Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Win 7 Trojan:Dos/Alureon.A..help, wll not go away or let me run programs!

(In Progress)
(!)

misscakes's Avatar
misscakes   (Mary) misscakes is offline misscakes has a Profile Picture
Member with 5 posts.
THREAD STARTER
 
Join Date: Sep 2012
Location: Bullhead City, AZ
Experience: Intermediate
12-Sep-2012, 06:03 PM #1
Win 7 Trojan:Dos/Alureon.A..help, wll not go away or let me run programs!
Hi everybody, I need some help please when trying to get rid of this alureon.a virus. I was actually able just now to get a flash drive and run the FRST64 program and I have the results from the scan. Could anyone please aid me thus forth, please, I am really interested in spyware removal and trying to help others when they too are having any sorts of problems. I have never signed up for any kind of forum before, so I'm very new here.

THE POTENTIAL THREAT MESSAGE FROM mse IS :
TrojanOS/Alureon.A

underneath this under Items: it says rootkit:Alureon->Mbr::Alureon

Now, where it shows all the detected items, right above
TrojanOS/Alureon.A, there is another threat that is: HackTool:Win32/Wpakill.B. Now I don't know if that is in relation to the other Alureon.A or not, but i wasn't sure if i should leave it alone and close the window until i receive help, or do I select an action?
Ent's Avatar
Ent   (Josiah) Ent is offline Ent is a Trusted Advisor with special permissions.
Computer Specs
Trusted Advisor with 5,270 posts.
 
Join Date: Apr 2009
Location: United Kingdom
Experience: Intermediate
12-Sep-2012, 06:36 PM #2
In order to provide the anti-malware experts with the information they'd need to diagnose and fix your problem, please follow the instructions in this thread:
http://forums.techguy.org/virus-othe...e-posting.html
misscakes's Avatar
misscakes   (Mary) misscakes is offline misscakes has a Profile Picture
Member with 5 posts.
THREAD STARTER
 
Join Date: Sep 2012
Location: Bullhead City, AZ
Experience: Intermediate
12-Sep-2012, 07:04 PM #3
Well okay i was able to use Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2012. I can give you the results from this program bcuz I'm not able to run anythingoff the infected laptop. IDK how to add it except copy n paste so here it is, I'm sorry if I'm not following standard protocol but my laptop wont let me do anything, and like
I said, I'm very very new to any typ of interaction in a forum.

thx mary
misscakes's Avatar
misscakes   (Mary) misscakes is offline misscakes has a Profile Picture
Member with 5 posts.
THREAD STARTER
 
Join Date: Sep 2012
Location: Bullhead City, AZ
Experience: Intermediate
12-Sep-2012, 07:06 PM #4
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2012
Ran by SYSTEM at 12-09-2012 14:31:04
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2226280 2011-06-02] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" [369 2012-09-11] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [437584 2010-04-29] (Malwarebytes Corporation)
HKLM-x32\...\Run: [WRSVC] "\Device\HarddiskVolume2\Program" -ul [x]
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296096 2012-09-09] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [2018032 2011-04-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKU\Mcx1-OU812\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
HKU\Shawn\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\Shawn\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [6497592 2011-11-23] (Yahoo! Inc.)
HKU\Shawn\...\Run: [Browser Infrastructure Helper] C:\Users\Shawn\AppData\Local\Smartbar\Application\Linkury.exe startup [13824 2012-02-12] (Smartbar)
HKU\Shawn\...\Policies\system: [DisableCMD] 0
HKU\Shawn\...\Policies\system: [NoDispAppearancePage] 0
HKU\Shawn\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Shawn\...\Policies\system: [NoDispSettingsPage] 0
HKLM-x32\...\runonceex: [Flags] 128
HKLM-x32\...\runonceex: [Title] RegRun II Secure Start
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
AppInit_DLLs:
Startup: C:\Users\All Users\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (No File)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Fliptoast.lnk
ShortcutTarget: Fliptoast.lnk -> C:\Program Files (x86)\Fliptoast\fliptoast.exe ()
==================== Services ====================
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [304464 2010-04-29] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
==================== Drivers =================================
1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17024 2010-07-26] (ASUS)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24664 2010-04-29] (Malwarebytes Corporation)
1 MpKsl21d8fe6b; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1F95BDFA-91D7-41A9-A01F-EB2981D95DA9}\MpKsl21d8fe6b.sys [35664 2012-09-11] (Microsoft Corporation)
1 MpKslc408ca3f; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1F95BDFA-91D7-41A9-A01F-EB2981D95DA9}\MpKslc408ca3f.sys [35664 2012-09-11] (Microsoft Corporation)
3 sscdserd; C:\Windows\System32\Drivers\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
0 WRkrn; C:\Windows\System32\Drivers\WRkrn.sys [110096 2012-08-22] (Webroot)
0 BAJHivgA; C:\Windows\System32\drivers\BAJHivgA.sys [x]
==================== NetSvcs (Whitelisted) =================

==================== One Month Created Files and Folders ======================
2012-09-12 14:30 - 2012-09-12 14:31 - 00000000 ____D C:\FRST
2012-09-11 16:36 - 2009-07-13 17:38 - 00383562 _RASH C:\bootmgr
2012-09-11 14:41 - 2012-09-10 12:00 - 12353592 ____A (Greatis Software, LLC. ) C:\Users\Shawn\Desktop\unhackme_setup.exe
2012-09-11 14:13 - 2012-09-11 14:13 - 00000000 ____D C:\Users\Shawn\Documents\ 7
2012-09-11 14:05 - 2012-09-11 14:05 - 04731392 ____A (AVAST Software) C:\Users\Shawn\Desktop\aswMBR.exe
2012-09-11 14:03 - 2012-09-11 14:03 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Shawn\Downloads\GOAWAY.COM
2012-09-11 13:57 - 2012-09-11 14:02 - 00080384 ____A C:\Users\Shawn\Downloads\MBRCheck.exe
2012-09-11 13:50 - 2012-09-11 21:34 - 00000168 ____A C:\Windows\setupact.log
2012-09-11 13:50 - 2012-09-11 13:50 - 00000000 ____A C:\Windows\setuperr.log
2012-09-11 12:50 - 2012-09-11 22:14 - 00034672 ____A C:\Windows\WindowsUpdate.log
2012-09-11 12:40 - 2012-09-11 12:40 - 00018826 ____A C:\Users\Shawn\Documents\cc_20120911_134040.reg
2012-09-11 12:27 - 2012-09-11 15:17 - 00000000 ____D C:\Users\Shawn\Desktop\new
2012-09-11 12:27 - 2012-09-11 12:27 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Shawn\Desktop\123.com.exe
2012-09-11 12:21 - 2012-09-11 12:21 - 00001411 ____A C:\Users\Shawn\Desktop\Internet Explorer (64-bit).lnk
2012-09-11 11:45 - 2012-09-11 11:45 - 00058064 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-11 11:44 - 2012-09-11 11:44 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2012-09-11 11:42 - 2012-09-11 11:44 - 00000000 ____D C:\users\Guest
2012-09-11 11:42 - 2012-09-11 11:42 - 00000020 __ASH C:\Users\Guest\ntuser.ini
2012-09-11 11:42 - 2012-01-31 20:38 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia
2012-09-11 08:40 - 2012-09-11 08:41 - 00896912 ____A (BitTorrent, Inc.) C:\Users\Shawn\Desktop\uTorrent.exe
2012-09-11 06:43 - 2012-09-11 06:43 - 00039184 ____A (Greatis Software) C:\Windows\System32\Partizan.exe
2012-09-11 06:42 - 2012-09-11 06:42 - 00001071 ____A C:\Users\Shawn\Desktop\Reanimator.lnk
2012-09-11 06:42 - 2012-09-11 06:42 - 00000002 RASHOT C:\Windows\winstart.bat
2012-09-11 06:42 - 2012-09-11 06:42 - 00000002 RASHOT C:\Windows\SysWOW64\CONFIG.NT
2012-09-11 06:42 - 2012-09-11 06:42 - 00000002 RASHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2012-09-11 06:42 - 2012-09-11 06:42 - 00000000 ____D C:\Users\Shawn\Documents\RegRun2
2012-09-11 06:42 - 2012-09-11 06:42 - 00000000 ____D C:\Program Files (x86)\Greatis
2012-09-11 05:45 - 2012-09-11 05:45 - 00803584 ____A (Microsoft Corporation) C:\Users\Shawn\Downloads\mssstool64.exe
2012-09-11 05:07 - 2012-07-06 12:07 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-09-09 17:37 - 2012-09-09 17:37 - 00000000 ____D C:\Users\Shawn\AppData\Local\{888BE3C3-E293-41B7-85A2-58E3A52E1FA8}
2012-09-09 12:41 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-09 12:41 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-09 12:41 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-09 12:41 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-09 12:41 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-09 12:41 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-09 12:41 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-09 12:41 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-09 12:41 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-09 12:41 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-09 12:41 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-09 12:41 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-09 12:41 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-09 12:41 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-09-09 12:41 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-09 12:41 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-09 12:41 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-09-09 12:41 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-09 12:41 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-09 12:41 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-09-09 12:41 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-09-09 12:41 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-09 12:41 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-09 12:41 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-09 12:41 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-09 12:40 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-09 12:40 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-09 12:40 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-09 12:38 - 2012-09-09 12:38 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-09-09 07:57 - 2012-09-09 07:57 - 00000000 ____D C:\Program Files (x86)\World of Wisdom
2012-09-09 07:53 - 2012-09-09 07:56 - 06464965 ____A (companyname) C:\Users\Shawn\Downloads\Interprt.exe
2012-09-09 06:55 - 2012-09-11 12:10 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\Azureus
2012-09-09 06:55 - 2012-09-09 06:55 - 00000000 ____D C:\Users\Shawn\.swt
2012-09-09 06:54 - 2012-09-09 06:54 - 00001850 ____A C:\Users\Public\Desktop\Vuze.lnk
2012-09-09 06:54 - 2012-09-09 06:54 - 00000000 ____D C:\Program Files (x86)\Vuze
2012-09-09 06:29 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-09-09 06:29 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-09-09 06:29 - 2012-03-02 22:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-09-09 06:29 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-09-09 06:28 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-09-09 06:28 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-09-09 06:28 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-09-09 06:28 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-09-09 06:28 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-09-09 06:28 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-09-09 06:28 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-09-09 06:28 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-09-09 06:28 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-09-09 06:28 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-09-09 06:26 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-09-09 06:26 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-09-09 06:25 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-09-09 06:25 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-09-09 06:25 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-09-09 06:25 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-09-09 06:25 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-09-09 06:25 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-09-09 06:25 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-09-09 06:25 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-09-09 06:25 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-09-09 06:25 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-09-09 06:25 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-09-09 06:25 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-09-09 06:23 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-09-09 05:52 - 2012-09-11 22:09 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-09 05:52 - 2012-09-09 05:52 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-09 05:52 - 2012-09-09 05:52 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-09 05:41 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-09-09 05:41 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-09-09 05:41 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-09-09 05:41 - 2012-03-16 23:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-09-09 05:37 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-09-09 05:37 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-09-09 05:37 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-09-09 05:37 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-09-09 05:37 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-09-09 05:37 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-09-09 05:36 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-09-09 05:36 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-09-09 05:36 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-09-09 05:36 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-09-09 05:36 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-09-09 05:35 - 2012-09-09 05:35 - 00000000 ____D C:\Users\Shawn\Tracing
2012-09-09 05:34 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-09-09 05:34 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-09-09 05:34 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-09-09 05:34 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-09-09 05:34 - 2012-03-30 03:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-09-09 05:33 - 2012-09-09 05:33 - 00001042 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-09-09 05:32 - 2012-09-09 05:32 - 00198864 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-09-09 05:31 - 2012-09-09 05:31 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-09-09 05:31 - 2012-09-09 05:31 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-09-09 05:31 - 2012-09-09 05:31 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-09-09 05:31 - 2012-09-09 05:31 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-09-09 05:31 - 2012-09-09 05:31 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-09-09 05:23 - 2012-09-09 05:23 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-09-09 05:23 - 2012-02-29 22:46 - 00023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-09-09 05:23 - 2012-02-29 22:38 - 00220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-09-09 05:23 - 2012-02-29 22:33 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-09-09 05:23 - 2012-02-29 22:28 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-09-09 05:23 - 2012-02-29 21:37 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-09-09 05:23 - 2012-02-29 21:33 - 00159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-09-09 05:23 - 2012-02-29 21:29 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-09-09 05:20 - 2012-09-09 05:20 - 00000580 ____A C:\Users\Shawn\Documents\cc_20120909_062041.reg
2012-09-09 05:17 - 2012-09-09 05:17 - 00008248 ____A C:\Users\Shawn\Documents\cc_20120909_061658.reg
2012-09-09 04:53 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-09-09 04:53 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-09-09 04:53 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-09-09 04:53 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-09-09 04:53 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-09-09 04:53 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-09-09 04:53 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-09-09 04:53 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-09-09 04:53 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-09-09 04:36 - 2012-09-09 04:36 - 00000294 ____A C:\user.js
2012-09-09 04:36 - 2012-09-09 04:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-09-09 04:33 - 2012-09-09 04:33 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\Babylon
2012-09-09 04:33 - 2012-09-09 04:33 - 00000000 ____D C:\Users\Shawn\AppData\Local\Babylon
2012-09-09 04:33 - 2012-09-09 04:33 - 00000000 ____D C:\Users\All Users\Babylon
2012-09-09 04:29 - 2012-05-31 11:25 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-09-09 04:23 - 2012-09-09 04:24 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-09-09 04:23 - 2012-09-09 04:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-09-09 04:22 - 2012-09-09 05:28 - 00002872 ____A C:\Windows\System32\TmInstall.log
2012-09-09 04:22 - 2012-09-09 04:22 - 00004280 ____A C:\Windows\SysWOW64\TmInstall.log
2012-09-09 04:17 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-09-09 04:04 - 2012-09-09 04:04 - 00001151 ____A C:\Windows\wininit.ini
2012-09-09 03:54 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20120909-045402.backup
2012-09-09 03:50 - 2012-09-09 05:13 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-09-09 03:50 - 2012-09-09 03:50 - 00001260 ____A C:\Users\Shawn\Desktop\Spybot - Search & Destroy.lnk
2012-09-09 03:50 - 2012-09-09 03:50 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-09-09 03:44 - 2012-09-09 03:44 - 00001011 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2012-09-09 03:44 - 2012-09-09 03:44 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\Malwarebytes
2012-09-09 03:44 - 2012-09-09 03:44 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-09 03:44 - 2012-09-09 03:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-09 03:44 - 2010-04-29 14:39 - 00038224 ____A (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2012-09-09 03:44 - 2010-04-29 14:39 - 00024664 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-09 03:43 - 2012-09-09 03:43 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\WinRAR
2012-09-09 03:42 - 2012-09-09 03:43 - 00000000 ____D C:\Program Files\WinRAR
2012-09-09 03:39 - 2012-09-09 04:44 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-09 03:09 - 2012-09-09 03:09 - 00002880 ____A C:\Users\Shawn\Documents\cc_20120909_040905.reg
2012-09-09 03:09 - 2012-09-09 03:09 - 00000900 ____A C:\Users\Shawn\Documents\cc_20120909_040916.reg
2012-09-09 03:08 - 2012-09-09 03:08 - 00005436 ____A C:\Users\Shawn\Documents\cc_20120909_040839.reg
2012-09-09 03:08 - 2012-09-09 03:08 - 00000804 ____A C:\Users\Shawn\Documents\cc_20120909_040849.reg
2012-09-09 03:04 - 2012-09-09 03:04 - 00029834 ____A C:\Users\Shawn\Documents\cc_20120909_040415.reg
2012-09-09 03:04 - 2012-09-09 03:04 - 00000280 ____A C:\Users\Shawn\Documents\cc_20120909_040436.reg
2012-09-09 03:03 - 2012-09-09 03:04 - 00116666 ____A C:\Users\Shawn\Documents\cc_20120909_040355.reg
2012-09-09 02:55 - 2012-09-11 12:15 - 00000000 ____D C:\Windows\pss
2012-09-09 02:38 - 2012-09-09 02:44 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-09-09 02:38 - 2012-09-09 02:44 - 00000000 ____D C:\Program Files\CCleaner
2012-08-30 19:28 - 2012-08-30 19:28 - 00000000 ____D C:\Users\Shawn\AppData\Local\{0E48326F-290B-4EB8-BBCB-0442A1BCDEEB}
2012-08-30 16:11 - 2012-09-11 21:34 - 00000414 ____A C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2012-08-30 16:08 - 2012-09-11 21:34 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-30 16:08 - 2012-08-30 16:08 - 00008114 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-28 00:28 - 2012-08-28 00:31 - 14279820 ____A C:\Users\Shawn\Downloads\YouPorn - Small tits brunette girl gets ****ed narrow ***.mp4
2012-08-25 07:06 - 2012-08-25 07:24 - 14804742 ____A C:\Users\Shawn\Downloads\YouPorn - EXGF Revenge Hard Dildo **** ****.mp4
2012-08-23 12:35 - 2012-08-23 12:51 - 16375341 ____A C:\Users\Shawn\Downloads\YouPorn - Black chick gets into white dude ****ing her ***.mp4
2012-08-22 13:30 - 2012-08-22 13:30 - 00000000 ____D C:\Users\Shawn\AppData\Local\{80CF5F84-1862-4BB3-B04A-36A8CDCA14B4}
2012-08-21 00:23 - 2012-08-21 00:37 - 15026252 ____A C:\Users\Shawn\Downloads\YouPorn - hard wet female super orgasm squirt.mp4
2012-08-20 08:28 - 2012-08-20 08:29 - 00000000 ____D C:\Users\Shawn\AppData\Local\{4C4740B1-5F7D-49E4-A621-DFDAE5578EC1}
2012-08-18 13:51 - 2012-08-18 13:51 - 00016836 ____A C:\Windows\SysWOW64\hs_err_pid1832.log
2012-08-15 14:39 - 2012-08-15 14:39 - 00013613 ____A C:\Windows\SysWOW64\hs_err_pid1688.log
2012-08-15 01:58 - 2012-08-15 01:58 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\Fighters
2012-08-15 01:58 - 2012-08-15 01:58 - 00000000 ____D C:\Users\All Users\Fighters
2012-08-15 01:58 - 2012-08-15 01:58 - 00000000 ____D C:\Program Files (x86)\Fighters
2012-08-15 01:51 - 2012-08-15 01:51 - 00000000 ____D C:\Users\Shawn\AppData\Local\The Weather Channel
2012-08-13 23:30 - 2012-09-11 07:52 - 00835584 __ASH C:\Users\Shawn\Downloads\Thumbs.db
==================== 3 Months Modified Files ================================
2012-09-11 22:14 - 2012-09-11 12:50 - 00034672 ____A C:\Windows\WindowsUpdate.log
2012-09-11 22:09 - 2012-09-09 05:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-11 21:43 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-11 21:43 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-11 21:40 - 2009-07-13 21:13 - 00745934 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-11 21:34 - 2012-09-11 13:50 - 00000168 ____A C:\Windows\setupact.log
2012-09-11 21:34 - 2012-08-30 16:11 - 00000414 ____A C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2012-09-11 21:34 - 2012-08-30 16:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-11 14:05 - 2012-09-11 14:05 - 04731392 ____A (AVAST Software) C:\Users\Shawn\Desktop\aswMBR.exe
2012-09-11 14:03 - 2012-09-11 14:03 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Shawn\Downloads\GOAWAY.COM
2012-09-11 14:02 - 2012-09-11 13:57 - 00080384 ____A C:\Users\Shawn\Downloads\MBRCheck.exe
2012-09-11 13:50 - 2012-09-11 13:50 - 00000000 ____A C:\Windows\setuperr.log
2012-09-11 12:40 - 2012-09-11 12:40 - 00018826 ____A C:\Users\Shawn\Documents\cc_20120911_134040.reg
2012-09-11 12:27 - 2012-09-11 12:27 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Shawn\Desktop\123.com.exe
2012-09-11 12:21 - 2012-09-11 12:21 - 00001411 ____A C:\Users\Shawn\Desktop\Internet Explorer (64-bit).lnk
2012-09-11 11:45 - 2012-09-11 11:45 - 00058064 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-11 11:42 - 2012-09-11 11:42 - 00000020 __ASH C:\Users\Guest\ntuser.ini
2012-09-11 08:41 - 2012-09-11 08:40 - 00896912 ____A (BitTorrent, Inc.) C:\Users\Shawn\Desktop\uTorrent.exe
2012-09-11 07:52 - 2012-08-13 23:30 - 00835584 __ASH C:\Users\Shawn\Downloads\Thumbs.db
2012-09-11 06:43 - 2012-09-11 06:43 - 00039184 ____A (Greatis Software) C:\Windows\System32\Partizan.exe
2012-09-11 06:42 - 2012-09-11 06:42 - 00001071 ____A C:\Users\Shawn\Desktop\Reanimator.lnk
2012-09-11 06:42 - 2012-09-11 06:42 - 00000002 RASHOT C:\Windows\winstart.bat
2012-09-11 06:42 - 2012-09-11 06:42 - 00000002 RASHOT C:\Windows\SysWOW64\CONFIG.NT
2012-09-11 06:42 - 2012-09-11 06:42 - 00000002 RASHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2012-09-11 06:33 - 2011-12-25 00:52 - 00045056 ____A C:\Windows\System32\acovcnt.exe
2012-09-11 06:31 - 2009-07-13 20:45 - 00275064 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-11 05:45 - 2012-09-11 05:45 - 00803584 ____A (Microsoft Corporation) C:\Users\Shawn\Downloads\mssstool64.exe
2012-09-10 12:00 - 2012-09-11 14:41 - 12353592 ____A (Greatis Software, LLC. ) C:\Users\Shawn\Desktop\unhackme_setup.exe
2012-09-09 12:38 - 2012-09-09 12:38 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-09-09 07:56 - 2012-09-09 07:53 - 06464965 ____A (companyname) C:\Users\Shawn\Downloads\Interprt.exe
2012-09-09 06:54 - 2012-09-09 06:54 - 00001850 ____A C:\Users\Public\Desktop\Vuze.lnk
2012-09-09 05:52 - 2012-09-09 05:52 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-09 05:52 - 2012-09-09 05:52 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-09 05:33 - 2012-09-09 05:33 - 00001042 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-09-09 05:32 - 2012-09-09 05:32 - 00198864 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-09-09 05:31 - 2012-09-09 05:31 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-09-09 05:31 - 2012-09-09 05:31 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-09-09 05:31 - 2012-09-09 05:31 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-09-09 05:31 - 2012-09-09 05:31 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-09-09 05:31 - 2012-09-09 05:31 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-09-09 05:28 - 2012-09-09 04:22 - 00002872 ____A C:\Windows\System32\TmInstall.log
2012-09-09 05:20 - 2012-09-09 05:20 - 00000580 ____A C:\Users\Shawn\Documents\cc_20120909_062041.reg
2012-09-09 05:17 - 2012-09-09 05:17 - 00008248 ____A C:\Users\Shawn\Documents\cc_20120909_061658.reg
2012-09-09 04:44 - 2012-09-09 03:39 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-09 04:36 - 2012-09-09 04:36 - 00000294 ____A C:\user.js
2012-09-09 04:23 - 2012-02-12 20:51 - 00759780 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-09-09 04:22 - 2012-09-09 04:22 - 00004280 ____A C:\Windows\SysWOW64\TmInstall.log
2012-09-09 04:20 - 2011-10-28 23:27 - 00002578 ____A C:\Windows\System32\AutoRunFilter.ini
2012-09-09 04:20 - 2011-10-28 23:27 - 00001285 ____A C:\Windows\System32\ServiceFilter.ini
2012-09-09 04:04 - 2012-09-09 04:04 - 00001151 ____A C:\Windows\wininit.ini
2012-09-09 03:50 - 2012-09-09 03:50 - 00001260 ____A C:\Users\Shawn\Desktop\Spybot - Search & Destroy.lnk
2012-09-09 03:44 - 2012-09-09 03:44 - 00001011 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2012-09-09 03:09 - 2012-09-09 03:09 - 00002880 ____A C:\Users\Shawn\Documents\cc_20120909_040905.reg
2012-09-09 03:09 - 2012-09-09 03:09 - 00000900 ____A C:\Users\Shawn\Documents\cc_20120909_040916.reg
2012-09-09 03:08 - 2012-09-09 03:08 - 00005436 ____A C:\Users\Shawn\Documents\cc_20120909_040839.reg
2012-09-09 03:08 - 2012-09-09 03:08 - 00000804 ____A C:\Users\Shawn\Documents\cc_20120909_040849.reg
2012-09-09 03:04 - 2012-09-09 03:04 - 00029834 ____A C:\Users\Shawn\Documents\cc_20120909_040415.reg
2012-09-09 03:04 - 2012-09-09 03:04 - 00000280 ____A C:\Users\Shawn\Documents\cc_20120909_040436.reg
2012-09-09 03:04 - 2012-09-09 03:03 - 00116666 ____A C:\Users\Shawn\Documents\cc_20120909_040355.reg
2012-09-09 03:00 - 2012-03-16 21:55 - 00000135 ____A C:\Windows\disney.ini
2012-09-09 02:44 - 2012-09-09 02:38 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-08-30 16:08 - 2012-08-30 16:08 - 00008114 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-28 00:31 - 2012-08-28 00:28 - 14279820 ____A C:\Users\Shawn\Downloads\YouPorn - Small tits brunette girl gets ****ed narrow ***.mp4
2012-08-25 07:24 - 2012-08-25 07:06 - 14804742 ____A C:\Users\Shawn\Downloads\YouPorn - EXGF Revenge Hard Dildo **** ****.mp4
2012-08-23 12:51 - 2012-08-23 12:35 - 16375341 ____A C:\Users\Shawn\Downloads\YouPorn - Black chick gets into white dude ****ing her ***.mp4
2012-08-22 14:36 - 2011-12-27 01:45 - 00110096 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2012-08-22 14:36 - 2011-12-27 01:45 - 00102832 ____A (Webroot) C:\Windows\System32\WRusr.dll
2012-08-21 00:37 - 2012-08-21 00:23 - 15026252 ____A C:\Users\Shawn\Downloads\YouPorn - hard wet female super orgasm squirt.mp4
2012-08-18 23:25 - 2012-08-09 08:44 - 00710504 ____A (Webroot) C:\Program1
2012-08-18 13:51 - 2012-08-18 13:51 - 00016836 ____A C:\Windows\SysWOW64\hs_err_pid1832.log
2012-08-15 14:39 - 2012-08-15 14:39 - 00013613 ____A C:\Windows\SysWOW64\hs_err_pid1688.log
2012-08-14 00:11 - 2012-08-12 23:42 - 50920590 ____A C:\Users\Shawn\Downloads\YouPorn - Schwanze by any other name is ****.mp4
2012-08-13 11:18 - 2012-08-09 11:19 - 00000438 ____A C:\Windows\Tasks\PC Optimizer Pro Updates.job
2012-08-09 11:14 - 2012-08-09 11:14 - 01561792 ____A (W3i, LLC) C:\Users\Shawn\Downloads\freefileviewer_730 (1).exe
2012-08-09 11:14 - 2012-08-09 11:14 - 00447856 ____A (Bandoo Media Inc) C:\Users\Shawn\Downloads\Setup_FreeFlvConverter.exe
2012-08-09 11:14 - 2012-08-09 11:13 - 01561792 ____A (W3i, LLC) C:\Users\Shawn\Downloads\freefileviewer_730.exe
2012-08-09 08:26 - 2012-01-31 16:12 - 00000749 ____A C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2012-08-03 03:27 - 2011-12-26 05:23 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-18 10:15 - 2012-09-09 05:34 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-06 12:07 - 2012-09-11 05:07 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-07-04 14:16 - 2012-09-09 05:36 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-09-09 05:36 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-09-09 05:36 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-09-09 05:36 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-09-09 05:36 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-06-28 20:55 - 2012-09-09 12:40 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-09-09 12:40 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-09-09 12:41 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-09-09 12:41 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-09-09 12:41 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-09-09 12:41 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-09-09 12:41 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-09-09 12:41 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-09-09 12:41 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-09-09 12:41 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-09-09 12:41 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-09-09 12:41 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-09-09 12:41 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-09-09 12:41 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-09-09 12:41 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-09-09 12:40 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-09-09 12:41 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-09-09 12:41 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-09-09 12:41 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-09-09 12:41 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-09-09 12:41 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-09-09 12:41 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-09-09 12:41 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-09-09 12:41 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-09-09 12:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-09-09 12:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-09-09 12:41 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-09-09 12:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

ATTENTION: ========> Check for possible partition/boot infection:
C:\Windows\svchost.exe
==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
TDL4: custom:26000022 <===== ATTENTION!
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-08-18 14:50:06
Restore point made on: 2012-09-09 04:23:20
Restore point made on: 2012-09-09 04:26:51
Restore point made on: 2012-09-09 04:29:10
Restore point made on: 2012-09-09 04:53:29
Restore point made on: 2012-09-09 04:58:01
Restore point made on: 2012-09-09 05:22:40
Restore point made on: 2012-09-09 12:35:18
Restore point made on: 2012-09-09 18:32:17
Restore point made on: 2012-09-11 05:05:06
Restore point made on: 2012-09-11 09:21:33
Restore point made on: 2012-09-11 11:11:37
Restore point made on: 2012-09-11 12:12:52
==================== Memory info ===========================
Percentage of memory in use: 14%
Total physical RAM: 4000.13 MB
Available physical RAM: 3433.82 MB
Total Pagefile: 3998.27 MB
Available Pagefile: 3425.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
==================== Partitions ============================
1 Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:36.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:254.46 GB) (Free:198.15 GB) NTFS
5 Drive g: (KINGSTON U3) (Removable) (Total:0.94 GB) (Free:0.87 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 957 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 25 GB 1024 KB
Partition 2 Primary 186 GB 25 GB
Partition 3 Primary 254 GB 211 GB
=========================================================================== =======
Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No
There is no volume associated with this partition.
=========================================================================== =======
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 186 GB Healthy
=========================================================================== =======
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D DATA NTFS Partition 254 GB Healthy
=========================================================================== =======
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 957 MB 4096 B
=========================================================================== =======
Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G KINGSTON U3 FAT Removable 957 MB Healthy
=========================================================================== =======
Last Boot: 2012-08-18 14:42
==================== End Of Log =============================
JSntgRvr's Avatar
Moderator & Malware Removal Specialist with 17,282 posts.
 
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
12-Sep-2012, 09:54 PM #5
Welcome.

Download MBRFix from here.

Save and extract its contents to the working computer's desktop. There are three files in the MBRFix folder. From these, only copy the MBRFix64.exe to the USB drive.

Also download the enclosed file and save it in the USB drive.

Insert the USB drive into the ailing computer.

Now please enter System Recovery Options and run FRST64 as you did before, except that this time around, press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt). It will also create a file labeled MBRDUMP.txt. Copy and Paste the contents of the Fixlog.txt in your next reply, but attach the MBRDUMP.txt as it is a hex file.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
__________________
Unanswered threads for 5 days will no longer be part of my subscriptions.
JSntgRvr's Avatar
Moderator & Malware Removal Specialist with 17,282 posts.
 
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
19-Sep-2012, 10:56 PM #6
Posting new threads won't help. Is this the same computer you just posted?
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑