1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Win 7 Trojan:Dos/Alureon.A..help, wll not go away or let me run programs!

Discussion in 'Virus & Other Malware Removal' started by misscakes, Sep 12, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. misscakes

    misscakes Thread Starter

    Joined:
    Sep 12, 2012
    Messages:
    5
    Hi everybody, I need some help please when trying to get rid of this alureon.a virus. I was actually able just now to get a flash drive and run the FRST64 program and I have the results from the scan. Could anyone please aid me thus forth, please, I am really interested in spyware removal and trying to help others when they too are having any sorts of problems. I have never signed up for any kind of forum before, so I'm very new here.

    THE POTENTIAL THREAT MESSAGE FROM mse IS :
    Trojan:DOS/Alureon.A

    underneath this under Items: it says rootkit:Alureon->Mbr::Alureon

    Now, where it shows all the detected items, right above
    Trojan:DOS/Alureon.A, there is another threat that is: HackTool:Win32/Wpakill.B. Now I don't know if that is in relation to the other Alureon.A or not, but i wasn't sure if i should leave it alone and close the window until i receive help, or do I select an action?
     
  2. Ent

    Ent Josiah Trusted Advisor

    Joined:
    Apr 11, 2009
    Messages:
    5,408
  3. misscakes

    misscakes Thread Starter

    Joined:
    Sep 12, 2012
    Messages:
    5
    Well okay i was able to use Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2012. I can give you the results from this program bcuz I'm not able to run anythingoff the infected laptop. IDK how to add it except copy n paste so here it is, I'm sorry if I'm not following standard protocol but my laptop wont let me do anything, and like
    I said, I'm very very new to any typ of interaction in a forum.

    thx mary
     
  4. misscakes

    misscakes Thread Starter

    Joined:
    Sep 12, 2012
    Messages:
    5
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2012
    Ran by SYSTEM at 12-09-2012 14:31:04
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
    HKLM\...\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
    HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2226280 2011-06-02] (Realtek Semiconductor)
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
    HKLM-x32\...\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" [369 2012-09-11] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [437584 2010-04-29] (Malwarebytes Corporation)
    HKLM-x32\...\Run: [WRSVC] "\Device\HarddiskVolume2\Program" -ul [x]
    HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
    HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296096 2012-09-09] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.)
    HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
    HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
    HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
    HKLM-x32\...\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [2018032 2011-04-01] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
    HKU\Mcx1-OU812\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
    HKU\Shawn\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
    HKU\Shawn\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [6497592 2011-11-23] (Yahoo! Inc.)
    HKU\Shawn\...\Run: [Browser Infrastructure Helper] C:\Users\Shawn\AppData\Local\Smartbar\Application\Linkury.exe startup [13824 2012-02-12] (Smartbar)
    HKU\Shawn\...\Policies\system: [DisableCMD] 0
    HKU\Shawn\...\Policies\system: [NoDispAppearancePage] 0
    HKU\Shawn\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\Shawn\...\Policies\system: [NoDispSettingsPage] 0
    HKLM-x32\...\runonceex: [Flags] 128
    HKLM-x32\...\runonceex: [Title] RegRun II Secure Start
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    AppInit_DLLs:
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
    ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (No File)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk
    ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe ()
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Fliptoast.lnk
    ShortcutTarget: Fliptoast.lnk -> C:\Program Files (x86)\Fliptoast\fliptoast.exe ()
    ==================== Services ====================
    2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [304464 2010-04-29] (Malwarebytes Corporation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    ==================== Drivers =================================
    1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17024 2010-07-26] (ASUS)
    3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24664 2010-04-29] (Malwarebytes Corporation)
    1 MpKsl21d8fe6b; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1F95BDFA-91D7-41A9-A01F-EB2981D95DA9}\MpKsl21d8fe6b.sys [35664 2012-09-11] (Microsoft Corporation)
    1 MpKslc408ca3f; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1F95BDFA-91D7-41A9-A01F-EB2981D95DA9}\MpKslc408ca3f.sys [35664 2012-09-11] (Microsoft Corporation)
    3 sscdserd; C:\Windows\System32\Drivers\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
    0 WRkrn; C:\Windows\System32\Drivers\WRkrn.sys [110096 2012-08-22] (Webroot)
    0 BAJHivgA; C:\Windows\System32\drivers\BAJHivgA.sys [x]
    ==================== NetSvcs (Whitelisted) =================

    ==================== One Month Created Files and Folders ======================
    2012-09-12 14:30 - 2012-09-12 14:31 - 00000000 ____D C:\FRST
    2012-09-11 16:36 - 2009-07-13 17:38 - 00383562 _RASH C:\bootmgr
    2012-09-11 14:41 - 2012-09-10 12:00 - 12353592 ____A (Greatis Software, LLC. ) C:\Users\Shawn\Desktop\unhackme_setup.exe
    2012-09-11 14:13 - 2012-09-11 14:13 - 00000000 ____D C:\Users\Shawn\Documents\ 7
    2012-09-11 14:05 - 2012-09-11 14:05 - 04731392 ____A (AVAST Software) C:\Users\Shawn\Desktop\aswMBR.exe
    2012-09-11 14:03 - 2012-09-11 14:03 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Shawn\Downloads\GOAWAY.COM
    2012-09-11 13:57 - 2012-09-11 14:02 - 00080384 ____A C:\Users\Shawn\Downloads\MBRCheck.exe
    2012-09-11 13:50 - 2012-09-11 21:34 - 00000168 ____A C:\Windows\setupact.log
    2012-09-11 13:50 - 2012-09-11 13:50 - 00000000 ____A C:\Windows\setuperr.log
    2012-09-11 12:50 - 2012-09-11 22:14 - 00034672 ____A C:\Windows\WindowsUpdate.log
    2012-09-11 12:40 - 2012-09-11 12:40 - 00018826 ____A C:\Users\Shawn\Documents\cc_20120911_134040.reg
    2012-09-11 12:27 - 2012-09-11 15:17 - 00000000 ____D C:\Users\Shawn\Desktop\new
    2012-09-11 12:27 - 2012-09-11 12:27 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Shawn\Desktop\123.com.exe
    2012-09-11 12:21 - 2012-09-11 12:21 - 00001411 ____A C:\Users\Shawn\Desktop\Internet Explorer (64-bit).lnk
    2012-09-11 11:45 - 2012-09-11 11:45 - 00058064 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-09-11 11:44 - 2012-09-11 11:44 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
    2012-09-11 11:42 - 2012-09-11 11:44 - 00000000 ____D C:\users\Guest
    2012-09-11 11:42 - 2012-09-11 11:42 - 00000020 __ASH C:\Users\Guest\ntuser.ini
    2012-09-11 11:42 - 2012-01-31 20:38 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia
    2012-09-11 08:40 - 2012-09-11 08:41 - 00896912 ____A (BitTorrent, Inc.) C:\Users\Shawn\Desktop\uTorrent.exe
    2012-09-11 06:43 - 2012-09-11 06:43 - 00039184 ____A (Greatis Software) C:\Windows\System32\Partizan.exe
    2012-09-11 06:42 - 2012-09-11 06:42 - 00001071 ____A C:\Users\Shawn\Desktop\Reanimator.lnk
    2012-09-11 06:42 - 2012-09-11 06:42 - 00000002 RASHOT C:\Windows\winstart.bat
    2012-09-11 06:42 - 2012-09-11 06:42 - 00000002 RASHOT C:\Windows\SysWOW64\CONFIG.NT
    2012-09-11 06:42 - 2012-09-11 06:42 - 00000002 RASHOT C:\Windows\SysWOW64\AUTOEXEC.NT
    2012-09-11 06:42 - 2012-09-11 06:42 - 00000000 ____D C:\Users\Shawn\Documents\RegRun2
    2012-09-11 06:42 - 2012-09-11 06:42 - 00000000 ____D C:\Program Files (x86)\Greatis
    2012-09-11 05:45 - 2012-09-11 05:45 - 00803584 ____A (Microsoft Corporation) C:\Users\Shawn\Downloads\mssstool64.exe
    2012-09-11 05:07 - 2012-07-06 12:07 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
    2012-09-09 17:37 - 2012-09-09 17:37 - 00000000 ____D C:\Users\Shawn\AppData\Local\{888BE3C3-E293-41B7-85A2-58E3A52E1FA8}
    2012-09-09 12:41 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-09-09 12:41 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-09-09 12:41 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-09-09 12:41 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-09-09 12:41 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-09-09 12:41 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-09-09 12:41 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-09-09 12:41 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-09-09 12:41 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-09-09 12:41 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-09-09 12:41 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-09-09 12:41 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-09-09 12:41 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-09-09 12:41 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-09-09 12:41 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-09-09 12:41 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-09-09 12:41 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-09-09 12:41 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-09-09 12:41 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-09-09 12:41 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-09-09 12:41 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-09-09 12:41 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-09-09 12:41 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-09-09 12:41 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-09-09 12:41 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-09-09 12:40 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-09-09 12:40 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-09-09 12:40 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-09-09 12:38 - 2012-09-09 12:38 - 00000129 ____A C:\Windows\System32\MRT.INI
    2012-09-09 07:57 - 2012-09-09 07:57 - 00000000 ____D C:\Program Files (x86)\World of Wisdom
    2012-09-09 07:53 - 2012-09-09 07:56 - 06464965 ____A (companyname) C:\Users\Shawn\Downloads\Interprt.exe
    2012-09-09 06:55 - 2012-09-11 12:10 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\Azureus
    2012-09-09 06:55 - 2012-09-09 06:55 - 00000000 ____D C:\Users\Shawn\.swt
    2012-09-09 06:54 - 2012-09-09 06:54 - 00001850 ____A C:\Users\Public\Desktop\Vuze.lnk
    2012-09-09 06:54 - 2012-09-09 06:54 - 00000000 ____D C:\Program Files (x86)\Vuze
    2012-09-09 06:29 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
    2012-09-09 06:29 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2012-09-09 06:29 - 2012-03-02 22:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
    2012-09-09 06:29 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2012-09-09 06:28 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-09-09 06:28 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-09-09 06:28 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-09-09 06:28 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-09-09 06:28 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2012-09-09 06:28 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
    2012-09-09 06:28 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
    2012-09-09 06:28 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2012-09-09 06:28 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2012-09-09 06:28 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2012-09-09 06:26 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-09-09 06:26 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-09-09 06:25 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-09-09 06:25 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-09-09 06:25 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-09-09 06:25 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-09-09 06:25 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-09-09 06:25 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-09-09 06:25 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-09-09 06:25 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-09-09 06:25 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-09-09 06:25 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-09-09 06:25 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-09-09 06:25 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-09-09 06:23 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-09-09 05:52 - 2012-09-11 22:09 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-09 05:52 - 2012-09-09 05:52 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-09-09 05:52 - 2012-09-09 05:52 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-09-09 05:41 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-09-09 05:41 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-09-09 05:41 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-09-09 05:41 - 2012-03-16 23:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
    2012-09-09 05:37 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-09-09 05:37 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-09-09 05:37 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-09-09 05:37 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-09-09 05:37 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-09-09 05:37 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-09-09 05:36 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-09-09 05:36 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-09-09 05:36 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-09-09 05:36 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-09-09 05:36 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-09-09 05:35 - 2012-09-09 05:35 - 00000000 ____D C:\Users\Shawn\Tracing
    2012-09-09 05:34 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-09-09 05:34 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-09-09 05:34 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-09-09 05:34 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
    2012-09-09 05:34 - 2012-03-30 03:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-09-09 05:33 - 2012-09-09 05:33 - 00001042 ____A C:\Users\Public\Desktop\RealPlayer.lnk
    2012-09-09 05:32 - 2012-09-09 05:32 - 00198864 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
    2012-09-09 05:31 - 2012-09-09 05:31 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
    2012-09-09 05:31 - 2012-09-09 05:31 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
    2012-09-09 05:31 - 2012-09-09 05:31 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
    2012-09-09 05:31 - 2012-09-09 05:31 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
    2012-09-09 05:31 - 2012-09-09 05:31 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
    2012-09-09 05:23 - 2012-09-09 05:23 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-09-09 05:23 - 2012-02-29 22:46 - 00023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
    2012-09-09 05:23 - 2012-02-29 22:38 - 00220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-09-09 05:23 - 2012-02-29 22:33 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
    2012-09-09 05:23 - 2012-02-29 22:28 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
    2012-09-09 05:23 - 2012-02-29 21:37 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-09-09 05:23 - 2012-02-29 21:33 - 00159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
    2012-09-09 05:23 - 2012-02-29 21:29 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
    2012-09-09 05:20 - 2012-09-09 05:20 - 00000580 ____A C:\Users\Shawn\Documents\cc_20120909_062041.reg
    2012-09-09 05:17 - 2012-09-09 05:17 - 00008248 ____A C:\Users\Shawn\Documents\cc_20120909_061658.reg
    2012-09-09 04:53 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-09-09 04:53 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-09-09 04:53 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-09-09 04:53 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-09-09 04:53 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-09-09 04:53 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-09-09 04:53 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-09-09 04:53 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-09-09 04:53 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-09-09 04:36 - 2012-09-09 04:36 - 00000294 ____A C:\user.js
    2012-09-09 04:36 - 2012-09-09 04:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-09-09 04:33 - 2012-09-09 04:33 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\Babylon
    2012-09-09 04:33 - 2012-09-09 04:33 - 00000000 ____D C:\Users\Shawn\AppData\Local\Babylon
    2012-09-09 04:33 - 2012-09-09 04:33 - 00000000 ____D C:\Users\All Users\Babylon
    2012-09-09 04:29 - 2012-05-31 11:25 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-09-09 04:23 - 2012-09-09 04:24 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-09-09 04:23 - 2012-09-09 04:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-09-09 04:22 - 2012-09-09 05:28 - 00002872 ____A C:\Windows\System32\TmInstall.log
    2012-09-09 04:22 - 2012-09-09 04:22 - 00004280 ____A C:\Windows\SysWOW64\TmInstall.log
    2012-09-09 04:17 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
    2012-09-09 04:04 - 2012-09-09 04:04 - 00001151 ____A C:\Windows\wininit.ini
    2012-09-09 03:54 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20120909-045402.backup
    2012-09-09 03:50 - 2012-09-09 05:13 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
    2012-09-09 03:50 - 2012-09-09 03:50 - 00001260 ____A C:\Users\Shawn\Desktop\Spybot - Search & Destroy.lnk
    2012-09-09 03:50 - 2012-09-09 03:50 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
    2012-09-09 03:44 - 2012-09-09 03:44 - 00001011 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    2012-09-09 03:44 - 2012-09-09 03:44 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\Malwarebytes
    2012-09-09 03:44 - 2012-09-09 03:44 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-09-09 03:44 - 2012-09-09 03:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-09 03:44 - 2010-04-29 14:39 - 00038224 ____A (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
    2012-09-09 03:44 - 2010-04-29 14:39 - 00024664 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-09 03:43 - 2012-09-09 03:43 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\WinRAR
    2012-09-09 03:42 - 2012-09-09 03:43 - 00000000 ____D C:\Program Files\WinRAR
    2012-09-09 03:39 - 2012-09-09 04:44 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-09-09 03:09 - 2012-09-09 03:09 - 00002880 ____A C:\Users\Shawn\Documents\cc_20120909_040905.reg
    2012-09-09 03:09 - 2012-09-09 03:09 - 00000900 ____A C:\Users\Shawn\Documents\cc_20120909_040916.reg
    2012-09-09 03:08 - 2012-09-09 03:08 - 00005436 ____A C:\Users\Shawn\Documents\cc_20120909_040839.reg
    2012-09-09 03:08 - 2012-09-09 03:08 - 00000804 ____A C:\Users\Shawn\Documents\cc_20120909_040849.reg
    2012-09-09 03:04 - 2012-09-09 03:04 - 00029834 ____A C:\Users\Shawn\Documents\cc_20120909_040415.reg
    2012-09-09 03:04 - 2012-09-09 03:04 - 00000280 ____A C:\Users\Shawn\Documents\cc_20120909_040436.reg
    2012-09-09 03:03 - 2012-09-09 03:04 - 00116666 ____A C:\Users\Shawn\Documents\cc_20120909_040355.reg
    2012-09-09 02:55 - 2012-09-11 12:15 - 00000000 ____D C:\Windows\pss
    2012-09-09 02:38 - 2012-09-09 02:44 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-09-09 02:38 - 2012-09-09 02:44 - 00000000 ____D C:\Program Files\CCleaner
    2012-08-30 19:28 - 2012-08-30 19:28 - 00000000 ____D C:\Users\Shawn\AppData\Local\{0E48326F-290B-4EB8-BBCB-0442A1BCDEEB}
    2012-08-30 16:11 - 2012-09-11 21:34 - 00000414 ____A C:\Windows\Tasks\PC Optimizer Pro64 startups.job
    2012-08-30 16:08 - 2012-09-11 21:34 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-30 16:08 - 2012-08-30 16:08 - 00008114 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-28 00:28 - 2012-08-28 00:31 - 14279820 ____A C:\Users\Shawn\Downloads\YouPorn - Small tits brunette girl gets ****ed narrow ***.mp4
    2012-08-25 07:06 - 2012-08-25 07:24 - 14804742 ____A C:\Users\Shawn\Downloads\YouPorn - EXGF Revenge Hard Dildo **** ****.mp4
    2012-08-23 12:35 - 2012-08-23 12:51 - 16375341 ____A C:\Users\Shawn\Downloads\YouPorn - Black chick gets into white dude ****ing her ***.mp4
    2012-08-22 13:30 - 2012-08-22 13:30 - 00000000 ____D C:\Users\Shawn\AppData\Local\{80CF5F84-1862-4BB3-B04A-36A8CDCA14B4}
    2012-08-21 00:23 - 2012-08-21 00:37 - 15026252 ____A C:\Users\Shawn\Downloads\YouPorn - hard wet female super orgasm squirt.mp4
    2012-08-20 08:28 - 2012-08-20 08:29 - 00000000 ____D C:\Users\Shawn\AppData\Local\{4C4740B1-5F7D-49E4-A621-DFDAE5578EC1}
    2012-08-18 13:51 - 2012-08-18 13:51 - 00016836 ____A C:\Windows\SysWOW64\hs_err_pid1832.log
    2012-08-15 14:39 - 2012-08-15 14:39 - 00013613 ____A C:\Windows\SysWOW64\hs_err_pid1688.log
    2012-08-15 01:58 - 2012-08-15 01:58 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\Fighters
    2012-08-15 01:58 - 2012-08-15 01:58 - 00000000 ____D C:\Users\All Users\Fighters
    2012-08-15 01:58 - 2012-08-15 01:58 - 00000000 ____D C:\Program Files (x86)\Fighters
    2012-08-15 01:51 - 2012-08-15 01:51 - 00000000 ____D C:\Users\Shawn\AppData\Local\The Weather Channel
    2012-08-13 23:30 - 2012-09-11 07:52 - 00835584 __ASH C:\Users\Shawn\Downloads\Thumbs.db
    ==================== 3 Months Modified Files ================================
    2012-09-11 22:14 - 2012-09-11 12:50 - 00034672 ____A C:\Windows\WindowsUpdate.log
    2012-09-11 22:09 - 2012-09-09 05:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-11 21:43 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-11 21:43 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-11 21:40 - 2009-07-13 21:13 - 00745934 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-11 21:34 - 2012-09-11 13:50 - 00000168 ____A C:\Windows\setupact.log
    2012-09-11 21:34 - 2012-08-30 16:11 - 00000414 ____A C:\Windows\Tasks\PC Optimizer Pro64 startups.job
    2012-09-11 21:34 - 2012-08-30 16:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-11 14:05 - 2012-09-11 14:05 - 04731392 ____A (AVAST Software) C:\Users\Shawn\Desktop\aswMBR.exe
    2012-09-11 14:03 - 2012-09-11 14:03 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Shawn\Downloads\GOAWAY.COM
    2012-09-11 14:02 - 2012-09-11 13:57 - 00080384 ____A C:\Users\Shawn\Downloads\MBRCheck.exe
    2012-09-11 13:50 - 2012-09-11 13:50 - 00000000 ____A C:\Windows\setuperr.log
    2012-09-11 12:40 - 2012-09-11 12:40 - 00018826 ____A C:\Users\Shawn\Documents\cc_20120911_134040.reg
    2012-09-11 12:27 - 2012-09-11 12:27 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Shawn\Desktop\123.com.exe
    2012-09-11 12:21 - 2012-09-11 12:21 - 00001411 ____A C:\Users\Shawn\Desktop\Internet Explorer (64-bit).lnk
    2012-09-11 11:45 - 2012-09-11 11:45 - 00058064 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-09-11 11:42 - 2012-09-11 11:42 - 00000020 __ASH C:\Users\Guest\ntuser.ini
    2012-09-11 08:41 - 2012-09-11 08:40 - 00896912 ____A (BitTorrent, Inc.) C:\Users\Shawn\Desktop\uTorrent.exe
    2012-09-11 07:52 - 2012-08-13 23:30 - 00835584 __ASH C:\Users\Shawn\Downloads\Thumbs.db
    2012-09-11 06:43 - 2012-09-11 06:43 - 00039184 ____A (Greatis Software) C:\Windows\System32\Partizan.exe
    2012-09-11 06:42 - 2012-09-11 06:42 - 00001071 ____A C:\Users\Shawn\Desktop\Reanimator.lnk
    2012-09-11 06:42 - 2012-09-11 06:42 - 00000002 RASHOT C:\Windows\winstart.bat
    2012-09-11 06:42 - 2012-09-11 06:42 - 00000002 RASHOT C:\Windows\SysWOW64\CONFIG.NT
    2012-09-11 06:42 - 2012-09-11 06:42 - 00000002 RASHOT C:\Windows\SysWOW64\AUTOEXEC.NT
    2012-09-11 06:33 - 2011-12-25 00:52 - 00045056 ____A C:\Windows\System32\acovcnt.exe
    2012-09-11 06:31 - 2009-07-13 20:45 - 00275064 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-09-11 05:45 - 2012-09-11 05:45 - 00803584 ____A (Microsoft Corporation) C:\Users\Shawn\Downloads\mssstool64.exe
    2012-09-10 12:00 - 2012-09-11 14:41 - 12353592 ____A (Greatis Software, LLC. ) C:\Users\Shawn\Desktop\unhackme_setup.exe
    2012-09-09 12:38 - 2012-09-09 12:38 - 00000129 ____A C:\Windows\System32\MRT.INI
    2012-09-09 07:56 - 2012-09-09 07:53 - 06464965 ____A (companyname) C:\Users\Shawn\Downloads\Interprt.exe
    2012-09-09 06:54 - 2012-09-09 06:54 - 00001850 ____A C:\Users\Public\Desktop\Vuze.lnk
    2012-09-09 05:52 - 2012-09-09 05:52 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-09-09 05:52 - 2012-09-09 05:52 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-09-09 05:33 - 2012-09-09 05:33 - 00001042 ____A C:\Users\Public\Desktop\RealPlayer.lnk
    2012-09-09 05:32 - 2012-09-09 05:32 - 00198864 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
    2012-09-09 05:31 - 2012-09-09 05:31 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
    2012-09-09 05:31 - 2012-09-09 05:31 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
    2012-09-09 05:31 - 2012-09-09 05:31 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
    2012-09-09 05:31 - 2012-09-09 05:31 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
    2012-09-09 05:31 - 2012-09-09 05:31 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
    2012-09-09 05:28 - 2012-09-09 04:22 - 00002872 ____A C:\Windows\System32\TmInstall.log
    2012-09-09 05:20 - 2012-09-09 05:20 - 00000580 ____A C:\Users\Shawn\Documents\cc_20120909_062041.reg
    2012-09-09 05:17 - 2012-09-09 05:17 - 00008248 ____A C:\Users\Shawn\Documents\cc_20120909_061658.reg
    2012-09-09 04:44 - 2012-09-09 03:39 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-09-09 04:36 - 2012-09-09 04:36 - 00000294 ____A C:\user.js
    2012-09-09 04:23 - 2012-02-12 20:51 - 00759780 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-09-09 04:22 - 2012-09-09 04:22 - 00004280 ____A C:\Windows\SysWOW64\TmInstall.log
    2012-09-09 04:20 - 2011-10-28 23:27 - 00002578 ____A C:\Windows\System32\AutoRunFilter.ini
    2012-09-09 04:20 - 2011-10-28 23:27 - 00001285 ____A C:\Windows\System32\ServiceFilter.ini
    2012-09-09 04:04 - 2012-09-09 04:04 - 00001151 ____A C:\Windows\wininit.ini
    2012-09-09 03:50 - 2012-09-09 03:50 - 00001260 ____A C:\Users\Shawn\Desktop\Spybot - Search & Destroy.lnk
    2012-09-09 03:44 - 2012-09-09 03:44 - 00001011 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    2012-09-09 03:09 - 2012-09-09 03:09 - 00002880 ____A C:\Users\Shawn\Documents\cc_20120909_040905.reg
    2012-09-09 03:09 - 2012-09-09 03:09 - 00000900 ____A C:\Users\Shawn\Documents\cc_20120909_040916.reg
    2012-09-09 03:08 - 2012-09-09 03:08 - 00005436 ____A C:\Users\Shawn\Documents\cc_20120909_040839.reg
    2012-09-09 03:08 - 2012-09-09 03:08 - 00000804 ____A C:\Users\Shawn\Documents\cc_20120909_040849.reg
    2012-09-09 03:04 - 2012-09-09 03:04 - 00029834 ____A C:\Users\Shawn\Documents\cc_20120909_040415.reg
    2012-09-09 03:04 - 2012-09-09 03:04 - 00000280 ____A C:\Users\Shawn\Documents\cc_20120909_040436.reg
    2012-09-09 03:04 - 2012-09-09 03:03 - 00116666 ____A C:\Users\Shawn\Documents\cc_20120909_040355.reg
    2012-09-09 03:00 - 2012-03-16 21:55 - 00000135 ____A C:\Windows\disney.ini
    2012-09-09 02:44 - 2012-09-09 02:38 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-08-30 16:08 - 2012-08-30 16:08 - 00008114 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-28 00:31 - 2012-08-28 00:28 - 14279820 ____A C:\Users\Shawn\Downloads\YouPorn - Small tits brunette girl gets ****ed narrow ***.mp4
    2012-08-25 07:24 - 2012-08-25 07:06 - 14804742 ____A C:\Users\Shawn\Downloads\YouPorn - EXGF Revenge Hard Dildo **** ****.mp4
    2012-08-23 12:51 - 2012-08-23 12:35 - 16375341 ____A C:\Users\Shawn\Downloads\YouPorn - Black chick gets into white dude ****ing her ***.mp4
    2012-08-22 14:36 - 2011-12-27 01:45 - 00110096 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
    2012-08-22 14:36 - 2011-12-27 01:45 - 00102832 ____A (Webroot) C:\Windows\System32\WRusr.dll
    2012-08-21 00:37 - 2012-08-21 00:23 - 15026252 ____A C:\Users\Shawn\Downloads\YouPorn - hard wet female super orgasm squirt.mp4
    2012-08-18 23:25 - 2012-08-09 08:44 - 00710504 ____A (Webroot) C:\Program1
    2012-08-18 13:51 - 2012-08-18 13:51 - 00016836 ____A C:\Windows\SysWOW64\hs_err_pid1832.log
    2012-08-15 14:39 - 2012-08-15 14:39 - 00013613 ____A C:\Windows\SysWOW64\hs_err_pid1688.log
    2012-08-14 00:11 - 2012-08-12 23:42 - 50920590 ____A C:\Users\Shawn\Downloads\YouPorn - Schwanze by any other name is ****.mp4
    2012-08-13 11:18 - 2012-08-09 11:19 - 00000438 ____A C:\Windows\Tasks\PC Optimizer Pro Updates.job
    2012-08-09 11:14 - 2012-08-09 11:14 - 01561792 ____A (W3i, LLC) C:\Users\Shawn\Downloads\freefileviewer_730 (1).exe
    2012-08-09 11:14 - 2012-08-09 11:14 - 00447856 ____A (Bandoo Media Inc) C:\Users\Shawn\Downloads\Setup_FreeFlvConverter.exe
    2012-08-09 11:14 - 2012-08-09 11:13 - 01561792 ____A (W3i, LLC) C:\Users\Shawn\Downloads\freefileviewer_730.exe
    2012-08-09 08:26 - 2012-01-31 16:12 - 00000749 ____A C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
    2012-08-03 03:27 - 2011-12-26 05:23 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-18 10:15 - 2012-09-09 05:34 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-06 12:07 - 2012-09-11 05:07 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
    2012-07-04 14:16 - 2012-09-09 05:36 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-07-04 14:13 - 2012-09-09 05:36 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-07-04 14:13 - 2012-09-09 05:36 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-07-04 13:16 - 2012-09-09 05:36 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-07-04 13:14 - 2012-09-09 05:36 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-06-28 20:55 - 2012-09-09 12:40 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-28 20:09 - 2012-09-09 12:40 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-28 19:56 - 2012-09-09 12:41 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-28 19:49 - 2012-09-09 12:41 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-28 19:49 - 2012-09-09 12:41 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-28 19:48 - 2012-09-09 12:41 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-28 19:47 - 2012-09-09 12:41 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-28 19:45 - 2012-09-09 12:41 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-28 19:44 - 2012-09-09 12:41 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-28 19:43 - 2012-09-09 12:41 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-28 19:42 - 2012-09-09 12:41 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-28 19:40 - 2012-09-09 12:41 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-28 19:39 - 2012-09-09 12:41 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-28 19:35 - 2012-09-09 12:41 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-28 16:52 - 2012-09-09 12:41 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-28 16:27 - 2012-09-09 12:40 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-28 16:16 - 2012-09-09 12:41 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-28 16:09 - 2012-09-09 12:41 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-28 16:09 - 2012-09-09 12:41 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-28 16:08 - 2012-09-09 12:41 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-28 16:07 - 2012-09-09 12:41 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-28 16:06 - 2012-09-09 12:41 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-28 16:04 - 2012-09-09 12:41 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-28 16:04 - 2012-09-09 12:41 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-28 16:01 - 2012-09-09 12:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-28 16:01 - 2012-09-09 12:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-28 16:00 - 2012-09-09 12:41 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-28 15:57 - 2012-09-09 12:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

    ATTENTION: ========> Check for possible partition/boot infection:
    C:\Windows\svchost.exe
    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    TDL4: custom:26000022 <===== ATTENTION!
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2012-08-18 14:50:06
    Restore point made on: 2012-09-09 04:23:20
    Restore point made on: 2012-09-09 04:26:51
    Restore point made on: 2012-09-09 04:29:10
    Restore point made on: 2012-09-09 04:53:29
    Restore point made on: 2012-09-09 04:58:01
    Restore point made on: 2012-09-09 05:22:40
    Restore point made on: 2012-09-09 12:35:18
    Restore point made on: 2012-09-09 18:32:17
    Restore point made on: 2012-09-11 05:05:06
    Restore point made on: 2012-09-11 09:21:33
    Restore point made on: 2012-09-11 11:11:37
    Restore point made on: 2012-09-11 12:12:52
    ==================== Memory info ===========================
    Percentage of memory in use: 14%
    Total physical RAM: 4000.13 MB
    Available physical RAM: 3433.82 MB
    Total Pagefile: 3998.27 MB
    Available Pagefile: 3425.14 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.88 MB
    ==================== Partitions ============================
    1 Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:36.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (DATA) (Fixed) (Total:254.46 GB) (Free:198.15 GB) NTFS
    5 Drive g: (KINGSTON U3) (Removable) (Total:0.94 GB) (Free:0.87 GB) FAT
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 957 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 25 GB 1024 KB
    Partition 2 Primary 186 GB 25 GB
    Partition 3 Primary 254 GB 211 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 1C
    Hidden: Yes
    Active: No
    There is no volume associated with this partition.
    ==================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 186 GB Healthy
    ==================================================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D DATA NTFS Partition 254 GB Healthy
    ==================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 957 MB 4096 B
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 0E
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G KINGSTON U3 FAT Removable 957 MB Healthy
    ==================================================================================
    Last Boot: 2012-08-18 14:42
    ==================== End Of Log =============================
     
  5. JSntgRvr

    JSntgRvr José Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,524
    Welcome.

    Download MBRFix from here.

    Save and extract its contents to the working computer's desktop. There are three files in the MBRFix folder. From these, only copy the MBRFix64.exe to the USB drive.

    Also download the enclosed file and save it in the USB drive.

    Insert the USB drive into the ailing computer.

    Now please enter System Recovery Options and run FRST64 as you did before, except that this time around, press the Fix button just once and wait.

    The tool will make a log on the flashdrive (Fixlog.txt). It will also create a file labeled MBRDUMP.txt. Copy and Paste the contents of the Fixlog.txt in your next reply, but attach the MBRDUMP.txt as it is a hex file.
     

    Attached Files:

  6. JSntgRvr

    JSntgRvr José Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,524
    Posting new threads won't help. Is this the same computer you just posted?
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1068717