Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

zero access rootkit


  • This topic is locked This topic is locked
26 replies to this topic

#1 traceygl

traceygl

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 08 August 2013 - 08:42 AM

two days ago my bullguard anti virus stopped many trojans with several different names from running on my computer. I did a full system scan which found nothing

then I used malwarebytes which also found nothing but still my antivirus was stopping several viruses daily

I downloaded rkill and got the message

*ALERT: ZEROACCESS rootkit symptoms found!

C\Windows\assembly\GAC\Desktop.ini [ZA FILE]

I have tried several programs to get rid of it but most dont even detect it can anyone help. I have tried the following

mcafee rootkit remover

ADW cleaner

Tdss killer

I have also been getting random cmd windows pop up its pretty fast before it disappears but it said something about taskeng.exe. My firewall is being disabled all the time too i re-enable then its disabled again

I am running windows 7

I posted earlier here

and was given directions to follow to post here

 

 

i have now managed to run dds and logs are attached thx

Attached Files


Edited by traceygl, 08 August 2013 - 01:14 PM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:49 AM

Posted 08 August 2013 - 05:25 PM

Hello traceygl,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

Do you have a USB Flash drive you can use?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 traceygl

traceygl
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 09 August 2013 - 02:22 AM

i do not have a usb flash drive but i do have an external hard drive if thats any use. If a flash drive is necessary I could probably get one from somewhere just may take a little longer


Edited by traceygl, 09 August 2013 - 02:40 AM.


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:49 AM

Posted 09 August 2013 - 10:14 PM

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 traceygl

traceygl
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 10 August 2013 - 02:33 AM

Thank you here is the log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-08-2013
Ran by SYSTEM on 10-08-2013 08:24:22
Running from G:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7866912 2009-11-10] (Realtek Semiconductor)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [HostManager] - C:\Program Files\Common Files\AOL\1293535607\ee\AOLSoftware.exe [42032 2007-05-25] (AOL LLC)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-25] (CANON INC.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Dropsend Direct beta] -  [x]
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [BullGuard] - C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [852832 2013-06-11] (BullGuard Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Conime] - %windir%\system32\conime.exe [x]
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-01] ()
HKLM\...\Run: [Monitor] - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [298376 2012-09-28] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-01] (Research In Motion Limited)
HKLM\...\Run: [EKStatusMonitor] - C:\PROGRAM FILES\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe [2844608 2012-10-15] (Eastman Kodak Company)
HKLM\...\Run: [BullGuardUpdate2] - c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [1879392 2013-06-11] (BullGuard Ltd.)
HKLM\...\Run: [MemoryMangerExi] - C:\Windows\diskediag.exe [3440128 2013-05-13] (GP Systems Integration)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM\...\Run: [nbthostmonitor] - C:\Program Files\HostMonitor\nbthostmonitor.exe [x]
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer [155648 2012-08-14] ()
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer [90112 2012-11-07] ()
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer [66048 2012-11-07] ()
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer [335872 2012-11-07] ()
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer [1110016 2012-11-07] ()
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\Guest\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [ 2013-04-30] (Apple Inc.)
HKU\tracey\...\Run: [uTorrent] - C:\Program Files\uTorrent\uTorrent.exe [ 2013-06-14] (BitTorrent Inc.)
HKU\tracey\...\Run: [AdobeBridge] - C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe [ 2010-03-08] (Adobe Systems, Inc.)
HKU\tracey\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2012-03-08] (Microsoft Corporation)
HKU\tracey\...\Run: [KiesHelper] - C:\Program Files\Samsung\Kies\KiesHelper.exe [ 2011-06-24] (Samsung)
HKU\tracey\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\tracey\...\Run: [Fitbit Service Monitor] - C:\Program Files\Fitbit\fitbit-tray.exe [ 2012-04-11] (Fitbit, Inc.)
HKU\tracey\...\Run: [] - C:\Users\tracey\AppData\Roaming\msiexec.exe [x]
HKU\tracey\...\Run: [Clownfish] -  [x]
HKU\tracey\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [ 2013-03-14] (Disc Soft Ltd)
HKU\tracey\...\Run: [RGSC] - C:\Program Files\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe /silent [x]
Startup: C:\Users\tracey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\tracey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

========================== Services (Whitelisted) =================

S3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
S2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [560992 2013-06-11] (BullGuard Ltd.)
S2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [330080 2013-06-11] (BullGuard Ltd.)
S2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [307552 2013-06-11] (BullGuard Ltd.)
S2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [478048 2013-06-11] (BullGuard Ltd.)
S2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [495456 2013-06-11] (BullGuard Ltd.)
S2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [259424 2013-06-11] (BullGuard Ltd.)
S2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [212832 2013-06-11] (BullGuard Ltd.)
S2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [288096 2013-06-11] (BullGuard Ltd.)
S2 Fitbit; C:\Program Files\Fitbit\fitbit.exe [770080 2012-04-11] (Fitbit, Inc.)
S3 HGULMKL; C:\Users\tracey\AppData\Local\Temp\HGULMKL.exe [375680 2013-08-07] (Sysinternals - www.sysinternals.com)
S3 JW; C:\Users\tracey\AppData\Local\Temp\JW.exe [523136 2013-08-07] (Sysinternals - www.sysinternals.com)
S3 KKULHYLMVBQ; C:\Users\tracey\AppData\Local\Temp\KKULHYLMVBQ.exe [404352 2013-08-07] (Sysinternals - www.sysinternals.com)
S2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395200 2012-10-19] (Eastman Kodak Company)
S2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [779200 2012-10-15] (Eastman Kodak Company)
S2 lxdc_device; C:\Windows\system32\lxdccoms.exe [537520 2007-05-25] ( )
S2 MagicHoldem; C:\Users\tracey\AppData\Local\MagicHoldem\MagicHoldemLauncher.exe [290392 2013-07-24] (Kessem Holdings Limited)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 OPIBS; C:\Users\tracey\AppData\Local\Temp\OPIBS.exe [453504 2013-08-07] (Sysinternals - www.sysinternals.com)
S2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-07-27] ()
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289472 2013-07-12] (Skype Technologies S.A.)
S2 Sysevnt; C:\Windows\system32\argsvc.dll [71680 2012-05-18] ()
S2 WMI_Hook_Service; C:\Program Files\msi\OSD hot keys\WMI_Hook_Service.exe [100152 2009-12-24] (MICRO-STAR INT'L,.LTD.)
S2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [113448 2009-11-23] (Wacom Technology, Corp.)
S3 FAHWB; C:\Users\tracey\AppData\Local\Temp\FAHWB.exe [x]
S2 postgresql-8.4; c:/postgreSQL/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "c:/postgreSQL/data" -w [x]

==================== Drivers (Whitelisted) ====================

S1 AFW; C:\Windows\System32\DRIVERS\afw.sys [33888 2013-04-30] (Agnitum Ltd.)
S3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [337504 2013-04-30] (Agnitum Ltd.)
S3 BdNet; C:\Windows\System32\drivers\BdNet.sys [27760 2013-04-30] (BullGuard Ltd.)
S1 BdSpy; C:\Windows\System32\DRIVERS\BdSpy.sys [64624 2013-04-30] (BullGuard Ltd.)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-03-28] (DT Soft Ltd)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [10360 2009-10-29] (Windows ® Win 7 DDK provider)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [24608 2009-06-04] (NVIDIA Corporation)
S3 NW1950; C:\Windows\System32\DRIVERS\NW1950.sys [22392 2009-10-29] ()
S3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1558368 2009-12-22] (NXP Semiconductors Germany GmbH)
S3 SIUSBXP; C:\Windows\System32\drivers\SiUSBXp.sys [21992 2012-04-02] (Silicon Laboratories)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-12-20] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-12-20] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-12-20] (MCCI Corporation)
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [100224 2010-12-20] (MCCI Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [343456 2013-04-30] (BitDefender S.R.L.)
S3 WacomVTHid; C:\Windows\System32\DRIVERS\WacomVTHid.sys [13480 2009-07-09] (Wacom Technology)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
S3 catchme; \??\C:\Users\tracey\AppData\Local\Temp\catchme.sys [x]
S3 MFE_RR; \??\C:\Users\tracey\AppData\Local\Temp\mfe_rr.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: Sysevnt -> C:\Windows\system32\argsvc.dll ()

==================== One Month Created Files and Folders ========

2013-08-09 23:14 - 2013-08-09 23:14 - 00000512 _____ C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2013-08-09 22:55 - 2013-08-09 22:55 - 00000000 ____D C:\Users\tracey\Documents\Fax
2013-08-09 22:50 - 2013-08-09 22:50 - 01230570 _____ (Farbar) C:\Users\tracey\Downloads\FRST.exe
2013-08-09 22:38 - 2013-08-09 22:38 - 00000000 ____D C:\Users\tracey\AppData\Local\{9C94870C-9F6C-4B23-B5DD-91940B32CEC0}
2013-08-09 02:01 - 2013-08-09 03:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-08 10:09 - 2013-08-08 10:10 - 00160752 _____ C:\Windows\Minidump\080813-34039-01.dmp
2013-08-08 04:53 - 2013-08-08 04:53 - 00000903 _____ C:\Users\tracey\Desktop\1.txt
2013-08-08 04:41 - 2013-08-08 04:41 - 00027768 _____ C:\Users\tracey\Desktop\dds.txt
2013-08-08 04:41 - 2013-08-08 04:41 - 00010058 _____ C:\Users\tracey\Desktop\attach.txt
2013-08-08 01:35 - 2013-08-08 01:35 - 00357143 _____ (Farbar) C:\Users\tracey\Downloads\FSS.exe.part
2013-08-08 01:34 - 2013-08-08 02:49 - 04745728 _____ (AVAST Software) C:\Users\tracey\Downloads\aswMBR(3).exe.part
2013-08-08 01:34 - 2013-08-08 02:49 - 00000000 _____ C:\Users\tracey\Downloads\aswMBR(3).exe
2013-08-08 01:33 - 2013-08-08 01:33 - 00000000 _____ C:\Users\tracey\Downloads\aswMBR(2).exe
2013-08-08 01:31 - 2013-08-08 01:31 - 00000000 _____ C:\Users\tracey\Downloads\aswMBR(1).exe
2013-08-08 01:30 - 2013-08-08 02:08 - 04745728 _____ (AVAST Software) C:\Users\tracey\Downloads\aswMBR.exe.part
2013-08-08 01:27 - 2013-08-08 01:27 - 00000000 _____ C:\Users\tracey\Downloads\imfv2-setup-for-review.exe
2013-08-08 01:07 - 2013-08-08 01:12 - 00000000 ___SD C:\32788R22FWJFW
2013-08-08 01:06 - 2013-08-08 01:07 - 05096636 ____R (Swearware) C:\Users\tracey\Downloads\download-ComboFix(1).exe
2013-08-08 01:00 - 2013-08-08 01:00 - 00154224 _____ C:\Users\tracey\Desktop\JRT.txt
2013-08-08 00:54 - 2013-08-08 00:54 - 00000000 ____D C:\Windows\ERUNT
2013-08-08 00:45 - 2013-08-08 00:46 - 00957230 _____ (Oleg N. Scherbakov) C:\Users\tracey\Downloads\JRT.exe
2013-08-08 00:37 - 2013-08-08 00:37 - 00026162 _____ C:\AdwCleaner[S1].txt
2013-08-08 00:35 - 2013-08-08 00:36 - 00025757 _____ C:\AdwCleaner[R1].txt
2013-08-08 00:34 - 2013-08-08 00:35 - 00666633 _____ C:\Users\tracey\Downloads\adwcleaner(1).exe
2013-08-08 00:27 - 2013-08-08 00:27 - 00666633 _____ C:\Users\tracey\Downloads\adwcleaner.exe
2013-08-08 00:05 - 2013-08-08 00:05 - 00377856 _____ C:\Users\tracey\Downloads\i83pvtgl.exe
2013-08-07 23:44 - 2013-08-08 02:07 - 00002186 _____ C:\Users\tracey\Desktop\Rkill.txt
2013-08-07 23:34 - 2013-08-07 23:34 - 00000000 _____ C:\Windows\System32\OFJVET
2013-08-07 23:31 - 2013-08-07 23:32 - 00000291 _____ C:\Users\tracey\Downloads\RootkitRemover20130808083144.txt
2013-08-07 23:17 - 2013-08-07 23:17 - 00000000 _____ C:\Windows\System32\TRJMKCJTJB
2013-08-07 23:14 - 2013-08-07 23:15 - 21717184 _____ (Bitdefender LLC) C:\Users\tracey\Downloads\RemovalToolUnifiedLauncher_sirefef.exe.part
2013-08-07 23:13 - 2013-08-07 23:13 - 00231390 _____ C:\Users\tracey\Downloads\RootkitRevealer.zip
2013-08-07 02:24 - 2013-08-07 02:24 - 00000000 ____D C:\ProgramData\Sophos
2013-08-07 02:17 - 2013-08-07 02:20 - 72883598 _____ (Sophos Limited) C:\Users\tracey\Downloads\Sophos Virus Removal Tool.exe
2013-08-07 01:04 - 2013-08-07 01:05 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\tracey\Downloads\tdsskiller(1).exe
2013-08-06 23:58 - 2013-08-06 23:58 - 00000000 _____ C:\Users\tracey\Downloads\tdsskiller.exe
2013-08-06 23:56 - 2013-08-07 01:00 - 00000000 ___SD C:\download-ComboFix
2013-08-06 23:56 - 2013-08-06 23:56 - 00012568 _____ (Sysinternals - www.sysinternals.com) C:\Windows\System32\Drivers\PROCEXP113.SYS
2013-08-06 23:56 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-06 23:56 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-06 23:56 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-06 23:56 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-06 23:56 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-06 23:56 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-06 23:56 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-06 23:56 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-06 23:51 - 2013-08-06 23:51 - 00000000 ____D C:\Qoobox
2013-08-06 23:50 - 2013-08-06 23:50 - 00000000 ____D C:\Windows\erdnt
2013-08-06 23:48 - 2013-08-06 23:50 - 05100713 ____R (Swearware) C:\Users\tracey\Downloads\download-ComboFix.exe
2013-08-06 23:48 - 2013-08-06 23:48 - 00488968 _____ C:\Users\tracey\Downloads\ComboFix-oc-jd.exe
2013-08-06 23:47 - 2013-08-06 23:47 - 00000000 _____ C:\Users\tracey\Downloads\ComboFix.exe
2013-08-06 23:46 - 2013-08-06 23:46 - 00666633 _____ C:\Users\tracey\Downloads\AdwCleaner.exe.part
2013-08-06 23:39 - 2013-08-06 23:40 - 00551408 _____ (McAfee, Inc.) C:\Users\tracey\Downloads\rootkitremover(1).exe
2013-08-06 23:39 - 2013-08-06 23:40 - 00000291 _____ C:\Users\tracey\Downloads\RootkitRemover20130807083958.txt
2013-08-06 23:34 - 2013-08-06 23:35 - 00551408 _____ (McAfee, Inc.) C:\Users\tracey\Downloads\rootkitremover.exe
2013-08-06 23:28 - 2013-08-06 23:29 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\tracey\Downloads\rkill.exe
2013-08-05 03:26 - 2013-08-05 03:26 - 00000000 ____D C:\Users\tracey\Downloads\NHD-BO SD Files
2013-08-05 03:15 - 2013-08-06 22:56 - 00000000 ____D C:\Program Files\CalculatemPro
2013-08-02 01:16 - 2013-08-06 22:57 - 00000000 ____D C:\Users\tracey\Downloads\PokerTracker.3.00.3.Incl.Crack
2013-08-02 01:16 - 2013-08-02 01:21 - 00000000 ____D C:\Program Files\PokerTracker 3
2013-07-30 01:43 - 2013-07-30 01:43 - 00000000 ____D C:\Users\tracey\AppData\Local\Hold'em_Manager
2013-07-30 01:40 - 2013-07-30 01:40 - 00000000 ____D C:\Users\tracey\AppData\Roaming\HEM Data
2013-07-30 01:36 - 2013-07-30 23:47 - 00000000 ____D C:\Users\tracey\AppData\Roaming\HoldemManager
2013-07-30 01:36 - 2013-07-30 03:04 - 00017710 _____ C:\Users\tracey\Downloads\install.log
2013-07-30 01:36 - 2013-07-30 01:36 - 00000000 ____D C:\ProgramData\XHEO INC
2013-07-30 01:31 - 2013-08-06 22:56 - 00000000 ____D C:\postgreSQL
2013-07-29 23:13 - 2013-07-29 23:13 - 00000776 _____ C:\Users\Public\Desktop\William Hill Poker.lnk
2013-07-29 23:13 - 2013-07-29 23:13 - 00000000 ____D C:\Poker
2013-07-29 23:12 - 2013-07-29 23:12 - 00476984 _____ (Playtech) C:\Users\tracey\Downloads\SetupPoker_92b31a_en.exe
2013-07-28 23:17 - 2013-07-28 23:17 - 00002134 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-26 11:21 - 2013-07-26 11:21 - 09078444 _____ C:\Users\tracey\Downloads\Sniper Patch -.- @ DavidVandahar.mp4
2013-07-26 11:21 - 2013-07-26 11:21 - 03669642 _____ C:\Users\tracey\Downloads\Sniper Patch -.- @ DavidVandahar.flv
2013-07-26 04:28 - 2013-08-08 23:36 - 00000000 ____D C:\Users\tracey\Documents\888poker
2013-07-26 04:28 - 2013-07-26 04:28 - 00001939 _____ C:\Users\tracey\Desktop\888poker.lnk
2013-07-26 04:28 - 2013-07-26 04:28 - 00001939 _____ C:\Users\Guest\Desktop\888poker.lnk
2013-07-26 04:27 - 2013-08-06 22:57 - 00000000 ____D C:\Users\tracey\AppData\Roaming\PacificPoker
2013-07-26 04:26 - 2013-08-06 22:56 - 00000000 ____D C:\Program Files\PacificPoker
2013-07-26 04:18 - 2013-07-26 04:19 - 00000000 ____D C:\Users\tracey\AppData\Local\Kesemoholdings_Limited
2013-07-26 04:18 - 2013-07-26 04:18 - 00001202 _____ C:\Users\tracey\Desktop\MagicHoldem.lnk
2013-07-26 04:18 - 2013-07-26 04:18 - 00000132 _____ C:\Users\tracey\AppData\Local\MagicHoldem_SettingsPath.txt
2013-07-26 04:18 - 2013-07-26 04:18 - 00000000 ____D C:\ProgramData\MagicHoldem
2013-07-26 04:17 - 2013-08-06 22:57 - 00000000 ____D C:\Users\tracey\AppData\Local\MagicHoldem
2013-07-26 04:16 - 2013-07-26 04:17 - 24278088 _____ (Kessem Holdings Limited) C:\Users\tracey\Downloads\MagicHoldem_4.1.0.898.exe
2013-07-23 23:21 - 2013-07-23 23:22 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-07-23 23:06 - 2013-07-23 23:07 - 18101248 _____ C:\Users\tracey\Downloads\AdobeFlashPlayer_11.8.800.94_NPAPI_SPS.exe
2013-07-19 02:55 - 2013-07-24 13:36 - 00000000 ____D C:\Users\tracey\AppData\Local\PokerStars
2013-07-19 02:55 - 2013-07-19 02:55 - 00000983 _____ C:\Users\tracey\Desktop\PokerStars.lnk
2013-07-19 02:54 - 2013-08-06 22:56 - 00000000 ____D C:\Program Files\PokerStars
2013-07-19 02:53 - 2013-07-19 02:53 - 24891184 _____ (PokerStars) C:\Users\tracey\Downloads\PokerStarsInstall.exe
2013-07-17 22:29 - 2013-07-17 22:30 - 01067456 _____ (Solid State Networks) C:\Users\tracey\Downloads\install_flashplayer11x32au_mssa_aaa_aih.exe
2013-07-14 05:43 - 2013-07-14 05:43 - 00026609 _____ C:\Users\tracey\Desktop\hs_err_pid6348.log
2013-07-11 12:42 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-11 12:42 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-11 12:42 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-11 12:42 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-11 12:42 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-11 12:42 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-11 12:42 - 2013-06-11 15:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-11 12:42 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-11 12:42 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-11 12:42 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-11 12:42 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-11 12:42 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-11 12:42 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-11 12:42 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-11 12:42 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-11 12:42 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-11 09:35 - 2013-07-11 09:35 - 02572277 _____ C:\Users\tracey\Downloads\mp3

==================== One Month Modified Files and Folders =======

2013-08-09 23:18 - 2011-01-19 11:49 - 00000664 _____ C:\Windows\System32\config\afw_hm.conf
2013-08-09 23:18 - 2011-01-19 11:49 - 00000004 _____ C:\Windows\System32\config\afw_db.conf
2013-08-09 23:18 - 2010-12-28 04:21 - 00000000 ____D C:\Users\tracey\AppData\Roaming\uTorrent
2013-08-09 23:18 - 2010-12-28 03:07 - 01501908 _____ C:\Windows\WindowsUpdate.log
2013-08-09 23:18 - 2010-02-25 08:20 - 00000000 ____D C:\ProgramData\BullGuard
2013-08-09 23:16 - 2012-09-27 10:10 - 00000000 ___RD C:\Users\tracey\Dropbox
2013-08-09 23:16 - 2012-09-27 10:07 - 00000000 ____D C:\Users\tracey\AppData\Roaming\Dropbox
2013-08-09 23:14 - 2013-08-09 23:14 - 00000512 _____ C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2013-08-09 23:14 - 2011-01-03 14:37 - 00000000 ____D C:\Users\tracey\Tracing
2013-08-09 23:13 - 2012-06-12 04:15 - 00000000 ____D C:\ProgramData\Kodak
2013-08-09 23:12 - 2009-07-13 20:39 - 00235311 _____ C:\Windows\setupact.log
2013-08-09 22:55 - 2013-08-09 22:55 - 00000000 ____D C:\Users\tracey\Documents\Fax
2013-08-09 22:55 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-08-09 22:54 - 2009-07-13 20:34 - 00018928 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-09 22:54 - 2009-07-13 20:34 - 00018928 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-09 22:50 - 2013-08-09 22:50 - 01230570 _____ (Farbar) C:\Users\tracey\Downloads\FRST.exe
2013-08-09 22:43 - 2010-02-22 09:21 - 00783270 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-09 22:38 - 2013-08-09 22:38 - 00000000 ____D C:\Users\tracey\AppData\Local\{9C94870C-9F6C-4B23-B5DD-91940B32CEC0}
2013-08-09 22:36 - 2012-04-25 09:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-09 03:04 - 2013-08-09 02:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-08 23:36 - 2013-07-26 04:28 - 00000000 ____D C:\Users\tracey\Documents\888poker
2013-08-08 10:10 - 2013-08-08 10:09 - 00160752 _____ C:\Windows\Minidump\080813-34039-01.dmp
2013-08-08 10:09 - 2013-05-31 05:06 - 508944688 _____ C:\Windows\MEMORY.DMP
2013-08-08 10:09 - 2013-05-31 05:06 - 00000000 ____D C:\Windows\Minidump
2013-08-08 04:53 - 2013-08-08 04:53 - 00000903 _____ C:\Users\tracey\Desktop\1.txt
2013-08-08 04:41 - 2013-08-08 04:41 - 00027768 _____ C:\Users\tracey\Desktop\dds.txt
2013-08-08 04:41 - 2013-08-08 04:41 - 00010058 _____ C:\Users\tracey\Desktop\attach.txt
2013-08-08 02:49 - 2013-08-08 01:34 - 04745728 _____ (AVAST Software) C:\Users\tracey\Downloads\aswMBR(3).exe.part
2013-08-08 02:49 - 2013-08-08 01:34 - 00000000 _____ C:\Users\tracey\Downloads\aswMBR(3).exe
2013-08-08 02:08 - 2013-08-08 01:30 - 04745728 _____ (AVAST Software) C:\Users\tracey\Downloads\aswMBR.exe.part
2013-08-08 02:07 - 2013-08-07 23:44 - 00002186 _____ C:\Users\tracey\Desktop\Rkill.txt
2013-08-08 01:35 - 2013-08-08 01:35 - 00357143 _____ (Farbar) C:\Users\tracey\Downloads\FSS.exe.part
2013-08-08 01:33 - 2013-08-08 01:33 - 00000000 _____ C:\Users\tracey\Downloads\aswMBR(2).exe
2013-08-08 01:31 - 2013-08-08 01:31 - 00000000 _____ C:\Users\tracey\Downloads\aswMBR(1).exe
2013-08-08 01:27 - 2013-08-08 01:27 - 00000000 _____ C:\Users\tracey\Downloads\imfv2-setup-for-review.exe
2013-08-08 01:17 - 2010-02-23 02:18 - 00206568 _____ C:\Windows\PFRO.log
2013-08-08 01:12 - 2013-08-08 01:07 - 00000000 ___SD C:\32788R22FWJFW
2013-08-08 01:07 - 2013-08-08 01:06 - 05096636 ____R (Swearware) C:\Users\tracey\Downloads\download-ComboFix(1).exe
2013-08-08 01:00 - 2013-08-08 01:00 - 00154224 _____ C:\Users\tracey\Desktop\JRT.txt
2013-08-08 00:54 - 2013-08-08 00:54 - 00000000 ____D C:\Windows\ERUNT
2013-08-08 00:46 - 2013-08-08 00:45 - 00957230 _____ (Oleg N. Scherbakov) C:\Users\tracey\Downloads\JRT.exe
2013-08-08 00:37 - 2013-08-08 00:37 - 00026162 _____ C:\AdwCleaner[S1].txt
2013-08-08 00:36 - 2013-08-08 00:35 - 00025757 _____ C:\AdwCleaner[R1].txt
2013-08-08 00:35 - 2013-08-08 00:34 - 00666633 _____ C:\Users\tracey\Downloads\adwcleaner(1).exe
2013-08-08 00:27 - 2013-08-08 00:27 - 00666633 _____ C:\Users\tracey\Downloads\adwcleaner.exe
2013-08-08 00:05 - 2013-08-08 00:05 - 00377856 _____ C:\Users\tracey\Downloads\i83pvtgl.exe
2013-08-07 23:34 - 2013-08-07 23:34 - 00000000 _____ C:\Windows\System32\OFJVET
2013-08-07 23:32 - 2013-08-07 23:31 - 00000291 _____ C:\Users\tracey\Downloads\RootkitRemover20130808083144.txt
2013-08-07 23:17 - 2013-08-07 23:17 - 00000000 _____ C:\Windows\System32\TRJMKCJTJB
2013-08-07 23:16 - 2011-01-10 23:11 - 00000000 _____ C:\Windows\System32\Pen_Tablet.dat
2013-08-07 23:15 - 2013-08-07 23:14 - 21717184 _____ (Bitdefender LLC) C:\Users\tracey\Downloads\RemovalToolUnifiedLauncher_sirefef.exe.part
2013-08-07 23:13 - 2013-08-07 23:13 - 00231390 _____ C:\Users\tracey\Downloads\RootkitRevealer.zip
2013-08-07 22:40 - 2013-06-12 00:17 - 00000000 __SHD C:\Windows\System32\argmon
2013-08-07 02:24 - 2013-08-07 02:24 - 00000000 ____D C:\ProgramData\Sophos
2013-08-07 02:20 - 2013-08-07 02:17 - 72883598 _____ (Sophos Limited) C:\Users\tracey\Downloads\Sophos Virus Removal Tool.exe
2013-08-07 01:08 - 2011-02-23 08:47 - 00000000 ____D C:\Users\tracey\AppData\Local\Google
2013-08-07 01:05 - 2013-08-07 01:04 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\tracey\Downloads\tdsskiller(1).exe
2013-08-07 01:00 - 2013-08-06 23:56 - 00000000 ___SD C:\download-ComboFix
2013-08-06 23:58 - 2013-08-06 23:58 - 00000000 _____ C:\Users\tracey\Downloads\tdsskiller.exe
2013-08-06 23:56 - 2013-08-06 23:56 - 00012568 _____ (Sysinternals - www.sysinternals.com) C:\Windows\System32\Drivers\PROCEXP113.SYS
2013-08-06 23:51 - 2013-08-06 23:51 - 00000000 ____D C:\Qoobox
2013-08-06 23:50 - 2013-08-06 23:50 - 00000000 ____D C:\Windows\erdnt
2013-08-06 23:50 - 2013-08-06 23:48 - 05100713 ____R (Swearware) C:\Users\tracey\Downloads\download-ComboFix.exe
2013-08-06 23:48 - 2013-08-06 23:48 - 00488968 _____ C:\Users\tracey\Downloads\ComboFix-oc-jd.exe
2013-08-06 23:47 - 2013-08-06 23:47 - 00000000 _____ C:\Users\tracey\Downloads\ComboFix.exe
2013-08-06 23:46 - 2013-08-06 23:46 - 00666633 _____ C:\Users\tracey\Downloads\AdwCleaner.exe.part
2013-08-06 23:40 - 2013-08-06 23:39 - 00551408 _____ (McAfee, Inc.) C:\Users\tracey\Downloads\rootkitremover(1).exe
2013-08-06 23:40 - 2013-08-06 23:39 - 00000291 _____ C:\Users\tracey\Downloads\RootkitRemover20130807083958.txt
2013-08-06 23:35 - 2013-08-06 23:34 - 00551408 _____ (McAfee, Inc.) C:\Users\tracey\Downloads\rootkitremover.exe
2013-08-06 23:29 - 2013-08-06 23:28 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\tracey\Downloads\rkill.exe
2013-08-06 23:02 - 2010-12-28 03:07 - 00000000 ____D C:\users\tracey
2013-08-06 23:01 - 2012-10-17 22:57 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-06 23:01 - 2012-08-10 02:55 - 00000000 ____D C:\Program Files\Fitbit
2013-08-06 23:01 - 2012-03-26 23:55 - 00000000 ____D C:\Program Files\Bonjour
2013-08-06 22:57 - 2013-08-02 01:16 - 00000000 ____D C:\Users\tracey\Downloads\PokerTracker.3.00.3.Incl.Crack
2013-08-06 22:57 - 2013-07-26 04:27 - 00000000 ____D C:\Users\tracey\AppData\Roaming\PacificPoker
2013-08-06 22:57 - 2013-07-26 04:17 - 00000000 ____D C:\Users\tracey\AppData\Local\MagicHoldem
2013-08-06 22:57 - 2012-09-20 02:59 - 00000000 ____D C:\Windows\Ancient Quest of Saqqarah
2013-08-06 22:57 - 2011-09-17 01:14 - 00000000 ____D C:\users\Guest
2013-08-06 22:57 - 2011-01-05 00:42 - 00000000 ____D C:\Windows\System32\WTablet
2013-08-06 22:57 - 2010-12-31 05:25 - 00000000 ____D C:\Windows\WinAVI Video Converter 9.0
2013-08-06 22:57 - 2010-12-28 04:39 - 00000000 ____D C:\Windows\WinRAR
2013-08-06 22:57 - 2010-02-23 02:48 - 00000000 ____D C:\Windows\System32\RTCOM
2013-08-06 22:57 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-08-06 22:57 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-06 22:57 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\DVD Maker
2013-08-06 22:57 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp
2013-08-06 22:57 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2013-08-06 22:57 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\AppCompat
2013-08-06 22:56 - 2013-08-05 03:15 - 00000000 ____D C:\Program Files\CalculatemPro
2013-08-06 22:56 - 2013-07-30 01:31 - 00000000 ____D C:\postgreSQL
2013-08-06 22:56 - 2013-07-26 04:26 - 00000000 ____D C:\Program Files\PacificPoker
2013-08-06 22:56 - 2013-07-19 02:54 - 00000000 ____D C:\Program Files\PokerStars
2013-08-06 22:56 - 2013-05-23 00:20 - 00000000 ____D C:\Program Files\iTunes
2013-08-06 22:56 - 2013-05-12 09:12 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-08-06 22:56 - 2013-04-19 10:27 - 00000000 ____D C:\Program Files\Cheat Engine 6.2
2013-08-06 22:56 - 2013-03-28 09:42 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2013-08-06 22:56 - 2013-01-02 09:47 - 00000000 ____D C:\Program Files\QuickTime
2013-08-06 22:56 - 2012-11-20 05:00 - 00000000 ____D C:\Program Files\AC3Filter
2013-08-06 22:56 - 2012-11-20 04:56 - 00000000 ____D C:\Program Files\Xvid
2013-08-06 22:56 - 2012-11-20 04:55 - 00000000 ____D C:\Program Files\OpenSource Flash Video Splitter
2013-08-06 22:56 - 2012-11-20 04:55 - 00000000 ____D C:\Program Files\DirectVobSub
2013-08-06 22:56 - 2012-11-20 04:53 - 00000000 ____D C:\Program Files\Ultimate Codecs Bundle
2013-08-06 22:56 - 2012-10-26 06:51 - 00000000 ____D C:\ProgramData\PrintProjects
2013-08-06 22:56 - 2012-10-26 06:51 - 00000000 ____D C:\Program Files\PrintProjects
2013-08-06 22:56 - 2012-10-09 11:05 - 00000000 ____D C:\Program Files\Clownfish
2013-08-06 22:56 - 2012-03-09 08:47 - 00000000 ____D C:\Program Files\Dropsend Direct beta
2013-08-06 22:56 - 2011-11-03 09:40 - 00000000 ____D C:\Program Files\WildGames
2013-08-06 22:56 - 2011-09-28 06:56 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-08-06 22:56 - 2011-07-15 23:47 - 00000000 ____D C:\Program Files\Apple Software Update
2013-08-06 22:56 - 2011-07-15 23:37 - 00000000 ____D C:\Program Files\Safari
2013-08-06 22:56 - 2011-02-18 11:22 - 00000000 ____D C:\Program Files\RealHideIP
2013-08-06 22:56 - 2011-02-10 07:02 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2013-08-06 22:56 - 2011-01-05 00:44 - 00000000 ____D C:\Program Files\WTouch
2013-08-06 22:56 - 2011-01-05 00:44 - 00000000 ____D C:\Program Files\TabletPlugins
2013-08-06 22:56 - 2010-12-28 13:39 - 00000000 ____D C:\Program Files\7-Zip
2013-08-06 22:56 - 2010-12-28 04:54 - 00000000 ____D C:\Program Files\MagicDisc
2013-08-06 22:56 - 2010-12-28 04:42 - 00000000 ____D C:\Program Files\WinZip
2013-08-06 22:56 - 2010-12-28 04:39 - 00000000 ____D C:\Program Files\WinRAR
2013-08-06 22:56 - 2010-12-28 04:24 - 00000000 ____D C:\Program Files\MagicISO
2013-08-06 22:56 - 2010-12-28 04:21 - 00000000 ____D C:\Program Files\uTorrent
2013-08-06 22:56 - 2010-12-28 03:26 - 00000000 ____D C:\Program Files\Common Files\aol
2013-08-06 22:56 - 2010-12-28 03:26 - 00000000 ____D C:\Program Files\AOL 9.1
2013-08-06 22:56 - 2010-02-23 04:54 - 00000000 ____D C:\Program Files\Microsoft Works
2013-08-06 22:55 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
2013-08-06 22:52 - 2011-02-23 08:46 - 00000000 ____D C:\Program Files\Google
2013-08-05 03:26 - 2013-08-05 03:26 - 00000000 ____D C:\Users\tracey\Downloads\NHD-BO SD Files
2013-08-02 15:13 - 2013-06-17 22:42 - 00000000 ____D C:\Users\tracey\Downloads\Problem.Child.2.1991.720p.WEB-DL.H264-CtrlHD [PublicHD]
2013-08-02 15:12 - 2010-12-29 04:47 - 00000000 ____D C:\Users\tracey\AppData\Local\Windows Live
2013-08-02 01:21 - 2013-08-02 01:16 - 00000000 ____D C:\Program Files\PokerTracker 3
2013-07-30 23:47 - 2013-07-30 01:36 - 00000000 ____D C:\Users\tracey\AppData\Roaming\HoldemManager
2013-07-30 03:04 - 2013-07-30 01:36 - 00017710 _____ C:\Users\tracey\Downloads\install.log
2013-07-30 01:43 - 2013-07-30 01:43 - 00000000 ____D C:\Users\tracey\AppData\Local\Hold'em_Manager
2013-07-30 01:40 - 2013-07-30 01:40 - 00000000 ____D C:\Users\tracey\AppData\Roaming\HEM Data
2013-07-30 01:36 - 2013-07-30 01:36 - 00000000 ____D C:\ProgramData\XHEO INC
2013-07-29 23:13 - 2013-07-29 23:13 - 00000776 _____ C:\Users\Public\Desktop\William Hill Poker.lnk
2013-07-29 23:13 - 2013-07-29 23:13 - 00000000 ____D C:\Poker
2013-07-29 23:12 - 2013-07-29 23:12 - 00476984 _____ (Playtech) C:\Users\tracey\Downloads\SetupPoker_92b31a_en.exe
2013-07-28 23:17 - 2013-07-28 23:17 - 00002134 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-28 22:51 - 2009-07-13 18:04 - 00000583 _____ C:\Windows\win.ini
2013-07-26 11:21 - 2013-07-26 11:21 - 09078444 _____ C:\Users\tracey\Downloads\Sniper Patch -.- @ DavidVandahar.mp4
2013-07-26 11:21 - 2013-07-26 11:21 - 03669642 _____ C:\Users\tracey\Downloads\Sniper Patch -.- @ DavidVandahar.flv
2013-07-26 05:29 - 2010-12-31 05:04 - 00000000 ____D C:\Users\tracey\AppData\Local\WinAVI
2013-07-26 04:28 - 2013-07-26 04:28 - 00001939 _____ C:\Users\tracey\Desktop\888poker.lnk
2013-07-26 04:28 - 2013-07-26 04:28 - 00001939 _____ C:\Users\Guest\Desktop\888poker.lnk
2013-07-26 04:19 - 2013-07-26 04:18 - 00000000 ____D C:\Users\tracey\AppData\Local\Kesemoholdings_Limited
2013-07-26 04:18 - 2013-07-26 04:18 - 00001202 _____ C:\Users\tracey\Desktop\MagicHoldem.lnk
2013-07-26 04:18 - 2013-07-26 04:18 - 00000132 _____ C:\Users\tracey\AppData\Local\MagicHoldem_SettingsPath.txt
2013-07-26 04:18 - 2013-07-26 04:18 - 00000000 ____D C:\ProgramData\MagicHoldem
2013-07-26 04:17 - 2013-07-26 04:16 - 24278088 _____ (Kessem Holdings Limited) C:\Users\tracey\Downloads\MagicHoldem_4.1.0.898.exe
2013-07-26 04:15 - 2012-08-18 05:11 - 00000000 ____D C:\Users\tracey\Desktop\video
2013-07-25 22:34 - 2013-05-13 07:05 - 00000000 ____D C:\Users\tracey\AppData\Local\LogMeIn Rescue Applet
2013-07-25 10:41 - 2011-10-15 09:13 - 00000000 ____D C:\Users\tracey\AppData\Roaming\Skype
2013-07-25 00:29 - 2011-11-28 07:47 - 00000000 ____D C:\Users\tracey\Desktop\logo
2013-07-24 23:57 - 2012-05-25 03:08 - 00000000 ____D C:\Users\tracey\Desktop\docs
2013-07-24 13:36 - 2013-07-19 02:55 - 00000000 ____D C:\Users\tracey\AppData\Local\PokerStars
2013-07-23 23:22 - 2013-07-23 23:21 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-07-23 23:07 - 2013-07-23 23:06 - 18101248 _____ C:\Users\tracey\Downloads\AdobeFlashPlayer_11.8.800.94_NPAPI_SPS.exe
2013-07-19 02:55 - 2013-07-19 02:55 - 00000983 _____ C:\Users\tracey\Desktop\PokerStars.lnk
2013-07-19 02:53 - 2013-07-19 02:53 - 24891184 _____ (PokerStars) C:\Users\tracey\Downloads\PokerStarsInstall.exe
2013-07-17 22:30 - 2013-07-17 22:29 - 01067456 _____ (Solid State Networks) C:\Users\tracey\Downloads\install_flashplayer11x32au_mssa_aaa_aih.exe
2013-07-17 10:28 - 2013-01-24 08:22 - 00000000 ___RD C:\Program Files\Skype
2013-07-16 10:04 - 2010-02-23 04:14 - 00000000 ____D C:\Windows\System32\Adobe
2013-07-14 05:43 - 2013-07-14 05:43 - 00026609 _____ C:\Users\tracey\Desktop\hs_err_pid6348.log
2013-07-13 02:34 - 2010-12-28 08:44 - 00000000 ____D C:\Users\tracey\Desktop\cufont
2013-07-12 23:55 - 2012-04-05 07:28 - 00000000 ____D C:\Users\tracey\AppData\Roaming\Mozilla
2013-07-12 01:49 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-11 22:25 - 2011-02-23 06:06 - 03893528 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-11 22:24 - 2009-07-13 23:49 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 22:23 - 2010-02-23 02:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 12:45 - 2010-02-23 05:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 12:35 - 2010-02-23 01:31 - 75699896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-11 09:35 - 2013-07-11 09:35 - 02572277 _____ C:\Users\tracey\Downloads\mp3

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

Files to move or delete:
====================
C:\Users\tracey\jagex_cl_runescape_LIVE.dat
C:\Users\tracey\random.dat

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\en-US => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-08-07 02:21:40
Restore point made on: 2013-08-08 00:31:29

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 3839.24 MB
Available physical RAM: 3304.07 MB
Total Pagefile: 3837.52 MB
Available Pagefile: 3314.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1925.21 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:910.41 GB) (Free:659.31 GB) NTFS
Drive e: (Recover) (Fixed) (Total:20 GB) (Free:9.4 GB) NTFS
Drive g: (LOCAL DISK) (Fixed) (Total:465.76 GB) (Free:426.12 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 7ECEE270)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=910 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 1 (Size: 466 GB) (Disk ID: 12345678)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)


LastRegBack: 2013-08-02 02:18

==================== End Of Log ============================



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:49 AM

Posted 10 August 2013 - 07:43 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
C:\Windows\System32\oobe\info\HKCU.vbs
HKU\tracey\...\Run: [] - C:\Users\tracey\AppData\Roaming\msiexec.exe [x]
HKU\tracey\...\Run: [Clownfish] -  [x]
HKLM\...\Run: [Dropsend Direct beta] -  [x]
Startup: C:\Users\tracey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
S3 HGULMKL; C:\Users\tracey\AppData\Local\Temp\HGULMKL.exe [375680 2013-08-07] (Sysinternals - www.sysinternals.com)
S3 JW; C:\Users\tracey\AppData\Local\Temp\JW.exe [523136 2013-08-07] (Sysinternals - www.sysinternals.com)
S3 KKULHYLMVBQ; C:\Users\tracey\AppData\Local\Temp\KKULHYLMVBQ.exe [404352 2013-08-07] (Sysinternals - www.sysinternals.com)
C:\Users\tracey\AppData\Local\Temp\HGULMKL.exe
C:\Users\tracey\AppData\Local\Temp\JW.exe
C:\Users\tracey\AppData\Local\Temp\KKULHYLMVBQ.exe
S3 FAHWB; C:\Users\tracey\AppData\Local\Temp\FAHWB.exe [x]
C:\Users\tracey\AppData\Local\Temp\FAHWB.exe
C:\Windows\assembly\GAC\Desktop.ini
C:\Users\tracey\jagex_cl_runescape_LIVE.dat
C:\Users\tracey\random.dat
S3 MFE_RR; \??\C:\Users\tracey\AppData\Local\Temp\mfe_rr.sys [x]
C:\Users\tracey\AppData\Local\Temp\mfe_rr.sys

NETSVC: Sysevnt -> C:\Windows\system32\argsvc.dll ()

DeleteJunctionsIndirectory:
C:\Program Files\Windows Defender
 
 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 traceygl

traceygl
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 11 August 2013 - 04:00 AM

thank you logs are below :)

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-08-2013
Ran by SYSTEM at 2013-08-11 09:51:50 Run:1
Running from G:\
Boot Mode: Recovery

==============================================

HKU\Default\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKCU => Value deleted successfully.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKCU => Value not found.
C:\Windows\System32\oobe\info\HKCU.vbs => Moved successfully.
HKU\tracey\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\tracey\Software\Microsoft\Windows\CurrentVersion\Run\\Clownfish => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Dropsend Direct beta => Value deleted successfully.
C:\Users\tracey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk => Moved successfully.
ShortcutTarget: Dropbox.lnk ->  (No File) not found.
HGULMKL => Service deleted successfully.
JW => Service deleted successfully.
KKULHYLMVBQ => Service deleted successfully.
C:\Users\tracey\AppData\Local\Temp\HGULMKL.exe => Moved successfully.
C:\Users\tracey\AppData\Local\Temp\JW.exe => Moved successfully.
C:\Users\tracey\AppData\Local\Temp\KKULHYLMVBQ.exe => Moved successfully.
FAHWB => Service deleted successfully.
"C:\Users\tracey\AppData\Local\Temp\FAHWB.exe" => File/Directory not found.
C:\Windows\assembly\GAC\Desktop.ini => Moved successfully.
C:\Users\tracey\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\tracey\random.dat => Moved successfully.
MFE_RR => Service deleted successfully.
"C:\Users\tracey\AppData\Local\Temp\mfe_rr.sys" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs Sysevnt => Value deleted successfully.
Error: DeleteJunctionsIndirectory: => entry should be fixed outside recovery mode.
C:\Program Files\Windows Defender => Moved successfully.

==== End of Fixlog ====



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:49 AM

Posted 12 August 2013 - 04:01 PM

Download attached [b]fixlist.txt[/b] file and save it to the Desktop.
[u][b]NOTE.[/b][/u] It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warned you about the outdated version please download and run the updated version.

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 traceygl

traceygl
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 13 August 2013 - 01:38 AM

logs from last farbar scan

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-08-2013
Ran by tracey at 2013-08-13 07:37:49 Run:2
Running from I:\
Boot Mode: Normal

==============================================

"DeleteJunctionsIndirectory:" => Not Found
"C:\Program Files\Windows Defender" => File/Directory not found.

==== End of Fixlog ====



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:49 AM

Posted 13 August 2013 - 06:33 PM




Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
  • Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 traceygl

traceygl
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 14 August 2013 - 01:52 AM

hi thx list is below

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-08-2013
Ran by SYSTEM on 14-08-2013 07:41:31
Running from H:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7866912 2009-11-10] (Realtek Semiconductor)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [HostManager] - C:\Program Files\Common Files\AOL\1293535607\ee\AOLSoftware.exe [42032 2007-05-25] (AOL LLC)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-25] (CANON INC.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [BullGuard] - C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [852832 2013-08-12] (BullGuard Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Conime] - %windir%\system32\conime.exe [x]
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-01] ()
HKLM\...\Run: [Monitor] - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [298376 2012-09-28] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-01] (Research In Motion Limited)
HKLM\...\Run: [EKStatusMonitor] - C:\PROGRAM FILES\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe [2844608 2012-10-15] (Eastman Kodak Company)
HKLM\...\Run: [BullGuardUpdate2] - c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [1879392 2013-08-12] (BullGuard Ltd.)
HKLM\...\Run: [MemoryMangerExi] - C:\Windows\diskediag.exe [3440128 2013-05-13] (GP Systems Integration)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM\...\Run: [nbthostmonitor] - C:\Program Files\HostMonitor\nbthostmonitor.exe [x]
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer [155648 2012-08-14] ()
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer [90112 2012-11-07] ()
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer [66048 2012-11-07] ()
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer [335872 2012-11-07] ()
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer [1110016 2012-11-07] ()
HKU\Guest\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [ 2013-04-30] (Apple Inc.)
HKU\tracey\...\Run: [uTorrent] - C:\Program Files\uTorrent\uTorrent.exe [ 2013-06-14] (BitTorrent Inc.)
HKU\tracey\...\Run: [AdobeBridge] - C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe [ 2010-03-08] (Adobe Systems, Inc.)
HKU\tracey\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2012-03-08] (Microsoft Corporation)
HKU\tracey\...\Run: [KiesHelper] - C:\Program Files\Samsung\Kies\KiesHelper.exe [ 2011-06-24] (Samsung)
HKU\tracey\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\tracey\...\Run: [Fitbit Service Monitor] - C:\Program Files\Fitbit\fitbit-tray.exe [ 2012-04-11] (Fitbit, Inc.)
HKU\tracey\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [ 2013-03-14] (Disc Soft Ltd)
HKU\tracey\...\Run: [RGSC] - C:\Program Files\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe /silent [x]
Startup: C:\Users\tracey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\tracey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

========================== Services (Whitelisted) =================

S3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
S2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [560992 2013-08-12] (BullGuard Ltd.)
S2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [376736 2013-08-12] (BullGuard Ltd.)
S2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [307552 2013-08-12] (BullGuard Ltd.)
S2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [478048 2013-08-12] (BullGuard Ltd.)
S2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [495456 2013-08-12] (BullGuard Ltd.)
S2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [261472 2013-08-12] (BullGuard Ltd.)
S2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [212832 2013-08-12] (BullGuard Ltd.)
S2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [288096 2013-08-12] (BullGuard Ltd.)
S2 Fitbit; C:\Program Files\Fitbit\fitbit.exe [770080 2012-04-11] (Fitbit, Inc.)
S2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395200 2012-10-19] (Eastman Kodak Company)
S2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [779200 2012-10-15] (Eastman Kodak Company)
S2 lxdc_device; C:\Windows\system32\lxdccoms.exe [537520 2007-05-25] ( )
S2 MagicHoldem; C:\Users\tracey\AppData\Local\MagicHoldem\MagicHoldemLauncher.exe [290392 2013-07-24] (Kessem Holdings Limited)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 OPIBS; C:\Users\tracey\AppData\Local\Temp\OPIBS.exe [453504 2013-08-07] (Sysinternals - www.sysinternals.com)
S2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-07-27] ()
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289472 2013-07-12] (Skype Technologies S.A.)
S2 Sysevnt; C:\Windows\system32\argsvc.dll [71680 2012-05-18] ()
S2 WMI_Hook_Service; C:\Program Files\msi\OSD hot keys\WMI_Hook_Service.exe [100152 2009-12-24] (MICRO-STAR INT'L,.LTD.)
S2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [113448 2009-11-23] (Wacom Technology, Corp.)
S2 postgresql-8.4; c:/postgreSQL/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "c:/postgreSQL/data" -w [x]
S3 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [x]

==================== Drivers (Whitelisted) ====================

S1 AFW; C:\Windows\System32\DRIVERS\afw.sys [33888 2013-04-30] (Agnitum Ltd.)
S3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [337504 2013-04-30] (Agnitum Ltd.)
S3 BdNet; C:\Windows\System32\drivers\BdNet.sys [27760 2013-04-30] (BullGuard Ltd.)
S1 BdSpy; C:\Windows\System32\DRIVERS\BdSpy.sys [64624 2013-04-30] (BullGuard Ltd.)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-03-28] (DT Soft Ltd)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [10360 2009-10-29] (Windows ® Win 7 DDK provider)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [24608 2009-06-04] (NVIDIA Corporation)
S3 NW1950; C:\Windows\System32\DRIVERS\NW1950.sys [22392 2009-10-29] ()
S3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1558368 2009-12-22] (NXP Semiconductors Germany GmbH)
S3 SIUSBXP; C:\Windows\System32\drivers\SiUSBXp.sys [21992 2012-04-02] (Silicon Laboratories)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-12-20] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-12-20] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-12-20] (MCCI Corporation)
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [100224 2010-12-20] (MCCI Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [343456 2013-04-30] (BitDefender S.R.L.)
S3 WacomVTHid; C:\Windows\System32\DRIVERS\WacomVTHid.sys [13480 2009-07-09] (Wacom Technology)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
S3 catchme; \??\C:\Users\tracey\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-12 22:45 - 2013-08-12 22:35 - 01068525 _____ (Farbar) C:\Users\tracey\Desktop\FRST.exe
2013-08-12 22:31 - 2013-08-12 22:32 - 01068525 _____ (Farbar) C:\Users\tracey\Downloads\FRST(1).exe.part
2013-08-12 22:29 - 2013-08-12 22:29 - 01068525 _____ (Farbar) C:\Users\tracey\Downloads\FRST (1).exe.xku4vvo.partial
2013-08-12 00:41 - 2013-08-12 00:40 - 00113088 _____ (BullGuard Ltd.) C:\Windows\System32\BgGamingMonitor.dll
2013-08-12 00:41 - 2013-08-12 00:40 - 00060256 _____ (BullGuard Ltd.) C:\Windows\System32\BGLsp.dll
2013-08-10 08:24 - 2013-08-10 08:24 - 00000000 ____D C:\FRST
2013-08-09 22:55 - 2013-08-09 22:55 - 00000000 ____D C:\Users\tracey\Documents\Fax
2013-08-09 22:50 - 2013-08-09 22:50 - 01230570 _____ (Farbar) C:\Users\tracey\Downloads\FRST.exe
2013-08-09 22:38 - 2013-08-09 22:38 - 00000000 ____D C:\Users\tracey\AppData\Local\{9C94870C-9F6C-4B23-B5DD-91940B32CEC0}
2013-08-09 02:01 - 2013-08-09 03:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-08 10:09 - 2013-08-08 10:10 - 00160752 _____ C:\Windows\Minidump\080813-34039-01.dmp
2013-08-08 04:53 - 2013-08-08 04:53 - 00000903 _____ C:\Users\tracey\Desktop\1.txt
2013-08-08 04:41 - 2013-08-08 04:41 - 00027768 _____ C:\Users\tracey\Desktop\dds.txt
2013-08-08 04:41 - 2013-08-08 04:41 - 00010058 _____ C:\Users\tracey\Desktop\attach.txt
2013-08-08 01:35 - 2013-08-08 01:35 - 00357143 _____ (Farbar) C:\Users\tracey\Downloads\FSS.exe.part
2013-08-08 01:34 - 2013-08-08 02:49 - 04745728 _____ (AVAST Software) C:\Users\tracey\Downloads\aswMBR(3).exe.part
2013-08-08 01:34 - 2013-08-08 02:49 - 00000000 _____ C:\Users\tracey\Downloads\aswMBR(3).exe
2013-08-08 01:33 - 2013-08-08 01:33 - 00000000 _____ C:\Users\tracey\Downloads\aswMBR(2).exe
2013-08-08 01:31 - 2013-08-08 01:31 - 00000000 _____ C:\Users\tracey\Downloads\aswMBR(1).exe
2013-08-08 01:30 - 2013-08-08 02:08 - 04745728 _____ (AVAST Software) C:\Users\tracey\Downloads\aswMBR.exe.part
2013-08-08 01:27 - 2013-08-08 01:27 - 00000000 _____ C:\Users\tracey\Downloads\imfv2-setup-for-review.exe
2013-08-08 01:07 - 2013-08-08 01:12 - 00000000 ___SD C:\32788R22FWJFW
2013-08-08 01:06 - 2013-08-08 01:07 - 05096636 ____R (Swearware) C:\Users\tracey\Downloads\download-ComboFix(1).exe
2013-08-08 01:00 - 2013-08-08 01:00 - 00154224 _____ C:\Users\tracey\Desktop\JRT.txt
2013-08-08 00:54 - 2013-08-08 00:54 - 00000000 ____D C:\Windows\ERUNT
2013-08-08 00:45 - 2013-08-08 00:46 - 00957230 _____ (Oleg N. Scherbakov) C:\Users\tracey\Downloads\JRT.exe
2013-08-08 00:37 - 2013-08-08 00:37 - 00026162 _____ C:\AdwCleaner[S1].txt
2013-08-08 00:35 - 2013-08-08 00:36 - 00025757 _____ C:\AdwCleaner[R1].txt
2013-08-08 00:34 - 2013-08-08 00:35 - 00666633 _____ C:\Users\tracey\Downloads\adwcleaner(1).exe
2013-08-08 00:27 - 2013-08-08 00:27 - 00666633 _____ C:\Users\tracey\Downloads\adwcleaner.exe
2013-08-08 00:05 - 2013-08-08 00:05 - 00377856 _____ C:\Users\tracey\Downloads\i83pvtgl.exe
2013-08-07 23:44 - 2013-08-08 02:07 - 00002186 _____ C:\Users\tracey\Desktop\Rkill.txt
2013-08-07 23:34 - 2013-08-07 23:34 - 00000000 _____ C:\Windows\System32\OFJVET
2013-08-07 23:31 - 2013-08-07 23:32 - 00000291 _____ C:\Users\tracey\Downloads\RootkitRemover20130808083144.txt
2013-08-07 23:17 - 2013-08-07 23:17 - 00000000 _____ C:\Windows\System32\TRJMKCJTJB
2013-08-07 23:14 - 2013-08-07 23:15 - 21717184 _____ (Bitdefender LLC) C:\Users\tracey\Downloads\RemovalToolUnifiedLauncher_sirefef.exe.part
2013-08-07 23:13 - 2013-08-07 23:13 - 00231390 _____ C:\Users\tracey\Downloads\RootkitRevealer.zip
2013-08-07 02:24 - 2013-08-07 02:24 - 00000000 ____D C:\ProgramData\Sophos
2013-08-07 02:17 - 2013-08-07 02:20 - 72883598 _____ (Sophos Limited) C:\Users\tracey\Downloads\Sophos Virus Removal Tool.exe
2013-08-07 01:04 - 2013-08-07 01:05 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\tracey\Downloads\tdsskiller(1).exe
2013-08-06 23:58 - 2013-08-06 23:58 - 00000000 _____ C:\Users\tracey\Downloads\tdsskiller.exe
2013-08-06 23:56 - 2013-08-07 01:00 - 00000000 ___SD C:\download-ComboFix
2013-08-06 23:56 - 2013-08-06 23:56 - 00012568 _____ (Sysinternals - www.sysinternals.com) C:\Windows\System32\Drivers\PROCEXP113.SYS
2013-08-06 23:56 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-06 23:56 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-06 23:56 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-06 23:56 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-06 23:56 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-06 23:56 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-06 23:56 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-06 23:56 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-06 23:51 - 2013-08-06 23:51 - 00000000 ____D C:\Qoobox
2013-08-06 23:50 - 2013-08-06 23:50 - 00000000 ____D C:\Windows\erdnt
2013-08-06 23:48 - 2013-08-06 23:50 - 05100713 ____R (Swearware) C:\Users\tracey\Downloads\download-ComboFix.exe
2013-08-06 23:48 - 2013-08-06 23:48 - 00488968 _____ C:\Users\tracey\Downloads\ComboFix-oc-jd.exe
2013-08-06 23:47 - 2013-08-06 23:47 - 00000000 _____ C:\Users\tracey\Downloads\ComboFix.exe
2013-08-06 23:46 - 2013-08-06 23:46 - 00666633 _____ C:\Users\tracey\Downloads\AdwCleaner.exe.part
2013-08-06 23:39 - 2013-08-06 23:40 - 00551408 _____ (McAfee, Inc.) C:\Users\tracey\Downloads\rootkitremover(1).exe
2013-08-06 23:39 - 2013-08-06 23:40 - 00000291 _____ C:\Users\tracey\Downloads\RootkitRemover20130807083958.txt
2013-08-06 23:34 - 2013-08-06 23:35 - 00551408 _____ (McAfee, Inc.) C:\Users\tracey\Downloads\rootkitremover.exe
2013-08-06 23:28 - 2013-08-06 23:29 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\tracey\Downloads\rkill.exe
2013-08-05 03:26 - 2013-08-05 03:26 - 00000000 ____D C:\Users\tracey\Downloads\NHD-BO SD Files
2013-08-05 03:15 - 2013-08-06 22:56 - 00000000 ____D C:\Program Files\CalculatemPro
2013-08-02 01:16 - 2013-08-06 22:57 - 00000000 ____D C:\Users\tracey\Downloads\PokerTracker.3.00.3.Incl.Crack
2013-08-02 01:16 - 2013-08-02 01:21 - 00000000 ____D C:\Program Files\PokerTracker 3
2013-07-30 01:43 - 2013-07-30 01:43 - 00000000 ____D C:\Users\tracey\AppData\Local\Hold'em_Manager
2013-07-30 01:40 - 2013-07-30 01:40 - 00000000 ____D C:\Users\tracey\AppData\Roaming\HEM Data
2013-07-30 01:36 - 2013-07-30 23:47 - 00000000 ____D C:\Users\tracey\AppData\Roaming\HoldemManager
2013-07-30 01:36 - 2013-07-30 03:04 - 00017710 _____ C:\Users\tracey\Downloads\install.log
2013-07-30 01:36 - 2013-07-30 01:36 - 00000000 ____D C:\ProgramData\XHEO INC
2013-07-30 01:31 - 2013-08-06 22:56 - 00000000 ____D C:\postgreSQL
2013-07-29 23:13 - 2013-07-29 23:13 - 00000776 _____ C:\Users\Public\Desktop\William Hill Poker.lnk
2013-07-29 23:13 - 2013-07-29 23:13 - 00000000 ____D C:\Poker
2013-07-29 23:12 - 2013-07-29 23:12 - 00476984 _____ (Playtech) C:\Users\tracey\Downloads\SetupPoker_92b31a_en.exe
2013-07-28 23:17 - 2013-07-28 23:17 - 00002134 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-26 11:21 - 2013-07-26 11:21 - 09078444 _____ C:\Users\tracey\Downloads\Sniper Patch -.- @ DavidVandahar.mp4
2013-07-26 11:21 - 2013-07-26 11:21 - 03669642 _____ C:\Users\tracey\Downloads\Sniper Patch -.- @ DavidVandahar.flv
2013-07-26 04:28 - 2013-08-12 02:13 - 00000000 ____D C:\Users\tracey\Documents\888poker
2013-07-26 04:28 - 2013-07-26 04:28 - 00001939 _____ C:\Users\tracey\Desktop\888poker.lnk
2013-07-26 04:28 - 2013-07-26 04:28 - 00001939 _____ C:\Users\Guest\Desktop\888poker.lnk
2013-07-26 04:27 - 2013-08-06 22:57 - 00000000 ____D C:\Users\tracey\AppData\Roaming\PacificPoker
2013-07-26 04:26 - 2013-08-06 22:56 - 00000000 ____D C:\Program Files\PacificPoker
2013-07-26 04:18 - 2013-07-26 04:19 - 00000000 ____D C:\Users\tracey\AppData\Local\Kesemoholdings_Limited
2013-07-26 04:18 - 2013-07-26 04:18 - 00001202 _____ C:\Users\tracey\Desktop\MagicHoldem.lnk
2013-07-26 04:18 - 2013-07-26 04:18 - 00000132 _____ C:\Users\tracey\AppData\Local\MagicHoldem_SettingsPath.txt
2013-07-26 04:18 - 2013-07-26 04:18 - 00000000 ____D C:\ProgramData\MagicHoldem
2013-07-26 04:17 - 2013-08-11 01:20 - 00000000 ____D C:\Users\tracey\AppData\Local\MagicHoldem
2013-07-26 04:16 - 2013-07-26 04:17 - 24278088 _____ (Kessem Holdings Limited) C:\Users\tracey\Downloads\MagicHoldem_4.1.0.898.exe
2013-07-23 23:21 - 2013-07-23 23:22 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-07-23 23:06 - 2013-07-23 23:07 - 18101248 _____ C:\Users\tracey\Downloads\AdobeFlashPlayer_11.8.800.94_NPAPI_SPS.exe
2013-07-19 02:55 - 2013-07-24 13:36 - 00000000 ____D C:\Users\tracey\AppData\Local\PokerStars
2013-07-19 02:55 - 2013-07-19 02:55 - 00000983 _____ C:\Users\tracey\Desktop\PokerStars.lnk
2013-07-19 02:54 - 2013-08-06 22:56 - 00000000 ____D C:\Program Files\PokerStars
2013-07-19 02:53 - 2013-07-19 02:53 - 24891184 _____ (PokerStars) C:\Users\tracey\Downloads\PokerStarsInstall.exe
2013-07-17 22:29 - 2013-07-17 22:30 - 01067456 _____ (Solid State Networks) C:\Users\tracey\Downloads\install_flashplayer11x32au_mssa_aaa_aih.exe

==================== One Month Modified Files and Folders =======

2013-08-13 22:38 - 2011-01-19 11:49 - 00000664 _____ C:\Windows\System32\config\afw_hm.conf
2013-08-13 22:38 - 2011-01-19 11:49 - 00000004 _____ C:\Windows\System32\config\afw_db.conf
2013-08-13 22:38 - 2010-02-25 08:20 - 00000000 ____D C:\ProgramData\BullGuard
2013-08-13 22:37 - 2010-12-28 04:21 - 00000000 ____D C:\Users\tracey\AppData\Roaming\uTorrent
2013-08-13 22:37 - 2010-12-28 03:07 - 01170474 _____ C:\Windows\WindowsUpdate.log
2013-08-13 22:37 - 2009-07-13 20:34 - 00018928 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-13 22:37 - 2009-07-13 20:34 - 00018928 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-13 22:31 - 2012-09-27 10:10 - 00000000 ___RD C:\Users\tracey\Dropbox
2013-08-13 22:31 - 2012-09-27 10:07 - 00000000 ____D C:\Users\tracey\AppData\Roaming\Dropbox
2013-08-13 22:30 - 2013-08-13 22:30 - 00000512 _____ C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2013-08-13 22:30 - 2011-01-03 14:37 - 00000000 ____D C:\Users\tracey\Tracing
2013-08-13 22:29 - 2012-06-12 04:15 - 00000000 ____D C:\ProgramData\Kodak
2013-08-13 22:28 - 2009-07-13 20:39 - 00235871 _____ C:\Windows\setupact.log
2013-08-12 22:54 - 2012-04-05 07:28 - 00000000 ____D C:\Users\tracey\AppData\Roaming\Mozilla
2013-08-12 22:54 - 2011-02-23 08:47 - 00000000 ____D C:\Users\tracey\AppData\Local\Google
2013-08-12 22:35 - 2013-08-12 22:45 - 01068525 _____ (Farbar) C:\Users\tracey\Desktop\FRST.exe
2013-08-12 22:32 - 2013-08-12 22:31 - 01068525 _____ (Farbar) C:\Users\tracey\Downloads\FRST(1).exe.part
2013-08-12 22:29 - 2013-08-12 22:29 - 01068525 _____ (Farbar) C:\Users\tracey\Downloads\FRST (1).exe.xku4vvo.partial
2013-08-12 22:18 - 2010-02-23 02:18 - 00207044 _____ C:\Windows\PFRO.log
2013-08-12 02:13 - 2013-07-26 04:28 - 00000000 ____D C:\Users\tracey\Documents\888poker
2013-08-12 00:40 - 2013-08-12 00:41 - 00113088 _____ (BullGuard Ltd.) C:\Windows\System32\BgGamingMonitor.dll
2013-08-12 00:40 - 2013-08-12 00:41 - 00060256 _____ (BullGuard Ltd.) C:\Windows\System32\BGLsp.dll
2013-08-11 09:51 - 2010-12-28 03:07 - 00000000 ____D C:\users\tracey
2013-08-11 01:20 - 2013-07-26 04:17 - 00000000 ____D C:\Users\tracey\AppData\Local\MagicHoldem
2013-08-10 08:24 - 2013-08-10 08:24 - 00000000 ____D C:\FRST
2013-08-09 22:58 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-08-09 22:55 - 2013-08-09 22:55 - 00000000 ____D C:\Users\tracey\Documents\Fax
2013-08-09 22:50 - 2013-08-09 22:50 - 01230570 _____ (Farbar) C:\Users\tracey\Downloads\FRST.exe
2013-08-09 22:43 - 2010-02-22 09:21 - 00783270 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-09 22:38 - 2013-08-09 22:38 - 00000000 ____D C:\Users\tracey\AppData\Local\{9C94870C-9F6C-4B23-B5DD-91940B32CEC0}
2013-08-09 22:36 - 2012-04-25 09:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-09 03:04 - 2013-08-09 02:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-08 10:10 - 2013-08-08 10:09 - 00160752 _____ C:\Windows\Minidump\080813-34039-01.dmp
2013-08-08 10:09 - 2013-05-31 05:06 - 508944688 _____ C:\Windows\MEMORY.DMP
2013-08-08 10:09 - 2013-05-31 05:06 - 00000000 ____D C:\Windows\Minidump
2013-08-08 04:53 - 2013-08-08 04:53 - 00000903 _____ C:\Users\tracey\Desktop\1.txt
2013-08-08 04:41 - 2013-08-08 04:41 - 00027768 _____ C:\Users\tracey\Desktop\dds.txt
2013-08-08 04:41 - 2013-08-08 04:41 - 00010058 _____ C:\Users\tracey\Desktop\attach.txt
2013-08-08 02:49 - 2013-08-08 01:34 - 04745728 _____ (AVAST Software) C:\Users\tracey\Downloads\aswMBR(3).exe.part
2013-08-08 02:49 - 2013-08-08 01:34 - 00000000 _____ C:\Users\tracey\Downloads\aswMBR(3).exe
2013-08-08 02:08 - 2013-08-08 01:30 - 04745728 _____ (AVAST Software) C:\Users\tracey\Downloads\aswMBR.exe.part
2013-08-08 02:07 - 2013-08-07 23:44 - 00002186 _____ C:\Users\tracey\Desktop\Rkill.txt
2013-08-08 01:35 - 2013-08-08 01:35 - 00357143 _____ (Farbar) C:\Users\tracey\Downloads\FSS.exe.part
2013-08-08 01:33 - 2013-08-08 01:33 - 00000000 _____ C:\Users\tracey\Downloads\aswMBR(2).exe
2013-08-08 01:31 - 2013-08-08 01:31 - 00000000 _____ C:\Users\tracey\Downloads\aswMBR(1).exe
2013-08-08 01:27 - 2013-08-08 01:27 - 00000000 _____ C:\Users\tracey\Downloads\imfv2-setup-for-review.exe
2013-08-08 01:12 - 2013-08-08 01:07 - 00000000 ___SD C:\32788R22FWJFW
2013-08-08 01:07 - 2013-08-08 01:06 - 05096636 ____R (Swearware) C:\Users\tracey\Downloads\download-ComboFix(1).exe
2013-08-08 01:00 - 2013-08-08 01:00 - 00154224 _____ C:\Users\tracey\Desktop\JRT.txt
2013-08-08 00:54 - 2013-08-08 00:54 - 00000000 ____D C:\Windows\ERUNT
2013-08-08 00:46 - 2013-08-08 00:45 - 00957230 _____ (Oleg N. Scherbakov) C:\Users\tracey\Downloads\JRT.exe
2013-08-08 00:37 - 2013-08-08 00:37 - 00026162 _____ C:\AdwCleaner[S1].txt
2013-08-08 00:36 - 2013-08-08 00:35 - 00025757 _____ C:\AdwCleaner[R1].txt
2013-08-08 00:35 - 2013-08-08 00:34 - 00666633 _____ C:\Users\tracey\Downloads\adwcleaner(1).exe
2013-08-08 00:27 - 2013-08-08 00:27 - 00666633 _____ C:\Users\tracey\Downloads\adwcleaner.exe
2013-08-08 00:05 - 2013-08-08 00:05 - 00377856 _____ C:\Users\tracey\Downloads\i83pvtgl.exe
2013-08-07 23:34 - 2013-08-07 23:34 - 00000000 _____ C:\Windows\System32\OFJVET
2013-08-07 23:32 - 2013-08-07 23:31 - 00000291 _____ C:\Users\tracey\Downloads\RootkitRemover20130808083144.txt
2013-08-07 23:17 - 2013-08-07 23:17 - 00000000 _____ C:\Windows\System32\TRJMKCJTJB
2013-08-07 23:16 - 2011-01-10 23:11 - 00000000 _____ C:\Windows\System32\Pen_Tablet.dat
2013-08-07 23:15 - 2013-08-07 23:14 - 21717184 _____ (Bitdefender LLC) C:\Users\tracey\Downloads\RemovalToolUnifiedLauncher_sirefef.exe.part
2013-08-07 23:13 - 2013-08-07 23:13 - 00231390 _____ C:\Users\tracey\Downloads\RootkitRevealer.zip
2013-08-07 22:40 - 2013-06-12 00:17 - 00000000 __SHD C:\Windows\System32\argmon
2013-08-07 02:24 - 2013-08-07 02:24 - 00000000 ____D C:\ProgramData\Sophos
2013-08-07 02:20 - 2013-08-07 02:17 - 72883598 _____ (Sophos Limited) C:\Users\tracey\Downloads\Sophos Virus Removal Tool.exe
2013-08-07 01:05 - 2013-08-07 01:04 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\tracey\Downloads\tdsskiller(1).exe
2013-08-07 01:00 - 2013-08-06 23:56 - 00000000 ___SD C:\download-ComboFix
2013-08-06 23:58 - 2013-08-06 23:58 - 00000000 _____ C:\Users\tracey\Downloads\tdsskiller.exe
2013-08-06 23:56 - 2013-08-06 23:56 - 00012568 _____ (Sysinternals - www.sysinternals.com) C:\Windows\System32\Drivers\PROCEXP113.SYS
2013-08-06 23:51 - 2013-08-06 23:51 - 00000000 ____D C:\Qoobox
2013-08-06 23:50 - 2013-08-06 23:50 - 00000000 ____D C:\Windows\erdnt
2013-08-06 23:50 - 2013-08-06 23:48 - 05100713 ____R (Swearware) C:\Users\tracey\Downloads\download-ComboFix.exe
2013-08-06 23:48 - 2013-08-06 23:48 - 00488968 _____ C:\Users\tracey\Downloads\ComboFix-oc-jd.exe
2013-08-06 23:47 - 2013-08-06 23:47 - 00000000 _____ C:\Users\tracey\Downloads\ComboFix.exe
2013-08-06 23:46 - 2013-08-06 23:46 - 00666633 _____ C:\Users\tracey\Downloads\AdwCleaner.exe.part
2013-08-06 23:40 - 2013-08-06 23:39 - 00551408 _____ (McAfee, Inc.) C:\Users\tracey\Downloads\rootkitremover(1).exe
2013-08-06 23:40 - 2013-08-06 23:39 - 00000291 _____ C:\Users\tracey\Downloads\RootkitRemover20130807083958.txt
2013-08-06 23:35 - 2013-08-06 23:34 - 00551408 _____ (McAfee, Inc.) C:\Users\tracey\Downloads\rootkitremover.exe
2013-08-06 23:29 - 2013-08-06 23:28 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\tracey\Downloads\rkill.exe
2013-08-06 23:01 - 2012-10-17 22:57 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-06 23:01 - 2012-08-10 02:55 - 00000000 ____D C:\Program Files\Fitbit
2013-08-06 23:01 - 2012-03-26 23:55 - 00000000 ____D C:\Program Files\Bonjour
2013-08-06 22:57 - 2013-08-02 01:16 - 00000000 ____D C:\Users\tracey\Downloads\PokerTracker.3.00.3.Incl.Crack
2013-08-06 22:57 - 2013-07-26 04:27 - 00000000 ____D C:\Users\tracey\AppData\Roaming\PacificPoker
2013-08-06 22:57 - 2012-09-20 02:59 - 00000000 ____D C:\Windows\Ancient Quest of Saqqarah
2013-08-06 22:57 - 2011-09-17 01:14 - 00000000 ____D C:\users\Guest
2013-08-06 22:57 - 2011-01-05 00:42 - 00000000 ____D C:\Windows\System32\WTablet
2013-08-06 22:57 - 2010-12-31 05:25 - 00000000 ____D C:\Windows\WinAVI Video Converter 9.0
2013-08-06 22:57 - 2010-12-28 04:39 - 00000000 ____D C:\Windows\WinRAR
2013-08-06 22:57 - 2010-02-23 02:48 - 00000000 ____D C:\Windows\System32\RTCOM
2013-08-06 22:57 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-08-06 22:57 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\DVD Maker
2013-08-06 22:57 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp
2013-08-06 22:57 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2013-08-06 22:57 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\AppCompat
2013-08-06 22:56 - 2013-08-05 03:15 - 00000000 ____D C:\Program Files\CalculatemPro
2013-08-06 22:56 - 2013-07-30 01:31 - 00000000 ____D C:\postgreSQL
2013-08-06 22:56 - 2013-07-26 04:26 - 00000000 ____D C:\Program Files\PacificPoker
2013-08-06 22:56 - 2013-07-19 02:54 - 00000000 ____D C:\Program Files\PokerStars
2013-08-06 22:56 - 2013-05-23 00:20 - 00000000 ____D C:\Program Files\iTunes
2013-08-06 22:56 - 2013-05-12 09:12 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-08-06 22:56 - 2013-04-19 10:27 - 00000000 ____D C:\Program Files\Cheat Engine 6.2
2013-08-06 22:56 - 2013-03-28 09:42 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2013-08-06 22:56 - 2013-01-02 09:47 - 00000000 ____D C:\Program Files\QuickTime
2013-08-06 22:56 - 2012-11-20 05:00 - 00000000 ____D C:\Program Files\AC3Filter
2013-08-06 22:56 - 2012-11-20 04:56 - 00000000 ____D C:\Program Files\Xvid
2013-08-06 22:56 - 2012-11-20 04:55 - 00000000 ____D C:\Program Files\OpenSource Flash Video Splitter
2013-08-06 22:56 - 2012-11-20 04:55 - 00000000 ____D C:\Program Files\DirectVobSub
2013-08-06 22:56 - 2012-11-20 04:53 - 00000000 ____D C:\Program Files\Ultimate Codecs Bundle
2013-08-06 22:56 - 2012-10-26 06:51 - 00000000 ____D C:\ProgramData\PrintProjects
2013-08-06 22:56 - 2012-10-26 06:51 - 00000000 ____D C:\Program Files\PrintProjects
2013-08-06 22:56 - 2012-10-09 11:05 - 00000000 ____D C:\Program Files\Clownfish
2013-08-06 22:56 - 2012-03-09 08:47 - 00000000 ____D C:\Program Files\Dropsend Direct beta
2013-08-06 22:56 - 2011-11-03 09:40 - 00000000 ____D C:\Program Files\WildGames
2013-08-06 22:56 - 2011-09-28 06:56 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-08-06 22:56 - 2011-07-15 23:47 - 00000000 ____D C:\Program Files\Apple Software Update
2013-08-06 22:56 - 2011-07-15 23:37 - 00000000 ____D C:\Program Files\Safari
2013-08-06 22:56 - 2011-02-18 11:22 - 00000000 ____D C:\Program Files\RealHideIP
2013-08-06 22:56 - 2011-02-10 07:02 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2013-08-06 22:56 - 2011-01-05 00:44 - 00000000 ____D C:\Program Files\WTouch
2013-08-06 22:56 - 2011-01-05 00:44 - 00000000 ____D C:\Program Files\TabletPlugins
2013-08-06 22:56 - 2010-12-28 13:39 - 00000000 ____D C:\Program Files\7-Zip
2013-08-06 22:56 - 2010-12-28 04:54 - 00000000 ____D C:\Program Files\MagicDisc
2013-08-06 22:56 - 2010-12-28 04:42 - 00000000 ____D C:\Program Files\WinZip
2013-08-06 22:56 - 2010-12-28 04:39 - 00000000 ____D C:\Program Files\WinRAR
2013-08-06 22:56 - 2010-12-28 04:24 - 00000000 ____D C:\Program Files\MagicISO
2013-08-06 22:56 - 2010-12-28 04:21 - 00000000 ____D C:\Program Files\uTorrent
2013-08-06 22:56 - 2010-12-28 03:26 - 00000000 ____D C:\Program Files\Common Files\aol
2013-08-06 22:56 - 2010-12-28 03:26 - 00000000 ____D C:\Program Files\AOL 9.1
2013-08-06 22:56 - 2010-02-23 04:54 - 00000000 ____D C:\Program Files\Microsoft Works
2013-08-06 22:55 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
2013-08-06 22:52 - 2011-02-23 08:46 - 00000000 ____D C:\Program Files\Google
2013-08-05 03:26 - 2013-08-05 03:26 - 00000000 ____D C:\Users\tracey\Downloads\NHD-BO SD Files
2013-08-02 15:13 - 2013-06-17 22:42 - 00000000 ____D C:\Users\tracey\Downloads\Problem.Child.2.1991.720p.WEB-DL.H264-CtrlHD [PublicHD]
2013-08-02 15:12 - 2010-12-29 04:47 - 00000000 ____D C:\Users\tracey\AppData\Local\Windows Live
2013-08-02 01:21 - 2013-08-02 01:16 - 00000000 ____D C:\Program Files\PokerTracker 3
2013-07-30 23:47 - 2013-07-30 01:36 - 00000000 ____D C:\Users\tracey\AppData\Roaming\HoldemManager
2013-07-30 03:04 - 2013-07-30 01:36 - 00017710 _____ C:\Users\tracey\Downloads\install.log
2013-07-30 01:43 - 2013-07-30 01:43 - 00000000 ____D C:\Users\tracey\AppData\Local\Hold'em_Manager
2013-07-30 01:40 - 2013-07-30 01:40 - 00000000 ____D C:\Users\tracey\AppData\Roaming\HEM Data
2013-07-30 01:36 - 2013-07-30 01:36 - 00000000 ____D C:\ProgramData\XHEO INC
2013-07-29 23:13 - 2013-07-29 23:13 - 00000776 _____ C:\Users\Public\Desktop\William Hill Poker.lnk
2013-07-29 23:13 - 2013-07-29 23:13 - 00000000 ____D C:\Poker
2013-07-29 23:12 - 2013-07-29 23:12 - 00476984 _____ (Playtech) C:\Users\tracey\Downloads\SetupPoker_92b31a_en.exe
2013-07-28 23:17 - 2013-07-28 23:17 - 00002134 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-28 22:51 - 2009-07-13 18:04 - 00000583 _____ C:\Windows\win.ini
2013-07-26 11:21 - 2013-07-26 11:21 - 09078444 _____ C:\Users\tracey\Downloads\Sniper Patch -.- @ DavidVandahar.mp4
2013-07-26 11:21 - 2013-07-26 11:21 - 03669642 _____ C:\Users\tracey\Downloads\Sniper Patch -.- @ DavidVandahar.flv
2013-07-26 05:29 - 2010-12-31 05:04 - 00000000 ____D C:\Users\tracey\AppData\Local\WinAVI
2013-07-26 04:28 - 2013-07-26 04:28 - 00001939 _____ C:\Users\tracey\Desktop\888poker.lnk
2013-07-26 04:28 - 2013-07-26 04:28 - 00001939 _____ C:\Users\Guest\Desktop\888poker.lnk
2013-07-26 04:19 - 2013-07-26 04:18 - 00000000 ____D C:\Users\tracey\AppData\Local\Kesemoholdings_Limited
2013-07-26 04:18 - 2013-07-26 04:18 - 00001202 _____ C:\Users\tracey\Desktop\MagicHoldem.lnk
2013-07-26 04:18 - 2013-07-26 04:18 - 00000132 _____ C:\Users\tracey\AppData\Local\MagicHoldem_SettingsPath.txt
2013-07-26 04:18 - 2013-07-26 04:18 - 00000000 ____D C:\ProgramData\MagicHoldem
2013-07-26 04:17 - 2013-07-26 04:16 - 24278088 _____ (Kessem Holdings Limited) C:\Users\tracey\Downloads\MagicHoldem_4.1.0.898.exe
2013-07-26 04:15 - 2012-08-18 05:11 - 00000000 ____D C:\Users\tracey\Desktop\video
2013-07-25 22:34 - 2013-05-13 07:05 - 00000000 ____D C:\Users\tracey\AppData\Local\LogMeIn Rescue Applet
2013-07-25 10:41 - 2011-10-15 09:13 - 00000000 ____D C:\Users\tracey\AppData\Roaming\Skype
2013-07-25 00:29 - 2011-11-28 07:47 - 00000000 ____D C:\Users\tracey\Desktop\logo
2013-07-24 23:57 - 2012-05-25 03:08 - 00000000 ____D C:\Users\tracey\Desktop\docs
2013-07-24 13:36 - 2013-07-19 02:55 - 00000000 ____D C:\Users\tracey\AppData\Local\PokerStars
2013-07-23 23:22 - 2013-07-23 23:21 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-07-23 23:07 - 2013-07-23 23:06 - 18101248 _____ C:\Users\tracey\Downloads\AdobeFlashPlayer_11.8.800.94_NPAPI_SPS.exe
2013-07-19 02:55 - 2013-07-19 02:55 - 00000983 _____ C:\Users\tracey\Desktop\PokerStars.lnk
2013-07-19 02:53 - 2013-07-19 02:53 - 24891184 _____ (PokerStars) C:\Users\tracey\Downloads\PokerStarsInstall.exe
2013-07-17 22:30 - 2013-07-17 22:29 - 01067456 _____ (Solid State Networks) C:\Users\tracey\Downloads\install_flashplayer11x32au_mssa_aaa_aih.exe
2013-07-17 10:28 - 2013-01-24 08:22 - 00000000 ___RD C:\Program Files\Skype
2013-07-16 10:04 - 2010-02-23 04:14 - 00000000 ____D C:\Windows\System32\Adobe

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-08-08 00:31:29
Restore point made on: 2013-08-12 22:53:40

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 3839.24 MB
Available physical RAM: 3302.66 MB
Total Pagefile: 3837.52 MB
Available Pagefile: 3313.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.13 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:910.41 GB) (Free:658.48 GB) NTFS
Drive e: (Recover) (Fixed) (Total:20 GB) (Free:9.4 GB) NTFS
Drive h: (LOCAL DISK) (Fixed) (Total:465.76 GB) (Free:426.12 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 7ECEE270)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=910 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 2 (Size: 466 GB) (Disk ID: 12345678)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)


LastRegBack: 2013-08-11 23:51

==================== End Of Log ============================



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:49 AM

Posted 14 August 2013 - 07:14 PM

How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 traceygl

traceygl
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 15 August 2013 - 01:49 AM

I havent had any virus warning from my antivirus but i am still getting the command box with task engine in still

Also there is a file that my antivirus directed me to a while back that still remains on my computer . If i try to delete it explorer,exe immediatly stops working

The file path is C:\Program Files\Google\Desktop\Install\ol



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:49 AM

Posted 15 August 2013 - 05:35 PM

Dont delete that file if it is not affecting your machine and your antivirus is not detecting it now.'
 
 
 
1.
Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    Run%20as%20admin.png
  • Click the Delete button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.
 
 
2.
  • Download Malwarebytes Anti-Rootkit from HERE

      
  • Unzip the contents to a folder in a convenient location.
      
  • Open the folder where the contents were unzipped and run mbar.exe
      
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
      
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
      
  • Wait while the system shuts down and the cleanup process is performed.
      
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
      
  • When done, please post the two logs produced they will be in the [b]MBAR folder..... mbar-log.txt and system-log.txt
Things to include in your next reply::
AdwCleaner log
mbar-log.txt
system-log.txt
How is your machine running now?

Edited by fireman4it, 15 August 2013 - 05:37 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 traceygl

traceygl
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 16 August 2013 - 06:19 AM

Hi I ran both scans details below. As soon as malwarebytes rootkit began it found something before the scan even started i pressed yes to delete it .

The computer is running ok but I am still getting random command windows popping up and disappearing again real quick. I just manage to catch the word taskeng.exe

 

Adw cleaner log

 

# AdwCleaner v2.306 - Logfile created 08/16/2013 at 07:39:08
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : tracey - TRACEY-PC
# Boot Mode : Normal
# Running from : C:\Users\tracey\Downloads\adwcleaner(1).exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16660

[OK] Registry is clean.

-\\ Mozilla Firefox v23.0 (en-GB)

File : C:\Users\tracey\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js

[OK] File is clean.

File : C:\Users\tracey\AppData\Roaming\Mozilla\Firefox\Profiles\f8qnu8d8.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [25757 octets] - [08/08/2013 09:35:24]
AdwCleaner[R2].txt - [839 octets] - [16/08/2013 07:39:08]
AdwCleaner[S1].txt - [26162 octets] - [08/08/2013 09:37:12]

########## EOF - C:\AdwCleaner[R2].txt - [959 octets] ##########
 

 

mbar log

 

Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org

Database version: v2013.08.16.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
tracey :: TRACEY-PC [administrator]

16/08/2013 07:51:39
mbar-log-2013-08-16 (07-51-39).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 294869
Time elapsed: 2 hour(s), 21 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

system text

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16660

Java version: 1.6.0_18

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.299000 GHz
Memory total: 3488862208, free: 1555283968

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16660

Java version: 1.6.0_18

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.299000 GHz
Memory total: 3488862208, free: 1603014656

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16660

Java version: 1.6.0_18

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.299000 GHz
Memory total: 3488862208, free: 1934561280

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16660

Java version: 1.6.0_18

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.299000 GHz
Memory total: 3488862208, free: 1925935104

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16660

Java version: 1.6.0_18

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.299000 GHz
Memory total: 3488862208, free: 1864724480

Downloaded database version: v2013.08.16.01
Initializing...
------------ Kernel report ------------
     08/16/2013 07:51:30
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\nvstor32.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\NVAMACPI.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\BdSpy.sys
\SystemRoot\system32\DRIVERS\NSKernel.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\NSNetmon.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\afw.sys
\SystemRoot\system32\DRIVERS\afwcore.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\nvsmu.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\Rt86win7.sys
\SystemRoot\system32\DRIVERS\rtl8192se.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\wacomvhid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\WacomVTHid.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\wanatw4.sys
\SystemRoot\system32\DRIVERS\RimSerial.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\mcdbus.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\wacommousefilter.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\dump_nvstor32.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\Drivers\usbaapl.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\NW1950.sys
\SystemRoot\system32\DRIVERS\NWTransLib.sys
\SystemRoot\system32\DRIVERS\hidkmdf.sys
\SystemRoot\system32\DRIVERS\MTConfig.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\Trufos.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\BdNet.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\WinUsb.sys
\SystemRoot\system32\drivers\MSPQM.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\msctf.dll
\Windows\System32\imagehlp.dll
\Windows\System32\setupapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\nsi.dll
\Windows\System32\kernel32.dll
\Windows\System32\psapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\normaliz.dll
\Windows\System32\msvcrt.dll
\Windows\System32\shell32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\imm32.dll
\Windows\System32\iertutil.dll
\Windows\System32\usp10.dll
\Windows\System32\difxapi.dll
\Windows\System32\ole32.dll
\Windows\System32\sechost.dll
\Windows\System32\urlmon.dll
\Windows\System32\wininet.dll
\Windows\System32\user32.dll
\Windows\System32\lpk.dll
\Windows\System32\advapi32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\shlwapi.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8859c6b0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008a\
Lower Device Object: 0xffffffff8857eca8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85978438
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000067\
Lower Device Object: 0xffffffff86790c68
Lower Device Driver Name: \Driver\nvstor32\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85978438, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85978118, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85978438, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff862bf9e0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff86790c68, DeviceName: \Device\00000067\, DriverName: \Driver\nvstor32\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7ECEE270

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 1909272576

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1909479424  Numsec = 41943040

    Partition 3 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1951422464  Numsec = 2099200

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8859c6b0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8859c390, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8859c6b0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8857eca8, DeviceName: \Device\0000008a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
 


Edited by traceygl, 16 August 2013 - 11:49 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users