Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected Computer with possible backdoor Trojans and rootkits [Solved]


  • This topic is locked This topic is locked

#1
BohoGypsy

BohoGypsy

    Member

  • Member
  • PipPip
  • 38 posts
Hello,

I hope someone is able to help me. I was originally in another forum website where I have now cancelled my account and was told by many to come here instead. I won't mention the name of the other forum, but I was unsatisfied with the lack of help, length of time, and the inability to remove the virus from my computer. I was told that I have a backdoor Trojan and that even if it is cleaned, my computer is forever compromised...??? I have run everything from DDS logs to RKILL logs etc. My original problem is as listed:

My computer is infected with several viruses or a root-kit that I cannot get rid of, and I have tried everything. I am ready to throw my laptop out the window. I am running windows vista on a dell Inspiron 1525. I knew I had a virus when Firefox kept freezing and ctrl alt dlt did not work. I attempted to reset Firefox, updated plugins (one was the java that was considered to be vulnerable) and reset my winsock. After this my whole computer started freezing, even in safe mode, and then I would have to manually restart and get black screen with blinking cursor before F8. I tried scanning with Malwarebytes (chameleon too) mbr rootkit, avast, sophos etc. And all find infected files, but as soon as they do they freeze and I am forced to manually shut down. This also happens in safe modes. I tried Mcafee rootkit and it found nothing, while Kaspersky rootkit found and successfully quar. items, but scan still froze. Avast always gets to 93% where the others freeze in a few min. I downloaded rogue killer and it found items in my hkey, but as soon as I clicked delete and scanned again, they were still there. I then tried downloading rkill, which ran and then re-downloaded Malwarebytes and named it a different .exe. But it still finds infected files and freezes. How can I get did of this if I cant scan???? Please help. I am so frustrated. Oh, and also if I leave during scans and don't tap computer, it goes to a black unresponsive screen (and I have no screensaver set)."

I have no problem accessing Internet now, and any DDS etc. scan fine. It is just the programs that attempt removal. I don't have days on end to fix this. I am currently applying for jobs, I am traveling and I need this fixed as soon as possible. I am also currently social media managing for my partner's company, and I can't keep doing everything from my phone. I am frustrated, and terrified that my account has been compromised. Although I don't regularly bank online, I do have accounts through Amazon etc. I have also noticed that myself, along with others on my friends list (Facebook) are the byproduct of spoofing for emails (ie our names, but not email address). Can someone please help me clean my machine. I don't have access to another computer.

Kind regards,

BohoGypsy
  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi and welcome.

Lets take a look:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

  • 0

#3
BohoGypsy

BohoGypsy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Thank you. Here are the two texts...

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-08-2013
Ran by Katelynn (administrator) on 05-08-2013 16:16:09
Running from C:\Users\Katelynn\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\system32\aestsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Boingo Wireless, Inc.) C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
( ) C:\Windows\system32\lxcrcoms.exe
(Dropbox, Inc.) C:\Users\Katelynn\AppData\Roaming\Dropbox\bin\Dropbox.exe
(IDT, Inc.) C:\Windows\system32\STacSV.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\Katelynn\Downloads\FRST(1).exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\avast.setup

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] shell32.dll ATTENTION! ====> ZeroAccess?
MountPoints2: I - I:\LaunchU3.exe -a
MountPoints2: {216201f7-ee96-11df-85a3-806e6f6e6963} - I:\LaunchU3.exe -a
MountPoints2: {36f36e1d-8981-11e0-a1b8-806e6f6e6963} - H:\ToolLauncher-Bootstrap.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-20] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-20] (Microsoft Corporation)
Startup: C:\Users\Katelynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Katelynn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=1080319
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=1080319
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=1080319
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll (EarthLink, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...ferrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...ferrer:source?}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...863578649497140
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...863578649497140
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: No Name - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No File
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -No Name - {C7768536-96F8-4001-B1A2-90EE21279187} - No File
Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU -No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - No File
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
ShellExecuteHooks: - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ]
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Katelynn\AppData\Roaming\Mozilla\Firefox\Profiles\vhqdna17.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Katelynn\AppData\Roaming\Mozilla\Extensions\[email protected]
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{4bcdbfd0-fa26-11de-8a39-0800200c9a66}] C:\Windows\system32\config\systemprofile\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}
FF HKLM\...\Firefox\Extensions: [[email protected]] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected]
FF HKLM\...\Firefox\Extensions: [[email protected]] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected]
FF HKLM\...\Firefox\Extensions: [[email protected]] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [{3E3CFC85-4A3A-4DBF-87EF-909A20B86A0C}] C:\Users\Katelynn\AppData\Local\{3E3CFC85-4A3A-4DBF-87EF-909A20B86A0C}
FF Extension: XULRunner - C:\Users\Katelynn\AppData\Local\{3E3CFC85-4A3A-4DBF-87EF-909A20B86A0C}

Chrome:
=======
CHR RestoreOnStartup: "urls_to_restore_on_startup": null
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\Katelynn\AppData\Local\Google\Chrome\Application\12.0.742.122\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Chrome NaCl) - C:\Users\Katelynn\AppData\Local\Google\Chrome\Application\12.0.742.122\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Katelynn\AppData\Local\Google\Chrome\Application\12.0.742.122\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Users\Katelynn\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR HKLM\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Katelynn\AppData\Local\Temp\ccex.crx
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 EarthLinkMonitor; C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe [65604 2005-01-26] (Boingo Wireless, Inc.)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-06-28] (SurfRight B.V.)
R2 lxcr_device; C:\Windows\system32\lxcrcoms.exe [537520 2006-12-11] ( )
S4 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [104000 2006-11-17] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
S4 wltrysvc; C:\Windows\System32\bcmwltry.exe [2506752 2007-12-12] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-07-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-07-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-07-28] ()
S3 BW2NDIS5; C:\Windows\System32\Drivers\BW2NDIS5.sys [17536 2004-11-01] (Printing Communications Assoc., Inc. (PCAUSA))
S3 GTUHSBUS; C:\Windows\System32\DRIVERS\gtuhsbus.sys [58880 2008-06-04] (Option N.V.)
S3 GTUHSNDISIPXP; C:\Windows\System32\DRIVERS\gtuhs51.sys [106112 2008-06-04] (Option N.V.)
S3 GTUHSOMS; C:\Windows\System32\DRIVERS\gtuhsoms.sys [18816 2008-06-06] (Option N.V.)
S3 GTUHSSER; C:\Windows\System32\DRIVERS\gtuhsser.sys [8064 2008-06-04] (Option N.V.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-07-29] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [113608 2013-01-27] (Power Software Ltd)
R1 SCT_SKMScan; C:\Windows\System32\DRIVERS\sct_skmscan.sys [33096 2012-10-12] (Sophos Limited)
U3 TrueSight; C:\Windows\system32\TrueSight.sys [15616 2013-07-29] ()
S3 utuyntu3; C:\Windows\system32\Drivers\utuyntu3.sys [7168 2013-04-08] ()
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [x]
S3 catchme; \??\C:\Users\Katelynn\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 MEMSWEEP2; \??\C:\Windows\system32\4EF9.tmp [x]
S3 MFE_RR; \??\C:\Users\Katelynn\AppData\Local\Temp\mfe_rr.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S0 rfhej; System32\drivers\ljqrd.sys [x]
S0 TfFsMon; system32\drivers\TfFsMon.sys [x]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x]
S0 TfSysMon; system32\drivers\TfSysMon.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-05 16:12 - 2013-08-05 16:12 - 01228808 _____ (Farbar) C:\Users\Katelynn\Downloads\FRST(1).exe
2013-08-01 22:45 - 2013-08-05 16:15 - 00035423 _____ C:\Users\Katelynn\Desktop\FRST.txt
2013-08-01 22:45 - 2013-08-01 22:47 - 00016954 _____ C:\Users\Katelynn\Desktop\Addition.txt
2013-08-01 22:43 - 2013-08-01 22:46 - 00016954 _____ C:\Users\Katelynn\Downloads\Addition.txt
2013-08-01 22:41 - 2013-08-01 22:41 - 00000000 ____D C:\FRST
2013-08-01 22:40 - 2013-08-01 22:40 - 01222124 _____ (Farbar) C:\Users\Katelynn\Downloads\FRST.exe
2013-08-01 17:15 - 2013-08-01 17:15 - 00000000 __SHD C:\found.004
2013-07-31 18:07 - 2013-07-31 18:07 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\Katelynn\Downloads\tdsskiller.exe
2013-07-30 20:46 - 2013-07-30 20:46 - 00044895 _____ C:\Users\Katelynn\Desktop\GMER.txt
2013-07-30 20:11 - 2013-07-30 20:11 - 00688992 ____R (Swearware) C:\Users\Katelynn\Downloads\dds(1).com
2013-07-29 22:02 - 2013-07-29 22:02 - 00013356 _____ C:\Users\Katelynn\Desktop\DDS-1.txt
2013-07-29 22:00 - 2013-07-30 20:13 - 00012753 _____ C:\Users\Katelynn\Desktop\dds.txt
2013-07-29 22:00 - 2013-07-30 20:13 - 00004773 _____ C:\Users\Katelynn\Desktop\attach.txt
2013-07-29 21:56 - 2013-07-29 21:56 - 00688992 ____R (Swearware) C:\Users\Katelynn\Downloads\dds.com
2013-07-29 17:22 - 2013-07-29 17:40 - 00002576 _____ C:\Users\Katelynn\Desktop\Rkill.txt
2013-07-29 17:22 - 2013-07-29 17:22 - 01844864 _____ (Bleeping Computer, LLC) C:\Users\Katelynn\Downloads\rkill.com
2013-07-29 16:45 - 2013-07-29 16:45 - 00000000 ____D C:\Program Files\kioskea.exe
2013-07-29 16:45 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-29 16:42 - 2013-07-29 16:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Katelynn\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-07-29 16:35 - 2013-07-29 16:35 - 00003403 _____ C:\Users\Katelynn\Desktop\RKreport[0]_D_07292013_163552.txt
2013-07-29 16:27 - 2013-07-29 16:27 - 00015616 _____ C:\Windows\system32\TrueSight.sys
2013-07-29 16:26 - 2013-07-29 16:40 - 00000000 ____D C:\Users\Katelynn\Desktop\RK_Quarantine
2013-07-29 16:26 - 2013-07-29 16:26 - 00916992 _____ C:\Users\Katelynn\Downloads\RogueKiller.exe
2013-07-28 21:24 - 2013-07-28 21:24 - 00068096 _____ C:\Users\Katelynn\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-28 21:21 - 2013-07-28 21:27 - 03596088 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-28 20:00 - 2013-07-28 20:00 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-28 20:00 - 2013-07-28 20:00 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-28 20:00 - 2013-07-28 20:00 - 00175176 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-28 20:00 - 2013-07-28 20:00 - 00001831 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-28 20:00 - 2013-07-28 20:00 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-28 20:00 - 2013-07-28 20:00 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-28 20:00 - 2013-07-28 20:00 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-28 20:00 - 2013-07-28 20:00 - 00000000 _____ C:\Windows\setuperr.log
2013-07-28 20:00 - 2013-07-28 20:00 - 00000000 _____ C:\Windows\setupact.log
2013-07-28 20:00 - 2013-05-09 04:59 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-07-28 20:00 - 2013-05-09 04:59 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-07-28 20:00 - 2013-05-09 04:59 - 00049760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2013-07-28 20:00 - 2013-05-09 04:59 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-07-28 20:00 - 2013-05-09 04:59 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-07-28 19:59 - 2013-05-09 04:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-07-28 19:04 - 2013-07-28 19:45 - 117478104 _____ C:\Users\Katelynn\Downloads\avast_free_antivirus_setup.exe
2013-07-28 19:00 - 2013-08-05 16:10 - 00400955 _____ C:\Windows\WindowsUpdate.log
2013-07-28 16:46 - 2013-07-28 17:05 - 04745728 _____ (AVAST Software) C:\Users\Katelynn\Downloads\aswMBR.exe
2013-07-28 16:43 - 2013-07-28 16:43 - 00000120 ___RH C:\Users\Katelynn\Downloads\Stinger.opt
2013-07-28 16:37 - 2013-07-28 16:43 - 00000641 _____ C:\Users\Katelynn\Downloads\Stinger_28072013_163732.html
2013-07-28 16:33 - 2013-07-28 16:33 - 00167344 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.944e.deleteme
2013-07-28 16:32 - 2013-07-28 16:43 - 00000000 ____D C:\Program Files\stinger
2013-07-28 16:32 - 2013-07-28 16:36 - 00000643 _____ C:\Users\Katelynn\Downloads\Stinger_28072013_163248.html
2013-07-28 16:32 - 2013-07-28 16:32 - 11394080 _____ (McAfee Inc) C:\Users\Katelynn\Downloads\stinger32.exe
2013-07-28 16:32 - 2013-07-28 16:32 - 00490268 _____ C:\Users\Katelynn\Downloads\runtime.dat
2013-07-28 16:32 - 2013-07-28 16:32 - 00000000 ____D C:\Stinger_Quarantine
2013-07-27 19:11 - 2013-07-27 19:11 - 71508223 _____ (Sophos Limited) C:\Users\Katelynn\Downloads\Sophos Virus Removal Tool.exe
2013-07-27 19:09 - 2013-07-27 19:09 - 00000297 _____ C:\Users\Katelynn\Downloads\RootkitRemover20130727190936.txt
2013-07-27 19:09 - 2013-07-27 19:09 - 00000291 _____ C:\Users\Katelynn\Downloads\RootkitRemover20130727190958.txt
2013-07-27 19:09 - 2013-07-27 19:09 - 00000291 _____ C:\Users\Katelynn\Downloads\RootkitRemover20130727190948.txt
2013-07-27 19:09 - 2013-07-27 19:09 - 00000291 _____ C:\Users\Katelynn\Downloads\RootkitRemover20130727190934.txt
2013-07-27 19:04 - 2013-07-27 19:04 - 00551408 _____ (McAfee, Inc.) C:\Users\Katelynn\Downloads\rootkitremover.exe
2013-07-27 19:04 - 2013-07-27 19:04 - 00000029 _____ C:\Users\Katelynn\Downloads\RootkitRemover20130727190427.txt
2013-07-26 22:46 - 2013-07-29 17:26 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-07-26 20:50 - 2013-07-26 20:59 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-26 18:36 - 2013-07-26 21:21 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-26 17:47 - 2013-07-26 17:47 - 00000000 __SHD C:\found.003
2013-07-26 16:53 - 2013-07-26 16:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Katelynn\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-25 18:17 - 2013-07-25 18:17 - 07876512 _____ (Adobe Systems Inc.) C:\Users\Katelynn\Downloads\Shockwave_Installer_Slim.exe
2013-07-25 18:15 - 2013-07-25 18:15 - 00000000 ____D C:\Users\Katelynn\AppData\Roaming\Oracle
2013-07-25 17:34 - 2013-07-25 17:33 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-25 17:33 - 2013-07-25 17:33 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-25 17:33 - 2013-07-25 17:33 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-25 17:33 - 2013-07-25 17:33 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-07-25 17:30 - 2013-07-25 17:30 - 00903080 _____ (Oracle Corporation) C:\Users\Katelynn\Downloads\jre-7u25-windows-i586-iftw.exe
2013-07-25 17:10 - 2013-07-25 17:10 - 00000000 ____D C:\Users\Katelynn\Desktop\Old Firefox Data-2
2013-07-22 19:28 - 2013-07-24 20:45 - 00000132 _____ C:\Users\Katelynn\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-07-21 18:11 - 2013-07-21 18:11 - 00000000 ____D C:\Program Files\Common Files\PACE Anti-Piracy
2013-07-21 18:06 - 2013-07-21 18:06 - 00000000 ____D C:\Program Files\InterLok

==================== One Month Modified Files and Folders =======

2013-08-05 16:15 - 2013-08-01 22:45 - 00035423 _____ C:\Users\Katelynn\Desktop\FRST.txt
2013-08-05 16:12 - 2013-08-05 16:12 - 01228808 _____ (Farbar) C:\Users\Katelynn\Downloads\FRST(1).exe
2013-08-05 16:10 - 2013-07-28 19:00 - 00400955 _____ C:\Windows\WindowsUpdate.log
2013-08-05 15:42 - 2013-02-05 01:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-05 14:30 - 2013-01-31 23:20 - 00000000 ___RD C:\Users\Katelynn\Dropbox
2013-08-05 14:30 - 2013-01-31 23:18 - 00000000 ____D C:\Users\Katelynn\AppData\Roaming\Dropbox
2013-08-05 14:28 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-05 14:28 - 2006-11-02 08:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-05 14:28 - 2006-11-02 08:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-05 03:28 - 2006-11-02 09:01 - 00032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-01 22:47 - 2013-08-01 22:45 - 00016954 _____ C:\Users\Katelynn\Desktop\Addition.txt
2013-08-01 22:46 - 2013-08-01 22:43 - 00016954 _____ C:\Users\Katelynn\Downloads\Addition.txt
2013-08-01 22:41 - 2013-08-01 22:41 - 00000000 ____D C:\FRST
2013-08-01 22:40 - 2013-08-01 22:40 - 01222124 _____ (Farbar) C:\Users\Katelynn\Downloads\FRST.exe
2013-08-01 17:15 - 2013-08-01 17:15 - 00000000 __SHD C:\found.004
2013-07-31 18:07 - 2013-07-31 18:07 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\Katelynn\Downloads\tdsskiller.exe
2013-07-30 20:46 - 2013-07-30 20:46 - 00044895 _____ C:\Users\Katelynn\Desktop\GMER.txt
2013-07-30 20:13 - 2013-07-29 22:00 - 00012753 _____ C:\Users\Katelynn\Desktop\dds.txt
2013-07-30 20:13 - 2013-07-29 22:00 - 00004773 _____ C:\Users\Katelynn\Desktop\attach.txt
2013-07-30 20:11 - 2013-07-30 20:11 - 00688992 ____R (Swearware) C:\Users\Katelynn\Downloads\dds(1).com
2013-07-30 19:46 - 2013-06-29 19:19 - 00000000 ____D C:\Users\Katelynn\Desktop\Photographs
2013-07-29 22:02 - 2013-07-29 22:02 - 00013356 _____ C:\Users\Katelynn\Desktop\DDS-1.txt
2013-07-29 21:56 - 2013-07-29 21:56 - 00688992 ____R (Swearware) C:\Users\Katelynn\Downloads\dds.com
2013-07-29 17:40 - 2013-07-29 17:22 - 00002576 _____ C:\Users\Katelynn\Desktop\Rkill.txt
2013-07-29 17:26 - 2013-07-26 22:46 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-07-29 17:22 - 2013-07-29 17:22 - 01844864 _____ (Bleeping Computer, LLC) C:\Users\Katelynn\Downloads\rkill.com
2013-07-29 16:45 - 2013-07-29 16:45 - 00000000 ____D C:\Program Files\kioskea.exe
2013-07-29 16:42 - 2013-07-29 16:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Katelynn\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-07-29 16:40 - 2013-07-29 16:26 - 00000000 ____D C:\Users\Katelynn\Desktop\RK_Quarantine
2013-07-29 16:35 - 2013-07-29 16:35 - 00003403 _____ C:\Users\Katelynn\Desktop\RKreport[0]_D_07292013_163552.txt
2013-07-29 16:35 - 2008-05-06 13:50 - 00000000 ____D C:\Users\Katelynn\AppData\Roaming\Adobe
2013-07-29 16:27 - 2013-07-29 16:27 - 00015616 _____ C:\Windows\system32\TrueSight.sys
2013-07-29 16:26 - 2013-07-29 16:26 - 00916992 _____ C:\Users\Katelynn\Downloads\RogueKiller.exe
2013-07-29 15:22 - 2008-07-15 01:28 - 00001356 _____ C:\Users\Katelynn\AppData\Local\d3d9caps.dat
2013-07-28 21:27 - 2013-07-28 21:21 - 03596088 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-28 21:24 - 2013-07-28 21:24 - 00068096 _____ C:\Users\Katelynn\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-28 20:00 - 2013-07-28 20:00 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-28 20:00 - 2013-07-28 20:00 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-28 20:00 - 2013-07-28 20:00 - 00175176 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-28 20:00 - 2013-07-28 20:00 - 00001831 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-28 20:00 - 2013-07-28 20:00 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-28 20:00 - 2013-07-28 20:00 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-28 20:00 - 2013-07-28 20:00 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-28 20:00 - 2013-07-28 20:00 - 00000000 _____ C:\Windows\setuperr.log
2013-07-28 20:00 - 2013-07-28 20:00 - 00000000 _____ C:\Windows\setupact.log
2013-07-28 20:00 - 2006-11-02 06:23 - 00002577 _____ C:\Windows\system32\config.nt
2013-07-28 19:58 - 2013-02-07 21:26 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-28 19:58 - 2013-02-07 21:26 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-28 19:45 - 2013-07-28 19:04 - 117478104 _____ C:\Users\Katelynn\Downloads\avast_free_antivirus_setup.exe
2013-07-28 19:06 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\LogFiles
2013-07-28 18:59 - 2010-06-22 10:34 - 00000000 ____D C:\Users\Katelynn\AppData\Local\CrashDumps
2013-07-28 17:05 - 2013-07-28 16:46 - 04745728 _____ (AVAST Software) C:\Users\Katelynn\Downloads\aswMBR.exe
2013-07-28 16:43 - 2013-07-28 16:43 - 00000120 ___RH C:\Users\Katelynn\Downloads\Stinger.opt
2013-07-28 16:43 - 2013-07-28 16:37 - 00000641 _____ C:\Users\Katelynn\Downloads\Stinger_28072013_163732.html
2013-07-28 16:43 - 2013-07-28 16:32 - 00000000 ____D C:\Program Files\stinger
2013-07-28 16:36 - 2013-07-28 16:32 - 00000643 _____ C:\Users\Katelynn\Downloads\Stinger_28072013_163248.html
2013-07-28 16:33 - 2013-07-28 16:33 - 00167344 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.944e.deleteme
2013-07-28 16:32 - 2013-07-28 16:32 - 11394080 _____ (McAfee Inc) C:\Users\Katelynn\Downloads\stinger32.exe
2013-07-28 16:32 - 2013-07-28 16:32 - 00490268 _____ C:\Users\Katelynn\Downloads\runtime.dat
2013-07-28 16:32 - 2013-07-28 16:32 - 00000000 ____D C:\Stinger_Quarantine
2013-07-27 20:22 - 2011-03-19 22:31 - 00000000 ____D C:\Users\Katelynn\Desktop\Sesu Project
2013-07-27 19:11 - 2013-07-27 19:11 - 71508223 _____ (Sophos Limited) C:\Users\Katelynn\Downloads\Sophos Virus Removal Tool.exe
2013-07-27 19:09 - 2013-07-27 19:09 - 00000297 _____ C:\Users\Katelynn\Downloads\RootkitRemover20130727190936.txt
2013-07-27 19:09 - 2013-07-27 19:09 - 00000291 _____ C:\Users\Katelynn\Downloads\RootkitRemover20130727190958.txt
2013-07-27 19:09 - 2013-07-27 19:09 - 00000291 _____ C:\Users\Katelynn\Downloads\RootkitRemover20130727190948.txt
2013-07-27 19:09 - 2013-07-27 19:09 - 00000291 _____ C:\Users\Katelynn\Downloads\RootkitRemover20130727190934.txt
2013-07-27 19:04 - 2013-07-27 19:04 - 00551408 _____ (McAfee, Inc.) C:\Users\Katelynn\Downloads\rootkitremover.exe
2013-07-27 19:04 - 2013-07-27 19:04 - 00000029 _____ C:\Users\Katelynn\Downloads\RootkitRemover20130727190427.txt
2013-07-26 21:21 - 2013-07-26 18:36 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-26 20:59 - 2013-07-26 20:50 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-26 17:47 - 2013-07-26 17:47 - 00000000 __SHD C:\found.003
2013-07-26 16:54 - 2013-07-26 16:53 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Katelynn\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-25 18:34 - 2013-06-28 17:56 - 00001734 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-07-25 18:18 - 2010-06-01 09:40 - 00000000 ____D C:\Windows\system32\Adobe
2013-07-25 18:17 - 2013-07-25 18:17 - 07876512 _____ (Adobe Systems Inc.) C:\Users\Katelynn\Downloads\Shockwave_Installer_Slim.exe
2013-07-25 18:16 - 2008-03-18 19:48 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-25 18:15 - 2013-07-25 18:15 - 00000000 ____D C:\Users\Katelynn\AppData\Roaming\Oracle
2013-07-25 18:15 - 2013-04-12 16:19 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-25 17:33 - 2013-07-25 17:34 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-25 17:33 - 2013-07-25 17:33 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-25 17:33 - 2013-07-25 17:33 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-25 17:33 - 2013-07-25 17:33 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-07-25 17:33 - 2012-07-10 18:35 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-07-25 17:33 - 2010-05-20 08:16 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-07-25 17:30 - 2013-07-25 17:30 - 00903080 _____ (Oracle Corporation) C:\Users\Katelynn\Downloads\jre-7u25-windows-i586-iftw.exe
2013-07-25 17:26 - 2012-09-04 14:20 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-07-25 17:26 - 2012-01-22 23:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-07-25 17:26 - 2008-05-20 00:37 - 00000000 ____D C:\Users\Katelynn\AppData\Local\Adobe
2013-07-25 17:10 - 2013-07-25 17:10 - 00000000 ____D C:\Users\Katelynn\Desktop\Old Firefox Data-2
2013-07-24 20:45 - 2013-07-22 19:28 - 00000132 _____ C:\Users\Katelynn\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-07-24 17:54 - 2010-03-26 08:42 - 00000000 ____D C:\Users\Katelynn\AppData\Roaming\Audacity
2013-07-24 00:31 - 2008-05-25 10:09 - 00002595 _____ C:\Users\Katelynn\Desktop\Microsoft Word.lnk
2013-07-22 15:19 - 2010-05-04 09:38 - 00000000 ____D C:\Program Files\Audacity 1.3 Beta (Unicode)
2013-07-22 15:19 - 2008-05-01 10:00 - 00000000 ____D C:\Users\Katelynn
2013-07-22 15:19 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\spool
2013-07-22 15:19 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\Msdtc
2013-07-22 15:19 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\registration
2013-07-22 15:19 - 2006-11-02 06:22 - 41943040 _____ C:\Windows\system32\config\software_previous
2013-07-22 15:19 - 2006-11-02 06:22 - 34340864 _____ C:\Windows\system32\config\components_previous
2013-07-22 15:19 - 2006-11-02 06:22 - 23592960 _____ C:\Windows\system32\config\system_previous
2013-07-22 15:19 - 2006-11-02 06:22 - 00786432 _____ C:\Windows\system32\config\default_previous
2013-07-22 15:19 - 2006-11-02 06:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2013-07-22 15:19 - 2006-11-02 06:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2013-07-21 18:11 - 2013-07-21 18:11 - 00000000 ____D C:\Program Files\Common Files\PACE Anti-Piracy
2013-07-21 18:06 - 2013-07-21 18:06 - 00000000 ____D C:\Program Files\InterLok
2013-07-20 17:26 - 2009-04-09 21:23 - 00000000 ____D C:\Windows\Minidump
2013-07-12 20:42 - 2010-08-19 23:52 - 00000000 ____D C:\Users\Katelynn\AppData\Roaming\Vso
2013-07-12 01:10 - 2013-05-09 21:39 - 00000000 ____D C:\Users\Katelynn\AppData\Roaming\dBpoweramp
2013-07-12 01:10 - 2008-05-01 10:08 - 00167424 _____ C:\Users\Katelynn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-08 22:14 - 2011-09-12 01:36 - 00000000 ____D C:\Users\Katelynn\Documents\ConvertXtoDVD
2013-07-08 21:59 - 2013-06-18 21:33 - 00000000 ____D C:\Users\Katelynn\AppData\Roaming\vlc

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-388320372-3171994607-2745187211-1000\$050076a3fdf72717b23ae8ebb8ea3a1e

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$050076a3fdf72717b23ae8ebb8ea3a1e

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-05 14:36

==================== End Of Log ============================

Attached Files


  • 0

#4
BohoGypsy

BohoGypsy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
I know that up to date logs are best, but here are the GMER and DDS logs I did the other day. I will be happy to run them again, but I thought I should give as much insight as possible into this little sad machine...

Attached Files


  • 0

#5
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Download the enclosed file.

Save it next to FRST.

Run FRST, except that this time around click on the Fix button and wait.

The tool will make a log next to FRST (Fixlog.txt) please post it to your reply.

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please post it in your next reply.

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
  • 0

#6
BohoGypsy

BohoGypsy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Quick question: I already have Malwarebytes installed on computer. That is the one that always freezes. Should I uninstall Malwarebytes before downloading the new one. I also have AVAST and Hitman pro {patched version}, and Microsoft Security Essentials that I will disable. Let me know if I should remove any first.
  • 0

#7
BohoGypsy

BohoGypsy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Here is the fixlog--I will post as I work my way down the list.

Attached Files


  • 0

#8
BohoGypsy

BohoGypsy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Here is the JRT log

Attached Files

  • Attached File  JRT.txt   5.16KB   146 downloads

  • 0

#9
BohoGypsy

BohoGypsy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Here is the AdwCleaner log

Attached Files


  • 0

#10
BohoGypsy

BohoGypsy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
"Houston, we have a problem"--

I did all the steps and downloaded Malwarebytes and went to run and again we are back to the first problem, It just freezes. The only difference is that nothing was detected this time, whereas the first time I encountered this problem last week it found 3 infected files. Basically every software I run for detection and removal freezes. There is something odd though. Malwarebytes always freezes at c:\users\katelynn\AppData\Roaming\Frostwire\.AppSpecialshare\Frostwire-5.2.11.windows.exe.torrent.

The other programs Avast etc. only freeze at the end of the scanning process {i.e.94-98%).
  • 0

Advertisements


#11
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Please attach the Addition.txt previously created when FRST was ran.
  • 0

#12
BohoGypsy

BohoGypsy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Here is the addition txt

Attached Files


  • 0

#13
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Lets check for file's integrity.

Open an administrator command prompt (Start -> type CMD and press Ctrl+Shift+Enter.) At the prompt type the following and press Enter:

SFC /Scannow

Upon finished, type Exit and Press Enter to return to Windows. Let me know the outcome.
  • 0

#14
BohoGypsy

BohoGypsy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
When I did as you said, I get the following reply which I attached. I did go into my C drive (which is in the red, and it shouldn't be as last week I had more than enough space left) and look under logs but when I click on CBS log it states "You are not permitted to view file"--and then it opens a blank note pad file. I am the system admin and no one else has an account on my computer. I always run and open everything as administrator.

Attached Files


  • 0

#15
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Run FRST as you did before.

Type the following in the edit box on FRST, after "Search:".

CBS.log

It then should look like:

Search: CBS.log

Click Search button and post the log (Search.txt) it makes on the USB drive in your next reply.

Try to upload the file here.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP