrid Client<br />2013-08-01 11:48 - 2011-12-17 12:23 - 00000000 ____D C:\Program Files\Microsoft Office<br />2013-08-01 11:48 - 2011-12-17 12:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client<br />2013-08-01 11:48 - 2011-12-16 13:03 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Adobe<br />2013-08-01 11:48 - 2011-12-16 12:58 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Roxio<br />2013-08-01 11:48 - 2011-12-16 12:57 - 00000000 ____D C:\Users\Kelly\AppData\Local\VirtualStore<br />2013-08-01 11:48 - 2011-10-15 03:23 - 00000000 ____D C:\Program Files\CONEXANT<br />2013-08-01 11:48 - 2011-10-15 03:09 - 00000000 ___RD C:\Users\Default\Desktop\Play Games<br />2013-08-01 11:48 - 2011-10-15 03:09 - 00000000 ___RD C:\Users\Default User\Desktop\Play Games<br />2013-08-01 11:48 - 2011-10-15 03:09 - 00000000 ____D C:\Program Files\Dell Games Folder<br />2013-08-01 11:48 - 2011-10-15 02:00 - 00000000 ____D C:\Program Files\Roxio<br />2013-08-01 11:48 - 2011-10-15 01:55 - 00000000 ____D C:\ProgramData\Adobe<br />2013-08-01 11:48 - 2011-10-15 01:54 - 00000000 ____D C:\Program Files (x86)\TrustedID<br />2013-08-01 11:48 - 2011-10-15 01:54 - 00000000 ____D C:\Program Files (x86)\Jagex<br />2013-08-01 11:48 - 2011-10-15 01:51 - 00000000 ____D C:\Program Files (x86)\System Registration<br />2013-08-01 11:48 - 2011-10-15 01:50 - 00000000 ____D C:\Windows\en<br />2013-08-01 11:48 - 2011-10-15 01:49 - 00000000 ____D C:\Program Files (x86)\Windows Live<br />2013-08-01 11:48 - 2011-10-15 01:48 - 00000000 ____D C:\Program Files\Windows Live<br />2013-08-01 11:48 - 2011-10-15 01:45 - 00000000 ____D C:\Program Files (x86)\Cyberlink<br />2013-08-01 11:48 - 2011-10-15 01:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Office<br />2013-08-01 11:48 - 2011-10-15 01:43 - 00000000 ____D C:\Program Files (x86)\eBay<br />2013-08-01 11:48 - 2011-10-15 01:42 - 00000000 ____D C:\ProgramData\Skype<br />2013-08-01 11:48 - 2011-10-15 01:37 - 00000000 ____D C:\Program Files (x86)\WildTangent Games<br />2013-08-01 11:48 - 2011-10-15 01:35 - 00000000 ____D C:\Program Files (x86)\Citrix<br />2013-08-01 11:48 - 2011-10-15 01:28 - 00000000 ____D C:\Program Files\Dell Inc<br />2013-08-01 11:48 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Reference Assemblies<br />2013-08-01 11:48 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\MSBuild<br />2013-08-01 11:48 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Microsoft Games<br />2013-08-01 11:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help<br />2013-08-01 11:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Globalization<br />2013-08-01 11:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Branding<br />2013-08-01 11:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat<br />2013-08-01 11:48 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Windows NT<br />2013-08-01 11:48 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared<br />2013-08-01 11:48 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files (x86)\Windows NT<br />2013-08-01 11:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration<br />2013-08-01 11:27 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Web<br />2013-08-01 11:27 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Vss<br />2013-08-01 11:11 - 2011-12-16 12:58 - 00000000 ____D C:\Users\Kelly\AppData\Local\Dell<br />2013-08-01 11:11 - 2011-10-15 02:02 - 00000000 ____D C:\ProgramData\Uninstall<br />2013-08-01 11:11 - 2009-07-13 22:20 - 00000000 ____D C:\users\Default<br />2013-08-01 11:10 - 2011-10-15 03:16 - 00000000 ____D C:\ProgramData\dell<br />2013-08-01 11:10 - 2011-10-15 01:57 - 00000000 ____D C:\ProgramData\Macrovision<br />2013-08-01 11:10 - 2011-10-15 01:52 - 00000000 ____D C:\ProgramData\McAfee<br />2013-08-01 11:10 - 2011-10-15 01:35 - 00000000 ____D C:\Program Files\Java<br />2013-08-01 11:10 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines<br />2013-08-01 11:09 - 2011-10-15 03:23 - 00000000 ____D C:\Program Files\Common Files\Intel<br />2013-08-01 11:09 - 2011-10-15 01:57 - 00000000 ____D C:\Program Files (x86)\Roxio<br />2013-08-01 11:09 - 2011-10-15 01:50 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition<br />2013-08-01 11:09 - 2011-10-15 01:37 - 00000000 ____D C:\Program Files (x86)\WildTangent<br />2013-08-01 11:09 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies<br />2013-08-01 11:09 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\MSBuild<br />2013-08-01 11:08 - 2011-10-15 03:23 - 00000000 ____D C:\Program Files (x86)\Intel<br />2013-08-01 11:08 - 2011-10-15 01:46 - 00000000 ____D C:\Program Files (x86)\Dell Stage<br />2013-08-01 11:08 - 2011-10-15 01:45 - 00000000 ____D C:\Program Files (x86)\Dell<br />2013-08-01 11:08 - 2011-10-15 01:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information<br />2013-08-01 11:08 - 2011-10-15 01:35 - 00000000 ____D C:\Program Files (x86)\Java<br />2013-08-01 11:07 - 2012-05-11 09:30 - 00000000 ____D C:\Program Files (x86)\Adobe<br />2013-08-01 11:07 - 2012-01-02 09:48 - 00000000 __RHD C:\MSOCache<br />2013-08-01 11:07 - 2011-02-10 09:01 - 00000000 ____D C:\dell<br />2013-08-01 09:08 - 2013-08-01 09:08 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Dell Touch Zone<br />2013-08-01 09:08 - 2013-08-01 09:08 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Dell<br />2013-08-01 09:08 - 2011-10-15 01:59 - 00000000 ____D C:\ProgramData\Sonic<br />2013-08-01 09:07 - 2013-08-01 09:07 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Leadertech<br />2013-07-31 14:40 - 2011-02-10 09:02 - 00000000 ____D C:\Hotfix<br />2013-07-31 14:39 - 2011-10-15 01:52 - 00000000 ____D C:\Program Files\mcafee<br />2013-07-31 14:39 - 2011-10-15 01:52 - 00000000 ____D C:\Program Files\Dell Support Center<br />2013-07-31 14:39 - 2011-10-15 01:52 - 00000000 ____D C:\Program Files\Common Files\mcafee<br />2013-07-31 14:39 - 2011-10-15 01:52 - 00000000 ____D C:\Program Files (x86)\mcafee.com<br />2013-07-31 14:39 - 2011-10-15 01:52 - 00000000 ____D C:\Program Files (x86)\McAfee<br />2013-07-31 14:39 - 2011-10-15 01:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight<br />2013-07-31 14:39 - 2011-10-15 01:43 - 00000000 ___RD C:\Program Files (x86)\Skype<br />2013-07-31 14:39 - 2011-10-15 01:37 - 00000000 ____D C:\ProgramData\WildTangent<br />2013-07-31 14:39 - 2010-11-21 02:16 - 00000000 ___RD C:\Users\Public\Recorded TV<br />2013-07-31 14:39 - 2010-11-20 21:50 - 00000000 ____D C:\users\Administrator<br />2013-07-31 14:06 - 2013-07-31 14:06 - 00000000 ____D C:\Users\Kelly\AppData\Local\SoftThinks<br />2013-07-31 14:05 - 2013-07-31 14:05 - 00000000 ____D C:\ProgramData\HitmanPro<br />2013-07-31 10:18 - 2013-07-31 09:37 - 00032000 _____ C:\Windows\System32\Drivers\hitmanpro37.sys<br />2013-07-31 10:18 - 2013-07-31 09:37 - 00001783 _____ C:\Users\Public\Desktop\HitmanPro.lnk<br />2013-07-31 10:18 - 2013-07-31 09:37 - 00001783 _____ C:\ProgramData\Desktop\HitmanPro.lnk<br />2013-07-31 09:41 - 2013-07-31 09:41 - 00001402 _____ C:\Windows\System32\HitmanPro_20130731_1041.log<br />2013-07-14 12:48 - 2013-07-14 12:48 - 00002519 _____ C:\Users\Public\Desktop\OverDrive Media Console.lnk<br />2013-07-14 12:48 - 2013-07-14 12:48 - 00002519 _____ C:\ProgramData\Desktop\OverDrive Media Console.lnk<br />2013-07-11 02:24 - 2009-07-13 23:45 - 00322280 _____ C:\Windows\System32\FNTCACHE.DAT<br />2013-07-11 02:05 - 2012-06-26 20:36 - 00000215 _____ C:\Windows\System32\MRT.INI<br />2013-07-11 02:04 - 2012-04-24 14:57 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe<br /><br />==================== Known DLLs (Whitelisted) ================<br /><br /><br />==================== Bamital &amp; volsnap Check =================<br /><br />C:\Windows\System32\winlogon.exe =&gt; MD5 is legit<br />C:\Windows\System32\wininit.exe =&gt; MD5 is legit<br />C:\Windows\SysWOW64\wininit.exe =&gt; MD5 is legit<br />C:\Windows\explorer.exe =&gt; MD5 is legit<br />C:\Windows\SysWOW64\explorer.exe =&gt; MD5 is legit<br />C:\Windows\System32\svchost.exe =&gt; MD5 is legit<br />C:\Windows\SysWOW64\svchost.exe =&gt; MD5 is legit<br />C:\Windows\System32\services.exe =&gt; MD5 is legit<br />C:\Windows\System32\User32.dll =&gt; MD5 is legit<br />C:\Windows\SysWOW64\User32.dll =&gt; MD5 is legit<br />C:\Windows\System32\userinit.exe =&gt; MD5 is legit<br />C:\Windows\SysWOW64\userinit.exe =&gt; MD5 is legit<br />C:\Windows\System32\Drivers\volsnap.sys =&gt; MD5 is legit<br /><br />TDL4: custom:26000022 &lt;===== ATTENTION!<br /><br />==================== EXE ASSOCIATION =====================<br /><br />HKLM\...\.exe: exefile =&gt; OK<br />HKLM\...\exefile\DefaultIcon: %1 =&gt; OK<br />HKLM\...\exefile\open\command: "%1" %* =&gt; OK<br /><br />==================== Restore Points =========================<br /><br />Restore point made on: 2013-08-04 05:44:42<br />Restore point made on: 2013-08-04 05:48:17<br /><br />==================== Memory info ===========================<br /><br />Percentage of memory in use: 10%<br />Total physical RAM: 8104.63 MB<br />Available physical RAM: 7284.35 MB<br />Total Pagefile: 8102.83 MB<br />Available Pagefile: 7303.74 MB<br />Total Virtual: 8192 MB<br />Available Virtual: 8191.86 MB<br /><br />==================== Drives ================================<br /><br />Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:837.18 GB) NTFS (Disk=0 Partition=3)<br />Drive e: (RECOVERY) (Fixed) (Total:14.81 GB) (Free:6.25 GB) NTFS (Disk=0 Partition=2) ==&gt;[System with boot components (obtained from reading drive)]<br />ATTENTION: Malware custom entry on BCD on drive e: detected.<br />Drive g: (HITMANPRO) (Removable) (Total:0.05 GB) (Free:0.01 GB) FAT32 (Disk=2 Partition=1)<br />Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS<br /><br />==================== MBR &amp; Partition Table ==================<br /><br />========================================================<br />Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 7EE81D5A)<br />Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)<br />Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)<br />Partition 3: (Not Active) - (Size=917 GB) - (Type=07 NTFS)<br /><br />========================================================<br />Disk: 2 (Size: 60 MB) (Disk ID: 5EE7CD37)<br />Partition 1: (Active) - (Size=55 MB) - (Type=0B)<br /><br /><br />LastRegBack: 2013-08-03 09:43<br /><br />==================== End Of Log ============================

#9 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:17 AM

Posted 05 August 2013 - 09:12 PM

Hi,

 

Could you just attach the log made by FRST please?  Sorry for any delay....long work day and coaching son's football team.  


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#10 awhitesoxfan

awhitesoxfan
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 06 August 2013 - 08:02 AM

I have tried to copy and paste FRST text file (documents, flash) numerous times without success.

 

I do not know why it does not work.

 

What I sent you #8,  was from notepad



#11 awhitesoxfan

awhitesoxfan
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 06 August 2013 - 12:25 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-08-2013
Ran by SYSTEM on 05-08-2013 08:32:01
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [207845 2011-04-29] ()
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM-x32\...\Run: [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe [4144448 2010-11-10] (Dell, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj [2825741 2011-04-29] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKU\Kelly\...\Run: [SansaDispatch] - C:\Users\Kelly\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [613888 2013-07-14] (SanDisk Corporation)
HKU\Kelly\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5622512 2013-05-14] (SUPERAntiSpyware.com)

==================== Services (Whitelisted) =================

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-07-31] (SurfRight B.V.)

==================== Drivers (Whitelisted) ====================

S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57032 2013-08-02] (Emsisoft GmbH)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57032 2013-08-02] (Emsisoft GmbH)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32000 2013-07-31] ()
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-04 12:50 - 2013-08-04 12:50 - 00000477 _____ C:\Users\Kelly\Desktop\aswMBR.txt
2013-08-04 11:42 - 2013-08-04 12:37 - 04745728 _____ (AVAST Software) C:\Users\Kelly\Downloads\aswMBR.exe
2013-08-04 11:15 - 2013-08-04 11:15 - 00015939 _____ C:\Users\Kelly\Desktop\dds.txt
2013-08-04 11:15 - 2013-08-04 11:15 - 00010917 _____ C:\Users\Kelly\Desktop\attach.txt
2013-08-04 08:46 - 2013-08-04 08:58 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-04 08:05 - 2013-08-04 08:05 - 00002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-04 08:05 - 2013-08-04 08:05 - 00002261 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2013-08-04 08:04 - 2013-08-04 12:14 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-04 08:04 - 2013-08-04 08:14 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-04 08:04 - 2013-08-04 08:09 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-04 08:04 - 2013-08-04 08:09 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-04 08:04 - 2013-08-04 08:05 - 00000000 ____D C:\Users\Kelly\AppData\Local\Google
2013-08-04 08:04 - 2013-08-04 08:05 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-04 08:04 - 2013-08-04 08:04 - 00003584 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 74bea932-c441-4bc5-8f67-d41e98b5ebc2
2013-08-04 08:04 - 2013-08-04 08:04 - 00003510 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 032753cb-4702-4af1-a5bb-ae4f6d1a0310
2013-08-04 08:04 - 2013-08-04 08:04 - 00001770 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-08-04 08:04 - 2013-08-04 08:04 - 00001770 _____ C:\ProgramData\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-08-04 08:04 - 2013-08-04 08:04 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 74bea932-c441-4bc5-8f67-d41e98b5ebc2.job
2013-08-04 08:04 - 2013-08-04 08:04 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 032753cb-4702-4af1-a5bb-ae4f6d1a0310.job
2013-08-04 08:04 - 2013-08-04 08:04 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\SUPERAntiSpyware.com
2013-08-04 08:03 - 2013-08-04 08:04 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-04 08:03 - 2013-08-04 08:03 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-08-03 14:58 - 2013-08-03 14:58 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-03 13:58 - 2013-08-03 13:58 - 00000660 _____ C:\Users\Kelly\Desktop\HitmanPro_x64 - Shortcut.lnk
2013-08-03 13:54 - 2013-08-03 13:54 - 00000673 _____ C:\Users\Kelly\Desktop\tdsskiller - Shortcut (2).lnk
2013-08-03 13:26 - 2013-08-03 13:26 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-08-03 13:05 - 2013-08-03 13:05 - 00000000 ____D C:\Users\Kelly\AppData\Local\Apple Computer
2013-08-03 12:35 - 2013-08-03 12:35 - 00000639 _____ C:\Users\Kelly\Desktop\tdsskiller - Shortcut.lnk
2013-08-03 12:21 - 2013-08-03 12:21 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Macromedia
2013-08-03 10:57 - 2013-08-03 10:57 - 00000548 _____ C:\Users\Kelly\Desktop\Emsisoft Emergency Kit.lnk
2013-08-03 10:57 - 2013-08-03 10:57 - 00000000 ____D C:\EEK
2013-08-03 10:05 - 2013-08-03 10:05 - 00002174 _____ C:\Users\Kelly\Desktop\Rkill notepad.txt
2013-08-03 10:01 - 2013-08-03 10:04 - 00002174 _____ C:\Users\Kelly\Desktop\Rkill.txt
2013-08-03 09:19 - 2013-08-03 09:19 - 00074856 _____ C:\Users\Kelly\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-03 08:32 - 2013-08-03 08:32 - 00000000 ____D C:\Users\Kelly\AppData\Local\Apple
2013-08-03 08:32 - 2013-08-03 08:32 - 00000000 ____D C:\ProgramData\VirtualizedApplications
2013-08-01 14:36 - 2013-08-01 14:36 - 00000478 _____ C:\Users\Public\Desktop\Emergency Backup.lnk
2013-08-01 14:36 - 2013-08-01 14:36 - 00000478 _____ C:\ProgramData\Desktop\Emergency Backup.lnk
2013-08-01 09:08 - 2013-08-01 09:08 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Dell Touch Zone
2013-08-01 09:08 - 2013-08-01 09:08 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Dell
2013-08-01 09:07 - 2013-08-04 07:17 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Apple Computer
2013-08-01 09:07 - 2013-08-01 09:07 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Leadertech
2013-07-31 14:06 - 2013-07-31 14:06 - 00000000 ____D C:\Users\Kelly\AppData\Local\SoftThinks
2013-07-31 14:05 - 2013-07-31 14:05 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-31 13:05 - 2013-08-01 14:36 - 00000000 ____D C:\Emergency
2013-07-31 09:41 - 2013-07-31 09:41 - 00001402 _____ C:\Windows\System32\HitmanPro_20130731_1041.log
2013-07-31 09:37 - 2013-08-01 11:48 - 00000000 ____D C:\Program Files\HitmanPro
2013-07-31 09:37 - 2013-07-31 10:18 - 00032000 _____ C:\Windows\System32\Drivers\hitmanpro37.sys
2013-07-31 09:37 - 2013-07-31 10:18 - 00001783 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-07-31 09:37 - 2013-07-31 10:18 - 00001783 _____ C:\ProgramData\Desktop\HitmanPro.lnk
2013-07-14 14:11 - 2013-08-01 11:48 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\SanDisk
2013-07-14 12:48 - 2013-08-01 11:48 - 00000000 ____D C:\Program Files (x86)\OverDrive Media Console
2013-07-14 12:48 - 2013-07-14 12:48 - 00002519 _____ C:\Users\Public\Desktop\OverDrive Media Console.lnk
2013-07-14 12:48 - 2013-07-14 12:48 - 00002519 _____ C:\ProgramData\Desktop\OverDrive Media Console.lnk
2013-07-11 02:03 - 2013-06-11 18:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 02:03 - 2013-06-11 18:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 02:03 - 2013-06-11 18:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 02:03 - 2013-06-11 18:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 02:03 - 2013-06-11 18:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 02:03 - 2013-06-11 18:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 02:03 - 2013-06-11 18:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 02:03 - 2013-06-11 18:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 02:03 - 2013-06-11 18:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 02:03 - 2013-06-11 18:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 02:03 - 2013-06-11 18:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 02:03 - 2013-06-11 18:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 02:03 - 2013-06-11 18:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 02:03 - 2013-06-11 18:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-11 02:03 - 2013-06-11 18:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-11 02:03 - 2013-06-11 18:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-11 02:03 - 2013-06-11 18:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-11 02:03 - 2013-06-11 18:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-11 02:03 - 2013-06-11 18:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-11 02:03 - 2013-06-11 18:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-11 02:03 - 2013-06-11 18:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-11 02:03 - 2013-06-11 18:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-11 02:03 - 2013-06-11 18:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-11 02:03 - 2013-06-11 18:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-11 02:03 - 2013-06-11 18:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-11 02:03 - 2013-06-11 18:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-11 02:03 - 2013-06-11 18:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-11 02:03 - 2013-06-11 17:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 02:03 - 2013-06-11 17:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-11 02:03 - 2013-06-06 22:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-11 02:03 - 2013-06-06 21:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 05:57 - 2013-06-04 01:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-10 05:57 - 2013-06-03 23:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 05:57 - 2013-05-06 01:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-10 05:57 - 2013-05-05 23:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 05:56 - 2013-06-04 22:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-10 05:56 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 05:56 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
126

==================== One Month Modified Files and Folders =======

2013-08-05 08:30 - 2013-08-05 08:30 - 00000000 ____D C:\FRST
2013-08-04 12:50 - 2013-08-04 12:50 - 00000477 _____ C:\Users\Kelly\Desktop\aswMBR.txt
2013-08-04 12:40 - 2011-10-15 01:26 - 02052807 _____ C:\Windows\WindowsUpdate.log
2013-08-04 12:37 - 2013-08-04 11:42 - 04745728 _____ (AVAST Software) C:\Users\Kelly\Downloads\aswMBR.exe
2013-08-04 12:33 - 2012-04-24 09:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-04 12:14 - 2013-08-04 08:04 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-04 11:15 - 2013-08-04 11:15 - 00015939 _____ C:\Users\Kelly\Desktop\dds.txt
2013-08-04 11:15 - 2013-08-04 11:15 - 00010917 _____ C:\Users\Kelly\Desktop\attach.txt
2013-08-04 08:58 - 2013-08-04 08:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-04 08:39 - 2009-07-14 00:13 - 00779788 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-04 08:14 - 2013-08-04 08:04 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-04 08:09 - 2013-08-04 08:04 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-04 08:09 - 2013-08-04 08:04 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-04 08:05 - 2013-08-04 08:05 - 00002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-04 08:05 - 2013-08-04 08:05 - 00002261 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2013-08-04 08:05 - 2013-08-04 08:04 - 00000000 ____D C:\Users\Kelly\AppData\Local\Google
2013-08-04 08:05 - 2013-08-04 08:04 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-04 08:04 - 2013-08-04 08:04 - 00003584 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 74bea932-c441-4bc5-8f67-d41e98b5ebc2
2013-08-04 08:04 - 2013-08-04 08:04 - 00003510 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 032753cb-4702-4af1-a5bb-ae4f6d1a0310
2013-08-04 08:04 - 2013-08-04 08:04 - 00001770 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-08-04 08:04 - 2013-08-04 08:04 - 00001770 _____ C:\ProgramData\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-08-04 08:04 - 2013-08-04 08:04 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 74bea932-c441-4bc5-8f67-d41e98b5ebc2.job
2013-08-04 08:04 - 2013-08-04 08:04 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 032753cb-4702-4af1-a5bb-ae4f6d1a0310.job
2013-08-04 08:04 - 2013-08-04 08:04 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\SUPERAntiSpyware.com
2013-08-04 08:04 - 2013-08-04 08:03 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-04 08:03 - 2013-08-04 08:03 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-08-04 07:28 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-04 07:28 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-04 07:17 - 2013-08-01 09:07 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Apple Computer
2013-08-03 17:00 - 2012-09-25 07:57 - 00000466 _____ C:\Windows\Tasks\ParetoLogic Registration.job
2013-08-03 14:58 - 2013-08-03 14:58 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-03 13:58 - 2013-08-03 13:58 - 00000660 _____ C:\Users\Kelly\Desktop\HitmanPro_x64 - Shortcut.lnk
2013-08-03 13:54 - 2013-08-03 13:54 - 00000673 _____ C:\Users\Kelly\Desktop\tdsskiller - Shortcut (2).lnk
2013-08-03 13:26 - 2013-08-03 13:26 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-08-03 13:05 - 2013-08-03 13:05 - 00000000 ____D C:\Users\Kelly\AppData\Local\Apple Computer
2013-08-03 13:05 - 2012-01-06 18:33 - 00000000 ____D C:\ProgramData\Apple Computer
2013-08-03 12:35 - 2013-08-03 12:35 - 00000639 _____ C:\Users\Kelly\Desktop\tdsskiller - Shortcut.lnk
2013-08-03 12:21 - 2013-08-03 12:21 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Macromedia
2013-08-03 11:42 - 2012-07-02 09:16 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-03 11:42 - 2012-07-02 09:16 - 00001115 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-03 11:42 - 2012-07-02 09:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-03 10:57 - 2013-08-03 10:57 - 00000548 _____ C:\Users\Kelly\Desktop\Emsisoft Emergency Kit.lnk
2013-08-03 10:57 - 2013-08-03 10:57 - 00000000 ____D C:\EEK
2013-08-03 10:56 - 2012-06-27 07:01 - 00012622 _____ C:\Windows\setupact.log
2013-08-03 10:05 - 2013-08-03 10:05 - 00002174 _____ C:\Users\Kelly\Desktop\Rkill notepad.txt
2013-08-03 10:04 - 2013-08-03 10:01 - 00002174 _____ C:\Users\Kelly\Desktop\Rkill.txt
2013-08-03 09:19 - 2013-08-03 09:19 - 00074856 _____ C:\Users\Kelly\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-03 09:02 - 2011-10-15 02:06 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-08-03 09:02 - 2011-10-15 02:06 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-08-03 08:47 - 2011-10-15 01:41 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-08-03 08:32 - 2013-08-03 08:32 - 00000000 ____D C:\Users\Kelly\AppData\Local\Apple
2013-08-03 08:32 - 2013-08-03 08:32 - 00000000 ____D C:\ProgramData\VirtualizedApplications
2013-08-03 08:22 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-01 14:36 - 2013-08-01 14:36 - 00000478 _____ C:\Users\Public\Desktop\Emergency Backup.lnk
2013-08-01 14:36 - 2013-08-01 14:36 - 00000478 _____ C:\ProgramData\Desktop\Emergency Backup.lnk
2013-08-01 14:36 - 2013-07-31 13:05 - 00000000 ____D C:\Emergency
2013-08-01 14:35 - 2011-12-16 12:54 - 00000000 ____D C:\users\Kelly
2013-08-01 12:00 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-01 11:58 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media
2013-08-01 11:55 - 2012-06-26 20:02 - 00000000 ____D C:\Windows\Minidump
2013-08-01 11:53 - 2010-11-21 02:16 - 00000000 ____D C:\Windows\ShellNew
2013-08-01 11:53 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2013-08-01 11:53 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-08-01 11:53 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\addins
2013-08-01 11:53 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-08-01 11:53 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-08-01 11:53 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-08-01 11:53 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-01 11:53 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-08-01 11:53 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-08-01 11:53 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-08-01 11:53 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-08-01 11:53 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\TAPI
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\uk-UA
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\th-TH
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sppui
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sl-SI
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ro-RO
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Recovery
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ras
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\icsxml
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\hr-HR
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\com
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\bg-BG
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\uk-UA
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\th-TH
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sysprep
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sr-Latn-CS
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sppui
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sl-SI
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sk-SK
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Setup
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ro-RO
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ras
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\oobe
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Msdtc
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\manifeststore
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\lv-LV
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\lt-LT
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\icsxml
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ias
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\hr-HR
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\he-IL
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\et-EE
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Dism
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\com
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\bg-BG
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ar-SA
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\servicing
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\L2Schemas
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\IME
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Cursors
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-08-01 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Services
2013-08-01 11:50 - 2011-10-15 01:28 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-08-01 11:50 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\SysWOW64\winrm
2013-08-01 11:50 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\SysWOW64\WCN
2013-08-01 11:50 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2013-08-01 11:50 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2013-08-01 11:50 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2013-08-01 11:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\spp
2013-08-01 11:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Speech
2013-08-01 11:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\NetworkList
2013-08-01 11:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2013-08-01 11:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Msdtc
2013-08-01 11:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\IME
2013-08-01 11:49 - 2012-02-13 08:34 - 00000000 ____D C:\Windows\System32\Macromed
2013-08-01 11:49 - 2012-01-06 18:33 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2013-08-01 11:49 - 2011-12-17 12:23 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-08-01 11:49 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\System32\winrm
2013-08-01 11:49 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\System32\WCN
2013-08-01 11:49 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\System32\slmgr
2013-08-01 11:49 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2013-08-01 11:49 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\WindowsPowerShell
2013-08-01 11:49 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\restore
2013-08-01 11:49 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Performance
2013-08-01 11:49 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-08-01 11:49 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\Setup
2013-08-01 11:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\spp
2013-08-01 11:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\spool
2013-08-01 11:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Speech
2013-08-01 11:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\SMI
2013-08-01 11:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NetworkList
2013-08-01 11:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF
2013-08-01 11:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\MUI
2013-08-01 11:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\IME
2013-08-01 11:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Speech
2013-08-01 11:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\security
2013-08-01 11:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\schemas
2013-08-01 11:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Resources
2013-08-01 11:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PLA
2013-08-01 11:48 - 2013-07-31 09:37 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-01 11:48 - 2013-07-14 14:11 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\SanDisk
2013-08-01 11:48 - 2013-07-14 12:48 - 00000000 ____D C:\Program Files (x86)\OverDrive Media Console
2013-08-01 11:48 - 2013-06-09 10:20 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-01 11:48 - 2013-06-09 10:20 - 00000000 ____D C:\Program Files\iTunes
2013-08-01 11:48 - 2013-06-09 10:20 - 00000000 ____D C:\Program Files\iPod
2013-08-01 11:48 - 2013-06-09 10:20 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-01 11:48 - 2013-06-09 10:17 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-08-01 11:48 - 2013-05-17 07:46 - 00000000 ____D C:\Program Files\AVAST Software
2013-08-01 11:48 - 2013-03-18 08:01 - 00000000 ____D C:\Users\Kelly\AppData\Local\HP
2013-08-01 11:48 - 2013-03-18 08:01 - 00000000 ____D C:\ProgramData\HP
2013-08-01 11:48 - 2013-02-18 13:02 - 00000000 ____D C:\ProgramData\3AEBC5F1A44E322500003AEB8B0B3743
2013-08-01 11:48 - 2013-01-29 18:40 - 00000000 ___RD C:\Users\Kelly\Desktop\Iphone 1-29-13
2013-08-01 11:48 - 2012-09-25 07:56 - 00000000 ____D C:\ProgramData\Cached Installations
2013-08-01 11:48 - 2012-09-05 02:01 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Skype
2013-08-01 11:48 - 2012-07-02 09:16 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Malwarebytes
2013-08-01 11:48 - 2012-07-02 09:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-01 11:48 - 2012-04-24 15:43 - 00000000 ____D C:\ProgramData\Virtualized Applications
2013-08-01 11:48 - 2012-04-24 10:31 - 00000000 ____D C:\Program Files (x86)\DownloadXCtrl.com
2013-08-01 11:48 - 2012-04-16 14:58 - 00000000 ____D C:\Windows\ERDNT
2013-08-01 11:48 - 2012-04-16 14:58 - 00000000 ____D C:\Qoobox
2013-08-01 11:48 - 2012-03-21 17:34 - 00000000 ____D C:\Program Files (x86)\Coupons
2013-08-01 11:48 - 2012-02-02 10:47 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\IObit
2013-08-01 11:48 - 2012-02-02 10:47 - 00000000 ____D C:\ProgramData\IObit
2013-08-01 11:48 - 2012-02-02 10:47 - 00000000 ____D C:\Program Files (x86)\IObit
2013-08-01 11:48 - 2012-02-01 03:17 - 00000000 ____D C:\found.000
2013-08-01 11:48 - 2012-01-21 12:51 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Macrovision
2013-08-01 11:48 - 2012-01-08 14:46 - 00000000 ___SD C:\Users\Kelly\Documents\My Data Sources
2013-08-01 11:48 - 2012-01-06 18:33 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-08-01 11:48 - 2012-01-06 18:32 - 00000000 ____D C:\ProgramData\Apple
2013-08-01 11:48 - 2012-01-06 18:32 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-01 11:48 - 2012-01-06 18:32 - 00000000 ____D C:\Program Files\Bonjour
2013-08-01 11:48 - 2012-01-06 18:32 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-08-01 11:48 - 2012-01-02 10:44 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-01 11:48 - 2011-12-17 12:24 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\SoftGrid Client
2013-08-01 11:48 - 2011-12-17 12:23 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-01 11:48 - 2011-12-17 12:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-08-01 11:48 - 2011-12-16 13:03 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Adobe
2013-08-01 11:48 - 2011-12-16 12:58 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Roxio
2013-08-01 11:48 - 2011-12-16 12:57 - 00000000 ____D C:\Users\Kelly\AppData\Local\VirtualStore
2013-08-01 11:48 - 2011-10-15 03:23 - 00000000 ____D C:\Program Files\CONEXANT
2013-08-01 11:48 - 2011-10-15 03:09 - 00000000 ___RD C:\Users\Default\Desktop\Play Games
2013-08-01 11:48 - 2011-10-15 03:09 - 00000000 ___RD C:\Users\Default User\Desktop\Play Games
2013-08-01 11:48 - 2011-10-15 03:09 - 00000000 ____D C:\Program Files\Dell Games Folder
2013-08-01 11:48 - 2011-10-15 02:00 - 00000000 ____D C:\Program Files\Roxio
2013-08-01 11:48 - 2011-10-15 01:55 - 00000000 ____D C:\ProgramData\Adobe
2013-08-01 11:48 - 2011-10-15 01:54 - 00000000 ____D C:\Program Files (x86)\TrustedID
2013-08-01 11:48 - 2011-10-15 01:54 - 00000000 ____D C:\Program Files (x86)\Jagex
2013-08-01 11:48 - 2011-10-15 01:51 - 00000000 ____D C:\Program Files (x86)\System Registration
2013-08-01 11:48 - 2011-10-15 01:50 - 00000000 ____D C:\Windows\en
2013-08-01 11:48 - 2011-10-15 01:49 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-08-01 11:48 - 2011-10-15 01:48 - 00000000 ____D C:\Program Files\Windows Live
2013-08-01 11:48 - 2011-10-15 01:45 - 00000000 ____D C:\Program Files (x86)\Cyberlink
2013-08-01 11:48 - 2011-10-15 01:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-08-01 11:48 - 2011-10-15 01:43 - 00000000 ____D C:\Program Files (x86)\eBay
2013-08-01 11:48 - 2011-10-15 01:42 - 00000000 ____D C:\ProgramData\Skype
2013-08-01 11:48 - 2011-10-15 01:37 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2013-08-01 11:48 - 2011-10-15 01:35 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-08-01 11:48 - 2011-10-15 01:28 - 00000000 ____D C:\Program Files\Dell Inc
2013-08-01 11:48 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-08-01 11:48 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\MSBuild
2013-08-01 11:48 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Microsoft Games
2013-08-01 11:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help
2013-08-01 11:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Globalization
2013-08-01 11:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Branding
2013-08-01 11:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-08-01 11:48 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Windows NT
2013-08-01 11:48 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-01 11:48 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2013-08-01 11:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-08-01 11:27 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Web
2013-08-01 11:27 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Vss
2013-08-01 11:11 - 2011-12-16 12:58 - 00000000 ____D C:\Users\Kelly\AppData\Local\Dell
2013-08-01 11:11 - 2011-10-15 02:02 - 00000000 ____D C:\ProgramData\Uninstall
2013-08-01 11:11 - 2009-07-13 22:20 - 00000000 ____D C:\users\Default
2013-08-01 11:10 - 2011-10-15 03:16 - 00000000 ____D C:\ProgramData\dell
2013-08-01 11:10 - 2011-10-15 01:57 - 00000000 ____D C:\ProgramData\Macrovision
2013-08-01 11:10 - 2011-10-15 01:52 - 00000000 ____D C:\ProgramData\McAfee
2013-08-01 11:10 - 2011-10-15 01:35 - 00000000 ____D C:\Program Files\Java
2013-08-01 11:10 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2013-08-01 11:09 - 2011-10-15 03:23 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-08-01 11:09 - 2011-10-15 01:57 - 00000000 ____D C:\Program Files (x86)\Roxio
2013-08-01 11:09 - 2011-10-15 01:50 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-08-01 11:09 - 2011-10-15 01:37 - 00000000 ____D C:\Program Files (x86)\WildTangent
2013-08-01 11:09 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-08-01 11:09 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-08-01 11:08 - 2011-10-15 03:23 - 00000000 ____D C:\Program Files (x86)\Intel
2013-08-01 11:08 - 2011-10-15 01:46 - 00000000 ____D C:\Program Files (x86)\Dell Stage
2013-08-01 11:08 - 2011-10-15 01:45 - 00000000 ____D C:\Program Files (x86)\Dell
2013-08-01 11:08 - 2011-10-15 01:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-01 11:08 - 2011-10-15 01:35 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-01 11:07 - 2012-05-11 09:30 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-01 11:07 - 2012-01-02 09:48 - 00000000 __RHD C:\MSOCache
2013-08-01 11:07 - 2011-02-10 09:01 - 00000000 ____D C:\dell
2013-08-01 09:08 - 2013-08-01 09:08 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Dell Touch Zone
2013-08-01 09:08 - 2013-08-01 09:08 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Dell
2013-08-01 09:08 - 2011-10-15 01:59 - 00000000 ____D C:\ProgramData\Sonic
2013-08-01 09:07 - 2013-08-01 09:07 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Leadertech
2013-07-31 14:40 - 2011-02-10 09:02 - 00000000 ____D C:\Hotfix
2013-07-31 14:39 - 2011-10-15 01:52 - 00000000 ____D C:\Program Files\mcafee
2013-07-31 14:39 - 2011-10-15 01:52 - 00000000 ____D C:\Program Files\Dell Support Center
2013-07-31 14:39 - 2011-10-15 01:52 - 00000000 ____D C:\Program Files\Common Files\mcafee
2013-07-31 14:39 - 2011-10-15 01:52 - 00000000 ____D C:\Program Files (x86)\mcafee.com
2013-07-31 14:39 - 2011-10-15 01:52 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-07-31 14:39 - 2011-10-15 01:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-31 14:39 - 2011-10-15 01:43 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-31 14:39 - 2011-10-15 01:37 - 00000000 ____D C:\ProgramData\WildTangent
2013-07-31 14:39 - 2010-11-21 02:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-31 14:39 - 2010-11-20 21:50 - 00000000 ____D C:\users\Administrator
2013-07-31 14:06 - 2013-07-31 14:06 - 00000000 ____D C:\Users\Kelly\AppData\Local\SoftThinks
2013-07-31 14:05 - 2013-07-31 14:05 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-31 10:18 - 2013-07-31 09:37 - 00032000 _____ C:\Windows\System32\Drivers\hitmanpro37.sys
2013-07-31 10:18 - 2013-07-31 09:37 - 00001783 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-07-31 10:18 - 2013-07-31 09:37 - 00001783 _____ C:\ProgramData\Desktop\HitmanPro.lnk
2013-07-31 09:41 - 2013-07-31 09:41 - 00001402 _____ C:\Windows\System32\HitmanPro_20130731_1041.log
2013-07-14 12:48 - 2013-07-14 12:48 - 00002519 _____ C:\Users\Public\Desktop\OverDrive Media Console.lnk
2013-07-14 12:48 - 2013-07-14 12:48 - 00002519 _____ C:\ProgramData\Desktop\OverDrive Media Console.lnk
2013-07-11 02:24 - 2009-07-13 23:45 - 00322280 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-11 02:05 - 2012-06-26 20:36 - 00000215 _____ C:\Windows\System32\MRT.INI
2013-07-11 02:04 - 2012-04-24 14:57 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-08-04 05:44:42
Restore point made on: 2013-08-04 05:48:17

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8104.63 MB
Available physical RAM: 7284.35 MB
Total Pagefile: 8102.83 MB
Available Pagefile: 7303.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:837.18 GB) NTFS (Disk=0 Partition=3)
Drive e: (RECOVERY) (Fixed) (Total:14.81 GB) (Free:6.25 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive e: detected.
Drive g: (HITMANPRO) (Removable) (Total:0.05 GB) (Free:0.01 GB) FAT32 (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 7EE81D5A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=917 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 60 MB) (Disk ID: 5EE7CD37)
Partition 1: (Active) - (Size=55 MB) - (Type=0B)

LastRegBack: 2013-08-03 09:43

==================== End Of Log ============================



#12 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:17 AM

Posted 06 August 2013 - 09:10 PM

Hi,

 

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt 
 

TDL4: custom:26000022 <===== ATTENTION!

 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
On Vista or Windows 7: Now please enter System Recovery Options.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
----------
 
Once complete, try to boot to your system normally and if you can let me know and also post the log that was made.   :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#13 awhitesoxfan

awhitesoxfan
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 07 August 2013 - 07:47 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-08-2013
Ran by SYSTEM at 2013-08-07 08:15:34 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

The operation completed successfully.
The operation completed successfully.

==== End of Fixlog ====

 

Infected computer boot successful

 

AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
[07/28/2012 15:44.38.565] WudfCoInstaller: ReadWdfSection: Checking WdfSection [MTP.NT.Wdf]

[07/28/2012 15:44.38.588] WudfCoInstaller: UMDF Service WpdMtpDriver is already installed - removing existing settings in preparation for setting new ones.

[07/28/2012 15:44.38.613] WudfCoInstaller: Configuring UMDF Service WpdMtpDriver.

[07/28/2012 15:44.38.632] WudfCoInstaller: KernelModeClientPolicy set to 1

[07/28/2012 15:44.38.644] WudfCoInstaller: Using "Win7" service configuration

[07/28/2012 15:44.38.997] WudfCoInstaller: Service WudfSvc is already running.

[07/28/2012 15:44.39.020] WudfCoInstaller: Final status: error(0) The operation completed successfully.

[07/28/2012 15:44.39.925] WudfCoInstaller: Created marker file C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf.

AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
Input Install: Not a PS2 device.
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
[06/09/2013 10:01.34.375] WudfCoInstaller: ReadWdfSection: Checking WdfSection [Basic_Install.Wdf]

[06/09/2013 10:01.34.422] WudfCoInstaller: UMDF Service WpdFs is already installed - removing existing settings in preparation for setting new ones.

[06/09/2013 10:01.34.437] WudfCoInstaller: Configuring UMDF Service WpdFs.

[06/09/2013 10:01.34.453] WudfCoInstaller: ImpersonationLevel set to 2

[06/09/2013 10:01.34.484] WudfCoInstaller: Using "Win7" service configuration

[06/09/2013 10:01.34.781] WudfCoInstaller: Service WudfSvc is already running.

[06/09/2013 10:01.34.812] WudfCoInstaller: Final status: error(0) The operation completed successfully.

[06/09/2013 10:01.35.108] WudfCoInstaller: Created marker file C:\Windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf.

AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
[08/03/2013 11:56.08.191] WudfCoInstaller: ReadWdfSection: Checking WdfSection [Basic_Install.Wdf]

[08/03/2013 11:56.08.488] WudfCoInstaller: UMDF Service WpdFs is already installed - removing existing settings in preparation for setting new ones.

[08/03/2013 11:56.08.519] WudfCoInstaller: Configuring UMDF Service WpdFs.

[08/03/2013 11:56.08.581] WudfCoInstaller: ImpersonationLevel set to 2

[08/03/2013 11:56.08.597] WudfCoInstaller: Using "Win7" service configuration

[08/03/2013 11:56.09.127] WudfCoInstaller: Service WudfSvc is already running.

[08/03/2013 11:56.09.143] WudfCoInstaller: Final status: error(0) The operation completed successfully.

[08/03/2013 11:56.09.580] WudfCoInstaller: Created marker file C:\Windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf.

AudMig: No audio endpoint migration settings found 0x2

6/28/2012 7:8:13 - PFRO Error: \??\C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100, |delete operation|, 0xc0000034
6/28/2012 7:8:13 - PFRO Error: \??\C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642, |delete operation|, 0xc0000034
6/28/2012 7:8:13 - PFRO Error: \??\C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100, |delete operation|, 0xc0000034
6/28/2012 7:8:13 - PFRO Error: \??\C:\Program Files (x86)\Google, |delete operation|, 0xc0000101
6/28/2012 7:8:13 - 17 Successful PFRO operations

7/2/2012 10:19:12 - PFRO Error: \??\C:\Windows\svchost.exe, |delete operation|, 0xc0000034
7/2/2012 10:19:12 - 0 Successful PFRO operations

7/4/2012 11:3:37 - PFRO Error: \??\C:\ProgramData\Microsoft\Windows\DRM\B236.tmp, |delete operation|, 0xc0000034
7/4/2012 11:3:37 - PFRO Error: \??\C:\ProgramData\Microsoft\Windows\DRM\B237.tmp, |delete operation|, 0xc0000034
7/4/2012 11:3:37 - PFRO Error: \??\C:\TDSSKiller_Quarantine\27.06.2012_08.31.04\mbr0000\tdlfs0000\tsk0000.dta, |delete operation|, 0xc0000034
7/4/2012 11:3:37 - 0 Successful PFRO operations

9/14/2012 9:34:56 - PFRO Error: \??\C:\Users\Kelly\AppData\Local\Temp\rnGcgOU2ve6kj3.exe.tmp, |delete operation|, 0xc0000034
9/14/2012 9:34:57 - 0 Successful PFRO operations

2/18/2013 13:11:55 - PFRO Error: \??\C:\Users\Kelly\AppData\Local\Temp\3496216.exe, |delete operation|, 0xc0000034
2/18/2013 13:11:55 - PFRO Error: \??\C:\Users\Kelly\AppData\Local\Temp\3500771.exe, |delete operation|, 0xc0000034
2/18/2013 13:11:55 - PFRO Error: \??\C:\ProgramData\3AEBC5F1A44E322500003AEB8B0B3743\3AEBC5F1A44E322500003AEB8B0B3743.exe, |delete operation|, 0xc0000034
2/18/2013 13:11:55 - 1 Successful PFRO operations

2/18/2013 13:52:28 - PFRO Error: \??\C:\Users\Kelly\7544730.dll, |delete operation|, 0xc0000034
2/18/2013 13:52:28 - PFRO Error: \??\C:\Users\Kelly\AppData\Local\Temp\msimg32.dll, |delete operation|, 0xc0000034
2/18/2013 13:52:28 - PFRO Error: \??\C:\Users\Kelly\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\7b2e6669-653c5694, |delete operation|, 0xc0000034
2/18/2013 13:52:28 - PFRO Error: \??\C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Antivirus Professional\Disk Antivirus Professional.lnk, |delete operation|, 0xc000003a
2/18/2013 13:52:28 - PFRO Error: \??\C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Antivirus Professional, |delete operation|, 0xc0000034
2/18/2013 13:52:28 - 1 Successful PFRO operations

3/10/2013 10:41:25 - PFRO Error: \??\C:\Qoobox\Quarantine\C\MoveEx_test0123.vir, |delete operation|, 0xc0000034
3/10/2013 10:41:25 - PFRO Error: \??\C:\test0123, \??\C:\Qoobox\Quarantine\C\MoveEx_test0123.vir, 0xc0000034
3/10/2013 10:41:25 - 0 Successful PFRO operations

3/21/2013 3:16:26 - PFRO Error: \??\C:\Windows\system32\spool\DRIVERS\x64\3\New\UNIDRV.HLP, \??\C:\Windows\system32\spool\DRIVERS\x64\3\UNIDRV.HLP, 0xc000003a
3/21/2013 3:16:26 - PFRO Error: \??\C:\Windows\system32\spool\DRIVERS\x64\3\New\stdnames.gpd, \??\C:\Windows\system32\spool\DRIVERS\x64\3\stdnames.gpd, 0xc000003a
3/21/2013 3:16:26 - 8 Successful PFRO operations

4/1/2013 11:3:27 - PFRO Error: \??\C:\$RECYCLE.BIN\S-1-5-21-1516825088-1274677829-3743631576-1000\$4bd386988312fd78fec74ecc5af48139\n, |delete operation|, 0xc0000034
4/1/2013 11:3:27 - 0 Successful PFRO operations

4/7/2013 8:57:25 - PFRO Error: \??\C:\Users\Kelly\AppData\Local\Temp\taskmanger.exe, |delete operation|, 0xc0000034
4/7/2013 8:57:25 - 0 Successful PFRO operations

4/8/2013 12:16:44 - PFRO Error: \??\C:\Users\Kelly\AppData\Local\Temp\msimg32.dll, |delete operation|, 0xc0000034
4/8/2013 12:16:44 - 3 Successful PFRO operations

4/12/2013 16:7:22 - PFRO Error: \??\C:\$RECYCLE.BIN\S-1-5-18\$4bd386988312fd78fec74ecc5af48139\U\00000001.@, |delete operation|, 0xc0000034
4/12/2013 16:7:22 - PFRO Error: \??\C:\$RECYCLE.BIN\S-1-5-18\$4bd386988312fd78fec74ecc5af48139\U\80000000.@, |delete operation|, 0xc0000034
4/12/2013 16:7:22 - PFRO Error: \??\C:\$RECYCLE.BIN\S-1-5-18\$4bd386988312fd78fec74ecc5af48139\U\800000cb.@, |delete operation|, 0xc0000034
4/12/2013 16:7:23 - PFRO Error: \??\C:\Users\Kelly\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\3681694d-68de39d8, |delete operation|, 0xc0000034
4/12/2013 16:7:23 - 0 Successful PFRO operations

4/17/2013 10:52:32 - PFRO Error: \??\C:\Users\Kelly\AppData\Local\Temp\472E.tmp, |delete operation|, 0xc0000034
4/17/2013 10:52:32 - 1 Successful PFRO operations

5/17/2013 14:14:5 - PFRO Error: \??\C:\Program Files (x86)\Google\Chrome, |delete operation|, 0xc0000034
5/17/2013 14:14:5 - PFRO Error: \??\C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002, |delete operation|, 0xc0000101
5/17/2013 14:14:5 - PFRO Error: \??\C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002, |delete operation|, 0xc0000034
5/17/2013 14:14:5 - PFRO Error: \??\C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002, |delete operation|, 0xc0000034
5/17/2013 14:14:5 - PFRO Error: \??\C:\Program Files (x86)\Google, |delete operation|, 0xc0000101
5/17/2013 14:14:5 - PFRO Error: \??\C:\Program Files (x86)\Google\Update\1.3.21.123, |delete operation|, 0xc000003a
5/17/2013 14:14:5 - 17 Successful PFRO operations

5/24/2013 8:11:40 - PFRO Error: \??\C:\Qoobox\Quarantine\C\MoveEx_test0123.vir, |delete operation|, 0xc0000034
5/24/2013 8:11:40 - PFRO Error: \??\C:\test0123, \??\C:\Qoobox\Quarantine\C\MoveEx_test0123.vir, 0xc0000034
5/24/2013 8:11:40 - 0 Successful PFRO operations

5/24/2013 9:16:30 - PFRO Error: \??\C:\PROGRA~1\AVASTS~1\Avast\Setup\AVAST~1.SE~, |delete operation|, 0xc0000034
5/24/2013 9:16:30 - PFRO Error: \??\C:\PROGRA~1\AVASTS~1\Avast\Setup, |delete operation|, 0xc0000101
5/24/2013 9:16:30 - PFRO Error: \??\C:\PROGRA~1\AVASTS~1\Avast, |delete operation|, 0xc0000101
5/24/2013 9:16:30 - 48 Successful PFRO operations

5/26/2013 11:38:51 - PFRO Error: \??\C:\Users\Kelly\AppData\Local\Temp\ixehnex, |delete operation|, 0xc0000034
5/26/2013 11:38:51 - PFRO Error: \??\C:\Users\Kelly\AppData\Local\Temp\msimg32.dll, |delete operation|, 0xc0000034
5/26/2013 11:38:51 - 1 Successful PFRO operations

5/29/2013 13:3:19 - PFRO Error: \??\C:\$RECYCLE.BIN\S-1-5-21-1516825088-1274677829-3743631576-1000\$4bd386988312fd78fec74ecc5af48139\U\00000004.@, |delete operation|, 0xc0000034
5/29/2013 13:3:19 - PFRO Error: \??\C:\$RECYCLE.BIN\S-1-5-21-1516825088-1274677829-3743631576-1000\$4bd386988312fd78fec74ecc5af48139\U\00000008.@, |delete operation|, 0xc0000034
5/29/2013 13:3:19 - PFRO Error: \??\C:\$RECYCLE.BIN\S-1-5-21-1516825088-1274677829-3743631576-1000\$4bd386988312fd78fec74ecc5af48139\U\000000cb.@, |delete operation|, 0xc0000034
5/29/2013 13:3:19 - PFRO Error: \??\C:\$RECYCLE.BIN\S-1-5-21-1516825088-1274677829-3743631576-1000\$4bd386988312fd78fec74ecc5af48139\U\80000000.@, |delete operation|, 0xc0000034
5/29/2013 13:3:19 - PFRO Error: \??\C:\$RECYCLE.BIN\S-1-5-21-1516825088-1274677829-3743631576-1000\$4bd386988312fd78fec74ecc5af48139\U\80000064.@, |delete operation|, 0xc0000034
5/29/2013 13:3:19 - 0 Successful PFRO operations

6/25/2013 10:57:53 - PFRO Error: \??\C:\Users\Kelly\AppData\Local\Temp\msimg32.dll, |delete operation|, 0xc0000034
6/25/2013 10:57:53 - PFRO Error: \??\C:\Users\Kelly\AppData\Local\Temp\raircek, |delete operation|, 0xc0000034
6/25/2013 10:57:53 - 1 Successful PFRO operations

8/7/2013 8:24:17 - PFRO Error: \??\C:\Program Files (x86)\Google\Chrome, |delete operation|, 0xc0000101
8/7/2013 8:24:17 - 2 Successful PFRO operations



#14 awhitesoxfan

awhitesoxfan
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 07 August 2013 - 07:51 AM

Infected Computer boot successful

DAT File Bootstat.dat will not open

#15 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:17 AM

Posted 07 August 2013 - 08:06 AM

Ok there is a lot going on here.  Just to clarify....are you able to boot to the infected system now?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users