Slow startups and multiple blue screen mem dumps/ ZeroAccess

[DouglasW]

My computer is taking longer to boot up and in the past few days has gone to a blue screen mem dump up to five times on boot up. Thank you.

[Maurice Naggar]

Hello Douglas,

As you should know, it -really- helps for us to know what version of Windows is on this system. Needless to point out, there are several flavors out there. Knowing yours would surely help.

IF yours is Windows 7 or Vista....

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Disconnect any external storage drives from the computer.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select English as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.

OR If you have the Windows o.s. DVD, then To enter System Recovery Options, by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Select English as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    
  • Startup Repair
    
  • System Restore
    
  • Windows Complete PC Restore
    
  • Windows Memory Diagnostic Tool
    
  • Command Prompt

[*]Select Command Prompt

Now, Plug the flashdrive with FRST tool into the PC.

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[DouglasW]

Sorry. This is a Dell Inspiron with windows 7. Here is the log.Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2013 01

Ran by SYSTEM on 31-05-2013 12:24:57

Running from F:\

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)

HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-21] (Dell Inc.)

HKLM\...\Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-07-27] (Intel® Corporation)

HKLM\...\Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10365952 2011-05-19] (Intel Corporation)

HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207845 2011-04-29] ()

HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1832760 2012-09-20] (Logitech, Inc.)

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a\n. ATTENTION! ====> ZeroAccess

HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd)

HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)

HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)

HKLM-x32\...\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 [67496 2012-08-21] ()

HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [37960 2013-05-10] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [1135n Scan2PC] "C:\Windows\twain_32\Dell\DELL1135\Scan2Pc.exe" [1990144 2011-01-21] ()

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)

HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [296056 2012-05-06] (RealNetworks, Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [151952 2012-11-29] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)

HKU\Douglas Walters\...\Run: [Akamai NetSession Interface] "C:\Users\Douglas Walters\AppData\Local\Akamai\netsession_win.exe" [x]

HKU\Douglas Walters\...\Run: [dasews] "C:\Windows\System32\rundll32.exe" "C:\Users\Douglas Walters\AppData\Roaming\dasews.dll",chunk_location [x]

==================== Services (Whitelisted) =================

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()

==================== Drivers (Whitelisted) ====================

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [29288 2010-12-24] (Wondershare)

S2 DgiVecp; C:\windows\system32\Drivers\DgiVecp.sys [53816 2010-01-20] (Samsung Electronics Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-31 12:24 - 2013-05-31 12:24 - 00000000 ____D C:\FRST

2013-05-31 12:01 - 2013-05-31 12:01 - 00000000 ____D C:\Users\Douglas Walters\Local Settings\Application Data\{5737D198-E131-4C89-A451-6B275D8256EA}

2013-05-31 12:01 - 2013-05-31 12:01 - 00000000 ____D C:\Users\Douglas Walters\Local Settings\{5737D198-E131-4C89-A451-6B275D8256EA}

2013-05-31 12:01 - 2013-05-31 12:01 - 00000000 ____D C:\Users\Douglas Walters\AppData\Local\{5737D198-E131-4C89-A451-6B275D8256EA}

2013-05-23 16:24 - 2013-05-31 11:57 - 00000504 ____A C:\Windows\setupact.log

2013-05-23 16:24 - 2013-05-23 16:24 - 00000000 ____A C:\Windows\setuperr.log

2013-05-23 16:09 - 2013-05-23 16:09 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk

2013-05-23 16:09 - 2013-05-23 16:09 - 00002021 ____A C:\ProgramData\Desktop\Adobe Reader X.lnk

2013-05-23 14:10 - 2013-05-23 14:10 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk

2013-05-23 14:10 - 2013-05-23 14:10 - 00000824 ____A C:\ProgramData\Desktop\CCleaner.lnk

2013-05-23 14:10 - 2013-05-23 14:10 - 00000000 ____D C:\Program Files\CCleaner

2013-05-23 13:48 - 2013-05-23 13:48 - 00204496 ____A (Malwarebytes) C:\Users\Douglas Walters\Desktop\startuplite-setup-1.07.exe

2013-05-23 13:09 - 2013-05-23 13:09 - 00000000 ____D C:\Program Files\My Dell

2013-05-23 12:52 - 2013-05-23 12:52 - 00000000 ____D C:\Windows\Sun

2013-05-23 10:43 - 2013-05-23 10:43 - 00000217 ____A C:\Windows\System32\MRT.INI

2013-05-23 10:40 - 2013-05-23 10:39 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-05-23 10:40 - 2013-05-23 10:39 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-05-23 10:40 - 2013-05-03 16:15 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-05-23 10:39 - 2013-05-23 10:39 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-05-23 10:39 - 2013-05-23 10:39 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-05-23 10:39 - 2013-05-23 10:39 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-05-23 10:00 - 2013-05-23 10:01 - 00000859 ____A C:\AdwCleaner[R2].txt

2013-05-21 18:42 - 2013-05-21 18:42 - 00000000 ____D C:\Users\Douglas Walters\Local Settings\Application Data\{E74FC3DD-75AA-43DC-BA9D-7670E567E511}

2013-05-21 18:42 - 2013-05-21 18:42 - 00000000 ____D C:\Users\Douglas Walters\Local Settings\{E74FC3DD-75AA-43DC-BA9D-7670E567E511}

2013-05-21 18:42 - 2013-05-21 18:42 - 00000000 ____D C:\Users\Douglas Walters\AppData\Local\{E74FC3DD-75AA-43DC-BA9D-7670E567E511}

2013-05-21 18:39 - 2013-05-21 17:53 - 113813038 ____A C:\Users\Douglas Walters\My Documents\MOV01589.AVI

2013-05-21 18:39 - 2013-05-21 17:53 - 113813038 ____A C:\Users\Douglas Walters\Documents\MOV01589.AVI

2013-05-20 15:59 - 2013-05-20 15:59 - 00000000 ____D C:\Users\Douglas Walters\Local Settings\Application Data\{9BC05F7A-CD12-40C1-B05E-55BED8F03F38}

2013-05-20 15:59 - 2013-05-20 15:59 - 00000000 ____D C:\Users\Douglas Walters\Local Settings\{9BC05F7A-CD12-40C1-B05E-55BED8F03F38}

2013-05-20 15:59 - 2013-05-20 15:59 - 00000000 ____D C:\Users\Douglas Walters\AppData\Local\{9BC05F7A-CD12-40C1-B05E-55BED8F03F38}

2013-05-16 16:24 - 2013-04-10 01:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys

2013-05-16 16:24 - 2013-04-10 01:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys

2013-05-16 16:24 - 2011-02-03 06:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll

2013-05-16 16:22 - 2013-03-19 00:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll

2013-05-16 16:22 - 2013-03-19 00:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll

2013-05-16 16:22 - 2013-02-27 01:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe

2013-05-16 16:22 - 2013-02-27 00:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2013-05-16 16:22 - 2013-02-27 00:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll

2013-05-16 16:22 - 2013-02-27 00:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll

2013-05-16 16:22 - 2013-02-27 00:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll

2013-05-16 16:22 - 2013-02-26 23:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-05-16 16:22 - 2013-02-26 23:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2013-05-16 16:22 - 2013-02-26 23:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-05-16 16:21 - 2013-04-09 22:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-05-16 16:04 - 2013-04-05 01:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-05-16 16:04 - 2013-04-05 01:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-05-16 16:04 - 2013-04-05 01:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-05-16 16:04 - 2013-04-05 01:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-16 16:04 - 2013-04-05 01:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-05-16 16:04 - 2013-04-05 01:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-05-16 16:04 - 2013-04-05 01:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-05-16 16:04 - 2013-04-05 01:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-05-16 16:04 - 2013-04-05 01:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-05-16 16:04 - 2013-04-05 01:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-05-16 16:04 - 2013-04-05 01:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-05-16 16:04 - 2013-04-05 01:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-05-16 16:04 - 2013-04-05 01:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-05-16 16:04 - 2013-04-05 01:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-05-16 16:04 - 2013-04-05 00:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-05-16 16:04 - 2013-04-05 00:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-05-16 16:04 - 2013-04-05 00:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-05-16 16:04 - 2013-04-05 00:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-05-16 16:04 - 2013-04-05 00:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-05-16 16:04 - 2013-04-05 00:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-05-16 16:04 - 2013-04-05 00:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-05-16 16:04 - 2013-04-05 00:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-05-16 16:04 - 2013-04-05 00:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-05-16 16:04 - 2013-04-05 00:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-05-16 16:04 - 2013-04-05 00:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-05-16 16:04 - 2013-04-05 00:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-05-16 16:04 - 2013-04-05 00:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-05-16 16:04 - 2013-04-04 23:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-16 16:04 - 2013-04-04 23:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-05-16 16:04 - 2013-04-04 22:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-05-16 16:04 - 2013-04-04 22:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-05-11 20:18 - 2013-05-11 20:19 - 00000000 ____D C:\Users\Douglas Walters\Local Settings\Application Data\{B310F1F2-156D-4E38-B654-ECC5EFA97B63}

2013-05-11 20:18 - 2013-05-11 20:19 - 00000000 ____D C:\Users\Douglas Walters\Local Settings\{B310F1F2-156D-4E38-B654-ECC5EFA97B63}

2013-05-11 20:18 - 2013-05-11 20:19 - 00000000 ____D C:\Users\Douglas Walters\AppData\Local\{B310F1F2-156D-4E38-B654-ECC5EFA97B63}

2013-05-10 22:21 - 2013-05-10 22:21 - 00001415 ____A C:\Users\Douglas Walters\Desktop\Internet Explorer.lnk

2013-05-08 15:15 - 2013-05-08 15:15 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-05-08 15:15 - 2013-05-08 15:15 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-05-08 15:15 - 2013-05-08 15:15 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2013-05-08 15:15 - 2013-05-08 15:15 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat

2013-05-08 15:15 - 2013-05-08 15:15 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

2013-05-08 15:15 - 2013-05-08 15:15 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec

2013-05-08 15:15 - 2013-05-08 15:15 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2013-05-08 15:15 - 2013-05-08 15:15 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-05-08 15:15 - 2013-05-08 15:15 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe

2013-05-08 15:15 - 2013-05-08 15:15 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2013-05-08 15:15 - 2013-05-08 15:15 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe

2013-05-08 15:15 - 2013-05-08 15:15 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2013-05-08 15:15 - 2013-05-08 15:15 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-05-08 15:15 - 2013-05-08 15:15 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe

2013-05-08 15:15 - 2013-05-08 15:15 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx

2013-05-08 15:15 - 2013-05-08 15:15 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2013-05-08 15:15 - 2013-05-08 15:15 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2013-05-08 15:15 - 2013-05-08 15:15 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe

2013-05-08 15:15 - 2013-05-08 15:15 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2013-05-08 15:15 - 2013-05-08 15:15 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2013-05-08 15:15 - 2013-05-08 15:15 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2013-05-08 15:13 - 2013-05-08 15:13 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-05-04 20:02 - 2013-04-12 09:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders =======

2013-05-31 12:24 - 2013-05-31 12:24 - 00000000 ____D C:\FRST

2013-05-31 12:10 - 2011-09-27 22:16 - 01159162 ____A C:\Windows\WindowsUpdate.log

2013-05-31 12:06 - 2009-07-13 23:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-05-31 12:06 - 2009-07-13 23:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-05-31 12:04 - 2009-07-14 00:13 - 00006502 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-31 12:01 - 2013-05-31 12:01 - 00000000 ____D C:\Users\Douglas Walters\Local Settings\Application Data\{5737D198-E131-4C89-A451-6B275D8256EA}

2013-05-31 12:01 - 2013-05-31 12:01 - 00000000 ____D C:\Users\Douglas Walters\Local Settings\{5737D198-E131-4C89-A451-6B275D8256EA}

2013-05-31 12:01 - 2013-05-31 12:01 - 00000000 ____D C:\Users\Douglas Walters\AppData\Local\{5737D198-E131-4C89-A451-6B275D8256EA}

2013-05-31 11:59 - 2011-09-27 23:22 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks

2013-05-31 11:59 - 2011-09-27 23:22 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks

2013-05-31 11:59 - 2011-09-27 23:22 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks

2013-05-31 11:59 - 2011-09-27 23:22 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks

2013-05-31 11:59 - 2011-09-27 23:22 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks

2013-05-31 11:59 - 2011-09-27 23:22 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks

2013-05-31 11:59 - 2011-09-27 23:10 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup

2013-05-31 11:58 - 2012-09-14 10:04 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-05-31 11:57 - 2013-05-23 16:24 - 00000504 ____A C:\Windows\setupact.log

2013-05-31 11:57 - 2011-11-30 20:22 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-05-31 11:57 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-05-31 07:35 - 2011-11-30 20:22 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-05-31 03:31 - 2011-10-31 18:46 - 00000000 ____D C:\Users\Douglas Walters\Local Settings\Nero

2013-05-31 03:31 - 2011-10-31 18:46 - 00000000 ____D C:\Users\Douglas Walters\Local Settings\Application Data\Nero

2013-05-31 03:31 - 2011-10-31 18:46 - 00000000 ____D C:\Users\Douglas Walters\AppData\Local\Nero

2013-05-31 03:15 - 2011-10-29 12:46 - 00000000 ____D C:\users\Douglas Walters

2013-05-31 03:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration

2013-05-28 18:27 - 2011-10-29 13:18 - 00000000 ____D C:\Users\Douglas Walters\Application Data\Skype

2013-05-28 18:27 - 2011-10-29 13:18 - 00000000 ____D C:\Users\Douglas Walters\AppData\Roaming\Skype

2013-05-24 20:29 - 2011-10-30 18:32 - 00000000 ____D C:\Users\Douglas Walters\Application Data\.minecraft

2013-05-24 20:29 - 2011-10-30 18:32 - 00000000 ____D C:\Users\Douglas Walters\AppData\Roaming\.minecraft

2013-05-24 20:19 - 2012-11-21 18:05 - 00000000 ____D C:\Program Files (x86)\Steam

2013-05-24 16:30 - 2009-07-14 00:08 - 00032590 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2013-05-23 16:24 - 2013-05-23 16:24 - 00000000 ____A C:\Windows\setuperr.log

2013-05-23 16:09 - 2013-05-23 16:09 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk

2013-05-23 16:09 - 2013-05-23 16:09 - 00002021 ____A C:\ProgramData\Desktop\Adobe Reader X.lnk

2013-05-23 15:57 - 2012-01-01 17:58 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3

2013-05-23 14:40 - 2011-12-26 21:20 - 00000000 ____D C:\Windows\Minidump

2013-05-23 14:16 - 2011-02-23 08:08 - 00000000 ____D C:\Windows\Panther

2013-05-23 14:10 - 2013-05-23 14:10 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk

2013-05-23 14:10 - 2013-05-23 14:10 - 00000824 ____A C:\ProgramData\Desktop\CCleaner.lnk

2013-05-23 14:10 - 2013-05-23 14:10 - 00000000 ____D C:\Program Files\CCleaner

2013-05-23 13:48 - 2013-05-23 13:48 - 00204496 ____A (Malwarebytes) C:\Users\Douglas Walters\Desktop\startuplite-setup-1.07.exe

2013-05-23 13:09 - 2013-05-23 13:09 - 00000000 ____D C:\Program Files\My Dell

2013-05-23 13:09 - 2012-04-06 14:14 - 00000000 ____D C:\Program Files\Dell Support Center

2013-05-23 13:09 - 2011-10-29 13:00 - 00000000 ____D C:\ProgramData\PCDr

2013-05-23 13:09 - 2011-10-29 13:00 - 00000000 ____D C:\ProgramData\Application Data\PCDr

2013-05-23 12:52 - 2013-05-23 12:52 - 00000000 ____D C:\Windows\Sun

2013-05-23 10:43 - 2013-05-23 10:43 - 00000217 ____A C:\Windows\System32\MRT.INI

2013-05-23 10:42 - 2013-01-24 17:06 - 00006528 ____A C:\Users\Douglas Walters\Local Settings\Application Data\2054eec6-cd0c-44d5-82f5-5fb1e24158f5.crx

2013-05-23 10:42 - 2013-01-24 17:06 - 00006528 ____A C:\Users\Douglas Walters\Local Settings\2054eec6-cd0c-44d5-82f5-5fb1e24158f5.crx

2013-05-23 10:42 - 2013-01-24 17:06 - 00006528 ____A C:\Users\Douglas Walters\AppData\Local\2054eec6-cd0c-44d5-82f5-5fb1e24158f5.crx

2013-05-23 10:39 - 2013-05-23 10:40 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-05-23 10:39 - 2013-05-23 10:40 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-05-23 10:39 - 2013-05-23 10:39 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-05-23 10:39 - 2013-05-23 10:39 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-05-23 10:39 - 2013-05-23 10:39 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-05-23 10:39 - 2011-09-27 22:25 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2013-05-23 10:39 - 2011-09-27 22:25 - 00000000 ____D C:\Program Files (x86)\Java

2013-05-23 10:23 - 2013-01-28 17:52 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-05-23 10:23 - 2013-01-28 17:52 - 00001111 ____A C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk

2013-05-23 10:23 - 2013-01-28 17:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-23 10:16 - 2011-09-27 22:59 - 00000000 ____D C:\ProgramData\McAfee

2013-05-23 10:16 - 2011-09-27 22:59 - 00000000 ____D C:\ProgramData\Application Data\McAfee

2013-05-23 10:01 - 2013-05-23 10:00 - 00000859 ____A C:\AdwCleaner[R2].txt

2013-05-21 18:42 - 2013-05-21 18:42 - 00000000 ____D C:\Users\Douglas Walters\Local Settings\Application Data\{E74FC3DD-75AA-43DC-BA9D-7670E567E511}

2013-05-21 18:42 - 2013-05-21 18:42 - 00000000 ____D C:\Users\Douglas Walters\Local Settings\{E74FC3DD-75AA-43DC-BA9D-7670E567E511}

2013-05-21 18:42 - 2013-05-21 18:42 - 00000000 ____D C:\Users\Douglas Walters\AppData\Local\{E74FC3DD-75AA-43DC-BA9D-7670E567E511}

2013-05-21 17:53 - 2013-05-21 18:39 - 113813038 ____A C:\Users\Douglas Walters\My Documents\MOV01589.AVI

2013-05-21 17:53 - 2013-05-21 18:39 - 113813038 ____A C:\Users\Douglas Walters\Documents\MOV01589.AVI

2013-05-20 15:59 - 2013-05-20 15:59 - 00000000 ____D C:\Users\Douglas Walters\Local Settings\Application Data\{9BC05F7A-CD12-40C1-B05E-55BED8F03F38}

2013-05-20 15:59 - 2013-05-20 15:59 - 00000000 ____D C:\Users\Douglas Walters\Local Settings\{9BC05F7A-CD12-40C1-B05E-55BED8F03F38}

2013-05-20 15:59 - 2013-05-20 15:59 - 00000000 ____D C:\Users\Douglas Walters\AppData\Local\{9BC05F7A-CD12-40C1-B05E-55BED8F03F38}

2013-05-19 23:11 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache

2013-05-19 22:21 - 2011-11-27 23:28 - 00000000 ____D C:\Users\Douglas Walters\My Documents\Ryan (school)

2013-05-19 22:21 - 2011-11-27 23:28 - 00000000 ____D C:\Users\Douglas Walters\Documents\Ryan (school)

2013-05-19 21:05 - 2012-09-14 10:04 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-05-19 21:05 - 2011-11-05 16:40 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-05-19 20:35 - 2009-07-13 23:45 - 00294200 ____A C:\Windows\System32\FNTCACHE.DAT

2013-05-16 16:19 - 2011-09-27 23:04 - 00000000 ____D C:\ProgramData\Skype

2013-05-16 16:19 - 2011-09-27 23:04 - 00000000 ____D C:\ProgramData\Application Data\Skype

2013-05-16 03:09 - 2011-09-27 22:24 - 00000000 ____D C:\Windows\SysWOW64\Macromed

2013-05-16 03:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\L2Schemas

2013-05-11 20:23 - 2013-01-21 18:53 - 00000000 ____D C:\Users\Douglas Walters\My Documents\FuTuRe RoBoT DjS

2013-05-11 20:23 - 2013-01-21 18:53 - 00000000 ____D C:\Users\Douglas Walters\Documents\FuTuRe RoBoT DjS

2013-05-11 20:19 - 2013-05-11 20:18 - 00000000 ____D C:\Users\Douglas Walters\Local Settings\Application Data\{B310F1F2-156D-4E38-B654-ECC5EFA97B63}

2013-05-11 20:19 - 2013-05-11 20:18 - 00000000 ____D C:\Users\Douglas Walters\Local Settings\{B310F1F2-156D-4E38-B654-ECC5EFA97B63}

2013-05-11 20:19 - 2013-05-11 20:18 - 00000000 ____D C:\Users\Douglas Walters\AppData\Local\{B310F1F2-156D-4E38-B654-ECC5EFA97B63}

2013-05-10 22:21 - 2013-05-10 22:21 - 00001415 ____A C:\Users\Douglas Walters\Desktop\Internet Explorer.lnk

2013-05-08 21:36 - 2011-10-30 15:21 - 00000099 ____A C:\Users\Public\LMDebug.log

2013-05-08 21:36 - 2011-10-30 15:01 - 00000000 ____D C:\Users\Douglas Walters\Application Data\SoftGrid Client

2013-05-08 21:36 - 2011-10-30 15:01 - 00000000 ____D C:\Users\Douglas Walters\AppData\Roaming\SoftGrid Client

2013-05-08 15:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK

2013-05-08 15:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR

2013-05-08 15:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\zh-HK

2013-05-08 15:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\tr-TR

2013-05-08 15:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-05-08 15:15 - 2013-05-08 15:15 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-05-08 15:15 - 2013-05-08 15:15 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-05-08 15:15 - 2013-05-08 15:15 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2013-05-08 15:15 - 2013-05-08 15:15 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat

2013-05-08 15:15 - 2013-05-08 15:15 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

2013-05-08 15:15 - 2013-05-08 15:15 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec

2013-05-08 15:15 - 2013-05-08 15:15 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2013-05-08 15:15 - 2013-05-08 15:15 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-05-08 15:15 - 2013-05-08 15:15 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe

2013-05-08 15:15 - 2013-05-08 15:15 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2013-05-08 15:15 - 2013-05-08 15:15 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe

2013-05-08 15:15 - 2013-05-08 15:15 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2013-05-08 15:15 - 2013-05-08 15:15 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-05-08 15:15 - 2013-05-08 15:15 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe

2013-05-08 15:15 - 2013-05-08 15:15 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx

2013-05-08 15:15 - 2013-05-08 15:15 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2013-05-08 15:15 - 2013-05-08 15:15 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2013-05-08 15:15 - 2013-05-08 15:15 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2013-05-08 15:15 - 2013-05-08 15:15 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe

2013-05-08 15:15 - 2013-05-08 15:15 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2013-05-08 15:15 - 2013-05-08 15:15 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2013-05-08 15:15 - 2013-05-08 15:15 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2013-05-08 15:13 - 2013-05-08 15:13 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-05-08 15:13 - 2013-05-08 15:13 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-05-05 03:09 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Offline Web Pages

2013-05-05 03:09 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-05-03 16:15 - 2013-05-23 10:40 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

ZeroAccess:

C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a

C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a\@

C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a\L

C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a\U

C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a\U\00000001.@

C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a\U\80000000.@

C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a\U\800000cb.@

ZeroAccess:

C:\$Recycle.Bin\S-1-5-21-2700976881-198123630-1316382465-1000\$3b99f81f31d5dbab1bcf87d0107a285a

C:\$Recycle.Bin\S-1-5-21-2700976881-198123630-1316382465-1000\$3b99f81f31d5dbab1bcf87d0107a285a\@

C:\$Recycle.Bin\S-1-5-21-2700976881-198123630-1316382465-1000\$3b99f81f31d5dbab1bcf87d0107a285a\L

C:\$Recycle.Bin\S-1-5-21-2700976881-198123630-1316382465-1000\$3b99f81f31d5dbab1bcf87d0107a285a\U

ZeroAccess:

C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-05-20 03:00:41

Restore point made on: 2013-05-21 18:41:21

Restore point made on: 2013-05-23 10:01:37

Restore point made on: 2013-05-23 10:17:13

Restore point made on: 2013-05-23 10:38:51

Restore point made on: 2013-05-23 15:48:53

Restore point made on: 2013-05-23 15:51:02

Restore point made on: 2013-05-23 15:56:07

Restore point made on: 2013-05-23 16:10:58

Restore point made on: 2013-05-24 10:22:11

Restore point made on: 2013-05-25 10:13:47

Restore point made on: 2013-05-27 21:49:05

Restore point made on: 2013-05-28 17:41:48

Restore point made on: 2013-05-30 20:42:40

Restore point made on: 2013-05-31 03:20:43

==================== Memory info ===========================

Percentage of memory in use: 20%

Total physical RAM: 4003.17 MB

Available physical RAM: 3202.51 MB

Total Pagefile: 4001.37 MB

Available Pagefile: 3191.39 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:373.07 GB) NTFS (Disk=0 Partition=3)

Drive e: (Recovery) (Fixed) (Total:14.65 GB) (Free:5.14 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]

ATTENTION: Malware custom entry on BCD on drive e: detected.

Drive f: (ACL1) (Removable) (Total:1.89 GB) (Free:0.9 GB) NTFS (Disk=1 Partition=1)

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 889FE325)

Partition 00: (Active) - (Size=0) - (Type=00) ATTENTION ===> 0 byte partition bootkit.

Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)

Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (Size: 2 GB) (Disk ID: 00000000)

Partition 1: (Active) - (Size=2 GB) - (Type=07 NTFS)

Last Boot: 2013-05-19 23:03

==================== End Of Log ============

[Maurice Naggar]

Backdoor trojan warning:ZeroAccess / Sirefef

This system has some serious backdoor trojans. ZeroAccess / Sirefef

This is a point where you need to decide about whether to make a clean start.

According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

You are strongly advised to do the following immediately.

1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

See this article on creating strong passwords http://www.microsoft.com/security/online-privacy/passwords-create.aspx

* Take any other steps you think appropriate for an attempted identity theft.

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh.

While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan

Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx

Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html

When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Let me know what you decide.

To continue here with attempting to hunt & remove, then start with the following:

Please carefully follow this procedure

Please download the attached fixlist.txt and SAVE / copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on this particular system. Running this on another machine may cause damage to your operating system

On Vista or Windows 7/8: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Anti-rookit run

Next, remove the FRST USB-flash-thumb drive.

Restart your system into normal mode of Windows.

1. Download Malwarebytes Anti-Rootkit from http://www.malwarebytes.org/products/mbar/

2. Unzip the contents to a folder in a convenient location.

3. Open the folder where the contents were unzipped and run mbar.exe

IF your Windows is Windows 8 or 7 or Vista, do a RIGHT-Click on mbar.exe and select Run As Administrator and allow to run.

If your Windows is XP, double-click to start.

4. Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

5. Click on the Cleanup button to remove any threats and reboot if prompted to do so.

6. Wait while the system shuts down and the cleanup process is performed.

7. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

Fixlist.txt

Edited June 2, 2013 by Maurice Naggar

[Maurice Naggar]

It has been several days since my last reply to you, and I have not heard from you.

Kindly reply with the status of your current situation with this system.

[DouglasW]

Hi Maurice, Thanks for the help. I will be reformatting this computer so that it is secure. You can close this thread.

[Maurice Naggar]

You should create a "system repair disc" for your Windows 7 either to a CD, DVD, or new USB-flash-thumb drive {if your hardware can boot from USB}.

The following is a reference page at Microsoft and also has a link to a how-to-video.

Create a Windows 7 system repair disc

This "repair disc" is a very handy tool that one may use when and IF you are not able to start Windows 7 normally.

This "repair disc" or "rescue disc" is not intended as a replacement for having the Windows 7 operating system DVD.

Make a rescue disc, put a label on it, store it away for a "rainy day".

Safer practices & malware prevention

• Have a hardware router between the incoming internet-modem and your computer.
  
• Use a Standard user account rather than an administrator-rights account when "surfing" the web.
  
• Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
  
• Check in at Windows Update and install any Important Updates offered.
  
• Make certain that Automatic Updates is enabled.
  How to configure and use Automatic Updates in Windows
  http://support.microsoft.com/kb/306525
  
• Check on other update issues as well, by getting, installing and using Secunia Personal Software Inspector (OSI) on a monthly basis.
  See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
  
• Download, install, and keep updated Spyware Blaster (free): http://www.javacoolsoftware.com/spywareblaster.html (all Protections should be enabled at all times)
  Tutorial for Spywareblaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
  
• I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
  See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm
  That would help to keep your browser away from known spyware/malware sites.
  Get notified when the MVPS HOSTS file is updated
  http://winhelp2002.mvps.org/updates.htm
  
• Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
  Having a total image backup of your system stored on DVD/CD is highly important.
  Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if a disaster hits.
  How to create a Windows system image in Windows 7 and Windows 8
  http://www.bleepingcomputer.com/tutorials/create-system-image-in-windows-7-8/
  How to use System Image Recovery in the Windows 7 and Windows 8 Recovery Environment
  http://www.bleepingcomputer.com/tutorials/system-image-recovery-in-windows-7-8/
  
  
• Consider using Web of Trust WOT add-on for your browser(s)
  http://www.mywot.com/en/download
  http://www.mywot.com/en/faq/add-on
  
• Take extreme care if you share USB-flash/thumb drives from other people {even from friends, roommates, relatives}
  Don't plug in an unknown flash/thumb drive into your PC.
  IF you must do so, hold down the SHIFT-key when you insert the drive.
  Scan any file with your Antivirus prior to opening or using.
  On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
  
  ESET Online Scanner
  BitDefender Quickscan
  Trend Micro Housecall
  F-Secure Online Scanner
  Microsoft Safety Scanner
  Panda ActiveScan
  
  
• See Six tips to help you stay safer online
  
• Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !
  

We are finished here. Best regards.