atrdriver Posted July 16, 2013 ID:703259 Share Posted July 16, 2013 Working on a friends laptop, and obviously it has the FBI virus. I couldn't get into safe mode at all at first, so I removed the HD and connected it to another rig. Ran malwarebytes and Avast on it and removed all the found items. Reinstalled back into the laptop and it booted OK, started to run malwarebytes on it again. It ran for about 1.5 hours, then the FBI screen popped back up. The FRST64 log file is attached....Please help, this is kicking my butt atrdriver Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-07-2013 02Ran by SYSTEM on 15-07-2013 20:31:02Running from G:\Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [QuickSet] - c:\Program Files\Dell\QuickSet\QuickSet.exe [4500640 2011-03-10] (Dell Inc.)HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)HKLM-x32\...\Run: [] - [x]HKLM-x32\...\Run: [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [vProt] - "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" [2236080 2013-06-27] ()HKU\Bruce\...\Run: [mianl] - "C:\Windows\System32\rundll32.exe" "C:\Users\Bruce\AppData\Roaming\mianl.dll",set_user_limits [x] <===== ATTENTIONHKU\Bruce\...\Run: [mlouap] - "C:\Windows\System32\rundll32.exe" "C:\Users\Bruce\AppData\Roaming\mlouap.dll",WriteObjectToFile [x] <===== ATTENTIONHKU\Bruce\...\Run: [ArcSoft] - rundll32 "C:\Users\Bruce\AppData\Local\MFAData\ArcSoft\hjbn.dll",DllRegisterServer [1800704 2013-06-15] () <===== ATTENTIONHKU\Bruce\...\Run: [JavaSoft] - rundll32.exe C:\Users\Bruce\AppData\Local\JavaSoft\gvbzyvle.dll,hwdwomlknacnggun [x] <===== ATTENTIONHKU\Bruce\...\Run: [wabEventSupport16] - rundll32.exe "C:\Users\Bruce\AppData\Roaming\wabEventSupport16\wabEventSupport16.dll",AwPath KernelUtilLibs [x] <===== ATTENTIONHKU\Bruce\...\Run: [Adobe CSS5.1 Manager] - C:\Users\Bruce\AppData\Local\da47001a-087d-4cf7-bab4-6f33101ccc2bad\daadcfbabfcccbad.exe [140288 2013-07-12] () <===== ATTENTIONHKU\Bruce\...\RunOnce: [Adobe CSS5.1 Manager] - C:\Users\Bruce\AppData\Local\da47001a-087d-4cf7-bab4-6f33101ccc2bad\daadcfbabfcccbad.exe [140288 2013-07-12] () <===== ATTENTIONHKU\Bruce\...\Winlogon: [shell] C:\Users\Bruce\AppData\Roaming\dbu32.ocx,explorer.exe <==== ATTENTION==================== Services (Whitelisted) =================S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)S2 FTSvc; C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe [11776 2011-12-12] (Brand Affinity Technologies)S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()S2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-06-27] (AVG Secure Search)==================== Drivers (Whitelisted) ====================S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-27] (AVG Technologies)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-10-03] (support.com, Inc)==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-07-15 20:30 - 2013-07-15 20:30 - 00000000 ____D C:\FRST2013-07-15 19:39 - 2013-07-15 19:39 - 00000000 ____D C:\ProgramData\gamq2013-07-15 11:40 - 2013-07-15 11:40 - 00000000 __SHD C:\found.0002013-07-15 10:19 - 2013-07-15 10:19 - 00000000 ____D C:\61526cce25c49b2c64b22013-07-15 10:17 - 2013-06-11 18:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-07-15 10:17 - 2013-06-11 18:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-07-15 10:17 - 2013-06-11 18:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-07-15 10:17 - 2013-06-11 18:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-07-15 10:17 - 2013-06-11 18:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-07-15 10:17 - 2013-06-11 18:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-07-15 10:17 - 2013-06-11 18:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-07-15 10:17 - 2013-06-11 18:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-07-15 10:17 - 2013-06-11 18:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-07-15 10:17 - 2013-06-11 18:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-07-15 10:17 - 2013-06-11 18:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-07-15 10:17 - 2013-06-11 18:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-07-15 10:17 - 2013-06-11 18:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-07-15 10:17 - 2013-06-11 18:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-07-15 10:17 - 2013-06-11 18:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-07-15 10:17 - 2013-06-11 18:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2013-07-15 10:17 - 2013-06-11 18:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-07-15 10:17 - 2013-06-11 18:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-07-15 10:17 - 2013-06-11 18:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-07-15 10:17 - 2013-06-11 18:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-07-15 10:17 - 2013-06-11 18:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-07-15 10:17 - 2013-06-11 18:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-07-15 10:17 - 2013-06-11 18:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-07-15 10:17 - 2013-06-11 18:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll2013-07-15 10:17 - 2013-06-11 18:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll2013-07-15 10:17 - 2013-06-11 18:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-07-15 10:17 - 2013-06-11 18:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll2013-07-15 10:17 - 2013-06-11 17:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-07-15 10:17 - 2013-06-11 17:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe2013-07-15 10:17 - 2013-06-06 22:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-07-15 10:17 - 2013-06-06 21:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-07-12 16:19 - 2013-07-15 12:10 - 00000004 _____ C:\Users\Bruce\AppData\Roaming\cache.ini2013-07-12 14:48 - 2013-07-12 14:48 - 00000000 _____ C:\Users\Bruce\opera.exe2013-07-12 14:48 - 2013-07-12 14:48 - 00000000 _____ C:\Users\Bruce\acrobatreader.exe2013-07-12 14:26 - 2013-07-12 16:17 - 00000004 _____ C:\Users\Bruce\AppData\Roaming\skype.ini2013-07-12 14:24 - 2013-07-15 20:00 - 00000332 ____H C:\Windows\Tasks\{407577C8-3B02-406D-A9C6-A68BB4EE428E}.job2013-07-12 14:24 - 2013-07-12 14:24 - 00003074 _____ C:\Windows\System32\Tasks\{407577C8-3B02-406D-A9C6-A68BB4EE428E}2013-07-12 14:24 - 2013-07-12 14:24 - 00000000 ____D C:\Users\Bruce\AppData\Local\da47001a-087d-4cf7-bab4-6f33101ccc2bad2013-07-12 14:23 - 2013-07-12 14:48 - 00844800 _____ (MindFusion Limited) C:\Users\Bruce\AppData\Roaming\midefender.exe2013-07-12 14:23 - 2013-07-12 14:48 - 00000796 _____ C:\Users\Bruce\Desktop\Internet Security Pro.lnk2013-07-12 14:23 - 2013-07-12 14:23 - 00845312 _____ (MindFusion Limited) C:\Users\Bruce\AppData\Roaming\D0F6.tmp2013-07-12 14:23 - 2013-07-12 14:23 - 00845312 _____ (MindFusion Limited) C:\Users\Bruce\AppData\Roaming\6A38.tmp2013-07-12 14:23 - 2013-07-12 14:23 - 00140288 _____ C:\Users\Bruce\icq.exe2013-07-12 14:23 - 2013-07-12 14:23 - 00000000 _____ C:\Users\Bruce\windowsupdate.exe2013-07-12 14:23 - 2013-07-12 14:23 - 00000000 _____ C:\Users\Bruce\teamviewer.exe2013-07-12 14:23 - 2013-07-12 14:23 - 00000000 _____ C:\Users\Bruce\rundll32.exe2013-07-12 14:23 - 2013-07-12 14:23 - 00000000 _____ C:\Users\Bruce\acrobat.exe2013-07-12 13:28 - 2013-06-04 01:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll2013-07-12 13:28 - 2013-06-03 23:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2013-07-12 13:28 - 2013-05-06 01:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL2013-07-12 13:28 - 2013-05-05 23:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL2013-07-12 13:27 - 2013-06-04 22:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys2013-07-12 13:23 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2013-07-12 13:23 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll2013-07-09 08:05 - 2013-04-17 02:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2013-07-09 08:05 - 2013-04-17 01:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll2013-07-08 07:43 - 2013-07-08 07:43 - 01509376 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2013-07-08 07:43 - 2013-07-08 07:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2013-07-08 07:43 - 2013-07-08 07:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat2013-07-08 07:43 - 2013-07-08 07:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat2013-07-08 07:43 - 2013-07-08 07:43 - 01054720 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe2013-07-08 07:43 - 2013-07-08 07:43 - 00905728 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00599552 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00441856 _____ (Microsoft Corporation) C:\Windows\System32\html.iec2013-07-08 07:43 - 2013-07-08 07:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2013-07-08 07:43 - 2013-07-08 07:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00270848 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00247296 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\url.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00216064 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00173568 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2013-07-08 07:43 - 2013-07-08 07:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe2013-07-08 07:43 - 2013-07-08 07:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe2013-07-08 07:43 - 2013-07-08 07:43 - 00149504 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00144896 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe2013-07-08 07:43 - 2013-07-08 07:43 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe2013-07-08 07:43 - 2013-07-08 07:43 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2013-07-08 07:43 - 2013-07-08 07:43 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe2013-07-08 07:43 - 2013-07-08 07:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx2013-07-08 07:43 - 2013-07-08 07:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe2013-07-08 07:43 - 2013-07-08 07:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx2013-07-08 07:43 - 2013-07-08 07:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00027648 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe2013-07-08 07:43 - 2013-07-08 07:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2013-07-08 07:43 - 2013-07-08 07:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe2013-07-08 07:43 - 2013-07-08 07:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe2013-07-08 07:41 - 2013-07-08 07:41 - 03928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll2013-07-08 07:41 - 2013-07-08 07:41 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll2013-07-08 07:41 - 2013-07-08 07:41 - 02776576 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll2013-07-08 07:41 - 2013-07-08 07:41 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll2013-07-08 07:41 - 2013-07-08 07:41 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll2013-07-08 07:41 - 2013-07-08 07:41 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll2013-07-08 07:41 - 2013-07-08 07:41 - 01682432 _____ (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll2013-07-08 07:41 - 2013-07-08 07:41 - 01238528 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll2013-07-08 07:41 - 2013-07-08 07:41 - 01175552 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll2013-07-08 07:41 - 2013-07-08 07:41 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll2013-07-08 07:41 - 2013-07-08 07:41 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00648192 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00522752 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00363008 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00333312 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00245248 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00221184 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00194560 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00010752 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00009728 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00002560 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-07-08 07:39 - 2013-07-08 07:45 - 00007985 _____ C:\Windows\IE10_main.log2013-06-27 16:56 - 2013-06-27 16:56 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar2013-06-16 13:24 - 2013-07-15 17:25 - 00000000 ____D C:\Users\Bruce\AppData\Roaming\wabEventSupport162013-06-15 09:52 - 2013-07-15 15:24 - 00000000 ____D C:\Users\Bruce\AppData\Local\JavaSoft==================== One Month Modified Files and Folders =======2013-07-15 20:30 - 2013-07-15 20:30 - 00000000 ____D C:\FRST2013-07-15 20:19 - 2011-08-17 16:04 - 01719704 _____ C:\Windows\WindowsUpdate.log2013-07-15 20:00 - 2013-07-12 14:24 - 00000332 ____H C:\Windows\Tasks\{407577C8-3B02-406D-A9C6-A68BB4EE428E}.job2013-07-15 19:44 - 2012-11-15 15:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-07-15 19:40 - 2011-10-14 11:06 - 00000000 ____D C:\Users\Bruce\AppData\Local\VirtualStore2013-07-15 19:39 - 2013-07-15 19:39 - 00000000 ____D C:\ProgramData\gamq2013-07-15 17:45 - 2013-05-27 10:41 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask2013-07-15 17:34 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-07-15 17:34 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-07-15 17:32 - 2012-08-21 13:40 - 00000000 ____D C:\ProgramData\MFAData2013-07-15 17:31 - 2009-07-14 00:13 - 00778834 _____ C:\Windows\System32\PerfStringBackup.INI2013-07-15 17:26 - 2013-02-06 20:29 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-07-15 17:26 - 2013-02-06 20:29 - 00001115 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk2013-07-15 17:26 - 2012-08-21 14:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-07-15 17:25 - 2013-06-16 13:24 - 00000000 ____D C:\Users\Bruce\AppData\Roaming\wabEventSupport162013-07-15 17:25 - 2011-08-17 14:50 - 00000000 ____D C:\ProgramData\Sonic2013-07-15 17:23 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-07-15 17:23 - 2009-07-13 23:51 - 00052129 _____ C:\Windows\setupact.log2013-07-15 17:23 - 2009-07-13 23:45 - 00461464 _____ C:\Windows\System32\FNTCACHE.DAT2013-07-15 17:10 - 2011-10-14 10:20 - 00000000 ____D C:\users\Bruce2013-07-15 15:24 - 2013-06-15 09:52 - 00000000 ____D C:\Users\Bruce\AppData\Local\JavaSoft2013-07-15 12:22 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal2013-07-15 12:22 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender2013-07-15 12:22 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender2013-07-15 12:10 - 2013-07-12 16:19 - 00000004 _____ C:\Users\Bruce\AppData\Roaming\cache.ini2013-07-15 11:40 - 2013-07-15 11:40 - 00000000 __SHD C:\found.0002013-07-15 10:19 - 2013-07-15 10:19 - 00000000 ____D C:\61526cce25c49b2c64b22013-07-15 10:19 - 2011-10-14 11:46 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe2013-07-12 16:17 - 2013-07-12 14:26 - 00000004 _____ C:\Users\Bruce\AppData\Roaming\skype.ini2013-07-12 15:39 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache2013-07-12 14:48 - 2013-07-12 14:48 - 00000000 _____ C:\Users\Bruce\opera.exe2013-07-12 14:48 - 2013-07-12 14:48 - 00000000 _____ C:\Users\Bruce\acrobatreader.exe2013-07-12 14:48 - 2013-07-12 14:23 - 00844800 _____ (MindFusion Limited) C:\Users\Bruce\AppData\Roaming\midefender.exe2013-07-12 14:48 - 2013-07-12 14:23 - 00000796 _____ C:\Users\Bruce\Desktop\Internet Security Pro.lnk2013-07-12 14:24 - 2013-07-12 14:24 - 00003074 _____ C:\Windows\System32\Tasks\{407577C8-3B02-406D-A9C6-A68BB4EE428E}2013-07-12 14:24 - 2013-07-12 14:24 - 00000000 ____D C:\Users\Bruce\AppData\Local\da47001a-087d-4cf7-bab4-6f33101ccc2bad2013-07-12 14:23 - 2013-07-12 14:23 - 00845312 _____ (MindFusion Limited) C:\Users\Bruce\AppData\Roaming\D0F6.tmp2013-07-12 14:23 - 2013-07-12 14:23 - 00845312 _____ (MindFusion Limited) C:\Users\Bruce\AppData\Roaming\6A38.tmp2013-07-12 14:23 - 2013-07-12 14:23 - 00140288 _____ C:\Users\Bruce\icq.exe2013-07-12 14:23 - 2013-07-12 14:23 - 00000000 _____ C:\Users\Bruce\windowsupdate.exe2013-07-12 14:23 - 2013-07-12 14:23 - 00000000 _____ C:\Users\Bruce\teamviewer.exe2013-07-12 14:23 - 2013-07-12 14:23 - 00000000 _____ C:\Users\Bruce\rundll32.exe2013-07-12 14:23 - 2013-07-12 14:23 - 00000000 _____ C:\Users\Bruce\acrobat.exe2013-07-10 09:42 - 2010-11-20 22:47 - 00049386 _____ C:\Windows\PFRO.log2013-07-08 13:19 - 2012-12-11 14:10 - 00000967 _____ C:\Users\Public\Desktop\AVG 2013.lnk2013-07-08 13:19 - 2012-12-11 14:10 - 00000967 _____ C:\ProgramData\Desktop\AVG 2013.lnk2013-07-08 13:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK2013-07-08 13:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR2013-07-08 13:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\zh-HK2013-07-08 13:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\tr-TR2013-07-08 13:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions2013-07-08 07:45 - 2013-07-08 07:39 - 00007985 _____ C:\Windows\IE10_main.log2013-07-08 07:43 - 2013-07-08 07:43 - 01509376 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2013-07-08 07:43 - 2013-07-08 07:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2013-07-08 07:43 - 2013-07-08 07:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat2013-07-08 07:43 - 2013-07-08 07:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat2013-07-08 07:43 - 2013-07-08 07:43 - 01054720 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe2013-07-08 07:43 - 2013-07-08 07:43 - 00905728 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00599552 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00441856 _____ (Microsoft Corporation) C:\Windows\System32\html.iec2013-07-08 07:43 - 2013-07-08 07:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2013-07-08 07:43 - 2013-07-08 07:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00270848 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00247296 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\url.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00216064 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00173568 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2013-07-08 07:43 - 2013-07-08 07:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe2013-07-08 07:43 - 2013-07-08 07:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe2013-07-08 07:43 - 2013-07-08 07:43 - 00149504 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00144896 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe2013-07-08 07:43 - 2013-07-08 07:43 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe2013-07-08 07:43 - 2013-07-08 07:43 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2013-07-08 07:43 - 2013-07-08 07:43 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe2013-07-08 07:43 - 2013-07-08 07:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx2013-07-08 07:43 - 2013-07-08 07:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe2013-07-08 07:43 - 2013-07-08 07:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx2013-07-08 07:43 - 2013-07-08 07:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00027648 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll2013-07-08 07:43 - 2013-07-08 07:43 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe2013-07-08 07:43 - 2013-07-08 07:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2013-07-08 07:43 - 2013-07-08 07:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe2013-07-08 07:43 - 2013-07-08 07:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe2013-07-08 07:41 - 2013-07-08 07:41 - 03928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll2013-07-08 07:41 - 2013-07-08 07:41 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll2013-07-08 07:41 - 2013-07-08 07:41 - 02776576 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll2013-07-08 07:41 - 2013-07-08 07:41 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll2013-07-08 07:41 - 2013-07-08 07:41 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll2013-07-08 07:41 - 2013-07-08 07:41 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll2013-07-08 07:41 - 2013-07-08 07:41 - 01682432 _____ (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll2013-07-08 07:41 - 2013-07-08 07:41 - 01238528 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll2013-07-08 07:41 - 2013-07-08 07:41 - 01175552 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll2013-07-08 07:41 - 2013-07-08 07:41 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll2013-07-08 07:41 - 2013-07-08 07:41 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00648192 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00522752 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00363008 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00333312 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00245248 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00221184 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00194560 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00010752 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00009728 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-07-08 07:41 - 2013-07-08 07:41 - 00002560 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-06-27 16:56 - 2013-06-27 16:56 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar2013-06-27 16:56 - 2013-03-26 10:49 - 00000000 ____D C:\Users\Bruce\AppData\Local\AVG SafeGuard toolbar2013-06-27 16:55 - 2013-03-26 10:49 - 00045856 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys2013-06-27 16:55 - 2013-03-26 10:49 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar2013-06-15 09:52 - 2012-12-11 14:03 - 00000000 ____D C:\Users\Bruce\AppData\Local\MFADataZeroAccess:C:\$Recycle.Bin\S-1-5-21-2205071843-3555327850-2030385966-1000\$792f41990b73e2f47b46706eb422a6b8C:\$Recycle.Bin\S-1-5-21-2205071843-3555327850-2030385966-1000\$792f41990b73e2f47b46706eb422a6b8\@C:\$Recycle.Bin\S-1-5-21-2205071843-3555327850-2030385966-1000\$792f41990b73e2f47b46706eb422a6b8\LC:\$Recycle.Bin\S-1-5-21-2205071843-3555327850-2030385966-1000\$792f41990b73e2f47b46706eb422a6b8\UFiles to move or delete:====================C:\Users\Bruce\acrobat.exeC:\Users\Bruce\acrobatreader.exeC:\Users\Bruce\icq.exeC:\Users\Bruce\opera.exeC:\Users\Bruce\rundll32.exeC:\Users\Bruce\teamviewer.exeC:\Users\Bruce\windowsupdate.exeC:\Users\Bruce\AppData\Roaming\skype.iniC:\Windows\Tasks\{407577C8-3B02-406D-A9C6-A68BB4EE428E}.job==================== Known DLLs (Whitelisted) ==================================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points =========================Restore point made on: 2013-03-26 10:46:30Restore point made on: 2013-03-26 10:47:14Restore point made on: 2013-03-26 12:31:31Restore point made on: 2013-04-11 08:58:26Restore point made on: 2013-04-28 17:37:29Restore point made on: 2013-05-07 08:32:09Restore point made on: 2013-05-14 19:06:24Restore point made on: 2013-06-12 19:00:43Restore point made on: 2013-07-08 07:39:29Restore point made on: 2013-07-08 13:21:55Restore point made on: 2013-07-09 08:18:09Restore point made on: 2013-07-15 10:09:56Restore point made on: 2013-07-15 12:12:17==================== Memory info ===========================Percentage of memory in use: 18%Total physical RAM: 2960.17 MBAvailable physical RAM: 2416.54 MBTotal Pagefile: 2958.37 MBAvailable Pagefile: 2412.28 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.85 MB==================== Drives ================================Drive c: (OS) (Fixed) (Total:278.46 GB) (Free:226.84 GB) NTFS (Disk=0 Partition=3)Drive d: (RECOVERY) (Fixed) (Total:19.53 GB) (Free:11.7 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]Drive g: (Microcenter 4gb) (Removable) (Total:3.73 GB) (Free:0.68 GB) NTFS (Disk=2 Partition=1)Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 07F2837E)Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=278 GB) - (Type=07 NTFS)========================================================Disk: 2 (Size: 4 GB) (Disk ID: 02F43E05)Partition 1: (Active) - (Size=4 GB) - (Type=07 NTFS)LastRegBack: 2013-07-12 15:30==================== End Of Log ============================ Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted July 16, 2013 ID:703265 Share Posted July 16, 2013 Hello atrdriver and welcome to Malwarebytes! Please do the following:Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.Right-click in the open notepad and select Paste).Save it on the flashdrive as fixlist.txtHKU\Bruce\...\Run: [mianl] - "C:\Windows\System32\rundll32.exe" "C:\Users\Bruce\AppData\Roaming\mianl.dll",set_user_limits [x] <===== ATTENTION HKU\Bruce\...\Run: [mlouap] - "C:\Windows\System32\rundll32.exe" "C:\Users\Bruce\AppData\Roaming\mlouap.dll",WriteObjectToFile [x] <===== ATTENTION HKU\Bruce\...\Run: [ArcSoft] - rundll32 "C:\Users\Bruce\AppData\Local\MFAData\ArcSoft\hjbn.dll",DllRegisterServer [1800704 2013-06-15] () <===== ATTENTION HKU\Bruce\...\Run: [JavaSoft] - rundll32.exe C:\Users\Bruce\AppData\Local\JavaSoft\gvbzyvle.dll,hwdwomlknacnggun [x] <===== ATTENTION HKU\Bruce\...\Run: [wabEventSupport16] - rundll32.exe "C:\Users\Bruce\AppData\Roaming\wabEventSupport16\wabEventSupport16.dll",AwPath KernelUtilLibs [x] <===== ATTENTION HKU\Bruce\...\Run: [Adobe CSS5.1 Manager] - C:\Users\Bruce\AppData\Local\da47001a-087d-4cf7-bab4-6f33101ccc2bad\daadcfbabfcccbad.exe [140288 2013-07-12] () <===== ATTENTION HKU\Bruce\...\RunOnce: [Adobe CSS5.1 Manager] - C:\Users\Bruce\AppData\Local\da47001a-087d-4cf7-bab4-6f33101ccc2bad\daadcfbabfcccbad.exe [140288 2013-07-12] () <===== ATTENTION HKU\Bruce\...\Winlogon: [shell] C:\Users\Bruce\AppData\Roaming\dbu32.ocx,explorer.exe <==== ATTENTION C:\$Recycle.Bin\S-1-5-21-2205071843-3555327850-2030385966-1000\$792f41990b73e2f47b46706eb422a6b8 C:\$Recycle.Bin\S-1-5-21-2205071843-3555327850-2030385966-1000\$792f41990b73e2f47b46706eb422a6b8\@ C:\$Recycle.Bin\S-1-5-21-2205071843-3555327850-2030385966-1000\$792f41990b73e2f47b46706eb422a6b8\L C:\$Recycle.Bin\S-1-5-21-2205071843-3555327850-2030385966-1000\$792f41990b73e2f47b46706eb422a6b8\U C:\Users\Bruce\acrobat.exe C:\Users\Bruce\acrobatreader.exe C:\Users\Bruce\icq.exe C:\Users\Bruce\opera.exe C:\Users\Bruce\rundll32.exe C:\Users\Bruce\teamviewer.exe C:\Users\Bruce\windowsupdate.exe C:\Users\Bruce\AppData\Roaming\skype.ini C:\Windows\Tasks\{407577C8-3B02-406D-A9C6-A68BB4EE428E}.job NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Now please enter System Recovery Options. Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply. After that- are you able to boot into normal mode? Let me know when you can as we have more malware to remove. ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Note: Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly" -------> Your topic will be closed if you haven't replied within 3 days! <-------- (If I don't respond within 24 hours, please send me a PM) -DFB Link to post Share on other sites More sharing options...
atrdriver Posted July 16, 2013 Author ID:703269 Share Posted July 16, 2013 This is the fixlog.txt. Machine restarted in normal mode without going to white screen immediately....should I run an AVG scan and malwarebytes on it now? Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-07-2013 02Ran by SYSTEM at 2013-07-15 20:44:05 Run:1Running from G:\Boot Mode: Recovery==============================================HKU\Bruce\Software\Microsoft\Windows\CurrentVersion\Run\\mianl => Value deleted successfully.HKU\Bruce\Software\Microsoft\Windows\CurrentVersion\Run\\mlouap => Value deleted successfully.HKU\Bruce\Software\Microsoft\Windows\CurrentVersion\Run\\ArcSoft => Value deleted successfully.HKU\Bruce\Software\Microsoft\Windows\CurrentVersion\Run\\JavaSoft => Value deleted successfully.HKU\Bruce\Software\Microsoft\Windows\CurrentVersion\Run\\wabEventSupport16 => Value deleted successfully.HKU\Bruce\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager => Value deleted successfully.HKU\Bruce\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe CSS5.1 Manager => Value deleted successfully.HKU\Bruce\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.C:\$Recycle.Bin\S-1-5-21-2205071843-3555327850-2030385966-1000\$792f41990b73e2f47b46706eb422a6b8 => Moved successfully."C:\$Recycle.Bin\S-1-5-21-2205071843-3555327850-2030385966-1000\$792f41990b73e2f47b46706eb422a6b8\@" => File/Directory not found."C:\$Recycle.Bin\S-1-5-21-2205071843-3555327850-2030385966-1000\$792f41990b73e2f47b46706eb422a6b8\L" => File/Directory not found."C:\$Recycle.Bin\S-1-5-21-2205071843-3555327850-2030385966-1000\$792f41990b73e2f47b46706eb422a6b8\U" => File/Directory not found.C:\Users\Bruce\acrobat.exe => Moved successfully.C:\Users\Bruce\acrobatreader.exe => Moved successfully.C:\Users\Bruce\icq.exe => Moved successfully.C:\Users\Bruce\opera.exe => Moved successfully.C:\Users\Bruce\rundll32.exe => Moved successfully.C:\Users\Bruce\teamviewer.exe => Moved successfully.C:\Users\Bruce\windowsupdate.exe => Moved successfully.C:\Users\Bruce\AppData\Roaming\skype.ini => Moved successfully.C:\Windows\Tasks\{407577C8-3B02-406D-A9C6-A68BB4EE428E}.job => Moved successfully.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted July 16, 2013 ID:703270 Share Posted July 16, 2013 Glad to hear you can boot. I'd like you to run the following----------Step 1----------------Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it.To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.----------Step 2----------------Please download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt----------Step 3----------------Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:http://www.bleepingc...to-use-combofix***IMPORTANT: save ComboFix to your Desktop**** Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Please go here to see a list of programs that should be disabled.**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall** Please include the C:\ComboFix.txt in your next reply for further review.NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.----------Step 4----------------Please download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.----------Step 5----------------In your next reply, please include the following:TDSSKiller's logfileMBAR mbar-log.txt and system-log.txtComboFix's report (C:\ComboFix.txt)Security Check checkup.txtAfter that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. Link to post Share on other sites More sharing options...
atrdriver Posted July 16, 2013 Author ID:703279 Share Posted July 16, 2013 I'm on step two right now, but in the meantime AVG has popped up a threat found box for Trojan Horse Generic33.CJDT. Should I leave this box open while I do all the steps or should I let it fix it? Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted July 16, 2013 ID:703285 Share Posted July 16, 2013 Leave it for now- in fact, leave AVG disabled if possible as it may interfere with our tools Link to post Share on other sites More sharing options...
atrdriver Posted July 16, 2013 Author ID:703330 Share Posted July 16, 2013 OK, here are all the logs, I'm just attaching the txt files if that's OK. Right now things seem to be OK, the first time that I ran ComboFix it went to reboot then bluescreened, but the second time it ran through OK. Please let me know if there is anything else I need to do here... ComboFix.txtmbar-log-2013-07-15 (21-02-07).txtmbar-log-2013-07-15 (21-32-46).txtSecuritycheckup.txtsystem-log.txtTDSSKiller.2.8.18.0_15.07.2013_20.54.40_log.txt Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted July 16, 2013 ID:703331 Share Posted July 16, 2013 I need you to go back through TDSSKiller- this time, select Delete/Quarantine instead of Skip. Please post the new log it creates in your next reply. Link to post Share on other sites More sharing options...
atrdriver Posted July 16, 2013 Author ID:703332 Share Posted July 16, 2013 Went through TDSKiller this thime with nothing found, the log is attached...TDSSKiller.2.8.18.0_15.07.2013_23.02.24_log.txt Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted July 16, 2013 ID:703333 Share Posted July 16, 2013 Okay no worries. Things look better, but we still have some more to go. ----------Step 1----------------Please download AdwCleaner by Xplode onto your desktop.Double click on AdwCleaner.exe to run the tool.Click on Search.A logfile will automatically open after the scan has finished.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[R1].txt as well.----------Step 2----------------We need to create a New FULL OTL ReportPlease download OTL from here if you have not done so already:Main MirrorSave it to your desktop.Double click on the OTL icon on your desktop.Click the "Scan All Users" checkbox.Change the "Extra Registry" option to "SafeList"Push the Run Scan button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimized----------Step 3 (note: this scan may take a little time)----------------I'd like us to scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window.ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check Click the button.Accept any security warnings from your browser.Check Push the Start button.ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Push the button.Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt----------Step 4----------------Please post the AdwCleaner logfile, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.Let me know how things go. Link to post Share on other sites More sharing options...
atrdriver Posted July 16, 2013 Author ID:703334 Share Posted July 16, 2013 Is it OK if I continue this in the morning? Im in Central time and I'm thinking about 9AM CDT... Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted July 16, 2013 ID:703335 Share Posted July 16, 2013 Definitely. Take all the time you need. Link to post Share on other sites More sharing options...
atrdriver Posted July 16, 2013 Author ID:703336 Share Posted July 16, 2013 Thanks so much for your help...I'll be back in the morning... Link to post Share on other sites More sharing options...
atrdriver Posted July 16, 2013 Author ID:703533 Share Posted July 16, 2013 OK, sorry that took so long, the ESET scan took forever. FWIW it said that the command line scan stopped working right at the end. Attached are the log files.... AdwCleanerR1.txtEST Log.txtExtras.TxtOTL.Txt Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted July 16, 2013 ID:703535 Share Posted July 16, 2013 Still have a little more to do, but we're nearly there.----------Step 1----------------We need to run an OTL FixPlease reopen on your desktop.Copy and Paste the following code into the textbox. :OTL[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]:FilesC:\Program Files (x86)\Yontoo\YontooIEClient.dllC:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dllC:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll:Commands[purity][emptytemp][emptyjava][emptyflash][Reboot]Push OTL may ask to reboot the machine. Please do so if asked.Click the OK button.A report will open. Copy and Paste that report in your next reply. ----------Step 2----------------Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message. ----------Step 3----------------Instructions for DELETE:Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.You will be prompted to restart your computer. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[s1].txt as well.Afterwards, please reboot the computer.----------Step 4----------------Please post the OTL and Junkware Removal Tool and AdwCleaner reports in your next reply. How are things running now? Link to post Share on other sites More sharing options...
atrdriver Posted July 16, 2013 Author ID:703542 Share Posted July 16, 2013 Latest logs.... 07162013_110645.logAdwCleanerS1.txtJRT.txt Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted July 16, 2013 ID:703554 Share Posted July 16, 2013 Things look good. Judging by your last few logs, I'd say your system is clean. Before we move on, please take the time to install the following updates. Program updates are a critical part of your computer's safety net, as outdated applications leave you vulnerable to malware. ---------Upgrade Java : (64 bits)Download the latest version of Java SE Runtime Environment (JRE) JRE 7 Update 3 .Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.Check the box that says: "Accept License Agreement.".Click on the link to download Windows Offline Installation 64 bit ( jre-7u3-windows-x64.exe) and save it to your desktop. Do NOT use the Sun Download Manager..Close any programs you may have running - especially your web browser.Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.Check any item with Java Runtime Environment (JRE or J2SE) in the name.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java version.Reboot your computer once all Java components are removed.Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u25-windows-x64.exe and select "Run as an Administrator.")--------- Please let me know how the updates went, as failed updates may be due to malware. Link to post Share on other sites More sharing options...
atrdriver Posted July 17, 2013 Author ID:703756 Share Posted July 17, 2013 OK, getting that done as I type. One other problem, but I don't know if it's realted, as this is not my computer. When I type a web address in the address bar of IE unless I hit ALT-and enter adter typing it. It will open clicked links however. And Firefox works as one would expect it to work. Everything else seems to be good so far atl least...I can't thank you enough for your assistance... Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted July 17, 2013 ID:703758 Share Posted July 17, 2013 No problem . Try resetting IE's preferences- see this link for instructions http://support.microsoft.com/kb/923737 Let me know if that fixed it Link to post Share on other sites More sharing options...
atrdriver Posted July 17, 2013 Author ID:703764 Share Posted July 17, 2013 Yes, that seemed to fix it. Can I delete all the programs that I put on the desktop safely at this point? Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted July 17, 2013 ID:703765 Share Posted July 17, 2013 Yep. I'll include instructions on how to do that below . ---------- Unless there are any other issues, I will now provide you with some steps to better protect your computer.First, we need to remove ComboFix.The following will implement some cleanup procedures as well as reset System Restore points:Click Start > Run and copy/paste the following bolded text into the Run box and click OK:ComboFix /Uninstall -------------------Let's remove OTL and the other tools we used as well:Reopen on your desktop.Click on You will be prompted to reboot your system. Please do so.-------------------Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.-------------------It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.avast!.AntiVirAVGMicrosoft Security Essentials-------------------Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:Spybot-Search & DestroyA tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.SpywareBlasterA tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.SpywareGuardA tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.-------------------Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too. A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.These firewalls are good and do have free versions availableOutpost Firewall FreeOnline Armor FirewallA tutorial on understanding and using firewalls may be found here.-------------------Please keep your security programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time.-------------------Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:http://www.spywarewa...nti-spyware.htmA similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.-------------------Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.If you are interested, Firefox may be downloaded from hereOpera is available here: http://www.opera.com/download/-------------------For more useful information, please also read Tony Klein's excellent article: How did I get infected in the first placeHopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.-------------------I would grateful if you could reply to this post so that I know you have read it and, if you have no other questions, the thread can then be closed.I will leave the thread open for a few more days. If you need anything, just come back here and let me know. After that time you will have to send me a PM. ---------------------------------------------------------My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against malware, then click here: Every little bit helps. -DFB Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 23, 2013 Root Admin ID:706184 Share Posted July 23, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts