Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected Virus: All Security and Restore Points Disabled :(


  • Please log in to reply
11 replies to this topic

#1 jwlanky

jwlanky

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 23 March 2014 - 03:00 PM

Hi

 

I have gained an unwanted virus that has disabled all security software (windows and malware antibytes) and im having big trouble ridding it.

 

Any assistance will be greatly appreciated.

 

J


Edited by jwlanky, 23 March 2014 - 03:02 PM.


BC AdBot (Login to Remove)

 


#2 jwlanky

jwlanky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 27 March 2014 - 12:22 PM

Can anyone help?



#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:28 AM

Posted 27 March 2014 - 09:13 PM

Welcome aboard p22002758.gif

 

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size

Click Go and post the result.

p22002970.gif Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

p22002970.gifDownload Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt


p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#4 jwlanky

jwlanky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 28 March 2014 - 02:00 PM

OK, the infected PC is stopping me downloading anything directly from the web - it deletes it once downloaded. So i have downloaded on a clean pc and copied from a USB. The Securitycheck software doesn't run giving the message: Windows cannot access the specified path or file. you may not have the appropriate permission to access the item. I have also tried to run as administrator and get same results.

 

Oh and thanks for the help - its really appreciated!


Edited by jwlanky, 28 March 2014 - 02:16 PM.


#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:28 AM

Posted 28 March 2014 - 05:55 PM

See if you can run other scans


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 jwlanky

jwlanky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 29 March 2014 - 03:07 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by sharon (administrator) on SHARON-PC on 29-03-2014 08:00:17
Running from E:\
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
() c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(GEAR Software) C:\Windows\system32\gearsec.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\sharon\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\sharon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\ProgramData\NT Kernel\NTKernel.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [192512 2009-01-30] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-2189304170-2197824444-2469615566-1001\...\Run: [MusicManager] - C:\Users\sharon\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7382528 2014-03-03] (Google Inc.)
HKU\S-1-5-21-2189304170-2197824444-2469615566-1001\...\Run: [Spotify Web Helper] - C:\Users\sharon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-11] (Spotify Ltd)
HKU\S-1-5-21-2189304170-2197824444-2469615566-1001\...\Winlogon: [Shell] explorer.exe,"C:\ProgramData\NT Kernel\NTKernel.exe" [320000 2014-03-21] (Intel Corporation) <==== ATTENTION 
Startup: C:\Users\sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk
ShortcutTarget: start.lnk -> C:\Users\sharon\hipyt\30650.vbs ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x07CE23F4CE37CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xwztjv0d.default
FF NetworkProxy: "no_proxies_on", "*.local"
FF DefaultSearchEngine: SafeSearch
FF SearchEngineOrder.1: SafeSearch
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\sharon\AppData\Roaming\Mozilla\Firefox\Profiles\mvwx6lc2.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\sharon\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\sharon\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: No Name - C:\Users\sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xwztjv0d.default\Extensions\staged [2014-02-18]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2010-03-19]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-07-26]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-09-03]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-11-21]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-03-01]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-07-20]
FF StartMenuInternet: FIREFOX.EXE - C:\Users\sharon\AppData\Local\Mozilla Firefox\firefox.exe
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig
CHR DefaultSearchKeyword: igoogle.co.uk
CHR DefaultSearchProvider: igoogle.co.uk
CHR DefaultNewTabURL: 
CHR Extension: (Tank Riders) - C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdmmodjlfegeieihcdcgcalkgmhgmiae [2014-03-20]
CHR Extension: (Google Mail Checker) - C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-02-09]
CHR Extension: (Google Wallet) - C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR StartMenuInternet: Google Chrome - C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
R2 gearsec; C:\Windows\system32\gearsec.exe [58952 2005-11-30] (GEAR Software)
R2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376 2012-04-05] (Acer Incorporated)
R2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S2 AdvancedSystemCareService5; C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe [X]
S2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [X]
S3 KiesAllShare; C:\Program Files\Samsung\Kies\WiselinkPro\WiselinkPro.exe [X]
R2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [X]
S3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-03-23] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7087616 2011-01-19] (Intel Corporation)
S3 RT-USB; C:\Windows\System32\drivers\RT-USB.SYS [58880 2009-05-22] (Ross-Tech LLC)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2010-11-26] ()
S3 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [7168 2009-11-12] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\sharon\AppData\Local\Temp\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 FileMonitor; \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [X]
S3 flash; \??\C:\Users\sharon\AppData\Local\Temp\Rar$EX09.250\BIOS_Acer_1.34_Windows\Winflash32\flash.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 RegFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [X]
S3 UrlFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-29 07:59 - 2014-03-29 08:00 - 00000000 ____D () C:\FRST
2014-03-28 18:55 - 2014-03-28 18:49 - 00987448 _____ () C:\Users\sharon\Desktop\SecurityCheck (1).exe
2014-03-24 15:49 - 2014-03-24 15:49 - 00001296 _____ () C:\Users\sharon\Desktop\Horizon.lnk
2014-03-24 15:44 - 2014-03-24 15:44 - 00000000 ____D () C:\Users\sharon\Desktop\GTAV Backups
2014-03-23 19:40 - 2014-03-23 19:40 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-03-23 19:38 - 2014-03-23 19:38 - 00022182 _____ () C:\ComboFix.txt
2014-03-23 19:18 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-23 19:18 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-23 19:18 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-23 19:18 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-23 19:18 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-23 19:18 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-23 19:18 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-23 19:18 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-23 19:13 - 2014-03-23 19:38 - 00000000 ____D () C:\Qoobox
2014-03-23 19:13 - 2014-03-23 19:36 - 00000000 ____D () C:\Windows\erdnt
2014-03-23 19:03 - 2014-03-23 19:06 - 00000000 ____D () C:\AdwCleaner
2014-03-23 18:38 - 2014-03-23 18:38 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware2
2014-03-23 18:37 - 2014-03-23 18:37 - 00000000 __SHD () C:\Windows\system32\NT Kernel
2014-03-23 18:28 - 2014-03-23 18:27 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-23 18:27 - 2014-03-23 18:27 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-23 18:27 - 2014-03-23 18:27 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-23 18:27 - 2014-03-23 18:27 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-03-23 18:26 - 2014-03-23 18:26 - 00921000 _____ (Oracle Corporation) C:\Users\sharon\Downloads\chromeinstall-7u51 (1).exe
2014-03-23 18:10 - 2014-03-23 18:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\sharon\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-23 09:20 - 2014-03-23 09:20 - 00000656 _____ () C:\Users\sharon\Documents\Vigero.GTAVV
2014-03-23 09:19 - 2014-03-23 09:19 - 00000656 _____ () C:\Users\sharon\Documents\Sabre Turbo.GTAVV
2014-03-22 22:30 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-03-22 22:29 - 2014-03-22 22:30 - 00000000 ____D () C:\Program Files\Microsoft Games for Windows - LIVE
2014-03-22 22:29 - 2014-03-22 22:29 - 00000000 ____D () C:\Windows\system32\xlive
2014-03-22 21:41 - 2014-03-22 21:41 - 00000000 ____D () C:\Users\sharon\AppData\Local\Rockstar Games
2014-03-22 21:38 - 2014-03-22 21:38 - 00000000 ____D () C:\Program Files\Rockstar Games
2014-03-22 21:01 - 2014-03-22 21:01 - 00000000 ____D () C:\Users\sharon\AppData\Local\CrashRpt
2014-03-22 16:19 - 2014-03-23 18:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-22 13:54 - 2014-03-22 13:54 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-03-22 11:24 - 2014-03-23 18:25 - 00000000 ____D () C:\Users\sharon\AppData\Local\Deployment
2014-03-22 11:24 - 2014-03-22 11:24 - 00000000 ____D () C:\Users\sharon\AppData\Local\Apps\2.0
2014-03-21 22:26 - 2014-03-21 22:26 - 00000000 __SHD () C:\ProgramData\NT Kernel
2014-03-17 20:12 - 2011-11-23 17:06 - 01197341 _____ () C:\Users\sharon\Desktop\dd.exe
2014-03-16 12:16 - 2014-03-16 12:16 - 00188416 _____ () C:\Users\sharon\Documents\MW2
2014-03-16 12:11 - 2014-03-16 12:11 - 00061440 _____ () C:\Users\sharon\Documents\ContentCache.pkg
2014-03-16 12:06 - 2014-03-16 12:06 - 00909312 _____ () C:\Users\sharon\Documents\savegameMW2
2014-03-16 12:06 - 2014-03-16 12:06 - 00000000 ____D () C:\Users\sharon\Documents\00000001
2014-03-16 12:05 - 2014-03-16 12:05 - 00000000 ____D () C:\Users\sharon\Documents\MW2 SAVE GAME
2014-03-16 12:01 - 2014-03-16 12:01 - 00909312 _____ () C:\Users\sharon\Documents\savegame MW2
2014-03-15 12:02 - 2014-03-15 12:02 - 00000000 ____D () C:\Program Files\SearchProtect
2014-03-13 18:11 - 2014-03-01 04:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 18:11 - 2014-03-01 04:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 18:11 - 2014-03-01 04:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 18:11 - 2014-03-01 03:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 18:11 - 2014-03-01 03:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 18:11 - 2014-03-01 03:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 18:11 - 2014-03-01 03:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 18:11 - 2014-03-01 03:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 18:11 - 2014-03-01 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 18:11 - 2014-03-01 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 18:11 - 2014-03-01 03:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 18:11 - 2014-03-01 03:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 18:11 - 2014-03-01 03:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 18:11 - 2014-03-01 03:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 18:11 - 2014-03-01 03:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 18:11 - 2014-03-01 03:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 18:11 - 2014-03-01 03:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 18:11 - 2014-03-01 03:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 18:11 - 2014-03-01 02:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 18:11 - 2014-03-01 02:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 18:11 - 2014-03-01 02:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 18:11 - 2014-03-01 02:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 18:11 - 2014-02-04 02:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 18:10 - 2014-02-07 01:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 18:10 - 2014-02-04 02:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 18:10 - 2014-01-29 02:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 18:10 - 2014-01-28 02:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-11 18:49 - 2014-03-11 18:50 - 13026816 _____ () C:\Users\sharon\Documents\common (10) (11) (1) (1).rpf
2014-03-10 19:56 - 2014-03-29 08:00 - 00455768 _____ () C:\Users\sharon\AppData\Roaming\msconfig.ini
2014-03-09 09:55 - 2014-03-09 09:55 - 00000000 ____D () C:\Users\sharon\AppData\Local\Sonos,_Inc
2014-03-09 09:53 - 2014-03-09 09:53 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-09 09:52 - 2014-03-09 09:53 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-09 09:52 - 2014-03-09 09:53 - 00000000 ____D () C:\Program Files\iTunes
2014-03-09 09:52 - 2014-03-09 09:52 - 00000000 ____D () C:\Program Files\iPod
2014-03-09 09:45 - 2014-03-09 09:45 - 00001952 _____ () C:\Users\Public\Desktop\Sonos.lnk
2014-03-09 09:45 - 2014-03-09 09:45 - 00000000 ____D () C:\Program Files\Sonos
2014-03-09 09:44 - 2014-03-28 06:56 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2014-03-09 09:40 - 2014-03-09 09:40 - 00001856 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-09 09:38 - 2014-03-09 09:40 - 00000000 ____D () C:\Program Files\QuickTime
2014-03-08 17:12 - 2014-03-08 17:14 - 00000000 ____D () C:\Users\sharon\Desktop\world
2014-03-08 15:18 - 2014-03-08 15:18 - 00000000 ____D () C:\Users\sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2014-03-08 14:46 - 2014-03-22 22:55 - 00000000 ____D () C:\Users\sharon\AppData\Roaming\.minecraft
2014-03-08 11:05 - 2014-03-09 09:49 - 00000000 ____D () C:\Users\sharon\AppData\Roaming\Open Download Manager
2014-03-08 11:05 - 2014-03-08 11:05 - 00001070 _____ () C:\Users\Mcx1-SHARON-PC\Desktop\OpenDownloaderManager.lnk
2014-03-08 10:37 - 2014-03-06 15:50 - 00000056 _____ () C:\Users\sharon\Desktop\Read Me!.url
2014-03-08 09:39 - 2014-03-08 09:39 - 00000656 _____ () C:\Users\sharon\Documents\Rumpo.GTAVV
2014-03-08 08:16 - 2014-03-08 08:16 - 03621916 _____ () C:\Users\sharon\Documents\Minecraft_Gift_Cods_Gnrtor_Updated_Version.rar
2014-03-07 22:01 - 2014-03-07 22:02 - 00011776 ___SH () C:\Users\sharon\Documents\Thumbs.db
2014-03-07 22:00 - 2014-03-07 22:00 - 00008906 _____ () C:\Users\sharon\Documents\profile.htm
2014-03-07 21:07 - 2014-03-09 09:52 - 00000258 __RSH () C:\Users\sharon\ntuser.pol
2014-03-07 21:07 - 2014-03-08 11:25 - 00000000 ____D () C:\Users\sharon\Documents\Add-in Express
2014-03-07 21:06 - 2014-03-07 21:06 - 00000000 ____D () C:\Users\sharon\AppData\Local\SoftPlanet
2014-03-07 20:52 - 2014-03-07 21:07 - 00000000 ____D () C:\Program Files\Minecraft
2014-03-07 20:52 - 2014-03-07 20:52 - 00000000 ____D () C:\Users\sharon\AppData\Roaming\1H1Q
2014-03-07 17:59 - 2014-03-07 17:59 - 04964352 _____ () C:\Users\sharon\Documents\my custum theme
2014-03-06 20:46 - 2014-03-06 20:47 - 00000000 ____D () C:\Users\sharon\AppData\Roaming\PC-Gizmos
2014-03-06 16:06 - 2014-03-06 16:06 - 00000656 _____ () C:\Users\sharon\Documents\Comet.GTAVV
2014-03-04 17:05 - 2014-03-04 17:06 - 09103263 _____ (XB36Hazard) C:\Users\sharon\Documents\gta 5 mods.exe
2014-03-02 12:16 - 2014-03-09 09:52 - 00000000 ____D () C:\Users\sharon\AppData\Roaming\uTorrent
2014-03-02 11:39 - 2014-03-02 11:39 - 00008414 _____ () C:\Users\sharon\Documents\XGD2DVD_NTSC.MDS
2014-03-02 11:38 - 2014-03-02 11:38 - 05578752 _____ () C:\Users\sharon\Documents\XGD2DVD_NTSC.ISO
2014-03-01 22:51 - 2014-03-02 11:39 - 00000000 ____D () C:\Users\sharon\AppData\Roaming\ImgBurn
2014-03-01 22:50 - 2014-03-01 22:50 - 00000000 ____D () C:\Program Files\ImgBurn
 
==================== One Month Modified Files and Folders =======
 
2014-03-29 08:00 - 2014-03-29 07:59 - 00000000 ____D () C:\FRST
2014-03-29 08:00 - 2014-03-10 19:56 - 00455768 _____ () C:\Users\sharon\AppData\Roaming\msconfig.ini
2014-03-29 04:16 - 2010-01-26 03:20 - 01555087 _____ () C:\Windows\WindowsUpdate.log
2014-03-28 19:51 - 2010-01-25 19:44 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-28 18:56 - 2009-07-14 04:34 - 00014832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 18:56 - 2009-07-14 04:34 - 00014832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 18:49 - 2014-03-28 18:55 - 00987448 _____ () C:\Users\sharon\Desktop\SecurityCheck (1).exe
2014-03-28 18:49 - 2013-11-20 19:35 - 00006554 _____ () C:\Windows\setupact.log
2014-03-28 18:49 - 2012-05-09 17:50 - 00000000 ____D () C:\Users\sharon\AppData\Roaming\Dropbox
2014-03-28 06:56 - 2014-03-09 09:44 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2014-03-25 11:59 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-24 15:49 - 2014-03-24 15:49 - 00001296 _____ () C:\Users\sharon\Desktop\Horizon.lnk
2014-03-24 15:44 - 2014-03-24 15:44 - 00000000 ____D () C:\Users\sharon\Desktop\GTAV Backups
2014-03-23 19:40 - 2014-03-23 19:40 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-03-23 19:38 - 2014-03-23 19:38 - 00022182 _____ () C:\ComboFix.txt
2014-03-23 19:38 - 2014-03-23 19:13 - 00000000 ____D () C:\Qoobox
2014-03-23 19:38 - 2009-07-14 02:37 - 00000000 __RHD () C:\Users\Default
2014-03-23 19:38 - 2009-07-14 02:37 - 00000000 ___RD () C:\Users\Public
2014-03-23 19:36 - 2014-03-23 19:13 - 00000000 ____D () C:\Windows\erdnt
2014-03-23 19:31 - 2009-07-14 02:04 - 00000215 _____ () C:\Windows\system.ini
2014-03-23 19:30 - 2013-11-20 19:35 - 00148020 _____ () C:\Windows\PFRO.log
2014-03-23 19:06 - 2014-03-23 19:03 - 00000000 ____D () C:\AdwCleaner
2014-03-23 18:38 - 2014-03-23 18:38 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware2
2014-03-23 18:37 - 2014-03-23 18:37 - 00000000 __SHD () C:\Windows\system32\NT Kernel
2014-03-23 18:28 - 2014-03-22 16:19 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-23 18:27 - 2014-03-23 18:28 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-23 18:27 - 2014-03-23 18:27 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-23 18:27 - 2014-03-23 18:27 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-23 18:27 - 2014-03-23 18:27 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-03-23 18:26 - 2014-03-23 18:26 - 00921000 _____ (Oracle Corporation) C:\Users\sharon\Downloads\chromeinstall-7u51 (1).exe
2014-03-23 18:26 - 2011-03-24 07:16 - 00000000 ____D () C:\Users\sharon\AppData\Local\Mozilla Firefox
2014-03-23 18:26 - 2010-03-10 09:25 - 00000000 ___RD () C:\Program Files\Skype
2014-03-23 18:25 - 2014-03-22 11:24 - 00000000 ____D () C:\Users\sharon\AppData\Local\Deployment
2014-03-23 18:10 - 2014-03-23 18:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\sharon\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-23 17:58 - 2010-03-10 09:25 - 00000000 ____D () C:\Users\sharon\AppData\Roaming\Skype
2014-03-23 17:57 - 2010-02-23 16:30 - 00000000 ____D () C:\Users\sharon\AppData\Roaming\Spotify
2014-03-23 10:13 - 2013-11-21 20:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-23 10:01 - 2011-03-13 11:11 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2189304170-2197824444-2469615566-1001UA.job
2014-03-23 09:55 - 2010-03-26 20:07 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-23 09:20 - 2014-03-23 09:20 - 00000656 _____ () C:\Users\sharon\Documents\Vigero.GTAVV
2014-03-23 09:19 - 2014-03-23 09:19 - 00000656 _____ () C:\Users\sharon\Documents\Sabre Turbo.GTAVV
2014-03-22 23:01 - 2011-03-13 11:11 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2189304170-2197824444-2469615566-1001Core.job
2014-03-22 22:55 - 2014-03-08 14:46 - 00000000 ____D () C:\Users\sharon\AppData\Roaming\.minecraft
2014-03-22 22:37 - 2010-03-26 20:07 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-22 22:37 - 2009-07-14 04:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-22 22:30 - 2014-03-22 22:29 - 00000000 ____D () C:\Program Files\Microsoft Games for Windows - LIVE
2014-03-22 22:29 - 2014-03-22 22:29 - 00000000 ____D () C:\Windows\system32\xlive
2014-03-22 21:41 - 2014-03-22 21:41 - 00000000 ____D () C:\Users\sharon\AppData\Local\Rockstar Games
2014-03-22 21:38 - 2014-03-22 21:38 - 00000000 ____D () C:\Program Files\Rockstar Games
2014-03-22 21:01 - 2014-03-22 21:01 - 00000000 ____D () C:\Users\sharon\AppData\Local\CrashRpt
2014-03-22 13:54 - 2014-03-22 13:54 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-03-22 11:24 - 2014-03-22 11:24 - 00000000 ____D () C:\Users\sharon\AppData\Local\Apps\2.0
2014-03-21 22:27 - 2014-01-31 21:15 - 00000000 __SHD () C:\ProgramData\{$1284-9213-2940-1289$}
2014-03-21 22:26 - 2014-03-21 22:26 - 00000000 __SHD () C:\ProgramData\NT Kernel
2014-03-21 19:08 - 2010-02-23 16:30 - 00000000 ____D () C:\Users\sharon\AppData\Local\Spotify
2014-03-19 07:14 - 2013-09-02 02:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 07:10 - 2010-01-25 20:50 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-16 12:16 - 2014-03-16 12:16 - 00188416 _____ () C:\Users\sharon\Documents\MW2
2014-03-16 12:11 - 2014-03-16 12:11 - 00061440 _____ () C:\Users\sharon\Documents\ContentCache.pkg
2014-03-16 12:06 - 2014-03-16 12:06 - 00909312 _____ () C:\Users\sharon\Documents\savegameMW2
2014-03-16 12:06 - 2014-03-16 12:06 - 00000000 ____D () C:\Users\sharon\Documents\00000001
2014-03-16 12:05 - 2014-03-16 12:05 - 00000000 ____D () C:\Users\sharon\Documents\MW2 SAVE GAME
2014-03-16 12:01 - 2014-03-16 12:01 - 00909312 _____ () C:\Users\sharon\Documents\savegame MW2
2014-03-15 12:02 - 2014-03-15 12:02 - 00000000 ____D () C:\Program Files\SearchProtect
2014-03-15 08:32 - 2014-01-31 21:14 - 00000000 _RSHD () C:\Users\sharon\hipyt
2014-03-14 03:19 - 2009-07-14 04:33 - 00431896 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 03:17 - 2010-01-25 20:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 17:13 - 2012-05-16 17:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-12 17:13 - 2011-07-05 06:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 18:50 - 2014-03-11 18:49 - 13026816 _____ () C:\Users\sharon\Documents\common (10) (11) (1) (1).rpf
2014-03-09 09:55 - 2014-03-09 09:55 - 00000000 ____D () C:\Users\sharon\AppData\Local\Sonos,_Inc
2014-03-09 09:53 - 2014-03-09 09:53 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-09 09:53 - 2014-03-09 09:52 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-09 09:53 - 2014-03-09 09:52 - 00000000 ____D () C:\Program Files\iTunes
2014-03-09 09:52 - 2014-03-09 09:52 - 00000000 ____D () C:\Program Files\iPod
2014-03-09 09:52 - 2014-03-07 21:07 - 00000258 __RSH () C:\Users\sharon\ntuser.pol
2014-03-09 09:52 - 2014-03-02 12:16 - 00000000 ____D () C:\Users\sharon\AppData\Roaming\uTorrent
2014-03-09 09:52 - 2010-01-25 20:25 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-09 09:52 - 2010-01-25 19:39 - 00000000 ____D () C:\Users\sharon
2014-03-09 09:49 - 2014-03-08 11:05 - 00000000 ____D () C:\Users\sharon\AppData\Roaming\Open Download Manager
2014-03-09 09:45 - 2014-03-09 09:45 - 00001952 _____ () C:\Users\Public\Desktop\Sonos.lnk
2014-03-09 09:45 - 2014-03-09 09:45 - 00000000 ____D () C:\Program Files\Sonos
2014-03-09 09:44 - 2010-07-21 06:30 - 00000000 ____D () C:\Users\sharon\AppData\Local\Downloaded Installations
2014-03-09 09:40 - 2014-03-09 09:40 - 00001856 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-09 09:40 - 2014-03-09 09:38 - 00000000 ____D () C:\Program Files\QuickTime
2014-03-08 17:14 - 2014-03-08 17:12 - 00000000 ____D () C:\Users\sharon\Desktop\world
2014-03-08 15:18 - 2014-03-08 15:18 - 00000000 ____D () C:\Users\sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2014-03-08 11:25 - 2014-03-07 21:07 - 00000000 ____D () C:\Users\sharon\Documents\Add-in Express
2014-03-08 11:05 - 2014-03-08 11:05 - 00001070 _____ () C:\Users\Mcx1-SHARON-PC\Desktop\OpenDownloaderManager.lnk
2014-03-08 09:39 - 2014-03-08 09:39 - 00000656 _____ () C:\Users\sharon\Documents\Rumpo.GTAVV
2014-03-08 08:16 - 2014-03-08 08:16 - 03621916 _____ () C:\Users\sharon\Documents\Minecraft_Gift_Cods_Gnrtor_Updated_Version.rar
2014-03-07 22:02 - 2014-03-07 22:01 - 00011776 ___SH () C:\Users\sharon\Documents\Thumbs.db
2014-03-07 22:00 - 2014-03-07 22:00 - 00008906 _____ () C:\Users\sharon\Documents\profile.htm
2014-03-07 21:07 - 2014-03-07 20:52 - 00000000 ____D () C:\Program Files\Minecraft
2014-03-07 21:06 - 2014-03-07 21:06 - 00000000 ____D () C:\Users\sharon\AppData\Local\SoftPlanet
2014-03-07 20:52 - 2014-03-07 20:52 - 00000000 ____D () C:\Users\sharon\AppData\Roaming\1H1Q
2014-03-07 17:59 - 2014-03-07 17:59 - 04964352 _____ () C:\Users\sharon\Documents\my custum theme
2014-03-07 17:46 - 2014-02-19 10:19 - 00606208 _____ () C:\Users\sharon\Documents\SGTA50002
2014-03-06 20:47 - 2014-03-06 20:46 - 00000000 ____D () C:\Users\sharon\AppData\Roaming\PC-Gizmos
2014-03-06 16:06 - 2014-03-06 16:06 - 00000656 _____ () C:\Users\sharon\Documents\Comet.GTAVV
2014-03-06 15:50 - 2014-03-08 10:37 - 00000056 _____ () C:\Users\sharon\Desktop\Read Me!.url
2014-03-04 17:06 - 2014-03-04 17:05 - 09103263 _____ (XB36Hazard) C:\Users\sharon\Documents\gta 5 mods.exe
2014-03-02 11:39 - 2014-03-02 11:39 - 00008414 _____ () C:\Users\sharon\Documents\XGD2DVD_NTSC.MDS
2014-03-02 11:39 - 2014-03-01 22:51 - 00000000 ____D () C:\Users\sharon\AppData\Roaming\ImgBurn
2014-03-02 11:38 - 2014-03-02 11:38 - 05578752 _____ () C:\Users\sharon\Documents\XGD2DVD_NTSC.ISO
2014-03-01 22:50 - 2014-03-01 22:50 - 00000000 ____D () C:\Program Files\ImgBurn
2014-03-01 04:30 - 2014-03-13 18:11 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 04:11 - 2014-03-13 18:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 04:10 - 2014-03-13 18:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 03:52 - 2014-03-13 18:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 03:51 - 2014-03-13 18:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 03:47 - 2014-03-13 18:11 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 03:43 - 2014-03-13 18:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 03:43 - 2014-03-13 18:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 03:40 - 2014-03-13 18:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 03:38 - 2014-03-13 18:11 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 03:38 - 2014-03-13 18:11 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 03:37 - 2014-03-13 18:11 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 03:31 - 2014-03-13 18:11 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 03:25 - 2014-03-13 18:11 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 03:16 - 2014-03-13 18:11 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 03:14 - 2014-03-13 18:11 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 03:03 - 2014-03-13 18:11 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 03:00 - 2014-03-13 18:11 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 02:57 - 2014-03-13 18:11 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 02:32 - 2014-03-13 18:11 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 02:27 - 2014-03-13 18:11 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 02:25 - 2014-03-13 18:11 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-27 03:08 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\Microsoft.NET
 
Files to move or delete:
====================
C:\Users\sharon\AppData\Roaming\msconfig.ini
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-20 08:15
 
==================== End Of Log ============================


#7 jwlanky

jwlanky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 29 March 2014 - 03:34 AM

DELETED


Edited by jwlanky, 29 March 2014 - 11:43 AM.


#8 jwlanky

jwlanky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 29 March 2014 - 03:37 AM

Malware antibytes wont intsall / run. It was installed previously before infected.



#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:28 AM

Posted 29 March 2014 - 11:39 AM

I didn't ask for Farbar Recovery Scan Tool (FRST) log. It's not allowed in this forum.

Please remove it from your post.

 

You'll need elevated help.

 

Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 jwlanky

jwlanky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 29 March 2014 - 11:50 AM

Thanks - farbar post deleted.



#11 jwlanky

jwlanky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 29 March 2014 - 11:58 AM

New post started here as advised.



#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:28 AM

Posted 29 March 2014 - 12:06 PM

p22003888.gif


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users