Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Menu
Install the app
Install
Reply to thread
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
UKASH (Cheshire Police) virus help needed
Message
<blockquote data-quote="nukeboy" data-source="post: 108236" data-attributes="member: 6288"><p>Latest FRST scan:</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2013</p><p>Ran by The Harris PC at 02-03-2013 09:33:28</p><p>Running from E:\</p><p> Service Pack 1 (X64) OS Language: English(US) </p><p>Attention: Could not load system hive.</p><p>ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-03-02 09:28 - 2013-03-02 09:28 - 00001827 ____A C:\Users\The Harris PC\Desktop\RKreport[2]_D_03022013_02d0928.txt</p><p>2013-03-02 09:27 - 2013-03-02 09:27 - 00002110 ____A C:\Users\The Harris PC\Desktop\RKreport[1]_S_03022013_02d0927.txt</p><p>2013-03-02 09:25 - 2013-03-02 09:27 - 00000000 ____D C:\Users\The Harris PC\Desktop\RK_Quarantine</p><p>2013-03-02 09:25 - 2013-03-02 09:15 - 00816640 ____A C:\Users\The Harris PC\Desktop\RogueKiller.exe</p><p>2013-03-02 09:07 - 2013-03-02 09:07 - 00002592 ____A C:\AdwCleaner[S1].txt</p><p>2013-03-02 09:06 - 2013-03-02 09:07 - 00002500 ____A C:\AdwCleaner[R1].txt</p><p>2013-03-02 09:05 - 2013-03-02 09:02 - 00594019 ____A C:\Users\The Harris PC\Desktop\AdwCleaner.exe</p><p>2013-03-01 18:12 - 2013-03-01 18:12 - 00000000 ____D C:\_OTL</p><p>2013-03-01 17:10 - 2013-03-01 18:02 - 00000000 ____D C:\TDSSKiller_Quarantine</p><p>2013-03-01 17:05 - 2013-03-01 17:02 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\The Harris PC\Desktop\tdsskiller.exe</p><p>2013-03-01 03:46 - 2013-03-02 09:33 - 00000000 ____D C:\FRST</p><p>2013-02-28 21:48 - 2013-02-28 21:48 - 00044756 ____A C:\Users\The Harris PC\Desktop\Extras.Txt</p><p>2013-02-28 21:47 - 2013-02-28 21:47 - 00096366 ____A C:\Users\The Harris PC\Desktop\OTL.Txt</p><p>2013-02-28 21:32 - 2013-02-28 21:30 - 00602112 ____A (OldTimer Tools) C:\Users\The Harris PC\Desktop\OTL.exe</p><p>2013-02-27 21:15 - 2013-02-27 21:15 - 00000000 ____D C:\Windows\pss</p><p>2013-02-26 19:25 - 2013-02-26 19:25 - 00000000 ____D C:\Windows\Sun</p><p>2013-02-25 16:35 - 2013-02-25 16:46 - 365108532 ____A C:\Users\The Harris PC\Downloads\TWD S03E11.avi</p><p>2013-02-18 20:18 - 2013-02-18 23:03 - 497690366 ____A C:\Users\The Harris PC\Downloads\TWD S03E10.mp4</p><p>2013-02-14 08:05 - 2013-01-09 01:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll</p><p>2013-02-14 08:05 - 2013-01-09 01:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll</p><p>2013-02-14 08:05 - 2013-01-09 01:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll</p><p>2013-02-14 08:05 - 2013-01-09 01:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll</p><p>2013-02-14 08:05 - 2013-01-09 01:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll</p><p>2013-02-14 08:05 - 2013-01-09 01:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl</p><p>2013-02-14 08:05 - 2013-01-09 01:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll</p><p>2013-02-14 08:05 - 2013-01-09 01:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll</p><p>2013-02-14 08:05 - 2013-01-09 01:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll</p><p>2013-02-14 08:05 - 2013-01-09 01:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll</p><p>2013-02-14 08:05 - 2013-01-09 01:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe</p><p>2013-02-14 08:05 - 2013-01-09 01:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll</p><p>2013-02-14 08:05 - 2013-01-09 01:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll</p><p>2013-02-14 08:05 - 2013-01-09 01:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb</p><p>2013-02-14 08:05 - 2013-01-09 01:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll</p><p>2013-02-14 08:05 - 2013-01-09 01:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll</p><p>2013-02-14 08:05 - 2013-01-08 22:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</p><p>2013-02-14 08:05 - 2013-01-08 22:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll</p><p>2013-02-14 08:05 - 2013-01-08 22:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll</p><p>2013-02-14 08:05 - 2013-01-08 22:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl</p><p>2013-02-14 08:05 - 2013-01-08 22:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll</p><p>2013-02-14 08:05 - 2013-01-08 22:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll</p><p>2013-02-14 08:05 - 2013-01-08 22:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll</p><p>2013-02-14 08:05 - 2013-01-08 22:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll</p><p>2013-02-14 08:05 - 2013-01-08 21:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe</p><p>2013-02-14 08:05 - 2013-01-08 21:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll</p><p>2013-02-14 08:05 - 2013-01-08 21:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll</p><p>2013-02-14 08:05 - 2013-01-08 21:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll</p><p>2013-02-14 08:05 - 2013-01-08 21:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb</p><p>2013-02-14 08:05 - 2013-01-08 21:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll</p><p>2013-02-14 08:05 - 2013-01-08 21:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll</p><p>2013-02-14 08:05 - 2013-01-08 21:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll</p><p>2013-02-14 01:57 - 2013-01-05 05:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe</p><p>2013-02-14 01:57 - 2013-01-05 05:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe</p><p>2013-02-14 01:57 - 2013-01-05 05:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe</p><p>2013-02-14 01:56 - 2013-01-04 05:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll</p><p>2013-02-14 01:56 - 2013-01-04 04:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll</p><p>2013-02-14 01:56 - 2013-01-04 03:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys</p><p>2013-02-14 01:56 - 2013-01-04 02:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe</p><p>2013-02-14 01:56 - 2013-01-04 02:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll</p><p>2013-02-14 01:56 - 2013-01-04 02:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe</p><p>2013-02-14 01:56 - 2013-01-04 02:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe</p><p>2013-02-14 01:56 - 2013-01-03 06:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys</p><p>2013-02-14 01:56 - 2013-01-03 06:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS</p><p>2013-02-11 18:55 - 2013-02-11 19:45 - 363559342 ____A C:\Users\The Harris PC\Downloads\TWD S03E09.avi</p><p>2013-02-09 17:20 - 2013-02-09 17:47 - 482825108 ____A C:\Users\The Harris PC\Downloads\Spartacus.S03E03.HDTV.XviD-AFG.avi</p><p>2013-02-09 10:49 - 2013-02-09 10:49 - 00000761 ____A C:\Windows\System32\Drivers\etc\hosts.txt</p><p>2013-02-04 15:35 - 2013-02-14 08:09 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe</p><p>2013-02-02 12:46 - 2013-02-02 13:14 - 405111278 ____A C:\Users\The Harris PC\Downloads\Spartacus.S03E02.HDTV.x264-EVOLVE.mp4</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2013-03-02 09:28 - 2013-03-02 09:28 - 00001827 ____A C:\Users\The Harris PC\Desktop\RKreport[2]_D_03022013_02d0928.txt</p><p>2013-03-02 09:27 - 2013-03-02 09:27 - 00002110 ____A C:\Users\The Harris PC\Desktop\RKreport[1]_S_03022013_02d0927.txt</p><p>2013-03-02 09:27 - 2013-03-02 09:25 - 00000000 ____D C:\Users\The Harris PC\Desktop\RK_Quarantine</p><p>2013-03-02 09:24 - 2012-05-11 18:52 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2013-03-02 09:24 - 2012-05-11 18:52 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2013-03-02 09:24 - 2009-07-14 05:13 - 00727182 ____A C:\Windows\System32\PerfStringBackup.INI</p><p>2013-03-02 09:22 - 2012-05-11 18:47 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2013-03-02 09:17 - 2009-07-14 04:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2013-03-02 09:17 - 2009-07-14 04:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2013-03-02 09:15 - 2013-03-02 09:25 - 00816640 ____A C:\Users\The Harris PC\Desktop\RogueKiller.exe</p><p>2013-03-02 09:14 - 2012-05-11 18:58 - 00001839 ____A C:\Users\Public\Desktop\McAfee Internet Security.lnk</p><p>2013-03-02 09:10 - 2012-08-29 16:49 - 00000828 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job</p><p>2013-03-02 09:10 - 2009-07-14 05:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</p><p>2013-03-02 09:10 - 2009-07-14 04:51 - 00045581 ____A C:\Windows\setupact.log</p><p>2013-03-02 09:08 - 2012-08-29 16:46 - 01156657 ____A C:\Windows\WindowsUpdate.log</p><p>2013-03-02 09:07 - 2013-03-02 09:07 - 00002592 ____A C:\AdwCleaner[S1].txt</p><p>2013-03-02 09:07 - 2013-03-02 09:06 - 00002500 ____A C:\AdwCleaner[R1].txt</p><p>2013-03-02 09:02 - 2013-03-02 09:05 - 00594019 ____A C:\Users\The Harris PC\Desktop\AdwCleaner.exe</p><p>2013-03-01 18:48 - 2010-11-21 03:47 - 00018902 ____A C:\Windows\PFRO.log</p><p>2013-03-01 18:12 - 2013-03-01 18:12 - 00000000 ____D C:\_OTL</p><p>2013-03-01 18:12 - 2012-11-22 20:52 - 00000000 ____D C:\users\The Harris PC</p><p>2013-03-01 18:02 - 2013-03-01 17:10 - 00000000 ____D C:\TDSSKiller_Quarantine</p><p>2013-03-01 17:22 - 2012-05-11 18:47 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2013-03-01 17:22 - 2012-05-11 18:47 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2013-03-01 17:02 - 2013-03-01 17:05 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\The Harris PC\Desktop\tdsskiller.exe</p><p>2013-03-01 16:57 - 2012-08-29 16:49 - 00000830 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job</p><p>2013-02-28 21:48 - 2013-02-28 21:48 - 00044756 ____A C:\Users\The Harris PC\Desktop\Extras.Txt</p><p>2013-02-28 21:47 - 2013-02-28 21:47 - 00096366 ____A C:\Users\The Harris PC\Desktop\OTL.Txt</p><p>2013-02-28 21:30 - 2013-02-28 21:32 - 00602112 ____A (OldTimer Tools) C:\Users\The Harris PC\Desktop\OTL.exe</p><p>2013-02-27 21:15 - 2013-02-27 21:15 - 00000000 ____D C:\Windows\pss</p><p>2013-02-26 19:25 - 2013-02-26 19:25 - 00000000 ____D C:\Windows\Sun</p><p>2013-02-26 08:06 - 2012-05-11 18:52 - 00002194 ____A C:\Users\Public\Desktop\Google Chrome.lnk</p><p>2013-02-25 16:46 - 2013-02-25 16:35 - 365108532 ____A C:\Users\The Harris PC\Downloads\TWD S03E11.avi</p><p>2013-02-18 23:03 - 2013-02-18 20:18 - 497690366 ____A C:\Users\The Harris PC\Downloads\TWD S03E10.mp4</p><p>2013-02-18 00:33 - 2012-12-11 11:56 - 00000000 ____D C:\Users\The Harris PC\AppData\Roaming\SoftGrid Client</p><p>2013-02-14 08:43 - 2009-07-14 04:45 - 00275712 ____A C:\Windows\System32\FNTCACHE.DAT</p><p>2013-02-14 08:09 - 2013-02-04 15:35 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe</p><p>2013-02-11 19:45 - 2013-02-11 18:55 - 363559342 ____A C:\Users\The Harris PC\Downloads\TWD S03E09.avi</p><p>2013-02-09 17:47 - 2013-02-09 17:20 - 482825108 ____A C:\Users\The Harris PC\Downloads\Spartacus.S03E03.HDTV.XviD-AFG.avi</p><p>2013-02-09 10:49 - 2013-02-09 10:49 - 00000761 ____A C:\Windows\System32\Drivers\etc\hosts.txt</p><p>2013-02-09 10:49 - 2012-11-22 20:55 - 00000000 ____D C:\Users\The Harris PC\AppData\Local\VirtualStore</p><p>2013-02-02 13:14 - 2013-02-02 12:46 - 405111278 ____A C:\Users\The Harris PC\Downloads\Spartacus.S03E02.HDTV.x264-EVOLVE.mp4</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\wininit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\SysWOW64\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== Restore Points =========================</p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 25%</p><p>Total physical RAM: 3985.8 MB</p><p>Available physical RAM: 2959.69 MB</p><p>Total Pagefile: 7969.8 MB</p><p>Available Pagefile: 6327.23 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.88 MB</p><p></p><p>==================== Partitions =============================</p><p></p><p>1 Drive c: (TI30875400C) (Fixed) (Total:448.57 GB) (Free:389.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]</p><p>3 Drive e: (JENS FLASH) (Removable) (Total:7.45 GB) (Free:7.44 GB) FAT32</p><p></p><p> Disk ### Status Size Free Dyn Gpt</p><p> -------- ------------- ------- ------- --- ---</p><p> Disk 0 Online 465 GB 0 B </p><p> Disk 1 Online 7648 MB 0 B </p><p></p><p>Partitions of Disk 0:</p><p>===============</p><p></p><p>Disk ID: B0DE4F87</p><p></p><p> Partition ### Type Size Offset</p><p> ------------- ---------------- ------- -------</p><p> Partition 1 Recovery 1500 MB 1024 KB</p><p> Partition 2 Primary 448 GB 1501 MB</p><p> Partition 3 Primary 15 GB 450 GB</p><p></p><p>==================================================================================</p><p></p><p>Disk: 0</p><p>Partition 1</p><p>Type : 27</p><p>Hidden: Yes</p><p>Active: Yes</p><p></p><p> Volume ### Ltr Label Fs Type Size Status Info</p><p> ---------- --- ----------- ----- ---------- ------- --------- --------</p><p>* Volume 2 System NTFS Partition 1500 MB Healthy Hidden </p><p></p><p>=========================================================</p><p></p><p>Disk: 0</p><p>Partition 2</p><p>Type : 07</p><p>Hidden: No</p><p>Active: No</p><p></p><p> Volume ### Ltr Label Fs Type Size Status Info</p><p> ---------- --- ----------- ----- ---------- ------- --------- --------</p><p>* Volume 1 C TI30875400C NTFS Partition 448 GB Healthy Boot </p><p></p><p>=========================================================</p><p></p><p>Disk: 0</p><p>Partition 3</p><p>Type : 17 (Suspicious Type)</p><p>Hidden: Yes</p><p>Active: No</p><p></p><p>There is no volume associated with this partition.</p><p></p><p>=========================================================</p><p></p><p>Partitions of Disk 1:</p><p>===============</p><p></p><p>Disk ID: ABF5C5D3</p><p></p><p> Partition ### Type Size Offset</p><p> ------------- ---------------- ------- -------</p><p> Partition 1 Primary 7640 MB 31 KB</p><p></p><p>==================================================================================</p><p></p><p>Disk: 1</p><p>Partition 1</p><p>Type : 0B</p><p>Hidden: No</p><p>Active: Yes</p><p></p><p> Volume ### Ltr Label Fs Type Size Status Info</p><p> ---------- --- ----------- ----- ---------- ------- --------- --------</p><p>* Volume 3 E JENS FLASH FAT32 Removable 7640 MB Healthy </p><p></p><p>=========================================================</p><p></p><p>Last Boot: 2013-02-23 01:39</p><p></p><p>==================== End Of Log =============================</p></blockquote><p></p>
[QUOTE="nukeboy, post: 108236, member: 6288"] Latest FRST scan: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2013 Ran by The Harris PC at 02-03-2013 09:33:28 Running from E:\ Service Pack 1 (X64) OS Language: English(US) Attention: Could not load system hive. ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY. ==================== One Month Created Files and Folders ======== 2013-03-02 09:28 - 2013-03-02 09:28 - 00001827 ____A C:\Users\The Harris PC\Desktop\RKreport[2]_D_03022013_02d0928.txt 2013-03-02 09:27 - 2013-03-02 09:27 - 00002110 ____A C:\Users\The Harris PC\Desktop\RKreport[1]_S_03022013_02d0927.txt 2013-03-02 09:25 - 2013-03-02 09:27 - 00000000 ____D C:\Users\The Harris PC\Desktop\RK_Quarantine 2013-03-02 09:25 - 2013-03-02 09:15 - 00816640 ____A C:\Users\The Harris PC\Desktop\RogueKiller.exe 2013-03-02 09:07 - 2013-03-02 09:07 - 00002592 ____A C:\AdwCleaner[S1].txt 2013-03-02 09:06 - 2013-03-02 09:07 - 00002500 ____A C:\AdwCleaner[R1].txt 2013-03-02 09:05 - 2013-03-02 09:02 - 00594019 ____A C:\Users\The Harris PC\Desktop\AdwCleaner.exe 2013-03-01 18:12 - 2013-03-01 18:12 - 00000000 ____D C:\_OTL 2013-03-01 17:10 - 2013-03-01 18:02 - 00000000 ____D C:\TDSSKiller_Quarantine 2013-03-01 17:05 - 2013-03-01 17:02 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\The Harris PC\Desktop\tdsskiller.exe 2013-03-01 03:46 - 2013-03-02 09:33 - 00000000 ____D C:\FRST 2013-02-28 21:48 - 2013-02-28 21:48 - 00044756 ____A C:\Users\The Harris PC\Desktop\Extras.Txt 2013-02-28 21:47 - 2013-02-28 21:47 - 00096366 ____A C:\Users\The Harris PC\Desktop\OTL.Txt 2013-02-28 21:32 - 2013-02-28 21:30 - 00602112 ____A (OldTimer Tools) C:\Users\The Harris PC\Desktop\OTL.exe 2013-02-27 21:15 - 2013-02-27 21:15 - 00000000 ____D C:\Windows\pss 2013-02-26 19:25 - 2013-02-26 19:25 - 00000000 ____D C:\Windows\Sun 2013-02-25 16:35 - 2013-02-25 16:46 - 365108532 ____A C:\Users\The Harris PC\Downloads\TWD S03E11.avi 2013-02-18 20:18 - 2013-02-18 23:03 - 497690366 ____A C:\Users\The Harris PC\Downloads\TWD S03E10.mp4 2013-02-14 08:05 - 2013-01-09 01:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-02-14 08:05 - 2013-01-09 01:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-02-14 08:05 - 2013-01-09 01:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-02-14 08:05 - 2013-01-09 01:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-02-14 08:05 - 2013-01-09 01:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-02-14 08:05 - 2013-01-09 01:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-02-14 08:05 - 2013-01-09 01:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-02-14 08:05 - 2013-01-09 01:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-02-14 08:05 - 2013-01-09 01:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-02-14 08:05 - 2013-01-09 01:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-02-14 08:05 - 2013-01-09 01:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-02-14 08:05 - 2013-01-09 01:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-02-14 08:05 - 2013-01-09 01:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-02-14 08:05 - 2013-01-09 01:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-02-14 08:05 - 2013-01-09 01:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-02-14 08:05 - 2013-01-09 01:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-02-14 08:05 - 2013-01-08 22:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-02-14 08:05 - 2013-01-08 22:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-02-14 08:05 - 2013-01-08 22:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-02-14 08:05 - 2013-01-08 22:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-02-14 08:05 - 2013-01-08 22:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-02-14 08:05 - 2013-01-08 22:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-02-14 08:05 - 2013-01-08 22:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-02-14 08:05 - 2013-01-08 22:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-02-14 08:05 - 2013-01-08 21:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-02-14 08:05 - 2013-01-08 21:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-02-14 08:05 - 2013-01-08 21:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-02-14 08:05 - 2013-01-08 21:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-02-14 08:05 - 2013-01-08 21:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-02-14 08:05 - 2013-01-08 21:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-02-14 08:05 - 2013-01-08 21:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-02-14 08:05 - 2013-01-08 21:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-02-14 01:57 - 2013-01-05 05:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-02-14 01:57 - 2013-01-05 05:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-02-14 01:57 - 2013-01-05 05:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-02-14 01:56 - 2013-01-04 05:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2013-02-14 01:56 - 2013-01-04 04:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-02-14 01:56 - 2013-01-04 03:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-02-14 01:56 - 2013-01-04 02:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-02-14 01:56 - 2013-01-04 02:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-02-14 01:56 - 2013-01-04 02:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-02-14 01:56 - 2013-01-04 02:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-02-14 01:56 - 2013-01-03 06:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-02-14 01:56 - 2013-01-03 06:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS 2013-02-11 18:55 - 2013-02-11 19:45 - 363559342 ____A C:\Users\The Harris PC\Downloads\TWD S03E09.avi 2013-02-09 17:20 - 2013-02-09 17:47 - 482825108 ____A C:\Users\The Harris PC\Downloads\Spartacus.S03E03.HDTV.XviD-AFG.avi 2013-02-09 10:49 - 2013-02-09 10:49 - 00000761 ____A C:\Windows\System32\Drivers\etc\hosts.txt 2013-02-04 15:35 - 2013-02-14 08:09 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-02-02 12:46 - 2013-02-02 13:14 - 405111278 ____A C:\Users\The Harris PC\Downloads\Spartacus.S03E02.HDTV.x264-EVOLVE.mp4 ==================== One Month Modified Files and Folders ======= 2013-03-02 09:28 - 2013-03-02 09:28 - 00001827 ____A C:\Users\The Harris PC\Desktop\RKreport[2]_D_03022013_02d0928.txt 2013-03-02 09:27 - 2013-03-02 09:27 - 00002110 ____A C:\Users\The Harris PC\Desktop\RKreport[1]_S_03022013_02d0927.txt 2013-03-02 09:27 - 2013-03-02 09:25 - 00000000 ____D C:\Users\The Harris PC\Desktop\RK_Quarantine 2013-03-02 09:24 - 2012-05-11 18:52 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-03-02 09:24 - 2012-05-11 18:52 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-03-02 09:24 - 2009-07-14 05:13 - 00727182 ____A C:\Windows\System32\PerfStringBackup.INI 2013-03-02 09:22 - 2012-05-11 18:47 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-03-02 09:17 - 2009-07-14 04:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-03-02 09:17 - 2009-07-14 04:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-03-02 09:15 - 2013-03-02 09:25 - 00816640 ____A C:\Users\The Harris PC\Desktop\RogueKiller.exe 2013-03-02 09:14 - 2012-05-11 18:58 - 00001839 ____A C:\Users\Public\Desktop\McAfee Internet Security.lnk 2013-03-02 09:10 - 2012-08-29 16:49 - 00000828 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2013-03-02 09:10 - 2009-07-14 05:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-03-02 09:10 - 2009-07-14 04:51 - 00045581 ____A C:\Windows\setupact.log 2013-03-02 09:08 - 2012-08-29 16:46 - 01156657 ____A C:\Windows\WindowsUpdate.log 2013-03-02 09:07 - 2013-03-02 09:07 - 00002592 ____A C:\AdwCleaner[S1].txt 2013-03-02 09:07 - 2013-03-02 09:06 - 00002500 ____A C:\AdwCleaner[R1].txt 2013-03-02 09:02 - 2013-03-02 09:05 - 00594019 ____A C:\Users\The Harris PC\Desktop\AdwCleaner.exe 2013-03-01 18:48 - 2010-11-21 03:47 - 00018902 ____A C:\Windows\PFRO.log 2013-03-01 18:12 - 2013-03-01 18:12 - 00000000 ____D C:\_OTL 2013-03-01 18:12 - 2012-11-22 20:52 - 00000000 ____D C:\users\The Harris PC 2013-03-01 18:02 - 2013-03-01 17:10 - 00000000 ____D C:\TDSSKiller_Quarantine 2013-03-01 17:22 - 2012-05-11 18:47 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-03-01 17:22 - 2012-05-11 18:47 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-03-01 17:02 - 2013-03-01 17:05 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\The Harris PC\Desktop\tdsskiller.exe 2013-03-01 16:57 - 2012-08-29 16:49 - 00000830 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2013-02-28 21:48 - 2013-02-28 21:48 - 00044756 ____A C:\Users\The Harris PC\Desktop\Extras.Txt 2013-02-28 21:47 - 2013-02-28 21:47 - 00096366 ____A C:\Users\The Harris PC\Desktop\OTL.Txt 2013-02-28 21:30 - 2013-02-28 21:32 - 00602112 ____A (OldTimer Tools) C:\Users\The Harris PC\Desktop\OTL.exe 2013-02-27 21:15 - 2013-02-27 21:15 - 00000000 ____D C:\Windows\pss 2013-02-26 19:25 - 2013-02-26 19:25 - 00000000 ____D C:\Windows\Sun 2013-02-26 08:06 - 2012-05-11 18:52 - 00002194 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2013-02-25 16:46 - 2013-02-25 16:35 - 365108532 ____A C:\Users\The Harris PC\Downloads\TWD S03E11.avi 2013-02-18 23:03 - 2013-02-18 20:18 - 497690366 ____A C:\Users\The Harris PC\Downloads\TWD S03E10.mp4 2013-02-18 00:33 - 2012-12-11 11:56 - 00000000 ____D C:\Users\The Harris PC\AppData\Roaming\SoftGrid Client 2013-02-14 08:43 - 2009-07-14 04:45 - 00275712 ____A C:\Windows\System32\FNTCACHE.DAT 2013-02-14 08:09 - 2013-02-04 15:35 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-02-11 19:45 - 2013-02-11 18:55 - 363559342 ____A C:\Users\The Harris PC\Downloads\TWD S03E09.avi 2013-02-09 17:47 - 2013-02-09 17:20 - 482825108 ____A C:\Users\The Harris PC\Downloads\Spartacus.S03E03.HDTV.XviD-AFG.avi 2013-02-09 10:49 - 2013-02-09 10:49 - 00000761 ____A C:\Windows\System32\Drivers\etc\hosts.txt 2013-02-09 10:49 - 2012-11-22 20:55 - 00000000 ____D C:\Users\The Harris PC\AppData\Local\VirtualStore 2013-02-02 13:14 - 2013-02-02 12:46 - 405111278 ____A C:\Users\The Harris PC\Downloads\Spartacus.S03E02.HDTV.x264-EVOLVE.mp4 ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 25% Total physical RAM: 3985.8 MB Available physical RAM: 2959.69 MB Total Pagefile: 7969.8 MB Available Pagefile: 6327.23 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Partitions ============================= 1 Drive c: (TI30875400C) (Fixed) (Total:448.57 GB) (Free:389.87 GB) NTFS ==>[System with boot components (obtained from reading drive)] 3 Drive e: (JENS FLASH) (Removable) (Total:7.45 GB) (Free:7.44 GB) FAT32 Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 465 GB 0 B Disk 1 Online 7648 MB 0 B Partitions of Disk 0: =============== Disk ID: B0DE4F87 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 1500 MB 1024 KB Partition 2 Primary 448 GB 1501 MB Partition 3 Primary 15 GB 450 GB ================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 System NTFS Partition 1500 MB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C TI30875400C NTFS Partition 448 GB Healthy Boot ========================================================= Disk: 0 Partition 3 Type : 17 (Suspicious Type) Hidden: Yes Active: No There is no volume associated with this partition. ========================================================= Partitions of Disk 1: =============== Disk ID: ABF5C5D3 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 7640 MB 31 KB ================================================================================== Disk: 1 Partition 1 Type : 0B Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E JENS FLASH FAT32 Removable 7640 MB Healthy ========================================================= Last Boot: 2013-02-23 01:39 ==================== End Of Log ============================= [/QUOTE]
Insert quotes…
Verification
Post reply
Top