UKASH/Police Virus Help

JackJones · Apr 6, 2013

Here is the content of the Farbar Recovery Scan:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 25 days old)
Ran by SYSTEM at 07-04-2013 03:18:32
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4394032 2013-03-13] (AVG Technologies CZ, s.r.o.)
HKU\JackJones\...\Winlogon: [Shell] explorer.exe,C:\Users\JackJones\AppData\Roaming\AltShell.dat [33280 2011-11-16] ()
HKU\UpdatusUser\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-06-16] (Google Inc.)
HKU\UpdatusUser\...\Run: [Epson Stylus SX420W(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_SC320.tmp" /EF "HKCU" [224768 2009-09-13] (SEIKO EPSON CORPORATION)
HKU\UpdatusUser\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [324976 2010-05-21] (Flexera Software, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) ===================

2 ABBYY.Licensing.FineReader.Sprint.9.0; "C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe" -service [759048 2009-05-14] (ABBYY)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [4937264 2013-02-27] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [282624 2013-02-18] (AVG Technologies CZ, s.r.o.)
2 fshoster; "C:\Program Files (x86)\BT Cloud\fshoster32.exe" -hosterid:0 [187960 2012-12-07] (F-Secure Corporation)
3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe" [135584 2012-04-26] (Futuremark Corporation)
2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe /StartService [278336 2011-09-19] (NVIDIA)
2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
2 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [1124184 2013-03-17] (Trusteer Ltd.)
3 RoxMediaDBVHS; "C:\Program Files (x86)\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe" [1114384 2011-12-18] (Rovi Corporation)
2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [354816 2013-03-22] ()
2 VaultClientSRV; C:\Program Files (x86)\BT Auto Backup\VaultClientSRV.exe [1051752 2009-11-26] (BT)
3 VaultClientUpgrade; C:\Program Files (x86)\BT Auto Backup\VaultClientUpgrade.exe [56424 2009-11-26] (BT)

==================== Drivers (Whitelisted) =====================

1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-02-26] (AVG Technologies CZ, s.r.o.)
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [71480 2013-02-07] (AVG Technologies CZ, s.r.o.)
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [206136 2013-02-07] (AVG Technologies CZ, s.r.o.)
0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [311096 2013-02-07] (AVG Technologies CZ, s.r.o.)
0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [116536 2013-02-07] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [45880 2013-02-07] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [239416 2013-02-13] (AVG Technologies CZ, s.r.o.)
2 DgiVecp; C:\Windows\System32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
2 DgiVecp; C:\Windows\SysWow64\Drivers\DgiVecp.sys [40448 2003-07-28] (DeviceGuys, Inc.)
3 nvoclk64; C:\Windows\System32\Drivers\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
1 RapportCerberus_51755; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [586072 2013-03-25] ()
1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [228600 2013-03-17] (Trusteer Ltd.)
3 RapportIaso; \??\c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [175352 2013-03-25] (Trusteer Ltd.)
0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [236248 2013-03-17] (Trusteer Ltd.)
1 RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [357272 2013-03-17] (Trusteer Ltd.)
3 TridVid; C:\Windows\System32\Drivers\TridVid.sys [0 2012-07-09] ()
3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA64A.sys [736280 2011-12-28] (eMPIA Technology, Inc.)
3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM64A.sys [1171992 2011-12-28] (eMPIA Technology, Inc.)

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-04-06 17:44 - 2013-04-06 17:44 - 00000000 ____D C:\meta
2013-04-06 17:02 - 2013-04-06 17:47 - 00001821 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-04-06 17:02 - 2013-04-06 17:02 - 00000000 ____D C:\Program Files\HitmanPro
2013-04-06 17:00 - 2013-04-06 17:44 - 00000000 ____D C:\ProgramData\HitmanPro
2013-04-06 16:28 - 2013-04-06 16:28 - 00000000 ____D C:\summaries
2013-04-06 16:20 - 2013-04-06 18:15 - 00000004 ____A C:\Users\JackJones\AppData\Roaming\AltShell.ini
2013-04-05 13:57 - 2013-04-05 13:57 - 00000000 ____D C:\Users\JackJones\AppData\Local\{A6A3FB9C-FDAD-4DFC-9D0B-11D99443C0EE}
2013-04-05 13:30 - 2013-04-05 13:30 - 00000097 ____A C:\Windo+ws\lotus.ini
2013-04-05 13:29 - 2013-04-05 13:29 - 00000000 ____A C:\Windows\winhelp.ini
2013-04-05 12:45 - 2013-04-05 12:43 - 01112854 ____A C:\Users\Public\Documents\Full Family Tree (5 Apr 2013).ged
2013-04-05 05:45 - 2013-04-06 18:14 - 00000840 ____A C:\Windows\setupact.log
2013-04-05 05:45 - 2013-04-05 05:45 - 00000000 ____A C:\Windows\setuperr.log
2013-04-01 13:57 - 2013-04-01 13:57 - 00000154 ____A C:\Users\JackJones\Downloads\MapCoords_0.15.zip
2013-03-23 10:44 - 2013-03-23 10:44 - 19221504 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 15407616 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 14317568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-03-23 10:44 - 2013-03-23 10:44 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-03-23 10:44 - 2013-03-23 10:44 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-03-23 10:44 - 2013-03-23 10:44 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-03-23 10:44 - 2013-03-23 10:44 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-03-23 10:44 - 2013-03-23 10:44 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-03-23 10:44 - 2013-03-23 10:44 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00526848 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-03-23 10:44 - 2013-03-23 10:44 - 00391680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-03-23 10:44 - 2013-03-23 10:44 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-03-23 10:44 - 2013-03-23 10:44 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-03-23 10:44 - 2013-03-23 10:44 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-03-22 10:26 - 2013-02-11 20:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-03-21 14:13 - 2013-03-21 14:13 - 08082573 ____A C:\Users\Public\Desktop\fsdiag.zip
2013-03-09 00:28 - 2013-03-09 00:28 - 22612824 ____A C:\Users\JackJones\Downloads\serviio-1.2-win-setup.exe

==================== One Month Modified Files and Folders =======

2013-04-07 03:18 - 2013-04-07 03:18 - 00000000 ____D C:\FRST
2013-04-06 18:15 - 2013-04-06 16:20 - 00000004 ____A C:\Users\JackJones\AppData\Roaming\AltShell.ini
2013-04-06 18:15 - 2012-06-16 09:59 - 01878267 ____A C:\Windows\WindowsUpdate.log
2013-04-06 18:14 - 2013-04-05 05:45 - 00000840 ____A C:\Windows\setupact.log
2013-04-06 18:14 - 2012-10-10 15:22 - 00000268 ____A C:\.dir
2013-04-06 18:14 - 2012-06-16 10:26 - 00000000 ____D C:\ProgramData\NVIDIA
2013-04-06 18:14 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-06 17:49 - 2009-07-13 20:45 - 00022064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-06 17:49 - 2009-07-13 20:45 - 00022064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-06 17:47 - 2013-04-06 17:02 - 00001821 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-04-06 17:44 - 2013-04-06 17:44 - 00000000 ____D C:\meta
2013-04-06 17:44 - 2013-04-06 17:00 - 00000000 ____D C:\ProgramData\HitmanPro
2013-04-06 17:02 - 2013-04-06 17:02 - 00000000 ____D C:\Program Files\HitmanPro
2013-04-06 16:40 - 2012-06-16 11:29 - 00000000 ____D C:\Windows\pss
2013-04-06 16:33 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-06 16:28 - 2013-04-06 16:28 - 00000000 ____D C:\summaries
2013-04-06 16:06 - 2012-11-06 00:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-06 13:50 - 2012-06-16 14:28 - 00000000 ____D C:\Users\JackJones\Documents\Outlook Files
2013-04-06 09:11 - 2012-06-16 10:10 - 00000000 ____D C:\ProgramData\MFAData
2013-04-06 08:00 - 2012-06-18 13:52 - 00000000 ____D C:\Users\JackJones\AppData\Roaming\uTorrent
2013-04-06 01:08 - 2009-07-13 20:45 - 00486752 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-05 18:06 - 2012-06-17 10:02 - 00000000 ____D C:\Users\JackJones\Documents\Family Tree Maker
2013-04-05 13:57 - 2013-04-05 13:57 - 00000000 ____D C:\Users\JackJones\AppData\Local\{A6A3FB9C-FDAD-4DFC-9D0B-11D99443C0EE}
2013-04-05 13:56 - 2012-06-17 01:42 - 00136848 ____A C:\Users\JackJones\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-05 13:30 - 2013-04-05 13:30 - 00000097 ____A C:\Windows\lotus.ini
2013-04-05 13:29 - 2013-04-05 13:29 - 00000000 ____A C:\Windows\winhelp.ini
2013-04-05 12:43 - 2013-04-05 12:45 - 01112854 ____A C:\Users\Public\Documents\Full Family Tree (5 Apr 2013).ged
2013-04-05 05:52 - 2012-12-11 15:47 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-04-05 05:45 - 2013-04-05 05:45 - 00000000 ____A C:\Windows\setuperr.log
2013-04-01 13:57 - 2013-04-01 13:57 - 00000154 ____A C:\Users\JackJones\Downloads\MapCoords_0.15.zip
2013-03-29 01:14 - 2012-06-16 15:30 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-03-25 14:13 - 2012-06-16 18:51 - 00000000 ____D C:\Windows\Panther
2013-03-25 09:08 - 2012-06-17 06:05 - 00000000 ___AD C:\Users\JackJones\Documents\Kim's Files
2013-03-23 12:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-03-23 11:27 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-03-23 10:44 - 2013-03-23 10:44 - 19221504 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 15407616 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 14317568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-03-23 10:44 - 2013-03-23 10:44 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-03-23 10:44 - 2013-03-23 10:44 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-03-23 10:44 - 2013-03-23 10:44 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-03-23 10:44 - 2013-03-23 10:44 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-03-23 10:44 - 2013-03-23 10:44 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-03-23 10:44 - 2013-03-23 10:44 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00526848 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-03-23 10:44 - 2013-03-23 10:44 - 00391680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-03-23 10:44 - 2013-03-23 10:44 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-03-23 10:44 - 2013-03-23 10:44 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-03-23 10:44 - 2013-03-23 10:44 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-03-23 10:44 - 2013-03-23 10:44 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-03-23 10:44 - 2013-03-23 10:44 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-03-21 15:55 - 2012-06-17 01:42 - 00007642 ____A C:\Users\JackJones\AppData\Local\Resmon.ResmonCfg
2013-03-21 14:13 - 2013-03-21 14:13 - 08082573 ____A C:\Users\Public\Desktop\fsdiag.zip
2013-03-21 14:05 - 2013-02-28 14:56 - 00000000 ____D C:\Users\JackJones\AppData\Local\F-Secure
2013-03-17 06:46 - 2012-06-18 14:17 - 00236248 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKE64.sys
2013-03-13 08:06 - 2012-06-16 10:12 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-03-13 08:06 - 2012-06-16 10:12 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-03-13 06:28 - 2012-08-28 23:30 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-13 06:28 - 2012-08-28 23:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-03-13 00:32 - 2012-06-16 14:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-03-13 00:30 - 2012-06-16 10:59 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-03-10 13:49 - 2012-06-25 00:56 - 00113152 __ASH C:\Users\JackJones\Documents\Thumbs.db
2013-03-10 11:19 - 2013-01-09 15:29 - 00002029 ____A C:\Users\Public\Desktop\Samsung AllShare.lnk
2013-03-10 11:19 - 2013-01-09 15:29 - 00000000 ____D C:\Users\JackJones\AppData\Roaming\Samsung
2013-03-09 09:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-03-09 00:28 - 2013-03-09 00:28 - 22612824 ____A C:\Users\JackJones\Downloads\serviio-1.2-win-setup.exe

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4094.18 MB
Available physical RAM: 3462.87 MB
Total Pagefile: 4092.38 MB
Available Pagefile: 3464.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:111.69 GB) (Free:1.64 GB) NTFS
2 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive h: (MULTIBOOT) (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (My Data) (Fixed) (Total:931.51 GB) (Free:191.29 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 111 GB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 Online 499 MB 0 B

Partitions of Disk 0:
===============

Disk ID: 71FC4DD1

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y My Data NTFS Partition 931 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: 61BAF3BC

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 111 GB 101 MB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 111 GB Healthy

=========================================================

Partitions of Disk 3:
===============

Disk ID: 01EBBE5A

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 499 MB 16 KB

==================================================================================

Disk: 3
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H MULTIBOOT FAT32 Removable 499 MB Healthy

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 71FC4DD1

Partition 1:
=========
Hex: 0020210007FEFFFF0008000000587074
Active: NO
Type: 07 (NTFS)
Size: 932 GB

==============================
Partitions of Disk 1:
===============
Disk ID: 61BAF3BC

Partition 1:
=========
Hex: 8020210007DF130C0008000000200300
Active: YES
Type: 07 (NTFS)
Size: 100 MB

Partition 2:
=========
Hex: 00DF140C07FEFFFF002803000018F60D
Active: NO
Type: 07 (NTFS)
Size: 112 GB

==============================
Partitions of Disk 3:
===============
Disk ID: 01EBBE5A

Partition 1:
=========
Hex: 800101000B01FFFF20000000E09D0F00
Active: YES
Type: 0B
Size: 500 MB

Last Boot: 2013-04-04 00:47

==================== End Of Log =============================

Fiery · Apr 6, 2013

Hi and welcome to MalwareTips!

I'm Fiery and I would gladly assist you in removing the malware on your computer.

Before we start:

Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
The absence of symptoms does not mean your PC is fully disinfected.
If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
On another PC, open notepad and copy & paste the following:

HKU\JackJones\...\Winlogon: [Shell] explorer.exe,C:\Users\JackJones\AppData\Roaming\AltShell.dat [33280 2011-11-16] ()
2013-04-06 16:20 - 2013-04-06 18:15 - 00000004 ____A C:\Users\JackJones\AppData\Roaming\AltShell.ini
C:\Users\JackJones\AppData\Roaming\AltShell.dat

and save it as fixlist.txt onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

JackJones · Apr 6, 2013

Log from running this fixlist says:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2013
Ran by SYSTEM at 2013-04-07 04:04:24 Run:2
Running from H:\

==============================================

HKEY_USERS\JackJones\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully.

==== End of Fixlog ====

Fiery · Apr 6, 2013

Hi,

You didn't copy the whole fix. You are missing 2 lines of the fix. Please do the same thing again but with the content in the "quote" box below.

Open notepad and copy & paste the following:

2013-04-06 16:20 - 2013-04-06 18:15 - 00000004 ____A C:\Users\JackJones\AppData\Roaming\AltShell.ini
C:\Users\JackJones\AppData\Roaming\AltShell.dat

and save it as fixlist.txt onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

JackJones · Apr 6, 2013

My apologies - copying using a laptop mousepad instead of the real thing

Log result now says:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2013
Ran by SYSTEM at 2013-04-07 04:16:42 Run:3
Running from H:\

==============================================

C:\Users\JackJones\AppData\Roaming\AltShell.ini moved successfully.

==== End of Fixlog ====

Fiery · Apr 6, 2013

There is still 1 line you missed

Do the same thing again. After this, let me know if you are able to reboot your PC to normal mode

Open notepad and copy & paste the following:

C:\Users\JackJones\AppData\Roaming\AltShell.dat

and save it as fixlist.txt onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

JackJones · Apr 6, 2013

Very odd - I was pretty certain I copied that very carefully after my first mistake!

Log output:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2013
Ran by SYSTEM at 2013-04-07 04:30:00 Run:4
Running from H:\

==============================================

C:\Users\JackJones\AppData\Roaming\AltShell.dat moved successfully.

==== End of Fixlog ====

Fiery · Apr 6, 2013

It's ok

Can you start your PC normally now? If so,

Download OTL by Old Timer from here and save it to your Desktop.

Double click on OTL.exe to run it.
Click the Scan All Users checkbox.
Check the boxes beside LOP Check and Purity Check
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized
Please attach the contents of these 2 Notepad files in your next reply.

If you don't know how to attach the files, please follow the instructions here: http://malwaretips.com/Thread-How-to-use-the-attachment-system?pid=16072#pid16072

JackJones · Apr 6, 2013

Fantastic! My PC booted normally. Is there a Smilies for enormous smiles of relief?

I've downloaded OTL and run it - logs are attached. I've also downloaded MBAM Chameleon because I think I need to run that too?

Fiery · Apr 6, 2013

Good stuff!

You can do a scan with chameleon. In the meantime..

Can you navigate to C:\meta and tell me what files are in that folder? Do the same for C:\.dir

Download & SAVE to your Desktop RogueKiller or from here

Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select Run as Administrator to start
Wait until Prescan has finished, then click on "Scan" button
Wait until the Status box shows "Scan Finished"
Click on "Report" and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller+

JackJones · Apr 7, 2013

Hi,

The C:\meta folder has a file called "Profile" in it, which appears to be an XML document.
The C:\.dir file is shown in Explorer as a .dir file.

I have no idea what either of these files/directories is or how they got on my machine.

In the meantime I am downloading RogueKiller.

JackJones · Apr 7, 2013

RogueKiller report:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : JackJones [Admin rights]
Mode : Scan -- Date : 04/07/2013 06:31:49
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: OCZ-AGILITY3 ATA Device +++++
--- User ---
[MBR] d3e3b93b0b34a05c1681170ff81f2afe
[BSP] 132bbbdae7d4603d241583bd74a613f1 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1002FAEX-00Z3A0 ATA Device +++++
--- User ---
[MBR] b295431a8088d1b3611f9961581f1af6
[BSP] 302f636ca9668083ac40317c7ee2c4e8 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_04072013_02d0631.txt >>
RKreport[1]_S_04072013_02d0631.txt

JackJones · Apr 7, 2013

Did some digging on Mr Google and it seems the .dir file is put there by Serviio, which I have been using to try and use my main PC as a media server for my Samsung Smart TV, so is probably a legit file.

JackJones · Apr 7, 2013

Sorry for the long gap - had to sleep because it was the middle of the night!

I have run AdwCleaner and deleted all the files it found, and run full AVG Antivirus and full MBAM scans without finding any errors or suspect files.

My PC now seems to be running fine - is there anything else that I should be doing, or is that completed now?

Many many thanks for all the help so far!

Fiery · Apr 7, 2013

Ok, that is fine

We are almost done. Next up,

Run Eset NOD32 Online AntiVirus here

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
- Scan unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Click Scan
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log in your next reply to this topic.
The log can also be found in logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt

JackJones · Apr 7, 2013

Seven threats found, although most if not all of these I think are false positives:

C:\Users\JackJones\Downloads\cbsidlm-tr1_7-DOSonUSB-ORG-10795476.exe Win32/DownloadAdmin.D application
C:\Users\JackJones\Downloads\CrystalDiskMark3_0_1c-en.exe Win32/OpenCandy application
C:\Users\JackJones\Downloads\FreeVideoToMP3Converter.exe Win32/OpenCandy application
C:\Users\JackJones\Downloads\setup_vlc.exe a variant of Win32/InstallCore.AC application
C:\Users\JackJones\Downloads\youtube_downloader_hd_setup.exe Win32/OpenCandy application
E:\Downloads\Utilities\coretemp_1236.exe a variant of Win32/InstallIQ application
E:\Downloads\Utilities\cpu-z_1.60.1-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask application

Certainly I have had all of these on my PC for many weeks without problems.

Cheers

Fiery · Apr 7, 2013

Indeed those are false positives.

If you are no longer experiencing any other issues, your PC is now clean!

Double click on OTL to run it

Click on the Cleanup button at the top.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes
This will remove itself and other tools we may have used.

Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after.

For Windows 7
Create a restore point
Delete all but the most recent restore point - Click the Delete all but the most recent restore point link

Keep your system updated

Keeping your programs (especially Adobe and Java products) updated is essential. Outdated programs make your PC more vulnerable to future malware threats. To help you:

Download and install Update Checker. It will notify you if any of your programs require an update.
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office product bugs and vulnerabilities.
Please ensure you update your system regularly and have automatic updates on. You can learn how to turn Automatic Updates on here

I also recommend you to switch your antivirus program to a better one. Here are some suggestions:

avast! 8 Free Antivirus - Don't use it with Online Armor
Avira AntiVir Personal
BitDefender Antivirus Free Edition
Microsoft Security Essentials

In addition to your antivirus, you need additional protection such as a firewall and behavioural blocker.

Online Armor
Comodo Firewall - If you are an advance user
ZoneAlarm Free Firewall
PC Tool Firewall Plus

Other steps that you may want to do to further protect your system/files:

Sandboxie - "Quarantines" your browser so anything that you do in it will be isolated from your system.
Backup important files regulary to an external hard-drive or USB

Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.

Should you want to try a product but don't know how it performs, here is a list of current reviews to help you decide.

Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.

Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.

KeyScramber - Encrypts your keystrokes to protect you against keyloggers that steals personal & banking information
AdBlock - Disable/blocks advertisements on websites so you won't accidentally click on a malicious ad.
NoScript - Disables Flash & Java contents to avoid exploits or drive-by attacks
Web of Trust - Shows the website rating by other users and blocks dangerous and poor-rated sites

Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.

AdBlock

Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.

Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask

My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.

JackJones · Apr 8, 2013

Fiery - thank you so much for all your efforts - you've been a great help. I will make a donation and encourage everyone else who uses this site to do likewise.

Cheers

Fiery · Apr 8, 2013

Thanks and take care

Cheers

UKASH/Police Virus Help

New Member

Level 1

New Member

Level 1

New Member

Level 1

New Member

Level 1

New Member

Attachments

Level 1

New Member

New Member

New Member

New Member

Level 1

New Member

Level 1

New Member

Level 1

Similar threads