Reply to thread

Message: <blockquote data-quote="PaulosDeKathos" data-source="post: 120237" data-attributes="member: 8106">Successfully ran the scan and here is the copy and pasted notepad file!Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-05-2013 01Ran by SYSTEM on 12-05-2013 07:59:09Running from F:\Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)Internet Explorer Version 9Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)HKLM\...\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h [24688 2010-01-30] (MyWebSearch.com)HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-05] (Apple Inc.)HKLM\...\Run: []  [x]HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1398440 2011-12-14] (Ask)HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)HKLM\...\Run: [PC Medkit] "C:\Program Files\PC Medkit\PC Medkit.lnk" --start-trayed  [833 2011-09-10] ()HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)HKLM\...\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [x]HKLM\...\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" /command:faststart [2193000 2011-10-21] (Nokia)HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)HKLM\...\Winlogon: [Userinit] C:\Windows\system32\ezShellStart.exe [115656 2009-07-03] (EasyBits Software AS)HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccessHKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [ 2008-12-01] (Hewlett-Packard)HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [ 2008-12-01] (Hewlett-Packard)HKU\PaulosDeKathos.Ruth-PC.001\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [ 2008-12-01] (Hewlett-Packard)HKU\PaulosDeKathos.Ruth-PC.001\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]HKU\PaulosMusic\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [ 2008-12-01] (Hewlett-Packard)HKU\PaulosMusic\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]HKU\Ruth\...\Run: [fsm]  [x]HKU\Ruth\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [ 2009-01-26] (Safer Networking Limited)HKU\Ruth\...\Run: [DriverScanner] "C:\Program Files\Uniblue\DriverScanner\launcher.exe" delay 20000  [ 2012-03-02] (Uniblue Systems Limited)HKU\Ruth\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-20] (Microsoft Corporation)HKU\Ruth\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [ 2013-02-28] (Skype Technologies S.A.)HKU\Ruth\...\Run: [TrafficTravisv4] C:\Users\Ruth\AppData\Roaming\Traffic Travis v4\TrafficTravisV4.exe [ 2013-02-06] ()HKU\Ruth\...\Policies\system: [DisableLockWorkstation] 0HKU\Ruth\...\Policies\system: [DisableChangePassword] 0HKU\Ruth\...\Winlogon: [Shell] cmd.exe [ 2008-01-20] (Microsoft Corporation)Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnkShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)Startup: C:\ProgramData\Start Menu\Programs\Startup\OnlyWire.LNKShortcutTarget: OnlyWire.LNK -> C:\Program Files\OnlyWire\OnlyWireWindows.exe ()Startup: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnkShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()========================== Services (Whitelisted) =================S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2550224 2013-01-16] ()S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-05-09] (SurfRight B.V.)S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard)S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)S2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [185632 2009-07-14] (Ralink Technology, Corp.)S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)S3 ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [632832 2011-03-21] (Nokia)S3 StumbleUponUpdateService; C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe [103336 2011-04-14] (stumbleupon.com)S2 WajamUpdater; C:\Program Files\Wajam\Updater\WajamUpdater.exe [109064 2012-10-05] (Wajam)S2 IBUpdaterService; "C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE [x]S3 msiserver; %systemroot%\system32\msiexec /V [x]S4 MyWebSearchService; ==================== Drivers (Whitelisted) ====================S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-06-11] (Avanquest Software)S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30464 2013-05-09] ()S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [735232 2009-08-03] (Ralink Technology Corp.)S1 RapportCerberus_34302; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [228208 2011-12-15] ()S1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [71480 2012-07-07] (Trusteer Ltd.)S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys [21520 2012-05-28] (Trusteer Ltd.)S1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [166840 2012-07-07] (Trusteer Ltd.)S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1966312 2007-04-10] (Microsoft Corporation)S3 BELKIN; system32\DRIVERS\BLKWGU.sys [x]S3 IpInIp; system32\DRIVERS\ipinip.sys [x]S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [x]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-05-12 07:58 - 2013-05-12 07:58 - 00000000 ____D C:\FRST2013-05-09 08:33 - 2013-05-09 08:33 - 00030464 ____A C:\Windows\System32\Drivers\hitmanpro37.sys2013-05-09 08:33 - 2013-05-09 08:33 - 00001698 ____A C:\Users\Public\Desktop\HitmanPro.lnk2013-05-09 08:33 - 2013-05-09 08:33 - 00001698 ____A C:\ProgramData\Desktop\HitmanPro.lnk2013-05-09 08:33 - 2013-05-09 08:33 - 00000000 ____D C:\Program Files\HitmanPro2013-05-09 08:32 - 2013-05-09 09:13 - 00000000 ____D C:\ProgramData\HitmanPro2013-05-09 08:32 - 2013-05-09 09:13 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro2013-05-08 18:39 - 2013-05-08 18:39 - 00116797 ____A C:\Users\Ruth\Local Settings\Application Data\2433f4332013-05-08 18:39 - 2013-05-08 18:39 - 00116797 ____A C:\Users\Ruth\Local Settings\2433f4332013-05-08 18:39 - 2013-05-08 18:39 - 00116797 ____A C:\Users\Ruth\AppData\Local\2433f4332013-05-08 18:39 - 2013-05-08 18:39 - 00116797 ____A C:\ProgramData\Application Data\2433f4332013-05-08 18:39 - 2013-05-08 18:39 - 00116797 ____A C:\ProgramData\2433f4332013-05-08 18:39 - 2013-05-08 18:39 - 00116784 ____A C:\Users\Ruth\Application Data\2433f4332013-05-08 18:39 - 2013-05-08 18:39 - 00116784 ____A C:\Users\Ruth\AppData\Roaming\2433f4332013-05-08 18:39 - 2013-05-08 18:39 - 00034304 ____A C:\Users\Ruth\My Documents\b73c318.dll2013-05-08 18:39 - 2013-05-08 18:39 - 00034304 ____A C:\Users\Ruth\Documents\b73c318.dll2013-05-08 18:38 - 2013-05-08 18:38 - 00034304 ____A C:\Users\Ruth\My Documents\b73c318.exe2013-05-08 18:38 - 2013-05-08 18:38 - 00034304 ____A C:\Users\Ruth\Documents\b73c318.exe2013-05-06 22:12 - 2013-05-06 22:12 - 00000000 ____D C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ???2013-05-06 22:12 - 2013-05-06 22:12 - 00000000 ____D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???2013-05-06 12:40 - 2013-05-06 12:40 - 00000000 ____D C:\ProgramData\Application Data\?,?,-1533-40C5-AD09-953C574F14BCÄ,?,2013-05-06 12:40 - 2013-05-06 12:40 - 00000000 ____D C:\ProgramData\?,?,-1533-40C5-AD09-953C574F14BCÄ,?,2013-05-04 00:57 - 2013-05-04 00:57 - 00002144 ____A C:\Users\Ruth\Desktop\Lumbago.txt2013-05-02 23:17 - 2013-05-02 23:17 - 00002231 ____A C:\Users\Ruth\Desktop\Upper Back Pain.txt2013-05-02 02:54 - 2013-05-02 02:55 - 44921959 ____A C:\Users\Ruth\Desktop\Theme+Package+2+Themes.zip2013-05-02 02:54 - 2013-05-02 02:54 - 00972408 ____A C:\Users\Ruth\Desktop\WPVideoTubePlugin.zip2013-05-02 02:54 - 2013-05-02 02:54 - 00828395 ____A C:\Users\Ruth\Desktop\KeywordTreasury.zip2013-05-01 06:12 - 2013-05-01 06:13 - 17988944 ____A (Adobe Systems Inc.) C:\Users\Ruth\Desktop\AdobeAIRInstaller.exe2013-05-01 06:08 - 2013-05-01 06:08 - 00127254 ____A C:\Users\Ruth\Desktop\AntJudgeandJurySoftware.zip2013-04-30 22:43 - 2013-04-30 22:43 - 00000000 ____D C:\ProgramData\Application Data\?é?é-1533-40C5-AD09-953C574F14BCÄé?é2013-04-30 22:43 - 2013-04-30 22:43 - 00000000 ____D C:\ProgramData\?é?é-1533-40C5-AD09-953C574F14BCÄé?é2013-04-28 22:44 - 2013-04-28 22:44 - 00000000 ____D C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ???2013-04-28 22:44 - 2013-04-28 22:44 - 00000000 ____D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???2013-04-28 09:32 - 2013-04-28 09:32 - 00004696 ____A C:\Users\Ruth\Desktop\tapping for high self-esteem.txt2013-04-25 13:34 - 2013-04-25 13:34 - 00000000 ____D C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ???2013-04-25 13:34 - 2013-04-25 13:34 - 00000000 ____D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???2013-04-23 04:30 - 2013-04-23 04:30 - 00011383 ____A C:\Users\Ruth\Desktop\action steps for amazon reviews.htm2013-04-23 02:05 - 2013-04-23 02:05 - 00000000 ____D C:\Users\Ruth\Desktop\browndog1_360992-12013-04-23 02:03 - 2013-04-23 02:03 - 00000000 ____D C:\Users\Ruth\Desktop\browndog1_3609922013-04-22 23:20 - 2013-04-22 23:20 - 00000000 ____D C:\ProgramData\Application Data\?i?i-1533-40C5-AD09-953C574F14BCÄi?i2013-04-22 23:20 - 2013-04-22 23:20 - 00000000 ____D C:\ProgramData\?i?i-1533-40C5-AD09-953C574F14BCÄi?i2013-04-20 22:40 - 2013-04-20 22:40 - 00000000 ____D C:\ProgramData\Application Data\?Z?Z-1533-40C5-AD09-953C574F14BCÄZ?Z2013-04-20 22:40 - 2013-04-20 22:40 - 00000000 ____D C:\ProgramData\?Z?Z-1533-40C5-AD09-953C574F14BCÄZ?Z2013-04-20 14:37 - 2013-04-20 14:37 - 00000000 ____D C:\ProgramData\Application Data\?e?e-1533-40C5-AD09-953C574F14BCÄe?e2013-04-20 14:37 - 2013-04-20 14:37 - 00000000 ____D C:\ProgramData\?e?e-1533-40C5-AD09-953C574F14BCÄe?e2013-04-20 06:10 - 2013-04-20 06:10 - 00000000 ____D C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ???2013-04-20 06:10 - 2013-04-20 06:10 - 00000000 ____D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???2013-04-20 05:15 - 2013-04-20 05:15 - 00000000 ____D C:\ProgramData\Application Data\?u?u-1533-40C5-AD09-953C574F14BCÄu?u2013-04-20 05:15 - 2013-04-20 05:15 - 00000000 ____D C:\ProgramData\?u?u-1533-40C5-AD09-953C574F14BCÄu?u2013-04-19 23:29 - 2013-04-19 23:29 - 00000000 ____D C:\Program Files\Common Files\Skype2013-04-19 23:28 - 2013-04-19 23:28 - 00000000 ____D C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ???2013-04-19 23:28 - 2013-04-19 23:28 - 00000000 ____D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???2013-04-19 09:37 - 2013-04-19 09:37 - 00000000 ____D C:\ProgramData\Application Data\?u?u-1533-40C5-AD09-953C574F14BCÄu?u2013-04-19 09:37 - 2013-04-19 09:37 - 00000000 ____D C:\ProgramData\?u?u-1533-40C5-AD09-953C574F14BCÄu?u2013-04-16 08:26 - 2013-04-16 08:26 - 00997182 ____A C:\Users\Ruth\Desktop\intellitheme.zip2013-04-16 06:20 - 2013-04-16 06:20 - 00000000 ____D C:\ProgramData\Application Data\?è?è-1533-40C5-AD09-953C574F14BCÄè?è2013-04-16 06:20 - 2013-04-16 06:20 - 00000000 ____D C:\ProgramData\?è?è-1533-40C5-AD09-953C574F14BCÄè?è2013-04-16 02:53 - 2013-04-16 02:53 - 00000000 ____D C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ???2013-04-16 02:53 - 2013-04-16 02:53 - 00000000 ____D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???2013-04-15 23:02 - 2013-04-15 23:02 - 00000000 ____D C:\ProgramData\Application Data\?U?U-1533-40C5-AD09-953C574F14BCÄU?U2013-04-15 23:02 - 2013-04-15 23:02 - 00000000 ____D C:\ProgramData\?U?U-1533-40C5-AD09-953C574F14BCÄU?U2013-04-15 11:02 - 2013-04-15 11:03 - 12542284 ____A C:\Users\Ruth\Desktop\WriteLikeaManiac-WSO.zip2013-04-15 02:49 - 2013-04-15 02:49 - 00000000 ____D C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ???2013-04-15 02:49 - 2013-04-15 02:49 - 00000000 ____D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???==================== One Month Modified Files and Folders ========2013-05-12 07:58 - 2013-05-12 07:58 - 00000000 ____D C:\FRST2013-05-11 22:31 - 2012-08-09 10:15 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2013-05-11 22:16 - 2006-11-02 04:47 - 00004016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02013-05-11 22:16 - 2006-11-02 04:47 - 00004016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02013-05-11 22:09 - 2010-02-11 10:40 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-05-11 18:59 - 2010-04-20 10:11 - 00000322 ____A C:\Windows\Tasks\PC Medkit.job2013-05-11 17:05 - 2009-04-01 02:10 - 01958940 ____A C:\Windows\WindowsUpdate.log2013-05-11 11:09 - 2010-02-11 10:40 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-05-11 10:36 - 2013-03-04 13:01 - 00000000 ____A C:\END2013-05-09 19:13 - 2012-09-23 09:33 - 00000000 ____D C:\Users\Ruth\Application Data\Traffic Travis v42013-05-09 19:13 - 2012-09-23 09:33 - 00000000 ____D C:\Users\Ruth\AppData\Roaming\Traffic Travis v42013-05-09 19:13 - 2010-11-20 12:03 - 00000000 ____D C:\users\PaulosDeKathos.Ruth-PC.0012013-05-09 19:13 - 2010-01-30 10:27 - 00000000 ____D C:\Program Files\MyWebSearch2013-05-09 19:13 - 2009-06-11 11:01 - 00000000 ____D C:\users\Ruth2013-05-09 19:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool2013-05-09 19:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\Msdtc2013-05-09 19:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\registration2013-05-09 19:13 - 2006-11-02 02:22 - 58458112 ____A C:\Windows\System32\config\software_previous2013-05-09 19:13 - 2006-11-02 02:22 - 42467328 ____A C:\Windows\System32\config\system_previous2013-05-09 19:06 - 2006-11-02 02:22 - 38797312 ____A C:\Windows\System32\config\components_previous2013-05-09 19:06 - 2006-11-02 02:22 - 00524288 ____A C:\Windows\System32\config\default_previous2013-05-09 19:06 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous2013-05-09 19:06 - 2006-11-02 02:22 - 00053248 ____A C:\Windows\System32\config\sam_previous2013-05-09 10:16 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-05-09 09:45 - 2009-06-12 00:14 - 00008376 ____A C:\Users\Ruth\Local Settings\d3d9caps.dat2013-05-09 09:45 - 2009-06-12 00:14 - 00008376 ____A C:\Users\Ruth\Local Settings\Application Data\d3d9caps.dat2013-05-09 09:45 - 2009-06-12 00:14 - 00008376 ____A C:\Users\Ruth\AppData\Local\d3d9caps.dat2013-05-09 09:13 - 2013-05-09 08:32 - 00000000 ____D C:\ProgramData\HitmanPro2013-05-09 09:13 - 2013-05-09 08:32 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro2013-05-09 08:33 - 2013-05-09 08:33 - 00030464 ____A C:\Windows\System32\Drivers\hitmanpro37.sys2013-05-09 08:33 - 2013-05-09 08:33 - 00001698 ____A C:\Users\Public\Desktop\HitmanPro.lnk2013-05-09 08:33 - 2013-05-09 08:33 - 00001698 ____A C:\ProgramData\Desktop\HitmanPro.lnk2013-05-09 08:33 - 2013-05-09 08:33 - 00000000 ____D C:\Program Files\HitmanPro2013-05-09 08:32 - 2006-11-02 04:52 - 00165174 ____A C:\Windows\setupact.log2013-05-09 03:11 - 2012-09-30 09:10 - 00000326 ____A C:\Windows\Tasks\DriverScanner.job2013-05-08 18:39 - 2013-05-08 18:39 - 00116797 ____A C:\Users\Ruth\Local Settings\Application Data\2433f4332013-05-08 18:39 - 2013-05-08 18:39 - 00116797 ____A C:\Users\Ruth\Local Settings\2433f4332013-05-08 18:39 - 2013-05-08 18:39 - 00116797 ____A C:\Users\Ruth\AppData\Local\2433f4332013-05-08 18:39 - 2013-05-08 18:39 - 00116797 ____A C:\ProgramData\Application Data\2433f4332013-05-08 18:39 - 2013-05-08 18:39 - 00116797 ____A C:\ProgramData\2433f4332013-05-08 18:39 - 2013-05-08 18:39 - 00116784 ____A C:\Users\Ruth\Application Data\2433f4332013-05-08 18:39 - 2013-05-08 18:39 - 00116784 ____A C:\Users\Ruth\AppData\Roaming\2433f4332013-05-08 18:39 - 2013-05-08 18:39 - 00034304 ____A C:\Users\Ruth\My Documents\b73c318.dll2013-05-08 18:39 - 2013-05-08 18:39 - 00034304 ____A C:\Users\Ruth\Documents\b73c318.dll2013-05-08 18:38 - 2013-05-08 18:38 - 00034304 ____A C:\Users\Ruth\My Documents\b73c318.exe2013-05-08 18:38 - 2013-05-08 18:38 - 00034304 ____A C:\Users\Ruth\Documents\b73c318.exe2013-05-08 18:38 - 2011-06-28 03:45 - 00000000 ____D C:\Program Files\OnlyWire2013-05-08 02:13 - 2010-02-06 12:46 - 00000000 ____D C:\Users\Ruth\Application Data\Skype2013-05-08 02:13 - 2010-02-06 12:46 - 00000000 ____D C:\Users\Ruth\AppData\Roaming\Skype2013-05-06 22:12 - 2013-05-06 22:12 - 00000000 ____D C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ???2013-05-06 22:12 - 2013-05-06 22:12 - 00000000 ____D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???2013-05-06 12:40 - 2013-05-06 12:40 - 00000000 ____D C:\ProgramData\Application Data\?,?,-1533-40C5-AD09-953C574F14BCÄ,?,2013-05-06 12:40 - 2013-05-06 12:40 - 00000000 ____D C:\ProgramData\?,?,-1533-40C5-AD09-953C574F14BCÄ,?,2013-05-06 12:34 - 2006-11-02 05:01 - 00032552 ____A C:\Windows\Tasks\SCHEDLGU.TXT2013-05-04 00:57 - 2013-05-04 00:57 - 00002144 ____A C:\Users\Ruth\Desktop\Lumbago.txt2013-05-02 23:17 - 2013-05-02 23:17 - 00002231 ____A C:\Users\Ruth\Desktop\Upper Back Pain.txt2013-05-02 07:28 - 2010-08-24 02:11 - 00238872 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe2013-05-02 02:55 - 2013-05-02 02:54 - 44921959 ____A C:\Users\Ruth\Desktop\Theme+Package+2+Themes.zip2013-05-02 02:54 - 2013-05-02 02:54 - 00972408 ____A C:\Users\Ruth\Desktop\WPVideoTubePlugin.zip2013-05-02 02:54 - 2013-05-02 02:54 - 00828395 ____A C:\Users\Ruth\Desktop\KeywordTreasury.zip2013-05-01 06:13 - 2013-05-01 06:12 - 17988944 ____A (Adobe Systems Inc.) C:\Users\Ruth\Desktop\AdobeAIRInstaller.exe2013-05-01 06:08 - 2013-05-01 06:08 - 00127254 ____A C:\Users\Ruth\Desktop\AntJudgeandJurySoftware.zip2013-04-30 22:43 - 2013-04-30 22:43 - 00000000 ____D C:\ProgramData\Application Data\?é?é-1533-40C5-AD09-953C574F14BCÄé?é2013-04-30 22:43 - 2013-04-30 22:43 - 00000000 ____D C:\ProgramData\?é?é-1533-40C5-AD09-953C574F14BCÄé?é2013-04-28 22:44 - 2013-04-28 22:44 - 00000000 ____D C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ???2013-04-28 22:44 - 2013-04-28 22:44 - 00000000 ____D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???2013-04-28 09:32 - 2013-04-28 09:32 - 00004696 ____A C:\Users\Ruth\Desktop\tapping for high self-esteem.txt2013-04-27 02:30 - 2009-06-12 00:14 - 00000456 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job2013-04-25 13:35 - 2009-06-11 11:08 - 00084336 ____A C:\Users\Ruth\Local Settings\GDIPFONTCACHEV1.DAT2013-04-25 13:35 - 2009-06-11 11:08 - 00084336 ____A C:\Users\Ruth\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2013-04-25 13:35 - 2009-06-11 11:08 - 00084336 ____A C:\Users\Ruth\AppData\Local\GDIPFONTCACHEV1.DAT2013-04-25 13:34 - 2013-04-25 13:34 - 00000000 ____D C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ???2013-04-25 13:34 - 2013-04-25 13:34 - 00000000 ____D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???2013-04-25 13:33 - 2006-11-02 04:47 - 00337816 ____A C:\Windows\System32\FNTCACHE.DAT2013-04-25 03:40 - 2009-06-26 07:24 - 00000000 ____D C:\ProgramData\Microsoft Help2013-04-25 03:40 - 2009-06-26 07:24 - 00000000 ____D C:\ProgramData\Application Data\Microsoft Help2013-04-25 03:36 - 2006-11-02 02:23 - 00000219 ____A C:\Windows\win.ini2013-04-25 02:54 - 2009-06-18 02:25 - 00000052 ____A C:\Windows\System32\DOErrors.log2013-04-23 04:30 - 2013-04-23 04:30 - 00011383 ____A C:\Users\Ruth\Desktop\action steps for amazon reviews.htm2013-04-23 02:05 - 2013-04-23 02:05 - 00000000 ____D C:\Users\Ruth\Desktop\browndog1_360992-12013-04-23 02:03 - 2013-04-23 02:03 - 00000000 ____D C:\Users\Ruth\Desktop\browndog1_3609922013-04-22 23:20 - 2013-04-22 23:20 - 00000000 ____D C:\ProgramData\Application Data\?i?i-1533-40C5-AD09-953C574F14BCÄi?i2013-04-22 23:20 - 2013-04-22 23:20 - 00000000 ____D C:\ProgramData\?i?i-1533-40C5-AD09-953C574F14BCÄi?i2013-04-22 02:14 - 2013-04-06 02:54 - 02324136 ____A C:\Users\Ruth\Downloads\w_E_20130215.epub2013-04-20 22:40 - 2013-04-20 22:40 - 00000000 ____D C:\ProgramData\Application Data\?Z?Z-1533-40C5-AD09-953C574F14BCÄZ?Z2013-04-20 22:40 - 2013-04-20 22:40 - 00000000 ____D C:\ProgramData\?Z?Z-1533-40C5-AD09-953C574F14BCÄZ?Z2013-04-20 14:37 - 2013-04-20 14:37 - 00000000 ____D C:\ProgramData\Application Data\?e?e-1533-40C5-AD09-953C574F14BCÄe?e2013-04-20 14:37 - 2013-04-20 14:37 - 00000000 ____D C:\ProgramData\?e?e-1533-40C5-AD09-953C574F14BCÄe?e2013-04-20 06:10 - 2013-04-20 06:10 - 00000000 ____D C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ???2013-04-20 06:10 - 2013-04-20 06:10 - 00000000 ____D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???2013-04-20 05:15 - 2013-04-20 05:15 - 00000000 ____D C:\ProgramData\Application Data\?u?u-1533-40C5-AD09-953C574F14BCÄu?u2013-04-20 05:15 - 2013-04-20 05:15 - 00000000 ____D C:\ProgramData\?u?u-1533-40C5-AD09-953C574F14BCÄu?u2013-04-19 23:29 - 2013-04-19 23:29 - 00000000 ____D C:\Program Files\Common Files\Skype2013-04-19 23:29 - 2010-02-06 12:45 - 00000000 ___RD C:\Program Files\Skype2013-04-19 23:29 - 2010-02-06 12:45 - 00000000 ____D C:\ProgramData\Skype2013-04-19 23:29 - 2010-02-06 12:45 - 00000000 ____D C:\ProgramData\Application Data\Skype2013-04-19 23:28 - 2013-04-19 23:28 - 00000000 ____D C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ???2013-04-19 23:28 - 2013-04-19 23:28 - 00000000 ____D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???2013-04-19 09:37 - 2013-04-19 09:37 - 00000000 ____D C:\ProgramData\Application Data\?u?u-1533-40C5-AD09-953C574F14BCÄu?u2013-04-19 09:37 - 2013-04-19 09:37 - 00000000 ____D C:\ProgramData\?u?u-1533-40C5-AD09-953C574F14BCÄu?u2013-04-16 08:26 - 2013-04-16 08:26 - 00997182 ____A C:\Users\Ruth\Desktop\intellitheme.zip2013-04-16 06:20 - 2013-04-16 06:20 - 00000000 ____D C:\ProgramData\Application Data\?è?è-1533-40C5-AD09-953C574F14BCÄè?è2013-04-16 06:20 - 2013-04-16 06:20 - 00000000 ____D C:\ProgramData\?è?è-1533-40C5-AD09-953C574F14BCÄè?è2013-04-16 02:53 - 2013-04-16 02:53 - 00000000 ____D C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ???2013-04-16 02:53 - 2013-04-16 02:53 - 00000000 ____D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???2013-04-15 23:02 - 2013-04-15 23:02 - 00000000 ____D C:\ProgramData\Application Data\?U?U-1533-40C5-AD09-953C574F14BCÄU?U2013-04-15 23:02 - 2013-04-15 23:02 - 00000000 ____D C:\ProgramData\?U?U-1533-40C5-AD09-953C574F14BCÄU?U2013-04-15 22:43 - 2012-04-25 02:54 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service2013-04-15 11:03 - 2013-04-15 11:02 - 12542284 ____A C:\Users\Ruth\Desktop\WriteLikeaManiac-WSO.zip2013-04-15 10:20 - 2009-06-12 04:26 - 00000000 ____D C:\Program Files\Mozilla Firefox2013-04-15 02:49 - 2013-04-15 02:49 - 00000000 ____D C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ???2013-04-15 02:49 - 2013-04-15 02:49 - 00000000 ____D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???ZeroAccess:C:\$Recycle.Bin\S-1-5-18\$9a2a97e93ea62d3fc48deaef9b507791C:\$Recycle.Bin\S-1-5-18\$9a2a97e93ea62d3fc48deaef9b507791\LC:\$Recycle.Bin\S-1-5-18\$9a2a97e93ea62d3fc48deaef9b507791\UZeroAccess:C:\$Recycle.Bin\S-1-5-21-3021958837-3772347930-3219022640-1000\$9a2a97e93ea62d3fc48deaef9b507791C:\$Recycle.Bin\S-1-5-21-3021958837-3772347930-3219022640-1000\$9a2a97e93ea62d3fc48deaef9b507791\LC:\$Recycle.Bin\S-1-5-21-3021958837-3772347930-3219022640-1000\$9a2a97e93ea62d3fc48deaef9b507791\UZeroAccess:C:\$Recycle.Bin\S-1-5-18\$9a2a97e93ea62d3fc48deaef9b507791Other Malware:===========C:\Users\Ruth\g2mdlhlpx.exeC:\Users\Ruth\Install-TARDIS.exeC:\Users\Ruth\Installer-BOTC.exe==================== Known DLLs (Whitelisted) ================================ Bamital & volsnap Check =================C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points  =========================Restore point made on: 2013-02-11 03:01:00Restore point made on: 2013-02-11 07:28:46Restore point made on: 2013-02-13 04:42:24Restore point made on: 2013-02-14 03:49:36Restore point made on: 2013-02-17 12:20:46Restore point made on: 2013-02-21 01:13:34Restore point made on: 2013-02-22 04:15:36Restore point made on: 2013-02-24 04:24:09Restore point made on: 2013-02-28 00:01:54Restore point made on: 2013-03-03 02:34:00Restore point made on: 2013-03-06 07:43:20Restore point made on: 2013-03-10 23:50:47Restore point made on: 2013-03-13 19:00:49Restore point made on: 2013-03-17 06:25:27Restore point made on: 2013-03-20 03:37:43Restore point made on: 2013-03-20 23:47:18Restore point made on: 2013-03-24 23:36:05Restore point made on: 2013-03-27 10:34:50Restore point made on: 2013-03-28 03:37:32Restore point made on: 2013-03-31 10:34:58Restore point made on: 2013-04-03 01:55:56Restore point made on: 2013-04-03 22:45:16Restore point made on: 2013-04-05 08:00:17Restore point made on: 2013-04-07 23:04:11Restore point made on: 2013-04-10 23:04:04Restore point made on: 2013-04-15 02:56:40Restore point made on: 2013-04-19 09:46:23Restore point made on: 2013-04-22 23:25:47Restore point made on: 2013-04-24 18:00:46Restore point made on: 2013-04-28 13:45:21Restore point made on: 2013-05-01 22:55:31Restore point made on: 2013-05-06 01:26:19Restore point made on: 2013-05-09 03:23:06Restore point made on: 2013-05-09 08:45:37Restore point made on: 2013-05-09 10:28:10==================== Memory info =========================== Percentage of memory in use: 22%Total physical RAM: 2814.5 MBAvailable physical RAM: 2182.18 MBTotal Pagefile: 2502.07 MBAvailable Pagefile: 2296.42 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1948.29 MB==================== Drives ================================Drive c: (COMPAQ) (Fixed) (Total:584.74 GB) (Free:358.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.43 GB) (Free:1.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]Drive f: (HITMANPRO) (Removable) (Total:7.53 GB) (Free:7.53 GB) FAT32Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 596 GB) (Disk ID: 1549F232)Partition 1: (Active) - (Size=585 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS)========================================================Disk: 1 (Size: 8 GB) (Disk ID: 5136BF11)Partition 1: (Active) - (Size=8 GB) - (Type=0B)Last Boot: 2013-05-11 10:54==================== End Of Log ============================thanks</blockquote>

Verification

Top