Hijack Virus "Computer Crime & Intellectual Property", which prevents Safe Mode

BlackKnight24 · May 14, 2013

I have the computer crime & Intellectual property virus on my computer. It will not allow me to reboot in safe mode with networking or safe mode with command prompt. I can get to the task manager and I’ve tried to do a restore but it keeps saying there is an error and will not allow me to restore at any previous point.

Last night I tried using hit man pro. It said it found a virus.

Then I received a message from MacAfee saying that it had quarantined a virus. My computer started to run fine and I didn’t have a black screen. MacAfee said it needed to reboot to get rid of the virus. Once I rebooted the virus was back!!

MrCharlie · May 14, 2013

Welcome to the forum, here's how we deal with that malware:

Please download Farbar Recovery Scan Tool and save it to a flash drive.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Plug the flash drive into the infected PC.
If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
If you are using Vista or Windows 7 enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
- Restart the computer.
- As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
- Use the arrow keys to select the Repair your computer menu item.
- Select US as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account an click Next.

Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.

To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

[*]On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
  Select Command Prompt
  Once in the Command Prompt:

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

MrC

BlackKnight24 · May 14, 2013

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2013

Ran by SYSTEM on 14-05-2013 11:52:36

Running from F:\

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [dleamon.exe] "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe" [770728 2010-08-09] ()

HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe" [139944 2010-08-09] ()

HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] ()

HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [560128 2011-09-21] (Dell)

HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-01-13] (Softthinks)

HKLM-x32\...\RunOnce: [Z1] cmd /c "C:\Users\Underwood\Desktop\mbar-1.05.0.1001\mbar\mbar.exe" /cleanup /s [1398856 2013-05-13] (Malwarebytes Corporation)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\Users\Underwood\Desktop\mbar-1.05.0.1001\mbar\Data\cleanup.dll",ProcessCleanupScript "C:\Users\Underwood\Desktop\mbar-1.05.0.1001\mbar\Data" [1093192 2013-05-13] (Malwarebytes Corporation)

HKLM\...\InprocServer32: [Default-wbemess] wbemess.dll ATTENTION! ====> ZeroAccess

HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [x]

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)

HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()

HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [selectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe [x]

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)

HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [968048 2012-02-01] ()

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1532992 2013-03-13] (McAfee, Inc.)

HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [x]

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [151952 2012-11-29] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-29] (DivX, LLC)

HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-12] ()

HKU\Underwood\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6591800 2012-02-22] (Yahoo! Inc.)

HKU\Underwood\...\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode [5915480 2010-10-29] (Logitech Inc.)

HKU\Underwood\...\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [247768 2012-12-05] (TomTom)

HKU\Underwood\...\Run: [singlesnet] C:\Program Files (x86)\Singlesnet\Singlesnet\Singlesnet.exe [x]

HKU\Underwood\...\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5629312 2012-11-06] (SUPERAntiSpyware.com)

HKU\Underwood\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)

HKU\Underwood\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18705664 2012-11-09] (Skype Technologies S.A.)

HKU\Underwood\...\Run: [DisplaySwitch] "C:\ProgramData\DisplaySwitch.exe" [x]

HKU\Underwood\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION

Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Users\Underwood\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk

ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe ()

==================== Services (Whitelisted) =================

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-07] (SUPERAntiSpyware.com)

S2 dleaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()

S2 dlea_device; C:\Windows\system32\dleacoms.exe [1052328 2010-05-21] ( )

S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-05-10] (SurfRight B.V.)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)

S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)

S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)

S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)

S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)

S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 HitmanPro37CrusaderBoot; "F:\HitmanPro_x64.exe" /crusader:boot [x]

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)

S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)

S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)

S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)

S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)

S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

S3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-14 11:52 - 2013-05-14 11:52 - 00000000 ____D C:\FRST

2013-05-13 18:43 - 2013-05-13 18:43 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery

2013-05-13 18:23 - 2013-05-13 18:23 - 00000000 ____D C:\Users\Underwood\Desktop\mbar-1.05.0.1001

2013-05-13 18:22 - 2013-05-13 18:23 - 12917756 ____A C:\Users\Underwood\Desktop\mbar-1.05.0.1001.zip

2013-05-10 17:03 - 2013-05-10 17:03 - 00016200 ____A (McAfee, Inc.) C:\Windows\stinger.sys

2013-05-10 16:06 - 2013-05-10 16:06 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe

2013-05-10 16:06 - 2013-05-10 16:06 - 00010612 ____A C:\Windows\System32\.crusader

2013-05-10 16:03 - 2013-05-10 16:03 - 00001855 ____A C:\Users\Public\Desktop\HitmanPro.lnk

2013-05-10 16:03 - 2013-05-10 16:03 - 00001855 ____A C:\ProgramData\Desktop\HitmanPro.lnk

2013-05-10 16:03 - 2013-05-10 16:03 - 00000000 ____D C:\Program Files\HitmanPro

2013-05-10 15:53 - 2013-05-13 18:04 - 00000000 ____D C:\ProgramData\HitmanPro

2013-05-10 15:53 - 2013-05-13 18:04 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro

2013-05-09 17:58 - 2013-05-09 17:58 - 01096033 ____A C:\ProgramData\Application Data\2433f433

2013-05-09 17:58 - 2013-05-09 17:58 - 01096033 ____A C:\ProgramData\2433f433

2013-05-09 17:58 - 2013-05-09 17:58 - 01096017 ____A C:\Users\Underwood\Local Settings\Application Data\2433f433

2013-05-09 17:58 - 2013-05-09 17:58 - 01096017 ____A C:\Users\Underwood\Local Settings\2433f433

2013-05-09 17:58 - 2013-05-09 17:58 - 01096017 ____A C:\Users\Underwood\AppData\Local\2433f433

2013-05-09 17:58 - 2013-05-09 17:58 - 01096014 ____A C:\Users\Underwood\Application Data\2433f433

2013-05-09 17:58 - 2013-05-09 17:58 - 01096014 ____A C:\Users\Underwood\AppData\Roaming\2433f433

2013-05-08 21:21 - 2013-05-08 21:21 - 02250054 ____A C:\ProgramData\Application Data\1.bmp

2013-05-08 21:21 - 2013-05-08 21:21 - 02250054 ____A C:\ProgramData\1.bmp

2013-05-03 17:27 - 2013-05-03 17:34 - 680949925 ____A C:\Users\Underwood\Downloads\wot_85.2493_84.2429_client.patch

2013-04-30 06:06 - 2013-04-12 09:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2013-04-25 16:58 - 2013-04-25 16:58 - 00000030 ____A C:\Users\Underwood\Desktop\imagejpeg_2 (1).jpx

2013-04-25 16:51 - 2013-04-25 16:51 - 00866912 ____A C:\Users\Underwood\Downloads\attachments_2013_04_25.zip

2013-04-25 16:51 - 2013-04-25 16:51 - 00866912 ____A C:\Users\Underwood\Downloads\attachments_2013_04_25 (1).zip

2013-04-23 20:40 - 2013-04-23 20:42 - 00000004 ____A C:\Users\Underwood\Application Data\skype.ini

2013-04-23 20:40 - 2013-04-23 20:42 - 00000004 ____A C:\Users\Underwood\AppData\Roaming\skype.ini

2013-04-23 20:37 - 2013-04-23 20:37 - 00000000 ____A C:\Users\Underwood\opera.exe

2013-04-23 20:37 - 2013-04-23 20:37 - 00000000 ____A C:\Users\Underwood\jucheck.exe

2013-04-23 20:37 - 2013-04-23 20:37 - 00000000 ____A C:\Users\Underwood\flashplayer.exe

2013-04-21 15:09 - 2013-04-21 15:09 - 00000122 ___RH C:\Users\Underwood\Downloads\Stinger.opt

2013-04-21 14:59 - 2013-04-21 15:09 - 00000639 ____A C:\Users\Underwood\Downloads\Stinger_21042013_145915.html

2013-04-21 14:59 - 2013-04-21 14:59 - 00000000 ____D C:\Stinger_Quarantine

2013-04-21 14:58 - 2013-04-21 14:58 - 11157024 ____A (McAfee Inc) C:\Users\Underwood\Downloads\stinger32.exe

2013-04-21 14:58 - 2013-04-21 14:58 - 00469668 ____A C:\Users\Underwood\Downloads\runtime.dat

2013-04-21 14:54 - 2013-04-21 14:54 - 01014752 ____A (Solid State Networks) C:\Users\Underwood\Downloads\install_flashplayer11x32axau_mssd_aih.exe

2013-04-21 14:00 - 2013-02-21 05:30 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-04-21 14:00 - 2013-02-21 05:30 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-04-21 14:00 - 2013-02-21 05:29 - 14323200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-04-21 14:00 - 2013-02-21 05:29 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-04-21 14:00 - 2013-02-21 05:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-04-21 14:00 - 2013-02-21 05:29 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-04-21 14:00 - 2013-02-21 05:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-04-21 14:00 - 2013-02-21 05:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-04-21 14:00 - 2013-02-21 05:29 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-04-21 14:00 - 2013-02-21 05:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-04-21 14:00 - 2013-02-21 05:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-04-21 14:00 - 2013-02-21 05:29 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-04-21 14:00 - 2013-02-21 05:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-04-21 14:00 - 2013-02-21 05:15 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-04-21 14:00 - 2013-02-21 05:15 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-04-21 14:00 - 2013-02-21 05:14 - 19230208 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-04-21 14:00 - 2013-02-21 05:14 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-04-21 14:00 - 2013-02-21 05:14 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-04-21 14:00 - 2013-02-21 05:14 - 02647040 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-04-21 14:00 - 2013-02-21 05:14 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-04-21 14:00 - 2013-02-21 05:14 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-04-21 14:00 - 2013-02-21 05:14 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-04-21 14:00 - 2013-02-21 05:14 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-04-21 14:00 - 2013-02-21 05:14 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-04-21 14:00 - 2013-02-21 05:14 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-04-21 14:00 - 2013-02-21 05:14 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-04-21 14:00 - 2013-02-21 05:14 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-04-21 14:00 - 2013-02-19 07:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-04-21 14:00 - 2013-02-19 06:42 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-04-21 14:00 - 2013-02-19 06:10 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-04-21 14:00 - 2013-02-19 05:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-04-21 13:59 - 2013-03-19 01:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-04-21 13:59 - 2013-03-19 00:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll

2013-04-21 13:59 - 2013-03-19 00:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-04-21 13:59 - 2013-03-19 00:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-04-21 13:59 - 2013-03-18 23:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2013-04-21 13:59 - 2013-03-18 22:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe

2013-04-21 13:59 - 2013-02-28 22:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-04-21 13:59 - 2013-02-15 01:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll

2013-04-21 13:59 - 2013-02-15 01:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll

2013-04-21 13:59 - 2013-02-15 01:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll

2013-04-21 13:59 - 2013-02-14 23:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2013-04-21 13:59 - 2013-02-14 23:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

2013-04-21 13:59 - 2013-02-14 22:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2013-04-21 13:59 - 2013-01-24 01:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys

==================== One Month Modified Files and Folders =======

2013-05-14 11:52 - 2013-05-14 11:52 - 00000000 ____D C:\FRST

2013-05-14 11:44 - 2011-06-16 11:39 - 00250336 ____A C:\ProgramData\dleascan.log

2013-05-14 11:44 - 2011-06-16 11:39 - 00250336 ____A C:\ProgramData\Application Data\dleascan.log

2013-05-14 11:44 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-05-14 11:44 - 2009-07-13 23:51 - 00114616 ____A C:\Windows\setupact.log

2013-05-14 11:42 - 2013-03-24 09:42 - 00000348 ____A C:\Windows\Tasks\dsmonitor.job

2013-05-14 11:42 - 2013-01-30 07:18 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-05-14 11:42 - 2011-05-31 16:53 - 01500611 ____A C:\Windows\WindowsUpdate.log

2013-05-14 11:42 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-05-14 11:42 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-05-14 11:40 - 2012-06-26 17:27 - 00001790 ____A C:\Users\Public\Desktop\McAfee Security Center.lnk

2013-05-14 11:40 - 2012-06-26 17:27 - 00001790 ____A C:\ProgramData\Desktop\McAfee Security Center.lnk

2013-05-14 11:38 - 2009-07-14 00:13 - 00779266 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-14 11:35 - 2011-08-10 17:08 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-05-14 11:35 - 2011-06-15 15:20 - 00000000 ____D C:\Users\Underwood\Local Settings\SoftThinks

2013-05-14 11:35 - 2011-06-15 15:20 - 00000000 ____D C:\Users\Underwood\Local Settings\Application Data\SoftThinks

2013-05-14 11:35 - 2011-06-15 15:20 - 00000000 ____D C:\Users\Underwood\AppData\Local\SoftThinks

2013-05-14 11:35 - 2011-05-31 16:56 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup

2013-05-14 11:30 - 2011-08-10 17:08 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-05-13 18:43 - 2013-05-13 18:43 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery

2013-05-13 18:39 - 2011-05-31 17:07 - 00000000 ____D C:\Program Files (x86)\McAfee

2013-05-13 18:39 - 2010-11-20 22:47 - 00215330 ____A C:\Windows\PFRO.log

2013-05-13 18:23 - 2013-05-13 18:23 - 00000000 ____D C:\Users\Underwood\Desktop\mbar-1.05.0.1001

2013-05-13 18:23 - 2013-05-13 18:22 - 12917756 ____A C:\Users\Underwood\Desktop\mbar-1.05.0.1001.zip

2013-05-13 18:19 - 2013-02-16 10:07 - 00000000 ____D C:\Users\Underwood\Desktop\kids pics

2013-05-13 18:09 - 2011-11-07 23:21 - 00000000 ____D C:\Users\Underwood\Application Data\Skype

2013-05-13 18:09 - 2011-11-07 23:21 - 00000000 ____D C:\Users\Underwood\AppData\Roaming\Skype

2013-05-13 18:04 - 2013-05-10 15:53 - 00000000 ____D C:\ProgramData\HitmanPro

2013-05-13 18:04 - 2013-05-10 15:53 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro

2013-05-10 17:10 - 2011-10-06 06:13 - 00196096 __ASH C:\Users\Underwood\Desktop\Thumbs.db

2013-05-10 17:09 - 2012-06-24 11:39 - 00000043 ___RH C:\Users\Underwood\Desktop\stinger.opt

2013-05-10 17:09 - 2012-06-24 11:30 - 00000000 ____D C:\Program Files (x86)\stinger

2013-05-10 17:03 - 2013-05-10 17:03 - 00016200 ____A (McAfee, Inc.) C:\Windows\stinger.sys

2013-05-10 16:06 - 2013-05-10 16:06 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe

2013-05-10 16:06 - 2013-05-10 16:06 - 00010612 ____A C:\Windows\System32\.crusader

2013-05-10 16:06 - 2012-01-11 15:42 - 00000000 __SHD C:\Users\Underwood\Local Settings\Application Data\{df565d80-3848-d242-7515-75c6a433e7ba}

2013-05-10 16:06 - 2012-01-11 15:42 - 00000000 __SHD C:\Users\Underwood\Local Settings\{df565d80-3848-d242-7515-75c6a433e7ba}

2013-05-10 16:06 - 2012-01-11 15:42 - 00000000 __SHD C:\Users\Underwood\AppData\Local\{df565d80-3848-d242-7515-75c6a433e7ba}