Fozzie2911 Posted June 6, 2013 ID:688064 Share Posted June 6, 2013 I got the FBI moneypak virus yesterday, after spending ten minutes trying to get around the screen i just turned off the computer, upon turning it back on the virus didnt take over my computer, i ran malware and it said it removed 7 issues. today the virus screen came back only now its instantaneous and happens no matter what mode i try to open it in. I could really use some help Link to post Share on other sites More sharing options...
MrCharlie Posted June 6, 2013 ID:688066 Share Posted June 6, 2013 Welcome to the forum, here's how we deal with that malware:Please download Farbar Recovery Scan Tool and save it to a flash drive.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Plug the flash drive into the infected PC.If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.If you are using Vista or Windows 7 enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.[*]On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand PromptSelect Command PromptOnce in the Command Prompt:[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.MrC Link to post Share on other sites More sharing options...
Fozzie2911 Posted June 6, 2013 Author ID:688090 Share Posted June 6, 2013 so im having a problem already, the drive says that frst64 is in it on my backup computer but when i plug it into the infected one it doesnt show up Link to post Share on other sites More sharing options...
Fozzie2911 Posted June 6, 2013 Author ID:688096 Share Posted June 6, 2013 scratch that i jumped the gun. its running now Link to post Share on other sites More sharing options...
Fozzie2911 Posted June 6, 2013 Author ID:688098 Share Posted June 6, 2013 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-06-2013 01Ran by SYSTEM on 06-06-2013 12:41:58Running from H:\Windows 7 Home Premium (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2011-03-22] (IDT, Inc.)HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)HKLM\...\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-01-20] ()HKLM\...\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-01-27] (Hewlett-Packard)HKLM\...\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe [107832 2009-08-19] (Hewlett-Packard )HKLM\...\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)HKLM-x32\...\RunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer [432504 2013-03-30] ()HKLM-x32\...\RunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer [512512 2013-03-30] ()HKLM-x32\...\RunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer [352632 2013-03-30] ()HKLM-x32\...\RunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer [1031544 2013-03-30] ()HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-06] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)HKLM-x32\...\Run: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE [1115536 2011-03-24] (Discordia, LTD)HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41056 2013-05-08] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)HKLM-x32\...\Run: [] [x]HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1561768 2012-05-04] (Ask)HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296096 2012-10-24] (RealNetworks, Inc.)HKLM-x32\...\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-03-28] (DivX, LLC)HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-12] ()HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-15] (Apple Inc.)HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [x]HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [x]HKU\Kiosk\...\Run: [Microsoft MDX Demo] C:\Program Files (x86)\Microsoft Digital Experience\Microsoft.MDX.Demo.exe [x]HKU\Kiosk\...\Run: [Microsoft MDX DemoScheduler] C:\Program Files (x86)\Microsoft Digital Experience\Microsoft.MDX.DemoScheduler.exe [x]HKU\Kiosk\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-06-16] (Hewlett-Packard Company)HKU\Kiosk\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [x]HKU\Kiosk\...\RunOnce: [spchecker] "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe" [x]HKU\Kiosk\...\Policies\system: [NoDispSettingsPage] 1HKU\Kiosk\...\Policies\system: [DisableRegistryTools] 1HKU\Kiosk\...\Policies\system: [NoDispScrSavPage] 1HKU\Kiosk\...\Policies\system: [NoDispCPL] 1HKU\Kiosk\...\Policies\system: [NoDispBackgroundPage] 1HKU\Kiosk\...\Policies\system: [NoDispAppearancePage] 1HKU\Kiosk\...\Policies\system: [DisableChangePassword] 1HKU\Kiosk\...\Policies\system: [DisableLockWorkstation] 1HKU\Kiosk\...\Policies\system: [DisableTaskMgr] 1HKU\Kiosk.primary-PC\...\Run: [Microsoft MDX Demo] C:\Program Files (x86)\Microsoft Digital Experience\Microsoft.MDX.Demo.exe [x]HKU\Kiosk.primary-PC\...\Run: [Microsoft MDX DemoScheduler] C:\Program Files (x86)\Microsoft Digital Experience\Microsoft.MDX.DemoScheduler.exe [x]HKU\Kiosk.primary-PC\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-06-16] (Hewlett-Packard Company)HKU\Kiosk.primary-PC\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [x]HKU\Kiosk.primary-PC\...\RunOnce: [spchecker] "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe" [x]HKU\Kiosk.primary-PC\...\Policies\system: [NoDispSettingsPage] 1HKU\Kiosk.primary-PC\...\Policies\system: [DisableRegistryTools] 1HKU\Kiosk.primary-PC\...\Policies\system: [NoDispScrSavPage] 1HKU\Kiosk.primary-PC\...\Policies\system: [NoDispCPL] 1HKU\Kiosk.primary-PC\...\Policies\system: [NoDispBackgroundPage] 1HKU\Kiosk.primary-PC\...\Policies\system: [NoDispAppearancePage] 1HKU\Kiosk.primary-PC\...\Policies\system: [DisableChangePassword] 1HKU\Kiosk.primary-PC\...\Policies\system: [DisableLockWorkstation] 1HKU\Kiosk.primary-PC\...\Policies\system: [DisableTaskMgr] 1HKU\Mcx1-PRIMARY-PC\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)HKU\Mcx2-PRIMARY-PC\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)HKU\primary\...\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1635752 2013-05-03] (Valve Corporation)HKU\primary\...\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized [27112568 2012-10-04] (ooVoo LLC)HKU\primary\...\Run: [Linkury Chrome Smartbar] C:\Program Files (x86)\Linkury\Linkury.exe startup [x]HKU\primary\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-06-16] (Hewlett-Packard Company)HKU\primary\...\Run: [itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe [x]HKU\primary\...\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [x]HKU\primary\...\Run: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED [882520 2013-04-22] (BitTorrent Inc.)HKU\primary\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)HKU\primary\...\Run: [DriverScanner] "C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe" delay 20000 [338296 2011-10-20] (Uniblue Systems Limited)HKU\primary\...\Run: [Facebook Update] "C:\Users\primary\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2013-02-18] (Facebook Inc.)HKU\primary\...\Run: [ATI] RUNDLL32.EXE C:\Users\primary\AppData\Local\ATI\ymnznnyr.dll,nplhogqsryrj [833536 2013-06-03] (Oracle Corporation) <===== ATTENTIONHKU\primary\...\Run: [Adobe CSS5.1 Manager] C:\Users\primary\AppData\Local\8acf25bc-9cb7-4791-b694-ad88e1a59332ad\acfbccbbadeaad.exe [339968 2013-06-04] () <===== ATTENTIONHKU\primary\...\Winlogon: [shell] explorer.exe,C:\Users\primary\AppData\Roaming\skype.dat [164352 2011-11-16] (PixelByte Soft Group) <==== ATTENTION AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll [1058712 2011-03-24] (Discordia, LTD)==================== Services (Whitelisted) =================S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-04-05] (Advanced Micro Devices, Inc.)S2 DvmMDES; C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [338168 2010-03-05] (DeviceVM, Inc.)S2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] ()S2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]==================== Drivers (Whitelisted) ====================S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)S1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [20056 2009-11-11] (DeviceVM, Inc.)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)S3 easytether; system32\DRIVERS\easytthr.sys [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-06-06 12:41 - 2013-06-06 12:41 - 00000000 ____D C:\FRST2013-06-06 01:51 - 2013-06-06 09:31 - 00000004 ____A C:\Users\primary\AppData\Roaming\skype.ini2013-06-06 01:47 - 2013-06-06 01:47 - 00331776 ____A C:\Users\primary\windowsupdate.exe2013-06-06 01:47 - 2013-06-06 01:47 - 00164352 ____A (PixelByte Soft Group) C:\Users\primary\ctfmon.exe2013-06-06 01:47 - 2013-06-06 01:47 - 00000000 ____A C:\Users\primary\spoolsv.exe2013-06-06 01:47 - 2013-06-06 01:47 - 00000000 ____A C:\Users\primary\msconfig.exe2013-06-06 01:47 - 2013-06-06 01:47 - 00000000 ____A C:\Users\primary\firefox.exe2013-06-05 01:49 - 2013-06-05 01:49 - 00157696 ____A (PixelByte Soft Group) C:\Users\primary\flashplayer.exe2013-06-05 01:49 - 2013-06-05 01:49 - 00000000 ____A C:\Users\primary\opera.exe2013-06-05 01:49 - 2013-06-05 01:49 - 00000000 ____A C:\Users\primary\mstsc.exe2013-06-05 01:49 - 2013-06-05 01:49 - 00000000 ____A C:\Users\primary\java.exe2013-06-05 01:36 - 2013-06-05 01:36 - 00157696 ____A (PixelByte Soft Group) C:\Users\primary\notepad.exe2013-06-05 01:36 - 2013-06-05 01:36 - 00000000 ____A C:\Users\primary\jqs.exe2013-06-05 01:36 - 2013-06-05 01:36 - 00000000 ____A C:\Users\primary\chrome.exe2013-06-05 01:26 - 2013-06-05 01:26 - 00014998 ____A C:\Users\primary\Desktop\hs_err_pid1440.log2013-06-05 01:20 - 2013-06-05 01:20 - 00001087 ____A C:\Users\primary\Desktop\External USB 3.0 - Shortcut.lnk2013-06-05 01:01 - 2013-06-05 11:50 - 00000000 ____D C:\Users\primary\Downloads\Justice League (Unlimited)2013-06-05 00:32 - 2013-06-06 01:00 - 00000000 ____D C:\Users\primary\Downloads\Titans2013-06-04 16:39 - 2013-06-05 01:26 - 00000000 ____D C:\Users\primary\Downloads\Cowboy Bebop - Session 01-26 (Dual_Audio) - DVD-Rip2013-06-04 16:37 - 2013-06-05 01:23 - 00000000 ____D C:\Users\primary\Downloads\Danny Phantom season 1,2,3 extras TVrip [Honeyko]2013-06-04 15:37 - 2013-06-06 02:00 - 00000336 ___AH C:\Windows\Tasks\{E035D5DB-2C3A-4660-8BE2-7C50A40682C4}.job2013-06-04 15:37 - 2013-06-04 15:37 - 00000000 ____D C:\Users\primary\AppData\Local\8acf25bc-9cb7-4791-b694-ad88e1a59332ad2013-06-04 15:36 - 2013-06-04 15:36 - 00000000 ____A C:\Users\primary\teamviewer.exe2013-06-04 15:36 - 2013-06-04 15:36 - 00000000 ____A C:\Users\primary\acrobatreader.exe2013-06-04 10:22 - 2013-06-04 10:23 - 00000439 ____A C:\Windows\System32\Drivers\etc\hosts.ics2013-06-03 01:32 - 2013-06-03 01:32 - 00001743 ____A C:\Users\Public\Desktop\iTunes.lnk2013-06-03 01:31 - 2013-06-04 11:27 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-06-03 01:31 - 2013-06-04 11:27 - 00000000 ____D C:\Program Files\iTunes2013-06-03 01:26 - 2013-06-04 11:27 - 00000000 ____D C:\Program Files\Common Files\Apple2013-06-03 00:34 - 2013-06-03 00:34 - 00000000 ____D C:\Program Files\CPUID2013-06-03 00:29 - 2013-06-03 00:29 - 00393024 ____A (Softonic ) C:\Users\primary\Downloads\SoftonicDownloader_for_hwmonitor.exe2013-05-28 22:51 - 2013-05-28 22:51 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-05-28 22:51 - 2013-05-28 22:51 - 00000000 ____D C:\Users\primary\AppData\Roaming\Malwarebytes2013-05-28 22:51 - 2013-05-28 22:51 - 00000000 ____D C:\ProgramData\Malwarebytes2013-05-28 22:50 - 2013-05-28 22:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-05-28 22:50 - 2013-04-04 13:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys2013-05-25 13:43 - 2013-05-25 13:52 - 576915456 ___RA C:\Users\primary\Downloads\Lil Wayne - The Carter Documentary-SCARFRESH.avi2013-05-25 13:42 - 2013-05-25 13:42 - 00022562 ____A C:\Users\primary\Downloads\[kat.ph]lil.wayne.the.carter.documentary.torrent2013-05-21 02:04 - 2013-05-21 02:04 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-05-21 02:04 - 2013-05-21 02:04 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-05-21 02:04 - 2013-05-21 02:04 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-05-21 02:04 - 2013-05-21 02:04 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-05-21 02:04 - 2013-05-21 02:04 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-05-21 02:04 - 2013-05-21 02:04 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-05-21 02:04 - 2013-05-21 02:04 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-05-21 02:04 - 2013-05-21 02:04 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-05-21 02:04 - 2013-05-21 02:04 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-05-21 02:04 - 2013-05-21 02:04 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-05-21 02:04 - 2013-05-21 02:04 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-05-21 02:04 - 2013-05-21 02:04 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-05-21 02:04 - 2013-05-21 02:04 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2013-05-21 02:04 - 2013-05-21 02:04 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2013-05-21 02:04 - 2013-05-21 02:04 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat2013-05-21 02:04 - 2013-05-21 02:04 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat2013-05-21 02:04 - 2013-05-21 02:04 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-05-21 02:04 - 2013-05-21 02:04 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-05-21 02:04 - 2013-05-21 02:04 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec2013-05-21 02:04 - 2013-05-21 02:04 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2013-05-21 02:04 - 2013-05-21 02:04 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx2013-05-21 02:04 - 2013-05-21 02:04 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx2013-05-21 02:04 - 2013-05-21 02:04 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe2013-05-21 02:01 - 2013-05-21 02:12 - 00007201 ____A C:\Windows\IE10_main.log2013-05-16 02:15 - 2013-05-16 02:15 - 00000127 ____A C:\Windows\System32\MRT.INI2013-05-15 23:56 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys2013-05-15 23:56 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys2013-05-15 23:56 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll2013-05-15 23:56 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll2013-05-15 23:56 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll2013-05-15 23:56 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2013-05-15 23:56 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll2013-05-15 23:55 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys2013-05-15 23:55 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll2013-05-15 23:55 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll2013-05-15 23:55 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe2013-05-15 23:55 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll2013-05-15 23:55 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll2013-05-15 23:55 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll==================== One Month Modified Files and Folders =======2013-06-06 12:41 - 2013-06-06 12:41 - 00000000 ____D C:\FRST2013-06-06 09:31 - 2013-06-06 01:51 - 00000004 ____A C:\Users\primary\AppData\Roaming\skype.ini2013-06-06 09:31 - 2011-12-25 16:35 - 00000000 ____D C:\Program Files (x86)\Steam2013-06-06 09:31 - 2011-04-16 20:41 - 00000000 ____D C:\Users\primary\AppData\Roaming\BitTorrent2013-06-06 09:30 - 2010-11-20 18:05 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-06-06 09:29 - 2013-02-11 11:55 - 00000344 ____A C:\Windows\Tasks\DriverScanner.job2013-06-06 09:29 - 2012-05-29 22:41 - 00000418 ____A C:\Windows\Tasks\PC Optimizer Pro64 startups.job2013-06-06 09:29 - 2012-02-17 19:46 - 00000012 ____H C:\dvmexp.idx2013-06-06 09:29 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-06-06 09:28 - 2013-03-17 18:58 - 00017604 ____A C:\Windows\setupact.log2013-06-06 02:13 - 2010-11-20 18:05 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-06-06 02:00 - 2013-06-04 15:37 - 00000336 ___AH C:\Windows\Tasks\{E035D5DB-2C3A-4660-8BE2-7C50A40682C4}.job2013-06-06 01:56 - 2012-10-09 03:29 - 00000378 ____A C:\Windows\Tasks\WpsUpdateTask_primary.job2013-06-06 01:47 - 2013-06-06 01:47 - 00331776 ____A C:\Users\primary\windowsupdate.exe2013-06-06 01:47 - 2013-06-06 01:47 - 00164352 ____A (PixelByte Soft Group) C:\Users\primary\ctfmon.exe2013-06-06 01:47 - 2013-06-06 01:47 - 00000000 ____A C:\Users\primary\spoolsv.exe2013-06-06 01:47 - 2013-06-06 01:47 - 00000000 ____A C:\Users\primary\msconfig.exe2013-06-06 01:47 - 2013-06-06 01:47 - 00000000 ____A C:\Users\primary\firefox.exe2013-06-06 01:47 - 2010-05-29 17:46 - 00000000 ____D C:\users\primary2013-06-06 01:39 - 2012-06-18 20:05 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2013-06-06 01:26 - 2010-05-14 00:40 - 01933282 ____A C:\Windows\WindowsUpdate.log2013-06-06 01:00 - 2013-06-05 00:32 - 00000000 ____D C:\Users\primary\Downloads\Titans2013-06-06 00:51 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-06-06 00:51 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-06-05 21:28 - 2013-02-18 01:23 - 00000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1856054434-4186598982-793234833-1000UA.job2013-06-05 21:27 - 2010-11-20 18:04 - 00000000 ____D C:\Users\primary\AppData\Roaming\Skype2013-06-05 15:42 - 2010-05-14 00:44 - 01788474 ____A C:\Windows\PFRO.log2013-06-05 11:50 - 2013-06-05 01:01 - 00000000 ____D C:\Users\primary\Downloads\Justice League (Unlimited)2013-06-05 11:24 - 2010-09-27 12:02 - 00000000 ____D C:\Users\primary\AppData\Local\CrashDumps2013-06-05 01:49 - 2013-06-05 01:49 - 00157696 ____A (PixelByte Soft Group) C:\Users\primary\flashplayer.exe2013-06-05 01:49 - 2013-06-05 01:49 - 00000000 ____A C:\Users\primary\opera.exe2013-06-05 01:49 - 2013-06-05 01:49 - 00000000 ____A C:\Users\primary\mstsc.exe2013-06-05 01:49 - 2013-06-05 01:49 - 00000000 ____A C:\Users\primary\java.exe2013-06-05 01:36 - 2013-06-05 01:36 - 00157696 ____A (PixelByte Soft Group) C:\Users\primary\notepad.exe2013-06-05 01:36 - 2013-06-05 01:36 - 00000000 ____A C:\Users\primary\jqs.exe2013-06-05 01:36 - 2013-06-05 01:36 - 00000000 ____A C:\Users\primary\chrome.exe2013-06-05 01:35 - 2012-06-05 14:12 - 00000000 ____D C:\Users\primary\Desktop\Media2013-06-05 01:26 - 2013-06-05 01:26 - 00014998 ____A C:\Users\primary\Desktop\hs_err_pid1440.log2013-06-05 01:26 - 2013-06-04 16:39 - 00000000 ____D C:\Users\primary\Downloads\Cowboy Bebop - Session 01-26 (Dual_Audio) - DVD-Rip2013-06-05 01:23 - 2013-06-04 16:37 - 00000000 ____D C:\Users\primary\Downloads\Danny Phantom season 1,2,3 extras TVrip [Honeyko]2013-06-05 01:20 - 2013-06-05 01:20 - 00001087 ____A C:\Users\primary\Desktop\External USB 3.0 - Shortcut.lnk2013-06-05 00:28 - 2013-02-18 01:23 - 00000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1856054434-4186598982-793234833-1000Core.job2013-06-04 21:33 - 2013-03-22 22:59 - 00000000 ____D C:\Users\primary\Downloads\Jackie Chan Adventures2013-06-04 15:37 - 2013-06-04 15:37 - 00000000 ____D C:\Users\primary\AppData\Local\8acf25bc-9cb7-4791-b694-ad88e1a59332ad2013-06-04 15:36 - 2013-06-04 15:36 - 00000000 ____A C:\Users\primary\teamviewer.exe2013-06-04 15:36 - 2013-06-04 15:36 - 00000000 ____A C:\Users\primary\acrobatreader.exe2013-06-04 12:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF2013-06-04 12:35 - 2010-05-14 01:09 - 00000000 ____D C:\ProgramData\Norton2013-06-04 12:32 - 2010-04-25 09:39 - 00000000 ____D C:\ProgramData\Symantec2013-06-04 11:38 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries2013-06-04 11:34 - 2009-07-13 21:13 - 00757442 ____A C:\Windows\System32\PerfStringBackup.INI2013-06-04 11:27 - 2013-06-03 01:31 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-06-04 11:27 - 2013-06-03 01:31 - 00000000 ____D C:\Program Files\iTunes2013-06-04 11:27 - 2013-06-03 01:26 - 00000000 ____D C:\Program Files\Common Files\Apple2013-06-04 11:27 - 2010-08-17 11:42 - 00000000 ____D C:\Program Files (x86)\iTunes2013-06-04 11:25 - 2012-02-17 17:19 - 00000000 ____D C:\Users\primary\AppData\Roaming\Real2013-06-04 11:25 - 2012-02-17 03:29 - 00000000 ____D C:\Users\primary\AppData\Roaming\ConverterLite2013-06-04 11:25 - 2012-02-17 03:04 - 00000000 ____D C:\Users\primary\AppData\Roaming\NCH Software2013-06-04 11:25 - 2012-02-16 19:58 - 00000000 ____D C:\Users\primary\AppData\Local\Apps\2.02013-06-04 11:25 - 2011-12-12 13:13 - 00000000 ____D C:\Users\primary\AppData\Roaming\VBA-M2013-06-04 11:25 - 2011-12-06 13:02 - 00000000 ____D C:\Users\primary\AppData\Roaming\playitall2013-06-04 11:25 - 2011-09-19 15:41 - 00000000 ____D C:\Users\primary\AppData\Roaming\AVG20122013-06-04 11:25 - 2011-04-16 23:48 - 00000000 ____D C:\Users\primary\AppData\Roaming\vlc2013-06-04 11:25 - 2011-03-28 23:40 - 00000000 ____D C:\Users\primary\AppData\Local\Conduit2013-06-04 11:25 - 2011-03-04 16:00 - 00000000 ____D C:\Users\primary\AppData\Roaming\uTorrent2013-06-04 11:25 - 2011-01-29 00:06 - 00000000 ____D C:\Users\primary\AppData\Roaming\gtk-2.02013-06-04 11:25 - 2011-01-27 15:43 - 00000000 ____D C:\Users\primary\AppData\Roaming\MP3Rocket2013-06-04 11:25 - 2011-01-16 14:02 - 00000000 ____D C:\Users\primary\AppData\Local\Unity2013-06-04 11:25 - 2010-08-23 11:46 - 00000000 ____D C:\Users\primary\AppData\Local\myPod_Apps,_LLC2013-06-04 11:25 - 2010-08-22 09:59 - 00000000 ____D C:\Users\primary\AppData\Local\Macroplant,_LLC2013-06-04 11:25 - 2010-05-29 17:51 - 00000000 ____D C:\Users\primary\AppData\Local\ATI2013-06-04 11:25 - 2010-05-29 17:50 - 00000000 ____D C:\Users\primary\AppData\Local\Hewlett-Packard2013-06-04 11:24 - 2013-04-06 18:22 - 00000000 ____D C:\Users\primary\Downloads\TheGodfather-BitTorrent-j2013-06-04 11:24 - 2013-03-29 15:09 - 00000000 ____D C:\Users\primary\Downloads\Yelawolf-Radioactive-(Deluxe.Edition)-2011-[NoFS]2013-06-04 11:24 - 2013-03-29 15:07 - 00000000 ____D C:\Users\primary\Downloads\Yelawolf- Heart of Dixie (Official Mixtape)-2012-DjLeak2013-06-04 11:24 - 2013-03-22 21:32 - 00000000 ____D C:\Users\primary\Downloads\5-62013-06-04 11:24 - 2013-03-22 19:09 - 00000000 ____D C:\Users\primary\Downloads\3-42013-06-04 11:24 - 2013-03-22 19:01 - 00000000 ____D C:\Users\primary\Downloads\0-22013-06-04 11:24 - 2013-02-08 03:30 - 00000000 ____D C:\Users\primary\Downloads\Nickelodeon Classics Vol. 12013-06-04 11:24 - 2012-06-15 21:22 - 00000000 ____D C:\Users\Public\Downloads\Norton2013-06-04 11:24 - 2011-08-16 10:33 - 00000000 ____D C:\Users\primary\Documents\PCSX22013-06-04 11:24 - 2011-05-29 11:31 - 00000000 ___RD C:\Users\primary\Desktop\Unused2013-06-04 11:24 - 2011-04-29 11:27 - 00000000 ____D C:\Users\primary\Desktop\Mediafire2013-06-04 11:24 - 2010-07-27 22:19 - 00000000 __RSD C:\Users\primary\Documents\My Stationery2013-06-04 11:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration2013-06-04 11:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat2013-06-04 10:23 - 2013-06-04 10:22 - 00000439 ____A C:\Windows\System32\Drivers\etc\hosts.ics2013-06-04 02:27 - 2011-10-01 11:41 - 00000000 ____D C:\Users\primary\AppData\Local\TempDIR2013-06-03 01:32 - 2013-06-03 01:32 - 00001743 ____A C:\Users\Public\Desktop\iTunes.lnk2013-06-03 01:31 - 2010-09-17 03:03 - 00000000 ____D C:\Program Files\iPod2013-06-03 00:34 - 2013-06-03 00:34 - 00000000 ____D C:\Program Files\CPUID2013-06-03 00:29 - 2013-06-03 00:29 - 00393024 ____A (Softonic ) C:\Users\primary\Downloads\SoftonicDownloader_for_hwmonitor.exe2013-05-28 23:31 - 2012-10-24 01:40 - 00000000 ____D C:\Program Files (x86)\Deals Plugin2013-05-28 22:51 - 2013-05-28 22:51 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-05-28 22:51 - 2013-05-28 22:51 - 00000000 ____D C:\Users\primary\AppData\Roaming\Malwarebytes2013-05-28 22:51 - 2013-05-28 22:51 - 00000000 ____D C:\ProgramData\Malwarebytes2013-05-28 22:51 - 2013-05-28 22:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-05-25 13:52 - 2013-05-25 13:43 - 576915456 ___RA C:\Users\primary\Downloads\Lil Wayne - The Carter Documentary-SCARFRESH.avi2013-05-25 13:42 - 2013-05-25 13:42 - 00022562 ____A C:\Users\primary\Downloads\[kat.ph]lil.wayne.the.carter.documentary.torrent2013-05-24 16:46 - 2013-04-23 22:29 - 00000000 ____D C:\Users\primary\Desktop\Camera2013-05-21 05:58 - 2013-03-20 08:12 - 00000000 ____D C:\Windows\rescache2013-05-21 03:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions2013-05-21 02:12 - 2013-05-21 02:01 - 00007201 ____A C:\Windows\IE10_main.log2013-05-21 02:04 - 2013-05-21 02:04 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-05-21 02:04 - 2013-05-21 02:04 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-05-21 02:04 - 2013-05-21 02:04 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-05-21 02:04 - 2013-05-21 02:04 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-05-21 02:04 - 2013-05-21 02:04 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-05-21 02:04 - 2013-05-21 02:04 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-05-21 02:04 - 2013-05-21 02:04 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-05-21 02:04 - 2013-05-21 02:04 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-05-21 02:04 - 2013-05-21 02:04 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-05-21 02:04 - 2013-05-21 02:04 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-05-21 02:04 - 2013-05-21 02:04 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-05-21 02:04 - 2013-05-21 02:04 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-05-21 02:04 - 2013-05-21 02:04 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2013-05-21 02:04 - 2013-05-21 02:04 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2013-05-21 02:04 - 2013-05-21 02:04 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat2013-05-21 02:04 - 2013-05-21 02:04 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat2013-05-21 02:04 - 2013-05-21 02:04 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-05-21 02:04 - 2013-05-21 02:04 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-05-21 02:04 - 2013-05-21 02:04 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec2013-05-21 02:04 - 2013-05-21 02:04 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2013-05-21 02:04 - 2013-05-21 02:04 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx2013-05-21 02:04 - 2013-05-21 02:04 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx2013-05-21 02:04 - 2013-05-21 02:04 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll2013-05-21 02:04 - 2013-05-21 02:04 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe2013-05-21 02:04 - 2013-05-21 02:04 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe2013-05-19 09:01 - 2012-02-06 21:04 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForprimary.job2013-05-18 21:39 - 2012-02-20 10:08 - 00000000 ____D C:\Users\primary\AppData\Local\dumps2013-05-18 13:29 - 2010-11-20 18:04 - 00000000 ___RD C:\Program Files (x86)\Skype2013-05-18 13:29 - 2010-11-20 18:04 - 00000000 ____D C:\ProgramData\Skype2013-05-17 17:20 - 2013-02-14 10:25 - 00001974 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk2013-05-16 02:38 - 2009-07-13 20:45 - 00354480 ____A C:\Windows\System32\FNTCACHE.DAT2013-05-16 02:37 - 2012-09-28 10:21 - 00000000 ____D C:\ProgramData\PC Performer Manager2013-05-16 02:15 - 2013-05-16 02:15 - 00000127 ____A C:\Windows\System32\MRT.INI2013-05-16 02:11 - 2010-08-28 12:18 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe2013-05-14 11:39 - 2012-06-18 20:04 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-05-14 11:39 - 2012-02-17 19:48 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cplFiles to move or delete:====================C:\Users\primary\acrobatreader.exeC:\Users\primary\chrome.exeC:\Users\primary\ctfmon.exeC:\Users\primary\firefox.exeC:\Users\primary\flashplayer.exeC:\Users\primary\java.exeC:\Users\primary\jqs.exeC:\Users\primary\msconfig.exeC:\Users\primary\mstsc.exeC:\Users\primary\notepad.exeC:\Users\primary\opera.exeC:\Users\primary\spoolsv.exeC:\Users\primary\teamviewer.exeC:\Users\primary\windowsupdate.exeC:\Users\primary\AppData\Roaming\skype.datC:\Users\primary\AppData\Roaming\skype.iniC:\Windows\Tasks\{E035D5DB-2C3A-4660-8BE2-7C50A40682C4}.job==================== Known DLLs (Whitelisted) ==================================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points ============================================= Memory info =========================== Percentage of memory in use: 18%Total physical RAM: 3834.9 MBAvailable physical RAM: 3126.46 MBTotal Pagefile: 3833.05 MBAvailable Pagefile: 3120.4 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.85 MB==================== Drives ================================Drive c: () (Fixed) (Total:445.05 GB) (Free:15.91 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]Drive e: (RECOVERY) (Fixed) (Total:20.41 GB) (Free:2.15 GB) NTFS (Disk=0 Partition=3) ==>[system with boot components (obtained from reading drive)]Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 (Disk=0 Partition=4)Drive h: (TOSHIBA EXT) (Fixed) (Total:931.41 GB) (Free:567.38 GB) NTFS (Disk=2 Partition=1)Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFSDrive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)]==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 466 GB) (Disk ID: FE661C77)Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=445 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)========================================================Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 2DE7CDBB)Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)Last Boot: 2013-05-24 00:51==================== End Of Log ============================ Link to post Share on other sites More sharing options...
MrCharlie Posted June 6, 2013 ID:688114 Share Posted June 6, 2013 Unless you set all of these restrictions yourself, they are going to be fixed.If you did let me know and I'll take them out of the fix:HKU\Kiosk\...\Policies\system: [NoDispSettingsPage] 1HKU\Kiosk\...\Policies\system: [DisableRegistryTools] 1HKU\Kiosk\...\Policies\system: [NoDispScrSavPage] 1HKU\Kiosk\...\Policies\system: [NoDispCPL] 1HKU\Kiosk\...\Policies\system: [NoDispBackgroundPage] 1HKU\Kiosk\...\Policies\system: [NoDispAppearancePage] 1HKU\Kiosk\...\Policies\system: [DisableChangePassword] 1HKU\Kiosk\...\Policies\system: [DisableLockWorkstation] 1HKU\Kiosk\...\Policies\system: [DisableTaskMgr] 1HKU\Kiosk.primary-PC\...\Policies\system: [NoDispSettingsPage] 1HKU\Kiosk.primary-PC\...\Policies\system: [DisableRegistryTools] 1HKU\Kiosk.primary-PC\...\Policies\system: [NoDispScrSavPage] 1HKU\Kiosk.primary-PC\...\Policies\system: [NoDispCPL] 1HKU\Kiosk.primary-PC\...\Policies\system: [NoDispBackgroundPage] 1HKU\Kiosk.primary-PC\...\Policies\system: [NoDispAppearancePage] 1HKU\Kiosk.primary-PC\...\Policies\system: [DisableChangePassword] 1HKU\Kiosk.primary-PC\...\Policies\system: [DisableLockWorkstation] 1HKU\Kiosk.primary-PC\...\Policies\system: [DisableTaskMgr] 1OK, here you go......this should get you going:Please download the attached fixlist.txt and copy it to your flashdrive.NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7: Now please enter System Recovery Options. (as you did before)Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.See if the computer boots normally now and if so..........Download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txtTo attach a log if needed:Bottom right corner of this page.New window that comes up.~~~~~~~~~~~~~~~~~~~~~~~Note:If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:Internet accessWindows UpdateWindows FirewallIf there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.Just run fixdamage.exe.Verify that your system is now functioning normally.MrC Link to post Share on other sites More sharing options...
Fozzie2911 Posted June 7, 2013 Author ID:688311 Share Posted June 7, 2013 computer is up and running! thank you so much!mbar-log-2013-06-06 (14-44-42).txtmbar-log-2013-06-07 (02-17-57).txt Link to post Share on other sites More sharing options...
MrCharlie Posted June 7, 2013 ID:688329 Share Posted June 7, 2013 Well Done, lets run ComboFix to clear up any leftovers.Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
Fozzie2911 Posted June 7, 2013 Author ID:688455 Share Posted June 7, 2013 so i just got done with ComboFix and now my internets address bar doesnt work. I can type things in but it doesnt go anywhere Link to post Share on other sites More sharing options...
MrCharlie Posted June 7, 2013 ID:688463 Share Posted June 7, 2013 Reboot the computer and see if that clears it up.MrC Link to post Share on other sites More sharing options...
Fozzie2911 Posted June 7, 2013 Author ID:688476 Share Posted June 7, 2013 nope, still messed up :/ Link to post Share on other sites More sharing options...
MrCharlie Posted June 7, 2013 ID:688478 Share Posted June 7, 2013 Can you post the log from ComboFix......MrC Link to post Share on other sites More sharing options...
Fozzie2911 Posted June 7, 2013 Author ID:688483 Share Posted June 7, 2013 it took some google maneuvering but here it isComboFix.txt Link to post Share on other sites More sharing options...
MrCharlie Posted June 7, 2013 ID:688487 Share Posted June 7, 2013 What browser has the problem?? MrC Link to post Share on other sites More sharing options...
Fozzie2911 Posted June 7, 2013 Author ID:688489 Share Posted June 7, 2013 explorer Link to post Share on other sites More sharing options...
MrCharlie Posted June 7, 2013 ID:688492 Share Posted June 7, 2013 There's lots of adware in the log, let check a lttle more:Please download AdwCleaner from here and save it on your Desktop. AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.AdwCleaner is a tool that deletes :· Adwares (software ads)· PUP/LPI (Potentially Undesirable Program)· Toolbars· Hijacker (Hijack of the browser's homepage)It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.Now click on the Search tab.Please post the contents of the log-file created in your next post.Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.Note:Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:/DisableAskDetection - This option disables Ask Toolbar detection.MrC Link to post Share on other sites More sharing options...
Fozzie2911 Posted June 7, 2013 Author ID:688500 Share Posted June 7, 2013 nothing that I can see is worth saving, looks like a lot of Mozilla. which I don't use anymoreAdwCleanerR2.txt Link to post Share on other sites More sharing options...
MrCharlie Posted June 7, 2013 ID:688506 Share Posted June 7, 2013 Lots of adware found....lets clear it out.....Please re-run AdwCleanerClick on Delete button.Confirm each time with OK if asked.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.Reboot and let me know if there's any difference......MrC Link to post Share on other sites More sharing options...
Fozzie2911 Posted June 7, 2013 Author ID:688513 Share Posted June 7, 2013 address bar is stil downAdwCleanerS1.txt Link to post Share on other sites More sharing options...
MrCharlie Posted June 7, 2013 ID:688518 Share Posted June 7, 2013 Try IE without any add-ons:Click the Start button , click All Programs, click Accessories, click System Tools, and then click Internet Explorer (No Add-ons).MrC Link to post Share on other sites More sharing options...
Fozzie2911 Posted June 7, 2013 Author ID:688529 Share Posted June 7, 2013 still the same thing, I can type out an address but when I push enter or click the arrow it doesn't go anywhere Link to post Share on other sites More sharing options...
MrCharlie Posted June 7, 2013 ID:688542 Share Posted June 7, 2013 What version of IE are you using?? MrC Link to post Share on other sites More sharing options...
Fozzie2911 Posted June 7, 2013 Author ID:688548 Share Posted June 7, 2013 10.0.9200.16576 Link to post Share on other sites More sharing options...
MrCharlie Posted June 7, 2013 ID:688552 Share Posted June 7, 2013 Can you find this file and attach it for me:C:\Qoobox\ComboFix-quarantined-files.txtMrC Link to post Share on other sites More sharing options...
Fozzie2911 Posted June 7, 2013 Author ID:688555 Share Posted June 7, 2013 .ComboFix-quarantined-files.txt Link to post Share on other sites More sharing options...
Recommended Posts