Jump to content

What is happening? Help!


Recommended Posts

Not really sure what is going on. My laptop is kind of old, so it just may be that, but lately some odd things have been happening. My task bar will freeze, random processes will stop working. What makes me think it may be some sort of malware, however, is that when I run Malwarebytes, even in safe mode, it always results in my computer crashing and restarting. Here are the DDS.txt and Attach.txt files:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16490 BrowserJavaVersion: 10.21.2

Run by Will at 13:57:24 on 2013-06-15

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4090.2361 [GMT -4:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe

c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\alg.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\ProgramData\Boxtools\Toolbox.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uProxyOverride = local

BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\ScriptCl.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [Google Update] "C:\Users\Will\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [boxoft Tools] "C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [FATrayAlert] "C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe"

mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [FAStartup] <no file>

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} - hxxps://athenanet.athenahealth.com/static_20121031_wward2/iemenu.cab

DPF: {832B4EED-7115-41CB-9A87-993F5C1545E4} - hxxps://athenanet.athenahealth.com/static_20121031_wward2/LibCheck.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{8733B361-0CCA-4EFB-BCEF-AC1B899C7B1F} : DHCPNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\SysWow64\browseui.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe

x64-Run: [sysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide

x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

x64-mPolicies-Explorer: NoDrives = dword:0

x64-mPolicies-System: EnableUIADesktopToggle = dword:0

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\0gditjn5.default\

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Will\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-8-26 55856]

R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-14 169624]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [2009-7-27 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-7-27 211968]

R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.EXE [2013-4-2 193672]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2008-9-5 2340096]

R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]

R2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [2006-11-30 153664]

R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2006-11-30 54872]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-8-26 636144]

R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-3-22 909152]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-8-26 172032]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-7-27 252928]

R3 mfeavfk;McAfee Inc.;C:\Windows\System32\drivers\mfeavfk.sys [2009-9-19 92488]

R3 mfehidk;McAfee Inc.;C:\Windows\System32\drivers\mfehidk.sys [2009-9-19 246344]

R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-7-27 4735488]

R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\System32\drivers\OA001Ufd.sys [2009-7-27 158592]

R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\System32\drivers\OA001Vid.sys [2009-7-27 318656]

S1 mferkdk;VSCore mferkdk;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mferkdk.sys [2006-11-30 38600]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2009-9-19 104000]

S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [2013-1-19 31968]

S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.EXE [2013-4-2 240264]

S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-8-2 243840]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCASp50a64.sys [2010-5-27 41280]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-23 89920]

.

=============== File Associations ===============

.

FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1

FileExt: .js: Applications\wordpad.exe="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [userChoice]

FileExt: .vbe: VBEFile=C:\Windows\SysWow64\WScript.exe "%1" %*

FileExt: .vbs: VBSFile=C:\Windows\SysWow64\WScript.exe "%1" %*

FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2013-06-15 07:05:00 75825640 ----a-w- C:\Windows\System32\mrt.exe

2013-06-08 19:23:38 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-08 19:23:31 263584 ----a-w- C:\Windows\SysWow64\javaws.exe

2013-06-08 19:23:31 174496 ----a-w- C:\Windows\SysWow64\javaw.exe

2013-06-08 19:23:31 174496 ----a-w- C:\Windows\SysWow64\java.exe

2013-06-08 19:23:29 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-06-08 19:23:29 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-05-18 07:44:45 721586 ----a-w- C:\Windows\System32\PerfStringBackup.TMP

2013-05-17 04:05:41 17824768 ----a-w- C:\Windows\System32\mshtml.dll

2013-05-17 03:27:25 10926080 ----a-w- C:\Windows\System32\ieframe.dll

2013-05-17 03:09:56 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-05-17 03:02:53 1346560 ----a-w- C:\Windows\System32\urlmon.dll

2013-05-17 03:02:29 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-05-17 03:01:13 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-05-17 03:00:22 237056 ----a-w- C:\Windows\System32\url.dll

2013-05-17 02:58:20 85504 ----a-w- C:\Windows\System32\jsproxy.dll

2013-05-17 02:56:09 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-05-17 02:56:00 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-05-17 02:55:59 816640 ----a-w- C:\Windows\System32\jscript.dll

2013-05-17 02:54:09 729088 ----a-w- C:\Windows\System32\msfeeds.dll

2013-05-17 02:53:20 2147840 ----a-w- C:\Windows\System32\iertutil.dll

2013-05-17 02:51:49 96768 ----a-w- C:\Windows\System32\mshtmled.dll

2013-05-17 02:51:27 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-05-17 02:46:31 248320 ----a-w- C:\Windows\System32\ieui.dll

2013-05-16 23:08:55 12329984 ----a-w- C:\Windows\SysWow64\mshtml.dll

2013-05-16 22:49:25 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll

2013-05-16 22:39:39 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-05-16 22:28:40 1104384 ----a-w- C:\Windows\SysWow64\urlmon.dll

2013-05-16 22:28:26 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-05-16 22:27:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-05-16 22:26:07 231936 ----a-w- C:\Windows\SysWow64\url.dll

2013-05-16 22:23:35 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll

2013-05-16 22:21:37 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-05-16 22:21:34 717824 ----a-w- C:\Windows\SysWow64\jscript.dll

2013-05-16 22:20:30 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-05-16 22:19:25 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll

2013-05-16 22:17:30 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll

2013-05-16 22:17:21 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll

2013-05-16 22:16:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-05-16 22:12:55 176640 ----a-w- C:\Windows\SysWow64\ieui.dll

2013-05-08 04:50:00 1423720 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-05-02 04:16:27 686080 ----a-w- C:\Windows\System32\win32spl.dll

2013-05-02 04:04:25 443904 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-05-02 04:03:42 37376 ----a-w- C:\Windows\SysWow64\printcom.dll

2013-04-24 04:09:48 174592 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-04-24 04:09:48 132096 ----a-w- C:\Windows\System32\cryptnet.dll

2013-04-24 04:09:48 1269248 ----a-w- C:\Windows\System32\crypt32.dll

2013-04-24 04:09:41 50688 ----a-w- C:\Windows\System32\certenc.dll

2013-04-24 04:00:30 985600 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-04-24 04:00:30 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-04-24 04:00:30 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-04-24 04:00:24 41984 ----a-w- C:\Windows\SysWow64\certenc.dll

2013-04-24 02:10:00 1078272 ----a-w- C:\Windows\System32\certutil.exe

2013-04-24 01:46:29 812544 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-04-17 13:04:03 30720 ----a-w- C:\Windows\System32\cryptdlg.dll

2013-04-17 12:30:06 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll

2013-04-15 14:17:12 901496 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-04-13 03:34:30 47104 ----a-w- C:\Windows\System32\cdd.dll

2013-04-09 01:55:57 2774016 ----a-w- C:\Windows\System32\win32k.sys

2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-19 21:27:01 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-19 21:27:01 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

.

============= FINISH: 13:59:07.12 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 8/26/2009 1:49:38 PM

System Uptime: 6/15/2013 1:48:27 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0U785D

Processor: Intel® Core2 Duo CPU P7350 @ 2.00GHz | U2E1 | 800/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 140.189 GiB free.

D: is FIXED (NTFS) - 15 GiB total, 7.122 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: facap, FastAccess Video Capture

Device ID: ROOT\IMAGE\0000

Manufacturer: Sensible Vision

Name: facap, FastAccess Video Capture

PNP Device ID: ROOT\IMAGE\0000

Service: FACAP

.

Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}

Description: Apowersoft_AudioDevice

Device ID: ROOT\MEDIA\0000

Manufacturer: Apowersoft_AudioDevice

Name: Apowersoft_AudioDevice

PNP Device ID: ROOT\MEDIA\0000

Service:

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

1Click DVD Copy 5.4.3.8

64 Bit HP CIO Components Installer

AC3Filter (remove only)

Acrobat.com

Adobe AIR

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Community Help

Adobe Digital Editions 2.0

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Help Center 1.0

Adobe Photoshop CS2

Adobe Photoshop.com Inspiration Browser

Adobe Premiere Elements 10

Adobe Premiere Elements 10 HD Content 2

Adobe Reader X (10.1.7)

Adobe Stock Photos 1.0

Advanced Audio FX Engine

AoA Audio Extractor

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AstroViewer 3.1.4

ATI Catalyst Control Center

Auto Gordian Knot 2.55

AviSynth 2.5

Banctec Service Agreement

Bing Bar

BlackBerry Desktop Software 5.0.1

Bonjour

Brother MFL-Pro Suite

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCleaner

ConvertHelper 2.2

Cool Edit Pro 2.1

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Dock

Dell Driver Download Manager

Dell Edoc Viewer

Dell Getting Started Guide

Dell Remote Access

Dell Support Center (Support Software)

Dell Touchpad

Dell Video Chat

Dell Webcam Central

DivX Setup

DJ_AIO_03_F4200_Software_Min

Dropbox

DVD Decrypter (Remove Only)

DVD Shrink 3.2

Elements 10 Organizer

FastAccess

ffdshow v1.2.4453 [2012-05-21]

FLV Player

FLV to MP3 Converter

Free M4a to MP3 Converter 7.0

Free Window Registry Repair

GetFLV 9.1.2.9

Google Chrome

Google Drive

Google Update Helper

GoToAssist 8.0.0.514

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Deskjet F4200 All-In-One Driver 11.0 03

Integrated Webcam Driver (1.05.02.1227)

iPhone Configuration Utility

IrfanView (remove only)

ITECIR

iTunes

Java 7 Update 21

Java Auto Updater

Java 6 Update 13

Java 6 Update 13 (64-bit)

Junk Mail filter update

Lame ACM MP3 Codec

Live! Cam Avatar Creator

Malwarebytes Anti-Malware version 1.75.0.1300

McAfee Security Scan Plus

McAfee VirusScan Enterprise

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Default Manager

Microsoft GIF Animator

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2007

Microsoft Publisher 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Mozilla Firefox 21.0 (x86 en-US)

Mozilla Maintenance Service

MP4 to MP3 Converter

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

PDFCreator

PowerISO

PRE10STIInstaller

Quickset

QuickTime

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Media Manager

Roxio Update Manager

Scan

Screen Recording Suite V2.4.9

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Segoe UI

Setup IsoEdit

Skins

SmartSound Common Data

SmartSound Premiere Elements 10 Plugin

SmartSound Sonicfire Pro 5

Spotify

Spybot - Search & Destroy

Toolbox

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

VC80CRTRedist - 8.0.50727.6195

VD64Inst

Vista Codec Package

VLC media player 1.0.2

VOB Cutter 1.0

VobSub v2.23 (Remove Only)

WAV MP3 Converter v4.4 build 1429

Winamp

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

Windows Movie Maker 2.6

WinHTTrack Website Copier 3.47-18

WinRAR archiver

XviD MPEG4 Video Codec (remove only)

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Run your CCleaner to clean out temp files, stay away from the registry cleaner part.

Then.....

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic:
Click on the
Follow This Topic Button
(at the top right of this page), make sure that the
Receive notification
box is checked and that it is set to
Instantly

Removing malware can be unpredictable
...things can go very wrong!
Backup
any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>Please stick with me until I give you the "all clear" and
Please don't waste my time by leaving before that
.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Thank you for the quick response! Here is the log from RogueKiller:

RogueKiller V8.6.0 _x64_ [Jun 15 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista

Started in : Normal mode

User : Will [Admin rights]

Mode : Scan -- Date : 06/15/2013 14:36:21

| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] Toolbox.exe -- C:\ProgramData\Boxtools\Toolbox.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 8 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Boxoft Tools ("C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun [-][x]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-630946017-1360042398-3907846972-1000\[...]\Run : Boxoft Tools ("C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun [-][x]) -> FOUND

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND

[WALLPAPER] HKCU\[...]\Desktop : WallPaper (C:\Windows\Web\Wallpaper\img27.jpg) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤

[V2][sUSP PATH] VisualBeeRecovery : C:\Users\Will\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe - /s [x][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_64\Desktop.ini [-] --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

-> D:\windows\system32\config\SYSTEM

D:\Windows\system32

-> D:\windows\system32\config\SOFTWARE

D:\Windows\system32

-> D:\windows\system32\config\SECURITY

D:\Windows\system32

-> D:\windows\system32\config\SAM

D:\Windows\system32

-> D:\windows\system32\config\DEFAULT

D:\Windows\system32

-> D:\Users\Default\NTUSER.DAT

D:\Windows\system32

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5055GSX ATA Device +++++

--- User ---

[MBR] 3e104b599087715e99b4964daab18f7a

[bSP] 12363dafc8b1110c9583683a9ba0f769 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 15360 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31569920 | Size: 461524 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 71a8b687a464e0486499b1f14df3178a

[bSP] b8f86581ed7a9f8237ce2415d9d2ca9b : TDL4 MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 15360 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31569920 | Size: 461524 Mo

Finished : << RKreport[0]_S_06152013_143621.txt >>

Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Files tab

Put a check next to all of these and uncheck the rest: (if found)

[ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_64\Desktop.ini [-] --> FOUND

Now click Delete on the right hand column under Options

-------------

Then.........

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

I ran RogueKiller and then Anti-Rootkit as instructed. After cleanup, my computer restarted and immediately crashed. I've tried rebooted several other times and it always crashes with a blue screen. I can only access my computer now through Safe Mode or Safe Mode with Networking. I've attached the Anti-Rootkit logs here to see if this helps. Any suggestions on what to do now?

mbar-log-2013-06-15 (14-49-48).txt

system-log.txt

Link to post
Share on other sites

See if you can run TDSSKiller in safe mode:

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Here's a video that explains how to run it if needed:

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    clip.jpg
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
    If in doubt about an entry....please ask or choose Skip
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

MrC

Link to post
Share on other sites

I'm a little confused. I understand that you can run this program in safe mode, however, when you apply the changes (checking Loaded Modules), the computer automatically reboots in normal mode, which as I mentioned always ends in a blue screen crash. If, when the computer reboots, I run the computer in safe mode, the changes do not apply.

Link to post
Share on other sites

Those are OK, please do this in safe mode:

Download aswMBR to your desktop.

http://public.avast....erek/aswMBR.exe

Double click the aswMBR.exe to run it.

If you see this question: Would you like to download latest Avast! virus definitions?" say "NO".

Click the "Scan" button to start scan.

On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

MrC

Link to post
Share on other sites

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2013-06-15 20:02:51

-----------------------------

20:02:51.639 OS Version: Windows x64 6.0.6002 Service Pack 2

20:02:51.639 Number of processors: 2 586 0x1706

20:02:51.640 ComputerName: WILL-PC UserName: Will

20:02:52.854 Initialize success

20:03:00.543 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

20:03:00.545 Disk 0 Vendor: TOSHIBA_MK5055GSX FG000D Size: 476940MB BusType: 3

20:03:00.668 Disk 0 MBR read successfully

20:03:00.670 Disk 0 MBR scan

20:03:00.672 Disk 0 Windows VISTA default MBR code

20:03:00.675 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63

20:03:00.685 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 112640

20:03:00.705 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461524 MB offset 31569920

20:03:00.839 Disk 0 scanning C:\Windows\system32\drivers

20:03:09.864 Service scanning

20:03:40.142 Modules scanning

20:03:40.142 Disk 0 trace - called modules:

20:03:40.181 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys

20:03:40.181 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004e00620]

20:03:40.182 3 CLASSPNP.SYS[fffffa6000fd1c33] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b86060]

20:03:40.182 Scan finished successfully

20:03:50.864 Disk 0 MBR has been saved successfully to "C:\Users\Will\Desktop\MBR.dat"

20:03:50.869 The log file has been saved successfully to "C:\Users\Will\Desktop\aswMBR.txt"

Link to post
Share on other sites

RogueKiller V8.6.0 _x64_ [Jun 15 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista

Started in : Safe mode with network support

User : Will [Admin rights]

Mode : Scan -- Date : 06/15/2013 20:17:19

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Boxoft Tools ("C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun [-][x]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-630946017-1360042398-3907846972-1000\[...]\Run : Boxoft Tools ("C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun [-][x]) -> FOUND

[RUN][sUSP PATH] HKLM\[...]\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll",ProcessCleanupScript "C:\ProgramData\Malwarebytes' Anti-Malware (portable)" [x][7][x][-]) -> FOUND

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND

[WALLPAPER] HKCU\[...]\Desktop : WallPaper (C:\Windows\Web\Wallpaper\img27.jpg) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

-> D:\windows\system32\config\SYSTEM

D:\Windows\system32

-> D:\windows\system32\config\SOFTWARE

D:\Windows\system32

-> D:\windows\system32\config\SECURITY

D:\Windows\system32

-> D:\windows\system32\config\SAM

D:\Windows\system32

-> D:\windows\system32\config\DEFAULT

D:\Windows\system32

-> D:\Users\Default\NTUSER.DAT

D:\Windows\system32

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5055GSX ATA Device +++++

--- User ---

[MBR] 3e104b599087715e99b4964daab18f7a

[bSP] 12363dafc8b1110c9583683a9ba0f769 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 15360 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31569920 | Size: 461524 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[4]_S_06152013_201719.txt >>

RKreport[0]_S_06152013_143621.txt;RKreport[1]_S_06152013_144617.txt;RKreport[2]_D_06152013_144715.txt

RKreport[3]_S_06152013_195133.txt

Link to post
Share on other sites

We'll find out.....

Please download Farbar Recovery Scan Tool and save it to a folder. (32bit version)

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

Link to post
Share on other sites

32bit version would not run. Prompt said it was not compatible with my OS. Here are the files you requested, but from the 64bit version (I hope that is fine):

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013

Ran by Will (administrator) on 15-06-2013 20:37:41

Running from C:\Users\Will\Desktop\frst

Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1657128 2008-11-21] (Synaptics, Inc.)

HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [2041112 2008-09-26] (Dell Inc.)

HKLM\...\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [462848 2009-03-30] (IDT, Inc.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-06-16] (Adobe Systems Incorporated)

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation)

HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [560128 2010-09-23] (Dell)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll",ProcessCleanupScript "C:\ProgramData\Malwarebytes' Anti-Malware (portable)" [1552968 2013-05-08] (Malwarebytes Corporation)

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]

HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)

HKCU\...\Run: [Google Update] "C:\Users\Will\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-03-23] (Google Inc.)

HKCU\...\Run: [boxoft Tools] "C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun [514048 2010-12-15] ()

HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [560128 2010-09-23] (Dell)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll",ProcessCleanupScript "C:\ProgramData\Malwarebytes' Anti-Malware (portable)" [1552968 2013-05-08] (Malwarebytes Corporation)

MountPoints2: F - F:\SETUP.EXE

MountPoints2: {e1cb7f5b-d35b-11e1-8dc6-002219f3e455} - G:\LaunchU3.exe -a

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2009-04-22] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [250192 2009-04-24] (Microsoft Corporation)

HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [37888 2009-07-01] ()

HKLM-x32\...\Run: [FATrayAlert] "C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [95488 2008-09-05] (Sensible Vision )

HKLM-x32\...\Run: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2009-05-21] (SupportSoft, Inc.)

HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-11-13] (Apple Inc.)

HKLM-x32\...\Run: [FAStartup] [x]

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

SearchScopes: HKCU - {11DE8208-B6DD-468F-ABF5-0BEABFEAB21E} URL = http://search.yahoo....p={searchTerms}

SearchScopes: HKCU - {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = Playbryte-fa-outbrowse/search/redirect/?type=default&user_id=191ef893-289b-4bc3-b290-d1b912639f5c&query={searchTerms}

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)

BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\Scriptcl.dll (McAfee, Inc.)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: FAIESSOHelper Class - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

DPF: HKLM-x32 {7823A620-9DD9-11CF-A662-00AA00C066D2} https://athenanet.at...ard2/iemenu.cab

DPF: HKLM-x32 {832B4EED-7115-41CB-9A87-993F5C1545E4} https://athenanet.at...d2/LibCheck.CAB

Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:

========

FF ProfilePath: C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\0gditjn5.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: DownloadHelper - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\0gditjn5.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

Chrome:

=======

CHR HomePage: hxxp://www.google.com/

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Users\Will\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Will\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Will\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll ()

CHR Plugin: (Java™ Platform SE 6 U13) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)

CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No File

CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No File

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File

CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Extension: (YouTube) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Pinterest Right Click) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebnlmphodejhpeoplgojlbgcekfopfjo\0.92_0

CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0

CHR Extension: (Gmail) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2009-09-22] (Adobe Systems)

S2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)

S2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [104000 2006-11-17] (McAfee, Inc.)

S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.)

S2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [153664 2006-11-30] (McAfee, Inc.)

S2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [54872 2006-11-30] (McAfee, Inc.)

S2 vToolbarUpdater; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [909152 2012-03-22] ()

S2 RoxLiveShare; "C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe" [x]

S3 RoxMediaDB; "C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe" [x]

S2 RoxWatch; "C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)

S3 mbamswissarmy; C:\Windows\system32\drivers\mbamswissarmy.sys [162008 2013-06-15] (Malwarebytes Corporation)

S3 mbamswissarmy; C:\Windows\system32\drivers\mbamswissarmy.sys [162008 2013-06-15] (Malwarebytes Corporation)

S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [80200 2006-11-30] (McAfee, Inc.)

S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [92488 2006-11-30] (McAfee, Inc.)

S3 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [246344 2006-11-30] (McAfee, Inc.)

S1 mferkdk; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mferkdk.sys [38600 2006-11-30] (McAfee, Inc.)

R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [67144 2006-11-30] (McAfee, Inc.)

S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2009-09-25] (Printing Communications Assoc., Inc. (PCAUSA))

S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)

R3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [31880 2009-09-25] ()

S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [16896 2009-09-25] (LG Electronics Inc.)

S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2009-09-25] (LG Electronics Inc.)

S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [29696 2009-09-25] (LG Electronics Inc.)

S3 catchme; \??\C:\ComboFix-1\catchme.sys [x]

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]

U3 aswMBR; \??\C:\Users\Will\AppData\Local\Temp\aswMBR.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-15 20:37 - 2013-06-15 20:37 - 00000000 ____D C:\FRST

2013-06-15 20:36 - 2013-06-15 20:37 - 00000000 ____D C:\Users\Will\Desktop\frst

2013-06-15 20:17 - 2013-06-15 20:17 - 00002881 ____A C:\Users\Will\Desktop\RKreport[4]_S_06152013_201719.txt

2013-06-15 20:03 - 2013-06-15 20:03 - 00001624 ____A C:\Users\Will\Desktop\aswMBR.txt

2013-06-15 20:03 - 2013-06-15 20:03 - 00000512 ____A C:\Users\Will\Desktop\MBR.dat

2013-06-15 20:01 - 2013-06-15 20:02 - 04745728 ____A (AVAST Software) C:\Users\Will\Desktop\aswMBR.exe

2013-06-15 19:54 - 2013-06-15 19:54 - 00162008 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys

2013-06-15 19:51 - 2013-06-15 19:51 - 00002848 ____A C:\Users\Will\Desktop\RKreport[3]_S_06152013_195133.txt

2013-06-15 19:29 - 2013-06-15 19:29 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\41336173.sys

2013-06-15 19:25 - 2013-06-15 19:25 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\26756189.sys

2013-06-15 18:49 - 2013-06-15 19:00 - 00008246 ____A C:\Users\Will\Desktop\startup.txt

2013-06-15 18:40 - 2013-06-15 18:40 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\45168068.sys

2013-06-15 18:39 - 2013-06-15 18:39 - 00003110 ____A C:\Users\Will\Desktop\instruct.txt

2013-06-15 18:36 - 2013-06-15 18:36 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Will\Desktop\tdsskiller.exe

2013-06-15 18:27 - 2013-06-15 18:28 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Will\Desktop\mbam-setup-1.75.0.1300.exe

2013-06-15 16:33 - 2013-06-15 19:59 - 268435456 __ASH C:\Windows\System32\temppf.sys

2013-06-15 14:49 - 2013-06-15 16:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-06-15 14:47 - 2013-06-15 14:47 - 00003195 ____A C:\Users\Will\Desktop\RKreport[2]_D_06152013_144715.txt

2013-06-15 14:47 - 2013-06-15 14:47 - 00000000 ____D C:\Users\Will\Desktop\mbar-1.06.0.1003

2013-06-15 14:46 - 2013-06-15 14:46 - 00003094 ____A C:\Users\Will\Desktop\RKreport[1]_S_06152013_144617.txt

2013-06-15 14:44 - 2013-06-15 14:44 - 13169742 ____A C:\Users\Will\Desktop\mbar-1.06.0.1003.zip

2013-06-15 14:36 - 2013-06-15 14:36 - 00003150 ____A C:\Users\Will\Desktop\RKreport[0]_S_06152013_143621.txt

2013-06-15 14:34 - 2013-06-15 14:47 - 00000000 ____D C:\Users\Will\Desktop\RK_Quarantine

2013-06-15 14:27 - 2013-06-15 14:27 - 03748864 ____A C:\Users\Will\Desktop\RogueKillerX64.exe

2013-06-15 14:03 - 2013-06-15 14:03 - 00012601 ____A C:\Users\Will\Desktop\attach.txt

2013-06-15 14:03 - 2013-06-15 13:59 - 00020319 ____A C:\Users\Will\Desktop\dds.txt

2013-06-15 13:54 - 2013-06-15 13:54 - 00688992 ____R (Swearware) C:\Users\Will\Desktop\dds.scr

2013-06-15 03:03 - 2013-05-16 22:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-06-15 03:03 - 2013-05-16 22:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-06-15 03:03 - 2013-05-16 18:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-06-15 03:03 - 2013-05-16 18:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-06-15 03:03 - 2013-05-16 18:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-06-15 03:02 - 2013-05-17 00:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-06-15 03:02 - 2013-05-16 23:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-06-15 03:02 - 2013-05-16 23:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-06-15 03:02 - 2013-05-16 23:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-06-15 03:02 - 2013-05-16 23:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-06-15 03:02 - 2013-05-16 23:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-06-15 03:02 - 2013-05-16 23:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-06-15 03:02 - 2013-05-16 22:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-06-15 03:02 - 2013-05-16 22:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-06-15 03:02 - 2013-05-16 22:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-06-15 03:02 - 2013-05-16 22:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-06-15 03:02 - 2013-05-16 22:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-06-15 03:02 - 2013-05-16 22:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-06-15 03:02 - 2013-05-16 22:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-06-15 03:02 - 2013-05-16 19:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-06-15 03:02 - 2013-05-16 18:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-06-15 03:02 - 2013-05-16 18:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-06-15 03:02 - 2013-05-16 18:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-06-15 03:02 - 2013-05-16 18:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-06-15 03:02 - 2013-05-16 18:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-06-15 03:02 - 2013-05-16 18:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-06-15 03:02 - 2013-05-16 18:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-06-15 03:02 - 2013-05-16 18:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-06-15 03:02 - 2013-05-16 18:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-06-15 03:02 - 2013-05-16 18:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-06-15 03:02 - 2013-05-16 18:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-06-15 03:02 - 2013-05-16 18:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-06-15 00:00 - 2013-06-15 00:07 - 57197609 ____A C:\Users\Will\Downloads\Satinsandspurs-OneForTheBook197.flv

2013-06-14 23:56 - 2013-06-15 00:00 - 47960645 ____A C:\Users\Will\Downloads\Satinsandspurs-StrictlyGI427.flv

2013-06-14 23:54 - 2013-06-15 00:02 - 60970099 ____A C:\Users\Will\Downloads\Satinsandspurs-HollywoodVictoryCaravan821.flv

2013-06-14 23:49 - 2013-06-14 23:54 - 40732346 ____A C:\Users\Will\Downloads\Satinsandspurs-SkirmishOnTheHomeFront284.flv

2013-06-14 23:47 - 2013-06-14 23:56 - 71856762 ____A C:\Users\Will\Downloads\Satinsandspurs-PublicJitterbugNo1919.flv

2013-06-13 18:59 - 2013-06-13 19:56 - 00000130 ____A C:\Users\Will\Documents\vegasmoveexpense.txt

2013-06-13 13:20 - 2013-06-13 13:20 - 00148864 ____A C:\Users\Will\Documents\countdown.pk

2013-06-13 13:20 - 2013-06-13 13:20 - 00033496 ____A C:\Users\Will\Documents\intro.pk

2013-06-12 10:08 - 2013-04-24 00:09 - 01269248 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2013-06-12 10:08 - 2013-04-24 00:09 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2013-06-12 10:08 - 2013-04-24 00:09 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2013-06-12 10:08 - 2013-04-24 00:09 - 00050688 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll

2013-06-12 10:08 - 2013-04-24 00:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-06-12 10:08 - 2013-04-24 00:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2013-06-12 10:08 - 2013-04-24 00:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2013-06-12 10:08 - 2013-04-24 00:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll

2013-06-12 10:08 - 2013-04-23 22:10 - 01078272 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe

2013-06-12 10:08 - 2013-04-23 21:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe

2013-06-12 10:08 - 2013-04-17 09:04 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

2013-06-12 10:08 - 2013-04-17 08:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll

2013-06-12 10:06 - 2013-05-08 00:50 - 01423720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2013-06-12 10:05 - 2013-05-02 00:16 - 00686080 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2013-06-12 10:05 - 2013-05-02 00:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

2013-06-12 10:05 - 2013-05-02 00:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\printcom.dll

2013-06-11 12:03 - 2013-06-11 12:03 - 01289645 ____A C:\Users\Will\Documents\pre-sized_powerpoint_templates_for_social_media_cover_photos.zip

2013-06-08 15:43 - 2013-06-13 15:55 - 00000000 ____D C:\Users\Will\AppData\Local\Spotify

2013-06-08 15:43 - 2013-06-08 15:43 - 00001741 ____A C:\Users\Will\Desktop\Spotify.lnk

2013-06-08 15:24 - 2013-06-08 15:24 - 00000000 ____D C:\ProgramData\Sun

2013-06-08 15:24 - 2013-06-08 15:23 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-06-08 15:24 - 2013-06-08 15:23 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2013-06-08 15:24 - 2013-06-08 15:23 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-06-08 15:24 - 2013-06-08 15:23 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-06-08 15:24 - 2013-06-08 15:23 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-06-08 15:24 - 2013-06-08 15:23 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-06-08 15:10 - 2013-06-08 15:10 - 00000000 ____D C:\Program Files (x86)\Research In Motion

2013-06-08 14:07 - 2013-06-08 14:07 - 00001602 ____A C:\Users\Will\Documents\cc_20130608_140714.reg

2013-06-07 19:08 - 2013-06-07 19:08 - 00000000 ____D C:\Program Files (x86)\WinHTTrack

2013-06-07 16:11 - 2013-06-07 16:11 - 00002330 ____A C:\Users\Will\Downloads\tonisetlist2.m3u

2013-06-04 11:08 - 2013-06-15 16:32 - 00821364 ____A C:\Windows\WindowsUpdate.log

2013-06-04 10:53 - 2013-06-04 10:53 - 00000442 ____A C:\Users\Will\Documents\cc_20130604_105313.reg

2013-06-03 23:33 - 2013-06-03 23:38 - 00000000 ____D C:\Users\Will\Downloads\Armin van Buuren - This Is What It Feels Like (feat. Trevor Guthrie) [Remixes]

2013-06-03 11:36 - 2013-06-13 14:35 - 00001946 ____A C:\Users\Will\Downloads\jesse_june13b.m3u

2013-06-03 11:35 - 2013-06-03 11:35 - 00000000 ____D C:\Users\Will\Downloads\Miley Cyrus - We Can't Stop [single - 2013]

2013-06-01 21:18 - 2013-06-01 21:18 - 00000000 ____D C:\Users\Will\Documents\Nougat-ExtraBlack

2013-06-01 21:17 - 2013-06-01 21:17 - 00051373 ____A C:\Users\Will\Documents\Nougat-ExtraBlack.zip

2013-05-31 20:10 - 2013-05-31 20:10 - 00000000 ____D C:\Users\Will\Downloads\Vampire Weekend - Modern Vampires Of The City 2013 Indie Rock 320kbps CBR MP3 [VX]

2013-05-31 20:01 - 2013-05-31 20:09 - 00000000 ____D C:\Users\Will\Downloads\Hurts - Exile (iTunes Deluxe Edition) 2013 Pop 320kbps CBR MP3 [VX]

2013-05-31 15:15 - 2013-06-07 20:25 - 00000000 ____D C:\Users\Will\Desktop\Festivall

2013-05-25 13:37 - 2013-05-25 13:37 - 00008752 ____A C:\Users\Will\Documents\cc_20130525_133706.reg

2013-05-24 23:46 - 2013-05-24 23:47 - 04924080 ____A C:\Users\Will\Downloads\Jennifer Lopez - Live It Up (Solo Version).mp4

2013-05-24 11:33 - 2013-05-24 11:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-05-23 15:41 - 2013-05-23 15:41 - 00000191 ____A C:\Users\Will\Downloads\beautiful.m3u

2013-05-23 15:30 - 2013-05-23 15:30 - 14447646 ____A C:\Users\Will\Downloads\169389767.h264_2.f4v

2013-05-23 15:25 - 2013-05-23 15:25 - 00540467 ____A C:\Users\Will\Downloads\0300020100518CEB183379003E88039A44512C-FDEF-10C2-71CA-EB5931.flv

2013-05-20 15:12 - 2013-05-20 16:07 - 349765729 ____A C:\Users\Will\Downloads\The.Ryan.White.Story.1989.mp4

2013-05-20 12:02 - 2013-05-20 12:02 - 00000000 ____D C:\Users\Will\AppData\Local\{85F1BF08-1670-455E-B75D-A2EB7B2D8D73}

2013-05-20 10:46 - 2013-05-20 11:09 - 10283537 ____A C:\Users\Will\Documents\quotes.psd

2013-05-19 19:00 - 2013-05-19 19:00 - 00000000 ____D C:\Users\Will\Documents\New Folder (2)

2013-05-17 22:50 - 2013-05-17 22:50 - 00000000 ____D C:\Users\Will\Downloads\Grace Potter & The Nocturnals - The Lion The Beast The Beat [Deluxe Version] (2012)

2013-05-16 21:18 - 2013-05-31 21:57 - 00002102 ____A C:\Users\Will\Downloads\jesse_june13.m3u

==================== One Month Modified Files and Folders =======

2013-06-15 20:37 - 2013-06-15 20:37 - 00000000 ____D C:\FRST

2013-06-15 20:37 - 2013-06-15 20:36 - 00000000 ____D C:\Users\Will\Desktop\frst

2013-06-15 20:17 - 2013-06-15 20:17 - 00002881 ____A C:\Users\Will\Desktop\RKreport[4]_S_06152013_201719.txt

2013-06-15 20:03 - 2013-06-15 20:03 - 00001624 ____A C:\Users\Will\Desktop\aswMBR.txt

2013-06-15 20:03 - 2013-06-15 20:03 - 00000512 ____A C:\Users\Will\Desktop\MBR.dat

2013-06-15 20:02 - 2013-06-15 20:01 - 04745728 ____A (AVAST Software) C:\Users\Will\Desktop\aswMBR.exe

2013-06-15 19:59 - 2013-06-15 16:33 - 268435456 __ASH C:\Windows\System32\temppf.sys

2013-06-15 19:56 - 2011-10-24 16:50 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cc928e8cf400f6.job

2013-06-15 19:56 - 2006-11-02 11:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-15 19:54 - 2013-06-15 19:54 - 00162008 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys

2013-06-15 19:51 - 2013-06-15 19:51 - 00002848 ____A C:\Users\Will\Desktop\RKreport[3]_S_06152013_195133.txt

2013-06-15 19:29 - 2013-06-15 19:29 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\41336173.sys

2013-06-15 19:25 - 2013-06-15 19:25 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\26756189.sys

2013-06-15 19:11 - 2009-09-19 00:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-06-15 19:00 - 2013-06-15 18:49 - 00008246 ____A C:\Users\Will\Desktop\startup.txt

2013-06-15 18:40 - 2013-06-15 18:40 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\45168068.sys

2013-06-15 18:39 - 2013-06-15 18:39 - 00003110 ____A C:\Users\Will\Desktop\instruct.txt

2013-06-15 18:36 - 2013-06-15 18:36 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Will\Desktop\tdsskiller.exe

2013-06-15 18:28 - 2013-06-15 18:27 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Will\Desktop\mbam-setup-1.75.0.1300.exe

2013-06-15 17:48 - 2012-10-26 20:43 - 00000000 ____D C:\Users\Will\Desktop\DRH

2013-06-15 17:42 - 2009-11-22 12:45 - 00001460 ____A C:\Users\Will\AppData\Local\d3d9caps64.dat

2013-06-15 16:52 - 2009-10-12 01:24 - 00000000 ____D C:\Users\Will\AppData\Roaming\Winamp

2013-06-15 16:32 - 2013-06-15 14:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-06-15 16:32 - 2013-06-04 11:08 - 00821364 ____A C:\Windows\WindowsUpdate.log

2013-06-15 16:32 - 2006-11-02 11:42 - 00032520 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2013-06-15 16:32 - 2006-11-02 11:22 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-06-15 16:32 - 2006-11-02 11:22 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-06-15 16:09 - 2011-10-24 16:50 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cc928e8e6eba16.job

2013-06-15 15:47 - 2012-05-26 14:21 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-630946017-1360042398-3907846972-1000UA.job

2013-06-15 14:47 - 2013-06-15 14:47 - 00003195 ____A C:\Users\Will\Desktop\RKreport[2]_D_06152013_144715.txt

2013-06-15 14:47 - 2013-06-15 14:47 - 00000000 ____D C:\Users\Will\Desktop\mbar-1.06.0.1003

2013-06-15 14:47 - 2013-06-15 14:34 - 00000000 ____D C:\Users\Will\Desktop\RK_Quarantine

2013-06-15 14:47 - 2012-05-26 14:21 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-630946017-1360042398-3907846972-1000Core.job

2013-06-15 14:46 - 2013-06-15 14:46 - 00003094 ____A C:\Users\Will\Desktop\RKreport[1]_S_06152013_144617.txt

2013-06-15 14:44 - 2013-06-15 14:44 - 13169742 ____A C:\Users\Will\Desktop\mbar-1.06.0.1003.zip

2013-06-15 14:36 - 2013-06-15 14:36 - 00003150 ____A C:\Users\Will\Desktop\RKreport[0]_S_06152013_143621.txt

2013-06-15 14:33 - 2011-02-16 18:01 - 00000000 ____D C:\Windows\Minidump

2013-06-15 14:27 - 2013-06-15 14:27 - 03748864 ____A C:\Users\Will\Desktop\RogueKillerX64.exe

2013-06-15 14:23 - 2012-06-20 22:58 - 00000000 ____D C:\ProgramData\Boxtools

2013-06-15 14:03 - 2013-06-15 14:03 - 00012601 ____A C:\Users\Will\Desktop\attach.txt

2013-06-15 13:59 - 2013-06-15 14:03 - 00020319 ____A C:\Users\Will\Desktop\dds.txt

2013-06-15 13:54 - 2013-06-15 13:54 - 00688992 ____R (Swearware) C:\Users\Will\Desktop\dds.scr

2013-06-15 13:10 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\rescache

2013-06-15 03:09 - 2011-11-10 04:04 - 00000129 ____A C:\Windows\System32\MRT.INI

2013-06-15 03:05 - 2006-11-02 08:35 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

2013-06-15 01:29 - 2012-08-09 22:20 - 00000000 ____D C:\Users\Will\Desktop\Northeastern

2013-06-15 00:35 - 2009-09-18 18:14 - 00201728 ____A C:\Users\Will\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-06-15 00:07 - 2013-06-15 00:00 - 57197609 ____A C:\Users\Will\Downloads\Satinsandspurs-OneForTheBook197.flv

2013-06-15 00:02 - 2013-06-14 23:54 - 60970099 ____A C:\Users\Will\Downloads\Satinsandspurs-HollywoodVictoryCaravan821.flv

2013-06-15 00:00 - 2013-06-14 23:56 - 47960645 ____A C:\Users\Will\Downloads\Satinsandspurs-StrictlyGI427.flv

2013-06-14 23:56 - 2013-06-14 23:47 - 71856762 ____A C:\Users\Will\Downloads\Satinsandspurs-PublicJitterbugNo1919.flv

2013-06-14 23:54 - 2013-06-14 23:49 - 40732346 ____A C:\Users\Will\Downloads\Satinsandspurs-SkirmishOnTheHomeFront284.flv

2013-06-13 19:56 - 2013-06-13 18:59 - 00000130 ____A C:\Users\Will\Documents\vegasmoveexpense.txt

2013-06-13 16:34 - 2011-07-21 23:46 - 00000000 ____D C:\Users\Will\AppData\Roaming\Spotify

2013-06-13 16:01 - 2012-09-18 20:15 - 00001056 ____A C:\Users\Will\Desktop\To Do.txt

2013-06-13 15:55 - 2013-06-08 15:43 - 00000000 ____D C:\Users\Will\AppData\Local\Spotify

2013-06-13 14:44 - 2009-09-20 00:26 - 00000000 ____D C:\Users\Will\Desktop\Betty Hutton

2013-06-13 14:35 - 2013-06-03 11:36 - 00001946 ____A C:\Users\Will\Downloads\jesse_june13b.m3u

2013-06-13 14:33 - 2010-03-18 02:31 - 00000000 ____D C:\Users\Will\AppData\Local\Last.fm

2013-06-13 13:20 - 2013-06-13 13:20 - 00148864 ____A C:\Users\Will\Documents\countdown.pk

2013-06-13 13:20 - 2013-06-13 13:20 - 00033496 ____A C:\Users\Will\Documents\intro.pk

2013-06-13 11:42 - 2006-11-02 08:34 - 00000258 ____A C:\Windows\system.ini

2013-06-13 00:10 - 2012-11-11 01:23 - 00001658 ____A C:\Users\Will\Downloads\lanacd.m3u

2013-06-11 19:46 - 2010-08-02 16:38 - 00000000 ___AD C:\Users\Will\Desktop\Theatre Charlotte

2013-06-11 12:03 - 2013-06-11 12:03 - 01289645 ____A C:\Users\Will\Documents\pre-sized_powerpoint_templates_for_social_media_cover_photos.zip

2013-06-10 05:34 - 2009-08-26 19:18 - 00000000 ____D C:\users\Will

2013-06-08 15:45 - 2009-09-29 23:17 - 00000000 ____D C:\Users\Will\AppData\Roaming\vlc

2013-06-08 15:43 - 2013-06-08 15:43 - 00001741 ____A C:\Users\Will\Desktop\Spotify.lnk

2013-06-08 15:41 - 2009-09-18 18:32 - 00000000 ____D C:\Users\Will\AppData\Roaming\uTorrent

2013-06-08 15:24 - 2013-06-08 15:24 - 00000000 ____D C:\ProgramData\Sun

2013-06-08 15:23 - 2013-06-08 15:24 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-06-08 15:23 - 2013-06-08 15:24 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2013-06-08 15:23 - 2013-06-08 15:24 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-06-08 15:23 - 2013-06-08 15:24 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-06-08 15:23 - 2013-06-08 15:24 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-06-08 15:23 - 2013-06-08 15:24 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-06-08 15:23 - 2009-08-26 19:08 - 00000000 ____D C:\Program Files (x86)\Java

2013-06-08 15:19 - 2009-08-26 19:29 - 00000000 ____D C:\Program Files\CyberLink

2013-06-08 15:19 - 2009-08-26 19:09 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information

2013-06-08 15:17 - 2009-09-05 20:06 - 00000000 ____D C:\Users\Will\AppData\Roaming\Amazon

2013-06-08 15:15 - 2011-02-14 11:27 - 00000000 ____D C:\Program Files (x86)\NCH Software

2013-06-08 15:14 - 2009-09-04 18:45 - 00000000 ____D C:\ProgramData\Skype

2013-06-08 15:13 - 2009-09-04 18:46 - 00000000 ____D C:\Users\Will\AppData\Roaming\Skype

2013-06-08 15:10 - 2013-06-08 15:10 - 00000000 ____D C:\Program Files (x86)\Research In Motion

2013-06-08 14:07 - 2013-06-08 14:07 - 00001602 ____A C:\Users\Will\Documents\cc_20130608_140714.reg

2013-06-07 20:25 - 2013-05-31 15:15 - 00000000 ____D C:\Users\Will\Desktop\Festivall

2013-06-07 19:08 - 2013-06-07 19:08 - 00000000 ____D C:\Program Files (x86)\WinHTTrack

2013-06-07 16:11 - 2013-06-07 16:11 - 00002330 ____A C:\Users\Will\Downloads\tonisetlist2.m3u

2013-06-05 19:59 - 2012-05-26 14:23 - 00002072 ____A C:\Users\Will\Desktop\Google Chrome.lnk

2013-06-04 12:21 - 2013-03-12 15:03 - 00000000 ____D C:\Users\Will\Documents\My Digital Editions

2013-06-04 12:20 - 2013-03-12 15:00 - 00001272 ____A C:\Users\Will\Downloads\URLLink.acsm

2013-06-04 10:53 - 2013-06-04 10:53 - 00000442 ____A C:\Users\Will\Documents\cc_20130604_105313.reg

2013-06-03 23:38 - 2013-06-03 23:33 - 00000000 ____D C:\Users\Will\Downloads\Armin van Buuren - This Is What It Feels Like (feat. Trevor Guthrie) [Remixes]

2013-06-03 11:35 - 2013-06-03 11:35 - 00000000 ____D C:\Users\Will\Downloads\Miley Cyrus - We Can't Stop [single - 2013]

2013-06-02 10:43 - 2009-08-26 19:18 - 00287424 ____A C:\Users\Will\AppData\Local\GDIPFONTCACHEV1.DAT

2013-06-02 10:39 - 2006-11-02 11:21 - 00800496 ___AH C:\Windows\System32\FNTCACHE.DAT

2013-06-01 21:18 - 2013-06-01 21:18 - 00000000 ____D C:\Users\Will\Documents\Nougat-ExtraBlack

2013-06-01 21:17 - 2013-06-01 21:17 - 00051373 ____A C:\Users\Will\Documents\Nougat-ExtraBlack.zip

2013-05-31 21:57 - 2013-05-16 21:18 - 00002102 ____A C:\Users\Will\Downloads\jesse_june13.m3u

2013-05-31 20:10 - 2013-05-31 20:10 - 00000000 ____D C:\Users\Will\Downloads\Vampire Weekend - Modern Vampires Of The City 2013 Indie Rock 320kbps CBR MP3 [VX]

2013-05-31 20:09 - 2013-05-31 20:01 - 00000000 ____D C:\Users\Will\Downloads\Hurts - Exile (iTunes Deluxe Edition) 2013 Pop 320kbps CBR MP3 [VX]

2013-05-31 07:07 - 2012-02-18 20:52 - 00002936 ____A C:\Users\Will\Downloads\tonisetlist.m3u

2013-05-28 11:50 - 2012-04-20 19:19 - 00002462 ____A C:\Users\Will\Downloads\mariahdance.m3u

2013-05-25 13:37 - 2013-05-25 13:37 - 00008752 ____A C:\Users\Will\Documents\cc_20130525_133706.reg

2013-05-25 13:24 - 2013-02-18 12:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-05-24 23:47 - 2013-05-24 23:46 - 04924080 ____A C:\Users\Will\Downloads\Jennifer Lopez - Live It Up (Solo Version).mp4

2013-05-24 12:26 - 2006-11-02 08:34 - 00000338 ____A C:\Windows\win.ini

2013-05-24 11:33 - 2013-05-24 11:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-05-23 15:41 - 2013-05-23 15:41 - 00000191 ____A C:\Users\Will\Downloads\beautiful.m3u

2013-05-23 15:30 - 2013-05-23 15:30 - 14447646 ____A C:\Users\Will\Downloads\169389767.h264_2.f4v

2013-05-23 15:25 - 2013-05-23 15:25 - 00540467 ____A C:\Users\Will\Downloads\0300020100518CEB183379003E88039A44512C-FDEF-10C2-71CA-EB5931.flv

2013-05-20 16:07 - 2013-05-20 15:12 - 349765729 ____A C:\Users\Will\Downloads\The.Ryan.White.Story.1989.mp4

2013-05-20 12:02 - 2013-05-20 12:02 - 00000000 ____D C:\Users\Will\AppData\Local\{85F1BF08-1670-455E-B75D-A2EB7B2D8D73}

2013-05-20 11:31 - 2013-03-26 23:39 - 00000239 ____A C:\Users\Will\.swfinfo

2013-05-20 11:09 - 2013-05-20 10:46 - 10283537 ____A C:\Users\Will\Documents\quotes.psd

2013-05-19 19:00 - 2013-05-19 19:00 - 00000000 ____D C:\Users\Will\Documents\New Folder (2)

2013-05-18 03:44 - 2011-10-24 06:45 - 00721586 ____A C:\Windows\System32\PerfStringBackup.TMP

2013-05-17 22:50 - 2013-05-17 22:50 - 00000000 ____D C:\Users\Will\Downloads\Grace Potter & The Nocturnals - The Lion The Beast The Beat [Deluxe Version] (2012)

2013-05-17 14:57 - 2009-08-26 19:13 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-05-17 00:05 - 2013-06-15 03:02 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-16 23:27 - 2013-06-15 03:02 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-05-16 23:09 - 2013-06-15 03:02 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-05-16 23:02 - 2013-06-15 03:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-05-16 23:02 - 2013-06-15 03:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-05-16 23:01 - 2013-06-15 03:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-05-16 23:00 - 2013-06-15 03:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-05-16 22:58 - 2013-06-15 03:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-05-16 22:56 - 2013-06-15 03:02 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-05-16 22:56 - 2013-06-15 03:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-05-16 22:55 - 2013-06-15 03:02 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-05-16 22:54 - 2013-06-15 03:02 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-05-16 22:53 - 2013-06-15 03:02 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-05-16 22:51 - 2013-06-15 03:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-16 22:51 - 2013-06-15 03:03 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-05-16 22:46 - 2013-06-15 03:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-05-16 19:08 - 2013-06-15 03:02 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-05-16 18:49 - 2013-06-15 03:02 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-05-16 18:39 - 2013-06-15 03:02 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-05-16 18:28 - 2013-06-15 03:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-05-16 18:28 - 2013-06-15 03:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-05-16 18:27 - 2013-06-15 03:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-05-16 18:26 - 2013-06-15 03:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-05-16 18:23 - 2013-06-15 03:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-05-16 18:21 - 2013-06-15 03:02 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-05-16 18:21 - 2013-06-15 03:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-05-16 18:20 - 2013-06-15 03:03 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-05-16 18:19 - 2013-06-15 03:02 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-05-16 18:17 - 2013-06-15 03:03 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-05-16 18:17 - 2013-06-15 03:02 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-05-16 18:16 - 2013-06-15 03:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-05-16 18:12 - 2013-06-15 03:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

LastRegBack: 2013-06-15 13:57

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

Your Vista is 64 bit version

OK, here's the problem:

TDL4: custom:26000022 <===== ATTENTION!

We can fix it but we have to run the scan in the recovery environment, I hope you can do this:

  1. Please download Farbar Recovery Scan Tool and save it to a flash drive. 64 bit version
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    Plug the flash drive into the infected PC.
  2. If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
    If you are using Vista or Windows 7 enter System Recovery Options.
    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.

To make a repair disk on Windows 7 consult: http://www.sevenforu...isc-create.html

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

  • On the System Recovery Options menu you will get the following options:


      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
        Select Command Prompt
        Once in the Command Prompt:

      [*]In the command window type in notepad and press Enter.

      [*]The notepad opens. Under File menu select Open.

      [*]Select "Computer" and find your flash drive letter and close the notepad.

      [*]In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter

      Note: Replace letter e with the drive letter of your flash drive.

      [*]The tool will start to run.

      [*]When the tool opens click Yes to disclaimer.

      [*]Press Scan button.

      [*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    MrC

Link to post
Share on other sites

That's good news.....I guess you don't have a Windows cd, if so you can use that to get to the recovery mode.

Let me consult with Farbar on how we can fix the this:

TDL4: custom:26000022 <===== ATTENTION!

Be back in the am (about 7 hours from now) MrC

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013

Ran by Will (administrator) on 15-06-2013 23:22:52

Running from C:\Users\Will\Desktop\frst

Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe

(Dell Inc.) c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) C:\Windows\System32\alg.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

() C:\Program Files (x86)\Winamp\winampa.exe

(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe

(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe

(Malwarebytes Corporation) C:\Users\Will\Desktop\mbar-1.06.0.1003\mbar\mbar.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1657128 2008-11-21] (Synaptics, Inc.)

HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [2041112 2008-09-26] (Dell Inc.)

HKLM\...\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [462848 2009-03-30] (IDT, Inc.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-06-16] (Adobe Systems Incorporated)

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation)

HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [560128 2010-09-23] (Dell)

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]

HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)

HKCU\...\Run: [Google Update] "C:\Users\Will\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-03-23] (Google Inc.)

HKCU\...\Run: [boxoft Tools] "C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun [514048 2010-12-15] ()

HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [560128 2010-09-23] (Dell)

MountPoints2: F - F:\SETUP.EXE

MountPoints2: {e1cb7f5b-d35b-11e1-8dc6-002219f3e455} - G:\LaunchU3.exe -a

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2009-04-22] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [250192 2009-04-24] (Microsoft Corporation)

HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [37888 2009-07-01] ()

HKLM-x32\...\Run: [FATrayAlert] "C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [95488 2008-09-05] (Sensible Vision )

HKLM-x32\...\Run: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2009-05-21] (SupportSoft, Inc.)

HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-11-13] (Apple Inc.)

HKLM-x32\...\Run: [FAStartup] [x]

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKCU - {11DE8208-B6DD-468F-ABF5-0BEABFEAB21E} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}

SearchScopes: HKCU - {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = Playbryte-fa-outbrowse/search/redirect/?type=default&user_id=191ef893-289b-4bc3-b290-d1b912639f5c&query={searchTerms}

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)

BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\Scriptcl.dll (McAfee, Inc.)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: FAIESSOHelper Class - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

DPF: HKLM-x32 {7823A620-9DD9-11CF-A662-00AA00C066D2} https://athenanet.athenahealth.com/static_20121031_wward2/iemenu.cab

DPF: HKLM-x32 {832B4EED-7115-41CB-9A87-993F5C1545E4} https://athenanet.athenahealth.com/static_20121031_wward2/LibCheck.CAB

Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:

========

FF ProfilePath: C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\0gditjn5.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: DownloadHelper - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\0gditjn5.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

Chrome:

=======

CHR HomePage: hxxp://www.google.com/

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Users\Will\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Will\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Will\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll ()

CHR Plugin: (Java Platform SE 6 U13) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)

CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No File

CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No File

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File

CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Extension: (YouTube) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Pinterest Right Click) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebnlmphodejhpeoplgojlbgcekfopfjo\0.92_0

CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0

CHR Extension: (Gmail) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2009-09-22] (Adobe Systems)

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)

S2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [104000 2006-11-17] (McAfee, Inc.)

S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.)

R2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [153664 2006-11-30] (McAfee, Inc.)

R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [54872 2006-11-30] (McAfee, Inc.)

R2 vToolbarUpdater; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [909152 2012-03-22] ()

S2 RoxLiveShare; "C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe" [x]

S3 RoxMediaDB; "C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe" [x]

S2 RoxWatch; "C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)

R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-06-15] ()

R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-06-15] ()

R3 mbamswissarmy; C:\Windows\system32\drivers\mbamswissarmy.sys [162008 2013-06-15] (Malwarebytes Corporation)

R3 mbamswissarmy; C:\Windows\system32\drivers\mbamswissarmy.sys [162008 2013-06-15] (Malwarebytes Corporation)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [80200 2006-11-30] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [92488 2006-11-30] (McAfee, Inc.)

R3 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [246344 2006-11-30] (McAfee, Inc.)

S1 mferkdk; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mferkdk.sys [38600 2006-11-30] (McAfee, Inc.)

S1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [67144 2006-11-30] (McAfee, Inc.)

S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2009-09-25] (Printing Communications Assoc., Inc. (PCAUSA))

S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)

R3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [31880 2009-09-25] ()

S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [16896 2009-09-25] (LG Electronics Inc.)

S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2009-09-25] (LG Electronics Inc.)

S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [29696 2009-09-25] (LG Electronics Inc.)

S3 catchme; \??\C:\ComboFix-1\catchme.sys [x]

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-15 22:57 - 2013-06-15 22:57 - 00162008 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys

2013-06-15 22:57 - 2013-06-15 22:57 - 00036680 ____A C:\Windows\System32\Drivers\mbamchameleon.sys

2013-06-15 20:37 - 2013-06-15 20:37 - 00000000 ____D C:\FRST

2013-06-15 20:36 - 2013-06-15 23:22 - 00000000 ____D C:\Users\Will\Desktop\frst

2013-06-15 20:03 - 2013-06-15 20:03 - 00001624 ____A C:\Users\Will\Desktop\aswMBR.txt

2013-06-15 20:03 - 2013-06-15 20:03 - 00000512 ____A C:\Users\Will\Desktop\MBR.dat

2013-06-15 20:01 - 2013-06-15 20:02 - 04745728 ____A (AVAST Software) C:\Users\Will\Desktop\aswMBR.exe

2013-06-15 19:29 - 2013-06-15 19:29 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\41336173.sys

2013-06-15 19:25 - 2013-06-15 19:25 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\26756189.sys

2013-06-15 18:40 - 2013-06-15 18:40 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\45168068.sys

2013-06-15 18:36 - 2013-06-15 18:36 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Will\Desktop\tdsskiller.exe

2013-06-15 18:27 - 2013-06-15 18:28 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Will\Desktop\mbam-setup-1.75.0.1300.exe

2013-06-15 14:49 - 2013-06-15 23:01 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-06-15 14:47 - 2013-06-15 14:47 - 00000000 ____D C:\Users\Will\Desktop\mbar-1.06.0.1003

2013-06-15 14:44 - 2013-06-15 14:44 - 13169742 ____A C:\Users\Will\Desktop\mbar-1.06.0.1003.zip

2013-06-15 14:34 - 2013-06-15 22:42 - 00000000 ____D C:\Users\Will\Desktop\RK_Quarantine

2013-06-15 14:27 - 2013-06-15 14:27 - 03748864 ____A C:\Users\Will\Desktop\RogueKillerX64.exe

2013-06-15 13:54 - 2013-06-15 13:54 - 00688992 ____R (Swearware) C:\Users\Will\Desktop\dds.scr

2013-06-15 03:03 - 2013-05-16 22:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-06-15 03:03 - 2013-05-16 22:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-06-15 03:03 - 2013-05-16 18:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-06-15 03:03 - 2013-05-16 18:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-06-15 03:03 - 2013-05-16 18:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-06-15 03:02 - 2013-05-17 00:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-06-15 03:02 - 2013-05-16 23:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-06-15 03:02 - 2013-05-16 23:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-06-15 03:02 - 2013-05-16 23:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-06-15 03:02 - 2013-05-16 23:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-06-15 03:02 - 2013-05-16 23:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-06-15 03:02 - 2013-05-16 23:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-06-15 03:02 - 2013-05-16 22:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-06-15 03:02 - 2013-05-16 22:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-06-15 03:02 - 2013-05-16 22:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-06-15 03:02 - 2013-05-16 22:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-06-15 03:02 - 2013-05-16 22:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-06-15 03:02 - 2013-05-16 22:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-06-15 03:02 - 2013-05-16 22:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-06-15 03:02 - 2013-05-16 19:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-06-15 03:02 - 2013-05-16 18:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-06-15 03:02 - 2013-05-16 18:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-06-15 03:02 - 2013-05-16 18:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-06-15 03:02 - 2013-05-16 18:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-06-15 03:02 - 2013-05-16 18:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-06-15 03:02 - 2013-05-16 18:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-06-15 03:02 - 2013-05-16 18:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-06-15 03:02 - 2013-05-16 18:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-06-15 03:02 - 2013-05-16 18:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-06-15 03:02 - 2013-05-16 18:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-06-15 03:02 - 2013-05-16 18:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-06-15 03:02 - 2013-05-16 18:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-06-15 00:00 - 2013-06-15 00:07 - 57197609 ____A C:\Users\Will\Downloads\Satinsandspurs-OneForTheBook197.flv

2013-06-14 23:56 - 2013-06-15 00:00 - 47960645 ____A C:\Users\Will\Downloads\Satinsandspurs-StrictlyGI427.flv

2013-06-14 23:54 - 2013-06-15 00:02 - 60970099 ____A C:\Users\Will\Downloads\Satinsandspurs-HollywoodVictoryCaravan821.flv

2013-06-14 23:49 - 2013-06-14 23:54 - 40732346 ____A C:\Users\Will\Downloads\Satinsandspurs-SkirmishOnTheHomeFront284.flv

2013-06-14 23:47 - 2013-06-14 23:56 - 71856762 ____A C:\Users\Will\Downloads\Satinsandspurs-PublicJitterbugNo1919.flv

2013-06-13 18:59 - 2013-06-13 19:56 - 00000130 ____A C:\Users\Will\Documents\vegasmoveexpense.txt

2013-06-13 13:20 - 2013-06-13 13:20 - 00148864 ____A C:\Users\Will\Documents\countdown.pk

2013-06-13 13:20 - 2013-06-13 13:20 - 00033496 ____A C:\Users\Will\Documents\intro.pk

2013-06-12 10:08 - 2013-04-24 00:09 - 01269248 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2013-06-12 10:08 - 2013-04-24 00:09 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2013-06-12 10:08 - 2013-04-24 00:09 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2013-06-12 10:08 - 2013-04-24 00:09 - 00050688 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll

2013-06-12 10:08 - 2013-04-24 00:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-06-12 10:08 - 2013-04-24 00:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2013-06-12 10:08 - 2013-04-24 00:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2013-06-12 10:08 - 2013-04-24 00:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll

2013-06-12 10:08 - 2013-04-23 22:10 - 01078272 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe

2013-06-12 10:08 - 2013-04-23 21:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe

2013-06-12 10:08 - 2013-04-17 09:04 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

2013-06-12 10:08 - 2013-04-17 08:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll

2013-06-12 10:06 - 2013-05-08 00:50 - 01423720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2013-06-12 10:05 - 2013-05-02 00:16 - 00686080 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2013-06-12 10:05 - 2013-05-02 00:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

2013-06-12 10:05 - 2013-05-02 00:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\printcom.dll

2013-06-11 12:03 - 2013-06-11 12:03 - 01289645 ____A C:\Users\Will\Documents\pre-sized_powerpoint_templates_for_social_media_cover_photos.zip

2013-06-08 15:43 - 2013-06-13 15:55 - 00000000 ____D C:\Users\Will\AppData\Local\Spotify

2013-06-08 15:43 - 2013-06-08 15:43 - 00001741 ____A C:\Users\Will\Desktop\Spotify.lnk

2013-06-08 15:24 - 2013-06-08 15:24 - 00000000 ____D C:\ProgramData\Sun

2013-06-08 15:24 - 2013-06-08 15:23 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-06-08 15:24 - 2013-06-08 15:23 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2013-06-08 15:24 - 2013-06-08 15:23 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-06-08 15:24 - 2013-06-08 15:23 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-06-08 15:24 - 2013-06-08 15:23 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-06-08 15:24 - 2013-06-08 15:23 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-06-08 15:10 - 2013-06-08 15:10 - 00000000 ____D C:\Program Files (x86)\Research In Motion

2013-06-08 14:07 - 2013-06-08 14:07 - 00001602 ____A C:\Users\Will\Documents\cc_20130608_140714.reg

2013-06-07 19:08 - 2013-06-07 19:08 - 00000000 ____D C:\Program Files (x86)\WinHTTrack

2013-06-07 16:11 - 2013-06-07 16:11 - 00002330 ____A C:\Users\Will\Downloads\tonisetlist2.m3u

2013-06-04 11:08 - 2013-06-15 16:32 - 00834587 ____A C:\Windows\WindowsUpdate.log

2013-06-04 10:53 - 2013-06-04 10:53 - 00000442 ____A C:\Users\Will\Documents\cc_20130604_105313.reg

2013-06-03 23:33 - 2013-06-03 23:38 - 00000000 ____D C:\Users\Will\Downloads\Armin van Buuren - This Is What It Feels Like (feat. Trevor Guthrie) [Remixes]

2013-06-03 11:36 - 2013-06-13 14:35 - 00001946 ____A C:\Users\Will\Downloads\jesse_june13b.m3u

2013-06-03 11:35 - 2013-06-03 11:35 - 00000000 ____D C:\Users\Will\Downloads\Miley Cyrus - We Can't Stop [single - 2013]

2013-06-01 21:18 - 2013-06-01 21:18 - 00000000 ____D C:\Users\Will\Documents\Nougat-ExtraBlack

2013-06-01 21:17 - 2013-06-01 21:17 - 00051373 ____A C:\Users\Will\Documents\Nougat-ExtraBlack.zip

2013-05-31 20:10 - 2013-05-31 20:10 - 00000000 ____D C:\Users\Will\Downloads\Vampire Weekend - Modern Vampires Of The City 2013 Indie Rock 320kbps CBR MP3 [VX]

2013-05-31 20:01 - 2013-05-31 20:09 - 00000000 ____D C:\Users\Will\Downloads\Hurts - Exile (iTunes Deluxe Edition) 2013 Pop 320kbps CBR MP3 [VX]

2013-05-31 15:15 - 2013-06-07 20:25 - 00000000 ____D C:\Users\Will\Desktop\Festivall

2013-05-25 13:37 - 2013-05-25 13:37 - 00008752 ____A C:\Users\Will\Documents\cc_20130525_133706.reg

2013-05-24 23:46 - 2013-05-24 23:47 - 04924080 ____A C:\Users\Will\Downloads\Jennifer Lopez - Live It Up (Solo Version).mp4

2013-05-24 11:33 - 2013-05-24 11:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-05-23 15:41 - 2013-05-23 15:41 - 00000191 ____A C:\Users\Will\Downloads\beautiful.m3u

2013-05-23 15:30 - 2013-05-23 15:30 - 14447646 ____A C:\Users\Will\Downloads\169389767.h264_2.f4v

2013-05-23 15:25 - 2013-05-23 15:25 - 00540467 ____A C:\Users\Will\Downloads\0300020100518CEB183379003E88039A44512C-FDEF-10C2-71CA-EB5931.flv

2013-05-20 15:12 - 2013-05-20 16:07 - 349765729 ____A C:\Users\Will\Downloads\The.Ryan.White.Story.1989.mp4

2013-05-20 12:02 - 2013-05-20 12:02 - 00000000 ____D C:\Users\Will\AppData\Local\{85F1BF08-1670-455E-B75D-A2EB7B2D8D73}

2013-05-20 10:46 - 2013-05-20 11:09 - 10283537 ____A C:\Users\Will\Documents\quotes.psd

2013-05-19 19:00 - 2013-05-19 19:00 - 00000000 ____D C:\Users\Will\Documents\New Folder (2)

2013-05-17 22:50 - 2013-05-17 22:50 - 00000000 ____D C:\Users\Will\Downloads\Grace Potter & The Nocturnals - The Lion The Beast The Beat [Deluxe Version] (2012)

2013-05-16 21:18 - 2013-05-31 21:57 - 00002102 ____A C:\Users\Will\Downloads\jesse_june13.m3u

==================== One Month Modified Files and Folders =======

2013-06-15 23:22 - 2013-06-15 20:36 - 00000000 ____D C:\Users\Will\Desktop\frst

2013-06-15 23:09 - 2011-10-24 16:50 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cc928e8e6eba16.job

2013-06-15 23:01 - 2013-06-15 14:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-06-15 22:57 - 2013-06-15 22:57 - 00162008 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys

2013-06-15 22:57 - 2013-06-15 22:57 - 00036680 ____A C:\Windows\System32\Drivers\mbamchameleon.sys

2013-06-15 22:47 - 2012-05-26 14:21 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-630946017-1360042398-3907846972-1000UA.job

2013-06-15 22:46 - 2012-06-20 22:58 - 00000000 ____D C:\ProgramData\Boxtools

2013-06-15 22:42 - 2013-06-15 14:34 - 00000000 ____D C:\Users\Will\Desktop\RK_Quarantine

2013-06-15 22:42 - 2011-10-24 16:50 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cc928e8cf400f6.job

2013-06-15 22:42 - 2006-11-02 11:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-15 22:42 - 2006-11-02 11:22 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-06-15 22:42 - 2006-11-02 11:22 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-06-15 22:35 - 2011-10-24 06:45 - 00721586 ____A C:\Windows\System32\PerfStringBackup.TMP

2013-06-15 20:37 - 2013-06-15 20:37 - 00000000 ____D C:\FRST

2013-06-15 20:03 - 2013-06-15 20:03 - 00001624 ____A C:\Users\Will\Desktop\aswMBR.txt

2013-06-15 20:03 - 2013-06-15 20:03 - 00000512 ____A C:\Users\Will\Desktop\MBR.dat

2013-06-15 20:02 - 2013-06-15 20:01 - 04745728 ____A (AVAST Software) C:\Users\Will\Desktop\aswMBR.exe

2013-06-15 19:29 - 2013-06-15 19:29 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\41336173.sys

2013-06-15 19:25 - 2013-06-15 19:25 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\26756189.sys

2013-06-15 19:11 - 2009-09-19 00:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-06-15 18:40 - 2013-06-15 18:40 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\45168068.sys

2013-06-15 18:36 - 2013-06-15 18:36 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Will\Desktop\tdsskiller.exe

2013-06-15 18:28 - 2013-06-15 18:27 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Will\Desktop\mbam-setup-1.75.0.1300.exe

2013-06-15 17:48 - 2012-10-26 20:43 - 00000000 ____D C:\Users\Will\Desktop\DRH

2013-06-15 17:42 - 2009-11-22 12:45 - 00001460 ____A C:\Users\Will\AppData\Local\d3d9caps64.dat

2013-06-15 16:52 - 2009-10-12 01:24 - 00000000 ____D C:\Users\Will\AppData\Roaming\Winamp

2013-06-15 16:32 - 2013-06-04 11:08 - 00834587 ____A C:\Windows\WindowsUpdate.log

2013-06-15 16:32 - 2006-11-02 11:42 - 00032520 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2013-06-15 14:47 - 2013-06-15 14:47 - 00000000 ____D C:\Users\Will\Desktop\mbar-1.06.0.1003

2013-06-15 14:47 - 2012-05-26 14:21 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-630946017-1360042398-3907846972-1000Core.job

2013-06-15 14:44 - 2013-06-15 14:44 - 13169742 ____A C:\Users\Will\Desktop\mbar-1.06.0.1003.zip

2013-06-15 14:33 - 2011-02-16 18:01 - 00000000 ____D C:\Windows\Minidump

2013-06-15 14:27 - 2013-06-15 14:27 - 03748864 ____A C:\Users\Will\Desktop\RogueKillerX64.exe

2013-06-15 13:54 - 2013-06-15 13:54 - 00688992 ____R (Swearware) C:\Users\Will\Desktop\dds.scr

2013-06-15 13:10 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\rescache

2013-06-15 03:09 - 2011-11-10 04:04 - 00000129 ____A C:\Windows\System32\MRT.INI

2013-06-15 03:05 - 2006-11-02 08:35 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

2013-06-15 01:29 - 2012-08-09 22:20 - 00000000 ____D C:\Users\Will\Desktop\Northeastern

2013-06-15 00:35 - 2009-09-18 18:14 - 00201728 ____A C:\Users\Will\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-06-15 00:07 - 2013-06-15 00:00 - 57197609 ____A C:\Users\Will\Downloads\Satinsandspurs-OneForTheBook197.flv

2013-06-15 00:02 - 2013-06-14 23:54 - 60970099 ____A C:\Users\Will\Downloads\Satinsandspurs-HollywoodVictoryCaravan821.flv

2013-06-15 00:00 - 2013-06-14 23:56 - 47960645 ____A C:\Users\Will\Downloads\Satinsandspurs-StrictlyGI427.flv

2013-06-14 23:56 - 2013-06-14 23:47 - 71856762 ____A C:\Users\Will\Downloads\Satinsandspurs-PublicJitterbugNo1919.flv

2013-06-14 23:54 - 2013-06-14 23:49 - 40732346 ____A C:\Users\Will\Downloads\Satinsandspurs-SkirmishOnTheHomeFront284.flv

2013-06-13 19:56 - 2013-06-13 18:59 - 00000130 ____A C:\Users\Will\Documents\vegasmoveexpense.txt

2013-06-13 16:34 - 2011-07-21 23:46 - 00000000 ____D C:\Users\Will\AppData\Roaming\Spotify

2013-06-13 16:01 - 2012-09-18 20:15 - 00001056 ____A C:\Users\Will\Desktop\To Do.txt

2013-06-13 15:55 - 2013-06-08 15:43 - 00000000 ____D C:\Users\Will\AppData\Local\Spotify

2013-06-13 14:44 - 2009-09-20 00:26 - 00000000 ____D C:\Users\Will\Desktop\Betty Hutton

2013-06-13 14:35 - 2013-06-03 11:36 - 00001946 ____A C:\Users\Will\Downloads\jesse_june13b.m3u

2013-06-13 14:33 - 2010-03-18 02:31 - 00000000 ____D C:\Users\Will\AppData\Local\Last.fm

2013-06-13 13:20 - 2013-06-13 13:20 - 00148864 ____A C:\Users\Will\Documents\countdown.pk

2013-06-13 13:20 - 2013-06-13 13:20 - 00033496 ____A C:\Users\Will\Documents\intro.pk

2013-06-13 11:42 - 2006-11-02 08:34 - 00000258 ____A C:\Windows\system.ini

2013-06-13 00:10 - 2012-11-11 01:23 - 00001658 ____A C:\Users\Will\Downloads\lanacd.m3u

2013-06-11 19:46 - 2010-08-02 16:38 - 00000000 ___AD C:\Users\Will\Desktop\Theatre Charlotte

2013-06-11 12:03 - 2013-06-11 12:03 - 01289645 ____A C:\Users\Will\Documents\pre-sized_powerpoint_templates_for_social_media_cover_photos.zip

2013-06-10 05:34 - 2009-08-26 19:18 - 00000000 ____D C:\users\Will

2013-06-08 15:45 - 2009-09-29 23:17 - 00000000 ____D C:\Users\Will\AppData\Roaming\vlc

2013-06-08 15:43 - 2013-06-08 15:43 - 00001741 ____A C:\Users\Will\Desktop\Spotify.lnk

2013-06-08 15:41 - 2009-09-18 18:32 - 00000000 ____D C:\Users\Will\AppData\Roaming\uTorrent

2013-06-08 15:24 - 2013-06-08 15:24 - 00000000 ____D C:\ProgramData\Sun

2013-06-08 15:23 - 2013-06-08 15:24 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-06-08 15:23 - 2013-06-08 15:24 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2013-06-08 15:23 - 2013-06-08 15:24 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-06-08 15:23 - 2013-06-08 15:24 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-06-08 15:23 - 2013-06-08 15:24 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-06-08 15:23 - 2013-06-08 15:24 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-06-08 15:23 - 2009-08-26 19:08 - 00000000 ____D C:\Program Files (x86)\Java

2013-06-08 15:19 - 2009-08-26 19:29 - 00000000 ____D C:\Program Files\CyberLink

2013-06-08 15:19 - 2009-08-26 19:09 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information

2013-06-08 15:17 - 2009-09-05 20:06 - 00000000 ____D C:\Users\Will\AppData\Roaming\Amazon

2013-06-08 15:15 - 2011-02-14 11:27 - 00000000 ____D C:\Program Files (x86)\NCH Software

2013-06-08 15:14 - 2009-09-04 18:45 - 00000000 ____D C:\ProgramData\Skype

2013-06-08 15:13 - 2009-09-04 18:46 - 00000000 ____D C:\Users\Will\AppData\Roaming\Skype

2013-06-08 15:10 - 2013-06-08 15:10 - 00000000 ____D C:\Program Files (x86)\Research In Motion

2013-06-08 14:07 - 2013-06-08 14:07 - 00001602 ____A C:\Users\Will\Documents\cc_20130608_140714.reg

2013-06-07 20:25 - 2013-05-31 15:15 - 00000000 ____D C:\Users\Will\Desktop\Festivall

2013-06-07 19:08 - 2013-06-07 19:08 - 00000000 ____D C:\Program Files (x86)\WinHTTrack

2013-06-07 16:11 - 2013-06-07 16:11 - 00002330 ____A C:\Users\Will\Downloads\tonisetlist2.m3u

2013-06-05 19:59 - 2012-05-26 14:23 - 00002072 ____A C:\Users\Will\Desktop\Google Chrome.lnk

2013-06-04 12:21 - 2013-03-12 15:03 - 00000000 ____D C:\Users\Will\Documents\My Digital Editions

2013-06-04 12:20 - 2013-03-12 15:00 - 00001272 ____A C:\Users\Will\Downloads\URLLink.acsm

2013-06-04 10:53 - 2013-06-04 10:53 - 00000442 ____A C:\Users\Will\Documents\cc_20130604_105313.reg

2013-06-03 23:38 - 2013-06-03 23:33 - 00000000 ____D C:\Users\Will\Downloads\Armin van Buuren - This Is What It Feels Like (feat. Trevor Guthrie) [Remixes]

2013-06-03 11:35 - 2013-06-03 11:35 - 00000000 ____D C:\Users\Will\Downloads\Miley Cyrus - We Can't Stop [single - 2013]

2013-06-02 10:43 - 2009-08-26 19:18 - 00287424 ____A C:\Users\Will\AppData\Local\GDIPFONTCACHEV1.DAT

2013-06-02 10:39 - 2006-11-02 11:21 - 00800496 ___AH C:\Windows\System32\FNTCACHE.DAT

2013-06-01 21:18 - 2013-06-01 21:18 - 00000000 ____D C:\Users\Will\Documents\Nougat-ExtraBlack

2013-06-01 21:17 - 2013-06-01 21:17 - 00051373 ____A C:\Users\Will\Documents\Nougat-ExtraBlack.zip

2013-05-31 21:57 - 2013-05-16 21:18 - 00002102 ____A C:\Users\Will\Downloads\jesse_june13.m3u

2013-05-31 20:10 - 2013-05-31 20:10 - 00000000 ____D C:\Users\Will\Downloads\Vampire Weekend - Modern Vampires Of The City 2013 Indie Rock 320kbps CBR MP3 [VX]

2013-05-31 20:09 - 2013-05-31 20:01 - 00000000 ____D C:\Users\Will\Downloads\Hurts - Exile (iTunes Deluxe Edition) 2013 Pop 320kbps CBR MP3 [VX]

2013-05-31 07:07 - 2012-02-18 20:52 - 00002936 ____A C:\Users\Will\Downloads\tonisetlist.m3u

2013-05-28 11:50 - 2012-04-20 19:19 - 00002462 ____A C:\Users\Will\Downloads\mariahdance.m3u

2013-05-25 13:37 - 2013-05-25 13:37 - 00008752 ____A C:\Users\Will\Documents\cc_20130525_133706.reg

2013-05-25 13:24 - 2013-02-18 12:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-05-24 23:47 - 2013-05-24 23:46 - 04924080 ____A C:\Users\Will\Downloads\Jennifer Lopez - Live It Up (Solo Version).mp4

2013-05-24 12:26 - 2006-11-02 08:34 - 00000338 ____A C:\Windows\win.ini

2013-05-24 11:33 - 2013-05-24 11:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-05-23 15:41 - 2013-05-23 15:41 - 00000191 ____A C:\Users\Will\Downloads\beautiful.m3u

2013-05-23 15:30 - 2013-05-23 15:30 - 14447646 ____A C:\Users\Will\Downloads\169389767.h264_2.f4v

2013-05-23 15:25 - 2013-05-23 15:25 - 00540467 ____A C:\Users\Will\Downloads\0300020100518CEB183379003E88039A44512C-FDEF-10C2-71CA-EB5931.flv

2013-05-20 16:07 - 2013-05-20 15:12 - 349765729 ____A C:\Users\Will\Downloads\The.Ryan.White.Story.1989.mp4

2013-05-20 12:02 - 2013-05-20 12:02 - 00000000 ____D C:\Users\Will\AppData\Local\{85F1BF08-1670-455E-B75D-A2EB7B2D8D73}

2013-05-20 11:31 - 2013-03-26 23:39 - 00000239 ____A C:\Users\Will\.swfinfo

2013-05-20 11:09 - 2013-05-20 10:46 - 10283537 ____A C:\Users\Will\Documents\quotes.psd

2013-05-19 19:00 - 2013-05-19 19:00 - 00000000 ____D C:\Users\Will\Documents\New Folder (2)

2013-05-17 22:50 - 2013-05-17 22:50 - 00000000 ____D C:\Users\Will\Downloads\Grace Potter & The Nocturnals - The Lion The Beast The Beat [Deluxe Version] (2012)

2013-05-17 14:57 - 2009-08-26 19:13 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-05-17 00:05 - 2013-06-15 03:02 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-16 23:27 - 2013-06-15 03:02 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-05-16 23:09 - 2013-06-15 03:02 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-05-16 23:02 - 2013-06-15 03:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-05-16 23:02 - 2013-06-15 03:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-05-16 23:01 - 2013-06-15 03:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-05-16 23:00 - 2013-06-15 03:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-05-16 22:58 - 2013-06-15 03:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-05-16 22:56 - 2013-06-15 03:02 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-05-16 22:56 - 2013-06-15 03:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-05-16 22:55 - 2013-06-15 03:02 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-05-16 22:54 - 2013-06-15 03:02 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-05-16 22:53 - 2013-06-15 03:02 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-05-16 22:51 - 2013-06-15 03:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-16 22:51 - 2013-06-15 03:03 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-05-16 22:46 - 2013-06-15 03:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-05-16 19:08 - 2013-06-15 03:02 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-05-16 18:49 - 2013-06-15 03:02 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-05-16 18:39 - 2013-06-15 03:02 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-05-16 18:28 - 2013-06-15 03:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-05-16 18:28 - 2013-06-15 03:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-05-16 18:27 - 2013-06-15 03:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-05-16 18:26 - 2013-06-15 03:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-05-16 18:23 - 2013-06-15 03:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-05-16 18:21 - 2013-06-15 03:02 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-05-16 18:21 - 2013-06-15 03:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-05-16 18:20 - 2013-06-15 03:03 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-05-16 18:19 - 2013-06-15 03:02 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-05-16 18:17 - 2013-06-15 03:03 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-05-16 18:17 - 2013-06-15 03:02 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-05-16 18:16 - 2013-06-15 03:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-05-16 18:12 - 2013-06-15 03:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-06-15 22:54

==================== End Of Log ============================

Link to post
Share on other sites

You know what happened......MBAR finally ran and finished cleaning the infection:

MBAR found the infection:

BCD Entry for BOOTEMS is missing

Malicious Entry 26000022 for BOOTEMS present!

Removal scheduling successful. System shutdown needed.

System shutdown occurred

But never ran when it rebooted the computer:

Could not load protection driver

Host not found

Initializing...

DDA Driver installation error.

-------------------------------------------------------

We have to fix these though: (Please create a new system restore point before continuing)

Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) please post it to your reply.

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.