Jump to content

Help Multiple Trojans (filename).exe contained a virus and was deleted.


Recommended Posts

Unable to download on Windows Vista computer. Gets most of the way through download and then comes back with (filename)  .exe contained a virus and was deleted.  Virus programs and firewalls are not working properly. Submitted files to HiJack This Support four days ago - no response.  Have submitted files to McAffee (response at end) using Susp file tool downloaded to unaffected system and transferred on disk. Susp file program ran in safe mode detected 85 files submitted to McAfee as logs it would not submit as samples but only detected around 4 suspicious files in regular mode. 

:huh: First instance of Stinger ran and or the analysis of Suspicious files found the following but did not necessarily Quarantine Trojan/PSW.VKont.bb2; (vrobot) Trojan Win32.Agent.44168; (TrendMicro Home-Call) TROJ_GEN.F47V0816; Artemis!F5CD45497111.  Instances of Stinger ran afterward detected nothing. Believe Stinger and other previously clean files now are infected.   

 

Link for HiJack this http://sourceforge.net/p/hjt/support-requests/30/  support request that contains the log files etc. . . . :ph34r:

 

Have ran the following programs from a clean computer burned disk but had trouble initializing most at first and took several attempts to run them. :wacko:

Trend Micro Anti Threat Toolkit

HiJack This

Get Susp

Rootkit Buster

Stinger32

Rootkit Remover

SuperDAT

7107xdat

removeklez

removebugbear

 

Unable to run or virus would not allow :angry2:

Mydoomscanner

Nightdragon

McAfee TechCheck

Security Scan

McAfee Setup

 

Have several directories detected in DOS that I do not recognize from around the time of infection can provide names if necessary.

 

Response from McAfee: :blink: Thank you for using the GetSusp tool and submitting your suspicious file(s). You will find detailed below, the status of each file in the submission after an initial analysis.

        SR Number               Creation Date                WorkItem ID        Machine Name           
        =========               ==============               ===========        ===========            
        None specified          6/24/2013 8:45:53 AM         958748             SHEILA-PC              


        File Name                           Findings                            Detection                           Type                               
        ---------                           --------                            ---------                           ----                               
        appcore.ex_                         clean                               analysed_clean                     
        appcore.resources.dl_               not_detected                        assumed_clean                      
        classicstarter.dl_                  clean                               analysed_clean                     
        assistcustomer.dl_                  clean                               analysed_clean                     
        audaemon.bi_                        not_detected                       
        ccme_base.dl_                       clean                               known_clean                        
        hphc_service.ex_                    clean                               analysed_clean                     
        libcurl.dl_                         not_detected                        Unknown                            
        cryptocme2.dl_                      clean                               known_clean                        
        finderhelper.dl_                    not_detected                        assumed_clean                      
        kbdstub.ex_                         clean                               known_clean                        
        hpsysdrv.ex_                        clean                               analysed_clean                     
        iau_sdk.ex_                         clean                               known_clean                        
        helperstarter.dl_                   clean                               analysed_clean                     
        sqlite3.dl_                         clean                               known_clean                        
        remengine.ex_                       clean                               analysed_clean                     
        runprofiler.ex_                     clean                               analysed_clean                     
        regutils.dl_                        clean                               analysed_clean                     
        ssleay32.dl_                        not_detected                        Unknown                            
        osd.ex_                             clean                               known_clean                        
        libeay32.dl_                        not_detected                        Unknown                            
        libexpatw.dl_                       clean                               known_clean                        

In the event that the files are not listed as known threats, the submission will be forwarded to a McAfee Labs Researcher for further analysis. You will be contacted by McAfee Labs through email with the results of that analysis.

Support -
 

Thank you for using the GetSusp tool and submitting your suspicious file(s). You will find detailed below, the status of each file in the submission after an initial analysis.

        SR Number               Creation Date                WorkItem ID        Machine Name           
        =========               ==============               ===========        ===========            
        None specified          6/24/2013 1:03:41 PM         959871             SHEILA-PC              


        File Name                           Findings                            Detection                           Type                               
        ---------                           --------                            ---------                           ----                               
        audaemon.bi_                        not_detected                        Unknown                            

In the event that the files are not listed as known threats, the submission will be forwarded to a McAfee Labs Researcher for further analysis. You will be contacted by McAfee Labs through email with the results of that analysis.
 

Similar response as follows to all other submissions to the same :angry2:

Thank you for using the GetSusp tool and submitting your suspicious file(s). Upon analysis (details listed below), we found that the submitted zip file contained only the logs generated during the GetSusp scan. The data in the logs will be used for prevalence purposes.


Filename                                              Failure Reason                                                                 Machine Name                                          
========                                              ==============                                                                 ========                                              
gsusp_9FE7B4CB0BD9_061913_172326.zip                  The submitted zip file has no viable samples for analysis                      SHEILA-PC                                             


There will be no further communication with respect to this submission. :wacko:

 

RootKitBusterDebug20130619_00.loghijackthis.loghijackthis.loghijackthis1.txthijackthis2.txthijackthis4.txt

Stinger_22062013_021416.html

 

 

-_- STUFF PRINTED FROM ABOVE LINK IF UNABLE TO VIEW

 

Milestone: v1.0_(example)

Status: open
Owner: nobody
 
Priority: 5
 
Updated: 4 days ago
Created: 4 days ago
Creator:Sheila
Private: No

 

 

 

Link to post
Share on other sites

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs
DDS.txt
Attach.txt
Save both reports to your desktop.
 
 
 
 
Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

Your in Germany?  I have family in Germany.  Only problem I have is I am unable to download to this desktop and when I download to any other desktop and try to run the program by way of disk on this computer the program I am trying to run becomes corrupted.

Link to post
Share on other sites

OK, I think we have some unwanted  visitors here...

 

 

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.


Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.

Link to post
Share on other sites

skip that. Do the following instead. If it fails to download, try in safe mode with networking ord download from another computer.

 

 

Scan with FRST


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.



On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt



  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.


It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

I ran the MBar and it came up with Malware but could not save log file.  Also, it was unable to update because that required a download which I cannot do.  I ran if from the cd to prevent corruption hence unable to save log file.  I will copy and/or use the paint program to see if you can get a look at the file prior to running the cleanup.  As far as the other program I had tried the system restore previously but it would not work.  I will attempt it again if the removal does not work as far as downloads with the MBar.

Link to post
Share on other sites

Here is the information found when I ran the Malware file found through Virustotal

 

 

Copyright

 

 

Copyright © Instsaller

 

 

 

Publisher Music Converter Technologies

 

 

Product Music Converter

 

 

Version 3.1.0.0

 

 

Internal name Installer Internal Name

 

 

File version 3.1.0.0

 

 

Description Music Converter Installer

 

 

 Packers identified

 

 

 

Command UPX

 

 

F-PROT UPX

 

 

 PE header basic information

 

 

 

Target machine Intel 386 or later processors and compatible processors

 

 

Compilation timestamp 1992-06-19 22:22:17

 

 

Link date 11:22 PM 6/19/1992

 

 

Entry Point 0x0010BBE0

 

 

Number of sections 3

 

 

 PE sections

 

 

 

NameVirtual addressVirtual sizeRaw sizeEntropyMD5

 

 

UPX0 409657753600.00 d41d8cd98f00b204e9800998ecf8427e

 

 

UPX1 5816325160965155847.94 693bcc8d68a54de2a48742e4d04e16ad

 

 

.rsrc 109772832768317445.42 ee54fd3a7da57f145859fb80d860aecd

 

 

 PE imports

 

 

 

 

[+] KERNEL32.DLL

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

[+] advapi32.dll

 

 

 

 

 

 

[+] comctl32.dll

 

 

 

 

 

 

[+] gdi32.dll

 

 

 

 

 

 

[+] oleaut32.dll

 

 

 

 

 

 

[+] user32.dll

 

 

 

 

 

 Number of PE resources by type

 

 

 

RT_STRING 14

 

 

RT_BITMAP 11

 

 

RT_GROUP_CURSOR 7

 

 

RT_CURSOR 7

 

 

RT_RCDATA 5

 

 

RT_ICON 4

 

 

RT_VERSION 2

 

 

RT_DIALOG 1

 

 

RT_MANIFEST 1

 

 

RT_GROUP_ICON 1

 

 

 Number of PE resources by language

 

 

 

NEUTRAL 43

 

 

ENGLISH US 10  File identification

 

 

 

MD5 5547b6b76106aa6f0f229bc8be75daf3

 

 

SHA1 45feb3259dae661837d7b5db5ed115b181d5a52c

 

 

SHA256 ecccf63fad0ba33289b957f20a85629dde7acecd1f2fadb04364bab92b6da52d

 

 

 

ssdeep

 

 

12288:LRnLc9WwaJsKS4axSKMR8kbQ/3jeRw70kdjiPb76JMMy:LRLnwaPKMRfbg3jeRM0kVg7GMMy

 

 

 

File size 535.5 KB ( 548352 bytes )

 

 

File type Win32 EXE

 

 

 

Magic literal

 

 

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

 

 

 

 

 

 

TrID

 

 

UPX compressed Win32 Executable (45.1%)

 

Win32 EXE Yoda's Crypter (39.2%)

 

Win32 Executable (generic) (6.6%)

 

Win16/32 Executable Delphi generic (3.0%)

 

Generic Win/DOS Executable (2.9%)

 

 

 

 

 VirusTotal metadata

 

 

 

First submission 2013-06-28 10:42:48 UTC ( 34 minutes ago )

 

 

Last submission 2013-06-28 10:42:48 UTC ( 34 minutes ago )

 

 

 

 

 

File names

 

 

MusicConverterSetup.exe

 

Installer Internal Name

 

 

 

 

 Advanced heuristic and reputation engines

 

 

 

 

ClamAV PUA

 

 

Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua〈=en .

 

 

 

Symantec reputation Suspicious.Insight 

I used the MBAR to clean it but could not save the log file.

Link to post
Share on other sites

Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.

 

 

 Opened files

 

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\000123DD.log (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\blank.gif (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\css\buttons.css (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\css\ie6_main.css (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\css\main.css (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\css\sdk-ui\browse.css (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\css\sdk-ui\button.css (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\css\sdk-ui\checkbox.css (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\css\sdk-ui\images\button-bg.png (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\css\sdk-ui\images\progress-bg.png (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\css\sdk-ui\progress-bar.css (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\defaultOffer\offer_code.dat (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\defaultOffer\offer_html.dat (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\defaultOffer\US\offer_code.dat (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\defaultOffer\US\offer_html.dat (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\images\back-button.png (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\images\Bg.jpg (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\images\close_button.png (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\images\finish-button.png (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\images\finish_button.jpg (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\images\icon.png (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\images\loader.gif (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\images\next-button-over.png (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\images\next-button.png (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\images\progress-bg.png (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\images\skip-button.png (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\images\Software.png (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\license.txt (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\locale\EN.locale (successful)

 

 

\\.\PIPE\lsarpc (successful)

 

 

\\.\pipe\1VtP0GtCtTtGtT0M2Y1B1L1RtT0C1F1G2X1P1C2Z1P1CtP1V (failed)

 

 

\\.\pipe\1VtP0GtCtTtGtT0M2Y1B1L1RtT0C1F1G2X1P1C2Z1P1CtP1V_TEST (successful)

 

 

C:\WINDOWS\Registration\R000000000007.clb (successful)

 

 

C:\Program Files\Internet Explorer\iexplore.exe (successful)

 

 

\\.\Ip (successful)

 

 

C:\WINDOWS\system32\hnetcfg.dll\3 (failed)

 

 

C:\WINDOWS\system32\hnetcfg.dll (successful)

 

 

C:\WINDOWS\system32\stdole2.tlb (successful)

 

 

C:\ecccf63fad0ba33289b957f20a85629dde7acecd1f2fadb04364bab92b6da52d (successful)

 

 

C:\WINDOWS\system32\shdocvw.dll (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\bootstrap_21850.html (successful)

 

 

c:\autoexec.bat (successful)

 

 

\\.\MountPointManager (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\bootstrap_21850.html (successful)

 

 

C:\WINDOWS\WindowsShell.manifest (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\css\sdk-ui\progress-bar.css (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\css\sdk-ui\checkbox.css (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\css\sdk-ui\browse.css (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\css\sdk-ui\button.css (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\css\main.css (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\css\buttons.css (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\css\ie6_main.css (successful)

 

 

C:\PROGRA~1\is75168.log (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\000125AA.log (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ICReinstall_ecccf63fad0ba33289b957f20a85629dde7acecd1f2fadb04364bab92b6da52d (successful)

 

 

\\.\PIPE\srvsvc (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ICReinstall_ecccf63fad0ba33289b957f20a85629dde7acecd1f2fadb04364bab92b6da52d (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ (successful)

 

 

C:\Documents and Settings\<USER>\Desktop\Continue FoxTab Music Converter Installation.lnk (successful)

 

 

\\.\PIPE\wkssvc (successful)

 

 

C:\ECCCF6~1 (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\images\bg.jpg (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\css\sdk-ui\images\progress-bg.png (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\images\loader.gif (successful)

 

 

C:\WINDOWS\system32\dxtmsft.dll (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\images\Software.png (successful)

 

 

C:\WINDOWS\system32\dxtrans.dll (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\images\next-button.png (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\images\icon.png (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\images\close_button.png (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\images\skip-button.png (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\images\back-button.png (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\images\finish-button.png (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\0001264A.log (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\is1438683437\131593377.cfg (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\is1438683437\1572444273.cfg (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\is1438683437\37374_Setup.CIS (successful)

 

Contract

 

 Read files

 

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\000123DD.log (successful)

 

 

C:\WINDOWS\Registration\R000000000007.clb (successful)

 

 

C:\WINDOWS\system32\hnetcfg.dll (successful)

 

 

C:\WINDOWS\system32\stdole2.tlb (successful)

 

 

C:\ecccf63fad0ba33289b957f20a85629dde7acecd1f2fadb04364bab92b6da52d (successful)

 

 

C:\WINDOWS\system32\shdocvw.dll (successful)

 

 

c:\autoexec.bat (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\bootstrap_21850.html (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\css\sdk-ui\progress-bar.css (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\css\sdk-ui\checkbox.css (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\css\sdk-ui\browse.css (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\css\sdk-ui\button.css (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\css\main.css (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\css\buttons.css (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\css\ie6_main.css (successful)

 

 

C:\PROGRA~1\is75168.log (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\000125AA.log (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ICReinstall_ecccf63fad0ba33289b957f20a85629dde7acecd1f2fadb04364bab92b6da52d (successful)

 

 

C:\ECCCF6~1 (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\images\bg.jpg (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\license.txt (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\css\sdk-ui\images\progress-bg.png (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\locale\EN.locale (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\images\loader.gif (successful)

 

 

C:\WINDOWS\system32\dxtmsft.dll (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\images\Software.png (successful)

 

 

C:\WINDOWS\system32\dxtrans.dll (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\images\next-button.png (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\images\icon.png (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\images\close_button.png (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\images\skip-button.png (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\images\back-button.png (successful)

 

 

C:\Documents and Settings\<USER>\Local Settings\Temp\ish74717\images\finish-button.png (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\0001264A.log (successful)

 

Contract

 

 Written files

 

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\000123DD.log (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\blank.gif (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\css\buttons.css (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\css\ie6_main.css (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\css\main.css (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\css\sdk-ui\browse.css (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\css\sdk-ui\button.css (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\css\sdk-ui\checkbox.css (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\css\sdk-ui\images\button-bg.png (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\css\sdk-ui\images\progress-bg.png (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\css\sdk-ui\progress-bar.css (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\defaultOffer\offer_code.dat (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\defaultOffer\offer_html.dat (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\defaultOffer\US\offer_code.dat (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\defaultOffer\US\offer_html.dat (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\images\back-button.png (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\images\Bg.jpg (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\images\close_button.png (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\images\finish-button.png (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\images\finish_button.jpg (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\images\icon.png (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\images\loader.gif (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\images\next-button-over.png (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\images\next-button.png (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\images\progress-bg.png (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\images\skip-button.png (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\images\Software.png (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\license.txt (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\locale\EN.locale (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\bootstrap_21850.html (successful)

 

 

C:\PROGRA~1\is75168.log (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\000125AA.log (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ICReinstall_ecccf63fad0ba33289b957f20a85629dde7acecd1f2fadb04364bab92b6da52d (successful)

 

 

C:\Documents and Settings\<USER>\Desktop\Continue FoxTab Music Converter Installation.lnk (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\0001264A.log (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\is1438683437\131593377.cfg (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\is1438683437\1572444273.cfg (successful)

 

Contract

 

 Deleted files

 

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\000123DD.log (successful)

 

 

C:\PROGRA~1\is75168.log (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\000125AA.log (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ish74717\bootstrap_21850.html (successful)

 

 

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\0001264A.log (successful)

 

 

 Set keys

 

 

 

KEY: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\ecccf63fad0ba33289b957f20a85629dde7acecd1f2fadb04364bab92b6da52d

 

TYPE: REG_SZ

 

VALUE: C:\ecccf63fad0ba33289b957f20a85629dde7acecd1f2fadb04364bab92b6da52d:*:Enabled:FoxTab Music Converter Installer (successful)

 

 

KEY: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProxyBypass

 

TYPE: REG_DWORD

 

VALUE: 1 (successful)

 

 

KEY: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\IntranetName

 

TYPE: REG_DWORD

 

VALUE: 1 (successful)

 

 

KEY: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\UNCAsIntranet

 

TYPE: REG_DWORD

 

VALUE: 1 (successful)

 

 

KEY: HKEY_USERS\S-1-5-21-1275210071-920026266-1060284298-1003\Software\Microsoft\windows\CurrentVersion\Internet Settings\MigrateProxy

 

TYPE: REG_DWORD

 

VALUE: 1 (successful)

 

 

KEY: HKEY_USERS\S-1-5-21-1275210071-920026266-1060284298-1003\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable

 

TYPE: REG_DWORD

 

VALUE: 0 (successful)

 

 

KEY: HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable

 

TYPE: REG_DWORD

 

VALUE: 0 (successful)

 

 

KEY: HKEY_USERS\S-1-5-21-1275210071-920026266-1060284298-1003\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings

 

TYPE: REG_BINARY

 

VALUE:(successful)

 

 

KEY: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20cd692-8e41-11e1-9999-806d6172696f}\\BaseClass

 

TYPE: REG_SZ

 

VALUE: Drive (successful)

 

 

KEY: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop

 

TYPE: REG_SZ

 

VALUE: C:\Documents and Settings\<USER>\Desktop (successful)

 

 

KEY: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Personal

 

TYPE: REG_SZ

 

VALUE: C:\Documents and Settings\<USER>\My Documents (successful)

 

 

KEY: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Documents

 

TYPE: REG_SZ

 

VALUE: C:\Documents and Settings\All Users\Documents (successful)

 

 

KEY: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop

 

TYPE: REG_SZ

 

VALUE: C:\Documents and Settings\All Users\Desktop (successful)

 

 

KEY: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Start Menu

 

TYPE: REG_SZ

 

VALUE: C:\Documents and Settings\<USER>\Start Menu (successful)

 

 

KEY: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Start Menu

 

TYPE: REG_SZ

 

VALUE: C:\Documents and Settings\All Users\Start Menu (successful)

 

 

KEY: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\My Pictures

 

TYPE: REG_SZ

 

VALUE: C:\Documents and Settings\<USER>\My Documents\My Pictures (successful)

 

 

KEY: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\CommonPictures

 

TYPE: REG_SZ

 

VALUE: C:\Documents and Settings\All Users\Documents\My Pictures (successful)

 

 

KEY: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\CommonMusic

 

TYPE: REG_SZ

 

VALUE: C:\Documents and Settings\All Users\Documents\My Music (successful)

 

 

KEY: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\CommonVideo

 

TYPE: REG_SZ

 

VALUE: C:\Documents and Settings\All Users\Documents\My Videos (successful)

 

 

KEY: HKEY_LOCAL_MACHINE\Software\Microsoft\DirectDraw\MostRecentApplication\Name

 

TYPE: REG_SZ

 

VALUE: ecccf63fad0ba33289b957f20a85629dde7acecd1f2fadb04364bab92b6da52d (successful)

 

 

KEY: HKEY_LOCAL_MACHINE\Software\Microsoft\DirectDraw\MostRecentApplication\ID

 

TYPE: REG_DWORD

 

VALUE: 25 (successful)

 

Contract

 

 Created mutexes

 

 

 

RasPbFile (failed)

 

 

CTF.LBES.MutexDefaultS-1-5-21-1275210071-920026266-1060284298-1003 (successful)

 

 

CTF.Compart.MutexDefaultS-1-5-21-1275210071-920026266-1060284298-1003 (successful)

 

 

CTF.Asm.MutexDefaultS-1-5-21-1275210071-920026266-1060284298-1003 (successful)

 

 

CTF.Layouts.MutexDefaultS-1-5-21-1275210071-920026266-1060284298-1003 (successful)

 

 

CTF.TMD.MutexDefaultS-1-5-21-1275210071-920026266-1060284298-1003 (successful)

 

 

MSIMGSIZECacheMutex (successful)

 

 

DDrawWindowListMutex (successful)

 

 

DDrawDriverObjectListMutex (successful)

 

 

__DDrawExclMode__ (successful)

 

 

__DDrawCheckExclMode__ (successful)

 

Contract

 

 Opened mutexes

 

 

 

RasPbFile (successful)

 

 

 Searched windows

 

 

 

CLASS: MS_AutodialMonitor

 

NAME: (null)

 

 

CLASS: MS_WebcheckMonitor

 

NAME: (null)

 

 

 Opened service managers

 

 

 

MACHINE: localhost

 

DATABASE: SERVICES_ACTIVE_DATABASE (successful)

 

 

 Opened services

 

 

 

RemoteAccess (successful)

 

 

Router (failed)

 

 

RASMAN (successful)

 

 

 Hooking activity

 

 

 

TYPE: WH_MOUSE

 

METHOD: SetWindowsHook (successful)

 

 

TYPE: WH_KEYBOARD

 

METHOD: SetWindowsHook (successful)

 

 

 Runtime DLLs

 

 

 

kernel32.dll (successful)

 

 

advapi32.dll (successful)

 

 

comctl32.dll (successful)

 

 

gdi32.dll (successful)

 

 

oleaut32.dll (successful)

 

 

user32.dll (successful)

 

 

olepro32.dll (successful)

 

 

rpcrt4.dll (successful)

 

 

clbcatq.dll (successful)

 

 

urlmon.dll (successful)

 

 

sxs.dll (successful)

 

 

riched20.dll (successful)

 

 

iphlpapi.dll (successful)

 

 

shell32.dll (successful)

 

 

ole32.dll (successful)

 

 

wininet.dll (successful)

 

 

secur32.dll (successful)

 

 

mprapi.dll (successful)

 

 

shlwapi.dll (successful)

 

 

wsock32 (successful)

 

 

ws2_32 (successful)

 

 

rasapi32.dll (successful)

 

 

rtutils.dll (successful)

 

 

sensapi.dll (successful)

 

 

ntdll.dll (successful)

 

 

userenv.dll (successful)

 

 

netapi32.dll (successful)

 

 

c:\windows\system32\mswsock.dll (successful)

 

 

dnsapi.dll (successful)

 

 

rasadhlp.dll (successful)

 

 

hnetcfg.dll (successful)

 

 

c:\windows\system32\wshtcpip.dll (successful)

 

 

setupapi.dll (successful)

 

 

mlang.dll (successful)

 

 

c:\windows\system32\shdoclc.dll (successful)

 

 

ole32 (successful)

 

 

c:\windows\system32\imm32.dll (successful)

 

 

imm32.dll (successful)

 

 

ntshrui.dll (successful)

 

 

linkinfo.dll (successful)

 

 

netapi32 (successful)

 

 

uxtheme.dll (successful)

 

 

imgutil.dll (successful)

 

 

ddraw.dll (successful)

 

 

c:\windows\system32\kernel32.dll (successful)

 

Contract

 

 Additional details

 

 

 

The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.

 

 

The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.

 

 

 DNS requests

 

 

 

os.solvefile.com (127.0.0.1)

 

 

cdnus.solvefile.com (127.0.0.1)

 

 

cdneu.solvefile.com (127.0.0.1)

 

 

 UDP communications

 

 

 

<MACHINE_DNS_SERVER>:53 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-06-2013

 

Ran by SYSTEM on 28-06-2013 06:42:44

 

Running from F:\

 

Windows Vista Home Premium (X86) OS Language: English(US)

 

Internet Explorer Version 9

 

Boot Mode: Recovery

 

 

The current controlset is ControlSet001

 

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

 

 

==================== Registry (Whitelisted) ==================

 

 

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]

 

HKLM\...\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [118784 2007-02-15] (OsdMaestro)

 

HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2008-05-22] (NVIDIA Corporation)

 

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13539872 2008-05-22] (NVIDIA Corporation)

 

HKLM\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1278064 2013-03-13] (McAfee, Inc.)

 

HKLM\...\Run: [KBD] C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()

 

HKLM\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)

 

HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

 

HKLM\...\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [x]

 

HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1851192 2012-11-04] (Logitech, Inc.)

 

HKLM\...\Run: [bingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe /fromkey [2249352 2013-06-05] (Microsoft Corp.)

 

HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40048 2007-05-11] (Adobe Systems Incorporated)

 

HKLM\...\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe [1103184 2010-12-17] (Trend Micro Inc.)

 

HKLM\...\Run: [TMWebProtectTray] "C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe" [288272 2011-03-16] (Trend Micro Inc.)

 

HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [ 2007-10-03] (Hewlett-Packard)

 

HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [ 2007-10-03] (Hewlett-Packard)

 

HKU\Guest\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [ 2007-10-03] (Hewlett-Packard)

 

HKU\Sheila\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]

 

HKU\Sheila\...\Run: [spotify Web Helper] "C:\Users\Sheila\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [x]

 

HKU\Sheila\...\Run: [spotify] "C:\Users\Sheila\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [x]

 

HKU\Sheila\...\Run: [GoogleChromeAutoLaunch_D9729E38D89CCACF7B8147D4144220E0] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window [ 2013-06-14] (Google Inc.)

 

HKU\Sheila\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-18] (Microsoft Corporation)

 

Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

 

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

 

 

========================== Services (Whitelisted) =================

 

 

S4 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-05] (Microsoft Corp.)

 

S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard)

 

S2 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [1027792 2012-07-26] (iolo technologies, LLC)

 

S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)

 

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)

 

S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)

 

S2 mcmscsvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)

 

S2 McNaiAnn; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)

 

S2 McNASvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)

 

S2 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-11-16] (McAfee, Inc.)

 

S2 McProxy; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)

 

S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203840 2013-02-19] (McAfee, Inc.)

 

S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-02-19] (McAfee, Inc.)

 

S2 mfevtp; C:\Windows\system32\mfevtps.exe [172416 2013-02-19] (McAfee, Inc.)

 

S2 MSK80Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)

 

S2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()

 

S2 RUBotSrv; C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe [439632 2010-12-17] (Trend Micro Inc.)

 

S2 TmProxy; C:\Program Files\Trend Micro\Web Protection Add-On\TmProxy.exe [685320 2009-03-11] (Trend Micro Inc.)

 

S2 TMWebProtect; C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtect.exe [579088 2011-03-16] (Trend Micro Inc.)

 

S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

 

 

==================== Drivers (Whitelisted) ====================

 

 

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-02-19] (McAfee, Inc.)

 

S3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [19688 2012-09-21] (Logitech Inc.)

 

S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2012-07-26] (EldoS Corporation)

 

S1 FileDisk; C:\Windows\System32\Drivers\FileDisk.sys [9341 2012-07-26] (iolo technologies, LLC (based on original work by Bo Brantén))

 

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [146872 2012-04-20] (McAfee, Inc.)

 

S3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [39608 2012-09-18] (Logitech, Inc.)

 

S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30392 2012-09-18] (Logitech, Inc.)

 

S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133416 2013-02-19] (McAfee, Inc.)

 

S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235264 2013-02-19] (McAfee, Inc.)

 

S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-02-19] (McAfee, Inc.)

 

S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [363080 2013-02-19] (McAfee, Inc.)

 

S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565888 2013-02-19] (McAfee, Inc.)

 

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92632 2013-02-19] (McAfee, Inc.)

 

S1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [210608 2013-02-19] (McAfee, Inc.)

 

S3 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)

 

S2 tmrkb; C:\Windows\System32\DRIVERS\tmrkb.sys [131720 2013-06-19] (trend_company_name)

 

S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [83728 2009-03-11] (Trend Micro Inc.)

 

S3 xcbdaNtsc; C:\Windows\System32\DRIVERS\xcbda.sys [156928 2007-09-07] (ViXS Systems Inc.)

 

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]

 

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

 

S4 mbamswissarmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [x]

 

S3 mfeavfk01; No ImagePath

 

S3 MFE_RR; \??\C:\Users\Sheila\AppData\Local\Temp\mfe_rr.sys [x]

 

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

 

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

 

 

========================== Drivers MD5 =======================

 

 

C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7

 

C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\adpu160m.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\afd.sys 3911B972B55FEA0478476B2E777B29FA

 

C:\Windows\System32\DRIVERS\AGRSM.sys CE91B158FA490CF4C4D487A4130F4660

 

C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\aliide.sys 90395B64600EBB4552E26E178C94B2E4

 

C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\amdide.sys 0577DF1D323FE75A739C787893D300EA

 

C:\Windows\system32\drivers\amdk7.sys ==> MD5 is legit

 

C:\Windows\System32\DRIVERS\amdk8.sys 93AE7F7DD54AB986A6F1A1B37BE7442D

 

C:\Windows\system32\drivers\arc.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit

 

C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1

 

C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4

 

C:\Windows\System32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6

 

C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA

 

C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit

 

C:\Windows\System32\DRIVERS\BthEnum.sys 6D39C954799B63BA866910234CF7D726

 

C:\Windows\System32\DRIVERS\bthmodem.sys 9A966A8E86D1771911AE34A20D11BFF3

 

C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A

 

C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314

 

C:\Windows\System32\drivers\cfwids.sys 25C323075C5EA4A2555E35355A01F793

 

C:\Windows\System32\DRIVERS\circlass.sys E5D4133F37219DBCFE102BC61072589D

 

C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132

 

C:\Windows\system32\drivers\cmdide.sys 45201046C776FFDAF3FC8A0029C581C8

 

C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit

 

C:\Windows\System32\DRIVERS\lvbusflt.sys 4AD85E8C1B15E594AFCCB4F4F46CF1E2

 

C:\Windows\System32\drivers\crcdisk.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\crusoe.sys ==> MD5 is legit

 

C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C

 

C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A

 

C:\Windows\System32\DRIVERS\Dot4.sys 4F59C172C094E1A1D46463A8DC061CBD

 

C:\Windows\System32\DRIVERS\Dot4Prt.sys 80BF3BA09F6F2523C8F6B7CC6DBF7BD5

 

C:\Windows\System32\DRIVERS\dot4usb.sys C55004CA6B419B6695970DFE849B122F

 

C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80

 

C:\Windows\System32\drivers\dxgkrnl.sys 5DE0FAEC9E5D1AAE74F8568897891A01

 

C:\Windows\System32\DRIVERS\E1G60I32.sys ==> MD5 is legit

 

C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371

 

C:\Windows\system32\drivers\ElRawDsk.sys 5ED4141A6ABAB76841CD0BE16D8110BF

 

C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit

 

C:\Windows\System32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE

 

C:\Windows\System32\Drivers\fastfat.sys 1E9B9A70D332103C52995E957DC09EF8

 

C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit

 

C:\Windows\System32\Drivers\FileDisk.sys 0694585D54BF46379CE41AEE2B6864AA

 

C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F

 

C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE

 

C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit

 

C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05

 

C:\Windows\System32\DRIVERS\fssfltr.sys D909075FA72C090F27AA926C32CB4612

 

C:\Windows\System32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5

 

C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit

 

C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit

 

C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A

 

C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit

 

C:\Windows\System32\DRIVERS\hidir.sys F24393C44FDFE2E5E9F416FD3BDF98E2

 

C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC

 

C:\Windows\System32\drivers\HipShieldK.sys D61E53E3FEC0C92BC8DD3969FAD63F87

 

C:\Windows\system32\drivers\hpcisss.sys ==> MD5 is legit

 

C:\Windows\System32\drivers\HTTP.sys F870AA3E254628EBEAFE754108D664DE

 

C:\Windows\system32\drivers\i2omp.sys ==> MD5 is legit

 

C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD

 

C:\Windows\system32\drivers\iastorv.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit

 

C:\Windows\System32\drivers\RTKVHDA.sys 84ED2154239F9D013BBD3220755ADA8B

 

C:\Windows\system32\drivers\intelide.sys 97469037714070E45194ED318D636401

 

C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit

 

C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3

 

C:\Windows\system32\drivers\ipmidrv.sys ==> MD5 is legit

 

C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68

 

C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9

 

C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit

 

C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034

 

C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit

 

C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E

 

C:\Windows\System32\DRIVERS\kbdhid.sys EDE59EC70E25C24581ADD1FBEC7325F7

 

C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20

 

C:\Windows\System32\DRIVERS\LHidFilt.Sys 5001C2B3557B53DED02ABED3BCC6FD2D

 

C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6

 

C:\Windows\System32\DRIVERS\LMouFilt.Sys 3AD9369E5D17014971A11728F198994C

 

C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC

 

C:\Windows\System32\Drivers\LUsbFilt.Sys C8CC93D6677DB60C5454C4FF0DC88495

 

C:\Windows\System32\DRIVERS\lvrs.sys BA1347822D01B2D29C14CF09663A6457

 

C:\Windows\System32\DRIVERS\lvuvc.sys E2C99D3B692BA2173114C9DF79313B70

 

C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit

 

C:\Windows\System32\drivers\mfeapfk.sys 6708AD7D9ABDD6FDE1EB9B54FFE426B0

 

C:\Windows\System32\drivers\mfeavfk.sys 375DE90B68533D9D0D7766D4CCB4CA32

 

C:\Windows\System32\drivers\mfebopk.sys 5ED806D4DF27AC11236BD9AD2CC10B7E

 

C:\Windows\System32\drivers\mfefirek.sys 16BF9475BFCFAA420A8CB29E40284457

 

C:\Windows\System32\drivers\mfehidk.sys 875452ECDF4AEBE12B8C2EFD8599A36F

 

C:\Windows\System32\drivers\mferkdet.sys D669ACBE7672819109706C3CFF6BD1DB

 

C:\Windows\System32\drivers\mfewfpk.sys 28A9A52052006AC4B5EF1992C2984252

 

C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA

 

C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8

 

C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263

 

C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F

 

C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600

 

C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit

 

C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E

 

C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\mrxdav.sys 82CEA0395524AACFEB58BA1448E8325C

 

C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2

 

C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03

 

C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C

 

C:\Windows\system32\drivers\msahci.sys 742AED7939E734C36B7E8D6228CE26B7

 

C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit

 

C:\Windows\System32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515

 

C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62

 

C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07

 

C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E

 

C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B

 

C:\Windows\System32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB

 

C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C

 

C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A

 

C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C

 

C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416

 

C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42

 

C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61

 

C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389

 

C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3

 

C:\Windows\System32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3

 

C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78

 

C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6

 

C:\Windows\System32\DRIVERS\netr73.sys C9AFE484B3645DA74FD459F45E4F756F

 

C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit

 

C:\Windows\System32\drivers\npf.sys B9730495E0CF674680121E34BD95A73B

 

C:\Windows\System32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26

 

C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF

 

C:\Windows\System32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7

 

C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit

 

C:\Windows\System32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E

 

C:\Windows\System32\DRIVERS\nvmfdx32.sys D958A2B5F6AD5C3B8CCDC4D7DA62466C

 

C:\Windows\System32\DRIVERS\nvlddmkm.sys FBBA09782F2FAC5A57619DF378BA9372

 

C:\Windows\system32\drivers\nvraid.sys E69E946F80C1C31C53003BFBF50CBB7C

 

C:\Windows\system32\drivers\nvstor.sys 9E0BA19A28C498A6D323D065DB76DFFC

 

C:\Windows\System32\DRIVERS\nvstor32.sys 95FD0E2FFFF1061B007B44B77BB913B0

 

C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit

 

C:\Windows\System32\DRIVERS\ohci1394.sys 6F310E890D46E246E0E261A63D9B36B4

 

C:\Windows\system32\drivers\parport.sys ==> MD5 is legit

 

C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9

 

C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit

 

C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB

 

C:\Windows\System32\drivers\pciide.sys 1636D43F10416AEB483BC6001097B26C

 

C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit

 

C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit

 

C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1

 

C:\Windows\system32\drivers\processr.sys ==> MD5 is legit

 

C:\Windows\System32\DRIVERS\PS2.sys 390C204CED3785609AB24E9C52054A84

 

C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA

 

C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7

 

C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3

 

C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0

 

C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF

 

C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D

 

C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935

 

C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899

 

C:\Windows\system32\drivers\rdpdr.sys ==> MD5 is legit

 

C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C

 

C:\Windows\System32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A

 

C:\Windows\System32\DRIVERS\rfcomm.sys 6482707F9F4DA0ECBAB43B2E0398A101

 

C:\Windows\System32\DRIVERS\RMCAST.sys EEC7EE5675294B03E88AA868540007C1

 

C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD

 

C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit

 

C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\serial.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624

 

C:\Windows\system32\drivers\sffdisk.sys 51CF56AA8BCC241F134B420B8F850406

 

C:\Windows\system32\drivers\sffp_mmc.sys 96DED8B20C734AC41641CE275250E55D

 

C:\Windows\system32\drivers\sffp_sd.sys 8B08CAB1267B2C377883FC9E56981F90

 

C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\sisraid2.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit

 

C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04

 

C:\Windows\System32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF

 

C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91

 

C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF

 

C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44

 

C:\Windows\System32\DRIVERS\sscdbus.sys D6870895FE46A464A19141440EB6CC1E

 

C:\Windows\System32\DRIVERS\sscdmdfl.sys 0FE167362E4689B716CDC8D93ADEDDA8

 

C:\Windows\System32\DRIVERS\sscdmdm.sys 55A15707E32B6709242AD127E62CA55A

 

C:\Windows\System32\DRIVERS\sscdserd.sys 9FA66E361A99F8920C7609BAE6814A0E

 

C:\Windows\System32\DRIVERS\ss_bus.sys 5A1D0CA8A5F1E7B4EC50B9D76C001F0E

 

C:\Windows\System32\DRIVERS\ss_mdfl.sys F0A85580E36A3A85059037D39A9CF079

 

C:\Windows\System32\DRIVERS\ss_mdm.sys 84C3DBFD1BFA4ADC0A950B3D5506CB00

 

C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56

 

C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit

 

C:\Windows\System32\drivers\tcpip.sys 548E198BAE21EFC21F8B5F0C1728AD27

 

C:\Windows\System32\DRIVERS\tcpip.sys 548E198BAE21EFC21F8B5F0C1728AD27

 

C:\Windows\System32\drivers\tcpipreg.sys 608C345A255D82A6289C2D468EB41FD7

 

C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56

 

C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021

 

C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54

 

C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7

 

C:\Windows\System32\DRIVERS\tmrkb.sys 5BA5625C93E63B5CE6A0E2E256A12843

 

C:\Windows\System32\DRIVERS\tmtdi.sys CE4B8BF9FBAD5957FFB3FCA281759540

 

C:\Windows\System32\DRIVERS\tssecsrv.sys DCF0F056A2E4F52287264F5AB29CF206

 

C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38

 

C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C

 

C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit

 

C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6

 

C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\uliahci.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit

 

C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2

 

C:\Windows\System32\drivers\usbaudio.sys 32DB9517628FF0D070682AAB61E688F0

 

C:\Windows\System32\DRIVERS\usbccgp.sys CAF811AE4C147FFCD5B51750C7F09142

 

C:\Windows\System32\DRIVERS\usbcir.sys ==> MD5 is legit

 

C:\Windows\System32\DRIVERS\usbehci.sys 79E96C23A97CE7B8F14D310DA2DB0C9B

 

C:\Windows\System32\DRIVERS\usbhub.sys 4673BBCB006AF60E7ABDDBE7A130BA42

 

C:\Windows\System32\DRIVERS\usbohci.sys CE697FEE0D479290D89BEC80DFE793B7

 

C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5

 

C:\Windows\System32\DRIVERS\usbscan.sys A508C9BD8724980512136B039BBA65E9

 

C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD

 

C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legit

 

C:\Windows\System32\Drivers\usbvideo.sys 46F3A2912EF88CD8E87D4F9B304CD949

 

C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit

 

C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C

 

C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\viaide.sys FD2E3175FCADA350C7AB4521DCA187EC

 

C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43

 

C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28

 

C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A

 

C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit

 

C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit

 

C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26

 

C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26

 

C:\Windows\system32\drivers\wd.sys ==> MD5 is legit

 

C:\Windows\System32\drivers\Wdf01000.sys A840213F1ACDCC175B4D1D5AAEAC0D7A

 

C:\Windows\System32\DRIVERS\WinUSB.SYS 676F4B665BDD8053EAA53AC1695B8074

 

C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit

 

C:\Windows\System32\DRIVERS\wpdusb.sys DE9D36F91A4DF3D911626643DEBF11EA

 

C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C

 

C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070

 

C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF

 

C:\Windows\System32\DRIVERS\xcbda.sys DA57C74AAEABD6F97F404151069BE42E

 

 

==================== NetSvcs (Whitelisted) ===================

 

 

 

==================== One Month Created Files and Folders ========

 

 

2013-06-28 06:42 - 2013-06-28 06:42 - 00000000 ____D C:\FRST

 

2013-06-28 03:15 - 2013-06-28 03:39 - 00000000 ____D C:\Users\Sheila\Desktop\mbar

 

2013-06-28 02:05 - 2013-06-28 03:39 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

 

2013-06-28 02:05 - 2013-06-28 03:39 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes' Anti-Malware (portable)

 

2013-06-28 02:03 - 2013-06-28 02:03 - 00000000 ____D C:\ProgramData\Malwarebytes

 

2013-06-28 02:03 - 2013-06-28 02:03 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes

 

2013-06-24 14:19 - 2013-06-24 14:54 - 00000624 ____A C:\Users\Sheila\Desktop\ark.txt

 

2013-06-24 14:10 - 2013-07-24 19:57 - 00368554 ____A C:\Users\Sheila\Desktop\gmer.zip

 

2013-06-24 14:10 - 2013-06-24 14:10 - 00000000 ____D C:\Users\Sheila\Desktop\gmer

 

2013-06-24 13:57 - 2013-06-24 13:57 - 00144592 ____A C:\Windows\Minidump\Mini062413-01.dmp

 

2013-06-24 13:55 - 2013-06-24 14:26 - 00000000 ____D C:\Users\Sheila\Local Settings\CrashDumps

 

2013-06-24 13:55 - 2013-06-24 14:26 - 00000000 ____D C:\Users\Sheila\Local Settings\Application Data\CrashDumps

 

2013-06-24 13:55 - 2013-06-24 14:26 - 00000000 ____D C:\Users\Sheila\AppData\Local\CrashDumps

 

2013-06-24 13:50 - 2013-06-24 13:50 - 00022733 ____A C:\Users\Sheila\Desktop\attach.txt

 

2013-06-24 13:50 - 2013-06-24 13:50 - 00014510 ____A C:\Users\Sheila\Desktop\dds.txt

 

2013-06-24 02:55 - 2013-06-24 02:03 - 03992792 ____A C:\Users\Sheila\Desktop\McAfee_TechCheck.exe

 

2013-06-23 21:12 - 2013-06-24 01:42 - 00669304 ____A C:\Users\Sheila\Desktop\kremove.exe

 

2013-06-23 17:16 - 2013-06-23 17:16 - 00000291 ____A C:\Users\Sheila\Desktop\RootkitRemover20130623191630.txt

 

2013-06-23 17:15 - 2013-06-23 17:15 - 00000000 ____D C:\Users\Sheila\Desktop\ND-1008

 

2013-06-23 16:45 - 2013-06-23 16:45 - 00000000 ____D C:\Users\Sheila\recovered

 

2013-06-20 03:14 - 2013-06-28 04:32 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

 

2013-06-20 03:14 - 2013-06-20 03:14 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

 

2013-06-20 03:14 - 2013-06-20 03:14 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

 

2013-06-20 02:14 - 2013-06-20 02:14 - 03316528 ____A C:\SHEILA-PC_2013.06.20-0408.46_CAC4240C-005E-00E3-00FE-00568B345992_1626.zip

 

2013-06-19 19:49 - 2013-06-19 19:49 - 00000000 ____D C:\ProgramData\Trend Micro

 

2013-06-19 19:49 - 2013-06-19 19:49 - 00000000 ____D C:\ProgramData\Application Data\Trend Micro

 

2013-06-19 14:16 - 2013-06-19 14:16 - 37052668 ____A C:\SHEILA-PC_2013.06.19-1348.02_CAC4240C-005E-00E3-00FE-00568B345992_816.zip

 

2013-06-19 14:14 - 2013-06-19 14:14 - 00000000 ____D C:\Users\Sheila\Application Data\InstallShield

 

2013-06-19 14:14 - 2013-06-19 14:14 - 00000000 ____D C:\Users\Sheila\AppData\Roaming\InstallShield

 

2013-06-19 14:14 - 2009-03-11 10:05 - 00083728 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmtdi.sys

 

2013-06-19 11:46 - 2013-06-19 14:14 - 00000000 ____D C:\Program Files\Trend Micro

 

2013-06-19 11:46 - 2013-06-19 11:46 - 00000000 ____D C:\Program Files\WinPcap

 

2013-06-19 04:27 - 2013-06-19 04:28 - 00144592 ____A C:\Windows\Minidump\Mini061913-01.dmp

 

2013-06-19 02:54 - 2013-06-19 11:35 - 00131720 ____A (trend_company_name) C:\Windows\System32\Drivers\tmrkb.sys

 

2013-06-19 02:51 - 2013-06-19 02:51 - 00282252 ____A C:\Users\Sheila\Local Settings\census.cache

 

2013-06-19 02:51 - 2013-06-19 02:51 - 00282252 ____A C:\Users\Sheila\Local Settings\Application Data\census.cache

 

2013-06-19 02:51 - 2013-06-19 02:51 - 00282252 ____A C:\Users\Sheila\AppData\Local\census.cache

 

2013-06-19 02:50 - 2013-06-19 02:50 - 00209826 ____A C:\Users\Sheila\Local Settings\ars.cache

 

2013-06-19 02:50 - 2013-06-19 02:50 - 00209826 ____A C:\Users\Sheila\Local Settings\Application Data\ars.cache

 

2013-06-19 02:50 - 2013-06-19 02:50 - 00209826 ____A C:\Users\Sheila\AppData\Local\ars.cache

 

2013-06-19 02:36 - 2013-06-25 15:27 - 00000000 ____D C:\Users\Sheila\Desktop\New Folder (4)

 

2013-06-19 02:33 - 2013-06-19 02:33 - 00000036 ____A C:\Users\Sheila\Local Settings\housecall.guid.cache

 

2013-06-19 02:33 - 2013-06-19 02:33 - 00000036 ____A C:\Users\Sheila\Local Settings\Application Data\housecall.guid.cache

 

2013-06-19 02:33 - 2013-06-19 02:33 - 00000036 ____A C:\Users\Sheila\AppData\Local\housecall.guid.cache

 

2013-06-18 22:51 - 2013-06-18 22:51 - 00000291 ____A C:\Users\Sheila\Desktop\RootkitRemover20130619005127.txt

 

2013-06-16 14:35 - 2013-06-22 00:27 - 00000350 ___RH C:\Users\Sheila\Desktop\GetSusp.opt

 

2013-06-16 14:12 - 2013-06-16 14:12 - 00075250 ____A C:\Users\Sheila\Desktop\gsusp_DDDB54961E87_061613_161247.zip

 

2013-06-16 14:10 - 2013-06-16 14:12 - 00001471 ____A C:\Users\Sheila\Desktop\GetSusp.xml

 

2013-06-16 08:34 - 2013-06-19 11:19 - 00000000 ____D C:\Stinger_Quarantine

 

2013-06-16 08:31 - 2013-06-24 04:44 - 00000000 ____D C:\Program Files\stinger

 

2013-06-16 08:12 - 2013-06-19 15:07 - 00000000 ____D C:\Users\Sheila\Desktop\New Folder (3)

 

2013-06-16 07:56 - 2013-06-24 13:57 - 245670060 ____A C:\Windows\MEMORY.DMP

 

2013-06-16 07:56 - 2013-06-16 07:56 - 00144592 ____A C:\Windows\Minidump\Mini061613-01.dmp

 

2013-06-16 04:58 - 2013-06-16 04:58 - 00000000 ____D C:\Users\Sheila\Desktop\showin

 

2013-06-16 04:27 - 2013-07-16 11:24 - 00000000 ____D C:\Users\Sheila\Desktop\jdk-7u6-linux-arm-sfp.tar[1]

 

2013-06-16 04:27 - 2013-07-16 10:42 - 00115889 ____A C:\Users\Sheila\Desktop\ND-1008.zip

 

2013-06-16 04:27 - 2013-07-16 10:40 - 11294110 ____A C:\Users\Sheila\Desktop\stinger32-epo.zip

 

2013-06-16 04:27 - 2013-07-16 10:38 - 01517752 ____A (McAfee Inc.) C:\Users\Sheila\Desktop\getsusp.exe

 

2013-06-16 04:27 - 2013-07-16 10:38 - 00551408 ____A (McAfee, Inc.) C:\Users\Sheila\Desktop\rootkitremover.exe

 

2013-06-16 04:27 - 2013-07-16 10:34 - 00009110 ____A C:\Users\Sheila\Desktop\showin.zip

 

2013-06-16 04:27 - 2011-12-04 05:32 - 02348032 ____A (AVG Technologies) C:\Users\Sheila\Desktop\avg_isct_stb_all_2012_1873.exe

 

2013-06-13 00:08 - 2013-06-20 04:54 - 00000000 ____D C:\Users\Sheila\Desktop\soapy

 

2013-06-12 04:03 - 2013-06-16 14:56 - 00000000 ____D C:\Windows\pss

 

2013-06-12 01:05 - 2013-05-16 15:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

 

2013-06-12 01:05 - 2013-05-16 14:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

 

2013-06-12 01:05 - 2013-05-16 14:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

 

2013-06-12 01:05 - 2013-05-16 14:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

 

2013-06-12 01:05 - 2013-05-16 14:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

 

2013-06-12 01:05 - 2013-05-16 14:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

 

2013-06-12 01:05 - 2013-05-16 14:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

 

2013-06-12 01:05 - 2013-05-16 14:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

 

2013-06-12 01:05 - 2013-05-16 14:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

 

2013-06-12 01:05 - 2013-05-16 14:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

 

2013-06-12 01:05 - 2013-05-16 14:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

 

2013-06-12 01:05 - 2013-05-16 14:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

 

2013-06-12 01:05 - 2013-05-16 14:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

 

2013-06-12 01:05 - 2013-05-16 14:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

 

2013-06-12 01:05 - 2013-05-16 14:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

 

2013-06-12 01:05 - 2013-05-16 14:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

 

2013-06-11 19:50 - 2013-05-07 20:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

 

2013-06-11 19:50 - 2013-05-01 20:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

 

2013-06-11 19:50 - 2013-05-01 20:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll

 

2013-06-11 19:50 - 2013-04-23 20:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

 

2013-06-11 19:50 - 2013-04-23 20:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

 

2013-06-11 19:50 - 2013-04-23 20:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

 

2013-06-11 19:50 - 2013-04-23 20:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll

 

2013-06-11 19:50 - 2013-04-23 17:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe

 

2013-06-11 19:49 - 2013-05-02 14:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe

 

2013-06-11 19:49 - 2013-05-02 14:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

 

2013-06-11 19:49 - 2013-04-17 04:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

 

2013-06-11 11:28 - 2013-06-11 11:28 - 00000000 ____D C:\ProgramData\Citrix

 

2013-06-11 11:28 - 2013-06-11 11:28 - 00000000 ____D C:\ProgramData\Application Data\Citrix

 

2013-06-11 11:24 - 2013-06-11 11:24 - 00000000 ____D C:\Users\Sheila\Local Settings\Citrix

 

2013-06-11 11:24 - 2013-06-11 11:24 - 00000000 ____D C:\Users\Sheila\Local Settings\Application Data\Citrix

 

2013-06-11 11:24 - 2013-06-11 11:24 - 00000000 ____D C:\Users\Sheila\AppData\Local\Citrix

 

2013-06-11 11:24 - 2013-06-11 11:24 - 00000000 ____D C:\Program Files\Citrix

 

2013-06-11 11:23 - 2013-06-11 11:23 - 00103832 ____A C:\Users\Sheila\GoToAssistDownloadHelper.exe

 

2013-06-11 11:23 - 2013-06-11 11:23 - 00000000 ____D C:\Users\Sheila\Local Settings\Deployment

 

2013-06-11 11:23 - 2013-06-11 11:23 - 00000000 ____D C:\Users\Sheila\Local Settings\Application Data\Deployment

 

2013-06-11 11:23 - 2013-06-11 11:23 - 00000000 ____D C:\Users\Sheila\AppData\Local\Deployment

 

2013-06-11 11:23 - 2013-06-11 11:23 - 00000000 ____D C:\Users\Sheila\AppData\Local\Apps\2.0

 

2013-06-07 01:10 - 2013-06-07 01:10 - 00000000 ____D C:\Users\Sheila\My Documents\Judy

 

2013-06-07 01:10 - 2013-06-07 01:10 - 00000000 ____D C:\Users\Sheila\Documents\Judy

 

2013-05-31 05:35 - 2013-05-31 05:36 - 00244529 ____A C:\Users\Sheila\Desktop\collage1

 

2013-05-30 23:08 - 2013-05-30 23:08 - 00000000 ____D C:\Users\Sheila\Desktop\Janna's dog

 

 

==================== One Month Modified Files and Folders ========

 

 

2013-07-24 19:57 - 2013-06-24 14:10 - 00368554 ____A C:\Users\Sheila\Desktop\gmer.zip

 

2013-07-16 11:24 - 2013-06-16 04:27 - 00000000 ____D C:\Users\Sheila\Desktop\jdk-7u6-linux-arm-sfp.tar[1]

 

2013-07-16 10:42 - 2013-06-16 04:27 - 00115889 ____A C:\Users\Sheila\Desktop\ND-1008.zip

 

2013-07-16 10:40 - 2013-06-16 04:27 - 11294110 ____A C:\Users\Sheila\Desktop\stinger32-epo.zip

 

2013-07-16 10:38 - 2013-06-16 04:27 - 01517752 ____A (McAfee Inc.) C:\Users\Sheila\Desktop\getsusp.exe

 

2013-07-16 10:38 - 2013-06-16 04:27 - 00551408 ____A (McAfee, Inc.) C:\Users\Sheila\Desktop\rootkitremover.exe

 

2013-07-16 10:34 - 2013-06-16 04:27 - 00009110 ____A C:\Users\Sheila\Desktop\showin.zip

 

2013-06-28 06:42 - 2013-06-28 06:42 - 00000000 ____D C:\FRST

 

2013-06-28 04:36 - 2012-10-01 20:42 - 01759942 ____A C:\Windows\WindowsUpdate.log

 

2013-06-28 04:36 - 2006-11-02 05:01 - 00032530 ____A C:\Windows\Tasks\SCHEDLGU.TXT

 

2013-06-28 04:36 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

 

2013-06-28 04:36 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

 

2013-06-28 04:36 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

 

2013-06-28 04:34 - 2012-10-08 04:11 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

 

2013-06-28 04:34 - 2006-11-02 02:33 - 00703388 ____A C:\Windows\System32\PerfStringBackup.INI

 

2013-06-28 04:32 - 2013-06-20 03:14 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

 

2013-06-28 03:39 - 2013-06-28 03:15 - 00000000 ____D C:\Users\Sheila\Desktop\mbar

 

2013-06-28 03:39 - 2013-06-28 02:05 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

 

2013-06-28 03:39 - 2013-06-28 02:05 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes' Anti-Malware (portable)

 

2013-06-28 03:07 - 2012-12-06 02:58 - 00000000 ____D C:\Program Files\McAfee

 

2013-06-28 03:07 - 2012-10-08 04:11 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

 

2013-06-28 03:07 - 2012-10-07 08:27 - 00088870 ____A C:\Windows\PFRO.log

 

2013-06-28 02:58 - 2012-10-12 12:33 - 00000000 ____D C:\Users\Sheila\Local Settings\Windows Live

 

2013-06-28 02:58 - 2012-10-12 12:33 - 00000000 ____D C:\Users\Sheila\Local Settings\Application Data\Windows Live

 

2013-06-28 02:58 - 2012-10-12 12:33 - 00000000 ____D C:\Users\Sheila\AppData\Local\Windows Live

 

2013-06-28 02:03 - 2013-06-28 02:03 - 00000000 ____D C:\ProgramData\Malwarebytes

 

2013-06-28 02:03 - 2013-06-28 02:03 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes

 

2013-06-26 12:34 - 2012-10-07 01:06 - 00031744 ____A C:\Users\Sheila\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

2013-06-26 12:34 - 2012-10-07 01:06 - 00031744 ____A C:\Users\Sheila\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

2013-06-26 12:34 - 2012-10-07 01:06 - 00031744 ____A C:\Users\Sheila\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

2013-06-26 02:02 - 2012-10-08 00:55 - 00000000 ____D C:\Users\Sheila\Application Data\HpUpdate

 

2013-06-26 02:02 - 2012-10-08 00:55 - 00000000 ____D C:\Users\Sheila\AppData\Roaming\HpUpdate

 

2013-06-25 15:27 - 2013-06-19 02:36 - 00000000 ____D C:\Users\Sheila\Desktop\New Folder (4)

 

2013-06-24 14:54 - 2013-06-24 14:19 - 00000624 ____A C:\Users\Sheila\Desktop\ark.txt

 

2013-06-24 14:26 - 2013-06-24 13:55 - 00000000 ____D C:\Users\Sheila\Local Settings\CrashDumps

 

2013-06-24 14:26 - 2013-06-24 13:55 - 00000000 ____D C:\Users\Sheila\Local Settings\Application Data\CrashDumps

 

2013-06-24 14:26 - 2013-06-24 13:55 - 00000000 ____D C:\Users\Sheila\AppData\Local\CrashDumps

 

2013-06-24 14:10 - 2013-06-24 14:10 - 00000000 ____D C:\Users\Sheila\Desktop\gmer

 

2013-06-24 13:57 - 2013-06-24 13:57 - 00144592 ____A C:\Windows\Minidump\Mini062413-01.dmp

 

2013-06-24 13:57 - 2013-06-16 07:56 - 245670060 ____A C:\Windows\MEMORY.DMP

 

2013-06-24 13:57 - 2013-03-23 11:19 - 00000000 ____D C:\Windows\Minidump

 

2013-06-24 13:50 - 2013-06-24 13:50 - 00022733 ____A C:\Users\Sheila\Desktop\attach.txt

 

2013-06-24 13:50 - 2013-06-24 13:50 - 00014510 ____A C:\Users\Sheila\Desktop\dds.txt

 

2013-06-24 04:44 - 2013-06-16 08:31 - 00000000 ____D C:\Program Files\stinger

 

2013-06-24 03:00 - 2013-01-22 16:48 - 00000000 ____D C:\Program Files\McAfee Security Scan

 

2013-06-24 02:03 - 2013-06-24 02:55 - 03992792 ____A C:\Users\Sheila\Desktop\McAfee_TechCheck.exe

 

2013-06-24 01:42 - 2013-06-23 21:12 - 00669304 ____A C:\Users\Sheila\Desktop\kremove.exe

 

2013-06-23 17:16 - 2013-06-23 17:16 - 00000291 ____A C:\Users\Sheila\Desktop\RootkitRemover20130623191630.txt

 

2013-06-23 17:15 - 2013-06-23 17:15 - 00000000 ____D C:\Users\Sheila\Desktop\ND-1008

 

2013-06-23 16:45 - 2013-06-23 16:45 - 00000000 ____D C:\Users\Sheila\recovered

 

2013-06-23 16:45 - 2012-10-01 20:52 - 00000000 ____D C:\users\Sheila

 

2013-06-22 00:27 - 2013-06-16 14:35 - 00000350 ___RH C:\Users\Sheila\Desktop\GetSusp.opt

 

2013-06-20 04:54 - 2013-06-13 00:08 - 00000000 ____D C:\Users\Sheila\Desktop\soapy

 

2013-06-20 03:14 - 2013-06-20 03:14 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

 

2013-06-20 03:14 - 2013-06-20 03:14 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

 

2013-06-20 02:14 - 2013-06-20 02:14 - 03316528 ____A C:\SHEILA-PC_2013.06.20-0408.46_CAC4240C-005E-00E3-00FE-00568B345992_1626.zip

 

2013-06-19 22:20 - 2012-10-01 20:56 - 00000000 ____D C:\Users\Sheila\Local Settings\VirtualStore

 

2013-06-19 22:20 - 2012-10-01 20:56 - 00000000 ____D C:\Users\Sheila\Local Settings\Application Data\VirtualStore

 

2013-06-19 22:20 - 2012-10-01 20:56 - 00000000 ____D C:\Users\Sheila\AppData\Local\VirtualStore

 

2013-06-19 19:49 - 2013-06-19 19:49 - 00000000 ____D C:\ProgramData\Trend Micro

 

2013-06-19 19:49 - 2013-06-19 19:49 - 00000000 ____D C:\ProgramData\Application Data\Trend Micro

 

2013-06-19 19:39 - 2012-12-11 22:00 - 00262144 ____A C:\Windows\System32\config\ELAM

 

2013-06-19 15:20 - 2012-12-11 18:47 - 00000000 ___HD C:\Users\Sheila\Desktop\New

 

2013-06-19 15:07 - 2013-06-16 08:12 - 00000000 ____D C:\Users\Sheila\Desktop\New Folder (3)

 

2013-06-19 15:04 - 2012-10-07 00:37 - 00001356 ____A C:\Users\Sheila\Local Settings\d3d9caps.dat

 

2013-06-19 15:04 - 2012-10-07 00:37 - 00001356 ____A C:\Users\Sheila\Local Settings\Application Data\d3d9caps.dat

 

2013-06-19 15:04 - 2012-10-07 00:37 - 00001356 ____A C:\Users\Sheila\AppData\Local\d3d9caps.dat

 

2013-06-19 14:16 - 2013-06-19 14:16 - 37052668 ____A C:\SHEILA-PC_2013.06.19-1348.02_CAC4240C-005E-00E3-00FE-00568B345992_816.zip

 

2013-06-19 14:14 - 2013-06-19 14:14 - 00000000 ____D C:\Users\Sheila\Application Data\InstallShield

 

2013-06-19 14:14 - 2013-06-19 14:14 - 00000000 ____D C:\Users\Sheila\AppData\Roaming\InstallShield

 

2013-06-19 14:14 - 2013-06-19 11:46 - 00000000 ____D C:\Program Files\Trend Micro

 

2013-06-19 14:14 - 2007-11-14 16:51 - 00000000 ___HD C:\Program Files\InstallShield Installation Information

 

2013-06-19 11:46 - 2013-06-19 11:46 - 00000000 ____D C:\Program Files\WinPcap

 

2013-06-19 11:35 - 2013-06-19 02:54 - 00131720 ____A (trend_company_name) C:\Windows\System32\Drivers\tmrkb.sys

 

2013-06-19 11:19 - 2013-06-16 08:34 - 00000000 ____D C:\Stinger_Quarantine

 

2013-06-19 11:06 - 2012-10-08 04:12 - 00001973 ____A C:\Users\Public\Desktop\Google Chrome.lnk

 

2013-06-19 11:06 - 2012-10-08 04:12 - 00001973 ____A C:\ProgramData\Desktop\Google Chrome.lnk

 

2013-06-19 04:28 - 2013-06-19 04:27 - 00144592 ____A C:\Windows\Minidump\Mini061913-01.dmp

 

2013-06-19 04:27 - 2006-11-02 04:47 - 00334792 ____A C:\Windows\System32\FNTCACHE.DAT

 

2013-06-19 02:51 - 2013-06-19 02:51 - 00282252 ____A C:\Users\Sheila\Local Settings\census.cache

 

2013-06-19 02:51 - 2013-06-19 02:51 - 00282252 ____A C:\Users\Sheila\Local Settings\Application Data\census.cache

 

2013-06-19 02:51 - 2013-06-19 02:51 - 00282252 ____A C:\Users\Sheila\AppData\Local\census.cache

 

2013-06-19 02:50 - 2013-06-19 02:50 - 00209826 ____A C:\Users\Sheila\Local Settings\ars.cache

 

2013-06-19 02:50 - 2013-06-19 02:50 - 00209826 ____A C:\Users\Sheila\Local Settings\Application Data\ars.cache

 

2013-06-19 02:50 - 2013-06-19 02:50 - 00209826 ____A C:\Users\Sheila\AppData\Local\ars.cache

 

2013-06-19 02:33 - 2013-06-19 02:33 - 00000036 ____A C:\Users\Sheila\Local Settings\housecall.guid.cache

 

2013-06-19 02:33 - 2013-06-19 02:33 - 00000036 ____A C:\Users\Sheila\Local Settings\Application Data\housecall.guid.cache

 

2013-06-19 02:33 - 2013-06-19 02:33 - 00000036 ____A C:\Users\Sheila\AppData\Local\housecall.guid.cache

 

2013-06-18 22:51 - 2013-06-18 22:51 - 00000291 ____A C:\Users\Sheila\Desktop\RootkitRemover20130619005127.txt

 

2013-06-17 13:49 - 2013-01-22 16:49 - 00000000 ____D C:\ProgramData\McAfee Security Scan

 

2013-06-17 13:49 - 2013-01-22 16:49 - 00000000 ____D C:\ProgramData\Application Data\McAfee Security Scan

 

2013-06-17 13:49 - 2012-10-11 10:06 - 00000000 ____D C:\Windows\System32\EventProviders

 

2013-06-17 13:49 - 2007-11-14 17:15 - 00000000 ____D C:\Windows\SMINST

 

2013-06-17 13:49 - 2007-11-14 16:51 - 00000000 ____D C:\Windows\System32\RTCOM

 

2013-06-17 13:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool

 

2013-06-17 13:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\Msdtc

 

2013-06-17 13:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system

 

2013-06-17 13:49 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\Services

 

2013-06-17 13:48 - 2013-02-28 14:21 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine

 

2013-06-17 13:48 - 2012-10-28 02:43 - 00000000 ____D C:\Program Files\AutoComplete+ Personal

 

2013-06-17 13:48 - 2012-10-25 14:39 - 00000000 ____D C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites

 

2013-06-17 13:48 - 2012-10-25 14:37 - 00000000 ____D C:\Program Files\Common Files\DESIGNER

 

2013-06-17 13:48 - 2012-10-11 01:57 - 00000000 ____D C:\e8a0150cb8bc9f75d5

 

2013-06-17 13:48 - 2012-10-07 00:54 - 00000000 ____D C:\Program Files\Common Files\logishrd

 

2013-06-17 13:48 - 2007-11-14 16:59 - 00000000 ___AD C:\Program Files\Common Files\LightScribe

 

2013-06-17 11:37 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Collaboration

 

2013-06-17 11:37 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Calendar

 

2013-06-17 11:37 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Movie Maker

 

2013-06-17 11:37 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\System

 

2013-06-17 11:31 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\twain_32

 

2013-06-17 11:31 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\restore

 

2013-06-17 11:31 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\ShellNew

 

2013-06-17 11:31 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\tapi

 

2013-06-17 11:31 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ja-JP

 

2013-06-17 11:31 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\fr-FR

 

2013-06-17 11:31 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\de-DE

 

2013-06-17 11:30 - 2013-04-14 03:32 - 00000000 ____D C:\Users\Sheila\Desktop\BACKUP

 

2013-06-17 11:30 - 2013-03-07 23:47 - 00000000 ____D C:\users\Guest

 

2013-06-17 11:30 - 2013-02-28 14:10 - 00000000 ____D C:\ProgramData\Borland

 

2013-06-17 11:30 - 2013-02-28 14:10 - 00000000 ____D C:\ProgramData\Application Data\Borland

 

2013-06-17 11:30 - 2013-02-26 23:31 - 00000000 ____D C:\Program Files\QuickTime

 

2013-06-17 11:30 - 2012-11-25 03:39 - 00000000 ____D C:\Users\Sheila\Downloads\olympus

 

2013-06-17 11:30 - 2012-11-16 05:02 - 00000000 ____D C:\Users\Sheila\My Documents\MyUltimateOrganizer7

 

2013-06-17 11:30 - 2012-11-16 05:02 - 00000000 ____D C:\Users\Sheila\Documents\MyUltimateOrganizer7

 

2013-06-17 11:30 - 2012-11-01 19:10 - 00000000 ____D C:\ProgramData\McAfee

 

2013-06-17 11:30 - 2012-11-01 19:10 - 00000000 ____D C:\ProgramData\Application Data\McAfee

 

2013-06-17 11:30 - 2012-10-25 14:40 - 00000000 ____D C:\ProgramData\Application Data\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}

 

2013-06-17 11:30 - 2012-10-25 14:40 - 00000000 ____D C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}

 

2013-06-17 11:30 - 2012-10-25 14:34 - 00000000 ____D C:\ProgramData\Microsoft Help

 

2013-06-17 11:30 - 2012-10-25 14:34 - 00000000 ____D C:\ProgramData\Application Data\Microsoft Help

 

2013-06-17 11:30 - 2012-10-15 11:35 - 00000000 ____D C:\ProgramData\HP Product Assistant

 

2013-06-17 11:30 - 2012-10-15 11:35 - 00000000 ____D C:\ProgramData\Application Data\HP Product Assistant

 

2013-06-17 11:30 - 2012-10-15 11:31 - 00000000 ____D C:\Windows\hpoj4500g510g-m

 

2013-06-17 11:30 - 2012-10-12 03:02 - 00000000 __RAD C:\Users\Sheila\My Documents\Medical1

 

2013-06-17 11:30 - 2012-10-12 03:02 - 00000000 __RAD C:\Users\Sheila\Documents\Medical1

 

2013-06-17 11:30 - 2012-10-12 03:02 - 00000000 ___RD C:\Users\Sheila\My Documents\Miscellaneous or hardly used

 

2013-06-17 11:30 - 2012-10-12 03:02 - 00000000 ___RD C:\Users\Sheila\Documents\Miscellaneous or hardly used

 

2013-06-17 11:30 - 2012-10-12 02:45 - 00000000 __RAD C:\Users\Sheila\My Documents\Bank of america foreclosure

 

2013-06-17 11:30 - 2012-10-12 02:45 - 00000000 __RAD C:\Users\Sheila\Documents\Bank of america foreclosure

 

2013-06-17 11:30 - 2012-10-09 18:35 - 00000000 ___RD C:\Users\Sheila\.frostwire5

 

2013-06-17 11:30 - 2007-11-14 17:06 - 00000000 ____D C:\ProgramData\WildTangent

 

2013-06-17 11:30 - 2007-11-14 17:06 - 00000000 ____D C:\ProgramData\Application Data\WildTangent

 

2013-06-17 11:30 - 2007-11-14 17:00 - 00000000 ____D C:\Program Files\Snapfish Picture Mover

 

2013-06-17 11:30 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Sidebar

 

2013-06-17 11:30 - 2006-11-02 03:18 - 00000000 __RSD C:\Windows\Media

 

2013-06-17 11:30 - 2006-11-02 03:18 - 00000000 ___RD C:\Windows\Offline Web Pages

 

2013-06-17 11:30 - 2006-11-02 03:18 - 00000000 ___RD C:\users\Public

 

2013-06-17 11:30 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache

 

2013-06-17 11:30 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET

 

2013-06-17 11:30 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Help

 

2013-06-17 11:29 - 2012-10-07 12:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight

 

2013-06-17 11:29 - 2007-11-14 17:09 - 00000000 ____D C:\Program Files\earthlink totalaccess

 

2013-06-17 11:29 - 2007-11-14 17:06 - 00000000 ____D C:\Program Files\HP Games

 

2013-06-17 11:29 - 2007-11-14 17:02 - 00000000 ____D C:\Program Files\Microsoft Works

 

2013-06-17 11:29 - 2007-11-14 17:01 - 00000000 ____D C:\Program Files\Common Files\Java

 

2013-06-17 11:29 - 2007-11-14 16:59 - 00000000 ____D C:\Program Files\LightScribeTemplateLabeler

 

2013-06-17 11:29 - 2007-11-14 16:53 - 00000000 ____D C:\Program Files\HP

 

2013-06-17 11:24 - 2012-10-11 11:44 - 00000000 ____D C:\Windows\System32\vi-VN

 

2013-06-17 11:24 - 2012-10-11 11:44 - 00000000 ____D C:\Windows\System32\eu-ES

 

2013-06-17 11:24 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\XPSViewer

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\zh-TW

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\zh-HK

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\zh-CN

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\uk-UA

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\tr-TR

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\th-TH

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sv-SE

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sr-Latn-CS

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\SLUI

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sl-SI

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sk-SK

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ru-RU

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ro-RO

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ras

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\pt-PT

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\pt-BR

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\pl-PL

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\nl-NL

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\nb-NO

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\lv-LV

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\lt-LT

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ko-KR

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\it-IT

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\icsxml

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ias

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\hu-HU

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\hr-HR

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\he-IL

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\fi-FI

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\et-EE

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\el-GR

 

2013-06-17 11:23 - 2012-10-11 11:44 - 00000000 ____D C:\Windows\System32\ca-ES

 

2013-06-17 11:23 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\DigitalLocker

 

2013-06-17 11:23 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\com

 

2013-06-17 11:23 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\bg-BG

 

2013-06-17 11:23 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ar-SA

 

2013-06-17 11:23 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\AdvancedInstallers

 

2013-06-17 11:23 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\MSAgent

 

2013-06-17 11:23 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\L2Schemas

 

2013-06-17 11:23 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\IME

 

2013-06-17 11:23 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Cursors

 

2013-06-17 11:22 - 2012-10-12 14:02 - 00000000 ____D C:\Program Files\Windows Portable Devices

 

2013-06-17 11:22 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Photo Gallery

 

2013-06-17 11:22 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Journal

 

2013-06-17 11:22 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Defender

 

2013-06-16 14:56 - 2013-06-12 04:03 - 00000000 ____D C:\Windows\pss

 

2013-06-16 14:44 - 2007-11-14 16:53 - 00002169 ____A C:\ProgramData\hpzinstall.log

 

2013-06-16 14:44 - 2007-11-14 16:53 - 00002169 ____A C:\ProgramData\Application Data\hpzinstall.log

 

2013-06-16 14:12 - 2013-06-16 14:12 - 00075250 ____A C:\Users\Sheila\Desktop\gsusp_DDDB54961E87_061613_161247.zip

 

2013-06-16 14:12 - 2013-06-16 14:10 - 00001471 ____A C:\Users\Sheila\Desktop\GetSusp.xml

 

2013-06-16 07:56 - 2013-06-16 07:56 - 00144592 ____A C:\Windows\Minidump\Mini061613-01.dmp

 

2013-06-16 04:58 - 2013-06-16 04:58 - 00000000 ____D C:\Users\Sheila\Desktop\showin

 

2013-06-12 01:02 - 2006-11-02 02:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

 

2013-06-11 11:28 - 2013-06-11 11:28 - 00000000 ____D C:\ProgramData\Citrix

 

2013-06-11 11:28 - 2013-06-11 11:28 - 00000000 ____D C:\ProgramData\Application Data\Citrix

 

2013-06-11 11:24 - 2013-06-11 11:24 - 00000000 ____D C:\Users\Sheila\Local Settings\Citrix

 

2013-06-11 11:24 - 2013-06-11 11:24 - 00000000 ____D C:\Users\Sheila\Local Settings\Application Data\Citrix

 

2013-06-11 11:24 - 2013-06-11 11:24 - 00000000 ____D C:\Users\Sheila\AppData\Local\Citrix

 

2013-06-11 11:24 - 2013-06-11 11:24 - 00000000 ____D C:\Program Files\Citrix

 

2013-06-11 11:23 - 2013-06-11 11:23 - 00103832 ____A C:\Users\Sheila\GoToAssistDownloadHelper.exe

 

2013-06-11 11:23 - 2013-06-11 11:23 - 00000000 ____D C:\Users\Sheila\Local Settings\Deployment

 

2013-06-11 11:23 - 2013-06-11 11:23 - 00000000 ____D C:\Users\Sheila\Local Settings\Application Data\Deployment

 

2013-06-11 11:23 - 2013-06-11 11:23 - 00000000 ____D C:\Users\Sheila\AppData\Local\Deployment

 

2013-06-11 11:23 - 2013-06-11 11:23 - 00000000 ____D C:\Users\Sheila\AppData\Local\Apps\2.0

 

2013-06-07 01:10 - 2013-06-07 01:10 - 00000000 ____D C:\Users\Sheila\My Documents\Judy

 

2013-06-07 01:10 - 2013-06-07 01:10 - 00000000 ____D C:\Users\Sheila\Documents\Judy

 

2013-06-06 19:58 - 2012-10-12 02:46 - 00000000 ____D C:\Users\Sheila\My Documents\dog poison

 

2013-06-06 19:58 - 2012-10-12 02:46 - 00000000 ____D C:\Users\Sheila\Documents\dog poison

 

2013-06-03 20:08 - 2012-10-12 02:46 - 00000000 ____D C:\Users\Sheila\My Documents\Geneology

 

2013-06-03 20:08 - 2012-10-12 02:46 - 00000000 ____D C:\Users\Sheila\Documents\Geneology

 

2013-06-02 11:47 - 2012-10-28 01:33 - 00000375 ____A C:\Windows\System32\Drivers\etc\hosts.ics

 

2013-05-31 05:36 - 2013-05-31 05:35 - 00244529 ____A C:\Users\Sheila\Desktop\collage1

 

2013-05-30 23:08 - 2013-05-30 23:08 - 00000000 ____D C:\Users\Sheila\Desktop\Janna's dog

 

 

Files to move or delete:

 

====================

 

C:\Users\Sheila\GoToAssistDownloadHelper.exe

 

 

==================== Known DLLs (Whitelisted) ============

 

 

 

==================== Bamital & volsnap Check =================

 

 

C:\Windows\explorer.exe => MD5 is legit

 

C:\Windows\System32\winlogon.exe => MD5 is legit

 

C:\Windows\System32\wininit.exe => MD5 is legit

 

C:\Windows\System32\svchost.exe => MD5 is legit

 

C:\Windows\System32\services.exe => MD5 is legit

 

C:\Windows\System32\User32.dll => MD5 is legit

 

C:\Windows\System32\userinit.exe => MD5 is legit

 

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

 

 

==================== EXE ASSOCIATION =====================

 

 

HKLM\...\.exe: exefile => OK

 

HKLM\...\exefile\DefaultIcon: %1 => OK

 

HKLM\...\exefile\open\command: "%1" %* => OK

 

 

==================== Restore Points  =========================

 

 

Restore point made on: 2013-05-29 16:00:58

 

Restore point made on: 2013-05-31 00:51:02

 

Restore point made on: 2013-06-02 05:51:14

 

Restore point made on: 2013-06-11 23:38:19

 

Restore point made on: 2013-06-11 23:38:59

 

Restore point made on: 2013-06-11 23:39:36

 

Restore point made on: 2013-06-11 23:44:37

 

Restore point made on: 2013-06-12 01:00:40

 

Restore point made on: 2013-06-12 02:03:08

 

Restore point made on: 2013-06-13 00:07:41

 

Restore point made on: 2013-06-16 03:36:35

 

 

==================== BCD ================================

 

 

Windows Boot Manager

 

--------------------

 

identifier              {bootmgr}

 

device                  partition=C:

 

description             Windows Boot Manager

 

locale                  en-US

 

inherit                 {globalsettings}

 

default                 {default}

 

resumeobject            {a62dc940-930f-11dc-8801-001d6052e15d}

 

displayorder            {default}

 

toolsdisplayorder       {memdiag}

 

timeout                 30

 

 

Windows Boot Loader

 

-------------------

 

identifier              {current}

 

device                  ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}

 

path                    \windows\system32\boot\winload.exe

 

description             HP Recovery Manager

 

osdevice                ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}

 

systemroot              \windows

 

nx                      OptIn

 

detecthal               Yes

 

winpe                   Yes

 

 

Windows Boot Loader

 

-------------------

 

identifier              {default}

 

device                  partition=C:

 

path                    \Windows\system32\winload.exe

 

description             Microsoft Windows Vista

 

locale                  en-US

 

inherit                 {bootloadersettings}

 

recoverysequence        {current}

 

recoveryenabled         Yes

 

osdevice                partition=C:

 

systemroot              \Windows

 

resumeobject            {a62dc940-930f-11dc-8801-001d6052e15d}

 

nx                      OptIn

 

 

Resume from Hibernate

 

---------------------

 

identifier              {a62dc940-930f-11dc-8801-001d6052e15d}

 

device                  partition=C:

 

path                    \Windows\system32\winresume.exe

 

description             Windows Resume Application

 

locale                  en-US

 

inherit                 {resumeloadersettings}

 

filedevice              partition=C:

 

filepath                \hiberfil.sys

 

pae                     Yes

 

debugoptionenabled      No

 

 

Windows Memory Tester

 

---------------------

 

identifier              {memdiag}

 

device                  partition=C:

 

path                    \boot\memtest.exe

 

description             Windows Memory Diagnostic

 

locale                  en-US

 

inherit                 {globalsettings}

 

badmemoryaccess         Yes

 

 

Windows Legacy OS Loader

 

------------------------

 

identifier              {ntldr}

 

device                  partition=C:

 

path                    \ntldr

 

description             Earlier Version of Windows

 

 

EMS Settings

 

------------

 

identifier              {emssettings}

 

bootems                 Yes

 

 

Debugger Settings

 

-----------------

 

identifier              {dbgsettings}

 

debugtype               Serial

 

debugport               1

 

baudrate                115200

 

 

RAM Defects

 

-----------

 

identifier              {badmemory}

 

 

Global Settings

 

---------------

 

identifier              {globalsettings}

 

inherit                 {dbgsettings}

 

                        {emssettings}

 

                        {badmemory}

 

 

Boot Loader Settings

 

--------------------

 

identifier              {bootloadersettings}

 

inherit                 {globalsettings}

 

 

Resume Loader Settings

 

----------------------

 

identifier              {resumeloadersettings}

 

inherit                 {globalsettings}

 

 

Device options

 

--------------

 

identifier              {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}

 

description             Ramdisk Device Options

 

ramdisksdidevice        partition=D:

 

ramdisksdipath          \boot\boot.sdi

 

 

Setup Ramdisk Options

 

---------------------

 

identifier              {ramdiskoptions}

 

description             RAM Disk Settings

 

ramdisksdidevice        partition=D:

 

ramdisksdipath          \boot\boot.sdi

 

 

 

==================== Memory info ===========================

 

 

Percentage of memory in use: 24%

 

Total physical RAM: 1917.94 MB

 

Available physical RAM: 1441.33 MB

 

Total Pagefile: 1658.25 MB

 

Available Pagefile: 1507.81 MB

 

Total Virtual: 2047.88 MB

 

Available Virtual: 1972.3 MB

 

 

==================== Drives ================================

 

 

Drive c: (HP) (Fixed) (Total:456.23 GB) (Free:352.48 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

 

Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.52 GB) (Free:1.29 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

Drive e: (Jul 24 2013) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS

 

Drive f: (SHEILA CARD) (Removable) (Total:1.85 GB) (Free:1.85 GB) FAT

 

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

 

 

==================== MBR & Partition Table ==================

 

 

========================================================

 

Disk: 0 (Size: 466 GB) (Disk ID: 1549F232)

 

Partition 1: (Active) - (Size=456 GB) - (Type=07 NTFS)

 

Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

 

 

========================================================

 

Disk: 1 (Size: 2 GB) (Disk ID: 00000000)

 

Partition 1: (Active) - (Size=2 GB) - (Type=06)

 

 

 

LastRegBack: 2013-06-28 03:20

 

 

==================== End Of Log ============================

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-06-2013

 

Ran by SYSTEM on 28-06-2013 18:06:52

 

Running from F:\

 

Windows Vista Home Premium (X86) OS Language: English(US)

 

Internet Explorer Version 9

 

Boot Mode: Recovery

 

 

The current controlset is ControlSet001

 

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

 

 

==================== Registry (Whitelisted) ==================

 

 

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]

 

HKLM\...\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [118784 2007-02-15] (OsdMaestro)

 

HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2008-05-22] (NVIDIA Corporation)

 

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13539872 2008-05-22] (NVIDIA Corporation)

 

HKLM\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1278064 2013-03-13] (McAfee, Inc.)

 

HKLM\...\Run: [KBD] C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()

 

HKLM\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)

 

HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

 

HKLM\...\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [x]

 

HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1851192 2012-11-04] (Logitech, Inc.)

 

HKLM\...\Run: [bingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe /fromkey [2249352 2013-06-05] (Microsoft Corp.)

 

HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40048 2007-05-11] (Adobe Systems Incorporated)

 

HKLM\...\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe [1103184 2010-12-17] (Trend Micro Inc.)

 

HKLM\...\Run: [TMWebProtectTray] "C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe" [288272 2011-03-16] (Trend Micro Inc.)

 

HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [ 2007-10-03] (Hewlett-Packard)

 

HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [ 2007-10-03] (Hewlett-Packard)

 

HKU\Guest\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [ 2007-10-03] (Hewlett-Packard)

 

HKU\Sheila\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]

 

HKU\Sheila\...\Run: [spotify Web Helper] "C:\Users\Sheila\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [x]

 

HKU\Sheila\...\Run: [spotify] "C:\Users\Sheila\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [x]

 

HKU\Sheila\...\Run: [GoogleChromeAutoLaunch_D9729E38D89CCACF7B8147D4144220E0] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window [ 2013-06-14] (Google Inc.)

 

HKU\Sheila\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-18] (Microsoft Corporation)

 

Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

 

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

 

 

========================== Services (Whitelisted) =================

 

 

S4 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-05] (Microsoft Corp.)

 

S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard)

 

S2 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [1027792 2012-07-26] (iolo technologies, LLC)

 

S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)

 

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)

 

S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)

 

S2 mcmscsvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)

 

S2 McNaiAnn; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)

 

S2 McNASvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)

 

S2 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-11-16] (McAfee, Inc.)

 

S2 McProxy; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)

 

S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203840 2013-02-19] (McAfee, Inc.)

 

S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-02-19] (McAfee, Inc.)

 

S2 mfevtp; C:\Windows\system32\mfevtps.exe [172416 2013-02-19] (McAfee, Inc.)

 

S2 MSK80Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)

 

S2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()

 

S2 RUBotSrv; C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe [439632 2010-12-17] (Trend Micro Inc.)

 

S2 TmProxy; C:\Program Files\Trend Micro\Web Protection Add-On\TmProxy.exe [685320 2009-03-11] (Trend Micro Inc.)

 

S2 TMWebProtect; C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtect.exe [579088 2011-03-16] (Trend Micro Inc.)

 

S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

 

 

==================== Drivers (Whitelisted) ====================

 

 

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-02-19] (McAfee, Inc.)

 

S3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [19688 2012-09-21] (Logitech Inc.)

 

S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2012-07-26] (EldoS Corporation)

 

S1 FileDisk; C:\Windows\System32\Drivers\FileDisk.sys [9341 2012-07-26] (iolo technologies, LLC (based on original work by Bo Brantén))

 

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [146872 2012-04-20] (McAfee, Inc.)

 

S3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [39608 2012-09-18] (Logitech, Inc.)

 

S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30392 2012-09-18] (Logitech, Inc.)

 

S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133416 2013-02-19] (McAfee, Inc.)

 

S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235264 2013-02-19] (McAfee, Inc.)

 

S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-02-19] (McAfee, Inc.)

 

S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [363080 2013-02-19] (McAfee, Inc.)

 

S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565888 2013-02-19] (McAfee, Inc.)

 

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92632 2013-02-19] (McAfee, Inc.)

 

S1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [210608 2013-02-19] (McAfee, Inc.)

 

S3 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)

 

S2 tmrkb; C:\Windows\System32\DRIVERS\tmrkb.sys [131720 2013-06-19] (trend_company_name)

 

S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [83728 2009-03-11] (Trend Micro Inc.)

 

S3 xcbdaNtsc; C:\Windows\System32\DRIVERS\xcbda.sys [156928 2007-09-07] (ViXS Systems Inc.)

 

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]

 

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

 

S3 mfeavfk01; No ImagePath

 

S3 MFE_RR; \??\C:\Users\Sheila\AppData\Local\Temp\mfe_rr.sys [x]

 

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

 

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

 

 

==================== NetSvcs (Whitelisted) ===================

 

 

 

==================== One Month Created Files and Folders ========

 

 

2013-06-28 06:42 - 2013-06-28 06:42 - 00000000 ____D C:\FRST

 

2013-06-28 03:15 - 2013-06-28 03:39 - 00000000 ____D C:\Users\Sheila\Desktop\mbar

 

2013-06-28 02:05 - 2013-06-28 03:39 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

 

2013-06-28 02:05 - 2013-06-28 03:39 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes' Anti-Malware (portable)

 

2013-06-28 02:03 - 2013-06-28 02:03 - 00000000 ____D C:\ProgramData\Malwarebytes

 

2013-06-28 02:03 - 2013-06-28 02:03 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes

 

2013-06-24 14:19 - 2013-06-24 14:54 - 00000624 ____A C:\Users\Sheila\Desktop\ark.txt

 

2013-06-24 14:10 - 2013-07-24 19:57 - 00368554 ____A C:\Users\Sheila\Desktop\gmer.zip

 

2013-06-24 14:10 - 2013-06-24 14:10 - 00000000 ____D C:\Users\Sheila\Desktop\gmer

 

2013-06-24 13:57 - 2013-06-24 13:57 - 00144592 ____A C:\Windows\Minidump\Mini062413-01.dmp

 

2013-06-24 13:55 - 2013-06-24 14:26 - 00000000 ____D C:\Users\Sheila\Local Settings\CrashDumps

 

2013-06-24 13:55 - 2013-06-24 14:26 - 00000000 ____D C:\Users\Sheila\Local Settings\Application Data\CrashDumps

 

2013-06-24 13:55 - 2013-06-24 14:26 - 00000000 ____D C:\Users\Sheila\AppData\Local\CrashDumps

 

2013-06-24 13:50 - 2013-06-24 13:50 - 00022733 ____A C:\Users\Sheila\Desktop\attach.txt

 

2013-06-24 13:50 - 2013-06-24 13:50 - 00014510 ____A C:\Users\Sheila\Desktop\dds.txt

 

2013-06-24 02:55 - 2013-06-24 02:03 - 03992792 ____A C:\Users\Sheila\Desktop\McAfee_TechCheck.exe

 

2013-06-23 21:12 - 2013-06-24 01:42 - 00669304 ____A C:\Users\Sheila\Desktop\kremove.exe

 

2013-06-23 17:16 - 2013-06-23 17:16 - 00000291 ____A C:\Users\Sheila\Desktop\RootkitRemover20130623191630.txt

 

2013-06-23 17:15 - 2013-06-23 17:15 - 00000000 ____D C:\Users\Sheila\Desktop\ND-1008

 

2013-06-23 16:45 - 2013-06-23 16:45 - 00000000 ____D C:\Users\Sheila\recovered

 

2013-06-20 03:14 - 2013-06-28 15:29 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

 

2013-06-20 03:14 - 2013-06-20 03:14 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

 

2013-06-20 03:14 - 2013-06-20 03:14 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

 

2013-06-20 02:14 - 2013-06-20 02:14 - 03316528 ____A C:\SHEILA-PC_2013.06.20-0408.46_CAC4240C-005E-00E3-00FE-00568B345992_1626.zip

 

2013-06-19 19:49 - 2013-06-19 19:49 - 00000000 ____D C:\ProgramData\Trend Micro

 

2013-06-19 19:49 - 2013-06-19 19:49 - 00000000 ____D C:\ProgramData\Application Data\Trend Micro

 

2013-06-19 14:16 - 2013-06-19 14:16 - 37052668 ____A C:\SHEILA-PC_2013.06.19-1348.02_CAC4240C-005E-00E3-00FE-00568B345992_816.zip

 

2013-06-19 14:14 - 2013-06-19 14:14 - 00000000 ____D C:\Users\Sheila\Application Data\InstallShield

 

2013-06-19 14:14 - 2013-06-19 14:14 - 00000000 ____D C:\Users\Sheila\AppData\Roaming\InstallShield

 

2013-06-19 14:14 - 2009-03-11 10:05 - 00083728 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmtdi.sys

 

2013-06-19 11:46 - 2013-06-19 14:14 - 00000000 ____D C:\Program Files\Trend Micro

 

2013-06-19 11:46 - 2013-06-19 11:46 - 00000000 ____D C:\Program Files\WinPcap

 

2013-06-19 04:27 - 2013-06-19 04:28 - 00144592 ____A C:\Windows\Minidump\Mini061913-01.dmp

 

2013-06-19 02:54 - 2013-06-19 11:35 - 00131720 ____A (trend_company_name) C:\Windows\System32\Drivers\tmrkb.sys

 

2013-06-19 02:51 - 2013-06-19 02:51 - 00282252 ____A C:\Users\Sheila\Local Settings\census.cache

 

2013-06-19 02:51 - 2013-06-19 02:51 - 00282252 ____A C:\Users\Sheila\Local Settings\Application Data\census.cache

 

2013-06-19 02:51 - 2013-06-19 02:51 - 00282252 ____A C:\Users\Sheila\AppData\Local\census.cache

 

2013-06-19 02:50 - 2013-06-19 02:50 - 00209826 ____A C:\Users\Sheila\Local Settings\ars.cache

 

2013-06-19 02:50 - 2013-06-19 02:50 - 00209826 ____A C:\Users\Sheila\Local Settings\Application Data\ars.cache

 

2013-06-19 02:50 - 2013-06-19 02:50 - 00209826 ____A C:\Users\Sheila\AppData\Local\ars.cache

 

2013-06-19 02:36 - 2013-06-25 15:27 - 00000000 ____D C:\Users\Sheila\Desktop\New Folder (4)

 

2013-06-19 02:33 - 2013-06-19 02:33 - 00000036 ____A C:\Users\Sheila\Local Settings\housecall.guid.cache

 

2013-06-19 02:33 - 2013-06-19 02:33 - 00000036 ____A C:\Users\Sheila\Local Settings\Application Data\housecall.guid.cache

 

2013-06-19 02:33 - 2013-06-19 02:33 - 00000036 ____A C:\Users\Sheila\AppData\Local\housecall.guid.cache

 

2013-06-18 22:51 - 2013-06-18 22:51 - 00000291 ____A C:\Users\Sheila\Desktop\RootkitRemover20130619005127.txt

 

2013-06-16 14:35 - 2013-06-22 00:27 - 00000350 ___RH C:\Users\Sheila\Desktop\GetSusp.opt

 

2013-06-16 14:12 - 2013-06-16 14:12 - 00075250 ____A C:\Users\Sheila\Desktop\gsusp_DDDB54961E87_061613_161247.zip

 

2013-06-16 14:10 - 2013-06-16 14:12 - 00001471 ____A C:\Users\Sheila\Desktop\GetSusp.xml

 

2013-06-16 08:34 - 2013-06-19 11:19 - 00000000 ____D C:\Stinger_Quarantine

 

2013-06-16 08:31 - 2013-06-24 04:44 - 00000000 ____D C:\Program Files\stinger

 

2013-06-16 08:12 - 2013-06-19 15:07 - 00000000 ____D C:\Users\Sheila\Desktop\New Folder (3)

 

2013-06-16 07:56 - 2013-06-24 13:57 - 245670060 ____A C:\Windows\MEMORY.DMP

 

2013-06-16 07:56 - 2013-06-16 07:56 - 00144592 ____A C:\Windows\Minidump\Mini061613-01.dmp

 

2013-06-16 04:58 - 2013-06-16 04:58 - 00000000 ____D C:\Users\Sheila\Desktop\showin

 

2013-06-16 04:27 - 2013-07-16 11:24 - 00000000 ____D C:\Users\Sheila\Desktop\jdk-7u6-linux-arm-sfp.tar[1]

 

2013-06-16 04:27 - 2013-07-16 10:42 - 00115889 ____A C:\Users\Sheila\Desktop\ND-1008.zip

 

2013-06-16 04:27 - 2013-07-16 10:40 - 11294110 ____A C:\Users\Sheila\Desktop\stinger32-epo.zip

 

2013-06-16 04:27 - 2013-07-16 10:38 - 01517752 ____A (McAfee Inc.) C:\Users\Sheila\Desktop\getsusp.exe

 

2013-06-16 04:27 - 2013-07-16 10:38 - 00551408 ____A (McAfee, Inc.) C:\Users\Sheila\Desktop\rootkitremover.exe

 

2013-06-16 04:27 - 2013-07-16 10:34 - 00009110 ____A C:\Users\Sheila\Desktop\showin.zip

 

2013-06-16 04:27 - 2011-12-04 05:32 - 02348032 ____A (AVG Technologies) C:\Users\Sheila\Desktop\avg_isct_stb_all_2012_1873.exe

 

2013-06-13 00:08 - 2013-06-20 04:54 - 00000000 ____D C:\Users\Sheila\Desktop\soapy

 

2013-06-12 04:03 - 2013-06-16 14:56 - 00000000 ____D C:\Windows\pss

 

2013-06-12 01:05 - 2013-05-16 15:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

 

2013-06-12 01:05 - 2013-05-16 14:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

 

2013-06-12 01:05 - 2013-05-16 14:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

 

2013-06-12 01:05 - 2013-05-16 14:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

 

2013-06-12 01:05 - 2013-05-16 14:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

 

2013-06-12 01:05 - 2013-05-16 14:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

 

2013-06-12 01:05 - 2013-05-16 14:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

 

2013-06-12 01:05 - 2013-05-16 14:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

 

2013-06-12 01:05 - 2013-05-16 14:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

 

2013-06-12 01:05 - 2013-05-16 14:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

 

2013-06-12 01:05 - 2013-05-16 14:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

 

2013-06-12 01:05 - 2013-05-16 14:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

 

2013-06-12 01:05 - 2013-05-16 14:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

 

2013-06-12 01:05 - 2013-05-16 14:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

 

2013-06-12 01:05 - 2013-05-16 14:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

 

2013-06-12 01:05 - 2013-05-16 14:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

 

2013-06-11 19:50 - 2013-05-07 20:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

 

2013-06-11 19:50 - 2013-05-01 20:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

 

2013-06-11 19:50 - 2013-05-01 20:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll

 

2013-06-11 19:50 - 2013-04-23 20:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

 

2013-06-11 19:50 - 2013-04-23 20:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

 

2013-06-11 19:50 - 2013-04-23 20:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

 

2013-06-11 19:50 - 2013-04-23 20:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll

 

2013-06-11 19:50 - 2013-04-23 17:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe

 

2013-06-11 19:49 - 2013-05-02 14:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe

 

2013-06-11 19:49 - 2013-05-02 14:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

 

2013-06-11 19:49 - 2013-04-17 04:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

 

2013-06-11 11:28 - 2013-06-11 11:28 - 00000000 ____D C:\ProgramData\Citrix

 

2013-06-11 11:28 - 2013-06-11 11:28 - 00000000 ____D C:\ProgramData\Application Data\Citrix

 

2013-06-11 11:24 - 2013-06-11 11:24 - 00000000 ____D C:\Users\Sheila\Local Settings\Citrix

 

2013-06-11 11:24 - 2013-06-11 11:24 - 00000000 ____D C:\Users\Sheila\Local Settings\Application Data\Citrix

 

2013-06-11 11:24 - 2013-06-11 11:24 - 00000000 ____D C:\Users\Sheila\AppData\Local\Citrix

 

2013-06-11 11:24 - 2013-06-11 11:24 - 00000000 ____D C:\Program Files\Citrix

 

2013-06-11 11:23 - 2013-06-11 11:23 - 00103832 ____A C:\Users\Sheila\GoToAssistDownloadHelper.exe

 

2013-06-11 11:23 - 2013-06-11 11:23 - 00000000 ____D C:\Users\Sheila\Local Settings\Deployment

 

2013-06-11 11:23 - 2013-06-11 11:23 - 00000000 ____D C:\Users\Sheila\Local Settings\Application Data\Deployment

 

2013-06-11 11:23 - 2013-06-11 11:23 - 00000000 ____D C:\Users\Sheila\AppData\Local\Deployment

 

2013-06-11 11:23 - 2013-06-11 11:23 - 00000000 ____D C:\Users\Sheila\AppData\Local\Apps\2.0

 

2013-06-07 01:10 - 2013-06-07 01:10 - 00000000 ____D C:\Users\Sheila\My Documents\Judy

 

2013-06-07 01:10 - 2013-06-07 01:10 - 00000000 ____D C:\Users\Sheila\Documents\Judy

 

2013-05-31 05:35 - 2013-05-31 05:36 - 00244529 ____A C:\Users\Sheila\Desktop\collage1

 

2013-05-30 23:08 - 2013-05-30 23:08 - 00000000 ____D C:\Users\Sheila\Desktop\Janna's dog

 

 

==================== One Month Modified Files and Folders ========

 

 

2013-07-24 19:57 - 2013-06-24 14:10 - 00368554 ____A C:\Users\Sheila\Desktop\gmer.zip

 

2013-07-16 11:24 - 2013-06-16 04:27 - 00000000 ____D C:\Users\Sheila\Desktop\jdk-7u6-linux-arm-sfp.tar[1]

 

2013-07-16 10:42 - 2013-06-16 04:27 - 00115889 ____A C:\Users\Sheila\Desktop\ND-1008.zip

 

2013-07-16 10:40 - 2013-06-16 04:27 - 11294110 ____A C:\Users\Sheila\Desktop\stinger32-epo.zip

 

2013-07-16 10:38 - 2013-06-16 04:27 - 01517752 ____A (McAfee Inc.) C:\Users\Sheila\Desktop\getsusp.exe

 

2013-07-16 10:38 - 2013-06-16 04:27 - 00551408 ____A (McAfee, Inc.) C:\Users\Sheila\Desktop\rootkitremover.exe

 

2013-07-16 10:34 - 2013-06-16 04:27 - 00009110 ____A C:\Users\Sheila\Desktop\showin.zip

 

2013-06-28 16:04 - 2006-11-02 05:01 - 00032530 ____A C:\Windows\Tasks\SCHEDLGU.TXT

 

2013-06-28 16:04 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

 

2013-06-28 16:04 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

 

2013-06-28 16:03 - 2012-10-01 20:42 - 01774366 ____A C:\Windows\WindowsUpdate.log

 

2013-06-28 16:03 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

 

2013-06-28 15:34 - 2012-10-08 04:11 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

 

2013-06-28 15:29 - 2013-06-20 03:14 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

 

2013-06-28 06:42 - 2013-06-28 06:42 - 00000000 ____D C:\FRST

 

2013-06-28 04:56 - 2006-11-02 02:33 - 00703388 ____A C:\Windows\System32\PerfStringBackup.INI

 

2013-06-28 04:49 - 2012-10-08 04:11 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

 

2013-06-28 04:48 - 2012-10-07 08:27 - 00089486 ____A C:\Windows\PFRO.log

 

2013-06-28 03:39 - 2013-06-28 03:15 - 00000000 ____D C:\Users\Sheila\Desktop\mbar

 

2013-06-28 03:39 - 2013-06-28 02:05 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

 

2013-06-28 03:39 - 2013-06-28 02:05 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes' Anti-Malware (portable)

 

2013-06-28 03:07 - 2012-12-06 02:58 - 00000000 ____D C:\Program Files\McAfee

 

2013-06-28 02:58 - 2012-10-12 12:33 - 00000000 ____D C:\Users\Sheila\Local Settings\Windows Live

 

2013-06-28 02:58 - 2012-10-12 12:33 - 00000000 ____D C:\Users\Sheila\Local Settings\Application Data\Windows Live

 

2013-06-28 02:58 - 2012-10-12 12:33 - 00000000 ____D C:\Users\Sheila\AppData\Local\Windows Live

 

2013-06-28 02:03 - 2013-06-28 02:03 - 00000000 ____D C:\ProgramData\Malwarebytes

 

2013-06-28 02:03 - 2013-06-28 02:03 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes

 

2013-06-26 12:34 - 2012-10-07 01:06 - 00031744 ____A C:\Users\Sheila\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

2013-06-26 12:34 - 2012-10-07 01:06 - 00031744 ____A C:\Users\Sheila\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

2013-06-26 12:34 - 2012-10-07 01:06 - 00031744 ____A C:\Users\Sheila\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

2013-06-26 02:02 - 2012-10-08 00:55 - 00000000 ____D C:\Users\Sheila\Application Data\HpUpdate

 

2013-06-26 02:02 - 2012-10-08 00:55 - 00000000 ____D C:\Users\Sheila\AppData\Roaming\HpUpdate

 

2013-06-25 15:27 - 2013-06-19 02:36 - 00000000 ____D C:\Users\Sheila\Desktop\New Folder (4)

 

2013-06-24 14:54 - 2013-06-24 14:19 - 00000624 ____A C:\Users\Sheila\Desktop\ark.txt

 

2013-06-24 14:26 - 2013-06-24 13:55 - 00000000 ____D C:\Users\Sheila\Local Settings\CrashDumps

 

2013-06-24 14:26 - 2013-06-24 13:55 - 00000000 ____D C:\Users\Sheila\Local Settings\Application Data\CrashDumps

 

2013-06-24 14:26 - 2013-06-24 13:55 - 00000000 ____D C:\Users\Sheila\AppData\Local\CrashDumps

 

2013-06-24 14:10 - 2013-06-24 14:10 - 00000000 ____D C:\Users\Sheila\Desktop\gmer

 

2013-06-24 13:57 - 2013-06-24 13:57 - 00144592 ____A C:\Windows\Minidump\Mini062413-01.dmp

 

2013-06-24 13:57 - 2013-06-16 07:56 - 245670060 ____A C:\Windows\MEMORY.DMP

 

2013-06-24 13:57 - 2013-03-23 11:19 - 00000000 ____D C:\Windows\Minidump

 

2013-06-24 13:50 - 2013-06-24 13:50 - 00022733 ____A C:\Users\Sheila\Desktop\attach.txt

 

2013-06-24 13:50 - 2013-06-24 13:50 - 00014510 ____A C:\Users\Sheila\Desktop\dds.txt

 

2013-06-24 04:44 - 2013-06-16 08:31 - 00000000 ____D C:\Program Files\stinger

 

2013-06-24 03:00 - 2013-01-22 16:48 - 00000000 ____D C:\Program Files\McAfee Security Scan

 

2013-06-24 02:03 - 2013-06-24 02:55 - 03992792 ____A C:\Users\Sheila\Desktop\McAfee_TechCheck.exe

 

2013-06-24 01:42 - 2013-06-23 21:12 - 00669304 ____A C:\Users\Sheila\Desktop\kremove.exe

 

2013-06-23 17:16 - 2013-06-23 17:16 - 00000291 ____A C:\Users\Sheila\Desktop\RootkitRemover20130623191630.txt

 

2013-06-23 17:15 - 2013-06-23 17:15 - 00000000 ____D C:\Users\Sheila\Desktop\ND-1008

 

2013-06-23 16:45 - 2013-06-23 16:45 - 00000000 ____D C:\Users\Sheila\recovered

 

2013-06-23 16:45 - 2012-10-01 20:52 - 00000000 ____D C:\users\Sheila

 

2013-06-22 00:27 - 2013-06-16 14:35 - 00000350 ___RH C:\Users\Sheila\Desktop\GetSusp.opt

 

2013-06-20 04:54 - 2013-06-13 00:08 - 00000000 ____D C:\Users\Sheila\Desktop\soapy

 

2013-06-20 03:14 - 2013-06-20 03:14 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

 

2013-06-20 03:14 - 2013-06-20 03:14 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

 

2013-06-20 02:14 - 2013-06-20 02:14 - 03316528 ____A C:\SHEILA-PC_2013.06.20-0408.46_CAC4240C-005E-00E3-00FE-00568B345992_1626.zip

 

2013-06-19 22:20 - 2012-10-01 20:56 - 00000000 ____D C:\Users\Sheila\Local Settings\VirtualStore

 

2013-06-19 22:20 - 2012-10-01 20:56 - 00000000 ____D C:\Users\Sheila\Local Settings\Application Data\VirtualStore

 

2013-06-19 22:20 - 2012-10-01 20:56 - 00000000 ____D C:\Users\Sheila\AppData\Local\VirtualStore

 

2013-06-19 19:49 - 2013-06-19 19:49 - 00000000 ____D C:\ProgramData\Trend Micro

 

2013-06-19 19:49 - 2013-06-19 19:49 - 00000000 ____D C:\ProgramData\Application Data\Trend Micro

 

2013-06-19 19:39 - 2012-12-11 22:00 - 00262144 ____A C:\Windows\System32\config\ELAM

 

2013-06-19 15:20 - 2012-12-11 18:47 - 00000000 ___HD C:\Users\Sheila\Desktop\New

 

2013-06-19 15:07 - 2013-06-16 08:12 - 00000000 ____D C:\Users\Sheila\Desktop\New Folder (3)

 

2013-06-19 15:04 - 2012-10-07 00:37 - 00001356 ____A C:\Users\Sheila\Local Settings\d3d9caps.dat

 

2013-06-19 15:04 - 2012-10-07 00:37 - 00001356 ____A C:\Users\Sheila\Local Settings\Application Data\d3d9caps.dat

 

2013-06-19 15:04 - 2012-10-07 00:37 - 00001356 ____A C:\Users\Sheila\AppData\Local\d3d9caps.dat

 

2013-06-19 14:16 - 2013-06-19 14:16 - 37052668 ____A C:\SHEILA-PC_2013.06.19-1348.02_CAC4240C-005E-00E3-00FE-00568B345992_816.zip

 

2013-06-19 14:14 - 2013-06-19 14:14 - 00000000 ____D C:\Users\Sheila\Application Data\InstallShield

 

2013-06-19 14:14 - 2013-06-19 14:14 - 00000000 ____D C:\Users\Sheila\AppData\Roaming\InstallShield

 

2013-06-19 14:14 - 2013-06-19 11:46 - 00000000 ____D C:\Program Files\Trend Micro

 

2013-06-19 14:14 - 2007-11-14 16:51 - 00000000 ___HD C:\Program Files\InstallShield Installation Information

 

2013-06-19 11:46 - 2013-06-19 11:46 - 00000000 ____D C:\Program Files\WinPcap

 

2013-06-19 11:35 - 2013-06-19 02:54 - 00131720 ____A (trend_company_name) C:\Windows\System32\Drivers\tmrkb.sys

 

2013-06-19 11:19 - 2013-06-16 08:34 - 00000000 ____D C:\Stinger_Quarantine

 

2013-06-19 11:06 - 2012-10-08 04:12 - 00001973 ____A C:\Users\Public\Desktop\Google Chrome.lnk

 

2013-06-19 11:06 - 2012-10-08 04:12 - 00001973 ____A C:\ProgramData\Desktop\Google Chrome.lnk

 

2013-06-19 04:28 - 2013-06-19 04:27 - 00144592 ____A C:\Windows\Minidump\Mini061913-01.dmp

 

2013-06-19 04:27 - 2006-11-02 04:47 - 00334792 ____A C:\Windows\System32\FNTCACHE.DAT

 

2013-06-19 02:51 - 2013-06-19 02:51 - 00282252 ____A C:\Users\Sheila\Local Settings\census.cache

 

2013-06-19 02:51 - 2013-06-19 02:51 - 00282252 ____A C:\Users\Sheila\Local Settings\Application Data\census.cache

 

2013-06-19 02:51 - 2013-06-19 02:51 - 00282252 ____A C:\Users\Sheila\AppData\Local\census.cache

 

2013-06-19 02:50 - 2013-06-19 02:50 - 00209826 ____A C:\Users\Sheila\Local Settings\ars.cache

 

2013-06-19 02:50 - 2013-06-19 02:50 - 00209826 ____A C:\Users\Sheila\Local Settings\Application Data\ars.cache

 

2013-06-19 02:50 - 2013-06-19 02:50 - 00209826 ____A C:\Users\Sheila\AppData\Local\ars.cache

 

2013-06-19 02:33 - 2013-06-19 02:33 - 00000036 ____A C:\Users\Sheila\Local Settings\housecall.guid.cache

 

2013-06-19 02:33 - 2013-06-19 02:33 - 00000036 ____A C:\Users\Sheila\Local Settings\Application Data\housecall.guid.cache

 

2013-06-19 02:33 - 2013-06-19 02:33 - 00000036 ____A C:\Users\Sheila\AppData\Local\housecall.guid.cache

 

2013-06-18 22:51 - 2013-06-18 22:51 - 00000291 ____A C:\Users\Sheila\Desktop\RootkitRemover20130619005127.txt

 

2013-06-17 13:49 - 2013-01-22 16:49 - 00000000 ____D C:\ProgramData\McAfee Security Scan

 

2013-06-17 13:49 - 2013-01-22 16:49 - 00000000 ____D C:\ProgramData\Application Data\McAfee Security Scan

 

2013-06-17 13:49 - 2012-10-11 10:06 - 00000000 ____D C:\Windows\System32\EventProviders

 

2013-06-17 13:49 - 2007-11-14 17:15 - 00000000 ____D C:\Windows\SMINST

 

2013-06-17 13:49 - 2007-11-14 16:51 - 00000000 ____D C:\Windows\System32\RTCOM

 

2013-06-17 13:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool

 

2013-06-17 13:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\Msdtc

 

2013-06-17 13:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system

 

2013-06-17 13:49 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\Services

 

2013-06-17 13:48 - 2013-02-28 14:21 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine

 

2013-06-17 13:48 - 2012-10-28 02:43 - 00000000 ____D C:\Program Files\AutoComplete+ Personal

 

2013-06-17 13:48 - 2012-10-25 14:39 - 00000000 ____D C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites

 

2013-06-17 13:48 - 2012-10-25 14:37 - 00000000 ____D C:\Program Files\Common Files\DESIGNER

 

2013-06-17 13:48 - 2012-10-11 01:57 - 00000000 ____D C:\e8a0150cb8bc9f75d5

 

2013-06-17 13:48 - 2012-10-07 00:54 - 00000000 ____D C:\Program Files\Common Files\logishrd

 

2013-06-17 13:48 - 2007-11-14 16:59 - 00000000 ___AD C:\Program Files\Common Files\LightScribe

 

2013-06-17 11:37 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Collaboration

 

2013-06-17 11:37 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Calendar

 

2013-06-17 11:37 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Movie Maker

 

2013-06-17 11:37 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\System

 

2013-06-17 11:31 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\twain_32

 

2013-06-17 11:31 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\restore

 

2013-06-17 11:31 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\ShellNew

 

2013-06-17 11:31 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\tapi

 

2013-06-17 11:31 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ja-JP

 

2013-06-17 11:31 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\fr-FR

 

2013-06-17 11:31 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\de-DE

 

2013-06-17 11:30 - 2013-04-14 03:32 - 00000000 ____D C:\Users\Sheila\Desktop\BACKUP

 

2013-06-17 11:30 - 2013-03-07 23:47 - 00000000 ____D C:\users\Guest

 

2013-06-17 11:30 - 2013-02-28 14:10 - 00000000 ____D C:\ProgramData\Borland

 

2013-06-17 11:30 - 2013-02-28 14:10 - 00000000 ____D C:\ProgramData\Application Data\Borland

 

2013-06-17 11:30 - 2013-02-26 23:31 - 00000000 ____D C:\Program Files\QuickTime

 

2013-06-17 11:30 - 2012-11-25 03:39 - 00000000 ____D C:\Users\Sheila\Downloads\olympus

 

2013-06-17 11:30 - 2012-11-16 05:02 - 00000000 ____D C:\Users\Sheila\My Documents\MyUltimateOrganizer7

 

2013-06-17 11:30 - 2012-11-16 05:02 - 00000000 ____D C:\Users\Sheila\Documents\MyUltimateOrganizer7

 

2013-06-17 11:30 - 2012-11-01 19:10 - 00000000 ____D C:\ProgramData\McAfee

 

2013-06-17 11:30 - 2012-11-01 19:10 - 00000000 ____D C:\ProgramData\Application Data\McAfee

 

2013-06-17 11:30 - 2012-10-25 14:40 - 00000000 ____D C:\ProgramData\Application Data\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}

 

2013-06-17 11:30 - 2012-10-25 14:40 - 00000000 ____D C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}

 

2013-06-17 11:30 - 2012-10-25 14:34 - 00000000 ____D C:\ProgramData\Microsoft Help

 

2013-06-17 11:30 - 2012-10-25 14:34 - 00000000 ____D C:\ProgramData\Application Data\Microsoft Help

 

2013-06-17 11:30 - 2012-10-15 11:35 - 00000000 ____D C:\ProgramData\HP Product Assistant

 

2013-06-17 11:30 - 2012-10-15 11:35 - 00000000 ____D C:\ProgramData\Application Data\HP Product Assistant

 

2013-06-17 11:30 - 2012-10-15 11:31 - 00000000 ____D C:\Windows\hpoj4500g510g-m

 

2013-06-17 11:30 - 2012-10-12 03:02 - 00000000 __RAD C:\Users\Sheila\My Documents\Medical1

 

2013-06-17 11:30 - 2012-10-12 03:02 - 00000000 __RAD C:\Users\Sheila\Documents\Medical1

 

2013-06-17 11:30 - 2012-10-12 03:02 - 00000000 ___RD C:\Users\Sheila\My Documents\Miscellaneous or hardly used

 

2013-06-17 11:30 - 2012-10-12 03:02 - 00000000 ___RD C:\Users\Sheila\Documents\Miscellaneous or hardly used

 

2013-06-17 11:30 - 2012-10-12 02:45 - 00000000 __RAD C:\Users\Sheila\My Documents\Bank of america foreclosure

 

2013-06-17 11:30 - 2012-10-12 02:45 - 00000000 __RAD C:\Users\Sheila\Documents\Bank of america foreclosure

 

2013-06-17 11:30 - 2012-10-09 18:35 - 00000000 ___RD C:\Users\Sheila\.frostwire5

 

2013-06-17 11:30 - 2007-11-14 17:06 - 00000000 ____D C:\ProgramData\WildTangent

 

2013-06-17 11:30 - 2007-11-14 17:06 - 00000000 ____D C:\ProgramData\Application Data\WildTangent

 

2013-06-17 11:30 - 2007-11-14 17:00 - 00000000 ____D C:\Program Files\Snapfish Picture Mover

 

2013-06-17 11:30 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Sidebar

 

2013-06-17 11:30 - 2006-11-02 03:18 - 00000000 __RSD C:\Windows\Media

 

2013-06-17 11:30 - 2006-11-02 03:18 - 00000000 ___RD C:\Windows\Offline Web Pages

 

2013-06-17 11:30 - 2006-11-02 03:18 - 00000000 ___RD C:\users\Public

 

2013-06-17 11:30 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache

 

2013-06-17 11:30 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET

 

2013-06-17 11:30 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Help

 

2013-06-17 11:29 - 2012-10-07 12:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight

 

2013-06-17 11:29 - 2007-11-14 17:09 - 00000000 ____D C:\Program Files\earthlink totalaccess

 

2013-06-17 11:29 - 2007-11-14 17:06 - 00000000 ____D C:\Program Files\HP Games

 

2013-06-17 11:29 - 2007-11-14 17:02 - 00000000 ____D C:\Program Files\Microsoft Works

 

2013-06-17 11:29 - 2007-11-14 17:01 - 00000000 ____D C:\Program Files\Common Files\Java

 

2013-06-17 11:29 - 2007-11-14 16:59 - 00000000 ____D C:\Program Files\LightScribeTemplateLabeler

 

2013-06-17 11:29 - 2007-11-14 16:53 - 00000000 ____D C:\Program Files\HP

 

2013-06-17 11:24 - 2012-10-11 11:44 - 00000000 ____D C:\Windows\System32\vi-VN

 

2013-06-17 11:24 - 2012-10-11 11:44 - 00000000 ____D C:\Windows\System32\eu-ES

 

2013-06-17 11:24 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\XPSViewer

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\zh-TW

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\zh-HK

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\zh-CN

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\uk-UA

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\tr-TR

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\th-TH

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sv-SE

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sr-Latn-CS

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\SLUI

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sl-SI

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sk-SK

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ru-RU

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ro-RO

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ras

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\pt-PT

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\pt-BR

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\pl-PL

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\nl-NL

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\nb-NO

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\lv-LV

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\lt-LT

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ko-KR

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\it-IT

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\icsxml

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ias

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\hu-HU

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\hr-HR

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\he-IL

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\fi-FI

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\et-EE

 

2013-06-17 11:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\el-GR

 

2013-06-17 11:23 - 2012-10-11 11:44 - 00000000 ____D C:\Windows\System32\ca-ES

 

2013-06-17 11:23 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\DigitalLocker

 

2013-06-17 11:23 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\com

 

2013-06-17 11:23 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\bg-BG

 

2013-06-17 11:23 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ar-SA

 

2013-06-17 11:23 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\AdvancedInstallers

 

2013-06-17 11:23 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\MSAgent

 

2013-06-17 11:23 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\L2Schemas

 

2013-06-17 11:23 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\IME

 

2013-06-17 11:23 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Cursors

 

2013-06-17 11:22 - 2012-10-12 14:02 - 00000000 ____D C:\Program Files\Windows Portable Devices

 

2013-06-17 11:22 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Photo Gallery

 

2013-06-17 11:22 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Journal

 

2013-06-17 11:22 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Defender

 

2013-06-16 14:56 - 2013-06-12 04:03 - 00000000 ____D C:\Windows\pss

 

2013-06-16 14:44 - 2007-11-14 16:53 - 00002169 ____A C:\ProgramData\hpzinstall.log

 

2013-06-16 14:44 - 2007-11-14 16:53 - 00002169 ____A C:\ProgramData\Application Data\hpzinstall.log

 

2013-06-16 14:12 - 2013-06-16 14:12 - 00075250 ____A C:\Users\Sheila\Desktop\gsusp_DDDB54961E87_061613_161247.zip

 

2013-06-16 14:12 - 2013-06-16 14:10 - 00001471 ____A C:\Users\Sheila\Desktop\GetSusp.xml

 

2013-06-16 07:56 - 2013-06-16 07:56 - 00144592 ____A C:\Windows\Minidump\Mini061613-01.dmp

 

2013-06-16 04:58 - 2013-06-16 04:58 - 00000000 ____D C:\Users\Sheila\Desktop\showin

 

2013-06-12 01:02 - 2006-11-02 02:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

 

2013-06-11 11:28 - 2013-06-11 11:28 - 00000000 ____D C:\ProgramData\Citrix

 

2013-06-11 11:28 - 2013-06-11 11:28 - 00000000 ____D C:\ProgramData\Application Data\Citrix

 

2013-06-11 11:24 - 2013-06-11 11:24 - 00000000 ____D C:\Users\Sheila\Local Settings\Citrix

 

2013-06-11 11:24 - 2013-06-11 11:24 - 00000000 ____D C:\Users\Sheila\Local Settings\Application Data\Citrix

 

2013-06-11 11:24 - 2013-06-11 11:24 - 00000000 ____D C:\Users\Sheila\AppData\Local\Citrix

 

2013-06-11 11:24 - 2013-06-11 11:24 - 00000000 ____D C:\Program Files\Citrix

 

2013-06-11 11:23 - 2013-06-11 11:23 - 00103832 ____A C:\Users\Sheila\GoToAssistDownloadHelper.exe

 

2013-06-11 11:23 - 2013-06-11 11:23 - 00000000 ____D C:\Users\Sheila\Local Settings\Deployment

 

2013-06-11 11:23 - 2013-06-11 11:23 - 00000000 ____D C:\Users\Sheila\Local Settings\Application Data\Deployment

 

2013-06-11 11:23 - 2013-06-11 11:23 - 00000000 ____D C:\Users\Sheila\AppData\Local\Deployment

 

2013-06-11 11:23 - 2013-06-11 11:23 - 00000000 ____D C:\Users\Sheila\AppData\Local\Apps\2.0

 

2013-06-07 01:10 - 2013-06-07 01:10 - 00000000 ____D C:\Users\Sheila\My Documents\Judy

 

2013-06-07 01:10 - 2013-06-07 01:10 - 00000000 ____D C:\Users\Sheila\Documents\Judy

 

2013-06-06 19:58 - 2012-10-12 02:46 - 00000000 ____D C:\Users\Sheila\My Documents\dog poison

 

2013-06-06 19:58 - 2012-10-12 02:46 - 00000000 ____D C:\Users\Sheila\Documents\dog poison

 

2013-06-03 20:08 - 2012-10-12 02:46 - 00000000 ____D C:\Users\Sheila\My Documents\Geneology

 

2013-06-03 20:08 - 2012-10-12 02:46 - 00000000 ____D C:\Users\Sheila\Documents\Geneology

 

2013-06-02 11:47 - 2012-10-28 01:33 - 00000375 ____A C:\Windows\System32\Drivers\etc\hosts.ics

 

2013-05-31 05:36 - 2013-05-31 05:35 - 00244529 ____A C:\Users\Sheila\Desktop\collage1

 

2013-05-30 23:08 - 2013-05-30 23:08 - 00000000 ____D C:\Users\Sheila\Desktop\Janna's dog

 

 

Files to move or delete:

 

====================

 

C:\Users\Sheila\GoToAssistDownloadHelper.exe

 

 

==================== Known DLLs (Whitelisted) ============

 

 

 

==================== Bamital & volsnap Check =================

 

 

C:\Windows\explorer.exe => MD5 is legit

 

C:\Windows\System32\winlogon.exe => MD5 is legit

 

C:\Windows\System32\wininit.exe => MD5 is legit

 

C:\Windows\System32\svchost.exe => MD5 is legit

 

C:\Windows\System32\services.exe => MD5 is legit

 

C:\Windows\System32\User32.dll => MD5 is legit

 

C:\Windows\System32\userinit.exe => MD5 is legit

 

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

 

 

==================== EXE ASSOCIATION =====================

 

 

HKLM\...\.exe: exefile => OK

 

HKLM\...\exefile\DefaultIcon: %1 => OK

 

HKLM\...\exefile\open\command: "%1" %* => OK

 

 

==================== Restore Points  =========================

 

 

Restore point made on: 2013-05-29 16:00:58

 

Restore point made on: 2013-05-31 00:51:02

 

Restore point made on: 2013-06-02 05:51:14

 

Restore point made on: 2013-06-11 23:38:19

 

Restore point made on: 2013-06-11 23:38:59

 

Restore point made on: 2013-06-11 23:39:36

 

Restore point made on: 2013-06-11 23:44:37

 

Restore point made on: 2013-06-12 01:00:40

 

Restore point made on: 2013-06-12 02:03:08

 

Restore point made on: 2013-06-13 00:07:41

 

Restore point made on: 2013-06-16 03:36:35

 

 

==================== Memory info ===========================

 

 

Percentage of memory in use: 24%

 

Total physical RAM: 1917.94 MB

 

Available physical RAM: 1441.68 MB

 

Total Pagefile: 1658.25 MB

 

Available Pagefile: 1507.69 MB

 

Total Virtual: 2047.88 MB

 

Available Virtual: 1978.92 MB

 

 

==================== Drives ================================

 

 

Drive c: (HP) (Fixed) (Total:456.23 GB) (Free:352.45 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

 

Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.52 GB) (Free:1.29 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

Drive e: (Jul 24 2013) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS

 

Drive f: (SHEILA CARD) (Removable) (Total:1.85 GB) (Free:1.85 GB) FAT

 

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

 

 

==================== MBR & Partition Table ==================

 

 

========================================================

 

Disk: 0 (Size: 466 GB) (Disk ID: 1549F232)

 

Partition 1: (Active) - (Size=456 GB) - (Type=07 NTFS)

 

Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

 

 

========================================================

 

Disk: 1 (Size: 2 GB) (Disk ID: 00000000)

 

Partition 1: (Active) - (Size=2 GB) - (Type=06)

 

 

 

LastRegBack: 2013-06-28 05:01

 

 

==================== End Of Log ============================

Link to post
Share on other sites

Combofix


Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Link to post
Share on other sites

ComboFix 13-06-28.02 - Sheila 06/29/2013  21:11:54.1.2 - x86

 

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1918.1320 [GMT -6:00]

 

Running from: J:\ComboFix.exe

 

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

 

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

 

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

 

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

* Created a new restore point

 

.

 

.

 

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

.

 

c:\users\Sheila\GoToAssistDownloadHelper.exe

 

c:\windows\system32\drivers\etc\hosts.ics

 

c:\windows\system32\jucheck.exe

 

c:\windows\system32\jusched.exe

 

.

 

.

 

(((((((((((((((((((((((((   Files Created from 2013-05-28 to 2013-06-30  )))))))))))))))))))))))))))))))

 

.

 

.

 

2013-06-30 03:21 . 2013-06-30 03:31 -------- d-----w- c:\users\Sheila\AppData\Local\temp

 

2013-06-28 14:42 . 2013-06-28 14:42 -------- d-----w- C:\FRST

 

2013-06-28 10:05 . 2013-06-28 11:39 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

 

2013-06-28 10:03 . 2013-06-28 10:03 -------- d-----w- c:\programdata\Malwarebytes

 

2013-06-24 21:55 . 2013-06-24 22:26 -------- d-----w- c:\users\Sheila\AppData\Local\CrashDumps

 

2013-06-24 00:45 . 2013-06-24 00:45 -------- d-----w- c:\users\Sheila\recovered

 

2013-06-20 11:14 . 2013-06-20 11:14 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

 

2013-06-20 11:14 . 2013-06-20 11:14 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

 

2013-06-20 03:49 . 2013-06-20 03:49 -------- d-----w- c:\programdata\Trend Micro

 

2013-06-19 22:14 . 2009-03-11 18:05 83728 ----a-w- c:\windows\system32\drivers\tmtdi.sys

 

2013-06-19 22:14 . 2013-06-19 22:14 -------- d-----w- c:\users\Sheila\AppData\Roaming\InstallShield

 

2013-06-19 19:46 . 2013-06-19 19:46 -------- d-----w- c:\program files\WinPcap

 

2013-06-19 19:46 . 2013-06-19 22:14 -------- d-----w- c:\program files\Trend Micro

 

2013-06-19 10:54 . 2013-06-19 19:35 131720 ----a-w- c:\windows\system32\drivers\tmrkb.sys

 

2013-06-16 16:34 . 2013-06-19 19:19 -------- d-----w- C:\Stinger_Quarantine

 

2013-06-16 16:31 . 2013-06-24 12:44 -------- d-----w- c:\program files\stinger

 

2013-06-12 03:50 . 2013-05-08 04:37 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys

 

2013-06-12 03:50 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll

 

2013-06-12 03:50 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll

 

2013-06-12 03:50 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll

 

2013-06-12 03:50 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll

 

2013-06-12 03:50 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe

 

2013-06-12 03:50 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll

 

2013-06-12 03:50 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll

 

2013-06-12 03:49 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe

 

2013-06-12 03:49 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe

 

2013-06-12 03:49 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll

 

2013-06-11 19:28 . 2013-06-11 19:28 -------- d-----w- c:\programdata\Citrix

 

2013-06-11 19:24 . 2013-06-11 19:24 -------- d-----w- c:\program files\Citrix

 

2013-06-11 19:24 . 2013-06-11 19:24 -------- d-----w- c:\users\Sheila\AppData\Local\Citrix

 

2013-06-11 19:23 . 2013-06-11 19:23 -------- d-----w- c:\users\Sheila\AppData\Local\Deployment

 

2013-06-11 19:23 . 2013-06-11 19:23 -------- d-----w- c:\users\Sheila\AppData\Local\Apps

 

2013-06-05 19:55 . 2013-06-05 19:55 9805824 ----a-w- c:\programdata\Microsoft\BingDesktop\Updater\BingDesktop.msi

 

2013-05-31 08:56 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98D1EC4C-6353-4A13-8208-CFE5FF757EA2}\mpengine.dll

 

.

 

.

 

.

 

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

2013-06-20 10:14 . 2013-06-20 10:14 3316528 ----a-w- C:\SHEILA-PC_2013.06.20-0408.46_CAC4240C-005E-00E3-00FE-00568B345992_1626.zip

 

2013-06-19 22:16 . 2013-06-19 22:16 37052668 ----a-w- C:\SHEILA-PC_2013.06.19-1348.02_CAC4240C-005E-00E3-00FE-00568B345992_816.zip

 

2013-05-26 03:39 . 2013-02-28 22:15 952 --sha-w- c:\programdata\KGyGaAvL.sys

 

2013-05-25 04:01 . 2012-11-02 03:24 866720 ----a-w- c:\windows\system32\npdeployJava1.dll

 

2013-05-25 04:01 . 2012-11-02 03:24 788896 ----a-w- c:\windows\system32\deployJava1.dll

 

2013-05-14 20:21 . 2013-05-14 20:21 74703 ----a-w- c:\windows\system32\mfc45.dat

 

2013-05-14 20:20 . 2013-05-14 20:20 74703 ----a-w- c:\windows\system32\mfc45.dll

 

2013-05-02 08:06 . 2012-10-07 09:15 238872 ------w- c:\windows\system32\MpSigStub.exe

 

2013-04-15 14:20 . 2013-05-15 00:51 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

 

2013-04-13 10:56 . 2013-05-15 00:51 37376 ----a-w- c:\windows\system32\cdd.dll

 

2013-04-10 23:11 . 2013-01-31 11:57 92304 ----a-w- c:\programdata\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe

 

2013-04-09 01:36 . 2013-05-15 00:51 2049024 ----a-w- c:\windows\system32\win32k.sys

 

.

 

.

 

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

.

 

*Note* empty entries & legit default entries are not shown

 

REGEDIT4

 

.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-10-08 39408]

 

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

 

"GoogleChromeAutoLaunch_D9729E38D89CCACF7B8147D4144220E0"="c:\program files\Google\Chrome\Application\chrome.exe" [2013-06-15 825808]

 

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 4702208]

 

"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]

 

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]

 

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]

 

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-14 1278064]

 

"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]

 

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]

 

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

 

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 1851192]

 

"BingDesktop"="c:\program files\Microsoft\BingDesktop\BingDesktop.exe" [2013-06-05 2249352]

 

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

 

"Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]

 

"TMWebProtectTray"="c:\program files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe" [2011-03-16 288272]

 

.

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

 

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]

 

.

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

 

"EnableUIADesktopToggle"= 0 (0x0)

 

.

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

 

@="Service"

 

.

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

 

@=""

 

.

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

 

@=""

 

.

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

 

@="Service"

 

.

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

 

"DisableMonitoring"=dword:00000001

 

.

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

 

"DisableMonitoring"=dword:00000001

 

.

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

 

"DisableMonitoring"=dword:00000001

 

.

 

--- Other Services/Drivers In Memory ---

 

.

 

*NewlyCreated* - WS2IFSL

 

*Deregistered* - mfeavfk01

 

.

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

 

LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache

 

HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12

 

HPService REG_MULTI_SZ    HPSLPSVC

 

hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc

 

.

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

 

2013-06-19 19:03 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe

 

.

 

Contents of the 'Scheduled Tasks' folder

 

.

 

2013-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job

 

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-20 11:14]

 

.

 

2013-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

 

- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-08 12:10]

 

.

 

2013-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

 

- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-08 12:10]

 

.

 

.

 

------- Supplementary Scan -------

 

.

 

 

mStart Page = about:blank

 

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

 

TCP: DhcpNameServer = 24.116.0.53 24.116.2.50

 

.

 

- - - - ORPHANS REMOVED - - - -

 

.

 

WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)

 

HKCU-Run-Spotify Web Helper - c:\users\Sheila\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

 

HKCU-Run-Spotify - c:\users\Sheila\AppData\Roaming\Spotify\Spotify.exe

 

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

 

SafeBoot-WudfPf

 

SafeBoot-WudfRd

 

.

 

.

 

.

 

**************************************************************************

 

scanning hidden processes ... 

 

.

 

scanning hidden autostart entries ...

 

.

 

scanning hidden files ... 

 

.

 

scan completed successfully

 

hidden files:

 

.

 

**************************************************************************

 

.

 

--------------------- LOCKED REGISTRY KEYS ---------------------

 

.

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

 

@Denied: (A) (Users)

 

@Denied: (A) (Everyone)

 

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

 

"BlindDial"=dword:00000000

 

.

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

 

@Denied: (A) (Users)

 

@Denied: (A) (Everyone)

 

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

 

"BlindDial"=dword:00000000

 

.

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

 

@Denied: (A) (Users)

 

@Denied: (A) (Everyone)

 

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

 

"BlindDial"=dword:00000000

 

.

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

 

@Denied: (A) (Users)

 

@Denied: (A) (Everyone)

 

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

 

"BlindDial"=dword:00000000

 

.

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

 

@Denied: (A) (Users)

 

@Denied: (A) (Everyone)

 

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

 

"BlindDial"=dword:00000000

 

.

 

------------------------ Other Running Processes ------------------------

 

.

 

c:\windows\system32\nvvsvc.exe

 

c:\windows\system32\rundll32.exe

 

c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe

 

c:\program files\Windows Live\Family Safety\fsssvc.exe

 

c:\program files\iolo\Common\Lib\ioloServiceManager.exe

 

c:\program files\Common Files\LightScribe\LSSrvc.exe

 

c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe

 

c:\windows\system32\mfevtps.exe

 

c:\windows\system32\rundll32.exe

 

c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

 

c:\windows\system32\PSIService.exe

 

c:\program files\Common Files\Protexis\License Service\PsiService_2.exe

 

c:\program files\Trend Micro\RUBotted\RUBotSrv.exe

 

c:\program files\Trend Micro\Web Protection Add-On\TmProxy.exe

 

c:\program files\Trend Micro\Web Protection Add-On\TMWebProtect.exe

 

c:\windows\System32\vds.exe

 

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

 

c:\program files\Common Files\McAfee\SystemCore\mfefire.exe

 

c:\program files\Google\Update\1.3.21.145\GoogleCrashHandler.exe

 

c:\progra~1\mcafee.com\agent\mcagent.exe

 

c:\windows\RtHDVCpl.exe

 

c:\windows\System32\rundll32.exe

 

c:\windows\ehome\ehmsas.exe

 

c:\windows\system32\wbem\unsecapp.exe

 

c:\program files\Windows Media Player\wmpnscfg.exe

 

c:\program files\Windows Media Player\wmpnetwk.exe

 

c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

 

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

 

c:\hp\kbd\kbd.exe

 

c:\windows\servicing\TrustedInstaller.exe

 

.

 

**************************************************************************

 

.

 

Completion time: 2013-06-29  21:36:25 - machine was rebooted

 

ComboFix-quarantined-files.txt  2013-06-30 03:36

 

.

 

Pre-Run: 377,262,669,824 bytes free

 

Post-Run: 378,724,036,608 bytes free

 

.

 

- - End Of File - - C5F36A539ACC2B3ED635C18E5819827B

 

03BA8F890B47C0BE359A4D5A636D214D

Link to post
Share on other sites

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.