Jump to content

Trojan Dropper reloads on boot and authorises others


Recommended Posts

Hello

 

I have already changed several things on this system but without previous attempts to cure it the most annoying symptom was the Windows/Explorer.exe crashing every 3 seconds not allowing programs to be run, AND no internet access, disabling the security, enabling or even authorising Malware as OK. (I remember seeing somewhere in McAfee about 8 known PUP and malware being authorised as Trusted but cleaned them and not been able to find that section/setting since) I've tried Malwarebytes and it seemed to cure it - only to find it reappears at next boot. the resident sheild is McAfee but it finds nothing even if using the highest/most sensitive search. I've run all the programs in sfae mode or at least ried to = MalwareBytes reports it cannot run in safe mode. I have tried Windows Defender Offline and McAfee Stinger. I've cleaned literally dozens of infections from well over 100 places on the system. The only one I found that seems to keep re-ocurring was the DOS/Rovnix.gg which has very little presence online - Microsoft only had rovnix.a or rovnix.v etc not .gg .. The microsoft site says Microsoft Safety Scanner can cure it but With McAfee paid Total Care installed I did not want to un-install it completely to load a new resident protection (esp as someone said that it may only cure certain different strains anyway). My next step was to try that and find a Windows 7 Disk to fix BootRec as Microsoft advised on a link I found while searching rovnix cures but the McAfee Forum recommended you and a couple other sites.

 

I've been dealing with this for over a week and though I have made massive progress enabling me to submit this on the affected laptop I am getting annoyed and frutrated. The only thing that seems to constantly give a stable (semi stable) system is Running Windows Memory Diagnostic during start-up and this is even after Changing the RAM. I downloaded the Chameleon but have not used it as of yet.

I ran RogueKiller before joining this forum and it showed many variations/infections but I have not done any changes since reading the proceedure for this Forum. Both logs are available now. I may have done more previously and not mentioned it here but it has been a long hard road so far. This Trojan Dropper as someone called it seems to let the system get infected with many others so it's a lot to correct.

 

 

 

The system is a Sony Vaio with Windows 7 H Prem. 64Bit Now with a 4Gb DIMM not the 2 stick making 3Gb.

Addition.txt

FRST.txt

RKreport0_S_04272014_085916.txt

Link to post
Share on other sites
  • Replies 54
  • Created
  • Last Reply

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Run Malwarebytes:

 


On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

How to get logs:

(Export log to save as txt)

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

 

Post those logs, also give an update on any remaining isues or concerns....

 

Kevin..

 

fixlist.txt

Link to post
Share on other sites

Good morning,

 

I did as requested and found no threat/s. On reboot the desktop constantly crashes and reloads still. Windows Explorer will not stay on long enough for anyone to open a folder or shortcut on desktop far less use the system fully. 

 

A small query - According to your instruction I was to run FRST and Press FIX - I did so but was it supposed to be Run and Press FIX without pressing Scan? 

= Should I have pressed Scan first? 

 

Regards,

FreshCliff

Link to post
Share on other sites

To run FRST just means to open, so you have the GUI open ready, the fixlist.txt file should have been saved to the same folder or Desktop as FRST, with the program open select Fix tab with one left click, do not select Scan first. If you select scan it will do just that....

 

Your system is infected with ZeroAccess rootkit infection, it is very important the FRST is used exactly as I posted in reply #2. If you are unable to use FRST as I posted let me know, maybe if your system is not responding correctly we will have to run FRST again from the Recovery Environment....

 

Kevin....

Link to post
Share on other sites

I did just as you requested but it seemed to have no effect - Both are on the Desktop (therefore can be fond in the Desktop folder when looking in Explorer). I just wanted to make sure I understood it correctly and I did. Would it be better to put both in an actual folder in the Library / My documents ? 

 

Please explain or give instruction about the Recovery Environment as I have tried Safe Mode and the Diagnostic Startup from MSConfig and all attempts have the same outcome. I wont be able to run FRST or anything else before it crashes. Awaiting your valued assistance.

Link to post
Share on other sites

Thanks for the update, lets just start over. I guess you have access to a spare PC to download FRST, hopefully you also have a USB memory stick (Flash drive) if so do this please:

 

Please download Farbar Recovery Scan Tool from here:                                                                  

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

Plug the flash drive into the infected PC.

 

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt Here: http://www.bleepingcomputer.com/tutorials/windows-8-recovery-environment-command-prompt/ to enter System Recovery Command prompt.

 

If you are using Vista or Windows 7 enter System Recovery Options.

 

Plug the flashdrive into the infected PC.

 

Enter System Recovery Options I give two methods, use whichever is convenient for you.

 

To enter System Recovery Options from the Advanced Boot Options:


Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select Your Country as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

 

To enter System Recovery Options by using Windows installation disc:


Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select Your Country as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

 

On the System Recovery Options menu you may get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

 


Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type  e:\frst64 or e:\frst depending on your version. Press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

Thanks,

 

Kevin

Link to post
Share on other sites

Thanks - that was quicker than I thought -

 

See below - couldn't find attach file - Hope it helps.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by SYSTEM on MININT-KF3RRD2 on 28-04-2014 22:25:33
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\victor\...\Run: [spotify Web Helper] => C:\Users\victor\Application Data\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-03-07] (Spotify Ltd)
HKU\victor\...\Run: [Allmyapps] => C:\Users\victor\Application Data\Allmyapps\Allmyapps.exe [6782328 2014-02-20] (Allmyapps)
HKU\victor\...\Run: [Allmyapps Update] => C:\Users\victor\Application Data\Allmyapps\AllmyappsUpdater.exe [317304 2014-02-20] (Allmyapps)
HKU\victor\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILEE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\victor\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILEE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
Startup: C:\Users\victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Services (Whitelisted) =================
 
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-02-12] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-02-12] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [565472 2013-02-12] (Avira Operations GmbH & Co. KG)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-14] (Microsoft Corporation)
S2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McComponentHostServiceSony; C:\Program Files\Sony\MSS\3.8.130\McCHSvc.exe [288776 2013-10-16] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
S2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2014-04-13] (Trusteer Ltd.)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] ()
S2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
S2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2011-11-09] (TuneUp Software)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-06-17] (Sony Corporation)
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-01-29] (Check Point Software Technologies LTD)
S2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
S1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
S3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
S1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-10-28] ()
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282968 2014-04-13] (Trusteer Ltd.)
S0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [236248 2013-02-13] (Trusteer Ltd.)
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397848 2014-04-13] (Trusteer Ltd.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-03-03] ()
S1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD)
S3 ApfiltrService; \SystemRoot\system32\drivers\Apfiltr.sys [X]
S3 btwampfl; system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.RTM\WNt500x64\Sandra.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-28 11:41 - 2014-04-28 11:41 - 00262144 _____ () C:\Windows\Minidump\042814-38813-01.dmp
2014-04-28 06:44 - 2014-04-28 20:36 - 00000000 ____D () C:\Users\beatricetrigg\AppData\Local\CrashDumps
2014-04-27 11:14 - 2014-04-27 11:15 - 00051832 _____ () C:\Users\beatricetrigg\Desktop\FRST.txt
2014-04-27 11:14 - 2014-04-27 11:15 - 00041694 _____ () C:\Users\beatricetrigg\Desktop\Addition.txt
2014-04-27 11:13 - 2014-04-28 22:25 - 00000000 ____D () C:\FRST
2014-04-27 11:12 - 2014-04-27 11:08 - 02061824 _____ (Farbar) C:\Users\beatricetrigg\Desktop\FRST64.exe
2014-04-27 11:06 - 2014-04-27 11:08 - 02061824 _____ (Farbar) C:\Users\beatricetrigg\Downloads\FRST64.exe
2014-04-27 07:59 - 2014-04-27 07:59 - 00003148 _____ () C:\Users\beatricetrigg\Desktop\RKreport[0]_S_04272014_085916.txt
2014-04-27 07:56 - 2014-04-27 07:59 - 00000000 ____D () C:\Users\beatricetrigg\Desktop\RK_Quarantine
2014-04-27 07:55 - 2014-04-27 07:56 - 04527616 _____ () C:\Users\beatricetrigg\Downloads\RogueKillerX64.exe
2014-04-27 07:01 - 2014-04-27 07:01 - 00000000 __SHD () C:\Users\beatricetrigg\AppData\Local\EmieUserList
2014-04-27 07:01 - 2014-04-27 07:01 - 00000000 __SHD () C:\Users\beatricetrigg\AppData\Local\EmieSiteList
2014-04-27 07:00 - 2014-04-27 07:00 - 00262144 _____ () C:\Windows\Minidump\042714-26894-01.dmp
2014-04-26 22:03 - 2014-04-26 22:07 - 00000856 _____ () C:\Users\beatricetrigg\Downloads\Stinger_26042014_230358.html
2014-04-26 22:02 - 2014-04-26 22:02 - 00000000 ____D () C:\Quarantine
2014-04-26 21:50 - 2014-04-26 22:04 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-04-26 21:50 - 2014-04-26 21:56 - 00000856 _____ () C:\Users\beatricetrigg\Downloads\Stinger_26042014_225039.html
2014-04-26 21:50 - 2014-04-26 21:50 - 10642792 _____ (McAfee Inc) C:\Users\beatricetrigg\Downloads\stinger32.exe
2014-04-26 21:50 - 2014-04-26 21:50 - 00650948 _____ () C:\Users\beatricetrigg\Downloads\runtime.dat
2014-04-26 21:38 - 2014-04-26 21:38 - 01440846 _____ () C:\Users\beatricetrigg\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-04-26 21:13 - 2014-04-26 21:13 - 00000000 ____D () C:\Users\beatricetrigg\AppData\Roaming\McAfee
2014-04-26 21:10 - 2014-04-26 21:10 - 00541592 _____ (McAfee, Inc.) C:\Users\beatricetrigg\Downloads\MVTInstaller.exe
2014-04-26 21:03 - 2014-04-26 21:03 - 00000000 ____D () C:\7ed2a9287b5ffe0fb15e1e7cf33cb8
2014-04-24 21:55 - 2014-04-26 09:35 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-04-24 16:29 - 2014-04-24 16:29 - 00262144 _____ () C:\Windows\Minidump\042414-28875-01.dmp
2014-04-24 02:02 - 2014-03-06 08:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-04-24 02:02 - 2014-03-06 08:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-04-24 02:02 - 2014-03-06 08:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-24 02:02 - 2014-03-06 07:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-24 02:01 - 2014-03-06 10:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-04-24 02:01 - 2014-03-06 09:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-04-24 02:01 - 2014-03-06 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-04-24 02:01 - 2014-03-06 09:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-24 02:01 - 2014-03-06 08:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-04-24 02:01 - 2014-03-06 08:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-04-24 02:01 - 2014-03-06 08:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-04-24 02:01 - 2014-03-06 08:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-04-24 02:01 - 2014-03-06 08:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-04-24 02:01 - 2014-03-06 08:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-24 02:01 - 2014-03-06 08:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-04-24 02:01 - 2014-03-06 08:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-04-24 02:01 - 2014-03-06 08:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-04-24 02:01 - 2014-03-06 08:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-04-24 02:01 - 2014-03-06 08:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-04-24 02:01 - 2014-03-06 08:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-04-24 02:01 - 2014-03-06 08:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-04-24 02:01 - 2014-03-06 08:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-24 02:01 - 2014-03-06 08:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-24 02:01 - 2014-03-06 07:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-04-24 02:01 - 2014-03-06 07:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-04-24 02:01 - 2014-03-06 07:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-24 02:01 - 2014-03-06 07:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-24 02:01 - 2014-03-06 07:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-24 02:01 - 2014-03-06 07:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-24 02:01 - 2014-03-06 07:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-04-24 02:01 - 2014-03-06 07:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-24 02:01 - 2014-03-06 07:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-24 02:01 - 2014-03-06 07:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-24 02:01 - 2014-03-06 07:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-04-24 02:01 - 2014-03-06 07:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-24 02:01 - 2014-03-06 07:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-04-24 02:01 - 2014-03-06 07:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-24 02:01 - 2014-03-06 07:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-24 02:01 - 2014-03-06 06:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-04-24 02:01 - 2014-03-06 06:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-24 02:01 - 2014-03-06 06:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-24 02:01 - 2014-03-06 06:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-24 02:01 - 2014-03-06 06:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-04-24 02:01 - 2014-03-06 05:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-04-24 02:01 - 2014-03-06 05:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-04-24 02:01 - 2014-03-06 05:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-24 02:01 - 2014-03-06 05:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-24 02:01 - 2014-03-06 05:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-23 16:24 - 2014-04-23 16:24 - 00262144 _____ () C:\Windows\Minidump\042314-34741-01.dmp
2014-04-23 14:50 - 2013-09-23 12:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys
2014-04-12 23:01 - 2014-04-28 11:41 - 545510981 _____ () C:\Windows\MEMORY.DMP
2014-04-12 23:01 - 2014-04-12 23:02 - 00262144 _____ () C:\Windows\Minidump\041314-24663-01.dmp
2014-04-12 05:16 - 2014-02-04 02:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2014-04-12 05:16 - 2014-02-04 02:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2014-04-12 05:16 - 2014-02-04 02:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2014-04-12 05:16 - 2014-02-04 02:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\iologmsg.dll
2014-04-12 05:16 - 2014-02-04 02:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-12 05:15 - 2014-03-04 09:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2014-04-12 05:15 - 2014-03-04 09:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2014-04-12 05:15 - 2014-03-04 09:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2014-04-12 05:15 - 2014-03-04 09:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2014-04-12 05:15 - 2014-03-04 09:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2014-04-12 05:15 - 2014-03-04 09:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-12 05:15 - 2014-03-04 09:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-12 05:15 - 2014-03-04 09:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-12 05:15 - 2014-03-04 09:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-12 05:15 - 2014-03-04 08:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-12 05:15 - 2014-03-04 08:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-12 05:13 - 2014-01-24 02:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2014-04-12 04:32 - 2011-02-25 06:19 - 02871808 _____ (Microsoft Corporation) C:\Windows\System32\explorer.exe
2014-04-12 04:31 - 2014-04-12 04:31 - 00001014 _____ () C:\Users\beatricetrigg\Desktop\System32 - Shortcut.lnk
2014-04-12 02:48 - 2014-04-12 04:46 - 00000000 ____D () C:\users\Guest
2014-04-12 02:48 - 2014-03-30 20:00 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-04-12 02:48 - 2014-02-13 15:00 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\TuneUp Software
2014-04-12 02:48 - 2011-09-26 18:41 - 00000000 ____D () C:\Users\Guest\AppData\Local\Trusteer
2014-04-12 02:48 - 2011-09-21 21:04 - 00000000 ____D () C:\Users\Guest\AppData\Local\Sony Corporation
2014-03-31 21:25 - 2014-03-31 21:25 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-30 23:09 - 2014-04-12 04:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 22:26 - 2014-04-28 19:55 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-03-30 22:26 - 2014-04-23 05:16 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-30 22:25 - 2014-04-23 05:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-30 22:25 - 2014-04-03 08:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-03-30 22:25 - 2014-04-03 08:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-03-30 22:25 - 2014-04-03 08:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-03-30 22:25 - 2014-03-30 22:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-30 22:23 - 2014-03-30 22:23 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\victor\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-30 20:00 - 2014-03-30 20:00 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-03-30 20:00 - 2014-03-30 20:00 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
 
==================== One Month Modified Files and Folders =======
 
2014-04-28 22:25 - 2014-04-27 11:13 - 00000000 ____D () C:\FRST
2014-04-28 21:18 - 2011-06-21 13:59 - 01365942 _____ () C:\Windows\WindowsUpdate.log
2014-04-28 20:57 - 2014-02-25 15:57 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-412 413 415 Series Update {1E12273F-8729-47C0-A61E-39E294874E0C}.job
2014-04-28 20:57 - 2014-02-25 15:57 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-412 413 415 Series Invitation {C498C4D5-658E-44A2-965F-3C1495EE3DED}.job
2014-04-28 20:57 - 2014-02-25 15:57 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-412 413 415 Series Invitation {1E12273F-8729-47C0-A61E-39E294874E0C}.job
2014-04-28 20:57 - 2014-02-23 15:57 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-412 413 415 Series Update {17B874AE-DAED-487F-89C0-B4DF5BCEE6B2}.job
2014-04-28 20:57 - 2014-02-23 15:57 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-412 413 415 Series Invitation {17B874AE-DAED-487F-89C0-B4DF5BCEE6B2}.job
2014-04-28 20:55 - 2014-01-11 20:43 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-28 20:39 - 2014-01-10 19:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-28 20:36 - 2014-04-28 06:44 - 00000000 ____D () C:\Users\beatricetrigg\AppData\Local\CrashDumps
2014-04-28 19:55 - 2014-03-30 22:26 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-04-28 19:02 - 2014-02-23 17:37 - 00001844 _____ () C:\Users\Public\Desktop\McAfee All Access – Total Protection.lnk
2014-04-28 11:56 - 2014-03-06 20:04 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-28 11:52 - 2009-07-14 04:45 - 00013872 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-28 11:52 - 2009-07-14 04:45 - 00013872 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-28 11:49 - 2009-07-14 05:13 - 00846492 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-04-28 11:46 - 2014-02-25 10:21 - 00000000 __RSD () C:\Users\beatricetrigg\Documents\McAfee Vaults
2014-04-28 11:44 - 2014-01-11 20:42 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-28 11:42 - 2014-03-25 19:43 - 00002364 _____ () C:\Windows\setupact.log
2014-04-28 11:42 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-28 11:41 - 2014-04-28 11:41 - 00262144 _____ () C:\Windows\Minidump\042814-38813-01.dmp
2014-04-28 11:41 - 2014-04-12 23:01 - 545510981 _____ () C:\Windows\MEMORY.DMP
2014-04-28 11:41 - 2011-12-05 21:14 - 00000000 ____D () C:\Windows\Minidump
2014-04-28 06:50 - 2014-01-11 20:43 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-28 06:50 - 2014-01-11 20:42 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-27 11:15 - 2014-04-27 11:14 - 00051832 _____ () C:\Users\beatricetrigg\Desktop\FRST.txt
2014-04-27 11:15 - 2014-04-27 11:14 - 00041694 _____ () C:\Users\beatricetrigg\Desktop\Addition.txt
2014-04-27 11:08 - 2014-04-27 11:12 - 02061824 _____ (Farbar) C:\Users\beatricetrigg\Desktop\FRST64.exe
2014-04-27 11:08 - 2014-04-27 11:06 - 02061824 _____ (Farbar) C:\Users\beatricetrigg\Downloads\FRST64.exe
2014-04-27 07:59 - 2014-04-27 07:59 - 00003148 _____ () C:\Users\beatricetrigg\Desktop\RKreport[0]_S_04272014_085916.txt
2014-04-27 07:59 - 2014-04-27 07:56 - 00000000 ____D () C:\Users\beatricetrigg\Desktop\RK_Quarantine
2014-04-27 07:56 - 2014-04-27 07:55 - 04527616 _____ () C:\Users\beatricetrigg\Downloads\RogueKillerX64.exe
2014-04-27 07:01 - 2014-04-27 07:01 - 00000000 __SHD () C:\Users\beatricetrigg\AppData\Local\EmieUserList
2014-04-27 07:01 - 2014-04-27 07:01 - 00000000 __SHD () C:\Users\beatricetrigg\AppData\Local\EmieSiteList
2014-04-27 07:00 - 2014-04-27 07:00 - 00262144 _____ () C:\Windows\Minidump\042714-26894-01.dmp
2014-04-27 06:59 - 2014-03-25 20:04 - 00046132 _____ () C:\Windows\PFRO.log
2014-04-26 22:07 - 2014-04-26 22:03 - 00000856 _____ () C:\Users\beatricetrigg\Downloads\Stinger_26042014_230358.html
2014-04-26 22:04 - 2014-04-26 21:50 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-04-26 22:02 - 2014-04-26 22:02 - 00000000 ____D () C:\Quarantine
2014-04-26 21:56 - 2014-04-26 21:50 - 00000856 _____ () C:\Users\beatricetrigg\Downloads\Stinger_26042014_225039.html
2014-04-26 21:50 - 2014-04-26 21:50 - 10642792 _____ (McAfee Inc) C:\Users\beatricetrigg\Downloads\stinger32.exe
2014-04-26 21:50 - 2014-04-26 21:50 - 00650948 _____ () C:\Users\beatricetrigg\Downloads\runtime.dat
2014-04-26 21:38 - 2014-04-26 21:38 - 01440846 _____ () C:\Users\beatricetrigg\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-04-26 21:13 - 2014-04-26 21:13 - 00000000 ____D () C:\Users\beatricetrigg\AppData\Roaming\McAfee
2014-04-26 21:12 - 2014-01-06 19:36 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-04-26 21:12 - 2010-11-26 08:04 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-26 21:10 - 2014-04-26 21:10 - 00541592 _____ (McAfee, Inc.) C:\Users\beatricetrigg\Downloads\MVTInstaller.exe
2014-04-26 21:03 - 2014-04-26 21:03 - 00000000 ____D () C:\7ed2a9287b5ffe0fb15e1e7cf33cb8
2014-04-26 17:29 - 2013-03-04 16:33 - 00417558 _____ () C:\Windows\System32\Drivers\vsconfig.xml
2014-04-26 17:27 - 2011-06-21 13:59 - 00000000 ____D () C:\Windows\pss
2014-04-26 17:23 - 2013-03-28 16:28 - 00002243 _____ () C:\Windows\epplauncher.mif
2014-04-26 13:51 - 2014-02-26 21:55 - 00000000 __RSD () C:\Users\vicred\Documents\McAfee Vaults
2014-04-26 13:46 - 2013-10-05 15:11 - 00000000 ____D () C:\Program Files (x86)\FLV Player
2014-04-26 09:35 - 2014-04-24 21:55 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-04-24 16:29 - 2014-04-24 16:29 - 00262144 _____ () C:\Windows\Minidump\042414-28875-01.dmp
2014-04-24 03:00 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-04-24 02:20 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-23 16:24 - 2014-04-23 16:24 - 00262144 _____ () C:\Windows\Minidump\042314-34741-01.dmp
2014-04-23 16:21 - 2011-06-27 14:29 - 00000000 ____D () C:\Update
2014-04-23 14:30 - 2014-02-05 10:43 - 00000000 ____D () C:\ProgramData\ProductData
2014-04-23 14:28 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-04-23 05:16 - 2014-03-30 22:26 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-23 05:16 - 2014-03-30 22:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-12 23:02 - 2014-04-12 23:01 - 00262144 _____ () C:\Windows\Minidump\041314-24663-01.dmp
2014-04-12 21:04 - 2011-06-23 18:18 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-04-12 06:11 - 2013-07-18 19:38 - 00000000 ____D () C:\Windows\System32\MRT
2014-04-12 06:08 - 2011-06-22 17:08 - 90655440 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-04-12 05:06 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS
2014-04-12 04:47 - 2014-02-23 17:33 - 00000000 __RSD () C:\Users\victor\Documents\McAfee Vaults
2014-04-12 04:47 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\AppCompat
2014-04-12 04:46 - 2014-04-12 02:48 - 00000000 ____D () C:\users\Guest
2014-04-12 04:46 - 2014-03-30 23:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-12 04:46 - 2014-03-24 20:15 - 00000000 ____D () C:\Program Files (x86)\TidyNetwork
2014-04-12 04:46 - 2014-02-05 18:40 - 00000000 ____D () C:\Users\beatricetrigg\AppData\Local\Google
2014-04-12 04:46 - 2014-02-05 10:43 - 00000000 ____D () C:\ProgramData\IObit
2014-04-12 04:46 - 2013-12-17 21:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-12 04:46 - 2013-09-28 13:58 - 00000000 ____D () C:\Users\vicred\AppData\Roaming\PerformerSoft
2014-04-12 04:46 - 2013-09-23 16:45 - 00000000 ____D () C:\Users\beatricetrigg\AppData\Roaming\Mozilla
2014-04-12 04:46 - 2013-09-21 18:27 - 00000000 ____D () C:\ProgramData\DSearchLink
2014-04-12 04:46 - 2013-03-04 16:32 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
2014-04-12 04:46 - 2013-01-16 17:03 - 00000000 ____D () C:\Program Files (x86)\FixBee
2014-04-12 04:46 - 2011-06-21 14:10 - 00000000 ____D () C:\Users\victor\AppData\Local\Google
2014-04-12 04:46 - 2009-07-14 03:20 - 00000000 __RHD () C:\users\Default
2014-04-12 04:46 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
2014-04-12 04:44 - 2014-01-24 20:45 - 00000000 ____D () C:\Program Files\Java
2014-04-12 04:44 - 2010-11-26 08:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-12 04:31 - 2014-04-12 04:31 - 00001014 _____ () C:\Users\beatricetrigg\Desktop\System32 - Shortcut.lnk
2014-04-12 04:14 - 2013-08-09 12:36 - 00000000 ____D () C:\users\DefaultAppPool
2014-04-12 04:14 - 2013-06-04 18:03 - 00000000 ____D () C:\users\vicred
2014-04-12 04:14 - 2011-06-21 13:59 - 00000000 ____D () C:\users\victor
2014-04-12 04:10 - 2013-09-23 16:45 - 00000000 ____D () C:\users\beatricetrigg
2014-04-12 04:09 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PLA
2014-04-03 08:51 - 2014-03-30 22:25 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-03 08:51 - 2014-03-30 22:25 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-04-03 08:50 - 2014-03-30 22:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-03-31 21:25 - 2014-03-31 21:25 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-31 08:35 - 2011-06-25 19:17 - 00270496 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-03-31 05:52 - 2012-01-21 17:33 - 00000000 ____D () C:\Users\victor\AppData\Roaming\PerformerSoft
2014-03-31 00:13 - 2011-06-21 14:03 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FECA3453-6735-460E-8FE3-4193FB4DABD1}
2014-03-30 22:25 - 2014-03-30 22:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-30 22:23 - 2014-03-30 22:23 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\victor\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-30 22:08 - 2014-03-23 20:38 - 00000000 ____D () C:\Program Files (x86)\SmartPCFixer
2014-03-30 22:08 - 2014-03-20 21:26 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-03-30 22:08 - 2014-02-05 18:32 - 00000000 ____D () C:\DrvInstall
2014-03-30 22:08 - 2014-01-21 18:15 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-03-30 22:08 - 2010-11-26 07:58 - 00000000 ____D () C:\Program Files\Realtek
2014-03-30 22:07 - 2014-02-07 20:03 - 00000000 ____D () C:\Users\vicred\AppData\Roaming\IObit
2014-03-30 22:07 - 2013-07-09 13:58 - 00000000 ____D () C:\Users\vicred\AppData\Local\Mozilla
2014-03-30 22:07 - 2011-12-19 21:23 - 00000000 ____D () C:\Users\victor\AppData\Local\Mozilla
2014-03-30 20:00 - 2014-04-12 02:48 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-30 20:00 - 2014-03-30 20:00 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-03-30 20:00 - 2014-03-30 20:00 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-03-30 19:45 - 2013-01-16 17:05 - 00000000 ____D () C:\ProgramData\FixBee
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2722687981-3699339588-2689674399-1000\$16794498506686e1202ab75dfaa6690c
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2014-03-30 22:15:56
Restore point made on: 2014-03-31 08:16:57
Restore point made on: 2014-03-31 21:22:33
Restore point made on: 2014-03-31 21:23:42
Restore point made on: 2014-04-12 05:14:05
Restore point made on: 2014-04-12 05:18:51
Restore point made on: 2014-04-12 06:07:40
Restore point made on: 2014-04-12 23:05:01
Restore point made on: 2014-04-23 14:40:50
Restore point made on: 2014-04-23 14:42:11
Restore point made on: 2014-04-24 02:00:43
Restore point made on: 2014-04-28 06:54:16
Restore point made on: 2014-04-28 07:14:13
 
==================== Memory info =========================== 
 
Percentage of memory in use: 16%
Total physical RAM: 3758.1 MB
Available physical RAM: 3119.58 MB
Total Pagefile: 3756.25 MB
Available Pagefile: 3119.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:284.84 GB) (Free:224.3 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:13.15 GB) (Free:0.75 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive g: (USB DISK) (Removable) (Total:0.94 GB) (Free:0.48 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 13B8AB6B)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 960 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=960 MB) - (Type=06)
 
 
LastRegBack: 2014-04-23 15:11
 
==================== End Of Log ============================
Link to post
Share on other sites

Save the attached file [color=red]fixlist.txt to your flash drive, same place as FRST.
Now please enter System Recovery Options as you did to get the log.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

Will your system boot OK..
 

fixlist.txt

Link to post
Share on other sites

Thank You - I can see some progress. I do not know if it worked yet but it found something this time and even asked me if to delete the recycle bin as it was "corrupted". 

 

Rebooted and shows the same problem but here is the Fixlist text

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2014
Ran by SYSTEM at 2014-04-29 06:50:52 Run:2
Running from G:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
Start
HKU\victor\...\Run: [Allmyapps] => C:\Users\victor\Application Data\Allmyapps\Allmyapps.exe [6782328 2014-02-20] (Allmyapps)
HKU\victor\...\Run: [Allmyapps Update] => C:\Users\victor\Application Data\Allmyapps\AllmyappsUpdater.exe [317304 2014-02-20] (Allmyapps)
C:\Users\victor\Application Data\Allmyapps
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
C:\Program Files (x86)\IObit
C:\ProgramData\IObit
C:\$Recycle.Bin\S-1-5-21-2722687981-3699339588-2689674399-1000\$16794498506686e1202ab75dfaa6690c
End
*****************
 
HKU\victor\Software\Microsoft\Windows\CurrentVersion\Run\\Allmyapps => Value deleted successfully.
HKU\victor\Software\Microsoft\Windows\CurrentVersion\Run\\Allmyapps Update => Value deleted successfully.
C:\Users\victor\Application Data\Allmyapps => Moved successfully.
LiveUpdateSvc => Service deleted successfully.
"C:\Program Files (x86)\IObit" => File/Directory not found.
C:\ProgramData\IObit => Moved successfully.
C:\$Recycle.Bin\S-1-5-18\$16794498506686e1202ab75dfaa6690c => Deleted successfully.
 
==== End of Fixlog ====
Link to post
Share on other sites

If you are still having issue with booting to Normal or Safe mode create and run the following offline tool....

 

Do you have access to another PC to create the Widows Defender Offline Tool, I give the instructions to load to a USB flash drive.

Download the tool from here :- http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline and save to the Desktop.

You will have to select the correct version for your system, either 32 or 64 bit

Run the tool, Windows 7 or Vista user right click and select "Run as Administrator"

Read the instructions in the new window and select "Next"

 

WD2.png

 

In the new window accept the agreement:

 

WD2a.png

 

In the new window select your USB Flash Drive, then select "Next"

 

WD3.png

 

In the new window ensure you Flash drive is selected, if not click on "Refresh" then select "Next"

 

WD3a.png

 

In the new window accept the formatting alert by selecting "Next"

 

WD3b.png

 

Files will be Downloaded:

 

WD4.png

 

Files will be processed and created

 

WD5.png

 

Flash drive will be formatted and prepared

 

WD6.png

 

Files will be added to the Flash Drive and the tool will be created.

 

WD7.png

 

The procedure is finished and the Tool created, click on "Finish" to complete.

 

WD8.png

 

Plug the USB into the sick PC and boot up, if it does not boot from the flash drive change the boot options as required,  Use F12 as it boots, change options...

As it boots you`ll see files being loaded and the windows splash screen, eventually the tool will run a "Quick Scan" follow the prompts and deal with what it finds.

When complete do a full scan, deal with what it finds.

When finished, remove the USB stick then press the Esc key to boot into regular windows.

Navigate to the following file:

 

"C:\Windows\Windows Defender Offline\Summit\mssWrapper.log"

 

Open with notepad and copy and paste it into a reply.

Link to post
Share on other sites

Good evening

 

It found a different version of Rovnix both in the Quick scan and in the FULL scan. --- DOS/Rovnix!A not the original DOS/Rovnix.gg I saw and it reported it was cleaned/quarantined and the system went from RED to GREEN - Secure. But when I booted it did the same again so I'm almost certain if I run it again now I will get the report that it's there / back again as before. Because it is exhibiting the crash symptom I could not get the log. I am now running the Windows Memory Diagnostic so I can have a stable environment to seek the log for you.

Link to post
Share on other sites

I've now booted into 2 of the 3 profiles and searched for the log file but cannot find anything like it - not even the Windows Defender Offline sub-folder, and I'v tried displaying hidden and system files etc in folder options.

Link to post
Share on other sites

I'm running the FRST now and setting it to scan while I sleep - I'm supposed to be opening at work at 5 am tomorrow so I will get back on here ASAP - let me know if yoy want the FRST Fix to be run.

 

Oh it just finished . Chat tomorrow hopefully .

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by SYSTEM on MININT-GPI8RR3 on 29-04-2014 23:06:37
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\victor\...\Run: [spotify Web Helper] => C:\Users\victor\Application Data\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-03-07] (Spotify Ltd)
HKU\victor\...\Run: [Allmyapps] => C:\Users\victor\Application Data\Allmyapps\Allmyapps.exe [6782328 2014-02-20] (Allmyapps)
HKU\victor\...\Run: [Allmyapps Update] => C:\Users\victor\Application Data\Allmyapps\AllmyappsUpdater.exe [317304 2014-02-20] (Allmyapps)
HKU\victor\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILEE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\victor\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILEE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
Startup: C:\Users\victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Services (Whitelisted) =================
 
S2 0210741398806365mcinstcleanup; C:\Windows\TEMP\021074~1.EXE [836168 2014-03-13] (McAfee, Inc.)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-02-12] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-02-12] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [565472 2013-02-12] (Avira Operations GmbH & Co. KG)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-14] (Microsoft Corporation)
S2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McComponentHostServiceSony; C:\Program Files\Sony\MSS\3.8.130\McCHSvc.exe [288776 2013-10-16] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
S2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2014-03-30] (Trusteer Ltd.)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] ()
S2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
S2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2011-11-09] (TuneUp Software)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-06-17] (Sony Corporation)
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-01-29] (Check Point Software Technologies LTD)
S2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
S1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
S3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
S1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-10-28] ()
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282968 2014-03-30] (Trusteer Ltd.)
S0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [236248 2013-02-13] (Trusteer Ltd.)
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397848 2014-03-30] (Trusteer Ltd.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-03-03] ()
S1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD)
S3 ApfiltrService; \SystemRoot\system32\drivers\Apfiltr.sys [X]
S3 btwampfl; system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.RTM\WNt500x64\Sandra.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-28 06:44 - 2014-04-29 20:52 - 00000000 ____D () C:\Users\beatricetrigg\AppData\Local\CrashDumps
2014-04-27 11:14 - 2014-04-27 11:15 - 00051832 _____ () C:\Users\beatricetrigg\Desktop\FRST.txt
2014-04-27 11:14 - 2014-04-27 11:15 - 00041694 _____ () C:\Users\beatricetrigg\Desktop\Addition.txt
2014-04-27 11:13 - 2014-04-29 23:06 - 00000000 ____D () C:\FRST
2014-04-27 11:12 - 2014-04-27 11:08 - 02061824 _____ (Farbar) C:\Users\beatricetrigg\Desktop\FRST64.exe
2014-04-27 11:06 - 2014-04-27 11:08 - 02061824 _____ (Farbar) C:\Users\beatricetrigg\Downloads\FRST64.exe
2014-04-27 07:59 - 2014-04-27 07:59 - 00003148 _____ () C:\Users\beatricetrigg\Desktop\RKreport[0]_S_04272014_085916.txt
2014-04-27 07:56 - 2014-04-27 07:59 - 00000000 ____D () C:\Users\beatricetrigg\Desktop\RK_Quarantine
2014-04-27 07:55 - 2014-04-27 07:56 - 04527616 _____ () C:\Users\beatricetrigg\Downloads\RogueKillerX64.exe
2014-04-27 07:01 - 2014-04-27 07:01 - 00000000 __SHD () C:\Users\beatricetrigg\AppData\Local\EmieUserList
2014-04-27 07:01 - 2014-04-27 07:01 - 00000000 __SHD () C:\Users\beatricetrigg\AppData\Local\EmieSiteList
2014-04-27 07:00 - 2014-04-27 07:00 - 00262144 _____ () C:\Windows\Minidump\042714-26894-01.dmp
2014-04-26 22:03 - 2014-04-26 22:07 - 00000856 _____ () C:\Users\beatricetrigg\Downloads\Stinger_26042014_230358.html
2014-04-26 22:02 - 2014-04-26 22:02 - 00000000 ____D () C:\Quarantine
2014-04-26 21:50 - 2014-04-26 22:04 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-04-26 21:50 - 2014-04-26 21:56 - 00000856 _____ () C:\Users\beatricetrigg\Downloads\Stinger_26042014_225039.html
2014-04-26 21:50 - 2014-04-26 21:50 - 10642792 _____ (McAfee Inc) C:\Users\beatricetrigg\Downloads\stinger32.exe
2014-04-26 21:50 - 2014-04-26 21:50 - 00650948 _____ () C:\Users\beatricetrigg\Downloads\runtime.dat
2014-04-26 21:38 - 2014-04-26 21:38 - 01440846 _____ () C:\Users\beatricetrigg\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-04-26 21:13 - 2014-04-26 21:13 - 00000000 ____D () C:\Users\beatricetrigg\AppData\Roaming\McAfee
2014-04-26 21:10 - 2014-04-26 21:10 - 00541592 _____ (McAfee, Inc.) C:\Users\beatricetrigg\Downloads\MVTInstaller.exe
2014-04-26 21:03 - 2014-04-26 21:03 - 00000000 ____D () C:\7ed2a9287b5ffe0fb15e1e7cf33cb8
2014-04-24 21:55 - 2014-04-30 00:42 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-04-24 16:29 - 2014-04-24 16:29 - 00262144 _____ () C:\Windows\Minidump\042414-28875-01.dmp
2014-04-24 02:02 - 2014-03-06 08:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-04-24 02:02 - 2014-03-06 08:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-04-24 02:02 - 2014-03-06 08:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-24 02:02 - 2014-03-06 07:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-24 02:01 - 2014-03-06 10:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-04-24 02:01 - 2014-03-06 09:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-04-24 02:01 - 2014-03-06 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-04-24 02:01 - 2014-03-06 09:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-24 02:01 - 2014-03-06 08:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-04-24 02:01 - 2014-03-06 08:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-04-24 02:01 - 2014-03-06 08:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-04-24 02:01 - 2014-03-06 08:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-04-24 02:01 - 2014-03-06 08:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-04-24 02:01 - 2014-03-06 08:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-24 02:01 - 2014-03-06 08:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-04-24 02:01 - 2014-03-06 08:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-04-24 02:01 - 2014-03-06 08:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-04-24 02:01 - 2014-03-06 08:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-04-24 02:01 - 2014-03-06 08:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-04-24 02:01 - 2014-03-06 08:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-04-24 02:01 - 2014-03-06 08:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-04-24 02:01 - 2014-03-06 08:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-24 02:01 - 2014-03-06 08:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-24 02:01 - 2014-03-06 07:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-04-24 02:01 - 2014-03-06 07:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-04-24 02:01 - 2014-03-06 07:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-24 02:01 - 2014-03-06 07:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-24 02:01 - 2014-03-06 07:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-24 02:01 - 2014-03-06 07:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-24 02:01 - 2014-03-06 07:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-04-24 02:01 - 2014-03-06 07:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-24 02:01 - 2014-03-06 07:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-24 02:01 - 2014-03-06 07:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-24 02:01 - 2014-03-06 07:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-04-24 02:01 - 2014-03-06 07:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-24 02:01 - 2014-03-06 07:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-04-24 02:01 - 2014-03-06 07:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-24 02:01 - 2014-03-06 07:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-24 02:01 - 2014-03-06 06:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-04-24 02:01 - 2014-03-06 06:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-24 02:01 - 2014-03-06 06:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-24 02:01 - 2014-03-06 06:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-24 02:01 - 2014-03-06 06:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-04-24 02:01 - 2014-03-06 05:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-04-24 02:01 - 2014-03-06 05:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-04-24 02:01 - 2014-03-06 05:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-24 02:01 - 2014-03-06 05:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-24 02:01 - 2014-03-06 05:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-23 16:24 - 2014-04-23 16:24 - 00262144 _____ () C:\Windows\Minidump\042314-34741-01.dmp
2014-04-23 14:50 - 2013-09-23 12:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys
2014-04-12 23:01 - 2014-04-27 06:59 - 570467909 _____ () C:\Windows\MEMORY.DMP
2014-04-12 23:01 - 2014-04-12 23:02 - 00262144 _____ () C:\Windows\Minidump\041314-24663-01.dmp
2014-04-12 05:16 - 2014-02-04 02:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2014-04-12 05:16 - 2014-02-04 02:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2014-04-12 05:16 - 2014-02-04 02:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2014-04-12 05:16 - 2014-02-04 02:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\iologmsg.dll
2014-04-12 05:16 - 2014-02-04 02:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-12 05:15 - 2014-03-04 09:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2014-04-12 05:15 - 2014-03-04 09:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2014-04-12 05:15 - 2014-03-04 09:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2014-04-12 05:15 - 2014-03-04 09:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2014-04-12 05:15 - 2014-03-04 09:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2014-04-12 05:15 - 2014-03-04 09:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-12 05:15 - 2014-03-04 09:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-12 05:15 - 2014-03-04 09:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-12 05:15 - 2014-03-04 09:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-12 05:15 - 2014-03-04 08:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-12 05:15 - 2014-03-04 08:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-12 05:13 - 2014-01-24 02:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2014-04-12 04:32 - 2011-02-25 06:19 - 02871808 _____ (Microsoft Corporation) C:\Windows\System32\explorer.exe
2014-04-12 04:31 - 2014-04-12 04:31 - 00001014 _____ () C:\Users\beatricetrigg\Desktop\System32 - Shortcut.lnk
2014-04-12 02:48 - 2014-04-12 04:46 - 00000000 ____D () C:\users\Guest
2014-04-12 02:48 - 2014-03-30 20:00 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-04-12 02:48 - 2014-02-13 15:00 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\TuneUp Software
2014-04-12 02:48 - 2011-09-26 18:41 - 00000000 ____D () C:\Users\Guest\AppData\Local\Trusteer
2014-04-12 02:48 - 2011-09-21 21:04 - 00000000 ____D () C:\Users\Guest\AppData\Local\Sony Corporation
2014-03-31 21:25 - 2014-03-31 21:25 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-30 23:09 - 2014-04-12 04:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 22:26 - 2014-04-29 21:40 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-03-30 22:26 - 2014-04-23 05:16 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-30 22:25 - 2014-04-23 05:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-30 22:25 - 2014-04-03 08:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-03-30 22:25 - 2014-04-03 08:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-03-30 22:25 - 2014-04-03 08:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-03-30 22:25 - 2014-03-30 22:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-30 22:23 - 2014-03-30 22:23 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\victor\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-30 20:00 - 2014-03-30 20:00 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-03-30 20:00 - 2014-03-30 20:00 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
 
==================== One Month Modified Files and Folders =======
 
2014-04-30 00:42 - 2014-04-24 21:55 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-04-29 23:06 - 2014-04-27 11:13 - 00000000 ____D () C:\FRST
2014-04-29 22:00 - 2011-06-21 13:59 - 01380877 _____ () C:\Windows\WindowsUpdate.log
2014-04-29 21:57 - 2014-02-25 15:57 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-412 413 415 Series Update {1E12273F-8729-47C0-A61E-39E294874E0C}.job
2014-04-29 21:57 - 2014-02-25 15:57 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-412 413 415 Series Invitation {C498C4D5-658E-44A2-965F-3C1495EE3DED}.job
2014-04-29 21:57 - 2014-02-25 15:57 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-412 413 415 Series Invitation {1E12273F-8729-47C0-A61E-39E294874E0C}.job
2014-04-29 21:57 - 2014-02-23 15:57 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-412 413 415 Series Update {17B874AE-DAED-487F-89C0-B4DF5BCEE6B2}.job
2014-04-29 21:57 - 2014-02-23 15:57 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-412 413 415 Series Invitation {17B874AE-DAED-487F-89C0-B4DF5BCEE6B2}.job
2014-04-29 21:55 - 2014-03-06 20:04 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-29 21:55 - 2014-01-11 20:43 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-29 21:46 - 2014-02-23 17:37 - 00001844 _____ () C:\Users\Public\Desktop\McAfee All Access – Total Protection.lnk
2014-04-29 21:44 - 2014-02-26 21:55 - 00000000 __RSD () C:\Users\vicred\Documents\McAfee Vaults
2014-04-29 21:41 - 2014-01-11 20:42 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-29 21:40 - 2014-03-30 22:26 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-04-29 21:39 - 2014-01-10 19:13 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 21:39 - 2014-01-10 19:13 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 21:39 - 2014-01-10 19:13 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 21:39 - 2014-01-10 19:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-29 21:31 - 2009-07-14 05:13 - 00846492 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-04-29 21:30 - 2014-03-25 19:43 - 00003216 _____ () C:\Windows\setupact.log
2014-04-29 21:24 - 2014-02-25 10:21 - 00000000 __RSD () C:\Users\beatricetrigg\Documents\McAfee Vaults
2014-04-29 21:13 - 2009-07-14 04:45 - 00013872 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-29 21:13 - 2009-07-14 04:45 - 00013872 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-29 21:05 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-29 20:52 - 2014-04-28 06:44 - 00000000 ____D () C:\Users\beatricetrigg\AppData\Local\CrashDumps
2014-04-29 20:49 - 2013-09-23 16:45 - 00000000 ____D () C:\users\beatricetrigg
2014-04-29 08:12 - 2013-08-09 12:36 - 00000000 ____D () C:\users\DefaultAppPool
2014-04-29 08:11 - 2014-02-05 10:43 - 00000000 ____D () C:\ProgramData\IObit
2014-04-29 08:11 - 2013-06-04 18:03 - 00000000 ____D () C:\users\vicred
2014-04-29 08:11 - 2011-06-21 13:59 - 00000000 ____D () C:\users\victor
2014-04-29 08:11 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
2014-04-28 06:50 - 2014-01-11 20:43 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-28 06:50 - 2014-01-11 20:42 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-27 11:15 - 2014-04-27 11:14 - 00051832 _____ () C:\Users\beatricetrigg\Desktop\FRST.txt
2014-04-27 11:15 - 2014-04-27 11:14 - 00041694 _____ () C:\Users\beatricetrigg\Desktop\Addition.txt
2014-04-27 11:08 - 2014-04-27 11:12 - 02061824 _____ (Farbar) C:\Users\beatricetrigg\Desktop\FRST64.exe
2014-04-27 11:08 - 2014-04-27 11:06 - 02061824 _____ (Farbar) C:\Users\beatricetrigg\Downloads\FRST64.exe
2014-04-27 07:59 - 2014-04-27 07:59 - 00003148 _____ () C:\Users\beatricetrigg\Desktop\RKreport[0]_S_04272014_085916.txt
2014-04-27 07:59 - 2014-04-27 07:56 - 00000000 ____D () C:\Users\beatricetrigg\Desktop\RK_Quarantine
2014-04-27 07:56 - 2014-04-27 07:55 - 04527616 _____ () C:\Users\beatricetrigg\Downloads\RogueKillerX64.exe
2014-04-27 07:01 - 2014-04-27 07:01 - 00000000 __SHD () C:\Users\beatricetrigg\AppData\Local\EmieUserList
2014-04-27 07:01 - 2014-04-27 07:01 - 00000000 __SHD () C:\Users\beatricetrigg\AppData\Local\EmieSiteList
2014-04-27 07:00 - 2014-04-27 07:00 - 00262144 _____ () C:\Windows\Minidump\042714-26894-01.dmp
2014-04-27 07:00 - 2011-12-05 21:14 - 00000000 ____D () C:\Windows\Minidump
2014-04-27 06:59 - 2014-04-12 23:01 - 570467909 _____ () C:\Windows\MEMORY.DMP
2014-04-27 06:59 - 2014-03-25 20:04 - 00046132 _____ () C:\Windows\PFRO.log
2014-04-26 22:07 - 2014-04-26 22:03 - 00000856 _____ () C:\Users\beatricetrigg\Downloads\Stinger_26042014_230358.html
2014-04-26 22:04 - 2014-04-26 21:50 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-04-26 22:02 - 2014-04-26 22:02 - 00000000 ____D () C:\Quarantine
2014-04-26 21:56 - 2014-04-26 21:50 - 00000856 _____ () C:\Users\beatricetrigg\Downloads\Stinger_26042014_225039.html
2014-04-26 21:50 - 2014-04-26 21:50 - 10642792 _____ (McAfee Inc) C:\Users\beatricetrigg\Downloads\stinger32.exe
2014-04-26 21:50 - 2014-04-26 21:50 - 00650948 _____ () C:\Users\beatricetrigg\Downloads\runtime.dat
2014-04-26 21:38 - 2014-04-26 21:38 - 01440846 _____ () C:\Users\beatricetrigg\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-04-26 21:13 - 2014-04-26 21:13 - 00000000 ____D () C:\Users\beatricetrigg\AppData\Roaming\McAfee
2014-04-26 21:12 - 2014-01-06 19:36 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-04-26 21:12 - 2010-11-26 08:04 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-26 21:10 - 2014-04-26 21:10 - 00541592 _____ (McAfee, Inc.) C:\Users\beatricetrigg\Downloads\MVTInstaller.exe
2014-04-26 21:03 - 2014-04-26 21:03 - 00000000 ____D () C:\7ed2a9287b5ffe0fb15e1e7cf33cb8
2014-04-26 17:29 - 2013-03-04 16:33 - 00417558 _____ () C:\Windows\System32\Drivers\vsconfig.xml
2014-04-26 17:27 - 2011-06-21 13:59 - 00000000 ____D () C:\Windows\pss
2014-04-26 17:23 - 2013-03-28 16:28 - 00002243 _____ () C:\Windows\epplauncher.mif
2014-04-26 13:46 - 2013-10-05 15:11 - 00000000 ____D () C:\Program Files (x86)\FLV Player
2014-04-24 16:29 - 2014-04-24 16:29 - 00262144 _____ () C:\Windows\Minidump\042414-28875-01.dmp
2014-04-24 03:00 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-04-24 02:20 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-23 16:24 - 2014-04-23 16:24 - 00262144 _____ () C:\Windows\Minidump\042314-34741-01.dmp
2014-04-23 16:21 - 2011-06-27 14:29 - 00000000 ____D () C:\Update
2014-04-23 14:30 - 2014-02-05 10:43 - 00000000 ____D () C:\ProgramData\ProductData
2014-04-23 14:28 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-04-23 05:16 - 2014-03-30 22:26 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-23 05:16 - 2014-03-30 22:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-12 23:02 - 2014-04-12 23:01 - 00262144 _____ () C:\Windows\Minidump\041314-24663-01.dmp
2014-04-12 21:04 - 2011-06-23 18:18 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-04-12 06:11 - 2013-07-18 19:38 - 00000000 ____D () C:\Windows\System32\MRT
2014-04-12 06:08 - 2011-06-22 17:08 - 90655440 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-04-12 05:06 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS
2014-04-12 04:47 - 2014-02-23 17:33 - 00000000 __RSD () C:\Users\victor\Documents\McAfee Vaults
2014-04-12 04:47 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\AppCompat
2014-04-12 04:46 - 2014-04-12 02:48 - 00000000 ____D () C:\users\Guest
2014-04-12 04:46 - 2014-03-30 23:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-12 04:46 - 2014-03-24 20:15 - 00000000 ____D () C:\Program Files (x86)\TidyNetwork
2014-04-12 04:46 - 2014-02-05 18:40 - 00000000 ____D () C:\Users\beatricetrigg\AppData\Local\Google
2014-04-12 04:46 - 2013-12-17 21:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-12 04:46 - 2013-09-28 13:58 - 00000000 ____D () C:\Users\vicred\AppData\Roaming\PerformerSoft
2014-04-12 04:46 - 2013-09-23 16:45 - 00000000 ____D () C:\Users\beatricetrigg\AppData\Roaming\Mozilla
2014-04-12 04:46 - 2013-09-21 18:27 - 00000000 ____D () C:\ProgramData\DSearchLink
2014-04-12 04:46 - 2013-03-04 16:32 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
2014-04-12 04:46 - 2013-01-16 17:03 - 00000000 ____D () C:\Program Files (x86)\FixBee
2014-04-12 04:46 - 2011-06-21 14:10 - 00000000 ____D () C:\Users\victor\AppData\Local\Google
2014-04-12 04:46 - 2009-07-14 03:20 - 00000000 __RHD () C:\users\Default
2014-04-12 04:44 - 2014-01-24 20:45 - 00000000 ____D () C:\Program Files\Java
2014-04-12 04:44 - 2010-11-26 08:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-12 04:31 - 2014-04-12 04:31 - 00001014 _____ () C:\Users\beatricetrigg\Desktop\System32 - Shortcut.lnk
2014-04-12 04:09 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PLA
2014-04-03 08:51 - 2014-03-30 22:25 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-03 08:51 - 2014-03-30 22:25 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-04-03 08:50 - 2014-03-30 22:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-03-31 21:25 - 2014-03-31 21:25 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-31 08:35 - 2011-06-25 19:17 - 00270496 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-03-31 05:52 - 2012-01-21 17:33 - 00000000 ____D () C:\Users\victor\AppData\Roaming\PerformerSoft
2014-03-31 00:13 - 2011-06-21 14:03 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FECA3453-6735-460E-8FE3-4193FB4DABD1}
2014-03-30 22:25 - 2014-03-30 22:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-30 22:23 - 2014-03-30 22:23 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\victor\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-30 22:08 - 2014-03-23 20:38 - 00000000 ____D () C:\Program Files (x86)\SmartPCFixer
2014-03-30 22:08 - 2014-03-20 21:26 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-03-30 22:08 - 2014-02-05 18:32 - 00000000 ____D () C:\DrvInstall
2014-03-30 22:08 - 2014-01-21 18:15 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-03-30 22:08 - 2010-11-26 07:58 - 00000000 ____D () C:\Program Files\Realtek
2014-03-30 22:07 - 2014-02-07 20:03 - 00000000 ____D () C:\Users\vicred\AppData\Roaming\IObit
2014-03-30 22:07 - 2013-07-09 13:58 - 00000000 ____D () C:\Users\vicred\AppData\Local\Mozilla
2014-03-30 22:07 - 2011-12-19 21:23 - 00000000 ____D () C:\Users\victor\AppData\Local\Mozilla
2014-03-30 20:00 - 2014-04-12 02:48 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-30 20:00 - 2014-03-30 20:00 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-03-30 20:00 - 2014-03-30 20:00 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-03-30 19:45 - 2013-01-16 17:05 - 00000000 ____D () C:\ProgramData\FixBee
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2722687981-3699339588-2689674399-1000\$16794498506686e1202ab75dfaa6690c
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2014-03-31 21:22:33
Restore point made on: 2014-03-31 21:23:42
Restore point made on: 2014-04-12 05:14:05
Restore point made on: 2014-04-12 05:18:51
Restore point made on: 2014-04-12 06:07:40
Restore point made on: 2014-04-12 23:05:01
Restore point made on: 2014-04-23 14:40:50
Restore point made on: 2014-04-23 14:42:11
Restore point made on: 2014-04-24 02:00:43
Restore point made on: 2014-04-28 06:54:16
Restore point made on: 2014-04-28 07:14:13
Restore point made on: 2014-04-29 06:02:38
Restore point made on: 2014-04-29 21:12:02
 
==================== Memory info =========================== 
 
Percentage of memory in use: 16%
Total physical RAM: 3758.1 MB
Available physical RAM: 3126.89 MB
Total Pagefile: 3756.25 MB
Available Pagefile: 3123.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:284.84 GB) (Free:225.68 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:13.15 GB) (Free:0.75 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive g: (WDO_MEDIA64) (Removable) (Total:3.69 GB) (Free:3.43 GB) FAT32
Drive h: (USB DISK) (Removable) (Total:0.94 GB) (Free:0.47 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 13B8AB6B)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 960 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=960 MB) - (Type=06)
 
 
LastRegBack: 2014-04-23 15:11
 
==================== End Of Log ============================
Link to post
Share on other sites

All the entries we moved with the previous run of FRST via the attached file fixllist.txt are back. Obviously we are not finding all of the infection. The best way forward is to try another more aggressive offline tool, see if we can make progress....

 

Kaspersky Rescue CD

 

STEP A:

 

Download and create a bootable Kaspersky Rescue Disk CD

 

1. Download the Kaspersky Rescue Disk ISOimage from below.

 

 KASPERSKY RESCUE DISK DOWNLOAD LINK (This link will open a new page from where you can download Kaspersky Rescue Disk ISO)

 

2. Download ImgBurn, a software that will help us create this bootable disk. (If you already have necessary software, use that) If you d/l imgburn ensure to use the advanced option during installation, refuse/disable any offered unwanted extras.....

 

 IMGBURN DOWNLOAD LINK (This link will open a new page from where you can download ImgBurn)

3. You can now insert your blank DVD/CD in your burner.

 

4. Install ImgBurn by following the prompts and then start this program.

 

5. Click on the Write image file to disc button.

 

6. Under 'Source' click on the Browse for file button, then browse to the location where you previously saved the Kaspersky Rescue Disk ISO file.(kav_rescue_10.iso)

 

7. Click on the big Write button.

 

8. The disc creation process will now start and it will take around 5-10 minutes to complete.

 

 

STEP B:

 

Configure the computer to boot from CD-ROM

 

On some machines,if you restart the computer and repeatedly tap the F11 key it should bring up the Boot Menu, from there you can select to boot from the CD.

IF this doesn't happen then you'll need to configure your computer to boot for a CD like you'll see below.

 

 Use the Delete or F2 keys, to load the BIOS menu.Information how to enter the BIOS menu is displayed on the screen at the start of the OS boot:

 

1. Use the Delete or F2 keys, to load the BIOS menu.Information how to enter the BIOS menu is displayed on the screen at the start of the OS boot:

 

2. In your PC BIOS settings select the Boot menu and set CD/DVD-ROM as a primary boot device.

 

3. Insert your Kaspersky Rescue Disk and restart your computer.

 

STEP C:

 

Boot your computer from Kaspersky Rescue Disk

 

1. Your computer will now boot from the Kaspersky Rescue Disk,and you'll be asked to press any key to proceed with this process

 

 

Kasp1-1.png

 

 

2. In the start up wizard window that will open, select your language using the cursor moving keys. Press the ENTER key on the keyboard.

 

 

Kasp2-1.png

 

 

3. On the next screen, select Kaspersky Rescue Disk. Graphic Mode then press ENTER.

 

 

Kasp3-1.png

 

 

4. The End User License Agreement of Kaspersky Rescue Disk will be displayed on the screen. Read carefully the agreement then press the C button on your keyboard.

 

5. Once the actions described above have been performed, the Kasprsky operating system will start.

 

STEP D:

 

Launch Kaspersky WindowsUnlocker to remove the malicious registry changes

 

This ransomware trojan has modified your Windows system registry so that when you're trying to boot your computer it will instead launch his lock screen.To remove this malicious registry changes we need to use the Kasersky WindowsUnlocker from Kaspersky Rescue Disk.

 

1. Click on the Start button located in the left bottom corner of the screen and select the Kaspersky WindowsUnlocker.

 

 

Kasp5-1.png

 

 

IF you can't find the WindowsUnlocker button, you can select Terminal and in the command prompt type windowsunlocker and then press Enter on the keyboard.

 

2. A white colored console window will appear and will automatically start loading the registry files for scanning and disinfection. The whole process will take only a couple of seconds and after this process you should be able to boot your computer in normal mode.

 

 

Kasp6-1.png

 

 

STEP E:

 

Scan your system with Kaspersky Rescue Disk

 

1. Click on the Start button located in the left bottom corner of the screen and select the Kaspersky Rescue Disk then click on My Update Center and press Start update.

 

 

Kasp7-1.png

 

 

2. When the update process has completed, the light at the top of the window will turn green, and the databases release date will be updated.

 

 

Kasp8-1.png

 

 

3. Click on the Objects Scan tab, then click Start Objects Scanto begin the scan.

 

 

Kasp9-1.png

 

 

4. If any malicious items are found, the default settings are to prompt you for action with a red popup window on the bottom right. Delete is the recommended action in most cases but we strongly recommend that you try first to disinfect , and if it doesn't work chose to quarantine the infected files just to be on the safe side.

 

 

Kasp10-1.png

 

 

5. When all detected items have been processed and removed, the light in the window will turn green and the scan will show as completed.

 

 

Kasp11-1.png

 

 

6. When done you can close the Kaspersky Rescue Disk window and use the Start Menu to Restart the computer.

 

7. When booted back into Windows Navigate > Start > Computer > C:\Kaspersky Rescue Disck 10.0 Open the folder, inside is log from KRD run named "ScanObject" copy/paste that file to your reply.

Link to post
Share on other sites

The sequence is a bit different - I had to press 1 to agree not C and it was before choosing the Graphic Mode. It requested in a small window which Operating System to run/load/mount 

 

Options to pull down 

Start VAIO Care Rescue

Windows 7

 

There is no WindowsUnlocker in sight 

I tried to run it from terminal (Black DOS / Command looking screen) which said - bash: winunlocker: command not found

Using the Windows 7 mount - It did something very quickly before closing the window. I then ran the Rescue Disk and and the scan found nothing. 

 

I want to try the Vaio Care Rescue option before the windowsunlocker command but I back out to work for a couple hours this evening. 

 

If you get this before 8:30 or 9:00 pm can you advise what is the best/updated sequence for this version please? Just want to get it correct. 

 

(windows defender offline confirms rovnix is definitely back - booted and forgot to remove the USB)

Link to post
Share on other sites

Yes maybe that Kaspersky c/r is a bit dated, try this version..

 

Download Kaspersky Rescue Disk (iso)

  • Burn it to a cd or dvd, if you need a program to burn an ISO...use  Active@ ISO Burner
  • Configure your computer to boot from CD/DVD
     
    Note : If you do not know how to set your computer to boot from CD/DVD follow the steps here
     
  • Once you have the CD/DVD created, boot the computer up using it
  • Press any key to enter the menu
  • Select your language
  • Press 1 to accept the End User License Agreement
  • Select Kaspersky Rescue Disk. Graphic Mode
  • Click on the Start button located in the left bottom corner of the screen
  • Run Kaspersky WindowsUnlocker to remove Windows system and registry changes made by Malware/Virus
     
     
    krd5.jpg If you can't find Kaspersky WindowsUnlocker, go to Terminal instead > type > windowsunlocker > choose 1 - Unlock Windows > Enter
     
     
  • When it's done, click on the Start button and start Kaspersky Rescue Disk utility
  • Click on My Update Center tab and press Start to download the latest update
  • Next, select the Object Scan tab
  • Put a check next to C:\ and any other local drives
  • Then click Start Objects Scan
  • Quarantine any malware found
  • Restart your computer and see if it boots up normally....

 

When booted back into Windows Navigate > Start > Computer > C:\Kaspersky Rescue Disck 10.0 Open the folder, inside is log from KRD run named "ScanObject" copy/paste that file to your reply.

Link to post
Share on other sites

Download TDSSKiller: http://support.kaspersky.com/downloads/utils/tdsskiller.exe and save it to your Desktop.

 

Make sure TDSSKiller.exe  is on the Desktop itself, not within a folder on the desktop.

Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt

 

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.

When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Link to post
Share on other sites

%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt   ------ DONE 

 

Had an update available - I allowed it 

 

It saved a zip(ped) text file using Firefox in Downloads. For me to get it here I need to attach the folder or extract the file to copy and paste it properly.

 

Which would you prefer?

Link to post
Share on other sites

Ok - I eventually found the way to attach files. It still did the crashing even in Safe Mode so it took a little while to copy it. The only problem is now is it reports being too large to upload. Bottom of this screen says 2MB max but this is about 4MB. 

What do you suggest? 

 

Chat tomorrow

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.