wward2005

Members

View Profile See their activity

Posts
17
Joined
June 15, 2013
Last visited
June 17, 2013

Reputation

0 Neutral

What is happening? Help!

wward2005 replied to wward2005's topic in Resolved Malware Removal Logs

I did everything as you said. Only, when it tried to uninstall ComboFix, it said it did not exist. I also searched for combofix.exe and nothing came up in the search. I do remember being instructed to use it for a previous computer issue, so I'm not sure if it has been deleted? Also, regarding DeFogger, I'm not even sure what that is. Thank you for all your help!
- June 16, 2013
- 33 replies
What is happening? Help!

wward2005 replied to wward2005's topic in Resolved Malware Removal Logs

# AdwCleaner v2.303 - Logfile created 06/16/2013 at 11:29:49 # Updated 08/06/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (64 bits) # User : Will - WILL-PC # Boot Mode : Normal # Running from : C:\Users\Will\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search Deleted on reboot : C:\Program Files (x86)\Common Files\Software Update Utility Deleted on reboot : C:\Program Files (x86)\Conduit Deleted on reboot : C:\Program Files (x86)\Playbryte Deleted on reboot : C:\Program Files (x86)\registry mechanic Deleted on reboot : C:\Program Files (x86)\Wondershare Deleted on reboot : C:\Program Files\Babylon Deleted on reboot : C:\ProgramData\AVG Secure Search Deleted on reboot : C:\ProgramData\visualbee Deleted on reboot : C:\Users\Will\AppData\Local\visualbeeexe Deleted on reboot : C:\Users\Will\AppData\Local\Wondershare Deleted on reboot : C:\Users\Will\AppData\LocalLow\boost_interprocess Deleted on reboot : C:\Users\Will\AppData\Roaming\registry mechanic ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3} Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16490 [OK] Registry is clean. -\\ Mozilla Firefox v21.0 (en-US) File : C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\0gditjn5.default\prefs.js [OK] File is clean. -\\ Google Chrome v27.0.1453.110 File : C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [13029 octets] - [04/02/2013 10:56:41] AdwCleaner[R2].txt - [2019 octets] - [16/06/2013 10:45:13] AdwCleaner[R3].txt - [2079 octets] - [16/06/2013 11:17:38] AdwCleaner[s1].txt - [12362 octets] - [04/02/2013 10:57:51] AdwCleaner[s2].txt - [2081 octets] - [16/06/2013 11:29:49] ########## EOF - C:\AdwCleaner[s2].txt - [2141 octets] ########## Results of screen317's Security Check version 0.99.64 Windows Vista Service Pack 2 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Firewall Disabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 13 Java 7 Update 21 Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.6.602.180 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox (21.0) Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.94 ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSASCui.exe McAfee VirusScan Enterprise x64 McShield.exe McAfee VirusScan Enterprise VsTskMgr.exe Windows Defender MSASCui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1 % ````````````````````End of Log``````````````````````
- June 16, 2013
- 33 replies
What is happening? Help!

wward2005 replied to wward2005's topic in Resolved Malware Removal Logs

Computer is running just fine. However, I have not rebooted/restarted since I was able to get it up and running in normal mode. Guess I'm afraid of what may happen lol Hopefully nothing. Here's the AdwClearner log: # AdwCleaner v2.303 - Logfile created 06/16/2013 at 10:45:13 # Updated 08/06/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (64 bits) # User : Will - WILL-PC # Boot Mode : Normal # Running from : C:\Users\Will\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\Playbryte Folder Found : C:\Program Files (x86)\registry mechanic Folder Found : C:\Program Files (x86)\Wondershare Folder Found : C:\Program Files\Babylon Folder Found : C:\ProgramData\AVG Secure Search Folder Found : C:\ProgramData\visualbee Folder Found : C:\Users\Will\AppData\Local\visualbeeexe Folder Found : C:\Users\Will\AppData\Local\Wondershare Folder Found : C:\Users\Will\AppData\LocalLow\boost_interprocess Folder Found : C:\Users\Will\AppData\Roaming\registry mechanic ***** [Registry] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3} Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16490 [OK] Registry is clean. -\\ Mozilla Firefox v21.0 (en-US) File : C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\0gditjn5.default\prefs.js [OK] File is clean. -\\ Google Chrome v27.0.1453.110 File : C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [13029 octets] - [04/02/2013 10:56:41] AdwCleaner[R2].txt - [1829 octets] - [16/06/2013 10:45:13] AdwCleaner[s1].txt - [12362 octets] - [04/02/2013 10:57:51] ########## EOF - C:\AdwCleaner[R2].txt - [1950 octets] ##########
- June 16, 2013
- 33 replies
What is happening? Help!

wward2005 replied to wward2005's topic in Resolved Malware Removal Logs

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-06-2013 Ran by Will at 2013-06-16 10:38:04 Run:2 Running from C:\Users\Will\Desktop\frst Boot Mode: Normal ============================================== Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll Winsock: Catalog5-x64 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll Winsock: Catalog5-x64 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll ==== End of Fixlog ====
- June 16, 2013
- 33 replies
What is happening? Help!

wward2005 replied to wward2005's topic in Resolved Malware Removal Logs

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013 Ran by Will (administrator) on 15-06-2013 23:22:52 Running from C:\Users\Will\Desktop\frst Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe (AMD) C:\Windows\system32\atieclxx.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe (Dell Inc.) c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe (SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe () C:\Program Files (x86)\Winamp\winampa.exe (Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe (Malwarebytes Corporation) C:\Users\Will\Desktop\mbar-1.06.0.1003\mbar\mbar.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1657128 2008-11-21] (Synaptics, Inc.) HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [2041112 2008-09-26] (Dell Inc.) HKLM\...\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [462848 2009-03-30] (IDT, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-06-16] (Adobe Systems Incorporated) HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation) HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [560128 2010-09-23] (Dell) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X] HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation) HKCU\...\Run: [Google Update] "C:\Users\Will\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-03-23] (Google Inc.) HKCU\...\Run: [boxoft Tools] "C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun [514048 2010-12-15] () HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [560128 2010-09-23] (Dell) MountPoints2: F - F:\SETUP.EXE MountPoints2: {e1cb7f5b-d35b-11e1-8dc6-002219f3e455} - G:\LaunchU3.exe -a HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2009-04-22] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [250192 2009-04-24] (Microsoft Corporation) HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [37888 2009-07-01] () HKLM-x32\...\Run: [FATrayAlert] "C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [95488 2008-09-05] (Sensible Vision ) HKLM-x32\...\Run: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2009-05-21] (SupportSoft, Inc.) HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] () HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-11-13] (Apple Inc.) HKLM-x32\...\Run: [FAStartup] [x] HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKCU - {11DE8208-B6DD-468F-ABF5-0BEABFEAB21E} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} SearchScopes: HKCU - {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = Playbryte-fa-outbrowse/search/redirect/?type=default&user_id=191ef893-289b-4bc3-b290-d1b912639f5c&query={searchTerms} BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\Scriptcl.dll (McAfee, Inc.) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: FAIESSOHelper Class - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision ) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File DPF: HKLM-x32 {7823A620-9DD9-11CF-A662-00AA00C066D2} https://athenanet.athenahealth.com/static_20121031_wward2/iemenu.cab DPF: HKLM-x32 {832B4EED-7115-41CB-9A87-993F5C1545E4} https://athenanet.athenahealth.com/static_20121031_wward2/LibCheck.CAB Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\0gditjn5.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: DownloadHelper - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\0gditjn5.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Users\Will\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Will\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Will\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll () CHR Plugin: (Java Platform SE 6 U13) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No File CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No File CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (YouTube) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Pinterest Right Click) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebnlmphodejhpeoplgojlbgcekfopfjo\0.92_0 CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0 CHR Extension: (Gmail) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 ==================== Services (Whitelisted) ================= S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2009-09-22] (Adobe Systems) R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated) S2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [104000 2006-11-17] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.) R2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [153664 2006-11-30] (McAfee, Inc.) R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [54872 2006-11-30] (McAfee, Inc.) R2 vToolbarUpdater; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [909152 2012-03-22] () S2 RoxLiveShare; "C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe" [x] S3 RoxMediaDB; "C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe" [x] S2 RoxWatch; "C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe" [x] ==================== Drivers (Whitelisted) ==================== S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare) R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-06-15] () R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-06-15] () R3 mbamswissarmy; C:\Windows\system32\drivers\mbamswissarmy.sys [162008 2013-06-15] (Malwarebytes Corporation) R3 mbamswissarmy; C:\Windows\system32\drivers\mbamswissarmy.sys [162008 2013-06-15] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [80200 2006-11-30] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [92488 2006-11-30] (McAfee, Inc.) R3 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [246344 2006-11-30] (McAfee, Inc.) S1 mferkdk; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mferkdk.sys [38600 2006-11-30] (McAfee, Inc.) S1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [67144 2006-11-30] (McAfee, Inc.) S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2009-09-25] (Printing Communications Assoc., Inc. (PCAUSA)) S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd) R3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [31880 2009-09-25] () S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [16896 2009-09-25] (LG Electronics Inc.) S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2009-09-25] (LG Electronics Inc.) S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [29696 2009-09-25] (LG Electronics Inc.) S3 catchme; \??\C:\ComboFix-1\catchme.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-15 22:57 - 2013-06-15 22:57 - 00162008 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys 2013-06-15 22:57 - 2013-06-15 22:57 - 00036680 ____A C:\Windows\System32\Drivers\mbamchameleon.sys 2013-06-15 20:37 - 2013-06-15 20:37 - 00000000 ____D C:\FRST 2013-06-15 20:36 - 2013-06-15 23:22 - 00000000 ____D C:\Users\Will\Desktop\frst 2013-06-15 20:03 - 2013-06-15 20:03 - 00001624 ____A C:\Users\Will\Desktop\aswMBR.txt 2013-06-15 20:03 - 2013-06-15 20:03 - 00000512 ____A C:\Users\Will\Desktop\MBR.dat 2013-06-15 20:01 - 2013-06-15 20:02 - 04745728 ____A (AVAST Software) C:\Users\Will\Desktop\aswMBR.exe 2013-06-15 19:29 - 2013-06-15 19:29 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\41336173.sys 2013-06-15 19:25 - 2013-06-15 19:25 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\26756189.sys 2013-06-15 18:40 - 2013-06-15 18:40 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\45168068.sys 2013-06-15 18:36 - 2013-06-15 18:36 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Will\Desktop\tdsskiller.exe 2013-06-15 18:27 - 2013-06-15 18:28 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Will\Desktop\mbam-setup-1.75.0.1300.exe 2013-06-15 14:49 - 2013-06-15 23:01 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-06-15 14:47 - 2013-06-15 14:47 - 00000000 ____D C:\Users\Will\Desktop\mbar-1.06.0.1003 2013-06-15 14:44 - 2013-06-15 14:44 - 13169742 ____A C:\Users\Will\Desktop\mbar-1.06.0.1003.zip 2013-06-15 14:34 - 2013-06-15 22:42 - 00000000 ____D C:\Users\Will\Desktop\RK_Quarantine 2013-06-15 14:27 - 2013-06-15 14:27 - 03748864 ____A C:\Users\Will\Desktop\RogueKillerX64.exe 2013-06-15 13:54 - 2013-06-15 13:54 - 00688992 ____R (Swearware) C:\Users\Will\Desktop\dds.scr 2013-06-15 03:03 - 2013-05-16 22:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-15 03:03 - 2013-05-16 22:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-15 03:03 - 2013-05-16 18:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-15 03:03 - 2013-05-16 18:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-15 03:03 - 2013-05-16 18:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-15 03:02 - 2013-05-17 00:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-15 03:02 - 2013-05-16 23:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-15 03:02 - 2013-05-16 23:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-15 03:02 - 2013-05-16 23:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-15 03:02 - 2013-05-16 23:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-15 03:02 - 2013-05-16 23:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-15 03:02 - 2013-05-16 23:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-15 03:02 - 2013-05-16 22:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-15 03:02 - 2013-05-16 22:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-15 03:02 - 2013-05-16 22:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-15 03:02 - 2013-05-16 22:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-15 03:02 - 2013-05-16 22:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-15 03:02 - 2013-05-16 22:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-15 03:02 - 2013-05-16 22:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-15 03:02 - 2013-05-16 19:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-15 03:02 - 2013-05-16 18:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-15 03:02 - 2013-05-16 18:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-15 03:02 - 2013-05-16 18:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-15 03:02 - 2013-05-16 18:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-15 03:02 - 2013-05-16 18:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-15 03:02 - 2013-05-16 18:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-15 03:02 - 2013-05-16 18:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-15 03:02 - 2013-05-16 18:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-15 03:02 - 2013-05-16 18:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-15 03:02 - 2013-05-16 18:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-15 03:02 - 2013-05-16 18:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-15 03:02 - 2013-05-16 18:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-15 00:00 - 2013-06-15 00:07 - 57197609 ____A C:\Users\Will\Downloads\Satinsandspurs-OneForTheBook197.flv 2013-06-14 23:56 - 2013-06-15 00:00 - 47960645 ____A C:\Users\Will\Downloads\Satinsandspurs-StrictlyGI427.flv 2013-06-14 23:54 - 2013-06-15 00:02 - 60970099 ____A C:\Users\Will\Downloads\Satinsandspurs-HollywoodVictoryCaravan821.flv 2013-06-14 23:49 - 2013-06-14 23:54 - 40732346 ____A C:\Users\Will\Downloads\Satinsandspurs-SkirmishOnTheHomeFront284.flv 2013-06-14 23:47 - 2013-06-14 23:56 - 71856762 ____A C:\Users\Will\Downloads\Satinsandspurs-PublicJitterbugNo1919.flv 2013-06-13 18:59 - 2013-06-13 19:56 - 00000130 ____A C:\Users\Will\Documents\vegasmoveexpense.txt 2013-06-13 13:20 - 2013-06-13 13:20 - 00148864 ____A C:\Users\Will\Documents\countdown.pk 2013-06-13 13:20 - 2013-06-13 13:20 - 00033496 ____A C:\Users\Will\Documents\intro.pk 2013-06-12 10:08 - 2013-04-24 00:09 - 01269248 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 10:08 - 2013-04-24 00:09 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 10:08 - 2013-04-24 00:09 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 10:08 - 2013-04-24 00:09 - 00050688 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-12 10:08 - 2013-04-24 00:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 10:08 - 2013-04-24 00:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-12 10:08 - 2013-04-24 00:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 10:08 - 2013-04-24 00:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-12 10:08 - 2013-04-23 22:10 - 01078272 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 10:08 - 2013-04-23 21:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 10:08 - 2013-04-17 09:04 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-12 10:08 - 2013-04-17 08:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 10:06 - 2013-05-08 00:50 - 01423720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 10:05 - 2013-05-02 00:16 - 00686080 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 10:05 - 2013-05-02 00:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-12 10:05 - 2013-05-02 00:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\printcom.dll 2013-06-11 12:03 - 2013-06-11 12:03 - 01289645 ____A C:\Users\Will\Documents\pre-sized_powerpoint_templates_for_social_media_cover_photos.zip 2013-06-08 15:43 - 2013-06-13 15:55 - 00000000 ____D C:\Users\Will\AppData\Local\Spotify 2013-06-08 15:43 - 2013-06-08 15:43 - 00001741 ____A C:\Users\Will\Desktop\Spotify.lnk 2013-06-08 15:24 - 2013-06-08 15:24 - 00000000 ____D C:\ProgramData\Sun 2013-06-08 15:24 - 2013-06-08 15:23 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-08 15:24 - 2013-06-08 15:23 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-08 15:24 - 2013-06-08 15:23 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-08 15:24 - 2013-06-08 15:23 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-08 15:24 - 2013-06-08 15:23 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-08 15:24 - 2013-06-08 15:23 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-08 15:10 - 2013-06-08 15:10 - 00000000 ____D C:\Program Files (x86)\Research In Motion 2013-06-08 14:07 - 2013-06-08 14:07 - 00001602 ____A C:\Users\Will\Documents\cc_20130608_140714.reg 2013-06-07 19:08 - 2013-06-07 19:08 - 00000000 ____D C:\Program Files (x86)\WinHTTrack 2013-06-07 16:11 - 2013-06-07 16:11 - 00002330 ____A C:\Users\Will\Downloads\tonisetlist2.m3u 2013-06-04 11:08 - 2013-06-15 16:32 - 00834587 ____A C:\Windows\WindowsUpdate.log 2013-06-04 10:53 - 2013-06-04 10:53 - 00000442 ____A C:\Users\Will\Documents\cc_20130604_105313.reg 2013-06-03 23:33 - 2013-06-03 23:38 - 00000000 ____D C:\Users\Will\Downloads\Armin van Buuren - This Is What It Feels Like (feat. Trevor Guthrie) [Remixes] 2013-06-03 11:36 - 2013-06-13 14:35 - 00001946 ____A C:\Users\Will\Downloads\jesse_june13b.m3u 2013-06-03 11:35 - 2013-06-03 11:35 - 00000000 ____D C:\Users\Will\Downloads\Miley Cyrus - We Can't Stop [single - 2013] 2013-06-01 21:18 - 2013-06-01 21:18 - 00000000 ____D C:\Users\Will\Documents\Nougat-ExtraBlack 2013-06-01 21:17 - 2013-06-01 21:17 - 00051373 ____A C:\Users\Will\Documents\Nougat-ExtraBlack.zip 2013-05-31 20:10 - 2013-05-31 20:10 - 00000000 ____D C:\Users\Will\Downloads\Vampire Weekend - Modern Vampires Of The City 2013 Indie Rock 320kbps CBR MP3 [VX] 2013-05-31 20:01 - 2013-05-31 20:09 - 00000000 ____D C:\Users\Will\Downloads\Hurts - Exile (iTunes Deluxe Edition) 2013 Pop 320kbps CBR MP3 [VX] 2013-05-31 15:15 - 2013-06-07 20:25 - 00000000 ____D C:\Users\Will\Desktop\Festivall 2013-05-25 13:37 - 2013-05-25 13:37 - 00008752 ____A C:\Users\Will\Documents\cc_20130525_133706.reg 2013-05-24 23:46 - 2013-05-24 23:47 - 04924080 ____A C:\Users\Will\Downloads\Jennifer Lopez - Live It Up (Solo Version).mp4 2013-05-24 11:33 - 2013-05-24 11:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-23 15:41 - 2013-05-23 15:41 - 00000191 ____A C:\Users\Will\Downloads\beautiful.m3u 2013-05-23 15:30 - 2013-05-23 15:30 - 14447646 ____A C:\Users\Will\Downloads\169389767.h264_2.f4v 2013-05-23 15:25 - 2013-05-23 15:25 - 00540467 ____A C:\Users\Will\Downloads\0300020100518CEB183379003E88039A44512C-FDEF-10C2-71CA-EB5931.flv 2013-05-20 15:12 - 2013-05-20 16:07 - 349765729 ____A C:\Users\Will\Downloads\The.Ryan.White.Story.1989.mp4 2013-05-20 12:02 - 2013-05-20 12:02 - 00000000 ____D C:\Users\Will\AppData\Local\{85F1BF08-1670-455E-B75D-A2EB7B2D8D73} 2013-05-20 10:46 - 2013-05-20 11:09 - 10283537 ____A C:\Users\Will\Documents\quotes.psd 2013-05-19 19:00 - 2013-05-19 19:00 - 00000000 ____D C:\Users\Will\Documents\New Folder (2) 2013-05-17 22:50 - 2013-05-17 22:50 - 00000000 ____D C:\Users\Will\Downloads\Grace Potter & The Nocturnals - The Lion The Beast The Beat [Deluxe Version] (2012) 2013-05-16 21:18 - 2013-05-31 21:57 - 00002102 ____A C:\Users\Will\Downloads\jesse_june13.m3u ==================== One Month Modified Files and Folders ======= 2013-06-15 23:22 - 2013-06-15 20:36 - 00000000 ____D C:\Users\Will\Desktop\frst 2013-06-15 23:09 - 2011-10-24 16:50 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cc928e8e6eba16.job 2013-06-15 23:01 - 2013-06-15 14:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-06-15 22:57 - 2013-06-15 22:57 - 00162008 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys 2013-06-15 22:57 - 2013-06-15 22:57 - 00036680 ____A C:\Windows\System32\Drivers\mbamchameleon.sys 2013-06-15 22:47 - 2012-05-26 14:21 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-630946017-1360042398-3907846972-1000UA.job 2013-06-15 22:46 - 2012-06-20 22:58 - 00000000 ____D C:\ProgramData\Boxtools 2013-06-15 22:42 - 2013-06-15 14:34 - 00000000 ____D C:\Users\Will\Desktop\RK_Quarantine 2013-06-15 22:42 - 2011-10-24 16:50 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cc928e8cf400f6.job 2013-06-15 22:42 - 2006-11-02 11:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-15 22:42 - 2006-11-02 11:22 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-15 22:42 - 2006-11-02 11:22 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-15 22:35 - 2011-10-24 06:45 - 00721586 ____A C:\Windows\System32\PerfStringBackup.TMP 2013-06-15 20:37 - 2013-06-15 20:37 - 00000000 ____D C:\FRST 2013-06-15 20:03 - 2013-06-15 20:03 - 00001624 ____A C:\Users\Will\Desktop\aswMBR.txt 2013-06-15 20:03 - 2013-06-15 20:03 - 00000512 ____A C:\Users\Will\Desktop\MBR.dat 2013-06-15 20:02 - 2013-06-15 20:01 - 04745728 ____A (AVAST Software) C:\Users\Will\Desktop\aswMBR.exe 2013-06-15 19:29 - 2013-06-15 19:29 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\41336173.sys 2013-06-15 19:25 - 2013-06-15 19:25 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\26756189.sys 2013-06-15 19:11 - 2009-09-19 00:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-15 18:40 - 2013-06-15 18:40 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\45168068.sys 2013-06-15 18:36 - 2013-06-15 18:36 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Will\Desktop\tdsskiller.exe 2013-06-15 18:28 - 2013-06-15 18:27 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Will\Desktop\mbam-setup-1.75.0.1300.exe 2013-06-15 17:48 - 2012-10-26 20:43 - 00000000 ____D C:\Users\Will\Desktop\DRH 2013-06-15 17:42 - 2009-11-22 12:45 - 00001460 ____A C:\Users\Will\AppData\Local\d3d9caps64.dat 2013-06-15 16:52 - 2009-10-12 01:24 - 00000000 ____D C:\Users\Will\AppData\Roaming\Winamp 2013-06-15 16:32 - 2013-06-04 11:08 - 00834587 ____A C:\Windows\WindowsUpdate.log 2013-06-15 16:32 - 2006-11-02 11:42 - 00032520 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-06-15 14:47 - 2013-06-15 14:47 - 00000000 ____D C:\Users\Will\Desktop\mbar-1.06.0.1003 2013-06-15 14:47 - 2012-05-26 14:21 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-630946017-1360042398-3907846972-1000Core.job 2013-06-15 14:44 - 2013-06-15 14:44 - 13169742 ____A C:\Users\Will\Desktop\mbar-1.06.0.1003.zip 2013-06-15 14:33 - 2011-02-16 18:01 - 00000000 ____D C:\Windows\Minidump 2013-06-15 14:27 - 2013-06-15 14:27 - 03748864 ____A C:\Users\Will\Desktop\RogueKillerX64.exe 2013-06-15 13:54 - 2013-06-15 13:54 - 00688992 ____R (Swearware) C:\Users\Will\Desktop\dds.scr 2013-06-15 13:10 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\rescache 2013-06-15 03:09 - 2011-11-10 04:04 - 00000129 ____A C:\Windows\System32\MRT.INI 2013-06-15 03:05 - 2006-11-02 08:35 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2013-06-15 01:29 - 2012-08-09 22:20 - 00000000 ____D C:\Users\Will\Desktop\Northeastern 2013-06-15 00:35 - 2009-09-18 18:14 - 00201728 ____A C:\Users\Will\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-06-15 00:07 - 2013-06-15 00:00 - 57197609 ____A C:\Users\Will\Downloads\Satinsandspurs-OneForTheBook197.flv 2013-06-15 00:02 - 2013-06-14 23:54 - 60970099 ____A C:\Users\Will\Downloads\Satinsandspurs-HollywoodVictoryCaravan821.flv 2013-06-15 00:00 - 2013-06-14 23:56 - 47960645 ____A C:\Users\Will\Downloads\Satinsandspurs-StrictlyGI427.flv 2013-06-14 23:56 - 2013-06-14 23:47 - 71856762 ____A C:\Users\Will\Downloads\Satinsandspurs-PublicJitterbugNo1919.flv 2013-06-14 23:54 - 2013-06-14 23:49 - 40732346 ____A C:\Users\Will\Downloads\Satinsandspurs-SkirmishOnTheHomeFront284.flv 2013-06-13 19:56 - 2013-06-13 18:59 - 00000130 ____A C:\Users\Will\Documents\vegasmoveexpense.txt 2013-06-13 16:34 - 2011-07-21 23:46 - 00000000 ____D C:\Users\Will\AppData\Roaming\Spotify 2013-06-13 16:01 - 2012-09-18 20:15 - 00001056 ____A C:\Users\Will\Desktop\To Do.txt 2013-06-13 15:55 - 2013-06-08 15:43 - 00000000 ____D C:\Users\Will\AppData\Local\Spotify 2013-06-13 14:44 - 2009-09-20 00:26 - 00000000 ____D C:\Users\Will\Desktop\Betty Hutton 2013-06-13 14:35 - 2013-06-03 11:36 - 00001946 ____A C:\Users\Will\Downloads\jesse_june13b.m3u 2013-06-13 14:33 - 2010-03-18 02:31 - 00000000 ____D C:\Users\Will\AppData\Local\Last.fm 2013-06-13 13:20 - 2013-06-13 13:20 - 00148864 ____A C:\Users\Will\Documents\countdown.pk 2013-06-13 13:20 - 2013-06-13 13:20 - 00033496 ____A C:\Users\Will\Documents\intro.pk 2013-06-13 11:42 - 2006-11-02 08:34 - 00000258 ____A C:\Windows\system.ini 2013-06-13 00:10 - 2012-11-11 01:23 - 00001658 ____A C:\Users\Will\Downloads\lanacd.m3u 2013-06-11 19:46 - 2010-08-02 16:38 - 00000000 ___AD C:\Users\Will\Desktop\Theatre Charlotte 2013-06-11 12:03 - 2013-06-11 12:03 - 01289645 ____A C:\Users\Will\Documents\pre-sized_powerpoint_templates_for_social_media_cover_photos.zip 2013-06-10 05:34 - 2009-08-26 19:18 - 00000000 ____D C:\users\Will 2013-06-08 15:45 - 2009-09-29 23:17 - 00000000 ____D C:\Users\Will\AppData\Roaming\vlc 2013-06-08 15:43 - 2013-06-08 15:43 - 00001741 ____A C:\Users\Will\Desktop\Spotify.lnk 2013-06-08 15:41 - 2009-09-18 18:32 - 00000000 ____D C:\Users\Will\AppData\Roaming\uTorrent 2013-06-08 15:24 - 2013-06-08 15:24 - 00000000 ____D C:\ProgramData\Sun 2013-06-08 15:23 - 2013-06-08 15:24 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-08 15:23 - 2013-06-08 15:24 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-08 15:23 - 2013-06-08 15:24 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-08 15:23 - 2013-06-08 15:24 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-08 15:23 - 2013-06-08 15:24 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-08 15:23 - 2013-06-08 15:24 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-08 15:23 - 2009-08-26 19:08 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-08 15:19 - 2009-08-26 19:29 - 00000000 ____D C:\Program Files\CyberLink 2013-06-08 15:19 - 2009-08-26 19:09 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information 2013-06-08 15:17 - 2009-09-05 20:06 - 00000000 ____D C:\Users\Will\AppData\Roaming\Amazon 2013-06-08 15:15 - 2011-02-14 11:27 - 00000000 ____D C:\Program Files (x86)\NCH Software 2013-06-08 15:14 - 2009-09-04 18:45 - 00000000 ____D C:\ProgramData\Skype 2013-06-08 15:13 - 2009-09-04 18:46 - 00000000 ____D C:\Users\Will\AppData\Roaming\Skype 2013-06-08 15:10 - 2013-06-08 15:10 - 00000000 ____D C:\Program Files (x86)\Research In Motion 2013-06-08 14:07 - 2013-06-08 14:07 - 00001602 ____A C:\Users\Will\Documents\cc_20130608_140714.reg 2013-06-07 20:25 - 2013-05-31 15:15 - 00000000 ____D C:\Users\Will\Desktop\Festivall 2013-06-07 19:08 - 2013-06-07 19:08 - 00000000 ____D C:\Program Files (x86)\WinHTTrack 2013-06-07 16:11 - 2013-06-07 16:11 - 00002330 ____A C:\Users\Will\Downloads\tonisetlist2.m3u 2013-06-05 19:59 - 2012-05-26 14:23 - 00002072 ____A C:\Users\Will\Desktop\Google Chrome.lnk 2013-06-04 12:21 - 2013-03-12 15:03 - 00000000 ____D C:\Users\Will\Documents\My Digital Editions 2013-06-04 12:20 - 2013-03-12 15:00 - 00001272 ____A C:\Users\Will\Downloads\URLLink.acsm 2013-06-04 10:53 - 2013-06-04 10:53 - 00000442 ____A C:\Users\Will\Documents\cc_20130604_105313.reg 2013-06-03 23:38 - 2013-06-03 23:33 - 00000000 ____D C:\Users\Will\Downloads\Armin van Buuren - This Is What It Feels Like (feat. Trevor Guthrie) [Remixes] 2013-06-03 11:35 - 2013-06-03 11:35 - 00000000 ____D C:\Users\Will\Downloads\Miley Cyrus - We Can't Stop [single - 2013] 2013-06-02 10:43 - 2009-08-26 19:18 - 00287424 ____A C:\Users\Will\AppData\Local\GDIPFONTCACHEV1.DAT 2013-06-02 10:39 - 2006-11-02 11:21 - 00800496 ___AH C:\Windows\System32\FNTCACHE.DAT 2013-06-01 21:18 - 2013-06-01 21:18 - 00000000 ____D C:\Users\Will\Documents\Nougat-ExtraBlack 2013-06-01 21:17 - 2013-06-01 21:17 - 00051373 ____A C:\Users\Will\Documents\Nougat-ExtraBlack.zip 2013-05-31 21:57 - 2013-05-16 21:18 - 00002102 ____A C:\Users\Will\Downloads\jesse_june13.m3u 2013-05-31 20:10 - 2013-05-31 20:10 - 00000000 ____D C:\Users\Will\Downloads\Vampire Weekend - Modern Vampires Of The City 2013 Indie Rock 320kbps CBR MP3 [VX] 2013-05-31 20:09 - 2013-05-31 20:01 - 00000000 ____D C:\Users\Will\Downloads\Hurts - Exile (iTunes Deluxe Edition) 2013 Pop 320kbps CBR MP3 [VX] 2013-05-31 07:07 - 2012-02-18 20:52 - 00002936 ____A C:\Users\Will\Downloads\tonisetlist.m3u 2013-05-28 11:50 - 2012-04-20 19:19 - 00002462 ____A C:\Users\Will\Downloads\mariahdance.m3u 2013-05-25 13:37 - 2013-05-25 13:37 - 00008752 ____A C:\Users\Will\Documents\cc_20130525_133706.reg 2013-05-25 13:24 - 2013-02-18 12:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-05-24 23:47 - 2013-05-24 23:46 - 04924080 ____A C:\Users\Will\Downloads\Jennifer Lopez - Live It Up (Solo Version).mp4 2013-05-24 12:26 - 2006-11-02 08:34 - 00000338 ____A C:\Windows\win.ini 2013-05-24 11:33 - 2013-05-24 11:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-23 15:41 - 2013-05-23 15:41 - 00000191 ____A C:\Users\Will\Downloads\beautiful.m3u 2013-05-23 15:30 - 2013-05-23 15:30 - 14447646 ____A C:\Users\Will\Downloads\169389767.h264_2.f4v 2013-05-23 15:25 - 2013-05-23 15:25 - 00540467 ____A C:\Users\Will\Downloads\0300020100518CEB183379003E88039A44512C-FDEF-10C2-71CA-EB5931.flv 2013-05-20 16:07 - 2013-05-20 15:12 - 349765729 ____A C:\Users\Will\Downloads\The.Ryan.White.Story.1989.mp4 2013-05-20 12:02 - 2013-05-20 12:02 - 00000000 ____D C:\Users\Will\AppData\Local\{85F1BF08-1670-455E-B75D-A2EB7B2D8D73} 2013-05-20 11:31 - 2013-03-26 23:39 - 00000239 ____A C:\Users\Will\.swfinfo 2013-05-20 11:09 - 2013-05-20 10:46 - 10283537 ____A C:\Users\Will\Documents\quotes.psd 2013-05-19 19:00 - 2013-05-19 19:00 - 00000000 ____D C:\Users\Will\Documents\New Folder (2) 2013-05-17 22:50 - 2013-05-17 22:50 - 00000000 ____D C:\Users\Will\Downloads\Grace Potter & The Nocturnals - The Lion The Beast The Beat [Deluxe Version] (2012) 2013-05-17 14:57 - 2009-08-26 19:13 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-05-17 00:05 - 2013-06-15 03:02 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-16 23:27 - 2013-06-15 03:02 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-16 23:09 - 2013-06-15 03:02 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-16 23:02 - 2013-06-15 03:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-16 23:02 - 2013-06-15 03:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-16 23:01 - 2013-06-15 03:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-05-16 23:00 - 2013-06-15 03:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-05-16 22:58 - 2013-06-15 03:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-16 22:56 - 2013-06-15 03:02 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-05-16 22:56 - 2013-06-15 03:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-05-16 22:55 - 2013-06-15 03:02 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-16 22:54 - 2013-06-15 03:02 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-16 22:53 - 2013-06-15 03:02 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-16 22:51 - 2013-06-15 03:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-16 22:51 - 2013-06-15 03:03 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-05-16 22:46 - 2013-06-15 03:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-16 19:08 - 2013-06-15 03:02 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-16 18:49 - 2013-06-15 03:02 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-16 18:39 - 2013-06-15 03:02 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-16 18:28 - 2013-06-15 03:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-16 18:28 - 2013-06-15 03:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-16 18:27 - 2013-06-15 03:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-05-16 18:26 - 2013-06-15 03:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-05-16 18:23 - 2013-06-15 03:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-16 18:21 - 2013-06-15 03:02 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-16 18:21 - 2013-06-15 03:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-05-16 18:20 - 2013-06-15 03:03 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-05-16 18:19 - 2013-06-15 03:02 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-16 18:17 - 2013-06-15 03:03 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-05-16 18:17 - 2013-06-15 03:02 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-16 18:16 - 2013-06-15 03:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-16 18:12 - 2013-06-15 03:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-15 22:54 ==================== End Of Log ============================
- June 16, 2013
- 33 replies
What is happening? Help!

wward2005 replied to wward2005's topic in Resolved Malware Removal Logs

Thanks for all your help thusfar. I ran FRST again and TDL4: custom:26000022 <===== ATTENTION! does not appear in the new logs. But I look forward to your responses in the morning.
- June 16, 2013
- 33 replies
What is happening? Help!

wward2005 replied to wward2005's topic in Resolved Malware Removal Logs

Update: I was able to get my computer to boot in Normal mode! Where should I go from here?
- June 16, 2013
- 33 replies
What is happening? Help!

wward2005 replied to wward2005's topic in Resolved Malware Removal Logs

Unfortunately, I am not able to boot in recovery mode. I tried several times. I am presented with a blank "other user" screen. I've googled this and apparently it's a common problem with some Dell Vista computers, and there is no fix.
- June 16, 2013
- 33 replies
What is happening? Help!

wward2005 replied to wward2005's topic in Resolved Malware Removal Logs

32bit version would not run. Prompt said it was not compatible with my OS. Here are the files you requested, but from the 64bit version (I hope that is fine): Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013 Ran by Will (administrator) on 15-06-2013 20:37:41 Running from C:\Users\Will\Desktop\frst Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Safe Mode (with Networking) ==================== Processes (Whitelisted) ================= (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1657128 2008-11-21] (Synaptics, Inc.) HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [2041112 2008-09-26] (Dell Inc.) HKLM\...\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [462848 2009-03-30] (IDT, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-06-16] (Adobe Systems Incorporated) HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation) HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [560128 2010-09-23] (Dell) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll",ProcessCleanupScript "C:\ProgramData\Malwarebytes' Anti-Malware (portable)" [1552968 2013-05-08] (Malwarebytes Corporation) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X] HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation) HKCU\...\Run: [Google Update] "C:\Users\Will\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-03-23] (Google Inc.) HKCU\...\Run: [boxoft Tools] "C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun [514048 2010-12-15] () HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [560128 2010-09-23] (Dell) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll",ProcessCleanupScript "C:\ProgramData\Malwarebytes' Anti-Malware (portable)" [1552968 2013-05-08] (Malwarebytes Corporation) MountPoints2: F - F:\SETUP.EXE MountPoints2: {e1cb7f5b-d35b-11e1-8dc6-002219f3e455} - G:\LaunchU3.exe -a HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2009-04-22] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [250192 2009-04-24] (Microsoft Corporation) HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [37888 2009-07-01] () HKLM-x32\...\Run: [FATrayAlert] "C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [95488 2008-09-05] (Sensible Vision ) HKLM-x32\...\Run: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2009-05-21] (SupportSoft, Inc.) HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] () HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-11-13] (Apple Inc.) HKLM-x32\...\Run: [FAStartup] [x] HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch SearchScopes: HKCU - {11DE8208-B6DD-468F-ABF5-0BEABFEAB21E} URL = http://search.yahoo....p={searchTerms} SearchScopes: HKCU - {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = Playbryte-fa-outbrowse/search/redirect/?type=default&user_id=191ef893-289b-4bc3-b290-d1b912639f5c&query={searchTerms} BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\Scriptcl.dll (McAfee, Inc.) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: FAIESSOHelper Class - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision ) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File DPF: HKLM-x32 {7823A620-9DD9-11CF-A662-00AA00C066D2} https://athenanet.at...ard2/iemenu.cab DPF: HKLM-x32 {832B4EED-7115-41CB-9A87-993F5C1545E4} https://athenanet.at...d2/LibCheck.CAB Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\0gditjn5.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: DownloadHelper - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\0gditjn5.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Users\Will\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Will\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Will\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll () CHR Plugin: (Java™ Platform SE 6 U13) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No File CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No File CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (YouTube) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Pinterest Right Click) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebnlmphodejhpeoplgojlbgcekfopfjo\0.92_0 CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0 CHR Extension: (Gmail) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 ==================== Services (Whitelisted) ================= S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2009-09-22] (Adobe Systems) S2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated) S2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [104000 2006-11-17] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.) S2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [153664 2006-11-30] (McAfee, Inc.) S2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [54872 2006-11-30] (McAfee, Inc.) S2 vToolbarUpdater; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [909152 2012-03-22] () S2 RoxLiveShare; "C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe" [x] S3 RoxMediaDB; "C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe" [x] S2 RoxWatch; "C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe" [x] ==================== Drivers (Whitelisted) ==================== S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare) S3 mbamswissarmy; C:\Windows\system32\drivers\mbamswissarmy.sys [162008 2013-06-15] (Malwarebytes Corporation) S3 mbamswissarmy; C:\Windows\system32\drivers\mbamswissarmy.sys [162008 2013-06-15] (Malwarebytes Corporation) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [80200 2006-11-30] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [92488 2006-11-30] (McAfee, Inc.) S3 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [246344 2006-11-30] (McAfee, Inc.) S1 mferkdk; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mferkdk.sys [38600 2006-11-30] (McAfee, Inc.) R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [67144 2006-11-30] (McAfee, Inc.) S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2009-09-25] (Printing Communications Assoc., Inc. (PCAUSA)) S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd) R3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [31880 2009-09-25] () S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [16896 2009-09-25] (LG Electronics Inc.) S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2009-09-25] (LG Electronics Inc.) S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [29696 2009-09-25] (LG Electronics Inc.) S3 catchme; \??\C:\ComboFix-1\catchme.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x] U3 aswMBR; \??\C:\Users\Will\AppData\Local\Temp\aswMBR.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-15 20:37 - 2013-06-15 20:37 - 00000000 ____D C:\FRST 2013-06-15 20:36 - 2013-06-15 20:37 - 00000000 ____D C:\Users\Will\Desktop\frst 2013-06-15 20:17 - 2013-06-15 20:17 - 00002881 ____A C:\Users\Will\Desktop\RKreport[4]_S_06152013_201719.txt 2013-06-15 20:03 - 2013-06-15 20:03 - 00001624 ____A C:\Users\Will\Desktop\aswMBR.txt 2013-06-15 20:03 - 2013-06-15 20:03 - 00000512 ____A C:\Users\Will\Desktop\MBR.dat 2013-06-15 20:01 - 2013-06-15 20:02 - 04745728 ____A (AVAST Software) C:\Users\Will\Desktop\aswMBR.exe 2013-06-15 19:54 - 2013-06-15 19:54 - 00162008 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys 2013-06-15 19:51 - 2013-06-15 19:51 - 00002848 ____A C:\Users\Will\Desktop\RKreport[3]_S_06152013_195133.txt 2013-06-15 19:29 - 2013-06-15 19:29 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\41336173.sys 2013-06-15 19:25 - 2013-06-15 19:25 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\26756189.sys 2013-06-15 18:49 - 2013-06-15 19:00 - 00008246 ____A C:\Users\Will\Desktop\startup.txt 2013-06-15 18:40 - 2013-06-15 18:40 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\45168068.sys 2013-06-15 18:39 - 2013-06-15 18:39 - 00003110 ____A C:\Users\Will\Desktop\instruct.txt 2013-06-15 18:36 - 2013-06-15 18:36 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Will\Desktop\tdsskiller.exe 2013-06-15 18:27 - 2013-06-15 18:28 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Will\Desktop\mbam-setup-1.75.0.1300.exe 2013-06-15 16:33 - 2013-06-15 19:59 - 268435456 __ASH C:\Windows\System32\temppf.sys 2013-06-15 14:49 - 2013-06-15 16:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-06-15 14:47 - 2013-06-15 14:47 - 00003195 ____A C:\Users\Will\Desktop\RKreport[2]_D_06152013_144715.txt 2013-06-15 14:47 - 2013-06-15 14:47 - 00000000 ____D C:\Users\Will\Desktop\mbar-1.06.0.1003 2013-06-15 14:46 - 2013-06-15 14:46 - 00003094 ____A C:\Users\Will\Desktop\RKreport[1]_S_06152013_144617.txt 2013-06-15 14:44 - 2013-06-15 14:44 - 13169742 ____A C:\Users\Will\Desktop\mbar-1.06.0.1003.zip 2013-06-15 14:36 - 2013-06-15 14:36 - 00003150 ____A C:\Users\Will\Desktop\RKreport[0]_S_06152013_143621.txt 2013-06-15 14:34 - 2013-06-15 14:47 - 00000000 ____D C:\Users\Will\Desktop\RK_Quarantine 2013-06-15 14:27 - 2013-06-15 14:27 - 03748864 ____A C:\Users\Will\Desktop\RogueKillerX64.exe 2013-06-15 14:03 - 2013-06-15 14:03 - 00012601 ____A C:\Users\Will\Desktop\attach.txt 2013-06-15 14:03 - 2013-06-15 13:59 - 00020319 ____A C:\Users\Will\Desktop\dds.txt 2013-06-15 13:54 - 2013-06-15 13:54 - 00688992 ____R (Swearware) C:\Users\Will\Desktop\dds.scr 2013-06-15 03:03 - 2013-05-16 22:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-15 03:03 - 2013-05-16 22:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-15 03:03 - 2013-05-16 18:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-15 03:03 - 2013-05-16 18:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-15 03:03 - 2013-05-16 18:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-15 03:02 - 2013-05-17 00:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-15 03:02 - 2013-05-16 23:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-15 03:02 - 2013-05-16 23:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-15 03:02 - 2013-05-16 23:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-15 03:02 - 2013-05-16 23:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-15 03:02 - 2013-05-16 23:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-15 03:02 - 2013-05-16 23:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-15 03:02 - 2013-05-16 22:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-15 03:02 - 2013-05-16 22:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-15 03:02 - 2013-05-16 22:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-15 03:02 - 2013-05-16 22:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-15 03:02 - 2013-05-16 22:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-15 03:02 - 2013-05-16 22:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-15 03:02 - 2013-05-16 22:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-15 03:02 - 2013-05-16 19:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-15 03:02 - 2013-05-16 18:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-15 03:02 - 2013-05-16 18:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-15 03:02 - 2013-05-16 18:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-15 03:02 - 2013-05-16 18:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-15 03:02 - 2013-05-16 18:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-15 03:02 - 2013-05-16 18:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-15 03:02 - 2013-05-16 18:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-15 03:02 - 2013-05-16 18:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-15 03:02 - 2013-05-16 18:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-15 03:02 - 2013-05-16 18:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-15 03:02 - 2013-05-16 18:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-15 03:02 - 2013-05-16 18:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-15 00:00 - 2013-06-15 00:07 - 57197609 ____A C:\Users\Will\Downloads\Satinsandspurs-OneForTheBook197.flv 2013-06-14 23:56 - 2013-06-15 00:00 - 47960645 ____A C:\Users\Will\Downloads\Satinsandspurs-StrictlyGI427.flv 2013-06-14 23:54 - 2013-06-15 00:02 - 60970099 ____A C:\Users\Will\Downloads\Satinsandspurs-HollywoodVictoryCaravan821.flv 2013-06-14 23:49 - 2013-06-14 23:54 - 40732346 ____A C:\Users\Will\Downloads\Satinsandspurs-SkirmishOnTheHomeFront284.flv 2013-06-14 23:47 - 2013-06-14 23:56 - 71856762 ____A C:\Users\Will\Downloads\Satinsandspurs-PublicJitterbugNo1919.flv 2013-06-13 18:59 - 2013-06-13 19:56 - 00000130 ____A C:\Users\Will\Documents\vegasmoveexpense.txt 2013-06-13 13:20 - 2013-06-13 13:20 - 00148864 ____A C:\Users\Will\Documents\countdown.pk 2013-06-13 13:20 - 2013-06-13 13:20 - 00033496 ____A C:\Users\Will\Documents\intro.pk 2013-06-12 10:08 - 2013-04-24 00:09 - 01269248 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 10:08 - 2013-04-24 00:09 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 10:08 - 2013-04-24 00:09 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 10:08 - 2013-04-24 00:09 - 00050688 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-12 10:08 - 2013-04-24 00:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 10:08 - 2013-04-24 00:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-12 10:08 - 2013-04-24 00:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 10:08 - 2013-04-24 00:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-12 10:08 - 2013-04-23 22:10 - 01078272 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 10:08 - 2013-04-23 21:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 10:08 - 2013-04-17 09:04 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-12 10:08 - 2013-04-17 08:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 10:06 - 2013-05-08 00:50 - 01423720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 10:05 - 2013-05-02 00:16 - 00686080 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 10:05 - 2013-05-02 00:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-12 10:05 - 2013-05-02 00:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\printcom.dll 2013-06-11 12:03 - 2013-06-11 12:03 - 01289645 ____A C:\Users\Will\Documents\pre-sized_powerpoint_templates_for_social_media_cover_photos.zip 2013-06-08 15:43 - 2013-06-13 15:55 - 00000000 ____D C:\Users\Will\AppData\Local\Spotify 2013-06-08 15:43 - 2013-06-08 15:43 - 00001741 ____A C:\Users\Will\Desktop\Spotify.lnk 2013-06-08 15:24 - 2013-06-08 15:24 - 00000000 ____D C:\ProgramData\Sun 2013-06-08 15:24 - 2013-06-08 15:23 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-08 15:24 - 2013-06-08 15:23 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-08 15:24 - 2013-06-08 15:23 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-08 15:24 - 2013-06-08 15:23 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-08 15:24 - 2013-06-08 15:23 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-08 15:24 - 2013-06-08 15:23 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-08 15:10 - 2013-06-08 15:10 - 00000000 ____D C:\Program Files (x86)\Research In Motion 2013-06-08 14:07 - 2013-06-08 14:07 - 00001602 ____A C:\Users\Will\Documents\cc_20130608_140714.reg 2013-06-07 19:08 - 2013-06-07 19:08 - 00000000 ____D C:\Program Files (x86)\WinHTTrack 2013-06-07 16:11 - 2013-06-07 16:11 - 00002330 ____A C:\Users\Will\Downloads\tonisetlist2.m3u 2013-06-04 11:08 - 2013-06-15 16:32 - 00821364 ____A C:\Windows\WindowsUpdate.log 2013-06-04 10:53 - 2013-06-04 10:53 - 00000442 ____A C:\Users\Will\Documents\cc_20130604_105313.reg 2013-06-03 23:33 - 2013-06-03 23:38 - 00000000 ____D C:\Users\Will\Downloads\Armin van Buuren - This Is What It Feels Like (feat. Trevor Guthrie) [Remixes] 2013-06-03 11:36 - 2013-06-13 14:35 - 00001946 ____A C:\Users\Will\Downloads\jesse_june13b.m3u 2013-06-03 11:35 - 2013-06-03 11:35 - 00000000 ____D C:\Users\Will\Downloads\Miley Cyrus - We Can't Stop [single - 2013] 2013-06-01 21:18 - 2013-06-01 21:18 - 00000000 ____D C:\Users\Will\Documents\Nougat-ExtraBlack 2013-06-01 21:17 - 2013-06-01 21:17 - 00051373 ____A C:\Users\Will\Documents\Nougat-ExtraBlack.zip 2013-05-31 20:10 - 2013-05-31 20:10 - 00000000 ____D C:\Users\Will\Downloads\Vampire Weekend - Modern Vampires Of The City 2013 Indie Rock 320kbps CBR MP3 [VX] 2013-05-31 20:01 - 2013-05-31 20:09 - 00000000 ____D C:\Users\Will\Downloads\Hurts - Exile (iTunes Deluxe Edition) 2013 Pop 320kbps CBR MP3 [VX] 2013-05-31 15:15 - 2013-06-07 20:25 - 00000000 ____D C:\Users\Will\Desktop\Festivall 2013-05-25 13:37 - 2013-05-25 13:37 - 00008752 ____A C:\Users\Will\Documents\cc_20130525_133706.reg 2013-05-24 23:46 - 2013-05-24 23:47 - 04924080 ____A C:\Users\Will\Downloads\Jennifer Lopez - Live It Up (Solo Version).mp4 2013-05-24 11:33 - 2013-05-24 11:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-23 15:41 - 2013-05-23 15:41 - 00000191 ____A C:\Users\Will\Downloads\beautiful.m3u 2013-05-23 15:30 - 2013-05-23 15:30 - 14447646 ____A C:\Users\Will\Downloads\169389767.h264_2.f4v 2013-05-23 15:25 - 2013-05-23 15:25 - 00540467 ____A C:\Users\Will\Downloads\0300020100518CEB183379003E88039A44512C-FDEF-10C2-71CA-EB5931.flv 2013-05-20 15:12 - 2013-05-20 16:07 - 349765729 ____A C:\Users\Will\Downloads\The.Ryan.White.Story.1989.mp4 2013-05-20 12:02 - 2013-05-20 12:02 - 00000000 ____D C:\Users\Will\AppData\Local\{85F1BF08-1670-455E-B75D-A2EB7B2D8D73} 2013-05-20 10:46 - 2013-05-20 11:09 - 10283537 ____A C:\Users\Will\Documents\quotes.psd 2013-05-19 19:00 - 2013-05-19 19:00 - 00000000 ____D C:\Users\Will\Documents\New Folder (2) 2013-05-17 22:50 - 2013-05-17 22:50 - 00000000 ____D C:\Users\Will\Downloads\Grace Potter & The Nocturnals - The Lion The Beast The Beat [Deluxe Version] (2012) 2013-05-16 21:18 - 2013-05-31 21:57 - 00002102 ____A C:\Users\Will\Downloads\jesse_june13.m3u ==================== One Month Modified Files and Folders ======= 2013-06-15 20:37 - 2013-06-15 20:37 - 00000000 ____D C:\FRST 2013-06-15 20:37 - 2013-06-15 20:36 - 00000000 ____D C:\Users\Will\Desktop\frst 2013-06-15 20:17 - 2013-06-15 20:17 - 00002881 ____A C:\Users\Will\Desktop\RKreport[4]_S_06152013_201719.txt 2013-06-15 20:03 - 2013-06-15 20:03 - 00001624 ____A C:\Users\Will\Desktop\aswMBR.txt 2013-06-15 20:03 - 2013-06-15 20:03 - 00000512 ____A C:\Users\Will\Desktop\MBR.dat 2013-06-15 20:02 - 2013-06-15 20:01 - 04745728 ____A (AVAST Software) C:\Users\Will\Desktop\aswMBR.exe 2013-06-15 19:59 - 2013-06-15 16:33 - 268435456 __ASH C:\Windows\System32\temppf.sys 2013-06-15 19:56 - 2011-10-24 16:50 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cc928e8cf400f6.job 2013-06-15 19:56 - 2006-11-02 11:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-15 19:54 - 2013-06-15 19:54 - 00162008 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys 2013-06-15 19:51 - 2013-06-15 19:51 - 00002848 ____A C:\Users\Will\Desktop\RKreport[3]_S_06152013_195133.txt 2013-06-15 19:29 - 2013-06-15 19:29 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\41336173.sys 2013-06-15 19:25 - 2013-06-15 19:25 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\26756189.sys 2013-06-15 19:11 - 2009-09-19 00:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-15 19:00 - 2013-06-15 18:49 - 00008246 ____A C:\Users\Will\Desktop\startup.txt 2013-06-15 18:40 - 2013-06-15 18:40 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\45168068.sys 2013-06-15 18:39 - 2013-06-15 18:39 - 00003110 ____A C:\Users\Will\Desktop\instruct.txt 2013-06-15 18:36 - 2013-06-15 18:36 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Will\Desktop\tdsskiller.exe 2013-06-15 18:28 - 2013-06-15 18:27 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Will\Desktop\mbam-setup-1.75.0.1300.exe 2013-06-15 17:48 - 2012-10-26 20:43 - 00000000 ____D C:\Users\Will\Desktop\DRH 2013-06-15 17:42 - 2009-11-22 12:45 - 00001460 ____A C:\Users\Will\AppData\Local\d3d9caps64.dat 2013-06-15 16:52 - 2009-10-12 01:24 - 00000000 ____D C:\Users\Will\AppData\Roaming\Winamp 2013-06-15 16:32 - 2013-06-15 14:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-06-15 16:32 - 2013-06-04 11:08 - 00821364 ____A C:\Windows\WindowsUpdate.log 2013-06-15 16:32 - 2006-11-02 11:42 - 00032520 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-06-15 16:32 - 2006-11-02 11:22 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-15 16:32 - 2006-11-02 11:22 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-15 16:09 - 2011-10-24 16:50 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cc928e8e6eba16.job 2013-06-15 15:47 - 2012-05-26 14:21 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-630946017-1360042398-3907846972-1000UA.job 2013-06-15 14:47 - 2013-06-15 14:47 - 00003195 ____A C:\Users\Will\Desktop\RKreport[2]_D_06152013_144715.txt 2013-06-15 14:47 - 2013-06-15 14:47 - 00000000 ____D C:\Users\Will\Desktop\mbar-1.06.0.1003 2013-06-15 14:47 - 2013-06-15 14:34 - 00000000 ____D C:\Users\Will\Desktop\RK_Quarantine 2013-06-15 14:47 - 2012-05-26 14:21 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-630946017-1360042398-3907846972-1000Core.job 2013-06-15 14:46 - 2013-06-15 14:46 - 00003094 ____A C:\Users\Will\Desktop\RKreport[1]_S_06152013_144617.txt 2013-06-15 14:44 - 2013-06-15 14:44 - 13169742 ____A C:\Users\Will\Desktop\mbar-1.06.0.1003.zip 2013-06-15 14:36 - 2013-06-15 14:36 - 00003150 ____A C:\Users\Will\Desktop\RKreport[0]_S_06152013_143621.txt 2013-06-15 14:33 - 2011-02-16 18:01 - 00000000 ____D C:\Windows\Minidump 2013-06-15 14:27 - 2013-06-15 14:27 - 03748864 ____A C:\Users\Will\Desktop\RogueKillerX64.exe 2013-06-15 14:23 - 2012-06-20 22:58 - 00000000 ____D C:\ProgramData\Boxtools 2013-06-15 14:03 - 2013-06-15 14:03 - 00012601 ____A C:\Users\Will\Desktop\attach.txt 2013-06-15 13:59 - 2013-06-15 14:03 - 00020319 ____A C:\Users\Will\Desktop\dds.txt 2013-06-15 13:54 - 2013-06-15 13:54 - 00688992 ____R (Swearware) C:\Users\Will\Desktop\dds.scr 2013-06-15 13:10 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\rescache 2013-06-15 03:09 - 2011-11-10 04:04 - 00000129 ____A C:\Windows\System32\MRT.INI 2013-06-15 03:05 - 2006-11-02 08:35 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2013-06-15 01:29 - 2012-08-09 22:20 - 00000000 ____D C:\Users\Will\Desktop\Northeastern 2013-06-15 00:35 - 2009-09-18 18:14 - 00201728 ____A C:\Users\Will\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-06-15 00:07 - 2013-06-15 00:00 - 57197609 ____A C:\Users\Will\Downloads\Satinsandspurs-OneForTheBook197.flv 2013-06-15 00:02 - 2013-06-14 23:54 - 60970099 ____A C:\Users\Will\Downloads\Satinsandspurs-HollywoodVictoryCaravan821.flv 2013-06-15 00:00 - 2013-06-14 23:56 - 47960645 ____A C:\Users\Will\Downloads\Satinsandspurs-StrictlyGI427.flv 2013-06-14 23:56 - 2013-06-14 23:47 - 71856762 ____A C:\Users\Will\Downloads\Satinsandspurs-PublicJitterbugNo1919.flv 2013-06-14 23:54 - 2013-06-14 23:49 - 40732346 ____A C:\Users\Will\Downloads\Satinsandspurs-SkirmishOnTheHomeFront284.flv 2013-06-13 19:56 - 2013-06-13 18:59 - 00000130 ____A C:\Users\Will\Documents\vegasmoveexpense.txt 2013-06-13 16:34 - 2011-07-21 23:46 - 00000000 ____D C:\Users\Will\AppData\Roaming\Spotify 2013-06-13 16:01 - 2012-09-18 20:15 - 00001056 ____A C:\Users\Will\Desktop\To Do.txt 2013-06-13 15:55 - 2013-06-08 15:43 - 00000000 ____D C:\Users\Will\AppData\Local\Spotify 2013-06-13 14:44 - 2009-09-20 00:26 - 00000000 ____D C:\Users\Will\Desktop\Betty Hutton 2013-06-13 14:35 - 2013-06-03 11:36 - 00001946 ____A C:\Users\Will\Downloads\jesse_june13b.m3u 2013-06-13 14:33 - 2010-03-18 02:31 - 00000000 ____D C:\Users\Will\AppData\Local\Last.fm 2013-06-13 13:20 - 2013-06-13 13:20 - 00148864 ____A C:\Users\Will\Documents\countdown.pk 2013-06-13 13:20 - 2013-06-13 13:20 - 00033496 ____A C:\Users\Will\Documents\intro.pk 2013-06-13 11:42 - 2006-11-02 08:34 - 00000258 ____A C:\Windows\system.ini 2013-06-13 00:10 - 2012-11-11 01:23 - 00001658 ____A C:\Users\Will\Downloads\lanacd.m3u 2013-06-11 19:46 - 2010-08-02 16:38 - 00000000 ___AD C:\Users\Will\Desktop\Theatre Charlotte 2013-06-11 12:03 - 2013-06-11 12:03 - 01289645 ____A C:\Users\Will\Documents\pre-sized_powerpoint_templates_for_social_media_cover_photos.zip 2013-06-10 05:34 - 2009-08-26 19:18 - 00000000 ____D C:\users\Will 2013-06-08 15:45 - 2009-09-29 23:17 - 00000000 ____D C:\Users\Will\AppData\Roaming\vlc 2013-06-08 15:43 - 2013-06-08 15:43 - 00001741 ____A C:\Users\Will\Desktop\Spotify.lnk 2013-06-08 15:41 - 2009-09-18 18:32 - 00000000 ____D C:\Users\Will\AppData\Roaming\uTorrent 2013-06-08 15:24 - 2013-06-08 15:24 - 00000000 ____D C:\ProgramData\Sun 2013-06-08 15:23 - 2013-06-08 15:24 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-08 15:23 - 2013-06-08 15:24 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-08 15:23 - 2013-06-08 15:24 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-08 15:23 - 2013-06-08 15:24 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-08 15:23 - 2013-06-08 15:24 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-08 15:23 - 2013-06-08 15:24 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-08 15:23 - 2009-08-26 19:08 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-08 15:19 - 2009-08-26 19:29 - 00000000 ____D C:\Program Files\CyberLink 2013-06-08 15:19 - 2009-08-26 19:09 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information 2013-06-08 15:17 - 2009-09-05 20:06 - 00000000 ____D C:\Users\Will\AppData\Roaming\Amazon 2013-06-08 15:15 - 2011-02-14 11:27 - 00000000 ____D C:\Program Files (x86)\NCH Software 2013-06-08 15:14 - 2009-09-04 18:45 - 00000000 ____D C:\ProgramData\Skype 2013-06-08 15:13 - 2009-09-04 18:46 - 00000000 ____D C:\Users\Will\AppData\Roaming\Skype 2013-06-08 15:10 - 2013-06-08 15:10 - 00000000 ____D C:\Program Files (x86)\Research In Motion 2013-06-08 14:07 - 2013-06-08 14:07 - 00001602 ____A C:\Users\Will\Documents\cc_20130608_140714.reg 2013-06-07 20:25 - 2013-05-31 15:15 - 00000000 ____D C:\Users\Will\Desktop\Festivall 2013-06-07 19:08 - 2013-06-07 19:08 - 00000000 ____D C:\Program Files (x86)\WinHTTrack 2013-06-07 16:11 - 2013-06-07 16:11 - 00002330 ____A C:\Users\Will\Downloads\tonisetlist2.m3u 2013-06-05 19:59 - 2012-05-26 14:23 - 00002072 ____A C:\Users\Will\Desktop\Google Chrome.lnk 2013-06-04 12:21 - 2013-03-12 15:03 - 00000000 ____D C:\Users\Will\Documents\My Digital Editions 2013-06-04 12:20 - 2013-03-12 15:00 - 00001272 ____A C:\Users\Will\Downloads\URLLink.acsm 2013-06-04 10:53 - 2013-06-04 10:53 - 00000442 ____A C:\Users\Will\Documents\cc_20130604_105313.reg 2013-06-03 23:38 - 2013-06-03 23:33 - 00000000 ____D C:\Users\Will\Downloads\Armin van Buuren - This Is What It Feels Like (feat. Trevor Guthrie) [Remixes] 2013-06-03 11:35 - 2013-06-03 11:35 - 00000000 ____D C:\Users\Will\Downloads\Miley Cyrus - We Can't Stop [single - 2013] 2013-06-02 10:43 - 2009-08-26 19:18 - 00287424 ____A C:\Users\Will\AppData\Local\GDIPFONTCACHEV1.DAT 2013-06-02 10:39 - 2006-11-02 11:21 - 00800496 ___AH C:\Windows\System32\FNTCACHE.DAT 2013-06-01 21:18 - 2013-06-01 21:18 - 00000000 ____D C:\Users\Will\Documents\Nougat-ExtraBlack 2013-06-01 21:17 - 2013-06-01 21:17 - 00051373 ____A C:\Users\Will\Documents\Nougat-ExtraBlack.zip 2013-05-31 21:57 - 2013-05-16 21:18 - 00002102 ____A C:\Users\Will\Downloads\jesse_june13.m3u 2013-05-31 20:10 - 2013-05-31 20:10 - 00000000 ____D C:\Users\Will\Downloads\Vampire Weekend - Modern Vampires Of The City 2013 Indie Rock 320kbps CBR MP3 [VX] 2013-05-31 20:09 - 2013-05-31 20:01 - 00000000 ____D C:\Users\Will\Downloads\Hurts - Exile (iTunes Deluxe Edition) 2013 Pop 320kbps CBR MP3 [VX] 2013-05-31 07:07 - 2012-02-18 20:52 - 00002936 ____A C:\Users\Will\Downloads\tonisetlist.m3u 2013-05-28 11:50 - 2012-04-20 19:19 - 00002462 ____A C:\Users\Will\Downloads\mariahdance.m3u 2013-05-25 13:37 - 2013-05-25 13:37 - 00008752 ____A C:\Users\Will\Documents\cc_20130525_133706.reg 2013-05-25 13:24 - 2013-02-18 12:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-05-24 23:47 - 2013-05-24 23:46 - 04924080 ____A C:\Users\Will\Downloads\Jennifer Lopez - Live It Up (Solo Version).mp4 2013-05-24 12:26 - 2006-11-02 08:34 - 00000338 ____A C:\Windows\win.ini 2013-05-24 11:33 - 2013-05-24 11:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-23 15:41 - 2013-05-23 15:41 - 00000191 ____A C:\Users\Will\Downloads\beautiful.m3u 2013-05-23 15:30 - 2013-05-23 15:30 - 14447646 ____A C:\Users\Will\Downloads\169389767.h264_2.f4v 2013-05-23 15:25 - 2013-05-23 15:25 - 00540467 ____A C:\Users\Will\Downloads\0300020100518CEB183379003E88039A44512C-FDEF-10C2-71CA-EB5931.flv 2013-05-20 16:07 - 2013-05-20 15:12 - 349765729 ____A C:\Users\Will\Downloads\The.Ryan.White.Story.1989.mp4 2013-05-20 12:02 - 2013-05-20 12:02 - 00000000 ____D C:\Users\Will\AppData\Local\{85F1BF08-1670-455E-B75D-A2EB7B2D8D73} 2013-05-20 11:31 - 2013-03-26 23:39 - 00000239 ____A C:\Users\Will\.swfinfo 2013-05-20 11:09 - 2013-05-20 10:46 - 10283537 ____A C:\Users\Will\Documents\quotes.psd 2013-05-19 19:00 - 2013-05-19 19:00 - 00000000 ____D C:\Users\Will\Documents\New Folder (2) 2013-05-18 03:44 - 2011-10-24 06:45 - 00721586 ____A C:\Windows\System32\PerfStringBackup.TMP 2013-05-17 22:50 - 2013-05-17 22:50 - 00000000 ____D C:\Users\Will\Downloads\Grace Potter & The Nocturnals - The Lion The Beast The Beat [Deluxe Version] (2012) 2013-05-17 14:57 - 2009-08-26 19:13 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-05-17 00:05 - 2013-06-15 03:02 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-16 23:27 - 2013-06-15 03:02 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-16 23:09 - 2013-06-15 03:02 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-16 23:02 - 2013-06-15 03:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-16 23:02 - 2013-06-15 03:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-16 23:01 - 2013-06-15 03:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-05-16 23:00 - 2013-06-15 03:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-05-16 22:58 - 2013-06-15 03:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-16 22:56 - 2013-06-15 03:02 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-05-16 22:56 - 2013-06-15 03:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-05-16 22:55 - 2013-06-15 03:02 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-16 22:54 - 2013-06-15 03:02 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-16 22:53 - 2013-06-15 03:02 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-16 22:51 - 2013-06-15 03:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-16 22:51 - 2013-06-15 03:03 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-05-16 22:46 - 2013-06-15 03:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-16 19:08 - 2013-06-15 03:02 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-16 18:49 - 2013-06-15 03:02 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-16 18:39 - 2013-06-15 03:02 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-16 18:28 - 2013-06-15 03:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-16 18:28 - 2013-06-15 03:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-16 18:27 - 2013-06-15 03:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-05-16 18:26 - 2013-06-15 03:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-05-16 18:23 - 2013-06-15 03:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-16 18:21 - 2013-06-15 03:02 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-16 18:21 - 2013-06-15 03:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-05-16 18:20 - 2013-06-15 03:03 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-05-16 18:19 - 2013-06-15 03:02 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-16 18:17 - 2013-06-15 03:03 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-05-16 18:17 - 2013-06-15 03:02 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-16 18:16 - 2013-06-15 03:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-16 18:12 - 2013-06-15 03:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit TDL4: custom:26000022 <===== ATTENTION! LastRegBack: 2013-06-15 13:57 ==================== End Of Log ============================ Addition.txt
- June 16, 2013
- 33 replies
What is happening? Help!

wward2005 replied to wward2005's topic in Resolved Malware Removal Logs

That is correct. System crashes at boot in normal mode. Do you think it has something to do with the Malwarebytes' Anti-Malware ProcessCleanupScript registry entry? That's the only thing that loads in normal mode that doesn't in sade mode, I think?
- June 16, 2013
- 33 replies
What is happening? Help!

wward2005 replied to wward2005's topic in Resolved Malware Removal Logs

RogueKiller V8.6.0 _x64_ [Jun 15 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista Started in : Safe mode with network support User : Will [Admin rights] Mode : Scan -- Date : 06/15/2013 20:17:19 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 9 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : Boxoft Tools ("C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun [-][x]) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-630946017-1360042398-3907846972-1000\[...]\Run : Boxoft Tools ("C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun [-][x]) -> FOUND [RUN][sUSP PATH] HKLM\[...]\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll",ProcessCleanupScript "C:\ProgramData\Malwarebytes' Anti-Malware (portable)" [x][7][x][-]) -> FOUND [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND [WALLPAPER] HKCU\[...]\Desktop : WallPaper (C:\Windows\Web\Wallpaper\img27.jpg) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ -> D:\windows\system32\config\SYSTEM D:\Windows\system32 -> D:\windows\system32\config\SOFTWARE D:\Windows\system32 -> D:\windows\system32\config\SECURITY D:\Windows\system32 -> D:\windows\system32\config\SAM D:\Windows\system32 -> D:\windows\system32\config\DEFAULT D:\Windows\system32 -> D:\Users\Default\NTUSER.DAT D:\Windows\system32 ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK5055GSX ATA Device +++++ --- User --- [MBR] 3e104b599087715e99b4964daab18f7a [bSP] 12363dafc8b1110c9583683a9ba0f769 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 15360 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31569920 | Size: 461524 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[4]_S_06152013_201719.txt >> RKreport[0]_S_06152013_143621.txt;RKreport[1]_S_06152013_144617.txt;RKreport[2]_D_06152013_144715.txt RKreport[3]_S_06152013_195133.txt
- June 16, 2013
- 33 replies
What is happening? Help!

wward2005 replied to wward2005's topic in Resolved Malware Removal Logs

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2013-06-15 20:02:51 ----------------------------- 20:02:51.639 OS Version: Windows x64 6.0.6002 Service Pack 2 20:02:51.639 Number of processors: 2 586 0x1706 20:02:51.640 ComputerName: WILL-PC UserName: Will 20:02:52.854 Initialize success 20:03:00.543 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 20:03:00.545 Disk 0 Vendor: TOSHIBA_MK5055GSX FG000D Size: 476940MB BusType: 3 20:03:00.668 Disk 0 MBR read successfully 20:03:00.670 Disk 0 MBR scan 20:03:00.672 Disk 0 Windows VISTA default MBR code 20:03:00.675 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63 20:03:00.685 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 112640 20:03:00.705 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461524 MB offset 31569920 20:03:00.839 Disk 0 scanning C:\Windows\system32\drivers 20:03:09.864 Service scanning 20:03:40.142 Modules scanning 20:03:40.142 Disk 0 trace - called modules: 20:03:40.181 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 20:03:40.181 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004e00620] 20:03:40.182 3 CLASSPNP.SYS[fffffa6000fd1c33] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b86060] 20:03:40.182 Scan finished successfully 20:03:50.864 Disk 0 MBR has been saved successfully to "C:\Users\Will\Desktop\MBR.dat" 20:03:50.869 The log file has been saved successfully to "C:\Users\Will\Desktop\aswMBR.txt"
- June 16, 2013
- 33 replies
What is happening? Help!

wward2005 replied to wward2005's topic in Resolved Malware Removal Logs

This is all it came up with...
- June 15, 2013
- 33 replies
What is happening? Help!

wward2005 replied to wward2005's topic in Resolved Malware Removal Logs

I'm a little confused. I understand that you can run this program in safe mode, however, when you apply the changes (checking Loaded Modules), the computer automatically reboots in normal mode, which as I mentioned always ends in a blue screen crash. If, when the computer reboots, I run the computer in safe mode, the changes do not apply.
- June 15, 2013
- 33 replies
What is happening? Help!

wward2005 replied to wward2005's topic in Resolved Malware Removal Logs

I ran RogueKiller and then Anti-Rootkit as instructed. After cleanup, my computer restarted and immediately crashed. I've tried rebooted several other times and it always crashes with a blue screen. I can only access my computer now through Safe Mode or Safe Mode with Networking. I've attached the Anti-Rootkit logs here to see if this helps. Any suggestions on what to do now? mbar-log-2013-06-15 (14-49-48).txt system-log.txt
- June 15, 2013
- 33 replies

Sign In

wward2005

Posts

Joined

Last visited

Reputation

What is happening? Help!

What is happening? Help!

What is happening? Help!

What is happening? Help!

What is happening? Help!

What is happening? Help!

What is happening? Help!

What is happening? Help!

What is happening? Help!

What is happening? Help!

What is happening? Help!

What is happening? Help!

What is happening? Help!

What is happening? Help!

What is happening? Help!

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information