Inactive windows 7 64 bit google redirect virus

broni · 2011/12/29

Reopened.

jabdude84 · 2011/12/29

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.0
Ran by dabradfords at 2011-12-28 16:08:32
Running from C:\Users\dabradfords\Desktop
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

========================== Registry (Whitelisted) =============

HKU\danielle\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1668664 2009-07-15] (Hewlett-Packard)
HKU\danielle\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-08-16] (Hewlett-Packard Company)
HKU\danielle\...\Policies\system: [WallpaperStyle] 2
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit]
HKLM\...\Winlogon: [Shell]
HKLM-x32\...\Winlogon: [Shell] [x x] ()

==================== Services (Whitelisted) ======

========================== Drivers (Whitelisted) =============

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-12-28 16:04 - 2011-12-28 16:04 - 1377585 ____A C:\Users\dabradfords\Desktop\FRST64.exe
2011-12-28 07:12 - 2011-12-28 07:12 - 0018632 ____A C:\Windows\System32\hs_err_pid3464.log
2011-12-22 10:18 - 2011-12-28 16:03 - 0000000 __SHD C:\$RECYCLE.BIN
2011-12-22 10:17 - 2011-12-22 10:17 - 0203339 ____A C:\Users\dabradfords\Desktop\combolog.txt
2011-12-22 10:16 - 2011-12-22 10:16 - 0203339 ____A C:\ComboFix.txt
2011-12-22 09:58 - 2011-12-22 09:58 - 0018664 ____A C:\Windows\System32\hs_err_pid2644.log
2011-12-22 07:10 - 2011-12-22 07:10 - 0018639 ____A C:\Windows\System32\hs_err_pid3732.log
2011-12-21 21:58 - 2011-12-22 10:17 - 0000000 ____D C:\ComboFix
2011-12-21 21:51 - 2011-12-21 21:51 - 4347226 ____R (Swearware) C:\Users\dabradfords\Desktop\ComboFix.exe
2011-12-21 18:39 - 2011-12-21 18:39 - 0018646 ____A C:\Windows\System32\hs_err_pid2584.log
2011-12-21 13:41 - 2011-12-21 13:41 - 0000510 ____A C:\Users\dabradfords\Desktop\bootkit.txt
2011-12-21 13:39 - 2011-12-21 13:39 - 0063027 ____A C:\Windows\SysWOW64\bootkit_remover_debug_log.txt
2011-12-21 13:37 - 2011-12-21 13:38 - 0000000 ____D C:\Users\dabradfords\Desktop\bootkit_remover(1)
2011-12-21 13:36 - 2011-12-21 13:36 - 0044607 ____A C:\Users\dabradfords\Desktop\bootkit_remover(1).zip
2011-12-20 20:17 - 2011-12-20 21:18 - 0001106 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2011-12-20 20:17 - 2011-12-20 21:18 - 0000000 ____D C:\Program Files (x86)\World of Warcraft
2011-12-20 20:17 - 2011-12-20 20:32 - 0000000 ____D C:\Users\All Users\Blizzard Entertainment
2011-12-20 20:17 - 2011-12-20 20:32 - 0000000 ____D C:\ProgramData\Blizzard Entertainment
2011-12-20 20:14 - 2011-12-20 20:16 - 32157120 ____A C:\Users\dabradfords\Downloads\WOW-4.0.0.12911-enUS-Trial.exe
2011-12-20 12:22 - 2011-12-20 12:22 - 0010752 ____A C:\Users\dabradfords\Documents\MAINTENANCE DECEMBER 2011.xlr
2011-12-20 08:59 - 2011-12-20 08:59 - 1577264 ____A (Kaspersky Lab ZAO) C:\Users\dabradfords\Desktop\tdsskiller.exe
2011-12-19 17:03 - 2011-12-19 17:03 - 0018624 ____A C:\Windows\System32\hs_err_pid2560.log
2011-12-19 15:00 - 2011-12-19 15:00 - 0018624 ____A C:\Windows\System32\hs_err_pid1796.log
2011-12-18 15:00 - 2011-12-18 15:00 - 0018741 ____A C:\Windows\System32\hs_err_pid3036.log
2011-12-17 18:43 - 2011-12-17 18:43 - 0302592 ____A C:\Users\dabradfords\Desktop\9oi5xgex.exe
2011-12-17 18:33 - 2011-12-17 18:35 - 0001042 ____A C:\Users\dabradfords\Desktop\aswMBR - Shortcut.lnk
2011-12-17 18:33 - 2011-12-17 18:33 - 1916416 ____A (AVAST Software) C:\Users\dabradfords\Desktop\aswMBR.exe
2011-12-17 18:22 - 2011-12-17 18:22 - 0000000 ____D C:\Users\dabradfords\Downloads\JavaRa
2011-12-17 18:20 - 2011-12-17 18:20 - 0160350 ____A C:\Users\dabradfords\Downloads\JavaRa.zip
2011-12-17 18:14 - 2011-11-10 05:54 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2011-12-17 18:14 - 2011-11-10 05:54 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2011-12-17 18:14 - 2011-11-10 05:54 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2011-12-17 18:12 - 2011-12-17 18:14 - 0004865 ____A C:\Windows\SysWOW64\jupdate-1.6.0_30-b12.log
2011-12-17 18:12 - 2011-12-17 18:12 - 0018653 ____A C:\Windows\System32\hs_err_pid1236.log
2011-12-17 18:09 - 2011-12-17 18:09 - 0910112 ____A (Sun Microsystems, Inc.) C:\Users\dabradfords\Downloads\jxpiinstall.exe
2011-12-17 15:52 - 2011-12-17 15:52 - 0018614 ____A C:\Windows\System32\hs_err_pid3916.log
2011-12-17 15:23 - 2011-12-17 15:23 - 0000129 ____A C:\Windows\System32\MRT.INI
2011-12-17 15:05 - 2011-11-03 20:36 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-12-17 15:05 - 2011-11-03 20:35 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-12-17 15:05 - 2011-11-03 20:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-12-17 15:05 - 2011-11-03 17:32 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-12-17 15:05 - 2011-11-03 17:31 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-12-17 15:04 - 2011-11-03 21:38 - 17786368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-12-17 15:04 - 2011-11-03 20:59 - 10886656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-12-17 15:04 - 2011-11-03 20:53 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-12-17 15:04 - 2011-11-03 20:46 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-12-17 15:04 - 2011-11-03 20:44 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-12-17 15:04 - 2011-11-03 20:44 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-12-17 15:04 - 2011-11-03 20:43 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-12-17 15:04 - 2011-11-03 20:41 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-12-17 15:04 - 2011-11-03 20:39 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-12-17 15:04 - 2011-11-03 20:30 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-12-17 15:04 - 2011-11-03 18:02 - 12279808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-12-17 15:04 - 2011-11-03 17:47 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-12-17 15:04 - 2011-11-03 17:46 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-12-17 15:04 - 2011-11-03 17:40 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-12-17 15:04 - 2011-11-03 17:40 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-12-17 15:04 - 2011-11-03 17:39 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-12-17 15:04 - 2011-11-03 17:38 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-12-17 15:04 - 2011-11-03 17:37 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-12-17 15:04 - 2011-11-03 17:34 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-12-17 15:04 - 2011-11-03 17:32 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-12-17 15:04 - 2011-11-03 17:28 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-12-17 14:50 - 2011-12-17 14:50 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2011-12-17 11:39 - 2011-12-17 11:39 - 0018634 ____A C:\Windows\System32\hs_err_pid3008.log
2011-12-16 08:33 - 2011-12-16 08:33 - 0018638 ____A C:\Windows\System32\hs_err_pid2524.log
2011-12-15 22:17 - 2011-12-15 22:17 - 0018632 ____A C:\Windows\System32\hs_err_pid2532.log
2011-12-15 22:13 - 2011-12-15 22:13 - 0013389 ____A C:\Users\dabradfords\Desktop\OTL - Shortcut.lnk
2011-12-15 14:27 - 2011-12-15 14:27 - 0018618 ____A C:\Windows\System32\hs_err_pid3624.log
2011-12-14 22:04 - 2011-12-14 22:04 - 0018608 ____A C:\Windows\System32\hs_err_pid3560.log
2011-12-14 11:41 - 2011-12-14 11:41 - 0018629 ____A C:\Windows\System32\hs_err_pid3716.log
2011-12-13 23:27 - 2011-12-13 23:27 - 0018617 ____A C:\Windows\System32\hs_err_pid1724.log
2011-12-13 23:18 - 2011-12-13 23:18 - 0208710 ____A C:\Users\dabradfords\Downloads\Attachments.zip
2011-12-13 22:35 - 2011-11-23 23:52 - 3145216 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-12-13 22:35 - 2011-11-05 00:32 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-12-13 22:35 - 2011-11-04 23:26 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2011-12-13 22:35 - 2011-10-26 00:21 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-12-13 22:35 - 2011-10-15 01:31 - 0723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2011-12-13 22:35 - 2011-10-15 00:38 - 0534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2011-12-11 18:19 - 2011-10-16 08:49 - 0002377 ____A C:\Users\Public\Desktop\Norton 360.lnk
2011-12-11 17:52 - 2011-06-26 01:45 - 0256000 ____A C:\Windows\PEV.exe
2011-12-11 17:52 - 2010-11-07 12:20 - 0208896 ____A C:\Windows\MBR.exe
2011-12-11 17:52 - 2009-04-19 23:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2011-12-11 17:52 - 2000-08-30 19:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2011-12-11 17:52 - 2000-08-30 19:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2011-12-11 17:52 - 2000-08-30 19:00 - 0098816 ____A C:\Windows\sed.exe
2011-12-11 17:52 - 2000-08-30 19:00 - 0080412 ____A C:\Windows\grep.exe
2011-12-11 17:52 - 2000-08-30 19:00 - 0068096 ____A C:\Windows\zip.exe
2011-12-11 17:51 - 2011-12-11 20:46 - 0000000 ____D C:\Windows\ERDNT
2011-12-11 17:49 - 2011-12-22 10:17 - 0000000 ____D C:\Qoobox
2011-12-11 17:19 - 2011-12-11 17:19 - 0018630 ____A C:\Windows\System32\hs_err_pid3720.log
2011-12-11 17:15 - 2011-12-11 17:16 - 0000000 ____D C:\Users\dabradfords\Downloads\bootkit_remover
2011-12-11 17:14 - 2011-12-11 17:14 - 0044607 ____A C:\Users\dabradfords\Downloads\bootkit_remover.zip
2011-12-11 17:07 - 2011-12-11 17:07 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{37740387-D7C1-446F-B052-2ACB48A57E5A}
2011-12-11 17:01 - 2011-12-11 17:01 - 0920384 ____A C:\Users\dabradfords\Downloads\Norton_Removal_Tool.exe
2011-12-11 16:25 - 2011-12-11 16:25 - 0607260 ____R (Swearware) C:\Users\dabradfords\Downloads\dds.scr
2011-12-11 14:45 - 2011-12-11 14:45 - 1916416 ____A (AVAST Software) C:\Users\dabradfords\Downloads\aswMBR(1).exe
2011-12-11 12:56 - 2011-12-11 12:54 - 0302592 ____A C:\Users\dabradfords\Downloads\2qqjbw2h.exe
2011-12-11 10:16 - 2011-12-11 10:16 - 0001883 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2011-12-11 10:16 - 2011-11-28 12:54 - 0591192 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2011-12-11 10:16 - 2011-11-28 12:53 - 0304472 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2011-12-11 10:16 - 2011-11-28 12:52 - 0058712 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2011-12-11 10:16 - 2011-11-28 12:52 - 0042328 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2011-12-11 10:16 - 2011-11-28 12:51 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2011-12-11 10:15 - 2011-12-11 10:15 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2011-12-11 10:15 - 2011-11-28 13:01 - 0256960 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2011-12-11 10:15 - 2011-11-28 12:52 - 0066904 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2011-12-11 10:14 - 2011-12-11 10:14 - 0000000 ____D C:\Users\All Users\AVAST Software
2011-12-11 10:14 - 2011-12-11 10:14 - 0000000 ____D C:\ProgramData\AVAST Software
2011-12-11 10:14 - 2011-12-11 10:14 - 0000000 ____D C:\Program Files\AVAST Software
2011-12-11 10:14 - 2011-11-28 13:01 - 0199816 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2011-12-11 10:14 - 2011-11-28 13:01 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2011-12-11 10:09 - 2011-12-11 10:12 - 64207032 ____A C:\Users\dabradfords\Downloads\setup_av_free_cnet.exe
2011-12-04 19:22 - 2011-12-04 19:22 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{3D389015-ABB0-4634-BB73-906DEDBF8812}
2011-12-04 19:21 - 2011-12-04 19:22 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{AF256379-D586-43FA-A487-32A5185DE43F}
2011-12-02 16:53 - 2011-12-16 06:48 - 0002340 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2011-12-02 16:53 - 2011-11-19 06:35 - 0002212 ____A C:\Users\Public\Desktop\Google Earth.lnk
2011-12-02 16:53 - 2011-11-13 10:53 - 0002179 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2011-12-02 16:53 - 2011-07-09 07:55 - 0001939 ____A C:\Users\Public\Desktop\Play Plant Tycoon.lnk
2011-12-02 16:53 - 2011-07-09 07:55 - 0001254 ____A C:\Users\Public\Desktop\More Great Games.lnk
2011-12-02 16:53 - 2011-07-09 07:53 - 0002003 ____A C:\Users\Public\Desktop\Play Alice Greenfingers.lnk
2011-12-02 16:53 - 2011-07-09 07:52 - 0001696 ____A C:\Users\Public\Desktop\Game Manager.lnk
2011-12-02 16:53 - 2011-05-05 10:10 - 0002014 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2011-12-02 16:53 - 2011-05-05 10:07 - 0001138 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2011-12-02 16:53 - 2011-04-13 19:02 - 0002037 ____A C:\Users\Public\Desktop\Play Saints and Sinners Bingo.lnk
2011-12-02 16:53 - 2011-04-13 18:59 - 0002087 ____A C:\Users\Public\Desktop\Play Brain Training for Dummies.lnk
2011-12-02 16:53 - 2011-03-23 13:38 - 0002098 ____A C:\Users\Public\Desktop\Play Shop-N-Spree Family Fortune.lnk
2011-12-02 16:53 - 2011-03-23 13:33 - 0001928 ____A C:\Users\Public\Desktop\Play Garden Dash.lnk
2011-12-02 16:53 - 2011-03-23 13:29 - 0002040 ____A C:\Users\Public\Desktop\Play Farm Mania - Hot Vacation.lnk
2011-12-02 16:53 - 2011-03-06 20:02 - 0001258 ____A C:\Users\Public\Desktop\EA Download Manager.lnk
2011-12-02 16:53 - 2010-12-23 18:36 - 0001109 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2011-12-02 16:53 - 2010-05-17 15:46 - 0001315 ____A C:\Users\Public\Desktop\HP Solution Center.lnk
2011-12-02 16:53 - 2010-04-15 07:03 - 0001751 ____A C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
2011-12-02 16:53 - 2010-01-19 19:26 - 0002035 ____A C:\Users\Public\Desktop\MyInvoices & Estimates Deluxe 10.0.lnk
2011-12-02 16:53 - 2009-07-13 23:54 - 0000174 __ASH C:\Users\All Users\Start Menu\Programs\Startup\desktop.ini
2011-12-02 16:37 - 2011-12-02 16:37 - 0684297 ____A C:\Users\dabradfords\Downloads\unhide.exe
2011-12-02 15:15 - 2011-12-02 15:16 - 9851496 ____A (Malwarebytes Corporation ) C:\Users\dabradfords\Downloads\mbam-setup(1).exe
2011-12-02 15:11 - 2011-12-02 15:12 - 9851496 ____A (Malwarebytes Corporation ) C:\Users\dabradfords\Downloads\mbam-setup.exe
2011-12-02 15:01 - 2011-12-02 15:03 - 0000361 ____A C:\rkill.log
2011-12-02 14:57 - 2011-12-02 14:57 - 1008114 ____A C:\Users\dabradfords\Downloads\iExplore.exe
2011-12-02 14:50 - 2011-12-02 14:50 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{DE72F813-B8F7-4A5B-BA82-4711F0AEDF1E}
2011-12-02 14:49 - 2011-12-02 14:50 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{165C573C-A68A-4C06-AA61-B879965688A1}
2011-12-02 11:07 - 2011-12-02 11:08 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{2DD4E063-FB2E-45E3-8251-EDFB50C291D5}
2011-12-02 11:03 - 2011-12-02 11:03 - 0000000 ____D C:\Users\dabradfords\AppData\Local\Symantec
2011-12-02 10:49 - 2011-12-02 10:50 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{5D290B53-9CF1-46D3-B787-BF72649AF35E}
2011-12-02 10:49 - 2011-12-02 10:49 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{BCA716E9-61EC-461D-81E0-A3AB57A7E915}

============ 3 Months Modified Files and Folders =============

2011-12-28 16:08 - 2011-12-28 16:08 - 0000000 ____D C:\FRST
2011-12-28 16:07 - 2009-07-13 23:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-12-28 16:07 - 2009-07-13 23:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-12-28 16:05 - 2009-08-25 03:37 - 1807413 ____A C:\Windows\WindowsUpdate.log
2011-12-28 16:04 - 2011-12-28 16:04 - 1377585 ____A C:\Users\dabradfords\Desktop\FRST64.exe
2011-12-28 16:03 - 2011-12-22 10:18 - 0000000 __SHD C:\$RECYCLE.BIN
2011-12-28 15:57 - 2009-12-25 17:23 - 0000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-12-28 15:57 - 2009-11-27 22:44 - 0000192 ____A C:\Users\All Users\HPWALog.txt
2011-12-28 15:57 - 2009-11-27 22:44 - 0000192 ____A C:\ProgramData\HPWALog.txt
2011-12-28 15:56 - 2009-08-25 03:34 - 3145089024 __ASH C:\hiberfil.sys
2011-12-28 15:56 - 2009-07-14 00:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-12-28 15:56 - 2009-07-13 23:51 - 0069608 ____A C:\Windows\setupact.log
2011-12-28 15:55 - 2009-12-25 17:23 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-12-28 07:12 - 2011-12-28 07:12 - 0018632 ____A C:\Windows\System32\hs_err_pid3464.log
2011-12-28 07:07 - 2011-07-24 09:50 - 0000356 ____A C:\Windows\Tasks\HPCeeScheduleFordabradfords.job
2011-12-27 20:25 - 2009-11-29 21:02 - 0000052 ____A C:\Windows\SysWOW64\DOErrors.log
2011-12-22 10:20 - 2010-01-16 15:09 - 0005162 ____A C:\Users\dabradfords\AppData\Roaming\wklnhst.dat
2011-12-22 10:17 - 2011-12-22 10:17 - 0203339 ____A C:\Users\dabradfords\Desktop\combolog.txt
2011-12-22 10:17 - 2011-12-21 21:58 - 0000000 ____D C:\ComboFix
2011-12-22 10:17 - 2011-12-11 17:49 - 0000000 ____D C:\Qoobox
2011-12-22 10:16 - 2011-12-22 10:16 - 0203339 ____A C:\ComboFix.txt
2011-12-22 09:58 - 2011-12-22 09:58 - 0018664 ____A C:\Windows\System32\hs_err_pid2644.log
2011-12-22 09:53 - 2009-07-13 21:34 - 0000215 ____A C:\Windows\system.ini
2011-12-22 09:51 - 2010-08-30 07:04 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2011-12-22 09:49 - 2009-08-25 04:00 - 0500086 ____A C:\Windows\PFRO.log
2011-12-22 07:10 - 2011-12-22 07:10 - 0018639 ____A C:\Windows\System32\hs_err_pid3732.log
2011-12-21 21:51 - 2011-12-21 21:51 - 4347226 ____R (Swearware) C:\Users\dabradfords\Desktop\ComboFix.exe
2011-12-21 21:42 - 2009-12-19 19:51 - 0000000 ____D C:\Users\dabradfords\Incomplete
2011-12-21 18:52 - 2010-07-02 17:03 - 0031232 ____A C:\Users\dabradfords\Documents\danielle's bills.xlr
2011-12-21 18:39 - 2011-12-21 18:39 - 0018646 ____A C:\Windows\System32\hs_err_pid2584.log
2011-12-21 13:41 - 2011-12-21 13:41 - 0000510 ____A C:\Users\dabradfords\Desktop\bootkit.txt
2011-12-21 13:39 - 2011-12-21 13:39 - 0063027 ____A C:\Windows\SysWOW64\bootkit_remover_debug_log.txt
2011-12-21 13:38 - 2011-12-21 13:37 - 0000000 ____D C:\Users\dabradfords\Desktop\bootkit_remover(1)
2011-12-21 13:36 - 2011-12-21 13:36 - 0044607 ____A C:\Users\dabradfords\Desktop\bootkit_remover(1).zip
2011-12-20 21:21 - 2009-12-19 19:51 - 0000000 ____D C:\Users\dabradfords\Shared
2011-12-20 21:18 - 2011-12-20 20:17 - 0001106 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2011-12-20 21:18 - 2011-12-20 20:17 - 0000000 ____D C:\Program Files (x86)\World of Warcraft
2011-12-20 20:32 - 2011-12-20 20:17 - 0000000 ____D C:\Users\All Users\Blizzard Entertainment
2011-12-20 20:32 - 2011-12-20 20:17 - 0000000 ____D C:\ProgramData\Blizzard Entertainment
2011-12-20 20:16 - 2011-12-20 20:14 - 32157120 ____A C:\Users\dabradfords\Downloads\WOW-4.0.0.12911-enUS-Trial.exe
2011-12-20 12:22 - 2011-12-20 12:22 - 0010752 ____A C:\Users\dabradfords\Documents\MAINTENANCE DECEMBER 2011.xlr
2011-12-20 08:59 - 2011-12-20 08:59 - 1577264 ____A (Kaspersky Lab ZAO) C:\Users\dabradfords\Desktop\tdsskiller.exe
2011-12-19 17:03 - 2011-12-19 17:03 - 0018624 ____A C:\Windows\System32\hs_err_pid2560.log
2011-12-19 15:00 - 2011-12-19 15:00 - 0018624 ____A C:\Windows\System32\hs_err_pid1796.log
2011-12-19 06:04 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\rescache
2011-12-18 15:00 - 2011-12-18 15:00 - 0018741 ____A C:\Windows\System32\hs_err_pid3036.log
2011-12-17 20:01 - 2009-07-13 22:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2011-12-17 18:43 - 2011-12-17 18:43 - 0302592 ____A C:\Users\dabradfords\Desktop\9oi5xgex.exe
2011-12-17 18:35 - 2011-12-17 18:33 - 0001042 ____A C:\Users\dabradfords\Desktop\aswMBR - Shortcut.lnk
2011-12-17 18:33 - 2011-12-17 18:33 - 1916416 ____A (AVAST Software) C:\Users\dabradfords\Desktop\aswMBR.exe
2011-12-17 18:23 - 2010-11-01 19:04 - 0059278 ____A C:\JavaRa.log
2011-12-17 18:22 - 2011-12-17 18:22 - 0000000 ____D C:\Users\dabradfords\Downloads\JavaRa
2011-12-17 18:20 - 2011-12-17 18:20 - 0160350 ____A C:\Users\dabradfords\Downloads\JavaRa.zip
2011-12-17 18:14 - 2011-12-17 18:12 - 0004865 ____A C:\Windows\SysWOW64\jupdate-1.6.0_30-b12.log
2011-12-17 18:14 - 2009-08-09 04:27 - 0000000 ____D C:\Program Files (x86)\Java
2011-12-17 18:12 - 2011-12-17 18:12 - 0018653 ____A C:\Windows\System32\hs_err_pid1236.log
2011-12-17 18:09 - 2011-12-17 18:09 - 0910112 ____A (Sun Microsystems, Inc.) C:\Users\dabradfords\Downloads\jxpiinstall.exe
2011-12-17 15:52 - 2011-12-17 15:52 - 0018614 ____A C:\Windows\System32\hs_err_pid3916.log
2011-12-17 15:33 - 2009-07-13 23:45 - 0355792 ____A C:\Windows\System32\FNTCACHE.DAT
2011-12-17 15:30 - 2009-07-13 22:20 - 0000000 ____D C:\Program Files\Common Files\System
2011-12-17 15:27 - 2009-08-09 02:05 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-12-17 15:26 - 2010-01-18 20:25 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-12-17 15:26 - 2010-01-18 20:25 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-12-17 15:23 - 2011-12-17 15:23 - 0000129 ____A C:\Windows\System32\MRT.INI
2011-12-17 15:16 - 2009-07-14 00:13 - 0746568 ____A C:\Windows\System32\PerfStringBackup.INI
2011-12-17 14:50 - 2011-12-17 14:50 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2011-12-17 11:39 - 2011-12-17 11:39 - 0018634 ____A C:\Windows\System32\hs_err_pid3008.log
2011-12-16 08:33 - 2011-12-16 08:33 - 0018638 ____A C:\Windows\System32\hs_err_pid2524.log
2011-12-16 06:48 - 2011-12-02 16:53 - 0002340 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2011-12-15 22:31 - 2010-10-30 13:23 - 0000000 ____D C:\Users\dabradfords\Desktop\music uttilities
2011-12-15 22:17 - 2011-12-15 22:17 - 0018632 ____A C:\Windows\System32\hs_err_pid2532.log
2011-12-15 22:13 - 2011-12-15 22:13 - 0013389 ____A C:\Users\dabradfords\Desktop\OTL - Shortcut.lnk
2011-12-15 14:27 - 2011-12-15 14:27 - 0018618 ____A C:\Windows\System32\hs_err_pid3624.log
2011-12-14 22:04 - 2011-12-14 22:04 - 0018608 ____A C:\Windows\System32\hs_err_pid3560.log
2011-12-14 11:41 - 2011-12-14 11:41 - 0018629 ____A C:\Windows\System32\hs_err_pid3716.log
2011-12-13 23:54 - 2009-11-30 10:48 - 0000174 ___SH C:\Users\danielle\Start Menu\Programs\Startup\desktop.ini
2011-12-13 23:54 - 2009-11-30 10:48 - 0000174 ___SH C:\Users\danielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-12-13 23:27 - 2011-12-13 23:27 - 0018617 ____A C:\Windows\System32\hs_err_pid1724.log
2011-12-13 23:18 - 2011-12-13 23:18 - 0208710 ____A C:\Users\dabradfords\Downloads\Attachments.zip
2011-12-11 21:03 - 2009-07-13 22:20 - 0000000 ___RD C:\users\Public
2011-12-11 21:03 - 2009-07-13 22:20 - 0000000 ___RD C:\users\Default
2011-12-11 20:46 - 2011-12-11 17:51 - 0000000 ____D C:\Windows\ERDNT
2011-12-11 19:31 - 2009-11-27 22:35 - 0000000 ____D C:\users\dabradfords
2011-12-11 17:41 - 2010-07-22 21:11 - 0000000 ____D C:\Users\dabradfords\Tracing
2011-12-11 17:40 - 2010-08-14 11:38 - 0083968 __ASH C:\Users\dabradfords\Desktop\Thumbs.db
2011-12-11 17:19 - 2011-12-11 17:19 - 0018630 ____A C:\Windows\System32\hs_err_pid3720.log
2011-12-11 17:16 - 2011-12-11 17:15 - 0000000 ____D C:\Users\dabradfords\Downloads\bootkit_remover
2011-12-11 17:14 - 2011-12-11 17:14 - 0044607 ____A C:\Users\dabradfords\Downloads\bootkit_remover.zip
2011-12-11 17:07 - 2011-12-11 17:07 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{37740387-D7C1-446F-B052-2ACB48A57E5A}
2011-12-11 17:03 - 2010-05-09 08:24 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2011-12-11 17:03 - 2009-08-09 02:16 - 0000000 ____D C:\Users\All Users\Norton
2011-12-11 17:03 - 2009-08-09 02:16 - 0000000 ____D C:\ProgramData\Norton
2011-12-11 17:02 - 2009-08-09 03:01 - 0000000 ____D C:\Users\All Users\Symantec
2011-12-11 17:02 - 2009-08-09 03:01 - 0000000 ____D C:\ProgramData\Symantec
2011-12-11 17:01 - 2011-12-11 17:01 - 0920384 ____A C:\Users\dabradfords\Downloads\Norton_Removal_Tool.exe
2011-12-11 16:25 - 2011-12-11 16:25 - 0607260 ____R (Swearware) C:\Users\dabradfords\Downloads\dds.scr
2011-12-11 14:45 - 2011-12-11 14:45 - 1916416 ____A (AVAST Software) C:\Users\dabradfords\Downloads\aswMBR(1).exe
2011-12-11 12:54 - 2011-12-11 12:56 - 0302592 ____A C:\Users\dabradfords\Downloads\2qqjbw2h.exe
2011-12-11 10:16 - 2011-12-11 10:16 - 0001883 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2011-12-11 10:15 - 2011-12-11 10:15 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2011-12-11 10:14 - 2011-12-11 10:14 - 0000000 ____D C:\Users\All Users\AVAST Software
2011-12-11 10:14 - 2011-12-11 10:14 - 0000000 ____D C:\ProgramData\AVAST Software
2011-12-11 10:14 - 2011-12-11 10:14 - 0000000 ____D C:\Program Files\AVAST Software
2011-12-11 10:12 - 2011-12-11 10:09 - 64207032 ____A C:\Users\dabradfords\Downloads\setup_av_free_cnet.exe
2011-12-07 22:37 - 2009-07-14 00:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2011-12-07 12:26 - 2009-12-02 15:09 - 54867776 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-12-04 19:22 - 2011-12-04 19:22 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{3D389015-ABB0-4634-BB73-906DEDBF8812}
2011-12-04 19:22 - 2011-12-04 19:21 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{AF256379-D586-43FA-A487-32A5185DE43F}
2011-12-02 17:29 - 2010-09-04 12:32 - 0913830 ____A C:\Windows\ntbtlog.txt
2011-12-02 16:37 - 2011-12-02 16:37 - 0684297 ____A C:\Users\dabradfords\Downloads\unhide.exe
2011-12-02 15:16 - 2011-12-02 15:15 - 9851496 ____A (Malwarebytes Corporation ) C:\Users\dabradfords\Downloads\mbam-setup(1).exe
2011-12-02 15:16 - 2010-10-21 13:06 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-02 15:12 - 2011-12-02 15:11 - 9851496 ____A (Malwarebytes Corporation ) C:\Users\dabradfords\Downloads\mbam-setup.exe
2011-12-02 15:03 - 2011-12-02 15:01 - 0000361 ____A C:\rkill.log
2011-12-02 14:57 - 2011-12-02 14:57 - 1008114 ____A C:\Users\dabradfords\Downloads\iExplore.exe
2011-12-02 14:50 - 2011-12-02 14:50 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{DE72F813-B8F7-4A5B-BA82-4711F0AEDF1E}
2011-12-02 14:50 - 2011-12-02 14:49 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{165C573C-A68A-4C06-AA61-B879965688A1}
2011-12-02 11:08 - 2011-12-02 11:07 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{2DD4E063-FB2E-45E3-8251-EDFB50C291D5}
2011-12-02 11:03 - 2011-12-02 11:03 - 0000000 ____D C:\Users\dabradfords\AppData\Local\Symantec
2011-12-02 10:50 - 2011-12-02 10:49 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{5D290B53-9CF1-46D3-B787-BF72649AF35E}
2011-12-02 10:49 - 2011-12-02 10:49 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{BCA716E9-61EC-461D-81E0-A3AB57A7E915}
2011-11-28 22:21 - 2011-10-05 16:22 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-11-28 19:13 - 2010-08-29 14:31 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-11-28 13:01 - 2011-12-11 10:15 - 0256960 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2011-11-28 13:01 - 2011-12-11 10:14 - 0199816 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2011-11-28 13:01 - 2011-12-11 10:14 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2011-11-28 12:54 - 2011-12-11 10:16 - 0591192 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2011-11-28 12:53 - 2011-12-11 10:16 - 0304472 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2011-11-28 12:52 - 2011-12-11 10:16 - 0058712 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2011-11-28 12:52 - 2011-12-11 10:16 - 0042328 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2011-11-28 12:52 - 2011-12-11 10:15 - 0066904 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2011-11-28 12:51 - 2011-12-11 10:16 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2011-11-23 23:52 - 2011-12-13 22:35 - 3145216 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-22 21:26 - 2011-11-22 21:26 - 0010752 ____A C:\Users\dabradfords\Documents\maintenance novembert 2011.xlr
2011-11-21 04:48 - 2011-11-21 04:48 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{4157291D-194A-4A1A-BEAB-6D22D8F1858C}
2011-11-19 10:17 - 2011-11-19 10:17 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{5F1B4C64-EAA8-49A6-8771-DD5B6EA78E84}
2011-11-19 10:17 - 2011-11-19 10:17 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{21C3585E-6064-4A85-BEA0-7FC9B6EFB53F}
2011-11-19 06:35 - 2011-12-02 16:53 - 0002212 ____A C:\Users\Public\Desktop\Google Earth.lnk
2011-11-19 06:35 - 2009-12-25 17:22 - 0000000 ____D C:\Program Files (x86)\Google
2011-11-14 15:35 - 2011-11-14 15:35 - 0016896 ____A C:\Users\dabradfords\Documents\animal farm critique.wps
2011-11-13 10:54 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\Help
2011-11-13 10:53 - 2011-12-02 16:53 - 0002179 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2011-11-13 10:53 - 2009-08-09 02:00 - 0000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2011-11-13 10:53 - 2009-08-09 01:58 - 0000000 ____D C:\Program Files (x86)\Hewlett-Packard
2011-11-13 10:51 - 2011-11-13 10:51 - 0000000 ____D C:\Users\All Users\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2011-11-13 10:51 - 2011-11-13 10:51 - 0000000 ____D C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2011-11-13 10:50 - 2009-07-16 18:15 - 0000000 ____D C:\SwSetup
2011-11-11 23:42 - 2011-11-11 23:42 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{6D455D85-2FA8-42DD-A94D-2EDD26C74BE5}
2011-11-10 05:54 - 2011-12-17 18:14 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2011-11-10 05:54 - 2011-12-17 18:14 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2011-11-10 05:54 - 2011-12-17 18:14 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2011-11-10 05:54 - 2010-11-01 18:54 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2011-11-05 00:32 - 2011-12-13 22:35 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-11-04 23:26 - 2011-12-13 22:35 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2011-11-03 21:38 - 2011-12-17 15:04 - 17786368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-11-03 20:59 - 2011-12-17 15:04 - 10886656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-11-03 20:53 - 2011-12-17 15:04 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-11-03 20:46 - 2011-12-17 15:04 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-11-03 20:44 - 2011-12-17 15:04 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-11-03 20:44 - 2011-12-17 15:04 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-11-03 20:43 - 2011-12-17 15:04 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-11-03 20:41 - 2011-12-17 15:04 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-11-03 20:39 - 2011-12-17 15:04 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-11-03 20:36 - 2011-12-17 15:05 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-11-03 20:35 - 2011-12-17 15:05 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-11-03 20:34 - 2011-12-17 15:05 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-11-03 20:30 - 2011-12-17 15:04 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-11-03 18:02 - 2011-12-17 15:04 - 12279808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-11-03 17:47 - 2011-12-17 15:04 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-11-03 17:46 - 2011-12-17 15:04 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-11-03 17:40 - 2011-12-17 15:04 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-11-03 17:40 - 2011-12-17 15:04 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-11-03 17:39 - 2011-12-17 15:04 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-11-03 17:38 - 2011-12-17 15:04 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-11-03 17:37 - 2011-12-17 15:04 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-11-03 17:34 - 2011-12-17 15:04 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-11-03 17:32 - 2011-12-17 15:05 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-11-03 17:32 - 2011-12-17 15:04 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-11-03 17:31 - 2011-12-17 15:05 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-11-03 17:28 - 2011-12-17 15:04 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-10-26 17:58 - 2011-03-26 10:25 - 0026624 ____A C:\Users\dabradfords\Documents\jordan's bills.xlr
2011-10-26 00:21 - 2011-12-13 22:35 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-10-24 15:23 - 2011-10-24 15:23 - 0016896 ____A C:\Users\dabradfords\Documents\pol critique.wps
2011-10-19 12:12 - 2009-12-01 21:50 - 0000000 ____D C:\Users\dabradfords\AppData\Roaming\iWin
2011-10-19 12:11 - 2009-08-09 02:42 - 0000000 ____D C:\Users\All Users\WildTangent
2011-10-19 12:11 - 2009-08-09 02:42 - 0000000 ____D C:\ProgramData\WildTangent
2011-10-19 08:12 - 2011-10-19 08:12 - 0010752 ____A C:\Users\dabradfords\Documents\maintenance october 2011.xlr
2011-10-19 07:19 - 2011-10-19 07:19 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{EDAB5161-5101-4432-B448-9BBF46EAE10E}
2011-10-19 07:17 - 2010-05-09 08:23 - 0000000 ____D C:\Windows\System32\Drivers\N360x64
2011-10-16 08:51 - 2011-10-16 08:51 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{DEC5EE2D-69EC-429E-BF60-1995998CA9D5}
2011-10-16 08:51 - 2011-10-16 08:51 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{A19597A1-4189-4371-B614-F6843B8057CA}
2011-10-16 08:49 - 2011-12-11 18:19 - 0002377 ____A C:\Users\Public\Desktop\Norton 360.lnk
2011-10-15 01:31 - 2011-12-13 22:35 - 0723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2011-10-15 00:38 - 2011-12-13 22:35 - 0534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2011-10-05 16:22 - 2011-10-05 16:22 - 0000000 ____D C:\Windows\System32\Macromed

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 56%
Total physical RAM: 3999.19 MB
Available physical RAM: 1725.2 MB
Total Pagefile: 7996.57 MB
Available Pagefile: 5431.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:219.97 GB) (Free:117.69 GB) NTFS ==>[Drive with boot components]
2 Drive d: (RECOVERY) (Fixed) (Total:12.72 GB) (Free:2.13 GB) NTFS ==>[Drive with boot components]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B

Partitions of Disk 0:

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 219 GB 200 MB
Partition 3 Primary 12 GB 220 GB
Partition 4 Primary 1200 KB 232 GB

Disk: 0
Partition 4
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

==========================================================

Last Boot: 2011-12-21 19:51

======================= End Of Log ==========================

broni · 2011/12/29

It looks like we have a case of the newest TDL rootkit.

I'm allowed to post only up to 8 images in one post so I'll post my instructions in two replies.
Wait for both of them.

==================================================================

WARNING!
Proceed with extreme caution!
Deleting wrong partition will result with your computer being unusable.
If you have any doubts, ask.

===========================================================================================

Download gparted-live-0.10.0-3.iso (115.1 MB)

Burn it to a CD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
Boot off of the newly created Gparted CD.

You should be here:

Press Enter.

By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER:

Choose your language and press ENTER. English is default [33]:

Once again, at this prompt, press ENTER:

You will now be taken to the main GUI screen below:

According to your logs, the partition that you want to delete is the small partition of 1200KB (1.2MB).
Click on it to highlight it.
Click the trash can icon to delete and then click Apply.

broni · 2011/12/29

You should now be here confirming your actions:

Now you should be here:

Is "boot" next to your OS drive?

If "boot" is NOT next to your OS drive under "Flags ", right-mouse click the OS drive while in Gparted and select Manage Flags.

In the menu that pops up, place a checkmark in boot like the picture below:

Now double-click the button.

You should receive a small pop up like this:

Choose reboot and then press OK.

Post new Farbar Scan Tool log.

jabdude84 · 2012/01/02

gparted-live-0.11.0-2.iso (119.4 MB)
this is the file the link took me to, it had a slightly different title I just want to make sure thats ok before i proceed

broni · 2012/01/02

It's fine.

jabdude84 · 2012/01/02

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.0
Ran by dabradfords at 2012-01-02 13:54:59
Running from C:\Users\dabradfords\Desktop
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

========================== Registry (Whitelisted) =============

HKU\danielle\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1668664 2009-07-15] (Hewlett-Packard)
HKU\danielle\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-08-16] (Hewlett-Packard Company)
HKU\danielle\...\Policies\system: [WallpaperStyle] 2
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit]
HKLM\...\Winlogon: [Shell]
HKLM-x32\...\Winlogon: [Shell] [x x] ()

==================== Services (Whitelisted) ======

========================== Drivers (Whitelisted) =============

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-01-01 20:10 - 2012-01-01 20:10 - 0000000 ____D C:\Users\danielle\AppData\Local\Apple
2011-12-30 13:23 - 2011-12-30 13:23 - 0068608 ____A C:\Users\Public\Documents\19792079
2011-12-28 20:23 - 2011-12-28 20:23 - 0000000 ____D C:\Users\danielle\AppData\Local\Google
2011-12-28 19:17 - 2011-12-28 19:17 - 0018641 ____A C:\Windows\System32\hs_err_pid3484.log
2011-12-28 16:36 - 2011-12-28 16:36 - 0018743 ____A C:\Windows\System32\hs_err_pid2108.log
2011-12-28 16:08 - 2012-01-02 13:55 - 0000000 ____D C:\FRST
2011-12-28 16:04 - 2011-12-28 16:04 - 1377585 ____A C:\Users\dabradfords\Desktop\FRST64.exe
2011-12-28 07:12 - 2011-12-28 07:12 - 0018632 ____A C:\Windows\System32\hs_err_pid3464.log
2011-12-22 10:18 - 2011-12-28 16:03 - 0000000 __SHD C:\$RECYCLE.BIN
2011-12-22 10:17 - 2011-12-22 10:17 - 0203339 ____A C:\Users\dabradfords\Desktop\combolog.txt
2011-12-22 10:16 - 2011-12-22 10:16 - 0203339 ____A C:\ComboFix.txt
2011-12-22 09:58 - 2011-12-22 09:58 - 0018664 ____A C:\Windows\System32\hs_err_pid2644.log
2011-12-22 07:10 - 2011-12-22 07:10 - 0018639 ____A C:\Windows\System32\hs_err_pid3732.log
2011-12-21 21:58 - 2011-12-22 10:17 - 0000000 ____D C:\ComboFix
2011-12-21 21:51 - 2011-12-21 21:51 - 4347226 ____R (Swearware) C:\Users\dabradfords\Desktop\ComboFix.exe
2011-12-21 18:39 - 2011-12-21 18:39 - 0018646 ____A C:\Windows\System32\hs_err_pid2584.log
2011-12-21 13:41 - 2011-12-21 13:41 - 0000510 ____A C:\Users\dabradfords\Desktop\bootkit.txt
2011-12-21 13:39 - 2011-12-21 13:39 - 0063027 ____A C:\Windows\SysWOW64\bootkit_remover_debug_log.txt
2011-12-21 13:37 - 2011-12-21 13:38 - 0000000 ____D C:\Users\dabradfords\Desktop\bootkit_remover(1)
2011-12-21 13:36 - 2011-12-21 13:36 - 0044607 ____A C:\Users\dabradfords\Desktop\bootkit_remover(1).zip
2011-12-20 20:17 - 2011-12-20 21:18 - 0001106 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2011-12-20 20:17 - 2011-12-20 21:18 - 0000000 ____D C:\Program Files (x86)\World of Warcraft
2011-12-20 20:17 - 2011-12-20 20:32 - 0000000 ____D C:\Users\All Users\Blizzard Entertainment
2011-12-20 20:17 - 2011-12-20 20:32 - 0000000 ____D C:\ProgramData\Blizzard Entertainment
2011-12-20 20:14 - 2011-12-20 20:16 - 32157120 ____A C:\Users\dabradfords\Downloads\WOW-4.0.0.12911-enUS-Trial.exe
2011-12-20 12:22 - 2011-12-20 12:22 - 0010752 ____A C:\Users\dabradfords\Documents\MAINTENANCE DECEMBER 2011.xlr
2011-12-20 08:59 - 2011-12-20 08:59 - 1577264 ____A (Kaspersky Lab ZAO) C:\Users\dabradfords\Desktop\tdsskiller.exe
2011-12-19 17:03 - 2011-12-19 17:03 - 0018624 ____A C:\Windows\System32\hs_err_pid2560.log
2011-12-19 15:00 - 2011-12-19 15:00 - 0018624 ____A C:\Windows\System32\hs_err_pid1796.log
2011-12-18 15:00 - 2011-12-18 15:00 - 0018741 ____A C:\Windows\System32\hs_err_pid3036.log
2011-12-17 18:43 - 2011-12-17 18:43 - 0302592 ____A C:\Users\dabradfords\Desktop\9oi5xgex.exe
2011-12-17 18:33 - 2011-12-17 18:35 - 0001042 ____A C:\Users\dabradfords\Desktop\aswMBR - Shortcut.lnk
2011-12-17 18:33 - 2011-12-17 18:33 - 1916416 ____A (AVAST Software) C:\Users\dabradfords\Desktop\aswMBR.exe
2011-12-17 18:22 - 2011-12-17 18:22 - 0000000 ____D C:\Users\dabradfords\Downloads\JavaRa
2011-12-17 18:20 - 2011-12-17 18:20 - 0160350 ____A C:\Users\dabradfords\Downloads\JavaRa.zip
2011-12-17 18:14 - 2011-11-10 05:54 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2011-12-17 18:14 - 2011-11-10 05:54 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2011-12-17 18:14 - 2011-11-10 05:54 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2011-12-17 18:12 - 2011-12-17 18:14 - 0004865 ____A C:\Windows\SysWOW64\jupdate-1.6.0_30-b12.log
2011-12-17 18:12 - 2011-12-17 18:12 - 0018653 ____A C:\Windows\System32\hs_err_pid1236.log
2011-12-17 18:09 - 2011-12-17 18:09 - 0910112 ____A (Sun Microsystems, Inc.) C:\Users\dabradfords\Downloads\jxpiinstall.exe
2011-12-17 15:52 - 2011-12-17 15:52 - 0018614 ____A C:\Windows\System32\hs_err_pid3916.log
2011-12-17 15:23 - 2011-12-17 15:23 - 0000129 ____A C:\Windows\System32\MRT.INI
2011-12-17 15:05 - 2011-11-03 20:36 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-12-17 15:05 - 2011-11-03 20:35 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-12-17 15:05 - 2011-11-03 20:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-12-17 15:05 - 2011-11-03 17:32 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-12-17 15:05 - 2011-11-03 17:31 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-12-17 15:04 - 2011-11-03 21:38 - 17786368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-12-17 15:04 - 2011-11-03 20:59 - 10886656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-12-17 15:04 - 2011-11-03 20:53 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-12-17 15:04 - 2011-11-03 20:46 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-12-17 15:04 - 2011-11-03 20:44 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-12-17 15:04 - 2011-11-03 20:44 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-12-17 15:04 - 2011-11-03 20:43 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-12-17 15:04 - 2011-11-03 20:41 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-12-17 15:04 - 2011-11-03 20:39 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-12-17 15:04 - 2011-11-03 20:30 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-12-17 15:04 - 2011-11-03 18:02 - 12279808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-12-17 15:04 - 2011-11-03 17:47 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-12-17 15:04 - 2011-11-03 17:46 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-12-17 15:04 - 2011-11-03 17:40 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-12-17 15:04 - 2011-11-03 17:40 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-12-17 15:04 - 2011-11-03 17:39 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-12-17 15:04 - 2011-11-03 17:38 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-12-17 15:04 - 2011-11-03 17:37 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-12-17 15:04 - 2011-11-03 17:34 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-12-17 15:04 - 2011-11-03 17:32 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-12-17 15:04 - 2011-11-03 17:28 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-12-17 14:50 - 2011-12-17 14:50 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2011-12-17 11:39 - 2011-12-17 11:39 - 0018634 ____A C:\Windows\System32\hs_err_pid3008.log
2011-12-16 08:33 - 2011-12-16 08:33 - 0018638 ____A C:\Windows\System32\hs_err_pid2524.log
2011-12-15 22:17 - 2011-12-15 22:17 - 0018632 ____A C:\Windows\System32\hs_err_pid2532.log
2011-12-15 22:13 - 2011-12-15 22:13 - 0013389 ____A C:\Users\dabradfords\Desktop\OTL - Shortcut.lnk
2011-12-15 14:27 - 2011-12-15 14:27 - 0018618 ____A C:\Windows\System32\hs_err_pid3624.log
2011-12-14 22:04 - 2011-12-14 22:04 - 0018608 ____A C:\Windows\System32\hs_err_pid3560.log
2011-12-14 11:41 - 2011-12-14 11:41 - 0018629 ____A C:\Windows\System32\hs_err_pid3716.log
2011-12-13 23:27 - 2011-12-13 23:27 - 0018617 ____A C:\Windows\System32\hs_err_pid1724.log
2011-12-13 23:18 - 2011-12-13 23:18 - 0208710 ____A C:\Users\dabradfords\Downloads\Attachments.zip
2011-12-13 22:35 - 2011-11-23 23:52 - 3145216 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-12-13 22:35 - 2011-11-05 00:32 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-12-13 22:35 - 2011-11-04 23:26 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2011-12-13 22:35 - 2011-10-26 00:21 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-12-13 22:35 - 2011-10-15 01:31 - 0723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2011-12-13 22:35 - 2011-10-15 00:38 - 0534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2011-12-11 18:19 - 2011-10-16 08:49 - 0002377 ____A C:\Users\Public\Desktop\Norton 360.lnk
2011-12-11 17:52 - 2011-06-26 01:45 - 0256000 ____A C:\Windows\PEV.exe
2011-12-11 17:52 - 2010-11-07 12:20 - 0208896 ____A C:\Windows\MBR.exe
2011-12-11 17:52 - 2009-04-19 23:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2011-12-11 17:52 - 2000-08-30 19:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2011-12-11 17:52 - 2000-08-30 19:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2011-12-11 17:52 - 2000-08-30 19:00 - 0098816 ____A C:\Windows\sed.exe
2011-12-11 17:52 - 2000-08-30 19:00 - 0080412 ____A C:\Windows\grep.exe
2011-12-11 17:52 - 2000-08-30 19:00 - 0068096 ____A C:\Windows\zip.exe
2011-12-11 17:51 - 2011-12-11 20:46 - 0000000 ____D C:\Windows\ERDNT
2011-12-11 17:49 - 2011-12-22 10:17 - 0000000 ____D C:\Qoobox
2011-12-11 17:19 - 2011-12-11 17:19 - 0018630 ____A C:\Windows\System32\hs_err_pid3720.log
2011-12-11 17:15 - 2011-12-11 17:16 - 0000000 ____D C:\Users\dabradfords\Downloads\bootkit_remover
2011-12-11 17:14 - 2011-12-11 17:14 - 0044607 ____A C:\Users\dabradfords\Downloads\bootkit_remover.zip
2011-12-11 17:07 - 2011-12-11 17:07 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{37740387-D7C1-446F-B052-2ACB48A57E5A}
2011-12-11 17:01 - 2011-12-11 17:01 - 0920384 ____A C:\Users\dabradfords\Downloads\Norton_Removal_Tool.exe
2011-12-11 16:25 - 2011-12-11 16:25 - 0607260 ____R (Swearware) C:\Users\dabradfords\Downloads\dds.scr
2011-12-11 14:45 - 2011-12-11 14:45 - 1916416 ____A (AVAST Software) C:\Users\dabradfords\Downloads\aswMBR(1).exe
2011-12-11 12:56 - 2011-12-11 12:54 - 0302592 ____A C:\Users\dabradfords\Downloads\2qqjbw2h.exe
2011-12-11 10:16 - 2011-12-11 10:16 - 0001883 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2011-12-11 10:16 - 2011-11-28 12:54 - 0591192 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2011-12-11 10:16 - 2011-11-28 12:53 - 0304472 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2011-12-11 10:16 - 2011-11-28 12:52 - 0058712 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2011-12-11 10:16 - 2011-11-28 12:52 - 0042328 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2011-12-11 10:16 - 2011-11-28 12:51 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2011-12-11 10:15 - 2011-12-11 10:15 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2011-12-11 10:15 - 2011-11-28 13:01 - 0256960 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2011-12-11 10:15 - 2011-11-28 12:52 - 0066904 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2011-12-11 10:14 - 2011-12-11 10:14 - 0000000 ____D C:\Users\All Users\AVAST Software
2011-12-11 10:14 - 2011-12-11 10:14 - 0000000 ____D C:\ProgramData\AVAST Software
2011-12-11 10:14 - 2011-12-11 10:14 - 0000000 ____D C:\Program Files\AVAST Software
2011-12-11 10:14 - 2011-11-28 13:01 - 0199816 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2011-12-11 10:14 - 2011-11-28 13:01 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2011-12-11 10:09 - 2011-12-11 10:12 - 64207032 ____A C:\Users\dabradfords\Downloads\setup_av_free_cnet.exe
2011-12-04 19:22 - 2011-12-04 19:22 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{3D389015-ABB0-4634-BB73-906DEDBF8812}
2011-12-04 19:21 - 2011-12-04 19:22 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{AF256379-D586-43FA-A487-32A5185DE43F}

============ 3 Months Modified Files and Folders =============

2012-01-02 13:55 - 2011-12-28 16:08 - 0000000 ____D C:\FRST
2012-01-02 13:54 - 2009-11-27 22:44 - 0000372 ____A C:\Users\All Users\HPWALog.txt
2012-01-02 13:54 - 2009-11-27 22:44 - 0000372 ____A C:\ProgramData\HPWALog.txt
2012-01-02 13:53 - 2009-12-25 17:23 - 0000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-01-02 13:52 - 2009-08-25 03:34 - 3145089024 __ASH C:\hiberfil.sys
2012-01-02 13:52 - 2009-07-14 00:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-01-02 13:52 - 2009-07-13 23:51 - 0069944 ____A C:\Windows\setupact.log
2012-01-02 13:45 - 2009-08-25 03:37 - 1299369 ____A C:\Windows\WindowsUpdate.log
2012-01-02 13:37 - 2012-01-02 13:26 - 119416832 ____A C:\Users\dabradfords\Desktop\gparted-live-0.11.0-2.iso
2012-01-02 13:33 - 2009-12-25 17:23 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-01-02 08:44 - 2009-07-13 23:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-01-02 08:44 - 2009-07-13 23:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-01-01 20:10 - 2012-01-01 20:10 - 0000000 ____D C:\Users\danielle\AppData\Local\Apple
2012-01-01 11:44 - 2009-11-29 21:02 - 0000052 ____A C:\Windows\SysWOW64\DOErrors.log
2011-12-30 13:23 - 2011-12-30 13:23 - 0068608 ____A C:\Users\Public\Documents\19792079
2011-12-28 20:23 - 2011-12-28 20:23 - 0000000 ____D C:\Users\danielle\AppData\Local\Google
2011-12-28 19:17 - 2011-12-28 19:17 - 0018641 ____A C:\Windows\System32\hs_err_pid3484.log
2011-12-28 16:36 - 2011-12-28 16:36 - 0018743 ____A C:\Windows\System32\hs_err_pid2108.log
2011-12-28 16:04 - 2011-12-28 16:04 - 1377585 ____A C:\Users\dabradfords\Desktop\FRST64.exe
2011-12-28 16:03 - 2011-12-22 10:18 - 0000000 __SHD C:\$RECYCLE.BIN
2011-12-28 07:12 - 2011-12-28 07:12 - 0018632 ____A C:\Windows\System32\hs_err_pid3464.log
2011-12-28 07:07 - 2011-07-24 09:50 - 0000356 ____A C:\Windows\Tasks\HPCeeScheduleFordabradfords.job
2011-12-22 10:20 - 2010-01-16 15:09 - 0005162 ____A C:\Users\dabradfords\AppData\Roaming\wklnhst.dat
2011-12-22 10:17 - 2011-12-22 10:17 - 0203339 ____A C:\Users\dabradfords\Desktop\combolog.txt
2011-12-22 10:17 - 2011-12-21 21:58 - 0000000 ____D C:\ComboFix
2011-12-22 10:17 - 2011-12-11 17:49 - 0000000 ____D C:\Qoobox
2011-12-22 10:16 - 2011-12-22 10:16 - 0203339 ____A C:\ComboFix.txt
2011-12-22 09:58 - 2011-12-22 09:58 - 0018664 ____A C:\Windows\System32\hs_err_pid2644.log
2011-12-22 09:53 - 2009-07-13 21:34 - 0000215 ____A C:\Windows\system.ini
2011-12-22 09:51 - 2010-08-30 07:04 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2011-12-22 09:49 - 2009-08-25 04:00 - 0500086 ____A C:\Windows\PFRO.log
2011-12-22 07:10 - 2011-12-22 07:10 - 0018639 ____A C:\Windows\System32\hs_err_pid3732.log
2011-12-21 21:51 - 2011-12-21 21:51 - 4347226 ____R (Swearware) C:\Users\dabradfords\Desktop\ComboFix.exe
2011-12-21 21:42 - 2009-12-19 19:51 - 0000000 ____D C:\Users\dabradfords\Incomplete
2011-12-21 18:52 - 2010-07-02 17:03 - 0031232 ____A C:\Users\dabradfords\Documents\danielle's bills.xlr
2011-12-21 18:39 - 2011-12-21 18:39 - 0018646 ____A C:\Windows\System32\hs_err_pid2584.log
2011-12-21 13:41 - 2011-12-21 13:41 - 0000510 ____A C:\Users\dabradfords\Desktop\bootkit.txt
2011-12-21 13:39 - 2011-12-21 13:39 - 0063027 ____A C:\Windows\SysWOW64\bootkit_remover_debug_log.txt
2011-12-21 13:38 - 2011-12-21 13:37 - 0000000 ____D C:\Users\dabradfords\Desktop\bootkit_remover(1)
2011-12-21 13:36 - 2011-12-21 13:36 - 0044607 ____A C:\Users\dabradfords\Desktop\bootkit_remover(1).zip
2011-12-20 21:21 - 2009-12-19 19:51 - 0000000 ____D C:\Users\dabradfords\Shared
2011-12-20 21:18 - 2011-12-20 20:17 - 0001106 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2011-12-20 21:18 - 2011-12-20 20:17 - 0000000 ____D C:\Program Files (x86)\World of Warcraft
2011-12-20 20:32 - 2011-12-20 20:17 - 0000000 ____D C:\Users\All Users\Blizzard Entertainment
2011-12-20 20:32 - 2011-12-20 20:17 - 0000000 ____D C:\ProgramData\Blizzard Entertainment
2011-12-20 20:16 - 2011-12-20 20:14 - 32157120 ____A C:\Users\dabradfords\Downloads\WOW-4.0.0.12911-enUS-Trial.exe
2011-12-20 12:22 - 2011-12-20 12:22 - 0010752 ____A C:\Users\dabradfords\Documents\MAINTENANCE DECEMBER 2011.xlr
2011-12-20 08:59 - 2011-12-20 08:59 - 1577264 ____A (Kaspersky Lab ZAO) C:\Users\dabradfords\Desktop\tdsskiller.exe
2011-12-19 17:03 - 2011-12-19 17:03 - 0018624 ____A C:\Windows\System32\hs_err_pid2560.log
2011-12-19 15:00 - 2011-12-19 15:00 - 0018624 ____A C:\Windows\System32\hs_err_pid1796.log
2011-12-19 06:04 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\rescache
2011-12-18 15:00 - 2011-12-18 15:00 - 0018741 ____A C:\Windows\System32\hs_err_pid3036.log
2011-12-17 20:01 - 2009-07-13 22:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2011-12-17 18:43 - 2011-12-17 18:43 - 0302592 ____A C:\Users\dabradfords\Desktop\9oi5xgex.exe
2011-12-17 18:35 - 2011-12-17 18:33 - 0001042 ____A C:\Users\dabradfords\Desktop\aswMBR - Shortcut.lnk
2011-12-17 18:33 - 2011-12-17 18:33 - 1916416 ____A (AVAST Software) C:\Users\dabradfords\Desktop\aswMBR.exe
2011-12-17 18:23 - 2010-11-01 19:04 - 0059278 ____A C:\JavaRa.log
2011-12-17 18:22 - 2011-12-17 18:22 - 0000000 ____D C:\Users\dabradfords\Downloads\JavaRa
2011-12-17 18:20 - 2011-12-17 18:20 - 0160350 ____A C:\Users\dabradfords\Downloads\JavaRa.zip
2011-12-17 18:14 - 2011-12-17 18:12 - 0004865 ____A C:\Windows\SysWOW64\jupdate-1.6.0_30-b12.log
2011-12-17 18:14 - 2009-08-09 04:27 - 0000000 ____D C:\Program Files (x86)\Java
2011-12-17 18:12 - 2011-12-17 18:12 - 0018653 ____A C:\Windows\System32\hs_err_pid1236.log
2011-12-17 18:09 - 2011-12-17 18:09 - 0910112 ____A (Sun Microsystems, Inc.) C:\Users\dabradfords\Downloads\jxpiinstall.exe
2011-12-17 15:52 - 2011-12-17 15:52 - 0018614 ____A C:\Windows\System32\hs_err_pid3916.log
2011-12-17 15:33 - 2009-07-13 23:45 - 0355792 ____A C:\Windows\System32\FNTCACHE.DAT
2011-12-17 15:30 - 2009-07-13 22:20 - 0000000 ____D C:\Program Files\Common Files\System
2011-12-17 15:27 - 2009-08-09 02:05 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-12-17 15:26 - 2010-01-18 20:25 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-12-17 15:26 - 2010-01-18 20:25 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-12-17 15:23 - 2011-12-17 15:23 - 0000129 ____A C:\Windows\System32\MRT.INI
2011-12-17 15:16 - 2009-07-14 00:13 - 0746568 ____A C:\Windows\System32\PerfStringBackup.INI
2011-12-17 14:50 - 2011-12-17 14:50 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2011-12-17 11:39 - 2011-12-17 11:39 - 0018634 ____A C:\Windows\System32\hs_err_pid3008.log
2011-12-16 08:33 - 2011-12-16 08:33 - 0018638 ____A C:\Windows\System32\hs_err_pid2524.log
2011-12-16 06:48 - 2011-12-02 16:53 - 0002340 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2011-12-15 22:31 - 2010-10-30 13:23 - 0000000 ____D C:\Users\dabradfords\Desktop\music uttilities
2011-12-15 22:17 - 2011-12-15 22:17 - 0018632 ____A C:\Windows\System32\hs_err_pid2532.log
2011-12-15 22:13 - 2011-12-15 22:13 - 0013389 ____A C:\Users\dabradfords\Desktop\OTL - Shortcut.lnk
2011-12-15 14:27 - 2011-12-15 14:27 - 0018618 ____A C:\Windows\System32\hs_err_pid3624.log
2011-12-14 22:04 - 2011-12-14 22:04 - 0018608 ____A C:\Windows\System32\hs_err_pid3560.log
2011-12-14 11:41 - 2011-12-14 11:41 - 0018629 ____A C:\Windows\System32\hs_err_pid3716.log
2011-12-13 23:54 - 2009-11-30 10:48 - 0000174 ___SH C:\Users\danielle\Start Menu\Programs\Startup\desktop.ini
2011-12-13 23:54 - 2009-11-30 10:48 - 0000174 ___SH C:\Users\danielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-12-13 23:27 - 2011-12-13 23:27 - 0018617 ____A C:\Windows\System32\hs_err_pid1724.log
2011-12-13 23:18 - 2011-12-13 23:18 - 0208710 ____A C:\Users\dabradfords\Downloads\Attachments.zip
2011-12-11 21:03 - 2009-07-13 22:20 - 0000000 ___RD C:\users\Public
2011-12-11 21:03 - 2009-07-13 22:20 - 0000000 ___RD C:\users\Default
2011-12-11 20:46 - 2011-12-11 17:51 - 0000000 ____D C:\Windows\ERDNT
2011-12-11 19:31 - 2009-11-27 22:35 - 0000000 ____D C:\users\dabradfords
2011-12-11 17:41 - 2010-07-22 21:11 - 0000000 ____D C:\Users\dabradfords\Tracing
2011-12-11 17:40 - 2010-08-14 11:38 - 0083968 __ASH C:\Users\dabradfords\Desktop\Thumbs.db
2011-12-11 17:19 - 2011-12-11 17:19 - 0018630 ____A C:\Windows\System32\hs_err_pid3720.log
2011-12-11 17:16 - 2011-12-11 17:15 - 0000000 ____D C:\Users\dabradfords\Downloads\bootkit_remover
2011-12-11 17:14 - 2011-12-11 17:14 - 0044607 ____A C:\Users\dabradfords\Downloads\bootkit_remover.zip
2011-12-11 17:07 - 2011-12-11 17:07 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{37740387-D7C1-446F-B052-2ACB48A57E5A}
2011-12-11 17:03 - 2010-05-09 08:24 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2011-12-11 17:03 - 2009-08-09 02:16 - 0000000 ____D C:\Users\All Users\Norton
2011-12-11 17:03 - 2009-08-09 02:16 - 0000000 ____D C:\ProgramData\Norton
2011-12-11 17:02 - 2009-08-09 03:01 - 0000000 ____D C:\Users\All Users\Symantec
2011-12-11 17:02 - 2009-08-09 03:01 - 0000000 ____D C:\ProgramData\Symantec
2011-12-11 17:01 - 2011-12-11 17:01 - 0920384 ____A C:\Users\dabradfords\Downloads\Norton_Removal_Tool.exe
2011-12-11 16:25 - 2011-12-11 16:25 - 0607260 ____R (Swearware) C:\Users\dabradfords\Downloads\dds.scr
2011-12-11 14:45 - 2011-12-11 14:45 - 1916416 ____A (AVAST Software) C:\Users\dabradfords\Downloads\aswMBR(1).exe
2011-12-11 12:54 - 2011-12-11 12:56 - 0302592 ____A C:\Users\dabradfords\Downloads\2qqjbw2h.exe
2011-12-11 10:16 - 2011-12-11 10:16 - 0001883 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2011-12-11 10:15 - 2011-12-11 10:15 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2011-12-11 10:14 - 2011-12-11 10:14 - 0000000 ____D C:\Users\All Users\AVAST Software
2011-12-11 10:14 - 2011-12-11 10:14 - 0000000 ____D C:\ProgramData\AVAST Software
2011-12-11 10:14 - 2011-12-11 10:14 - 0000000 ____D C:\Program Files\AVAST Software
2011-12-11 10:12 - 2011-12-11 10:09 - 64207032 ____A C:\Users\dabradfords\Downloads\setup_av_free_cnet.exe
2011-12-07 22:37 - 2009-07-14 00:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2011-12-07 12:26 - 2009-12-02 15:09 - 54867776 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-12-04 19:22 - 2011-12-04 19:22 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{3D389015-ABB0-4634-BB73-906DEDBF8812}
2011-12-04 19:22 - 2011-12-04 19:21 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{AF256379-D586-43FA-A487-32A5185DE43F}
2011-12-02 17:29 - 2010-09-04 12:32 - 0913830 ____A C:\Windows\ntbtlog.txt
2011-12-02 16:37 - 2011-12-02 16:37 - 0684297 ____A C:\Users\dabradfords\Downloads\unhide.exe
2011-12-02 15:16 - 2011-12-02 15:15 - 9851496 ____A (Malwarebytes Corporation ) C:\Users\dabradfords\Downloads\mbam-setup(1).exe
2011-12-02 15:16 - 2010-10-21 13:06 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-02 15:12 - 2011-12-02 15:11 - 9851496 ____A (Malwarebytes Corporation ) C:\Users\dabradfords\Downloads\mbam-setup.exe
2011-12-02 15:03 - 2011-12-02 15:01 - 0000361 ____A C:\rkill.log
2011-12-02 14:57 - 2011-12-02 14:57 - 1008114 ____A C:\Users\dabradfords\Downloads\iExplore.exe
2011-12-02 14:50 - 2011-12-02 14:50 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{DE72F813-B8F7-4A5B-BA82-4711F0AEDF1E}
2011-12-02 14:50 - 2011-12-02 14:49 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{165C573C-A68A-4C06-AA61-B879965688A1}
2011-12-02 11:08 - 2011-12-02 11:07 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{2DD4E063-FB2E-45E3-8251-EDFB50C291D5}
2011-12-02 11:03 - 2011-12-02 11:03 - 0000000 ____D C:\Users\dabradfords\AppData\Local\Symantec
2011-12-02 10:50 - 2011-12-02 10:49 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{5D290B53-9CF1-46D3-B787-BF72649AF35E}
2011-12-02 10:49 - 2011-12-02 10:49 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{BCA716E9-61EC-461D-81E0-A3AB57A7E915}
2011-11-28 22:21 - 2011-10-05 16:22 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-11-28 19:13 - 2010-08-29 14:31 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-11-28 13:01 - 2011-12-11 10:15 - 0256960 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2011-11-28 13:01 - 2011-12-11 10:14 - 0199816 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2011-11-28 13:01 - 2011-12-11 10:14 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2011-11-28 12:54 - 2011-12-11 10:16 - 0591192 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2011-11-28 12:53 - 2011-12-11 10:16 - 0304472 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2011-11-28 12:52 - 2011-12-11 10:16 - 0058712 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2011-11-28 12:52 - 2011-12-11 10:16 - 0042328 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2011-11-28 12:52 - 2011-12-11 10:15 - 0066904 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2011-11-28 12:51 - 2011-12-11 10:16 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2011-11-23 23:52 - 2011-12-13 22:35 - 3145216 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-22 21:26 - 2011-11-22 21:26 - 0010752 ____A C:\Users\dabradfords\Documents\maintenance novembert 2011.xlr
2011-11-21 04:48 - 2011-11-21 04:48 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{4157291D-194A-4A1A-BEAB-6D22D8F1858C}
2011-11-19 10:17 - 2011-11-19 10:17 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{5F1B4C64-EAA8-49A6-8771-DD5B6EA78E84}
2011-11-19 10:17 - 2011-11-19 10:17 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{21C3585E-6064-4A85-BEA0-7FC9B6EFB53F}
2011-11-19 06:35 - 2011-12-02 16:53 - 0002212 ____A C:\Users\Public\Desktop\Google Earth.lnk
2011-11-19 06:35 - 2009-12-25 17:22 - 0000000 ____D C:\Program Files (x86)\Google
2011-11-14 15:35 - 2011-11-14 15:35 - 0016896 ____A C:\Users\dabradfords\Documents\animal farm critique.wps
2011-11-13 10:54 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\Help
2011-11-13 10:53 - 2011-12-02 16:53 - 0002179 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2011-11-13 10:53 - 2009-08-09 02:00 - 0000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2011-11-13 10:53 - 2009-08-09 01:58 - 0000000 ____D C:\Program Files (x86)\Hewlett-Packard
2011-11-13 10:51 - 2011-11-13 10:51 - 0000000 ____D C:\Users\All Users\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2011-11-13 10:51 - 2011-11-13 10:51 - 0000000 ____D C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2011-11-13 10:50 - 2009-07-16 18:15 - 0000000 ____D C:\SwSetup
2011-11-11 23:42 - 2011-11-11 23:42 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{6D455D85-2FA8-42DD-A94D-2EDD26C74BE5}
2011-11-10 05:54 - 2011-12-17 18:14 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2011-11-10 05:54 - 2011-12-17 18:14 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2011-11-10 05:54 - 2011-12-17 18:14 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2011-11-10 05:54 - 2010-11-01 18:54 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2011-11-05 00:32 - 2011-12-13 22:35 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-11-04 23:26 - 2011-12-13 22:35 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2011-11-03 21:38 - 2011-12-17 15:04 - 17786368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-11-03 20:59 - 2011-12-17 15:04 - 10886656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-11-03 20:53 - 2011-12-17 15:04 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-11-03 20:46 - 2011-12-17 15:04 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-11-03 20:44 - 2011-12-17 15:04 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-11-03 20:44 - 2011-12-17 15:04 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-11-03 20:43 - 2011-12-17 15:04 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-11-03 20:41 - 2011-12-17 15:04 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-11-03 20:39 - 2011-12-17 15:04 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-11-03 20:36 - 2011-12-17 15:05 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-11-03 20:35 - 2011-12-17 15:05 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-11-03 20:34 - 2011-12-17 15:05 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-11-03 20:30 - 2011-12-17 15:04 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-11-03 18:02 - 2011-12-17 15:04 - 12279808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-11-03 17:47 - 2011-12-17 15:04 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-11-03 17:46 - 2011-12-17 15:04 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-11-03 17:40 - 2011-12-17 15:04 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-11-03 17:40 - 2011-12-17 15:04 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-11-03 17:39 - 2011-12-17 15:04 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-11-03 17:38 - 2011-12-17 15:04 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-11-03 17:37 - 2011-12-17 15:04 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-11-03 17:34 - 2011-12-17 15:04 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-11-03 17:32 - 2011-12-17 15:05 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-11-03 17:32 - 2011-12-17 15:04 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-11-03 17:31 - 2011-12-17 15:05 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-11-03 17:28 - 2011-12-17 15:04 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-10-26 17:58 - 2011-03-26 10:25 - 0026624 ____A C:\Users\dabradfords\Documents\jordan's bills.xlr
2011-10-26 00:21 - 2011-12-13 22:35 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-10-24 15:23 - 2011-10-24 15:23 - 0016896 ____A C:\Users\dabradfords\Documents\pol critique.wps
2011-10-19 12:12 - 2009-12-01 21:50 - 0000000 ____D C:\Users\dabradfords\AppData\Roaming\iWin
2011-10-19 12:11 - 2009-08-09 02:42 - 0000000 ____D C:\Users\All Users\WildTangent
2011-10-19 12:11 - 2009-08-09 02:42 - 0000000 ____D C:\ProgramData\WildTangent
2011-10-19 08:12 - 2011-10-19 08:12 - 0010752 ____A C:\Users\dabradfords\Documents\maintenance october 2011.xlr
2011-10-19 07:19 - 2011-10-19 07:19 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{EDAB5161-5101-4432-B448-9BBF46EAE10E}
2011-10-19 07:17 - 2010-05-09 08:23 - 0000000 ____D C:\Windows\System32\Drivers\N360x64
2011-10-16 08:51 - 2011-10-16 08:51 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{DEC5EE2D-69EC-429E-BF60-1995998CA9D5}
2011-10-16 08:51 - 2011-10-16 08:51 - 0000000 ____D C:\Users\dabradfords\AppData\Local\{A19597A1-4189-4371-B614-F6843B8057CA}
2011-10-16 08:49 - 2011-12-11 18:19 - 0002377 ____A C:\Users\Public\Desktop\Norton 360.lnk
2011-10-15 01:31 - 2011-12-13 22:35 - 0723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2011-10-15 00:38 - 2011-12-13 22:35 - 0534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2011-10-05 16:22 - 2011-10-05 16:22 - 0000000 ____D C:\Windows\System32\Macromed

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 36%
Total physical RAM: 3999.19 MB
Available physical RAM: 2541.69 MB
Total Pagefile: 7996.57 MB
Available Pagefile: 6371.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:219.97 GB) (Free:116.57 GB) NTFS ==>[Drive with boot components]
2 Drive d: (RECOVERY) (Fixed) (Total:12.72 GB) (Free:2.13 GB) NTFS ==>[Drive with boot components]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B

Partitions of Disk 0:

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 219 GB 200 MB
Partition 3 Primary 12 GB 220 GB

Disk: 0
Partition 1
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM NTFS Partition 199 MB Healthy System

==========================================================

Last Boot: 2012-01-02 12:29

======================= End Of Log ==========================

broni · 2012/01/02

Well done

How is redirection?

jabdude84 · 2012/01/02

everything seems to be back to normal

broni · 2012/01/02

Great news

Let me see where we're at.....

broni · 2012/01/02

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

broni · 2012/01/06

Still with me?

jabdude84 · 2012/01/07

yea lol, sorry work has been crazy I should be able to run those scans this weekend

broni · 2012/01/07

Ok................

broni · 2012/01/11

...and?

Log in or Sign up

Inactive windows 7 64 bit google redirect virus

broni Moderator Malware Analyst

jabdude84 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

jabdude84 Inactive Thread Starter

broni Moderator Malware Analyst

jabdude84 Inactive Thread Starter

broni Moderator Malware Analyst

jabdude84 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

broni Moderator Malware Analyst

jabdude84 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive windows 7 64 bit google redirect virus

broni Moderator Malware Analyst

jabdude84 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

jabdude84 Inactive Thread Starter

broni Moderator Malware Analyst

jabdude84 Inactive Thread Starter

broni Moderator Malware Analyst

jabdude84 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

broni Moderator Malware Analyst

jabdude84 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Useful Searches