network shield block every 30 sec : services.exe

I am getting 2 errors pop-up almost every 30 seconds

MALICIOUS URL BLOCKED

object: hXXp://uekbewfa.cn/4001368765?w=526&i=931232096
infection: URL: Mal
Process: c:\Windows\System32\services.exe

other one…

MALWARE BLOCKED

avast! File System Shield has blocked a threat.

object: C:\Windows\Installer.…\8000000.@
Infection: Win32:Malware-gen
Action: Moved to chest
Process C:\Windows\System32\services.exe

The threat was detected and blocked when the file was created or modified.

HELP! How can i get rid of this

Lets locate all the bad files first

Download OTL to your Desktop

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT

[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs

the program appears to start running but then closes immediately – the files you refer to are not created…

I have nothing else running on the machine.

Darn did not take long for them to twig what I was doing

OK we will download a different variant, if you are downloading with firefox then right click the link and select save as…

Just run a quick scan initially

Download OTL to your Desktop

@ kwills05
Please ‘modify’ your first post change the URL from http to hXXp, to break the link and avoid accidental exposure to suspect sites, thanks.

same thing…
runs about 15 seconds then disappears…

OK what is your operating system XP or Vista

Can you burn a CD ?

A quick thought - could you try OTL from safe mode first

windows 7

ran in safe mode – it no longer disappears but seems to time out or stall while – Scanning Firefox settings (tried it twice)

if this helps – 2 days ago i had something that knocked out microsoft security essentials on my machine… I can no longer run that program

OK If you do not have the windows disc then download the correct version of the recovery console for windows 7 from here ensuring that you get the right 64 or 32 bit version http://www.forum.probz.net/index.php?/files/category/17-windows-recovery-environment-winre/

If you do have the disc then skip wintobootic
Download the following three programmes to your desktop :

  1. Wintobootic
  2. Windows 7 64bit RC
  3. Farbar Recovery Scan Tool x64

Extract wintoboot to your desktop
Insert a USB drive of at least 4GB
Run Wintoboot

http://dl.dropbox.com/u/73555776/wintoboot.JPG

Drag and drop the Windows 7 ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It

You will see it progressing

http://dl.dropbox.com/u/73555776/usb%20progress.JPG

It will let you know when it is done
Then copy FRST to the same USB

http://dl.dropbox.com/u/73555776/frstwintoboot.JPG

Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here

When you reboot you will see this although yours will say windows 7.

Click repair my computer

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7275.jpg

Select your operating system

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277202.jpg

Select Command prompt

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277.jpg

At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select “Computer” and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

]Here[/color][/url]

Scan result of Farbar Recovery Scan Tool Version: 09-06-2012
Ran by SYSTEM at 09-06-2012 06:16:08
Running from E:
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet003

========================== Registry (Whitelisted) =============

HKLM-x32.…\Run: [Malwarebytes’ Anti-Malware] “C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbamgui.exe” /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32.…\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32.…\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1059472 2011-12-05] (Carbonite, Inc.)
HKU\KWILLS.…\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [1653248 2009-12-29] (AWS Convergence Technologies, Inc.)
HKU\KWILLS.…\Run: [swg] “C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [39408 2010-10-04] (Google Inc.)
HKU\KWILLS.…\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\KWILLS.…\Run: [Skype] “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun [17148552 2012-02-29] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
IMEO\airecoveryburner.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\alu.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\audctr.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\backache.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\backbone.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\controldeck.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\ctwave.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\facemgr.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\fancystart.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\fastboot.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\flipshare.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\javaw.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\javaws.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\lifecam.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\logonmgr.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\p4gxui.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\volpanlu.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk → C:\Windows\Installer{60D6618B-153F-4353-8185-908E676E5888}_DCE9A4DB2A5F2786140FA3.exe ()
Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk → C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk → C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\KWILLS\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk → (No File)

==================== Services (Whitelisted) ======

3 Adobe LM Service; “C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe” [72704 2010-04-13] (Adobe Systems)
2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
2 avast! Antivirus; “C:\Program Files\AVAST Software\Avast\AvastSvc.exe” [44768 2012-03-06] (AVAST Software)
2 CarboniteService; “C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe” [6378128 2011-12-05] (Carbonite, Inc. (www.carbonite.com))
3 FLEXnet Licensing Service; “C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe” [654848 2010-04-12] (Macrovision Europe Ltd.)
2 MBAMService; “C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbamservice.exe” [654408 2012-04-04] (Malwarebytes Corporation)
2 TuneUp.UtilitiesSvc; “C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe” [2143552 2012-02-09] (TuneUp Software)
4 UNS; “C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe” [2314240 2009-09-30] (Intel Corporation)
2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [35648 2012-02-09] (TuneUp Software)
2 UxTuneUp; C:\Windows\SysWow64\uxtuneup.dll [28992 2012-02-09] (TuneUp Software)

========================== Drivers (Whitelisted) =============

2 ASMMAP64; ??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-03-06] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [69976 2012-03-06] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-11-28] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-06] (AVAST Software)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
3 MBAMProtector; ??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 Point64; C:\Windows\System32\Drivers\Point64.sys [45432 2011-04-13] (Microsoft Corporation)
3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1806400 2009-06-05] ()
3 TuneUpUtilitiesDrv; ??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-10-20] (TuneUp Software)
3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys
3 tmlwf;
3 tmwfp;

========================== NetSvcs (Whitelisted) ===========

NETSVC: UxTuneUp → C:\Windows\System32\uxtuneup.dll (TuneUp Software)

============ One Month Created Files and Folders ==============

2012-06-09 06:15 - 2012-06-09 06:16 - 00000000 ____D C:\FRST
2012-06-09 03:03 - 2012-06-04 01:54 - 00014765 ____A C:\Users\KWILLS\Desktop\vitaliukas.zip
2012-06-09 03:03 - 2012-05-20 10:41 - 00004695 ____A C:\Users\KWILLS\Desktop\ramekin.zip
2012-06-09 03:03 - 2012-05-14 07:19 - 00621056 ____A C:\Users\KWILLS\Desktop\WiNToBootic.exe
2012-06-09 03:03 - 2012-04-04 12:03 - 00002271 ____A C:\Users\KWILLS\Desktop\zelenkooo.zip
2012-06-09 03:03 - 2012-01-13 10:45 - 00002227 ____A C:\Users\KWILLS\Desktop\clear-notification-items.vbs
2012-06-09 03:03 - 2012-01-08 08:09 - 05561216 ____A (Microsoft Corporation) C:\Users\KWILLS\Desktop\ntoskrnl.exe
2012-06-09 03:03 - 2011-10-22 01:32 - 00006377 ____A C:\Users\KWILLS\Desktop\SafeBoot.zip
2012-06-09 03:03 - 2011-10-22 01:32 - 00001150 ____A C:\Users\KWILLS\Desktop\wscsvc.zip
2012-06-09 03:03 - 2011-10-22 01:32 - 00001150 ____A C:\Users\KWILLS\Desktop\wscsvc(64).zip
2012-06-09 03:03 - 2011-09-05 08:35 - 00089766 ____A C:\Users\KWILLS\Desktop\nlasvc.dll.zip
2012-06-09 03:03 - 2011-08-23 08:31 - 00002258 ____A C:\Users\KWILLS\Desktop\Repair.vbs
2012-06-09 03:03 - 2011-01-18 10:25 - 00507904 ____A (Microsoft Corporation) C:\Users\KWILLS\Desktop\winlogon.exe
2012-06-09 03:03 - 2011-01-18 10:23 - 01033728 ____A (Microsoft Corporation) C:\Users\KWILLS\Desktop\EXPLORER.EXE
2012-06-09 03:03 - 2010-10-08 07:54 - 00024576 ____A (Microsoft Corporation) C:\Users\KWILLS\Desktop\USERINIT.EXE
2012-06-09 03:03 - 2010-07-03 10:13 - 00149472 ____A C:\Users\KWILLS\Desktop\xpquick.zip
2012-06-09 03:03 - 2010-07-03 08:36 - 00577024 ____A (Microsoft Corporation) C:\Users\KWILLS\Desktop\user32.dll
2012-06-09 03:03 - 2010-03-04 05:28 - 00358685 ____A C:\Users\KWILLS\Desktop\Logon.exe
2012-06-09 03:03 - 2010-02-22 07:59 - 00638216 ____A (Microsoft Corporation) C:\Users\KWILLS\Desktop\iexplore.exe
2012-06-09 03:03 - 2010-01-31 11:25 - 00013824 ____A (Microsoft Corporation) C:\Users\KWILLS\Desktop\wscntfy.exe
2012-06-09 03:03 - 2010-01-31 10:46 - 00001452 ____A C:\Users\KWILLS\Desktop\SR.zip
2012-06-09 03:03 - 2010-01-24 02:00 - 00189671 ____A C:\Users\KWILLS\Desktop\sfcfiles.zip
2012-06-09 03:03 - 2009-12-28 09:32 - 00050213 ____A C:\Users\KWILLS\Desktop\NvAtaBus.zip
2012-06-09 03:03 - 2007-12-14 12:11 - 00027054 ____A C:\Users\KWILLS\Desktop\SafeBoot-for-Windows-XP-SP2.reg
2012-06-09 03:03 - 2007-12-14 12:11 - 00024098 ____A C:\Users\KWILLS\Desktop\SafeBoot-for-Windows-2000-SP4-Professional.reg
2012-06-09 03:02 - 2012-06-09 03:02 - 09905392 ____A C:\Users\KWILLS\Downloads\skydrive-2012-06-09.zip
2012-06-09 02:36 - 2011-02-17 13:59 - 00383562 ____N C:\Users\KWILLS\Desktop\bootmgr
2012-06-09 02:36 - 2011-02-17 13:59 - 00000000 ____D C:\Users\KWILLS\Desktop\sources
2012-06-09 02:30 - 2012-06-09 02:30 - 01397353 ____A C:\Users\KWILLS\Downloads\FRST64(1).exe
2012-06-09 02:27 - 2012-06-09 02:27 - 01397353 ____A C:\Users\KWILLS\Downloads\FRST64.exe
2012-06-09 02:22 - 2012-06-09 02:32 - 172855296 ____A C:\Users\KWILLS\Downloads\RepairDiscWindows7-64-bit.iso
2012-06-08 11:21 - 2012-06-08 11:22 - 00595456 ____A (OldTimer Tools) C:\Users\KWILLS\Desktop\OTL.scr
2012-06-08 11:18 - 2012-06-08 11:18 - 00595456 ____A (OldTimer Tools) C:\Users\KWILLS\Downloads\OTL.scr
2012-06-08 10:30 - 2012-06-08 10:30 - 00595456 ____A (OldTimer Tools) C:\Users\KWILLS\Downloads\OTL(2).exe
2012-06-08 10:22 - 2012-06-08 10:22 - 00595456 ____A (OldTimer Tools) C:\Users\KWILLS\Downloads\OTL(1).exe
2012-06-08 10:21 - 2012-06-08 10:21 - 00595456 ____A (OldTimer Tools) C:\Users\KWILLS\Downloads\OTL.exe
2012-06-08 09:04 - 2012-06-08 09:04 - 00113660 ____A C:\Users\KWILLS\Desktop\url-mal.jpg
2012-06-08 09:03 - 2012-06-08 09:03 - 00131631 ____A C:\Users\KWILLS\Desktop\win32malware.jpg
2012-06-08 08:16 - 2012-06-08 08:16 - 00000000 ____D C:\Users\KWILLS\AppData\Roaming\QuickScan
2012-06-05 11:06 - 2012-06-05 11:44 - 00715722 ____A C:\Users\KWILLS\Documents\embroidery-comp1.jpg
2012-06-04 23:40 - 2012-06-04 23:40 - 00000000 ____A C:\install.rdf
2012-06-04 19:05 - 2012-03-06 15:02 - 00053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-06-04 18:11 - 2012-06-04 18:12 - 12621696 ____A (Microsoft Corporation) C:\Users\KWILLS\Downloads\mseinstall.exe
2012-06-04 12:17 - 2012-06-04 12:17 - 00000000 ____D C:\Users\All Users\B7E8586B0003E0BE039FC0DBB4EB2367
2012-06-04 12:16 - 2012-06-06 10:25 - 00000000 ____D C:\Users\KWILLS\AppData\Roaming\Uhizm
2012-06-04 12:16 - 2012-06-04 18:14 - 00000000 ____D C:\Users\KWILLS\AppData\Roaming\Colel
2012-06-04 12:16 - 2012-06-04 12:16 - 00000000 ____D C:\Users\KWILLS\AppData\Roaming\Ihek
2012-06-01 09:44 - 2012-06-01 09:44 - 00056888 ____A C:\Users\KWILLS\Documents\esudroff06-01-2012.pdf
2012-06-01 09:44 - 2012-06-01 09:44 - 00055941 ____A C:\Users\KWILLS\Documents\kphillips06-01-2012.pdf
2012-06-01 07:09 - 2012-06-01 07:09 - 00732231 ____A C:\Users\KWILLS\Documents\phoenix-banner-060112a.jpg
2012-06-01 05:04 - 2012-06-01 05:04 - 01978379 ____A C:\Users\KWILLS\Documents\phoenix-banner-060112.jpg
2012-05-31 09:32 - 2012-05-31 09:32 - 00054269 ____A C:\Users\KWILLS\Documents\Campaign Management.pdf
2012-05-30 10:44 - 2012-05-30 10:44 - 00784135 ____A C:\Users\KWILLS\Documents\phoenix-banner-2012.jpg
2012-05-30 07:41 - 2012-05-30 07:41 - 00187423 ____A C:\Users\KWILLS\Downloads\pagemash.zip
2012-05-29 17:15 - 2012-05-29 17:15 - 00010916 ____A C:\Users\KWILLS\Documents\Here are the directions to make the best chocolate chip cookies.docx
2012-05-29 08:57 - 2012-05-29 08:57 - 00240512 ____A C:\Users\KWILLS\Documents\iphone-setup.pdf
2012-05-23 10:34 - 2012-05-23 10:34 - 01162765 ____A C:\Users\KWILLS\Documents\gator-banner-proof2-052312.jpg
2012-05-23 06:44 - 2012-05-23 06:44 - 01162985 ____A C:\Users\KWILLS\Documents\gator-banner-proof-052312.jpg
2012-05-22 10:19 - 2012-05-22 10:19 - 00057032 ____A C:\Users\KWILLS\Documents\esudroff051812.pdf
2012-05-22 10:18 - 2012-05-22 10:18 - 00056086 ____A C:\Users\KWILLS\Documents\kphillips051812.pdf
2012-05-21 04:54 - 2012-05-21 04:54 - 00000053 ____A C:\Users\KWILLS\Downloads\googleb8845e03d97ef417.html
2012-05-18 07:12 - 2012-05-18 07:12 - 00133802 ____A C:\Users\KWILLS\Desktop\shoes.pdf
2012-05-17 02:27 - 2012-05-17 02:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-17 02:27 - 2012-05-17 02:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-16 08:21 - 2012-05-16 08:21 - 03764224 ____A C:\Users\KWILLS\Downloads\MDBPlus.exe
2012-05-16 07:41 - 2012-05-16 07:41 - 00015254 ____A C:\Users\KWILLS\Documents\KYONL-userList.csv
2012-05-15 11:52 - 2012-05-15 11:52 - 00051996 ____A C:\Users\KWILLS\Documents\catalyst-worryfree-logo.jpg
2012-05-10 07:44 - 2012-05-10 07:44 - 06955089 ____A C:\Users\KWILLS\Documents\member-area.psd
2012-05-10 06:52 - 2012-05-10 06:52 - 00011248 ____A C:\Users\KWILLS\Documents\contact-us.png

============ 3 Months Modified Files and Folders =============

2012-06-09 06:16 - 2012-06-09 06:15 - 00000000 ____D C:\FRST
2012-06-09 03:10 - 2010-01-14 23:29 - 01477079 ____A C:\Windows\WindowsUpdate.log
2012-06-09 03:02 - 2012-06-09 03:02 - 09905392 ____A C:\Users\KWILLS\Downloads\skydrive-2012-06-09.zip
2012-06-09 02:56 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-09 02:56 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-09 02:50 - 2010-04-12 20:22 - 00000000 ____D C:\Users\KWILLS\AppData\Roaming\Skype
2012-06-09 02:49 - 2011-10-07 07:01 - 00000000 ___RD C:\Users\KWILLS\Dropbox
2012-06-09 02:49 - 2011-10-07 06:59 - 00000000 ____D C:\Users\KWILLS\AppData\Roaming\Dropbox
2012-06-09 02:48 - 2012-01-01 11:23 - 00005074 ____A C:\Windows\setupact.log
2012-06-09 02:48 - 2010-06-30 07:40 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-09 02:48 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-09 02:45 - 2010-04-16 11:34 - 00000000 ____D C:\Users\KWILLS\AppData\Local\WeatherBug
2012-06-09 02:32 - 2012-06-09 02:22 - 172855296 ____A C:\Users\KWILLS\Downloads\RepairDiscWindows7-64-bit.iso
2012-06-09 02:30 - 2012-06-09 02:30 - 01397353 ____A C:\Users\KWILLS\Downloads\FRST64(1).exe
2012-06-09 02:30 - 2009-07-13 21:13 - 00754352 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-09 02:27 - 2012-06-09 02:27 - 01397353 ____A C:\Users\KWILLS\Downloads\FRST64.exe
2012-06-09 02:18 - 2012-04-01 05:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-09 02:18 - 2010-06-30 07:40 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-08 12:16 - 2012-01-08 18:39 - 01307630 ____A C:\Windows\ntbtlog.txt
2012-06-08 12:05 - 2010-04-19 12:42 - 00000000 ____D C:\Users\KWILLS\AppData\Roaming\FileZilla
2012-06-08 12:04 - 2010-04-12 19:38 - 00847360 ____A C:\Users\KWILLS\Desktop\Catalyst-Info.xls
2012-06-08 11:22 - 2012-06-08 11:21 - 00595456 ____A (OldTimer Tools) C:\Users\KWILLS\Desktop\OTL.scr
2012-06-08 11:18 - 2012-06-08 11:18 - 00595456 ____A (OldTimer Tools) C:\Users\KWILLS\Downloads\OTL.scr
2012-06-08 10:30 - 2012-06-08 10:30 - 00595456 ____A (OldTimer Tools) C:\Users\KWILLS\Downloads\OTL(2).exe
2012-06-08 10:24 - 2012-01-12 05:30 - 00013360 ____A C:\Windows\PFRO.log
2012-06-08 10:22 - 2012-06-08 10:22 - 00595456 ____A (OldTimer Tools) C:\Users\KWILLS\Downloads\OTL(1).exe
2012-06-08 10:21 - 2012-06-08 10:21 - 00595456 ____A (OldTimer Tools) C:\Users\KWILLS\Downloads\OTL.exe
2012-06-08 09:04 - 2012-06-08 09:04 - 00113660 ____A C:\Users\KWILLS\Desktop\url-mal.jpg
2012-06-08 09:03 - 2012-06-08 09:03 - 00131631 ____A C:\Users\KWILLS\Desktop\win32malware.jpg
2012-06-08 08:16 - 2012-06-08 08:16 - 00000000 ____D C:\Users\KWILLS\AppData\Roaming\QuickScan
2012-06-07 06:43 - 2010-04-13 06:21 - 00000000 ____D C:\CATALYST
2012-06-06 10:25 - 2012-06-04 12:16 - 00000000 ____D C:\Users\KWILLS\AppData\Roaming\Uhizm
2012-06-05 11:44 - 2012-06-05 11:06 - 00715722 ____A C:\Users\KWILLS\Documents\embroidery-comp1.jpg
2012-06-04 23:44 - 2011-01-12 15:39 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-06-04 23:42 - 2011-01-12 15:42 - 00000000 ____D C:\Program Files (x86)\Safari
2012-06-04 23:41 - 2012-01-12 13:40 - 00000000 ____D C:\Program Files (x86)\SQLyog Community
2012-06-04 23:40 - 2012-06-04 23:40 - 00000000 ____A C:\install.rdf
2012-06-04 23:40 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2012-06-04 23:39 - 2011-07-21 16:02 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2012-06-04 23:37 - 2011-10-12 11:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2012-06-04 23:30 - 2011-01-27 11:08 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-04 22:52 - 2011-01-27 11:08 - 00768726 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-04 19:05 - 2010-08-11 08:58 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-06-04 18:14 - 2012-06-04 12:16 - 00000000 ____D C:\Users\KWILLS\AppData\Roaming\Colel
2012-06-04 18:12 - 2012-06-04 18:11 - 12621696 ____A (Microsoft Corporation) C:\Users\KWILLS\Downloads\mseinstall.exe
2012-06-04 12:17 - 2012-06-04 12:17 - 00000000 ____D C:\Users\All Users\B7E8586B0003E0BE039FC0DBB4EB2367
2012-06-04 12:16 - 2012-06-04 12:16 - 00000000 ____D C:\Users\KWILLS\AppData\Roaming\Ihek
2012-06-04 08:55 - 2011-10-07 07:01 - 00001028 ____A C:\Users\KWILLS\Desktop\Dropbox.lnk
2012-06-04 01:54 - 2012-06-09 03:03 - 00014765 ____A C:\Users\KWILLS\Desktop\vitaliukas.zip
2012-06-01 09:44 - 2012-06-01 09:44 - 00056888 ____A C:\Users\KWILLS\Documents\esudroff06-01-2012.pdf
2012-06-01 09:44 - 2012-06-01 09:44 - 00055941 ____A C:\Users\KWILLS\Documents\kphillips06-01-2012.pdf
2012-06-01 08:41 - 2010-07-21 12:01 - 00000600 ____A C:\Users\KWILLS\AppData\Local\PUTTY.RND
2012-06-01 07:09 - 2012-06-01 07:09 - 00732231 ____A C:\Users\KWILLS\Documents\phoenix-banner-060112a.jpg
2012-06-01 05:04 - 2012-06-01 05:04 - 01978379 ____A C:\Users\KWILLS\Documents\phoenix-banner-060112.jpg
2012-05-31 09:32 - 2012-05-31 09:32 - 00054269 ____A C:\Users\KWILLS\Documents\Campaign Management.pdf
2012-05-30 10:44 - 2012-05-30 10:44 - 00784135 ____A C:\Users\KWILLS\Documents\phoenix-banner-2012.jpg
2012-05-30 07:41 - 2012-05-30 07:41 - 00187423 ____A C:\Users\KWILLS\Downloads\pagemash.zip
2012-05-29 17:15 - 2012-05-29 17:15 - 00010916 ____A C:\Users\KWILLS\Documents\Here are the directions to make the best chocolate chip cookies.docx
2012-05-29 11:12 - 2010-04-12 18:01 - 00000000 ____D C:\Users\KWILLS\AppData\Roaming\Adobe
2012-05-29 08:57 - 2012-05-29 08:57 - 00240512 ____A C:\Users\KWILLS\Documents\iphone-setup.pdf
2012-05-23 20:14 - 2010-08-11 09:00 - 00002346 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-05-23 10:34 - 2012-05-23 10:34 - 01162765 ____A C:\Users\KWILLS\Documents\gator-banner-proof2-052312.jpg
2012-05-23 06:44 - 2012-05-23 06:44 - 01162985 ____A C:\Users\KWILLS\Documents\gator-banner-proof-052312.jpg

2012-05-22 10:19 - 2012-05-22 10:19 - 00057032 ____A C:\Users\KWILLS\Documents\esudroff051812.pdf
2012-05-22 10:18 - 2012-05-22 10:18 - 00056086 ____A C:\Users\KWILLS\Documents\kphillips051812.pdf
2012-05-21 04:54 - 2012-05-21 04:54 - 00000053 ____A C:\Users\KWILLS\Downloads\googleb8845e03d97ef417.html
2012-05-20 10:41 - 2012-06-09 03:03 - 00004695 ____A C:\Users\KWILLS\Desktop\ramekin.zip
2012-05-18 07:12 - 2012-05-18 07:12 - 00133802 ____A C:\Users\KWILLS\Desktop\shoes.pdf
2012-05-17 18:25 - 2010-04-12 17:55 - 00000000 ____D C:\Users\KWILLS\AppData\LocalLow
2012-05-17 02:27 - 2012-05-17 02:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-17 02:27 - 2012-05-17 02:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-16 08:21 - 2012-05-16 08:21 - 03764224 ____A C:\Users\KWILLS\Downloads\MDBPlus.exe
2012-05-16 07:41 - 2012-05-16 07:41 - 00015254 ____A C:\Users\KWILLS\Documents\KYONL-userList.csv
2012-05-15 11:52 - 2012-05-15 11:52 - 00051996 ____A C:\Users\KWILLS\Documents\catalyst-worryfree-logo.jpg
2012-05-14 08:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-05-14 07:19 - 2012-06-09 03:03 - 00621056 ____A C:\Users\KWILLS\Desktop\WiNToBootic.exe
2012-05-10 07:44 - 2012-05-10 07:44 - 06955089 ____A C:\Users\KWILLS\Documents\member-area.psd
2012-05-10 06:52 - 2012-05-10 06:52 - 00011248 ____A C:\Users\KWILLS\Documents\contact-us.png
2012-05-10 03:04 - 2009-07-13 20:45 - 00493744 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-10 02:50 - 2010-04-14 06:47 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-10 02:50 - 2010-01-14 23:26 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-10 02:33 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-09 18:22 - 2012-05-09 18:22 - 03356752 ____A C:\Users\KWILLS\Documents\food web.docx
2012-05-09 18:22 - 2012-05-09 18:22 - 00000162 ___AH C:\Users\KWILLS\Documents~$od web.docx
2012-05-08 12:46 - 2012-05-08 12:45 - 39401336 ____A (Apple Inc.) C:\Users\KWILLS\Downloads\QuickTimeInstaller.exe
2012-05-07 10:26 - 2012-05-07 10:26 - 00307091 ____A C:\Users\KWILLS\Documents\FMTI-Invoice # m1922.PDF
2012-05-06 03:53 - 2012-04-01 05:13 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-06 03:53 - 2011-05-19 17:49 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-05 18:12 - 2012-04-01 06:12 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 18:23 - 2012-05-04 18:23 - 00139835 ____A C:\Users\KWILLS\Documents\hollowplugs_300.jpg
2012-05-04 18:23 - 2012-05-04 18:23 - 00068129 ____A C:\Users\KWILLS\Documents\hollowplugs_120.jpg
2012-05-04 12:12 - 2012-05-04 12:12 - 00056886 ____A C:\Users\KWILLS\Documents\esudroff05-04-2012.pdf
2012-05-04 12:11 - 2012-05-04 12:11 - 00055930 ____A C:\Users\KWILLS\Documents\kphillips05-04-2012.pdf
2012-05-04 04:58 - 2012-05-04 04:58 - 00000000 ____D C:\Users\All Users\Mozilla
2012-05-04 04:58 - 2012-05-04 04:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-04 04:58 - 2010-04-12 18:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-28 18:02 - 2012-04-28 18:02 - 00000000 ____D C:\Windows\Temp55021661-8A24-26AB-AA4A-8DF067B5F749-Signatures
2012-04-23 07:45 - 2012-04-23 07:45 - 00061813 ____A C:\Users\KWILLS\Documents\esudroff04-20-2012 Checks.pdf
2012-04-23 07:44 - 2012-04-23 07:44 - 00060687 ____A C:\Users\KWILLS\Documents\kphillips04-20-2012.pdf
2012-04-23 07:03 - 2010-04-12 19:47 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-04-23 07:01 - 2010-10-03 19:32 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-04-21 11:16 - 2010-05-03 11:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes’ Anti-Malware
2012-04-21 11:15 - 2012-02-09 06:02 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-19 09:49 - 2012-04-19 09:49 - 00000402 ____A C:\Users\KWILLS\Documents\ChatLog Meet Now 2012_04_19 12_49.rtf
2012-04-19 09:06 - 2010-07-21 09:30 - 00060304 ____A C:\Users\KWILLS\g2mdlhlpx.exe
2012-04-19 09:06 - 2010-07-21 09:30 - 00000000 ____D C:\Program Files (x86)\Citrix
2012-04-19 07:43 - 2012-04-19 07:43 - 02942608 ____A C:\Users\KWILLS\Documents\phoenix-2012.pdf
2012-04-19 07:43 - 2012-04-19 07:43 - 02355645 ____A C:\Users\KWILLS\Documents\triple-threat-2012.pdf
2012-04-19 07:43 - 2012-04-19 07:43 - 02043965 ____A C:\Users\KWILLS\Documents\phoenix-2011.pdf
2012-04-19 03:55 - 2011-07-13 05:53 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-04-19 03:55 - 2010-04-12 20:21 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-04-19 03:55 - 2010-04-12 20:21 - 00000000 ____D C:\Users\All Users\Skype
2012-04-12 08:41 - 2012-04-12 08:41 - 00043188 ____A C:\Users\KWILLS\Documents\mashallcountyedc-email-040112.pdf
2012-04-12 08:35 - 2012-04-12 08:35 - 00043251 ____A C:\Users\KWILLS\Documents\marshallcountyedc-email-040112.pdf
2012-04-10 18:28 - 2011-12-25 13:42 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2012
2012-04-10 08:31 - 2012-04-10 08:31 - 03600784 ____A C:\Users\KWILLS\Documents\banner.pdf
2012-04-09 14:00 - 2012-04-09 14:00 - 00015092 ____A C:\Users\KWILLS\Documents\admissionpossible-oldsite-urls.xlsx
2012-04-05 06:37 - 2012-04-05 06:37 - 00056236 ____A C:\Users\KWILLS\Documents\esudroff-04-06-2012 Checks.pdf.pdf
2012-04-05 06:36 - 2012-04-05 06:36 - 00055681 ____A C:\Users\KWILLS\Documents\kphillips-04-06-2012 Checks.pdf
2012-04-04 12:56 - 2010-05-03 11:15 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 12:03 - 2012-06-09 03:03 - 00002271 ____A C:\Users\KWILLS\Desktop\zelenkooo.zip
2012-04-04 09:17 - 2012-04-04 09:17 - 04931351 ____A C:\Users\KWILLS\Downloads\nj-dmv-dwi_pdf_integration.zip.mq2egev.partial
2012-04-02 08:02 - 2012-04-02 08:02 - 00138758 ____A C:\Users\KWILLS\Documents\shelf6.jpg
2012-04-01 06:13 - 2012-04-01 06:13 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-01 06:13 - 2012-04-01 06:12 - 00000000 ____D C:\Program Files\iTunes
2012-04-01 06:13 - 2012-03-11 12:39 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-04-01 06:12 - 2012-04-01 06:12 - 00000000 ____D C:\Program Files\iPod
2012-03-30 22:05 - 2012-05-09 17:19 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-09 17:19 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-09 17:19 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-09 17:19 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-09 17:18 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-23 09:28 - 2012-03-23 09:27 - 00027648 ____A C:\Users\KWILLS\Documents\Mightyhook-update estimates.doc
2012-03-23 08:21 - 2012-03-23 08:21 - 00055682 ____A C:\Users\KWILLS\Documents\esudroff-03-23-2012.pdf
2012-03-23 08:20 - 2012-03-23 08:20 - 00055148 ____A C:\Users\KWILLS\Documents\kphillip-03-23-2012.pdf
2012-03-21 09:56 - 2012-03-21 09:56 - 00001791 ____A C:\Users\KWILLS\Downloads\Order_16.xml
2012-03-19 14:42 - 2012-03-19 14:42 - 00012354 ____A C:\Users\KWILLS\Documents\penpal.docx
2012-03-18 18:34 - 2010-06-30 07:40 - 00000000 ____D C:\Users\KWILLS\AppData\Local\Google
2012-03-16 23:58 - 2012-05-09 17:18 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-13 11:42 - 2012-03-13 11:42 - 00312842 ____A C:\Users\KWILLS\Downloads\ringtone.mp3
2012-03-12 12:19 - 2012-03-12 12:19 - 00055966 ____A C:\Users\KWILLS\Documents\esudroff030912.pdf
2012-03-12 12:18 - 2012-03-12 12:18 - 00055428 ____A C:\Users\KWILLS\Documents\kphillips030912.pdf

ZeroAccess:
C:\Windows\Installer{58ca1f4e-f92a-edc9-5f9d-982de9328946}
C:\Windows\Installer{58ca1f4e-f92a-edc9-5f9d-982de9328946}@
C:\Windows\Installer{58ca1f4e-f92a-edc9-5f9d-982de9328946}\L
C:\Windows\Installer{58ca1f4e-f92a-edc9-5f9d-982de9328946}\U
C:\Windows\Installer{58ca1f4e-f92a-edc9-5f9d-982de9328946}\U\00000001.@
C:\Windows\Installer{58ca1f4e-f92a-edc9-5f9d-982de9328946}\U\800000cb.@

ZeroAccess:
C:\Users\KWILLS\AppData\Local{58ca1f4e-f92a-edc9-5f9d-982de9328946}
C:\Users\KWILLS\AppData\Local{58ca1f4e-f92a-edc9-5f9d-982de9328946}@
C:\Users\KWILLS\AppData\Local{58ca1f4e-f92a-edc9-5f9d-982de9328946}\L
C:\Users\KWILLS\AppData\Local{58ca1f4e-f92a-edc9-5f9d-982de9328946}\U

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM.….exe: exefile => OK
HKLM.…\exefile\DefaultIcon: %1 => OK
HKLM.…\exefile\open\command: “%1” %* => OK

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 3957.19 MB
Available physical RAM: 3311.96 MB
Total Pagefile: 3955.34 MB
Available Pagefile: 3295.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:446.23 GB) (Free:353.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (120501_1114) (CDROM) (Total:0.11 GB) (Free:0 GB) CDFS
3 Drive e: () (Removable) (Total:3.8 GB) (Free:3.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt


Disk 0 Online 465 GB 0 B
Disk 1 Online 3894 MB 0 B

Partitions of Disk 0:

Partition ### Type Size Offset


Partition 1 Primary 19 GB 1024 KB
Partition 2 Primary 446 GB 19 GB

======================================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info


  • Volume 1 C OS NTFS Partition 446 GB Healthy

======================================================================================================

Partitions of Disk 1:

Partition ### Type Size Offset


Partition 1 Primary 3894 MB 28 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info


  • Volume 2 E NTFS Removable 3894 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-08 13:30

======================= End Of Log ==========================

Download the attached fixlist.txt to the same usb as FRST

Then insert the USB into the affected system and start FRST
Click the fix button
Once completed it will place a log on the usb drive
Reboot to normal windows and then post that please

Also now retry OTL quick scan

Scan result of Farbar Recovery Scan Tool Version: 09-06-2012
Ran by SYSTEM at 09-06-2012 06:16:08
Running from E:
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet003

========================== Registry (Whitelisted) =============

HKLM-x32.…\Run: [Malwarebytes’ Anti-Malware] “C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbamgui.exe” /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32.…\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32.…\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1059472 2011-12-05] (Carbonite, Inc.)
HKU\KWILLS.…\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [1653248 2009-12-29] (AWS Convergence Technologies, Inc.)
HKU\KWILLS.…\Run: [swg] “C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [39408 2010-10-04] (Google Inc.)
HKU\KWILLS.…\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\KWILLS.…\Run: [Skype] “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun [17148552 2012-02-29] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
IMEO\airecoveryburner.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\alu.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\audctr.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\backache.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\backbone.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\controldeck.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\ctwave.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\facemgr.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\fancystart.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\fastboot.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\flipshare.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\javaw.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\javaws.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\lifecam.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\logonmgr.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\p4gxui.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
IMEO\volpanlu.exe: [Debugger] “C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe”
Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk → C:\Windows\Installer{60D6618B-153F-4353-8185-908E676E5888}_DCE9A4DB2A5F2786140FA3.exe ()
Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk → C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk → C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\KWILLS\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk → (No File)

==================== Services (Whitelisted) ======

3 Adobe LM Service; “C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe” [72704 2010-04-13] (Adobe Systems)
2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
2 avast! Antivirus; “C:\Program Files\AVAST Software\Avast\AvastSvc.exe” [44768 2012-03-06] (AVAST Software)
2 CarboniteService; “C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe” [6378128 2011-12-05] (Carbonite, Inc. (www.carbonite.com))
3 FLEXnet Licensing Service; “C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe” [654848 2010-04-12] (Macrovision Europe Ltd.)
2 MBAMService; “C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbamservice.exe” [654408 2012-04-04] (Malwarebytes Corporation)
2 TuneUp.UtilitiesSvc; “C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe” [2143552 2012-02-09] (TuneUp Software)
4 UNS; “C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe” [2314240 2009-09-30] (Intel Corporation)
2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [35648 2012-02-09] (TuneUp Software)
2 UxTuneUp; C:\Windows\SysWow64\uxtuneup.dll [28992 2012-02-09] (TuneUp Software)

========================== Drivers (Whitelisted) =============

2 ASMMAP64; ??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-03-06] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [69976 2012-03-06] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-11-28] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-06] (AVAST Software)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
3 MBAMProtector; ??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 Point64; C:\Windows\System32\Drivers\Point64.sys [45432 2011-04-13] (Microsoft Corporation)
3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1806400 2009-06-05] ()
3 TuneUpUtilitiesDrv; ??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-10-20] (TuneUp Software)
3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys
3 tmlwf;
3 tmwfp;

========================== NetSvcs (Whitelisted) ===========

NETSVC: UxTuneUp → C:\Windows\System32\uxtuneup.dll (TuneUp Software)

============ One Month Created Files and Folders ==============

2012-06-09 06:15 - 2012-06-09 06:16 - 00000000 ____D C:\FRST
2012-06-09 03:03 - 2012-06-04 01:54 - 00014765 ____A C:\Users\KWILLS\Desktop\vitaliukas.zip
2012-06-09 03:03 - 2012-05-20 10:41 - 00004695 ____A C:\Users\KWILLS\Desktop\ramekin.zip
2012-06-09 03:03 - 2012-05-14 07:19 - 00621056 ____A C:\Users\KWILLS\Desktop\WiNToBootic.exe
2012-06-09 03:03 - 2012-04-04 12:03 - 00002271 ____A C:\Users\KWILLS\Desktop\zelenkooo.zip
2012-06-09 03:03 - 2012-01-13 10:45 - 00002227 ____A C:\Users\KWILLS\Desktop\clear-notification-items.vbs
2012-06-09 03:03 - 2012-01-08 08:09 - 05561216 ____A (Microsoft Corporation) C:\Users\KWILLS\Desktop\ntoskrnl.exe
2012-06-09 03:03 - 2011-10-22 01:32 - 00006377 ____A C:\Users\KWILLS\Desktop\SafeBoot.zip
2012-06-09 03:03 - 2011-10-22 01:32 - 00001150 ____A C:\Users\KWILLS\Desktop\wscsvc.zip
2012-06-09 03:03 - 2011-10-22 01:32 - 00001150 ____A C:\Users\KWILLS\Desktop\wscsvc(64).zip
2012-06-09 03:03 - 2011-09-05 08:35 - 00089766 ____A C:\Users\KWILLS\Desktop\nlasvc.dll.zip
2012-06-09 03:03 - 2011-08-23 08:31 - 00002258 ____A C:\Users\KWILLS\Desktop\Repair.vbs
2012-06-09 03:03 - 2011-01-18 10:25 - 00507904 ____A (Microsoft Corporation) C:\Users\KWILLS\Desktop\winlogon.exe
2012-06-09 03:03 - 2011-01-18 10:23 - 01033728 ____A (Microsoft Corporation) C:\Users\KWILLS\Desktop\EXPLORER.EXE
2012-06-09 03:03 - 2010-10-08 07:54 - 00024576 ____A (Microsoft Corporation) C:\Users\KWILLS\Desktop\USERINIT.EXE
2012-06-09 03:03 - 2010-07-03 10:13 - 00149472 ____A C:\Users\KWILLS\Desktop\xpquick.zip
2012-06-09 03:03 - 2010-07-03 08:36 - 00577024 ____A (Microsoft Corporation) C:\Users\KWILLS\Desktop\user32.dll
2012-06-09 03:03 - 2010-03-04 05:28 - 00358685 ____A C:\Users\KWILLS\Desktop\Logon.exe
2012-06-09 03:03 - 2010-02-22 07:59 - 00638216 ____A (Microsoft Corporation) C:\Users\KWILLS\Desktop\iexplore.exe
2012-06-09 03:03 - 2010-01-31 11:25 - 00013824 ____A (Microsoft Corporation) C:\Users\KWILLS\Desktop\wscntfy.exe
2012-06-09 03:03 - 2010-01-31 10:46 - 00001452 ____A C:\Users\KWILLS\Desktop\SR.zip
2012-06-09 03:03 - 2010-01-24 02:00 - 00189671 ____A C:\Users\KWILLS\Desktop\sfcfiles.zip
2012-06-09 03:03 - 2009-12-28 09:32 - 00050213 ____A C:\Users\KWILLS\Desktop\NvAtaBus.zip
2012-06-09 03:03 - 2007-12-14 12:11 - 00027054 ____A C:\Users\KWILLS\Desktop\SafeBoot-for-Windows-XP-SP2.reg
2012-06-09 03:03 - 2007-12-14 12:11 - 00024098 ____A C:\Users\KWILLS\Desktop\SafeBoot-for-Windows-2000-SP4-Professional.reg
2012-06-09 03:02 - 2012-06-09 03:02 - 09905392 ____A C:\Users\KWILLS\Downloads\skydrive-2012-06-09.zip
2012-06-09 02:36 - 2011-02-17 13:59 - 00383562 ____N C:\Users\KWILLS\Desktop\bootmgr
2012-06-09 02:36 - 2011-02-17 13:59 - 00000000 ____D C:\Users\KWILLS\Desktop\sources
2012-06-09 02:30 - 2012-06-09 02:30 - 01397353 ____A C:\Users\KWILLS\Downloads\FRST64(1).exe
2012-06-09 02:27 - 2012-06-09 02:27 - 01397353 ____A C:\Users\KWILLS\Downloads\FRST64.exe
2012-06-09 02:22 - 2012-06-09 02:32 - 172855296 ____A C:\Users\KWILLS\Downloads\RepairDiscWindows7-64-bit.iso
2012-06-08 11:21 - 2012-06-08 11:22 - 00595456 ____A (OldTimer Tools) C:\Users\KWILLS\Desktop\OTL.scr
2012-06-08 11:18 - 2012-06-08 11:18 - 00595456 ____A (OldTimer Tools) C:\Users\KWILLS\Downloads\OTL.scr
2012-06-08 10:30 - 2012-06-08 10:30 - 00595456 ____A (OldTimer Tools) C:\Users\KWILLS\Downloads\OTL(2).exe
2012-06-08 10:22 - 2012-06-08 10:22 - 00595456 ____A (OldTimer Tools) C:\Users\KWILLS\Downloads\OTL(1).exe
2012-06-08 10:21 - 2012-06-08 10:21 - 00595456 ____A (OldTimer Tools) C:\Users\KWILLS\Downloads\OTL.exe
2012-06-08 09:04 - 2012-06-08 09:04 - 00113660 ____A C:\Users\KWILLS\Desktop\url-mal.jpg
2012-06-08 09:03 - 2012-06-08 09:03 - 00131631 ____A C:\Users\KWILLS\Desktop\win32malware.jpg
2012-06-08 08:16 - 2012-06-08 08:16 - 00000000 ____D C:\Users\KWILLS\AppData\Roaming\QuickScan
2012-06-05 11:06 - 2012-06-05 11:44 - 00715722 ____A C:\Users\KWILLS\Documents\embroidery-comp1.jpg
2012-06-04 23:40 - 2012-06-04 23:40 - 00000000 ____A C:\install.rdf
2012-06-04 19:05 - 2012-03-06 15:02 - 00053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-06-04 18:11 - 2012-06-04 18:12 - 12621696 ____A (Microsoft Corporation) C:\Users\KWILLS\Downloads\mseinstall.exe
2012-06-04 12:17 - 2012-06-04 12:17 - 00000000 ____D C:\Users\All Users\B7E8586B0003E0BE039FC0DBB4EB2367
2012-06-04 12:16 - 2012-06-06 10:25 - 00000000 ____D C:\Users\KWILLS\AppData\Roaming\Uhizm
2012-06-04 12:16 - 2012-06-04 18:14 - 00000000 ____D C:\Users\KWILLS\AppData\Roaming\Colel
2012-06-04 12:16 - 2012-06-04 12:16 - 00000000 ____D C:\Users\KWILLS\AppData\Roaming\Ihek
2012-06-01 09:44 - 2012-06-01 09:44 - 00056888 ____A C:\Users\KWILLS\Documents\esudroff06-01-2012.pdf
2012-06-01 09:44 - 2012-06-01 09:44 - 00055941 ____A C:\Users\KWILLS\Documents\kphillips06-01-2012.pdf
2012-06-01 07:09 - 2012-06-01 07:09 - 00732231 ____A C:\Users\KWILLS\Documents\phoenix-banner-060112a.jpg
2012-06-01 05:04 - 2012-06-01 05:04 - 01978379 ____A C:\Users\KWILLS\Documents\phoenix-banner-060112.jpg
2012-05-31 09:32 - 2012-05-31 09:32 - 00054269 ____A C:\Users\KWILLS\Documents\Campaign Management.pdf
2012-05-30 10:44 - 2012-05-30 10:44 - 00784135 ____A C:\Users\KWILLS\Documents\phoenix-banner-2012.jpg
2012-05-30 07:41 - 2012-05-30 07:41 - 00187423 ____A C:\Users\KWILLS\Downloads\pagemash.zip
2012-05-29 17:15 - 2012-05-29 17:15 - 00010916 ____A C:\Users\KWILLS\Documents\Here are the directions to make the best chocolate chip cookies.docx
2012-05-29 08:57 - 2012-05-29 08:57 - 00240512 ____A C:\Users\KWILLS\Documents\iphone-setup.pdf
2012-05-23 10:34 - 2012-05-23 10:34 - 01162765 ____A C:\Users\KWILLS\Documents\gator-banner-proof2-052312.jpg
2012-05-23 06:44 - 2012-05-23 06:44 - 01162985 ____A C:\Users\KWILLS\Documents\gator-banner-proof-052312.jpg
2012-05-22 10:19 - 2012-05-22 10:19 - 00057032 ____A C:\Users\KWILLS\Documents\esudroff051812.pdf
2012-05-22 10:18 - 2012-05-22 10:18 - 00056086 ____A C:\Users\KWILLS\Documents\kphillips051812.pdf
2012-05-21 04:54 - 2012-05-21 04:54 - 00000053 ____A C:\Users\KWILLS\Downloads\googleb8845e03d97ef417.html
2012-05-18 07:12 - 2012-05-18 07:12 - 00133802 ____A C:\Users\KWILLS\Desktop\shoes.pdf
2012-05-17 02:27 - 2012-05-17 02:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-17 02:27 - 2012-05-17 02:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-16 08:21 - 2012-05-16 08:21 - 03764224 ____A C:\Users\KWILLS\Downloads\MDBPlus.exe
2012-05-16 07:41 - 2012-05-16 07:41 - 00015254 ____A C:\Users\KWILLS\Documents\KYONL-userList.csv
2012-05-15 11:52 - 2012-05-15 11:52 - 00051996 ____A C:\Users\KWILLS\Documents\catalyst-worryfree-logo.jpg
2012-05-10 07:44 - 2012-05-10 07:44 - 06955089 ____A C:\Users\KWILLS\Documents\member-area.psd
2012-05-10 06:52 - 2012-05-10 06:52 - 00011248 ____A C:\Users\KWILLS\Documents\contact-us.png

============ 3 Months Modified Files and Folders =============

2012-06-09 06:16 - 2012-06-09 06:15 - 00000000 ____D C:\FRST
2012-06-09 03:10 - 2010-01-14 23:29 - 01477079 ____A C:\Windows\WindowsUpdate.log
2012-06-09 03:02 - 2012-06-09 03:02 - 09905392 ____A C:\Users\KWILLS\Downloads\skydrive-2012-06-09.zip
2012-06-09 02:56 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-09 02:56 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-09 02:50 - 2010-04-12 20:22 - 00000000 ____D C:\Users\KWILLS\AppData\Roaming\Skype
2012-06-09 02:49 - 2011-10-07 07:01 - 00000000 ___RD C:\Users\KWILLS\Dropbox
2012-06-09 02:49 - 2011-10-07 06:59 - 00000000 ____D C:\Users\KWILLS\AppData\Roaming\Dropbox
2012-06-09 02:48 - 2012-01-01 11:23 - 00005074 ____A C:\Windows\setupact.log
2012-06-09 02:48 - 2010-06-30 07:40 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-09 02:48 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-09 02:45 - 2010-04-16 11:34 - 00000000 ____D C:\Users\KWILLS\AppData\Local\WeatherBug
2012-06-09 02:32 - 2012-06-09 02:22 - 172855296 ____A C:\Users\KWILLS\Downloads\RepairDiscWindows7-64-bit.iso
2012-06-09 02:30 - 2012-06-09 02:30 - 01397353 ____A C:\Users\KWILLS\Downloads\FRST64(1).exe
2012-06-09 02:30 - 2009-07-13 21:13 - 00754352 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-09 02:27 - 2012-06-09 02:27 - 01397353 ____A C:\Users\KWILLS\Downloads\FRST64.exe
2012-06-09 02:18 - 2012-04-01 05:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-09 02:18 - 2010-06-30 07:40 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-08 12:16 - 2012-01-08 18:39 - 01307630 ____A C:\Windows\ntbtlog.txt
2012-06-08 12:05 - 2010-04-19 12:42 - 00000000 ____D C:\Users\KWILLS\AppData\Roaming\FileZilla
2012-06-08 12:04 - 2010-04-12 19:38 - 00847360 ____A C:\Users\KWILLS\Desktop\Catalyst-Info.xls
2012-06-08 11:22 - 2012-06-08 11:21 - 00595456 ____A (OldTimer Tools) C:\Users\KWILLS\Desktop\OTL.scr
2012-06-08 11:18 - 2012-06-08 11:18 - 00595456 ____A (OldTimer Tools) C:\Users\KWILLS\Downloads\OTL.scr
2012-06-08 10:30 - 2012-06-08 10:30 - 00595456 ____A (OldTimer Tools) C:\Users\KWILLS\Downloads\OTL(2).exe
2012-06-08 10:24 - 2012-01-12 05:30 - 00013360 ____A C:\Windows\PFRO.log
2012-06-08 10:22 - 2012-06-08 10:22 - 00595456 ____A (OldTimer Tools) C:\Users\KWILLS\Downloads\OTL(1).exe
2012-06-08 10:21 - 2012-06-08 10:21 - 00595456 ____A (OldTimer Tools) C:\Users\KWILLS\Downloads\OTL.exe
2012-06-08 09:04 - 2012-06-08 09:04 - 00113660 ____A C:\Users\KWILLS\Desktop\url-mal.jpg
2012-06-08 09:03 - 2012-06-08 09:03 - 00131631 ____A C:\Users\KWILLS\Desktop\win32malware.jpg
2012-06-08 08:16 - 2012-06-08 08:16 - 00000000 ____D C:\Users\KWILLS\AppData\Roaming\QuickScan
2012-06-07 06:43 - 2010-04-13 06:21 - 00000000 ____D C:\CATALYST
2012-06-06 10:25 - 2012-06-04 12:16 - 00000000 ____D C:\Users\KWILLS\AppData\Roaming\Uhizm
2012-06-05 11:44 - 2012-06-05 11:06 - 00715722 ____A C:\Users\KWILLS\Documents\embroidery-comp1.jpg
2012-06-04 23:44 - 2011-01-12 15:39 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-06-04 23:42 - 2011-01-12 15:42 - 00000000 ____D C:\Program Files (x86)\Safari
2012-06-04 23:41 - 2012-01-12 13:40 - 00000000 ____D C:\Program Files (x86)\SQLyog Community
2012-06-04 23:40 - 2012-06-04 23:40 - 00000000 ____A C:\install.rdf
2012-06-04 23:40 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2012-06-04 23:39 - 2011-07-21 16:02 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2012-06-04 23:37 - 2011-10-12 11:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2012-06-04 23:30 - 2011-01-27 11:08 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-04 22:52 - 2011-01-27 11:08 - 00768726 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-04 19:05 - 2010-08-11 08:58 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-06-04 18:14 - 2012-06-04 12:16 - 00000000 ____D C:\Users\KWILLS\AppData\Roaming\Colel
2012-06-04 18:12 - 2012-06-04 18:11 - 12621696 ____A (Microsoft Corporation) C:\Users\KWILLS\Downloads\mseinstall.exe
2012-06-04 12:17 - 2012-06-04 12:17 - 00000000 ____D C:\Users\All Users\B7E8586B0003E0BE039FC0DBB4EB2367
2012-06-04 12:16 - 2012-06-04 12:16 - 00000000 ____D C:\Users\KWILLS\AppData\Roaming\Ihek
2012-06-04 08:55 - 2011-10-07 07:01 - 00001028 ____A C:\Users\KWILLS\Desktop\Dropbox.lnk
2012-06-04 01:54 - 2012-06-09 03:03 - 00014765 ____A C:\Users\KWILLS\Desktop\vitaliukas.zip
2012-06-01 09:44 - 2012-06-01 09:44 - 00056888 ____A C:\Users\KWILLS\Documents\esudroff06-01-2012.pdf
2012-06-01 09:44 - 2012-06-01 09:44 - 00055941 ____A C:\Users\KWILLS\Documents\kphillips06-01-2012.pdf
2012-06-01 08:41 - 2010-07-21 12:01 - 00000600 ____A C:\Users\KWILLS\AppData\Local\PUTTY.RND
2012-06-01 07:09 - 2012-06-01 07:09 - 00732231 ____A C:\Users\KWILLS\Documents\phoenix-banner-060112a.jpg
2012-06-01 05:04 - 2012-06-01 05:04 - 01978379 ____A C:\Users\KWILLS\Documents\phoenix-banner-060112.jpg
2012-05-31 09:32 - 2012-05-31 09:32 - 00054269 ____A C:\Users\KWILLS\Documents\Campaign Management.pdf
2012-05-30 10:44 - 2012-05-30 10:44 - 00784135 ____A C:\Users\KWILLS\Documents\phoenix-banner-2012.jpg
2012-05-30 07:41 - 2012-05-30 07:41 - 00187423 ____A C:\Users\KWILLS\Downloads\pagemash.zip
2012-05-29 17:15 - 2012-05-29 17:15 - 00010916 ____A C:\Users\KWILLS\Documents\Here are the directions to make the best chocolate chip cookies.docx
2012-05-29 11:12 - 2010-04-12 18:01 - 00000000 ____D C:\Users\KWILLS\AppData\Roaming\Adobe
2012-05-29 08:57 - 2012-05-29 08:57 - 00240512 ____A C:\Users\KWILLS\Documents\iphone-setup.pdf
2012-05-23 20:14 - 2010-08-11 09:00 - 00002346 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-05-23 10:34 - 2012-05-23 10:34 - 01162765 ____A C:\Users\KWILLS\Documents\gator-banner-proof2-052312.jpg
2012-05-23 06:44 - 2012-05-23 06:44 - 01162985 ____A C:\Users\KWILLS\Documents\gator-banner-proof-052312.jpg
2012-05-22 10:19 - 2012-05-22 10:19 - 00057032 ____A C:\Users\KWILLS\Documents\esudroff051812.pdf
2012-05-22 10:18 - 2012-05-22 10:18 - 00056086 ____A C:\Users\KWILLS\Documents\kphillips051812.pdf
2012-05-21 04:54 - 2012-05-21 04:54 - 00000053 ____A C:\Users\KWILLS\Downloads\googleb8845e03d97ef417.html
2012-05-20 10:41 - 2012-06-09 03:03 - 00004695 ____A C:\Users\KWILLS\Desktop\ramekin.zip
2012-05-18 07:12 - 2012-05-18 07:12 - 00133802 ____A C:\Users\KWILLS\Desktop\shoes.pdf
2012-05-17 18:25 - 2010-04-12 17:55 - 00000000 ____D C:\Users\KWILLS\AppData\LocalLow
2012-05-17 02:27 - 2012-05-17 02:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-17 02:27 - 2012-05-17 02:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-16 08:21 - 2012-05-16 08:21 - 03764224 ____A C:\Users\KWILLS\Downloads\MDBPlus.exe
2012-05-16 07:41 - 2012-05-16 07:41 - 00015254 ____A C:\Users\KWILLS\Documents\KYONL-userList.csv
2012-05-15 11:52 - 2012-05-15 11:52 - 00051996 ____A C:\Users\KWILLS\Documents\catalyst-worryfree-logo.jpg
2012-05-14 08:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF

2012-05-14 07:19 - 2012-06-09 03:03 - 00621056 ____A C:\Users\KWILLS\Desktop\WiNToBootic.exe
2012-05-10 07:44 - 2012-05-10 07:44 - 06955089 ____A C:\Users\KWILLS\Documents\member-area.psd
2012-05-10 06:52 - 2012-05-10 06:52 - 00011248 ____A C:\Users\KWILLS\Documents\contact-us.png
2012-05-10 03:04 - 2009-07-13 20:45 - 00493744 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-10 02:50 - 2010-04-14 06:47 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-10 02:50 - 2010-01-14 23:26 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-10 02:33 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-09 18:22 - 2012-05-09 18:22 - 03356752 ____A C:\Users\KWILLS\Documents\food web.docx
2012-05-09 18:22 - 2012-05-09 18:22 - 00000162 ___AH C:\Users\KWILLS\Documents~$od web.docx
2012-05-08 12:46 - 2012-05-08 12:45 - 39401336 ____A (Apple Inc.) C:\Users\KWILLS\Downloads\QuickTimeInstaller.exe
2012-05-07 10:26 - 2012-05-07 10:26 - 00307091 ____A C:\Users\KWILLS\Documents\FMTI-Invoice # m1922.PDF
2012-05-06 03:53 - 2012-04-01 05:13 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-06 03:53 - 2011-05-19 17:49 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-05 18:12 - 2012-04-01 06:12 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 18:23 - 2012-05-04 18:23 - 00139835 ____A C:\Users\KWILLS\Documents\hollowplugs_300.jpg
2012-05-04 18:23 - 2012-05-04 18:23 - 00068129 ____A C:\Users\KWILLS\Documents\hollowplugs_120.jpg
2012-05-04 12:12 - 2012-05-04 12:12 - 00056886 ____A C:\Users\KWILLS\Documents\esudroff05-04-2012.pdf
2012-05-04 12:11 - 2012-05-04 12:11 - 00055930 ____A C:\Users\KWILLS\Documents\kphillips05-04-2012.pdf
2012-05-04 04:58 - 2012-05-04 04:58 - 00000000 ____D C:\Users\All Users\Mozilla
2012-05-04 04:58 - 2012-05-04 04:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-04 04:58 - 2010-04-12 18:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-28 18:02 - 2012-04-28 18:02 - 00000000 ____D C:\Windows\Temp55021661-8A24-26AB-AA4A-8DF067B5F749-Signatures
2012-04-23 07:45 - 2012-04-23 07:45 - 00061813 ____A C:\Users\KWILLS\Documents\esudroff04-20-2012 Checks.pdf
2012-04-23 07:44 - 2012-04-23 07:44 - 00060687 ____A C:\Users\KWILLS\Documents\kphillips04-20-2012.pdf
2012-04-23 07:03 - 2010-04-12 19:47 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-04-23 07:01 - 2010-10-03 19:32 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-04-21 11:16 - 2010-05-03 11:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes’ Anti-Malware
2012-04-21 11:15 - 2012-02-09 06:02 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-19 09:49 - 2012-04-19 09:49 - 00000402 ____A C:\Users\KWILLS\Documents\ChatLog Meet Now 2012_04_19 12_49.rtf
2012-04-19 09:06 - 2010-07-21 09:30 - 00060304 ____A C:\Users\KWILLS\g2mdlhlpx.exe
2012-04-19 09:06 - 2010-07-21 09:30 - 00000000 ____D C:\Program Files (x86)\Citrix
2012-04-19 07:43 - 2012-04-19 07:43 - 02942608 ____A C:\Users\KWILLS\Documents\phoenix-2012.pdf
2012-04-19 07:43 - 2012-04-19 07:43 - 02355645 ____A C:\Users\KWILLS\Documents\triple-threat-2012.pdf
2012-04-19 07:43 - 2012-04-19 07:43 - 02043965 ____A C:\Users\KWILLS\Documents\phoenix-2011.pdf
2012-04-19 03:55 - 2011-07-13 05:53 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-04-19 03:55 - 2010-04-12 20:21 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-04-19 03:55 - 2010-04-12 20:21 - 00000000 ____D C:\Users\All Users\Skype
2012-04-12 08:41 - 2012-04-12 08:41 - 00043188 ____A C:\Users\KWILLS\Documents\mashallcountyedc-email-040112.pdf
2012-04-12 08:35 - 2012-04-12 08:35 - 00043251 ____A C:\Users\KWILLS\Documents\marshallcountyedc-email-040112.pdf
2012-04-10 18:28 - 2011-12-25 13:42 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2012
2012-04-10 08:31 - 2012-04-10 08:31 - 03600784 ____A C:\Users\KWILLS\Documents\banner.pdf
2012-04-09 14:00 - 2012-04-09 14:00 - 00015092 ____A C:\Users\KWILLS\Documents\admissionpossible-oldsite-urls.xlsx
2012-04-05 06:37 - 2012-04-05 06:37 - 00056236 ____A C:\Users\KWILLS\Documents\esudroff-04-06-2012 Checks.pdf.pdf
2012-04-05 06:36 - 2012-04-05 06:36 - 00055681 ____A C:\Users\KWILLS\Documents\kphillips-04-06-2012 Checks.pdf
2012-04-04 12:56 - 2010-05-03 11:15 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 12:03 - 2012-06-09 03:03 - 00002271 ____A C:\Users\KWILLS\Desktop\zelenkooo.zip
2012-04-04 09:17 - 2012-04-04 09:17 - 04931351 ____A C:\Users\KWILLS\Downloads\nj-dmv-dwi_pdf_integration.zip.mq2egev.partial
2012-04-02 08:02 - 2012-04-02 08:02 - 00138758 ____A C:\Users\KWILLS\Documents\shelf6.jpg
2012-04-01 06:13 - 2012-04-01 06:13 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-01 06:13 - 2012-04-01 06:12 - 00000000 ____D C:\Program Files\iTunes
2012-04-01 06:13 - 2012-03-11 12:39 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-04-01 06:12 - 2012-04-01 06:12 - 00000000 ____D C:\Program Files\iPod
2012-03-30 22:05 - 2012-05-09 17:19 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-09 17:19 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-09 17:19 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-09 17:19 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-09 17:18 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-23 09:28 - 2012-03-23 09:27 - 00027648 ____A C:\Users\KWILLS\Documents\Mightyhook-update estimates.doc
2012-03-23 08:21 - 2012-03-23 08:21 - 00055682 ____A C:\Users\KWILLS\Documents\esudroff-03-23-2012.pdf
2012-03-23 08:20 - 2012-03-23 08:20 - 00055148 ____A C:\Users\KWILLS\Documents\kphillip-03-23-2012.pdf
2012-03-21 09:56 - 2012-03-21 09:56 - 00001791 ____A C:\Users\KWILLS\Downloads\Order_16.xml
2012-03-19 14:42 - 2012-03-19 14:42 - 00012354 ____A C:\Users\KWILLS\Documents\penpal.docx
2012-03-18 18:34 - 2010-06-30 07:40 - 00000000 ____D C:\Users\KWILLS\AppData\Local\Google
2012-03-16 23:58 - 2012-05-09 17:18 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-13 11:42 - 2012-03-13 11:42 - 00312842 ____A C:\Users\KWILLS\Downloads\ringtone.mp3
2012-03-12 12:19 - 2012-03-12 12:19 - 00055966 ____A C:\Users\KWILLS\Documents\esudroff030912.pdf
2012-03-12 12:18 - 2012-03-12 12:18 - 00055428 ____A C:\Users\KWILLS\Documents\kphillips030912.pdf

ZeroAccess:
C:\Windows\Installer{58ca1f4e-f92a-edc9-5f9d-982de9328946}
C:\Windows\Installer{58ca1f4e-f92a-edc9-5f9d-982de9328946}@
C:\Windows\Installer{58ca1f4e-f92a-edc9-5f9d-982de9328946}\L
C:\Windows\Installer{58ca1f4e-f92a-edc9-5f9d-982de9328946}\U
C:\Windows\Installer{58ca1f4e-f92a-edc9-5f9d-982de9328946}\U\00000001.@
C:\Windows\Installer{58ca1f4e-f92a-edc9-5f9d-982de9328946}\U\800000cb.@

ZeroAccess:
C:\Users\KWILLS\AppData\Local{58ca1f4e-f92a-edc9-5f9d-982de9328946}
C:\Users\KWILLS\AppData\Local{58ca1f4e-f92a-edc9-5f9d-982de9328946}@
C:\Users\KWILLS\AppData\Local{58ca1f4e-f92a-edc9-5f9d-982de9328946}\L
C:\Users\KWILLS\AppData\Local{58ca1f4e-f92a-edc9-5f9d-982de9328946}\U