DOS Alureon.A programs won't open

Inactive
By JSJ3D
Oct 16, 2012
  1. Hello,

    I'm fixing a laptop for a friend, and have found a ruthless infection of the Alureon.A rootkit. The computer won't run any programs from within Windows 7 64-bit. So, I haven't been able to use TDSSKiller to stop the infection. I have a working Windows Recovery CD. I also have logs from FRST64.exe. I would appreciate any help getting programs to start running again so I can stop this thing. Thank you!



    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-10-2012
    Ran by SYSTEM at 16-10-2012 02:00:15
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
    HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
    HKU\Matt\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
    HKU\Matt\...\CurrentVersion\Windows: [Load] C:\Users\Matt\AppData\Local\Temp\{50279~1.EXE
    HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-12-02] (Softthinks)
    HKLM-x32\...\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120048 2009-12-02] ()
    Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
    Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Matt\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

    ==================== Services (Whitelisted) ===================

    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
    2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)

    ==================== Drivers (Whitelisted) =====================

    3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-10-16 01:59 - 2012-10-16 01:59 - 00000000 ____D C:\FRST
    2012-10-15 18:14 - 2012-10-15 18:14 - 00000000 ____D C:\Windows\Microsoft Antimalware
    2012-10-15 17:23 - 2012-10-15 11:24 - 02213464 ____A (Kaspersky Lab ZAO) C:\Users\Matt\Desktop\cmd.exe
    2012-10-15 17:04 - 2012-10-15 14:55 - 03941312 ____A (Piriform Ltd) C:\Users\Matt\Desktop\ccsetup323.exe
    2012-10-15 13:35 - 2012-10-15 11:33 - 00080384 ____A C:\Users\Matt\Desktop\MBRCheck.exe
    2012-10-11 16:26 - 2012-10-15 17:17 - 00000005 ____A C:\Users\Matt\AppData\Roaming\mbam.context.scan
    2012-10-11 06:53 - 2012-10-15 21:39 - 00002004 ____A C:\Windows\setupact.log
    2012-10-11 06:53 - 2012-10-11 06:53 - 00000000 ____A C:\Windows\setuperr.log
    2012-10-11 04:58 - 2012-10-15 21:52 - 01165142 ____A C:\Windows\WindowsUpdate.log
    2012-10-11 04:56 - 2012-10-15 21:39 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-11 04:56 - 2012-10-11 04:56 - 00006424 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-10-11 00:40 - 2012-10-11 00:40 - 00000000 ____D C:\Windows\Sun
    2012-10-10 23:10 - 2012-10-10 23:10 - 00000129 ____A C:\Windows\System32\MRT.INI
    2012-10-10 15:29 - 2012-10-10 15:29 - 00000000 ____D C:\Users\Matt\Downloads\Wanderlust.2012.720p.BluRay.X264-BLOW [PublicHD]
    2012-10-10 14:52 - 2012-10-10 14:53 - 00000000 ____D C:\Users\Matt\Downloads\HORRIBLE BOSSES 2011 UNCUT HD 720p BRRip 5.1AAC x264-ILPruny
    2012-10-10 14:26 - 2012-10-10 14:37 - 00000000 ____D C:\Users\Matt\Downloads\Derailed[2005]Unrated.DvDrip[Eng]-aXXo
    2012-10-10 14:25 - 2012-10-10 14:29 - 00000000 ____D C:\Users\Matt\Downloads\Just Go with It (2011) DVDRip XviD-MAXSPEED
    2012-10-10 14:22 - 2012-10-10 14:25 - 00000000 ____D C:\Users\Matt\Downloads\The.Switch.DVDRip.XviD-VAMPS
    2012-10-10 14:22 - 2012-10-10 14:22 - 00000000 ____D C:\Users\Matt\Downloads\Rumor.Has.It.2005.DVDRip.xVID-LRC
    2012-10-10 14:21 - 2012-10-10 14:22 - 00000000 ____D C:\Users\Matt\Downloads\Katy.Perry.Part.of.Me.2012.HDRip.XVID.AC3.HQ.Hive-CM8
    2012-10-10 10:05 - 2012-10-11 06:51 - 00000000 ____D C:\Windows\Minidump
    2012-10-10 03:51 - 2012-06-01 21:25 - 01462784 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-10-10 03:51 - 2012-06-01 21:25 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-10-10 03:51 - 2012-06-01 21:25 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-10-10 03:50 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-10-10 03:49 - 2012-08-31 10:02 - 01656688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-10-10 03:49 - 2012-08-18 07:43 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-10-10 03:49 - 2012-08-18 07:43 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-10-10 03:49 - 2012-08-18 07:43 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-10-10 03:49 - 2012-08-18 07:42 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-10-10 03:49 - 2012-08-18 07:40 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-10-10 03:49 - 2012-08-18 07:37 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-10-10 03:49 - 2012-08-18 07:37 - 00425984 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-10-10 03:49 - 2012-08-18 07:34 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-10-10 03:49 - 2012-08-18 07:22 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 01:07 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 01:07 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 01:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 01:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-10-10 03:48 - 2012-09-14 11:23 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-10-10 03:48 - 2012-08-10 16:53 - 00714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-10-09 20:52 - 2012-10-09 21:26 - 00000000 ____D C:\Users\Matt\Downloads\The Pact (2012) BRRip Xvid AC3-Anarchy
    2012-10-09 19:58 - 2012-10-09 20:23 - 00000000 ____D C:\Users\Matt\Downloads\The.Artist.2011.720p.BRRip.x264.AAC-ViSiON
    2012-10-09 19:56 - 2012-10-09 20:42 - 00000000 ____D C:\Users\Matt\Downloads\The Five-Year Engagement.2012.Unrated.DVDRip.XviD.AbSurdiTy
    2012-10-09 19:35 - 2012-10-09 19:39 - 00000000 ____D C:\Users\Matt\Downloads\THE BACK-UP PLAN [2010] DVD Rip Xvid [StB]
    2012-10-09 19:34 - 2012-10-09 20:47 - 00000000 ____D C:\Users\Matt\Downloads\The.Lucky.One.2012.BDRip.XviD-AMIABLE
    2012-10-09 19:34 - 2012-10-09 20:18 - 00000000 ____D C:\Users\Matt\Downloads\Safe.DVDRip.XviD-DoNE
    2012-10-09 19:23 - 2012-10-09 19:32 - 00000000 ____D C:\Users\Matt\Downloads\People.Like.Us.2012.DVDRip.XviD-SPARKS
    2012-10-09 19:22 - 2012-10-09 19:23 - 00000000 ____D C:\Users\Matt\Downloads\Magic.Mike.2012.R5.DVDRip.XviD-RESiSTANCE
    2012-10-09 18:47 - 2012-10-09 18:59 - 00000000 ____D C:\Users\Matt\Downloads\Aeon.Flux[2005]DvDrip.AC3[Eng]-aXXo
    2012-10-09 18:43 - 2012-10-09 19:21 - 00000000 ____D C:\Users\Matt\Downloads\Hancock[2008]DvDrip-aXXo
    2012-10-09 18:42 - 2012-10-09 19:20 - 735417958 ____A C:\Users\Matt\Downloads\Monster.2003.DvdRip.Xvid Noir.[UsaBit.com].avi
    2012-10-09 18:40 - 2012-10-09 22:15 - 735567872 ____A C:\Users\Matt\Downloads\North.Country[2005]DvDrip[Eng]-aXXo.avi
    2012-10-09 18:38 - 2012-10-09 18:58 - 00000000 ____D C:\Users\Matt\Downloads\The Cider House Rules
    2012-10-09 17:57 - 2012-10-09 18:16 - 736165888 ____A C:\Users\Matt\Downloads\50.50.2011.DVDScr.XviD-playXD.avi
    2012-10-09 16:47 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
    2012-10-09 16:08 - 2012-10-09 16:19 - 00000000 ____D C:\Users\Matt\Downloads\El Espinazo del Diablo (Kregoslup Diabla) (2001) [DivX] DVDRiP]
    2012-10-09 16:04 - 2012-10-09 16:13 - 00000000 ____D C:\Users\Matt\Downloads\The.Orphanage[El.Orfanato][2007]DvDrip[Eng.Hard.Subs]-aXXo
    2012-10-09 15:45 - 2012-10-09 15:47 - 00000000 ____D C:\Users\Matt\Downloads\Young Adult[2011]BRRip XviD-ETRG
    2012-10-09 15:44 - 2012-10-09 15:48 - 00000000 ____D C:\Users\Matt\Downloads\Fright.Night.2011.BRRip.XviD.AC3-LYCAN
    2012-10-08 15:41 - 2012-10-08 15:50 - 00000000 ____D C:\Users\Matt\few.dollars
    2012-10-08 15:03 - 2012-10-08 15:36 - 00000000 ____D C:\Users\Matt\Aliens Special Edition (1986)
    2012-10-08 15:02 - 2012-10-08 16:05 - 00000000 ____D C:\Users\Matt\Dirty Harry (1971)
    2012-10-08 14:59 - 2012-10-08 15:06 - 00000000 ____D C:\Users\Matt\Downloads\Cool.Hand.Luke.1967.592x240.25fps.689kbs.96mp3.MultiSub.WunSeeDee
    2012-10-07 17:54 - 2012-10-08 14:49 - 00000000 ____D C:\Users\Matt\Downloads\John Wayne - The Searchers [1956] DVDRIP
    2012-10-07 17:53 - 2012-10-08 13:45 - 00000000 ____D C:\Users\Matt\Downloads\There Will Be Blood (2007)
    2012-10-07 17:52 - 2012-10-08 14:54 - 840620032 ____A C:\Users\Matt\Downloads\Midnight.Run[1988]DvDrip.AC3[Eng]-Zeus_Dias.avi
    2012-10-07 17:37 - 2012-10-08 15:21 - 00000000 ____D C:\Users\Matt\Downloads\Alien Directors Cut (1979)
    2012-10-07 17:37 - 2012-10-07 17:50 - 00000000 ____D C:\Users\Matt\Downloads\John Wayne - The Cowboys [1972] TVRIP
    2012-10-07 17:36 - 2012-10-08 15:44 - 00000000 ____D C:\Users\Matt\Downloads\Once.Upon.A.Time.In.The.West.1968.528.25fps.538kbps.V5mp3.WunSeeDee
    2012-10-07 17:35 - 2012-10-08 15:08 - 00000000 ____D C:\Users\Matt\Downloads\LA Confidential {1997} 720p BRRip x264 - HDMiCRO by Mr. KickASS
    2012-10-07 17:28 - 2012-10-07 19:47 - 00000000 ____D C:\Users\Matt\Downloads\Inglourious Basterds (2009) DVDRip XviD-MAXSPEED
    2012-10-07 17:25 - 2012-10-08 13:45 - 00000000 ____D C:\Users\Matt\Downloads\Leon[The Professional]1994.DvdRip.eng
    2012-10-07 17:16 - 2012-10-07 19:47 - 00000000 ____D C:\Users\Matt\Downloads\The Imaginarium of Doctor Parnassus[2009]DvDrip[Eng]-FXG
    2012-10-07 17:10 - 2012-10-07 17:10 - 00000000 ____D C:\Users\Matt\Downloads\A Beautiful Mind 2001 dvdrip.(www.USABIT.com)
    2012-10-07 17:08 - 2012-10-07 19:47 - 00000000 ____D C:\Users\Matt\Downloads\The Godfather Trilogy Part 1, 2 & 3 DVDRip
    2012-10-06 17:26 - 2012-10-06 17:37 - 00000000 ____D C:\Users\Matt\Downloads\Abraham.Lincoln.Vampire.Hunter.2012.TS.XviD-ADTRG
    2012-10-03 17:29 - 2012-10-03 17:29 - 00000000 ____D C:\Users\Matt\Downloads\Underworld Awakening[2012]R5 Full Line XviD-ETRG
    2012-10-03 17:22 - 2012-10-03 17:46 - 00000000 ____D C:\Users\Matt\Downloads\Chernobyl.Diaries.2012.DVDRip.XviD-PTpOWeR
    2012-10-03 17:17 - 2012-10-03 17:18 - 00000000 ____D C:\Users\Matt\Downloads\Snow.White.and.the.Huntsman.2012.EXTENDED.BDRip.XviD-AMIABLE
    2012-10-03 16:26 - 2012-10-03 17:25 - 00000000 ____D C:\Users\Matt\Downloads\The.Amazing.Spiderman.2012.TS.XViD.AC3.Hive-CM8
    2012-10-03 16:04 - 2012-10-03 16:18 - 00000000 ____D C:\Users\Matt\Downloads\[ www.Torrenting.com ] - The.Avengers.2012.DVDRip.XviD-NYDIC
    2012-09-30 16:58 - 2012-09-30 17:02 - 00000000 ____D C:\Users\Matt\Downloads\[ www.Torrenting.com ] - VHS.2012.VODRip.XviD-AQOS
    2012-09-30 15:56 - 2012-09-30 15:56 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Malwarebytes
    2012-09-30 15:56 - 2012-09-30 15:56 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-09-30 15:56 - 2012-09-30 15:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-30 15:56 - 2012-09-07 13:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-30 15:55 - 2012-09-30 15:56 - 00000000 ____D C:\Users\Matt\Downloads\Paranorman.2012.TS.XViD.READNFO-MATiNE
    2012-09-30 15:47 - 2012-09-30 15:47 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Mozilla
    2012-09-30 15:47 - 2012-09-30 15:47 - 00000000 ____D C:\Users\Matt\AppData\Local\Mozilla
    2012-09-30 15:47 - 2012-09-30 15:47 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-09-30 15:43 - 2012-09-30 15:43 - 00000000 ____D C:\Program Files (x86)\uTorrent
    2012-09-30 15:42 - 2012-10-11 03:43 - 00000000 ____D C:\Users\Matt\AppData\Roaming\uTorrent
    2012-09-22 23:01 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-09-22 23:01 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-09-22 23:01 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-09-22 23:01 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-09-22 23:01 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-09-22 23:00 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-09-22 23:00 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-09-22 23:00 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-09-22 23:00 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-09-22 23:00 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-09-22 23:00 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-09-22 23:00 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-09-22 23:00 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-09-22 23:00 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-09-22 23:00 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-09-22 23:00 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-09-22 23:00 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-09-22 23:00 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-09-22 23:00 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-09-22 23:00 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-09-22 23:00 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-09-22 23:00 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-09-22 23:00 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-09-22 23:00 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-09-22 23:00 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-09-22 23:00 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-09-22 23:00 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-09-22 23:00 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-09-22 23:00 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-09-22 23:00 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-09-22 23:00 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-09-22 23:00 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-09-19 11:04 - 2012-09-19 11:04 - 00001144 ____A C:\Users\Matt\Documents\TV Shows.txt

    ==================== 3 Months Modified Files ==================

    2012-10-15 21:52 - 2012-10-11 04:58 - 01165142 ____A C:\Windows\WindowsUpdate.log
    2012-10-15 21:46 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-10-15 21:46 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-10-15 21:44 - 2009-07-13 21:13 - 00005152 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-10-15 21:39 - 2012-10-11 06:53 - 00002004 ____A C:\Windows\setupact.log
    2012-10-15 21:39 - 2012-10-11 04:56 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-15 19:10 - 2009-07-13 20:45 - 00369448 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-10-15 17:17 - 2012-10-11 16:26 - 00000005 ____A C:\Users\Matt\AppData\Roaming\mbam.context.scan
    2012-10-15 14:55 - 2012-10-15 17:04 - 03941312 ____A (Piriform Ltd) C:\Users\Matt\Desktop\ccsetup323.exe
    2012-10-15 11:33 - 2012-10-15 13:35 - 00080384 ____A C:\Users\Matt\Desktop\MBRCheck.exe
    2012-10-15 11:24 - 2012-10-15 17:23 - 02213464 ____A (Kaspersky Lab ZAO) C:\Users\Matt\Desktop\cmd.exe
    2012-10-11 06:53 - 2012-10-11 06:53 - 00000000 ____A C:\Windows\setuperr.log
    2012-10-11 04:56 - 2012-10-11 04:56 - 00006424 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-10-10 23:10 - 2012-10-10 23:10 - 00000129 ____A C:\Windows\System32\MRT.INI
    2012-10-10 23:08 - 2011-06-26 17:02 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-10-09 22:15 - 2012-10-09 18:40 - 735567872 ____A C:\Users\Matt\Downloads\North.Country[2005]DvDrip[Eng]-aXXo.avi
    2012-10-09 19:20 - 2012-10-09 18:42 - 735417958 ____A C:\Users\Matt\Downloads\Monster.2003.DvdRip.Xvid Noir.[UsaBit.com].avi
    2012-10-09 18:16 - 2012-10-09 17:57 - 736165888 ____A C:\Users\Matt\Downloads\50.50.2011.DVDScr.XviD-playXD.avi
    2012-10-09 16:46 - 2010-02-24 07:59 - 01404402 ____A C:\Windows\PFRO.log
    2012-10-08 14:54 - 2012-10-07 17:52 - 840620032 ____A C:\Users\Matt\Downloads\Midnight.Run[1988]DvDrip.AC3[Eng]-Zeus_Dias.avi
    2012-10-01 23:01 - 2011-06-26 15:57 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-09-19 11:04 - 2012-09-19 11:04 - 00001144 ____A C:\Users\Matt\Documents\TV Shows.txt
    2012-09-14 11:23 - 2012-10-10 03:48 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-09-07 13:04 - 2012-09-30 15:56 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-08-31 10:02 - 2012-10-10 03:49 - 01656688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-08-30 18:03 - 2012-08-30 18:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
    2012-08-30 18:03 - 2010-10-24 17:25 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
    2012-08-27 19:25 - 2012-08-27 19:12 - 554865571 ____A C:\Users\Matt\Downloads\flyonthewall.7z
    2012-08-24 10:05 - 2012-10-10 03:50 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-08-24 03:15 - 2012-09-22 23:00 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-24 02:39 - 2012-09-22 23:00 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-24 02:31 - 2012-09-22 23:00 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-24 02:22 - 2012-09-22 23:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-24 02:21 - 2012-09-22 23:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-24 02:20 - 2012-09-22 23:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-24 02:18 - 2012-09-22 23:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-24 02:17 - 2012-09-22 23:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-24 02:14 - 2012-09-22 23:00 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-24 02:14 - 2012-09-22 23:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-24 02:13 - 2012-09-22 23:00 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-24 02:12 - 2012-09-22 23:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-24 02:11 - 2012-09-22 23:00 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-24 02:10 - 2012-09-22 23:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-24 02:09 - 2012-09-22 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-24 02:04 - 2012-09-22 23:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-23 23:27 - 2012-09-22 23:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-23 23:03 - 2012-09-22 23:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-23 22:59 - 2012-09-22 23:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-23 22:51 - 2012-09-22 23:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-23 22:51 - 2012-09-22 23:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-23 22:51 - 2012-09-22 23:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-23 22:49 - 2012-09-22 23:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-23 22:48 - 2012-09-22 23:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-23 22:47 - 2012-09-22 23:01 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-08-23 22:47 - 2012-09-22 23:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-23 22:47 - 2012-09-22 23:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-23 22:45 - 2012-09-22 23:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-08-23 22:44 - 2012-09-22 23:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-23 22:44 - 2012-09-22 23:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-23 22:43 - 2012-09-22 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-23 22:40 - 2012-09-22 23:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-20 17:40 - 2012-08-20 17:27 - 516627571 ____A C:\Users\Matt\Downloads\comptroller.7z
    2012-08-18 07:43 - 2012-10-10 03:49 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-08-18 07:43 - 2012-10-10 03:49 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-08-18 07:43 - 2012-10-10 03:49 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-08-18 07:42 - 2012-10-10 03:49 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-08-18 07:40 - 2012-10-10 03:49 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-08-18 07:37 - 2012-10-10 03:49 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-08-18 07:37 - 2012-10-10 03:49 - 00425984 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-08-18 07:34 - 2012-10-10 03:49 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-08-18 07:22 - 2012-10-10 03:49 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-08-18 01:07 - 2012-10-10 03:49 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-08-18 01:07 - 2012-10-10 03:49 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-18 01:07 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-18 01:07 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-08-13 15:55 - 2012-08-13 15:48 - 425896419 ____A C:\Users\Matt\Downloads\itsfillertime.7z
    2012-08-10 16:53 - 2012-10-10 03:48 - 00714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-08-07 18:28 - 2012-08-07 18:12 - 579086835 ____A C:\Users\Matt\Downloads\lilitheve.7z
    2012-08-02 09:55 - 2012-09-12 04:19 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-08-02 09:05 - 2012-09-12 04:19 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2012-07-31 15:54 - 2012-07-31 15:47 - 462755011 ____A C:\Users\Matt\Downloads\mayfaeday (1).7z
    2012-07-23 17:53 - 2012-07-23 17:45 - 509087203 ____A C:\Users\Matt\Downloads\stakesauce.7z

    ATTENTION: ========> Check for possible partition/boot infection:
    C:\Windows\svchost.exe

    ==================== Known DLLs (Whitelisted) =================

    C:\Windows\SysWOW64\kernel32.dll IS MISSING <==== ATTENTION!

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    TDL4: custom:26000022 <===== ATTENTION!

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-10-11 06:52:48
    Restore point made on: 2012-10-11 07:03:23
    Restore point made on: 2012-10-11 07:37:22
    Restore point made on: 2012-10-11 15:04:20
    Restore point made on: 2012-10-11 20:22:29
    Restore point made on: 2012-10-12 06:20:40
    Restore point made on: 2012-10-15 11:01:35
    Restore point made on: 2012-10-15 13:13:19
    Restore point made on: 2012-10-15 20:19:27
    Restore point made on: 2012-10-15 21:52:40

    ==================== Memory info ===========================

    Percentage of memory in use: 18%
    Total physical RAM: 3032.36 MB
    Available physical RAM: 2479.98 MB
    Total Pagefile: 3030.51 MB
    Available Pagefile: 2472.92 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:106.61 GB) NTFS
    2 Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
    4 Drive g: () (Removable) (Total:3.73 GB) (Free:3.25 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    ATTENTION: Malware custom entry on BCD on drive y: detected. Check for MBR/Partition infection.

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 232 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 Online 3823 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 31 KB
    Partition 2 Primary 14 GB 40 MB
    Partition 3 Primary 218 GB 14 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 FAT Partition 39 MB Healthy Hidden

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y RECOVERY NTFS Partition 14 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 218 GB Healthy

    =========================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3823 MB 16 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 0B
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G FAT32 Removable 3823 MB Healthy

    =========================================================

    Last Boot: 2012-10-05 23:38

    ==================== End Of Log =============================
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    In FRST, place "kernel32.dll" in the search box, do a scan and post the log for the search...
  3. JSJ3D

    JSJ3D Newcomer, in training Topic Starter

    DragonMaster Jay,

    Thank you so much for taking the time to help. I've been fixing computers for many moons but this is the first time I've had to participate in a tech forum. I know when I'm beat, so I'm at your mercy! I won't be going to other forums or trying anything else. This rootkit has resisted everything I throw at it anyway. Here is the log file you requested.

    Farbar Recovery Scan Tool (x64) Version: 15-10-2012
    Ran by SYSTEM at 2012-10-16 20:59:22
    Running from G:\

    ================== Search: "kernel32.dll" ===================

    C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_fc7f5397ba9be6d3\kernel32.dll
    [2011-08-09 23:37] - [2011-07-15 20:49] - 1114112 ____A (Microsoft Corporation) D3CB12854171DF61D117D7C2BF22C675

    C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_fcbb64efba6df328\kernel32.dll
    [2011-07-13 10:02] - [2011-05-13 23:33] - 0837632 ____A (Microsoft Corporation) CC5CBC069944E7EA70D8674478A70A37

    C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_fc0a565aa16ef5d0\kernel32.dll
    [2011-08-09 23:37] - [2011-07-15 20:24] - 1114112 ____A (Microsoft Corporation) 99C3F8E9CC59D95666EB8D8A8B4C2BEB

    C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_fc3b97c6a1491e16\kernel32.dll
    [2011-07-13 10:02] - [2011-05-13 22:22] - 0837632 ____A (Microsoft Corporation) 166116134C58DC36400DE59ACD64FB39

    C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_fad7ada7bd46d3d5\kernel32.dll
    [2011-08-09 23:37] - [2011-07-15 20:21] - 1114112 ____A (Microsoft Corporation) 2113248DB2D1AF9CA790B09F3E6C6E85

    C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20978_none_fa9ef84dbd7012f1\kernel32.dll
    [2011-07-13 10:02] - [2011-06-02 21:58] - 1114112 ____A (Microsoft Corporation) 6EB2AEE15C20681E323E9A3E334FE6CF

    C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_fa543a76a42398d3\kernel32.dll
    [2011-07-13 10:02] - [2011-05-13 22:32] - 0837120 ____A (Microsoft Corporation) 40EACEE0B6432CBE2459A11B298E9D88

    C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_fa07813aa45d5150\kernel32.dll
    [2009-07-13 15:16] - [2009-07-13 17:11] - 0836608 ____A (Microsoft Corporation) 606ECB76A424CC535407E7A24E2A34BC

    C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_f22aa945863b24d8\kernel32.dll
    [2011-08-09 23:37] - [2011-07-15 21:28] - 1163264 ____A (Microsoft Corporation) 27AC02D8EE4C02E7648C41CB880151DA

    C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_f266ba9d860d312d\kernel32.dll
    [2011-07-13 10:02] - [2011-05-13 23:11] - 1163264 ____A (Microsoft Corporation) 6743E8705A96FCBF71279B5AE2CCFDBC

    C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_f1b5ac086d0e33d5\kernel32.dll
    [2011-08-09 23:37] - [2011-07-15 21:37] - 1162752 ____A (Microsoft Corporation) B9B42A302325537D7B9DC52D47F33A73

    C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_f1e6ed746ce85c1b\kernel32.dll
    [2011-07-13 10:02] - [2011-05-13 23:20] - 1162752 ____A (Microsoft Corporation) 0E1B2E16235AA7F89F064EE75DFC905E

    C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_f083035588e611da\kernel32.dll
    [2011-08-09 23:37] - [2011-07-15 21:21] - 1162240 ____A (Microsoft Corporation) 06835B46D9676BEDD80AF25ACF6845FD

    C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20978_none_f04a4dfb890f50f6\kernel32.dll
    [2011-07-13 10:02] - [2011-06-02 22:54] - 1162240 ____A (Microsoft Corporation) 8225958BAC83EAFCDB6BAB6EE5EDF6E6

    C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_efff90246fc2d6d8\kernel32.dll
    [2011-07-13 10:02] - [2011-05-13 23:36] - 1162240 ____A (Microsoft Corporation) 98DA1B7572DAD6BA10296E0DF0950B37

    C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_efb2d6e86ffc8f55\kernel32.dll
    [2009-07-13 15:28] - [2009-07-13 17:41] - 1162240 ____A (Microsoft Corporation) 5B4B379AD10DEDA4EDA01B8C6961B193

    C:\WINDOWS\System32\kernel32.dll
    [2012-10-10 03:49] - [2012-08-18 07:37] - 1162240 ____A (Microsoft Corporation) 8E7F88A62E1AA28F15C0D6784E4C78B6

    C:\WINDOWS\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll
    [2011-06-28 07:42] - [2010-11-20 04:08] - 0837632 ____A (Microsoft Corporation) E80758CF485DB142FCA1EE03A34EAD05

    C:\WINDOWS\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll
    [2011-06-28 07:43] - [2010-11-20 05:26] - 1161216 ____A (Microsoft Corporation) 7A6326D96D53048FDEC542DF23D875A0

    ====== End Of Search ======
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    FRST Fixlist

    Please download attached fixlist.txt below, and save it to your flash drive in the same location as FRST.exe. Make sure it maintains the same name, otherwise the fix will fail.

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.

    Attached Files:

  5. JSJ3D

    JSJ3D Newcomer, in training Topic Starter

    DragonMaster Jay,

    Thanks again for looking at this problem. I have applied the fix and will reboot the machine now. Here's the log you requested:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-10-2012
    Ran by SYSTEM at 2012-10-17 14:41:20 Run:1
    Running from G:\

    ==============================================

    Could not find C:\Windows\SysWOW64\kernel32.dll.
    C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_efb2d6e86ffc8f55\kernel32.dll copied successfully to C:\Windows\SysWOW64\kernel32.dll

    The operation completed successfully.
    The operation completed successfully.

    ==== End of Fixlog ====
  6. JSJ3D

    JSJ3D Newcomer, in training Topic Starter

    Okay, I've rebooted the machine and some behaviors are different. For one, programs still won't start, but instead of doing nothing, now return an error message.

    "The application was unable to start correctly (0xc000007b). Press OK to close the application"

    TDSSKiller.exe still returns no response or error message. Windows Defender is still detecting the rootkit. I haven't done anything else. Also I should mention, before I contacted the forum I had used Windows Defender Offline to scan for the rootkit. It failed in finding it. In a previous thread I was researching Broni had discovered Windows Defender had damaged the Partition Table. Could that be related my problem? Thanks again.
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Try this, then try those programs again...

    Please download and run RKill.

    Download mirror 1 - Download mirror 2 - Download mirror 3

    • Save it to your Desktop.
    • Double click the RKill desktop icon.
    • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
    • Please post its log in your next reply.
    • After it has run successfully, delete RKill.
    Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.
  8. JSJ3D

    JSJ3D Newcomer, in training Topic Starter

    Thanks DragonMaster Jay

    I've been at work for the last couple days so I'll try a new version of RKill once I get home. Although last I tried Rkill was one of the programs that simply refused to work within Windows, but I only had the .exe version. I'll try the others. Thanks again!
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okie dokie. :) Thanks for updating me.
  10. JSJ3D

    JSJ3D Newcomer, in training Topic Starter

    Alright I'm back to working on this!

    Unfortunately none of those variations of rkill would execute.
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  12. JSJ3D

    JSJ3D Newcomer, in training Topic Starter

    DragonMaster Jay

    Thanks for continuing to help with this annoying problem. However combofix also will not run. In Windows, it simply does nothing like every other program. In safe mode, regardless of renaming, it returns "The application was unable to start correctly (0xc000007b). Press OK to close the application".

    Any more ideas? I simply have no idea what else to do.
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Try in Safe Mode please (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).
     
  14. JSJ3D

    JSJ3D Newcomer, in training Topic Starter

    I did, as indicated above. That's where the program at least gives me an error message instead of doing nothing.
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please run a new scan with FRST and post log.
  16. JSJ3D

    JSJ3D Newcomer, in training Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-10-2012 (ATTENTION: FRST version is 10 days old)
    Ran by SYSTEM at 25-10-2012 20:42:02
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
    HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
    HKU\Matt\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
    HKU\Matt\...\CurrentVersion\Windows: [Load] C:\Users\Matt\AppData\Local\Temp\{50279~1.EXE
    HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-12-02] (Softthinks)
    HKLM-x32\...\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120048 2009-12-02] ()
    Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
    Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Matt\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

    ==================== Services (Whitelisted) ===================

    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
    2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)

    ==================== Drivers (Whitelisted) =====================

    3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-10-25 10:11 - 2012-10-25 08:09 - 04988915 ____A (Swearware) C:\Users\Matt\Desktop\explorer.exe
    2012-10-22 18:52 - 2012-10-22 15:41 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\Matt\Desktop\rkill.scr
    2012-10-22 18:52 - 2012-10-22 15:41 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\Matt\Desktop\rkill.com
    2012-10-17 14:41 - 2009-07-13 17:41 - 01162240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-10-17 11:12 - 2011-11-23 08:26 - 01008092 ____A C:\Users\Matt\Desktop\iExplore.exe
    2012-10-16 01:59 - 2012-10-16 01:59 - 00000000 ____D C:\FRST
    2012-10-15 18:14 - 2012-10-15 18:14 - 00000000 ____D C:\Windows\Microsoft Antimalware
    2012-10-15 17:23 - 2012-10-15 11:24 - 02213464 ____A (Kaspersky Lab ZAO) C:\Users\Matt\Desktop\TDSSKiller.exe
    2012-10-15 17:04 - 2012-10-15 14:55 - 03941312 ____A (Piriform Ltd) C:\Users\Matt\Desktop\ccsetup323.exe
    2012-10-15 13:35 - 2012-10-15 11:33 - 00080384 ____A C:\Users\Matt\Desktop\MBRCheck.exe
    2012-10-11 16:26 - 2012-10-15 17:17 - 00000005 ____A C:\Users\Matt\AppData\Roaming\mbam.context.scan
    2012-10-11 06:53 - 2012-10-25 10:23 - 00002228 ____A C:\Windows\setupact.log
    2012-10-11 06:53 - 2012-10-11 06:53 - 00000000 ____A C:\Windows\setuperr.log
    2012-10-11 04:58 - 2012-10-25 16:17 - 01527184 ____A C:\Windows\WindowsUpdate.log
    2012-10-11 04:56 - 2012-10-25 10:23 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-11 04:56 - 2012-10-11 04:56 - 00007434 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-10-11 00:40 - 2012-10-11 00:40 - 00000000 ____D C:\Windows\Sun
    2012-10-10 23:10 - 2012-10-10 23:10 - 00000129 ____A C:\Windows\System32\MRT.INI
    2012-10-10 15:29 - 2012-10-10 15:29 - 00000000 ____D C:\Users\Matt\Downloads\Wanderlust.2012.720p.BluRay.X264-BLOW [PublicHD]
    2012-10-10 14:52 - 2012-10-10 14:53 - 00000000 ____D C:\Users\Matt\Downloads\HORRIBLE BOSSES 2011 UNCUT HD 720p BRRip 5.1AAC x264-ILPruny
    2012-10-10 14:26 - 2012-10-10 14:37 - 00000000 ____D C:\Users\Matt\Downloads\Derailed[2005]Unrated.DvDrip[Eng]-aXXo
    2012-10-10 14:25 - 2012-10-10 14:29 - 00000000 ____D C:\Users\Matt\Downloads\Just Go with It (2011) DVDRip XviD-MAXSPEED
    2012-10-10 14:22 - 2012-10-10 14:25 - 00000000 ____D C:\Users\Matt\Downloads\The.Switch.DVDRip.XviD-VAMPS
    2012-10-10 14:22 - 2012-10-10 14:22 - 00000000 ____D C:\Users\Matt\Downloads\Rumor.Has.It.2005.DVDRip.xVID-LRC
    2012-10-10 14:21 - 2012-10-10 14:22 - 00000000 ____D C:\Users\Matt\Downloads\Katy.Perry.Part.of.Me.2012.HDRip.XVID.AC3.HQ.Hive-CM8
    2012-10-10 10:05 - 2012-10-11 06:51 - 00000000 ____D C:\Windows\Minidump
    2012-10-10 03:51 - 2012-06-01 21:25 - 01462784 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-10-10 03:51 - 2012-06-01 21:25 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-10-10 03:51 - 2012-06-01 21:25 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-10-10 03:50 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-10-10 03:49 - 2012-08-31 10:02 - 01656688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-10-10 03:49 - 2012-08-18 07:43 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-10-10 03:49 - 2012-08-18 07:43 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-10-10 03:49 - 2012-08-18 07:43 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-10-10 03:49 - 2012-08-18 07:42 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-10-10 03:49 - 2012-08-18 07:40 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-10-10 03:49 - 2012-08-18 07:37 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-10-10 03:49 - 2012-08-18 07:37 - 00425984 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-10-10 03:49 - 2012-08-18 07:34 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-10-10 03:49 - 2012-08-18 07:22 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 01:07 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 01:07 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 01:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-10 03:49 - 2012-08-18 01:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-10-10 03:48 - 2012-09-14 11:23 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-10-10 03:48 - 2012-08-10 16:53 - 00714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-10-09 20:52 - 2012-10-09 21:26 - 00000000 ____D C:\Users\Matt\Downloads\The Pact (2012) BRRip Xvid AC3-Anarchy
    2012-10-09 19:58 - 2012-10-09 20:23 - 00000000 ____D C:\Users\Matt\Downloads\The.Artist.2011.720p.BRRip.x264.AAC-ViSiON
    2012-10-09 19:56 - 2012-10-09 20:42 - 00000000 ____D C:\Users\Matt\Downloads\The Five-Year Engagement.2012.Unrated.DVDRip.XviD.AbSurdiTy
    2012-10-09 19:35 - 2012-10-09 19:39 - 00000000 ____D C:\Users\Matt\Downloads\THE BACK-UP PLAN [2010] DVD Rip Xvid [StB]
    2012-10-09 19:34 - 2012-10-09 20:47 - 00000000 ____D C:\Users\Matt\Downloads\The.Lucky.One.2012.BDRip.XviD-AMIABLE
    2012-10-09 19:34 - 2012-10-09 20:18 - 00000000 ____D C:\Users\Matt\Downloads\Safe.DVDRip.XviD-DoNE
    2012-10-09 19:23 - 2012-10-09 19:32 - 00000000 ____D C:\Users\Matt\Downloads\People.Like.Us.2012.DVDRip.XviD-SPARKS
    2012-10-09 19:22 - 2012-10-09 19:23 - 00000000 ____D C:\Users\Matt\Downloads\Magic.Mike.2012.R5.DVDRip.XviD-RESiSTANCE
    2012-10-09 18:47 - 2012-10-09 18:59 - 00000000 ____D C:\Users\Matt\Downloads\Aeon.Flux[2005]DvDrip.AC3[Eng]-aXXo
    2012-10-09 18:43 - 2012-10-09 19:21 - 00000000 ____D C:\Users\Matt\Downloads\Hancock[2008]DvDrip-aXXo
    2012-10-09 18:42 - 2012-10-09 19:20 - 735417958 ____A C:\Users\Matt\Downloads\Monster.2003.DvdRip.Xvid Noir.[UsaBit.com].avi
    2012-10-09 18:40 - 2012-10-09 22:15 - 735567872 ____A C:\Users\Matt\Downloads\North.Country[2005]DvDrip[Eng]-aXXo.avi
    2012-10-09 18:38 - 2012-10-09 18:58 - 00000000 ____D C:\Users\Matt\Downloads\The Cider House Rules
    2012-10-09 17:57 - 2012-10-09 18:16 - 736165888 ____A C:\Users\Matt\Downloads\50.50.2011.DVDScr.XviD-playXD.avi
    2012-10-09 16:47 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
    2012-10-09 16:08 - 2012-10-09 16:19 - 00000000 ____D C:\Users\Matt\Downloads\El Espinazo del Diablo (Kregoslup Diabla) (2001) [DivX] DVDRiP]
    2012-10-09 16:04 - 2012-10-09 16:13 - 00000000 ____D C:\Users\Matt\Downloads\The.Orphanage[El.Orfanato][2007]DvDrip[Eng.Hard.Subs]-aXXo
    2012-10-09 15:45 - 2012-10-09 15:47 - 00000000 ____D C:\Users\Matt\Downloads\Young Adult[2011]BRRip XviD-ETRG
    2012-10-09 15:44 - 2012-10-09 15:48 - 00000000 ____D C:\Users\Matt\Downloads\Fright.Night.2011.BRRip.XviD.AC3-LYCAN
    2012-10-08 15:41 - 2012-10-08 15:50 - 00000000 ____D C:\Users\Matt\few.dollars
    2012-10-08 15:03 - 2012-10-08 15:36 - 00000000 ____D C:\Users\Matt\Aliens Special Edition (1986)
    2012-10-08 15:02 - 2012-10-08 16:05 - 00000000 ____D C:\Users\Matt\Dirty Harry (1971)
    2012-10-08 14:59 - 2012-10-08 15:06 - 00000000 ____D C:\Users\Matt\Downloads\Cool.Hand.Luke.1967.592x240.25fps.689kbs.96mp3.MultiSub.WunSeeDee
    2012-10-07 17:54 - 2012-10-08 14:49 - 00000000 ____D C:\Users\Matt\Downloads\John Wayne - The Searchers [1956] DVDRIP
    2012-10-07 17:53 - 2012-10-08 13:45 - 00000000 ____D C:\Users\Matt\Downloads\There Will Be Blood (2007)
    2012-10-07 17:52 - 2012-10-08 14:54 - 840620032 ____A C:\Users\Matt\Downloads\Midnight.Run[1988]DvDrip.AC3[Eng]-Zeus_Dias.avi
    2012-10-07 17:37 - 2012-10-08 15:21 - 00000000 ____D C:\Users\Matt\Downloads\Alien Directors Cut (1979)
    2012-10-07 17:37 - 2012-10-07 17:50 - 00000000 ____D C:\Users\Matt\Downloads\John Wayne - The Cowboys [1972] TVRIP
    2012-10-07 17:36 - 2012-10-08 15:44 - 00000000 ____D C:\Users\Matt\Downloads\Once.Upon.A.Time.In.The.West.1968.528.25fps.538kbps.V5mp3.WunSeeDee
    2012-10-07 17:35 - 2012-10-08 15:08 - 00000000 ____D C:\Users\Matt\Downloads\LA Confidential {1997} 720p BRRip x264 - HDMiCRO by Mr. KickASS
    2012-10-07 17:28 - 2012-10-07 19:47 - 00000000 ____D C:\Users\Matt\Downloads\Inglourious Basterds (2009) DVDRip XviD-MAXSPEED
    2012-10-07 17:25 - 2012-10-08 13:45 - 00000000 ____D C:\Users\Matt\Downloads\Leon[The Professional]1994.DvdRip.eng
    2012-10-07 17:16 - 2012-10-07 19:47 - 00000000 ____D C:\Users\Matt\Downloads\The Imaginarium of Doctor Parnassus[2009]DvDrip[Eng]-FXG
    2012-10-07 17:10 - 2012-10-07 17:10 - 00000000 ____D C:\Users\Matt\Downloads\A Beautiful Mind 2001 dvdrip.(www.USABIT.com)
    2012-10-07 17:08 - 2012-10-07 19:47 - 00000000 ____D C:\Users\Matt\Downloads\The Godfather Trilogy Part 1, 2 & 3 DVDRip
    2012-10-06 17:26 - 2012-10-06 17:37 - 00000000 ____D C:\Users\Matt\Downloads\Abraham.Lincoln.Vampire.Hunter.2012.TS.XviD-ADTRG
    2012-10-03 17:29 - 2012-10-03 17:29 - 00000000 ____D C:\Users\Matt\Downloads\Underworld Awakening[2012]R5 Full Line XviD-ETRG
    2012-10-03 17:22 - 2012-10-03 17:46 - 00000000 ____D C:\Users\Matt\Downloads\Chernobyl.Diaries.2012.DVDRip.XviD-PTpOWeR
    2012-10-03 17:17 - 2012-10-03 17:18 - 00000000 ____D C:\Users\Matt\Downloads\Snow.White.and.the.Huntsman.2012.EXTENDED.BDRip.XviD-AMIABLE
    2012-10-03 16:26 - 2012-10-03 17:25 - 00000000 ____D C:\Users\Matt\Downloads\The.Amazing.Spiderman.2012.TS.XViD.AC3.Hive-CM8
    2012-10-03 16:04 - 2012-10-03 16:18 - 00000000 ____D C:\Users\Matt\Downloads\[ www.Torrenting.com ] - The.Avengers.2012.DVDRip.XviD-NYDIC
    2012-09-30 16:58 - 2012-09-30 17:02 - 00000000 ____D C:\Users\Matt\Downloads\[ www.Torrenting.com ] - VHS.2012.VODRip.XviD-AQOS
    2012-09-30 15:56 - 2012-09-30 15:56 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Malwarebytes
    2012-09-30 15:56 - 2012-09-30 15:56 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-09-30 15:56 - 2012-09-30 15:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-30 15:56 - 2012-09-07 13:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-30 15:55 - 2012-09-30 15:56 - 00000000 ____D C:\Users\Matt\Downloads\Paranorman.2012.TS.XViD.READNFO-MATiNE
    2012-09-30 15:47 - 2012-09-30 15:47 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Mozilla
    2012-09-30 15:47 - 2012-09-30 15:47 - 00000000 ____D C:\Users\Matt\AppData\Local\Mozilla
    2012-09-30 15:47 - 2012-09-30 15:47 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-09-30 15:43 - 2012-09-30 15:43 - 00000000 ____D C:\Program Files (x86)\uTorrent
    2012-09-30 15:42 - 2012-10-11 03:43 - 00000000 ____D C:\Users\Matt\AppData\Roaming\uTorrent


    ==================== 3 Months Modified Files ==================

    2012-10-25 16:17 - 2012-10-11 04:58 - 01527184 ____A C:\Windows\WindowsUpdate.log
    2012-10-25 10:31 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-10-25 10:31 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-10-25 10:28 - 2009-07-13 21:13 - 00005152 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-10-25 10:23 - 2012-10-11 06:53 - 00002228 ____A C:\Windows\setupact.log
    2012-10-25 10:23 - 2012-10-11 04:56 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-25 08:09 - 2012-10-25 10:11 - 04988915 ____A (Swearware) C:\Users\Matt\Desktop\explorer.exe
    2012-10-22 15:41 - 2012-10-22 18:52 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\Matt\Desktop\rkill.scr
    2012-10-22 15:41 - 2012-10-22 18:52 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\Matt\Desktop\rkill.com
    2012-10-15 19:10 - 2009-07-13 20:45 - 00369448 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-10-15 17:17 - 2012-10-11 16:26 - 00000005 ____A C:\Users\Matt\AppData\Roaming\mbam.context.scan
    2012-10-15 14:55 - 2012-10-15 17:04 - 03941312 ____A (Piriform Ltd) C:\Users\Matt\Desktop\ccsetup323.exe
    2012-10-15 11:33 - 2012-10-15 13:35 - 00080384 ____A C:\Users\Matt\Desktop\MBRCheck.exe
    2012-10-15 11:24 - 2012-10-15 17:23 - 02213464 ____A (Kaspersky Lab ZAO) C:\Users\Matt\Desktop\TDSSKiller.exe
    2012-10-11 06:53 - 2012-10-11 06:53 - 00000000 ____A C:\Windows\setuperr.log
    2012-10-11 04:56 - 2012-10-11 04:56 - 00007434 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-10-10 23:10 - 2012-10-10 23:10 - 00000129 ____A C:\Windows\System32\MRT.INI
    2012-10-10 23:08 - 2011-06-26 17:02 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-10-09 22:15 - 2012-10-09 18:40 - 735567872 ____A C:\Users\Matt\Downloads\North.Country[2005]DvDrip[Eng]-aXXo.avi
    2012-10-09 19:20 - 2012-10-09 18:42 - 735417958 ____A C:\Users\Matt\Downloads\Monster.2003.DvdRip.Xvid Noir.[UsaBit.com].avi
    2012-10-09 18:16 - 2012-10-09 17:57 - 736165888 ____A C:\Users\Matt\Downloads\50.50.2011.DVDScr.XviD-playXD.avi
    2012-10-09 16:46 - 2010-02-24 07:59 - 01404402 ____A C:\Windows\PFRO.log
    2012-10-08 14:54 - 2012-10-07 17:52 - 840620032 ____A C:\Users\Matt\Downloads\Midnight.Run[1988]DvDrip.AC3[Eng]-Zeus_Dias.avi
    2012-10-01 23:01 - 2011-06-26 15:57 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-09-19 11:04 - 2012-09-19 11:04 - 00001144 ____A C:\Users\Matt\Documents\TV Shows.txt
    2012-09-14 11:23 - 2012-10-10 03:48 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-09-07 13:04 - 2012-09-30 15:56 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-08-31 10:02 - 2012-10-10 03:49 - 01656688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-08-30 18:03 - 2012-08-30 18:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
    2012-08-30 18:03 - 2010-10-24 17:25 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
    2012-08-27 19:25 - 2012-08-27 19:12 - 554865571 ____A C:\Users\Matt\Downloads\flyonthewall.7z
    2012-08-24 10:05 - 2012-10-10 03:50 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-08-24 03:15 - 2012-09-22 23:00 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-24 02:39 - 2012-09-22 23:00 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-24 02:31 - 2012-09-22 23:00 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-24 02:22 - 2012-09-22 23:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-24 02:21 - 2012-09-22 23:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-24 02:20 - 2012-09-22 23:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-24 02:18 - 2012-09-22 23:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-24 02:17 - 2012-09-22 23:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-24 02:14 - 2012-09-22 23:00 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-24 02:14 - 2012-09-22 23:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-24 02:13 - 2012-09-22 23:00 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-24 02:12 - 2012-09-22 23:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-24 02:11 - 2012-09-22 23:00 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-24 02:10 - 2012-09-22 23:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-24 02:09 - 2012-09-22 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-24 02:04 - 2012-09-22 23:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-23 23:27 - 2012-09-22 23:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-23 23:03 - 2012-09-22 23:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-23 22:59 - 2012-09-22 23:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-23 22:51 - 2012-09-22 23:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-23 22:51 - 2012-09-22 23:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-23 22:51 - 2012-09-22 23:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-23 22:49 - 2012-09-22 23:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-23 22:48 - 2012-09-22 23:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-23 22:47 - 2012-09-22 23:01 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-08-23 22:47 - 2012-09-22 23:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-23 22:47 - 2012-09-22 23:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-23 22:45 - 2012-09-22 23:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-08-23 22:44 - 2012-09-22 23:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-23 22:44 - 2012-09-22 23:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-23 22:43 - 2012-09-22 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-23 22:40 - 2012-09-22 23:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-20 17:40 - 2012-08-20 17:27 - 516627571 ____A C:\Users\Matt\Downloads\comptroller.7z
    2012-08-18 07:43 - 2012-10-10 03:49 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-08-18 07:43 - 2012-10-10 03:49 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-08-18 07:43 - 2012-10-10 03:49 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-08-18 07:42 - 2012-10-10 03:49 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-08-18 07:40 - 2012-10-10 03:49 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-08-18 07:37 - 2012-10-10 03:49 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-08-18 07:37 - 2012-10-10 03:49 - 00425984 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-08-18 07:34 - 2012-10-10 03:49 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-08-18 07:22 - 2012-10-10 03:49 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-08-18 01:07 - 2012-10-10 03:49 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-08-18 01:07 - 2012-10-10 03:49 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-18 01:07 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-18 01:07 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-08-13 15:55 - 2012-08-13 15:48 - 425896419 ____A C:\Users\Matt\Downloads\itsfillertime.7z
    2012-08-10 16:53 - 2012-10-10 03:48 - 00714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-08-07 18:28 - 2012-08-07 18:12 - 579086835 ____A C:\Users\Matt\Downloads\lilitheve.7z
    2012-08-02 09:55 - 2012-09-12 04:19 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-08-02 09:05 - 2012-09-12 04:19 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2012-07-31 15:54 - 2012-07-31 15:47 - 462755011 ____A C:\Users\Matt\Downloads\mayfaeday (1).7z

    ATTENTION: ========> Check for possible partition/boot infection:
    C:\Windows\svchost.exe

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-10-23 23:25:08
    Restore point made on: 2012-10-24 23:00:21

    ==================== Memory info ===========================

    Percentage of memory in use: 17%
    Total physical RAM: 3032.36 MB
    Available physical RAM: 2488.88 MB
    Total Pagefile: 3030.51 MB
    Available Pagefile: 2491.43 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ==================== Partitions =============================

    1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:108.13 GB) NTFS
    2 Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
    4 Drive g: () (Removable) (Total:3.73 GB) (Free:3.24 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 232 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 Online 3823 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 31 KB
    Partition 2 Primary 14 GB 40 MB
    Partition 3 Primary 218 GB 14 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 FAT Partition 39 MB Healthy Hidden

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y RECOVERY NTFS Partition 14 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 218 GB Healthy

    =========================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3823 MB 16 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 0B
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G FAT32 Removable 3823 MB Healthy

    =========================================================

    Last Boot: 2012-10-17 11:31

    ==================== End Of Log =============================
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Back to Normal Mode...

    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  18. JSJ3D

    JSJ3D Newcomer, in training Topic Starter

    Oh dear... We're right back to my original post. I'd love to run TDSSKiller.exe and just remove the rootkit but it won't work. It won't run in Normal Mode or Safe mode.

    Normal Mode: Does nothing.

    Safe Mode: "The application was unable to start correctly (0xc000007b). Press OK to close the application".
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay...moving along:

    RogueKiller Scan

    • Download RogueKiller and save it on your desktop.
    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ...
    • Click on Scan
    [​IMG]

    • Wait for the end of the scan.
    • The report has been created on the desktop.
    • Click on the Delete button.
    [​IMG]

    • The report has been created on the desktop.
    • Next click on the ShortcutsFix

      [​IMG]
    • The report has been created on the desktop.
    Please post:

    All RKreport.txt text files located on your desktop.
  20. JSJ3D

    JSJ3D Newcomer, in training Topic Starter

    DragonMaster Jay

    Thanks for continual support with this problem. The program you linked to returns the same error message as the rest. I found out something interesting though. It turns out Window7 can't run 32bit programs at all, but 64bit programs previously installed on the system are working, including 64-bit Internet Explorer. However 64bit programs that are new to the system return the same error message. Could this mean the translation within Windows to run 32bit programs in the 64bit environment is damaged?
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Windows 7 x64 can run 32-bit programs. WOW64 is the x86 emulator that allows 32-bit Windows-based applications to run on 64-bit Windows.

    Let's be continual in our trial...

    RKill by Grinler
    Version 1
    Version 2
    • Download Version 1.
    • Save it to your Desktop.
    • Double click the RKill desktop icon.
    • A black screen will briefly flash indicating a successful run.
    • If this does not occur please delete that application and download Version 2.
    • Continue process until the tool runs.
    • If the tool does not run from any of the links tell me about it.
    This only kills the active infection, the actual infection will not be gone.
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello! Are you still with us? Your topic is now marked inactive, because you have lacked to reply.

    However, we'd like to still help. Please update us on the state of your PC.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.