Inactive DOS Alureon.A programs won't open

J

JSJ3D

Posts: 11   +0
Hello,

I'm fixing a laptop for a friend, and have found a ruthless infection of the Alureon.A rootkit. The computer won't run any programs from within Windows 7 64-bit. So, I haven't been able to use TDSSKiller to stop the infection. I have a working Windows Recovery CD. I also have logs from FRST64.exe. I would appreciate any help getting programs to start running again so I can stop this thing. Thank you!



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-10-2012
Ran by SYSTEM at 16-10-2012 02:00:15
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Matt\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Matt\...\CurrentVersion\Windows: [Load] C:\Users\Matt\AppData\Local\Temp\{50279~1.EXE
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-12-02] (Softthinks)
HKLM-x32\...\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120048 2009-12-02] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Matt\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ===================

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)

==================== Drivers (Whitelisted) =====================

3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-10-16 01:59 - 2012-10-16 01:59 - 00000000 ____D C:\FRST
2012-10-15 18:14 - 2012-10-15 18:14 - 00000000 ____D C:\Windows\Microsoft Antimalware
2012-10-15 17:23 - 2012-10-15 11:24 - 02213464 ____A (Kaspersky Lab ZAO) C:\Users\Matt\Desktop\cmd.exe
2012-10-15 17:04 - 2012-10-15 14:55 - 03941312 ____A (Piriform Ltd) C:\Users\Matt\Desktop\ccsetup323.exe
2012-10-15 13:35 - 2012-10-15 11:33 - 00080384 ____A C:\Users\Matt\Desktop\MBRCheck.exe
2012-10-11 16:26 - 2012-10-15 17:17 - 00000005 ____A C:\Users\Matt\AppData\Roaming\mbam.context.scan
2012-10-11 06:53 - 2012-10-15 21:39 - 00002004 ____A C:\Windows\setupact.log
2012-10-11 06:53 - 2012-10-11 06:53 - 00000000 ____A C:\Windows\setuperr.log
2012-10-11 04:58 - 2012-10-15 21:52 - 01165142 ____A C:\Windows\WindowsUpdate.log
2012-10-11 04:56 - 2012-10-15 21:39 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-11 04:56 - 2012-10-11 04:56 - 00006424 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-11 00:40 - 2012-10-11 00:40 - 00000000 ____D C:\Windows\Sun
2012-10-10 23:10 - 2012-10-10 23:10 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-10-10 15:29 - 2012-10-10 15:29 - 00000000 ____D C:\Users\Matt\Downloads\Wanderlust.2012.720p.BluRay.X264-BLOW [PublicHD]
2012-10-10 14:52 - 2012-10-10 14:53 - 00000000 ____D C:\Users\Matt\Downloads\HORRIBLE BOSSES 2011 UNCUT HD 720p BRRip 5.1AAC x264-ILPruny
2012-10-10 14:26 - 2012-10-10 14:37 - 00000000 ____D C:\Users\Matt\Downloads\Derailed[2005]Unrated.DvDrip[Eng]-aXXo
2012-10-10 14:25 - 2012-10-10 14:29 - 00000000 ____D C:\Users\Matt\Downloads\Just Go with It (2011) DVDRip XviD-MAXSPEED
2012-10-10 14:22 - 2012-10-10 14:25 - 00000000 ____D C:\Users\Matt\Downloads\The.Switch.DVDRip.XviD-VAMPS
2012-10-10 14:22 - 2012-10-10 14:22 - 00000000 ____D C:\Users\Matt\Downloads\Rumor.Has.It.2005.DVDRip.xVID-LRC
2012-10-10 14:21 - 2012-10-10 14:22 - 00000000 ____D C:\Users\Matt\Downloads\Katy.Perry.Part.of.Me.2012.HDRip.XVID.AC3.HQ.Hive-CM8
2012-10-10 10:05 - 2012-10-11 06:51 - 00000000 ____D C:\Windows\Minidump
2012-10-10 03:51 - 2012-06-01 21:25 - 01462784 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-10 03:51 - 2012-06-01 21:25 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-10 03:51 - 2012-06-01 21:25 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-10 03:50 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-10 03:49 - 2012-08-31 10:02 - 01656688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-10 03:49 - 2012-08-18 07:43 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-10-10 03:49 - 2012-08-18 07:43 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-10-10 03:49 - 2012-08-18 07:43 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-10-10 03:49 - 2012-08-18 07:42 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-10 03:49 - 2012-08-18 07:40 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-10-10 03:49 - 2012-08-18 07:37 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-10 03:49 - 2012-08-18 07:37 - 00425984 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-10 03:49 - 2012-08-18 07:34 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-10 03:49 - 2012-08-18 07:22 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 01:07 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 01:07 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 01:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 01:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-10 03:48 - 2012-09-14 11:23 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-10 03:48 - 2012-08-10 16:53 - 00714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-09 20:52 - 2012-10-09 21:26 - 00000000 ____D C:\Users\Matt\Downloads\The Pact (2012) BRRip Xvid AC3-Anarchy
2012-10-09 19:58 - 2012-10-09 20:23 - 00000000 ____D C:\Users\Matt\Downloads\The.Artist.2011.720p.BRRip.x264.AAC-ViSiON
2012-10-09 19:56 - 2012-10-09 20:42 - 00000000 ____D C:\Users\Matt\Downloads\The Five-Year Engagement.2012.Unrated.DVDRip.XviD.AbSurdiTy
2012-10-09 19:35 - 2012-10-09 19:39 - 00000000 ____D C:\Users\Matt\Downloads\THE BACK-UP PLAN [2010] DVD Rip Xvid [StB]
2012-10-09 19:34 - 2012-10-09 20:47 - 00000000 ____D C:\Users\Matt\Downloads\The.Lucky.One.2012.BDRip.XviD-AMIABLE
2012-10-09 19:34 - 2012-10-09 20:18 - 00000000 ____D C:\Users\Matt\Downloads\Safe.DVDRip.XviD-DoNE
2012-10-09 19:23 - 2012-10-09 19:32 - 00000000 ____D C:\Users\Matt\Downloads\People.Like.Us.2012.DVDRip.XviD-SPARKS
2012-10-09 19:22 - 2012-10-09 19:23 - 00000000 ____D C:\Users\Matt\Downloads\Magic.Mike.2012.R5.DVDRip.XviD-RESiSTANCE
2012-10-09 18:47 - 2012-10-09 18:59 - 00000000 ____D C:\Users\Matt\Downloads\Aeon.Flux[2005]DvDrip.AC3[Eng]-aXXo
2012-10-09 18:43 - 2012-10-09 19:21 - 00000000 ____D C:\Users\Matt\Downloads\Hancock[2008]DvDrip-aXXo
2012-10-09 18:42 - 2012-10-09 19:20 - 735417958 ____A C:\Users\Matt\Downloads\Monster.2003.DvdRip.Xvid Noir.[UsaBit.com].avi
2012-10-09 18:40 - 2012-10-09 22:15 - 735567872 ____A C:\Users\Matt\Downloads\North.Country[2005]DvDrip[Eng]-aXXo.avi
2012-10-09 18:38 - 2012-10-09 18:58 - 00000000 ____D C:\Users\Matt\Downloads\The Cider House Rules
2012-10-09 17:57 - 2012-10-09 18:16 - 736165888 ____A C:\Users\Matt\Downloads\50.50.2011.DVDScr.XviD-playXD.avi
2012-10-09 16:47 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-10-09 16:08 - 2012-10-09 16:19 - 00000000 ____D C:\Users\Matt\Downloads\El Espinazo del Diablo (Kregoslup Diabla) (2001) [DivX] DVDRiP]
2012-10-09 16:04 - 2012-10-09 16:13 - 00000000 ____D C:\Users\Matt\Downloads\The.Orphanage[El.Orfanato][2007]DvDrip[Eng.Hard.Subs]-aXXo
2012-10-09 15:45 - 2012-10-09 15:47 - 00000000 ____D C:\Users\Matt\Downloads\Young Adult[2011]BRRip XviD-ETRG
2012-10-09 15:44 - 2012-10-09 15:48 - 00000000 ____D C:\Users\Matt\Downloads\Fright.Night.2011.BRRip.XviD.AC3-LYCAN
2012-10-08 15:41 - 2012-10-08 15:50 - 00000000 ____D C:\Users\Matt\few.dollars
2012-10-08 15:03 - 2012-10-08 15:36 - 00000000 ____D C:\Users\Matt\Aliens Special Edition (1986)
2012-10-08 15:02 - 2012-10-08 16:05 - 00000000 ____D C:\Users\Matt\Dirty Harry (1971)
2012-10-08 14:59 - 2012-10-08 15:06 - 00000000 ____D C:\Users\Matt\Downloads\Cool.Hand.Luke.1967.592x240.25fps.689kbs.96mp3.MultiSub.WunSeeDee
2012-10-07 17:54 - 2012-10-08 14:49 - 00000000 ____D C:\Users\Matt\Downloads\John Wayne - The Searchers [1956] DVDRIP
2012-10-07 17:53 - 2012-10-08 13:45 - 00000000 ____D C:\Users\Matt\Downloads\There Will Be Blood (2007)
2012-10-07 17:52 - 2012-10-08 14:54 - 840620032 ____A C:\Users\Matt\Downloads\Midnight.Run[1988]DvDrip.AC3[Eng]-Zeus_Dias.avi
2012-10-07 17:37 - 2012-10-08 15:21 - 00000000 ____D C:\Users\Matt\Downloads\Alien Directors Cut (1979)
2012-10-07 17:37 - 2012-10-07 17:50 - 00000000 ____D C:\Users\Matt\Downloads\John Wayne - The Cowboys [1972] TVRIP
2012-10-07 17:36 - 2012-10-08 15:44 - 00000000 ____D C:\Users\Matt\Downloads\Once.Upon.A.Time.In.The.West.1968.528.25fps.538kbps.V5mp3.WunSeeDee
2012-10-07 17:35 - 2012-10-08 15:08 - 00000000 ____D C:\Users\Matt\Downloads\LA Confidential {1997} 720p BRRip x264 - HDMiCRO by Mr. KickASS
2012-10-07 17:28 - 2012-10-07 19:47 - 00000000 ____D C:\Users\Matt\Downloads\Inglourious Basterds (2009) DVDRip XviD-MAXSPEED
2012-10-07 17:25 - 2012-10-08 13:45 - 00000000 ____D C:\Users\Matt\Downloads\Leon[The Professional]1994.DvdRip.eng
2012-10-07 17:16 - 2012-10-07 19:47 - 00000000 ____D C:\Users\Matt\Downloads\The Imaginarium of Doctor Parnassus[2009]DvDrip[Eng]-FXG
2012-10-07 17:10 - 2012-10-07 17:10 - 00000000 ____D C:\Users\Matt\Downloads\A Beautiful Mind 2001 dvdrip.(www.USABIT.com)
2012-10-07 17:08 - 2012-10-07 19:47 - 00000000 ____D C:\Users\Matt\Downloads\The Godfather Trilogy Part 1, 2 & 3 DVDRip
2012-10-06 17:26 - 2012-10-06 17:37 - 00000000 ____D C:\Users\Matt\Downloads\Abraham.Lincoln.Vampire.Hunter.2012.TS.XviD-ADTRG
2012-10-03 17:29 - 2012-10-03 17:29 - 00000000 ____D C:\Users\Matt\Downloads\Underworld Awakening[2012]R5 Full Line XviD-ETRG
2012-10-03 17:22 - 2012-10-03 17:46 - 00000000 ____D C:\Users\Matt\Downloads\Chernobyl.Diaries.2012.DVDRip.XviD-PTpOWeR
2012-10-03 17:17 - 2012-10-03 17:18 - 00000000 ____D C:\Users\Matt\Downloads\Snow.White.and.the.Huntsman.2012.EXTENDED.BDRip.XviD-AMIABLE
2012-10-03 16:26 - 2012-10-03 17:25 - 00000000 ____D C:\Users\Matt\Downloads\The.Amazing.Spiderman.2012.TS.XViD.AC3.Hive-CM8
2012-10-03 16:04 - 2012-10-03 16:18 - 00000000 ____D C:\Users\Matt\Downloads\[ www.Torrenting.com ] - The.Avengers.2012.DVDRip.XviD-NYDIC
2012-09-30 16:58 - 2012-09-30 17:02 - 00000000 ____D C:\Users\Matt\Downloads\[ www.Torrenting.com ] - VHS.2012.VODRip.XviD-AQOS
2012-09-30 15:56 - 2012-09-30 15:56 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Malwarebytes
2012-09-30 15:56 - 2012-09-30 15:56 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-30 15:56 - 2012-09-30 15:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-30 15:56 - 2012-09-07 13:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-30 15:55 - 2012-09-30 15:56 - 00000000 ____D C:\Users\Matt\Downloads\Paranorman.2012.TS.XViD.READNFO-MATiNE
2012-09-30 15:47 - 2012-09-30 15:47 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Mozilla
2012-09-30 15:47 - 2012-09-30 15:47 - 00000000 ____D C:\Users\Matt\AppData\Local\Mozilla
2012-09-30 15:47 - 2012-09-30 15:47 - 00000000 ____D C:\Users\All Users\Mozilla
2012-09-30 15:43 - 2012-09-30 15:43 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-09-30 15:42 - 2012-10-11 03:43 - 00000000 ____D C:\Users\Matt\AppData\Roaming\uTorrent
2012-09-22 23:01 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-22 23:01 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-22 23:01 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-09-22 23:01 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-22 23:01 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-22 23:00 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-22 23:00 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-22 23:00 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-22 23:00 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-22 23:00 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-22 23:00 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-22 23:00 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-22 23:00 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-22 23:00 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-22 23:00 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-22 23:00 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-22 23:00 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-22 23:00 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-22 23:00 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-22 23:00 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-22 23:00 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-22 23:00 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-09-22 23:00 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-09-22 23:00 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-22 23:00 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-22 23:00 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-22 23:00 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-22 23:00 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-09-22 23:00 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-09-22 23:00 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-09-22 23:00 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-22 23:00 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-19 11:04 - 2012-09-19 11:04 - 00001144 ____A C:\Users\Matt\Documents\TV Shows.txt

==================== 3 Months Modified Files ==================

2012-10-15 21:52 - 2012-10-11 04:58 - 01165142 ____A C:\Windows\WindowsUpdate.log
2012-10-15 21:46 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-15 21:46 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-15 21:44 - 2009-07-13 21:13 - 00005152 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-15 21:39 - 2012-10-11 06:53 - 00002004 ____A C:\Windows\setupact.log
2012-10-15 21:39 - 2012-10-11 04:56 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-15 19:10 - 2009-07-13 20:45 - 00369448 ____A C:\Windows\System32\FNTCACHE.DAT
2012-10-15 17:17 - 2012-10-11 16:26 - 00000005 ____A C:\Users\Matt\AppData\Roaming\mbam.context.scan
2012-10-15 14:55 - 2012-10-15 17:04 - 03941312 ____A (Piriform Ltd) C:\Users\Matt\Desktop\ccsetup323.exe
2012-10-15 11:33 - 2012-10-15 13:35 - 00080384 ____A C:\Users\Matt\Desktop\MBRCheck.exe
2012-10-15 11:24 - 2012-10-15 17:23 - 02213464 ____A (Kaspersky Lab ZAO) C:\Users\Matt\Desktop\cmd.exe
2012-10-11 06:53 - 2012-10-11 06:53 - 00000000 ____A C:\Windows\setuperr.log
2012-10-11 04:56 - 2012-10-11 04:56 - 00006424 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-10 23:10 - 2012-10-10 23:10 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-10-10 23:08 - 2011-06-26 17:02 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-09 22:15 - 2012-10-09 18:40 - 735567872 ____A C:\Users\Matt\Downloads\North.Country[2005]DvDrip[Eng]-aXXo.avi
2012-10-09 19:20 - 2012-10-09 18:42 - 735417958 ____A C:\Users\Matt\Downloads\Monster.2003.DvdRip.Xvid Noir.[UsaBit.com].avi
2012-10-09 18:16 - 2012-10-09 17:57 - 736165888 ____A C:\Users\Matt\Downloads\50.50.2011.DVDScr.XviD-playXD.avi
2012-10-09 16:46 - 2010-02-24 07:59 - 01404402 ____A C:\Windows\PFRO.log
2012-10-08 14:54 - 2012-10-07 17:52 - 840620032 ____A C:\Users\Matt\Downloads\Midnight.Run[1988]DvDrip.AC3[Eng]-Zeus_Dias.avi
2012-10-01 23:01 - 2011-06-26 15:57 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-19 11:04 - 2012-09-19 11:04 - 00001144 ____A C:\Users\Matt\Documents\TV Shows.txt
2012-09-14 11:23 - 2012-10-10 03:48 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-07 13:04 - 2012-09-30 15:56 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-31 10:02 - 2012-10-10 03:49 - 01656688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-30 18:03 - 2012-08-30 18:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-30 18:03 - 2010-10-24 17:25 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-08-27 19:25 - 2012-08-27 19:12 - 554865571 ____A C:\Users\Matt\Downloads\flyonthewall.7z
2012-08-24 10:05 - 2012-10-10 03:50 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 03:15 - 2012-09-22 23:00 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:39 - 2012-09-22 23:00 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 02:31 - 2012-09-22 23:00 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 02:22 - 2012-09-22 23:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 02:21 - 2012-09-22 23:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 02:20 - 2012-09-22 23:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 02:18 - 2012-09-22 23:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 02:17 - 2012-09-22 23:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 02:14 - 2012-09-22 23:00 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 02:14 - 2012-09-22 23:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 02:13 - 2012-09-22 23:00 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 02:12 - 2012-09-22 23:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 02:11 - 2012-09-22 23:00 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 02:10 - 2012-09-22 23:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 02:09 - 2012-09-22 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 02:04 - 2012-09-22 23:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 23:27 - 2012-09-22 23:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 23:03 - 2012-09-22 23:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 22:59 - 2012-09-22 23:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 22:51 - 2012-09-22 23:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 22:51 - 2012-09-22 23:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 22:51 - 2012-09-22 23:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 22:49 - 2012-09-22 23:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 22:48 - 2012-09-22 23:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 22:47 - 2012-09-22 23:01 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 22:47 - 2012-09-22 23:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 22:47 - 2012-09-22 23:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 22:45 - 2012-09-22 23:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 22:44 - 2012-09-22 23:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 22:44 - 2012-09-22 23:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 22:43 - 2012-09-22 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 22:40 - 2012-09-22 23:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-20 17:40 - 2012-08-20 17:27 - 516627571 ____A C:\Users\Matt\Downloads\comptroller.7z
2012-08-18 07:43 - 2012-10-10 03:49 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-08-18 07:43 - 2012-10-10 03:49 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-08-18 07:43 - 2012-10-10 03:49 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-08-18 07:42 - 2012-10-10 03:49 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-18 07:40 - 2012-10-10 03:49 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-08-18 07:37 - 2012-10-10 03:49 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-18 07:37 - 2012-10-10 03:49 - 00425984 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-18 07:34 - 2012-10-10 03:49 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-18 07:22 - 2012-10-10 03:49 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-18 01:07 - 2012-10-10 03:49 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-18 01:07 - 2012-10-10 03:49 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 01:07 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 01:07 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-13 15:55 - 2012-08-13 15:48 - 425896419 ____A C:\Users\Matt\Downloads\itsfillertime.7z
2012-08-10 16:53 - 2012-10-10 03:48 - 00714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-07 18:28 - 2012-08-07 18:12 - 579086835 ____A C:\Users\Matt\Downloads\lilitheve.7z
2012-08-02 09:55 - 2012-09-12 04:19 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 09:05 - 2012-09-12 04:19 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-07-31 15:54 - 2012-07-31 15:47 - 462755011 ____A C:\Users\Matt\Downloads\mayfaeday (1).7z
2012-07-23 17:53 - 2012-07-23 17:45 - 509087203 ____A C:\Users\Matt\Downloads\stakesauce.7z

ATTENTION: ========> Check for possible partition/boot infection:
C:\Windows\svchost.exe

==================== Known DLLs (Whitelisted) =================

C:\Windows\SysWOW64\kernel32.dll IS MISSING <==== ATTENTION!

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-11 06:52:48
Restore point made on: 2012-10-11 07:03:23
Restore point made on: 2012-10-11 07:37:22
Restore point made on: 2012-10-11 15:04:20
Restore point made on: 2012-10-11 20:22:29
Restore point made on: 2012-10-12 06:20:40
Restore point made on: 2012-10-15 11:01:35
Restore point made on: 2012-10-15 13:13:19
Restore point made on: 2012-10-15 20:19:27
Restore point made on: 2012-10-15 21:52:40

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 3032.36 MB
Available physical RAM: 2479.98 MB
Total Pagefile: 3030.51 MB
Available Pagefile: 2472.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:106.61 GB) NTFS
2 Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
4 Drive g: () (Removable) (Total:3.73 GB) (Free:3.25 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive y: detected. Check for MBR/Partition infection.

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 3823 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 218 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 14 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 218 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 16 KB

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 3823 MB Healthy

=========================================================

Last Boot: 2012-10-05 23:38

==================== End Of Log =============================
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

In FRST, place "kernel32.dll" in the search box, do a scan and post the log for the search...
 
DragonMaster Jay,

Thank you so much for taking the time to help. I've been fixing computers for many moons but this is the first time I've had to participate in a tech forum. I know when I'm beat, so I'm at your mercy! I won't be going to other forums or trying anything else. This rootkit has resisted everything I throw at it anyway. Here is the log file you requested.

Farbar Recovery Scan Tool (x64) Version: 15-10-2012
Ran by SYSTEM at 2012-10-16 20:59:22
Running from G:\

================== Search: "kernel32.dll" ===================

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_fc7f5397ba9be6d3\kernel32.dll
[2011-08-09 23:37] - [2011-07-15 20:49] - 1114112 ____A (Microsoft Corporation) D3CB12854171DF61D117D7C2BF22C675

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_fcbb64efba6df328\kernel32.dll
[2011-07-13 10:02] - [2011-05-13 23:33] - 0837632 ____A (Microsoft Corporation) CC5CBC069944E7EA70D8674478A70A37

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_fc0a565aa16ef5d0\kernel32.dll
[2011-08-09 23:37] - [2011-07-15 20:24] - 1114112 ____A (Microsoft Corporation) 99C3F8E9CC59D95666EB8D8A8B4C2BEB

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_fc3b97c6a1491e16\kernel32.dll
[2011-07-13 10:02] - [2011-05-13 22:22] - 0837632 ____A (Microsoft Corporation) 166116134C58DC36400DE59ACD64FB39

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_fad7ada7bd46d3d5\kernel32.dll
[2011-08-09 23:37] - [2011-07-15 20:21] - 1114112 ____A (Microsoft Corporation) 2113248DB2D1AF9CA790B09F3E6C6E85

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20978_none_fa9ef84dbd7012f1\kernel32.dll
[2011-07-13 10:02] - [2011-06-02 21:58] - 1114112 ____A (Microsoft Corporation) 6EB2AEE15C20681E323E9A3E334FE6CF

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_fa543a76a42398d3\kernel32.dll
[2011-07-13 10:02] - [2011-05-13 22:32] - 0837120 ____A (Microsoft Corporation) 40EACEE0B6432CBE2459A11B298E9D88

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_fa07813aa45d5150\kernel32.dll
[2009-07-13 15:16] - [2009-07-13 17:11] - 0836608 ____A (Microsoft Corporation) 606ECB76A424CC535407E7A24E2A34BC

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_f22aa945863b24d8\kernel32.dll
[2011-08-09 23:37] - [2011-07-15 21:28] - 1163264 ____A (Microsoft Corporation) 27AC02D8EE4C02E7648C41CB880151DA

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_f266ba9d860d312d\kernel32.dll
[2011-07-13 10:02] - [2011-05-13 23:11] - 1163264 ____A (Microsoft Corporation) 6743E8705A96FCBF71279B5AE2CCFDBC

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_f1b5ac086d0e33d5\kernel32.dll
[2011-08-09 23:37] - [2011-07-15 21:37] - 1162752 ____A (Microsoft Corporation) B9B42A302325537D7B9DC52D47F33A73

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_f1e6ed746ce85c1b\kernel32.dll
[2011-07-13 10:02] - [2011-05-13 23:20] - 1162752 ____A (Microsoft Corporation) 0E1B2E16235AA7F89F064EE75DFC905E

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_f083035588e611da\kernel32.dll
[2011-08-09 23:37] - [2011-07-15 21:21] - 1162240 ____A (Microsoft Corporation) 06835B46D9676BEDD80AF25ACF6845FD

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20978_none_f04a4dfb890f50f6\kernel32.dll
[2011-07-13 10:02] - [2011-06-02 22:54] - 1162240 ____A (Microsoft Corporation) 8225958BAC83EAFCDB6BAB6EE5EDF6E6

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_efff90246fc2d6d8\kernel32.dll
[2011-07-13 10:02] - [2011-05-13 23:36] - 1162240 ____A (Microsoft Corporation) 98DA1B7572DAD6BA10296E0DF0950B37

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_efb2d6e86ffc8f55\kernel32.dll
[2009-07-13 15:28] - [2009-07-13 17:41] - 1162240 ____A (Microsoft Corporation) 5B4B379AD10DEDA4EDA01B8C6961B193

C:\WINDOWS\System32\kernel32.dll
[2012-10-10 03:49] - [2012-08-18 07:37] - 1162240 ____A (Microsoft Corporation) 8E7F88A62E1AA28F15C0D6784E4C78B6

C:\WINDOWS\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll
[2011-06-28 07:42] - [2010-11-20 04:08] - 0837632 ____A (Microsoft Corporation) E80758CF485DB142FCA1EE03A34EAD05

C:\WINDOWS\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll
[2011-06-28 07:43] - [2010-11-20 05:26] - 1161216 ____A (Microsoft Corporation) 7A6326D96D53048FDEC542DF23D875A0

====== End Of Search ======
 
FRST Fixlist

Please download attached fixlist.txt below, and save it to your flash drive in the same location as FRST.exe. Make sure it maintains the same name, otherwise the fix will fail.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.
 

Attachments

  • fixlist.txt
    212 bytes · Views: 4
DragonMaster Jay,

Thanks again for looking at this problem. I have applied the fix and will reboot the machine now. Here's the log you requested:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-10-2012
Ran by SYSTEM at 2012-10-17 14:41:20 Run:1
Running from G:\

==============================================

Could not find C:\Windows\SysWOW64\kernel32.dll.
C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_efb2d6e86ffc8f55\kernel32.dll copied successfully to C:\Windows\SysWOW64\kernel32.dll

The operation completed successfully.
The operation completed successfully.

==== End of Fixlog ====
 
Okay, I've rebooted the machine and some behaviors are different. For one, programs still won't start, but instead of doing nothing, now return an error message.

"The application was unable to start correctly (0xc000007b). Press OK to close the application"

TDSSKiller.exe still returns no response or error message. Windows Defender is still detecting the rootkit. I haven't done anything else. Also I should mention, before I contacted the forum I had used Windows Defender Offline to scan for the rootkit. It failed in finding it. In a previous thread I was researching Broni had discovered Windows Defender had damaged the Partition Table. Could that be related my problem? Thanks again.
 
Try this, then try those programs again...

Please download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3

  • Save it to your Desktop.
  • Double click the RKill desktop icon.
  • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
  • Please post its log in your next reply.
  • After it has run successfully, delete RKill.
Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.
 
Thanks DragonMaster Jay

I've been at work for the last couple days so I'll try a new version of RKill once I get home. Although last I tried Rkill was one of the programs that simply refused to work within Windows, but I only had the .exe version. I'll try the others. Thanks again!
 
Alright I'm back to working on this!

Unfortunately none of those variations of rkill would execute.
 
ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
DragonMaster Jay

Thanks for continuing to help with this annoying problem. However combofix also will not run. In Windows, it simply does nothing like every other program. In safe mode, regardless of renaming, it returns "The application was unable to start correctly (0xc000007b). Press OK to close the application".

Any more ideas? I simply have no idea what else to do.
 
Try in Safe Mode please (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).
 
I did, as indicated above. That's where the program at least gives me an error message instead of doing nothing.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-10-2012 (ATTENTION: FRST version is 10 days old)
Ran by SYSTEM at 25-10-2012 20:42:02
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Matt\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Matt\...\CurrentVersion\Windows: [Load] C:\Users\Matt\AppData\Local\Temp\{50279~1.EXE
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-12-02] (Softthinks)
HKLM-x32\...\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120048 2009-12-02] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Matt\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ===================

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)

==================== Drivers (Whitelisted) =====================

3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-10-25 10:11 - 2012-10-25 08:09 - 04988915 ____A (Swearware) C:\Users\Matt\Desktop\explorer.exe
2012-10-22 18:52 - 2012-10-22 15:41 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\Matt\Desktop\rkill.scr
2012-10-22 18:52 - 2012-10-22 15:41 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\Matt\Desktop\rkill.com
2012-10-17 14:41 - 2009-07-13 17:41 - 01162240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-10-17 11:12 - 2011-11-23 08:26 - 01008092 ____A C:\Users\Matt\Desktop\iExplore.exe
2012-10-16 01:59 - 2012-10-16 01:59 - 00000000 ____D C:\FRST
2012-10-15 18:14 - 2012-10-15 18:14 - 00000000 ____D C:\Windows\Microsoft Antimalware
2012-10-15 17:23 - 2012-10-15 11:24 - 02213464 ____A (Kaspersky Lab ZAO) C:\Users\Matt\Desktop\TDSSKiller.exe
2012-10-15 17:04 - 2012-10-15 14:55 - 03941312 ____A (Piriform Ltd) C:\Users\Matt\Desktop\ccsetup323.exe
2012-10-15 13:35 - 2012-10-15 11:33 - 00080384 ____A C:\Users\Matt\Desktop\MBRCheck.exe
2012-10-11 16:26 - 2012-10-15 17:17 - 00000005 ____A C:\Users\Matt\AppData\Roaming\mbam.context.scan
2012-10-11 06:53 - 2012-10-25 10:23 - 00002228 ____A C:\Windows\setupact.log
2012-10-11 06:53 - 2012-10-11 06:53 - 00000000 ____A C:\Windows\setuperr.log
2012-10-11 04:58 - 2012-10-25 16:17 - 01527184 ____A C:\Windows\WindowsUpdate.log
2012-10-11 04:56 - 2012-10-25 10:23 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-11 04:56 - 2012-10-11 04:56 - 00007434 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-11 00:40 - 2012-10-11 00:40 - 00000000 ____D C:\Windows\Sun
2012-10-10 23:10 - 2012-10-10 23:10 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-10-10 15:29 - 2012-10-10 15:29 - 00000000 ____D C:\Users\Matt\Downloads\Wanderlust.2012.720p.BluRay.X264-BLOW [PublicHD]
2012-10-10 14:52 - 2012-10-10 14:53 - 00000000 ____D C:\Users\Matt\Downloads\HORRIBLE BOSSES 2011 UNCUT HD 720p BRRip 5.1AAC x264-ILPruny
2012-10-10 14:26 - 2012-10-10 14:37 - 00000000 ____D C:\Users\Matt\Downloads\Derailed[2005]Unrated.DvDrip[Eng]-aXXo
2012-10-10 14:25 - 2012-10-10 14:29 - 00000000 ____D C:\Users\Matt\Downloads\Just Go with It (2011) DVDRip XviD-MAXSPEED
2012-10-10 14:22 - 2012-10-10 14:25 - 00000000 ____D C:\Users\Matt\Downloads\The.Switch.DVDRip.XviD-VAMPS
2012-10-10 14:22 - 2012-10-10 14:22 - 00000000 ____D C:\Users\Matt\Downloads\Rumor.Has.It.2005.DVDRip.xVID-LRC
2012-10-10 14:21 - 2012-10-10 14:22 - 00000000 ____D C:\Users\Matt\Downloads\Katy.Perry.Part.of.Me.2012.HDRip.XVID.AC3.HQ.Hive-CM8
2012-10-10 10:05 - 2012-10-11 06:51 - 00000000 ____D C:\Windows\Minidump
2012-10-10 03:51 - 2012-06-01 21:25 - 01462784 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-10 03:51 - 2012-06-01 21:25 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-10 03:51 - 2012-06-01 21:25 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-10 03:50 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-10 03:49 - 2012-08-31 10:02 - 01656688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-10 03:49 - 2012-08-18 07:43 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-10-10 03:49 - 2012-08-18 07:43 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-10-10 03:49 - 2012-08-18 07:43 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-10-10 03:49 - 2012-08-18 07:42 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-10 03:49 - 2012-08-18 07:40 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-10-10 03:49 - 2012-08-18 07:37 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-10 03:49 - 2012-08-18 07:37 - 00425984 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-10 03:49 - 2012-08-18 07:34 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-10 03:49 - 2012-08-18 07:22 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 01:07 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 01:07 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 01:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 03:49 - 2012-08-18 01:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-10 03:48 - 2012-09-14 11:23 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-10 03:48 - 2012-08-10 16:53 - 00714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-09 20:52 - 2012-10-09 21:26 - 00000000 ____D C:\Users\Matt\Downloads\The Pact (2012) BRRip Xvid AC3-Anarchy
2012-10-09 19:58 - 2012-10-09 20:23 - 00000000 ____D C:\Users\Matt\Downloads\The.Artist.2011.720p.BRRip.x264.AAC-ViSiON
2012-10-09 19:56 - 2012-10-09 20:42 - 00000000 ____D C:\Users\Matt\Downloads\The Five-Year Engagement.2012.Unrated.DVDRip.XviD.AbSurdiTy
2012-10-09 19:35 - 2012-10-09 19:39 - 00000000 ____D C:\Users\Matt\Downloads\THE BACK-UP PLAN [2010] DVD Rip Xvid [StB]
2012-10-09 19:34 - 2012-10-09 20:47 - 00000000 ____D C:\Users\Matt\Downloads\The.Lucky.One.2012.BDRip.XviD-AMIABLE
2012-10-09 19:34 - 2012-10-09 20:18 - 00000000 ____D C:\Users\Matt\Downloads\Safe.DVDRip.XviD-DoNE
2012-10-09 19:23 - 2012-10-09 19:32 - 00000000 ____D C:\Users\Matt\Downloads\People.Like.Us.2012.DVDRip.XviD-SPARKS
2012-10-09 19:22 - 2012-10-09 19:23 - 00000000 ____D C:\Users\Matt\Downloads\Magic.Mike.2012.R5.DVDRip.XviD-RESiSTANCE
2012-10-09 18:47 - 2012-10-09 18:59 - 00000000 ____D C:\Users\Matt\Downloads\Aeon.Flux[2005]DvDrip.AC3[Eng]-aXXo
2012-10-09 18:43 - 2012-10-09 19:21 - 00000000 ____D C:\Users\Matt\Downloads\Hancock[2008]DvDrip-aXXo
2012-10-09 18:42 - 2012-10-09 19:20 - 735417958 ____A C:\Users\Matt\Downloads\Monster.2003.DvdRip.Xvid Noir.[UsaBit.com].avi
2012-10-09 18:40 - 2012-10-09 22:15 - 735567872 ____A C:\Users\Matt\Downloads\North.Country[2005]DvDrip[Eng]-aXXo.avi
2012-10-09 18:38 - 2012-10-09 18:58 - 00000000 ____D C:\Users\Matt\Downloads\The Cider House Rules
2012-10-09 17:57 - 2012-10-09 18:16 - 736165888 ____A C:\Users\Matt\Downloads\50.50.2011.DVDScr.XviD-playXD.avi
2012-10-09 16:47 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-10-09 16:08 - 2012-10-09 16:19 - 00000000 ____D C:\Users\Matt\Downloads\El Espinazo del Diablo (Kregoslup Diabla) (2001) [DivX] DVDRiP]
2012-10-09 16:04 - 2012-10-09 16:13 - 00000000 ____D C:\Users\Matt\Downloads\The.Orphanage[El.Orfanato][2007]DvDrip[Eng.Hard.Subs]-aXXo
2012-10-09 15:45 - 2012-10-09 15:47 - 00000000 ____D C:\Users\Matt\Downloads\Young Adult[2011]BRRip XviD-ETRG
2012-10-09 15:44 - 2012-10-09 15:48 - 00000000 ____D C:\Users\Matt\Downloads\Fright.Night.2011.BRRip.XviD.AC3-LYCAN
2012-10-08 15:41 - 2012-10-08 15:50 - 00000000 ____D C:\Users\Matt\few.dollars
2012-10-08 15:03 - 2012-10-08 15:36 - 00000000 ____D C:\Users\Matt\Aliens Special Edition (1986)
2012-10-08 15:02 - 2012-10-08 16:05 - 00000000 ____D C:\Users\Matt\Dirty Harry (1971)
2012-10-08 14:59 - 2012-10-08 15:06 - 00000000 ____D C:\Users\Matt\Downloads\Cool.Hand.Luke.1967.592x240.25fps.689kbs.96mp3.MultiSub.WunSeeDee
2012-10-07 17:54 - 2012-10-08 14:49 - 00000000 ____D C:\Users\Matt\Downloads\John Wayne - The Searchers [1956] DVDRIP
2012-10-07 17:53 - 2012-10-08 13:45 - 00000000 ____D C:\Users\Matt\Downloads\There Will Be Blood (2007)
2012-10-07 17:52 - 2012-10-08 14:54 - 840620032 ____A C:\Users\Matt\Downloads\Midnight.Run[1988]DvDrip.AC3[Eng]-Zeus_Dias.avi
2012-10-07 17:37 - 2012-10-08 15:21 - 00000000 ____D C:\Users\Matt\Downloads\Alien Directors Cut (1979)
2012-10-07 17:37 - 2012-10-07 17:50 - 00000000 ____D C:\Users\Matt\Downloads\John Wayne - The Cowboys [1972] TVRIP
2012-10-07 17:36 - 2012-10-08 15:44 - 00000000 ____D C:\Users\Matt\Downloads\Once.Upon.A.Time.In.The.West.1968.528.25fps.538kbps.V5mp3.WunSeeDee
2012-10-07 17:35 - 2012-10-08 15:08 - 00000000 ____D C:\Users\Matt\Downloads\LA Confidential {1997} 720p BRRip x264 - HDMiCRO by Mr. KickASS
2012-10-07 17:28 - 2012-10-07 19:47 - 00000000 ____D C:\Users\Matt\Downloads\Inglourious Basterds (2009) DVDRip XviD-MAXSPEED
2012-10-07 17:25 - 2012-10-08 13:45 - 00000000 ____D C:\Users\Matt\Downloads\Leon[The Professional]1994.DvdRip.eng
2012-10-07 17:16 - 2012-10-07 19:47 - 00000000 ____D C:\Users\Matt\Downloads\The Imaginarium of Doctor Parnassus[2009]DvDrip[Eng]-FXG
2012-10-07 17:10 - 2012-10-07 17:10 - 00000000 ____D C:\Users\Matt\Downloads\A Beautiful Mind 2001 dvdrip.(www.USABIT.com)
2012-10-07 17:08 - 2012-10-07 19:47 - 00000000 ____D C:\Users\Matt\Downloads\The Godfather Trilogy Part 1, 2 & 3 DVDRip
2012-10-06 17:26 - 2012-10-06 17:37 - 00000000 ____D C:\Users\Matt\Downloads\Abraham.Lincoln.Vampire.Hunter.2012.TS.XviD-ADTRG
2012-10-03 17:29 - 2012-10-03 17:29 - 00000000 ____D C:\Users\Matt\Downloads\Underworld Awakening[2012]R5 Full Line XviD-ETRG
2012-10-03 17:22 - 2012-10-03 17:46 - 00000000 ____D C:\Users\Matt\Downloads\Chernobyl.Diaries.2012.DVDRip.XviD-PTpOWeR
2012-10-03 17:17 - 2012-10-03 17:18 - 00000000 ____D C:\Users\Matt\Downloads\Snow.White.and.the.Huntsman.2012.EXTENDED.BDRip.XviD-AMIABLE
2012-10-03 16:26 - 2012-10-03 17:25 - 00000000 ____D C:\Users\Matt\Downloads\The.Amazing.Spiderman.2012.TS.XViD.AC3.Hive-CM8
2012-10-03 16:04 - 2012-10-03 16:18 - 00000000 ____D C:\Users\Matt\Downloads\[ www.Torrenting.com ] - The.Avengers.2012.DVDRip.XviD-NYDIC
2012-09-30 16:58 - 2012-09-30 17:02 - 00000000 ____D C:\Users\Matt\Downloads\[ www.Torrenting.com ] - VHS.2012.VODRip.XviD-AQOS
2012-09-30 15:56 - 2012-09-30 15:56 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Malwarebytes
2012-09-30 15:56 - 2012-09-30 15:56 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-30 15:56 - 2012-09-30 15:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-30 15:56 - 2012-09-07 13:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-30 15:55 - 2012-09-30 15:56 - 00000000 ____D C:\Users\Matt\Downloads\Paranorman.2012.TS.XViD.READNFO-MATiNE
2012-09-30 15:47 - 2012-09-30 15:47 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Mozilla
2012-09-30 15:47 - 2012-09-30 15:47 - 00000000 ____D C:\Users\Matt\AppData\Local\Mozilla
2012-09-30 15:47 - 2012-09-30 15:47 - 00000000 ____D C:\Users\All Users\Mozilla
2012-09-30 15:43 - 2012-09-30 15:43 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-09-30 15:42 - 2012-10-11 03:43 - 00000000 ____D C:\Users\Matt\AppData\Roaming\uTorrent


==================== 3 Months Modified Files ==================

2012-10-25 16:17 - 2012-10-11 04:58 - 01527184 ____A C:\Windows\WindowsUpdate.log
2012-10-25 10:31 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-25 10:31 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-25 10:28 - 2009-07-13 21:13 - 00005152 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-25 10:23 - 2012-10-11 06:53 - 00002228 ____A C:\Windows\setupact.log
2012-10-25 10:23 - 2012-10-11 04:56 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-25 08:09 - 2012-10-25 10:11 - 04988915 ____A (Swearware) C:\Users\Matt\Desktop\explorer.exe
2012-10-22 15:41 - 2012-10-22 18:52 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\Matt\Desktop\rkill.scr
2012-10-22 15:41 - 2012-10-22 18:52 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\Matt\Desktop\rkill.com
2012-10-15 19:10 - 2009-07-13 20:45 - 00369448 ____A C:\Windows\System32\FNTCACHE.DAT
2012-10-15 17:17 - 2012-10-11 16:26 - 00000005 ____A C:\Users\Matt\AppData\Roaming\mbam.context.scan
2012-10-15 14:55 - 2012-10-15 17:04 - 03941312 ____A (Piriform Ltd) C:\Users\Matt\Desktop\ccsetup323.exe
2012-10-15 11:33 - 2012-10-15 13:35 - 00080384 ____A C:\Users\Matt\Desktop\MBRCheck.exe
2012-10-15 11:24 - 2012-10-15 17:23 - 02213464 ____A (Kaspersky Lab ZAO) C:\Users\Matt\Desktop\TDSSKiller.exe
2012-10-11 06:53 - 2012-10-11 06:53 - 00000000 ____A C:\Windows\setuperr.log
2012-10-11 04:56 - 2012-10-11 04:56 - 00007434 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-10 23:10 - 2012-10-10 23:10 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-10-10 23:08 - 2011-06-26 17:02 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-09 22:15 - 2012-10-09 18:40 - 735567872 ____A C:\Users\Matt\Downloads\North.Country[2005]DvDrip[Eng]-aXXo.avi
2012-10-09 19:20 - 2012-10-09 18:42 - 735417958 ____A C:\Users\Matt\Downloads\Monster.2003.DvdRip.Xvid Noir.[UsaBit.com].avi
2012-10-09 18:16 - 2012-10-09 17:57 - 736165888 ____A C:\Users\Matt\Downloads\50.50.2011.DVDScr.XviD-playXD.avi
2012-10-09 16:46 - 2010-02-24 07:59 - 01404402 ____A C:\Windows\PFRO.log
2012-10-08 14:54 - 2012-10-07 17:52 - 840620032 ____A C:\Users\Matt\Downloads\Midnight.Run[1988]DvDrip.AC3[Eng]-Zeus_Dias.avi
2012-10-01 23:01 - 2011-06-26 15:57 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-19 11:04 - 2012-09-19 11:04 - 00001144 ____A C:\Users\Matt\Documents\TV Shows.txt
2012-09-14 11:23 - 2012-10-10 03:48 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-07 13:04 - 2012-09-30 15:56 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-31 10:02 - 2012-10-10 03:49 - 01656688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-30 18:03 - 2012-08-30 18:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-30 18:03 - 2010-10-24 17:25 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-08-27 19:25 - 2012-08-27 19:12 - 554865571 ____A C:\Users\Matt\Downloads\flyonthewall.7z
2012-08-24 10:05 - 2012-10-10 03:50 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 03:15 - 2012-09-22 23:00 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:39 - 2012-09-22 23:00 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 02:31 - 2012-09-22 23:00 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 02:22 - 2012-09-22 23:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 02:21 - 2012-09-22 23:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 02:20 - 2012-09-22 23:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 02:18 - 2012-09-22 23:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 02:17 - 2012-09-22 23:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 02:14 - 2012-09-22 23:00 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 02:14 - 2012-09-22 23:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 02:13 - 2012-09-22 23:00 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 02:12 - 2012-09-22 23:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 02:11 - 2012-09-22 23:00 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 02:10 - 2012-09-22 23:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 02:09 - 2012-09-22 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 02:04 - 2012-09-22 23:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 23:27 - 2012-09-22 23:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 23:03 - 2012-09-22 23:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 22:59 - 2012-09-22 23:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 22:51 - 2012-09-22 23:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 22:51 - 2012-09-22 23:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 22:51 - 2012-09-22 23:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 22:49 - 2012-09-22 23:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 22:48 - 2012-09-22 23:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 22:47 - 2012-09-22 23:01 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 22:47 - 2012-09-22 23:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 22:47 - 2012-09-22 23:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 22:45 - 2012-09-22 23:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 22:44 - 2012-09-22 23:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 22:44 - 2012-09-22 23:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 22:43 - 2012-09-22 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 22:40 - 2012-09-22 23:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-20 17:40 - 2012-08-20 17:27 - 516627571 ____A C:\Users\Matt\Downloads\comptroller.7z
2012-08-18 07:43 - 2012-10-10 03:49 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-08-18 07:43 - 2012-10-10 03:49 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-08-18 07:43 - 2012-10-10 03:49 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-08-18 07:42 - 2012-10-10 03:49 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-18 07:40 - 2012-10-10 03:49 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-08-18 07:37 - 2012-10-10 03:49 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-18 07:37 - 2012-10-10 03:49 - 00425984 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-18 07:34 - 2012-10-10 03:49 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-18 07:22 - 2012-10-10 03:49 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-18 01:07 - 2012-10-10 03:49 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-18 01:07 - 2012-10-10 03:49 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 01:07 - 2012-10-10 03:49 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 01:07 - 2012-10-10 03:49 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-13 15:55 - 2012-08-13 15:48 - 425896419 ____A C:\Users\Matt\Downloads\itsfillertime.7z
2012-08-10 16:53 - 2012-10-10 03:48 - 00714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-07 18:28 - 2012-08-07 18:12 - 579086835 ____A C:\Users\Matt\Downloads\lilitheve.7z
2012-08-02 09:55 - 2012-09-12 04:19 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 09:05 - 2012-09-12 04:19 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-07-31 15:54 - 2012-07-31 15:47 - 462755011 ____A C:\Users\Matt\Downloads\mayfaeday (1).7z

ATTENTION: ========> Check for possible partition/boot infection:
C:\Windows\svchost.exe

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-23 23:25:08
Restore point made on: 2012-10-24 23:00:21

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3032.36 MB
Available physical RAM: 2488.88 MB
Total Pagefile: 3030.51 MB
Available Pagefile: 2491.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:108.13 GB) NTFS
2 Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
4 Drive g: () (Removable) (Total:3.73 GB) (Free:3.24 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 3823 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 218 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 14 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 218 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 16 KB

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 3823 MB Healthy

=========================================================

Last Boot: 2012-10-17 11:31

==================== End Of Log =============================
 
Back to Normal Mode...

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg


-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg


------------------------

Click the Start Scan button.

tdss_3.jpg


-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


tdss_4.jpg


----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


tdss_5.jpg



--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
 
Oh dear... We're right back to my original post. I'd love to run TDSSKiller.exe and just remove the rootkit but it won't work. It won't run in Normal Mode or Safe mode.

Normal Mode: Does nothing.

Safe Mode: "The application was unable to start correctly (0xc000007b). Press OK to close the application".
 
Okay...moving along:

RogueKiller Scan

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
RGKRScan.png


  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
RGKRDelete.png


  • The report has been created on the desktop.
  • Next click on the ShortcutsFix

    RGKRShortcutsFix.png
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.
 
DragonMaster Jay

Thanks for continual support with this problem. The program you linked to returns the same error message as the rest. I found out something interesting though. It turns out Window7 can't run 32bit programs at all, but 64bit programs previously installed on the system are working, including 64-bit Internet Explorer. However 64bit programs that are new to the system return the same error message. Could this mean the translation within Windows to run 32bit programs in the 64bit environment is damaged?
 
Windows 7 x64 can run 32-bit programs. WOW64 is the x86 emulator that allows 32-bit Windows-based applications to run on 64-bit Windows.

Let's be continual in our trial...

RKill by Grinler
Version 1
Version 2
  • Download Version 1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Version 2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.
This only kills the active infection, the actual infection will not be gone.
 
Hello! Are you still with us? Your topic is now marked inactive, because you have lacked to reply.

However, we'd like to still help. Please update us on the state of your PC.
 
You must log in or register to reply here.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
792
uber_beetle
uber_beetle

Latest posts

Back