Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

receiving STOP C0000135 - attempted virus removal

Started by AnBrine , Apr 01 2012 01:30 PM

This topic is locked

25 replies to this topic

#1 AnBrine

New Member

Members
13 posts

Posted 01 April 2012 - 01:30 PM

Heya!

The other night I removed (or at least tired to) a virus from my computer. All seemed well until I went to start up my computer the next morning and received the dreaded blue screen with the error: STOP: C0000135 The program can't start because %hs is missing. I've been googling around to see if I can resolve the issue and initially I though I might have found the fix at the following link: http://blog.crosbydrive.com/?p=245 but it turns out I didn't need to edit anything in the registry. My next attempt to fix the issue was to run Farbar Recovery Scan Tool (x64) ...now I'm stuck and could really use assistance. I have the Farbar log, I'll post it below

Thanks in advance!

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 01-04-2012 13:55:30
Running from F:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11860072 2011-06-08] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [npawmp] rundll32.exe "C:\Users\Brianne\AppData\Local\Temp\npawmp.dll",QuaternionNormalize [x]
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-07-19] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)
HKU\Brianne\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2011-08-14] (Valve Corporation)
HKU\Brianne\...\Policies\system: [disableregistrytools] 0
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{86394A72-7F3E-4DB8-8BEF-6F6137E1C6DD}: [NameServer]8.8.8.8,8.8.4.4
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe" [130976 2011-03-01] (Futuremark Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-08-14] ()
2 symtdi; C:\Windows\System32\CoolerXPDriver.dll [6656 2009-07-13] (Oak Technology Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2655768 2010-10-05] (Intel Corporation)
2 XTUService; "C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe" [21768 2010-11-24] (Intel Corporation)
2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2010-11-09] (CPUID)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [279616 2011-11-28] (DT Soft Ltd)
3 ICCWDT; C:\Windows\System32\Drivers\ICCWDT.sys [26136 2010-08-17] (Intel Corporation)
3 ICTDrv; C:\Windows\System32\Drivers\ICTDrv.sys [21504 2010-09-15] (Intel Corporation)
2 IOCBIOS; \??\C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [34304 2010-09-15] (Intel Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
3 smbusp; C:\Windows\System32\DRIVERS\intelsmb.sys [28544 2010-06-09] (Intel Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 gdrv; \??\C:\Windows\gdrv.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: symtdi

============ One Month Created Files and Folders ==============

2012-04-01 13:55 - 2012-04-01 13:55 - 0000000 ____D C:\FRST
2012-03-29 18:49 - 2012-03-29 19:43 - 0000348 ____A C:\Windows\Tasks\At95.job
2012-03-29 18:49 - 2012-03-29 19:43 - 0000346 ____A C:\Windows\Tasks\At94.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At93.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At91.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At89.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At87.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At85.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At83.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At81.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At79.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At77.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At75.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At73.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At71.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At69.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At67.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At65.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At63.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At61.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At59.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At57.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At55.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At53.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At51.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At49.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At92.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At90.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At88.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At86.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At84.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At82.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At80.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At78.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At76.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At74.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At72.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At70.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At68.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At66.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At64.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At62.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At60.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At58.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At56.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At54.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At52.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At50.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At1.job
2012-03-29 17:10 - 2012-03-29 17:10 - 0016865 ____A C:\ComboFix.txt
2012-03-29 17:04 - 2012-03-29 17:04 - 0000000 ____D C:\$RECYCLE.BIN
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-03-29 16:56 - 2012-03-29 17:13 - 0000000 ____D C:\Windows\ERDNT
2012-03-29 16:56 - 2012-03-29 17:13 - 0000000 ____D C:\Qoobox
2012-03-28 19:28 - 2012-03-29 19:45 - 0000112 ____A C:\Users\All Users\1K4J0Mno.dat
2012-03-28 19:28 - 2012-03-29 19:45 - 0000112 ____A C:\ProgramData\1K4J0Mno.dat
2012-03-28 19:28 - 2012-03-29 19:43 - 0000348 ____A C:\Windows\Tasks\At48.job
2012-03-28 19:28 - 2012-03-29 18:50 - 0099328 ____A C:\Windows\SysWOW64\RYEs0q.com_
2012-03-28 19:28 - 2012-03-29 18:43 - 0000348 ____A C:\Windows\Tasks\At46.job
2012-03-28 19:28 - 2012-03-29 17:43 - 0000348 ____A C:\Windows\Tasks\At44.job
2012-03-28 19:28 - 2012-03-29 16:43 - 0000348 ____A C:\Windows\Tasks\At42.job
2012-03-28 19:28 - 2012-03-29 09:43 - 0000348 ____A C:\Windows\Tasks\At28.job
2012-03-28 19:28 - 2012-03-29 07:43 - 0000348 ____A C:\Windows\Tasks\At24.job
2012-03-28 19:28 - 2012-03-29 06:43 - 0000348 ____A C:\Windows\Tasks\At22.job
2012-03-28 19:28 - 2012-03-29 05:43 - 0000348 ____A C:\Windows\Tasks\At20.job
2012-03-28 19:28 - 2012-03-28 20:51 - 0000348 ____A C:\Windows\Tasks\At8.job
2012-03-28 19:28 - 2012-03-28 20:51 - 0000348 ____A C:\Windows\Tasks\At6.job
2012-03-28 19:28 - 2012-03-28 20:51 - 0000348 ____A C:\Windows\Tasks\At40.job
2012-03-28 19:28 - 2012-03-28 20:51 - 0000348 ____A C:\Windows\Tasks\At4.job
2012-03-28 19:28 - 2012-03-28 20:51 - 0000348 ____A C:\Windows\Tasks\At38.job
2012-03-28 19:28 - 2012-03-28 20:51 - 0000348 ____A C:\Windows\Tasks\At36.job
2012-03-28 19:28 - 2012-03-28 20:51 - 0000348 ____A C:\Windows\Tasks\At34.job
2012-03-28 19:28 - 2012-03-28 20:51 - 0000348 ____A C:\Windows\Tasks\At32.job
2012-03-28 19:28 - 2012-03-28 20:51 - 0000348 ____A C:\Windows\Tasks\At30.job
2012-03-28 19:28 - 2012-03-28 20:51 - 0000348 ____A C:\Windows\Tasks\At26.job
2012-03-28 19:28 - 2012-03-28 20:51 - 0000348 ____A C:\Windows\Tasks\At18.job
2012-03-28 19:28 - 2012-03-28 20:51 - 0000348 ____A C:\Windows\Tasks\At16.job
2012-03-28 19:28 - 2012-03-28 20:51 - 0000348 ____A C:\Windows\Tasks\At14.job
2012-03-28 19:28 - 2012-03-28 20:51 - 0000348 ____A C:\Windows\Tasks\At12.job
2012-03-28 19:28 - 2012-03-28 20:51 - 0000348 ____A C:\Windows\Tasks\At10.job
2012-03-28 19:28 - 2012-03-28 20:43 - 0000348 ____A C:\Windows\Tasks\At2.job
2012-03-28 18:17 - 2012-03-28 18:17 - 0000012 ____A C:\Windows\sruna.log
2012-03-25 06:48 - 2012-03-25 06:48 - 0000000 ____D C:\Program Files (x86)\fbphotozoom
2012-03-25 06:47 - 2012-03-25 06:48 - 0000000 ____D C:\Program Files (x86)\1ClickDownload
2012-03-23 08:04 - 2012-03-23 08:04 - 0100572 ____A C:\Users\Brianne\Desktop\T2202A-999365761-2011.pdf
2012-03-21 18:14 - 2012-03-21 18:14 - 18199459 ____A C:\Users\Brianne\Downloads\BADBADNOTGOOD - ROTTEN DECAY.zip
2012-03-21 18:08 - 2012-03-21 18:09 - 94953116 ____A C:\Users\Brianne\Downloads\BADBADNOTGOOD - BBNG1.zip
2012-03-19 05:15 - 2012-03-19 05:15 - 0170481 ____A C:\Users\Brianne\Documents\Recipes.txt
2012-03-18 19:10 - 2012-03-19 18:56 - 0000000 ____D C:\Windows\SysWOW64\Adobe
2012-03-18 19:09 - 2012-03-18 19:09 - 6674008 ____A (Adobe Systems Inc.) C:\Users\Brianne\Downloads\Shockwave_Installer_Slim.exe
2012-03-14 01:29 - 2012-02-14 22:27 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-14 01:29 - 2012-02-14 21:44 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-14 01:29 - 2012-02-14 20:47 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-14 01:29 - 2012-02-14 20:46 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-14 01:29 - 2012-02-09 22:18 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-14 01:29 - 2012-02-09 22:17 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-03-14 01:29 - 2012-02-09 22:17 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-03-14 01:29 - 2012-02-09 22:17 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-03-14 01:29 - 2012-02-09 22:17 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-03-14 01:29 - 2012-02-09 21:41 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-03-14 01:29 - 2012-02-09 21:41 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-14 01:29 - 2012-02-09 21:41 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-03-14 01:29 - 2012-02-09 21:41 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-03-14 01:29 - 2012-02-09 21:41 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-03-14 01:29 - 2012-02-02 20:16 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-14 01:29 - 2012-01-24 22:27 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-14 01:29 - 2012-01-24 22:27 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-14 01:29 - 2012-01-24 22:20 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-12 07:07 - 2012-03-12 07:07 - 0019175 ____A C:\Users\Brianne\Desktop\HumberAppPayment.pdf
2012-03-07 21:22 - 2012-03-07 21:22 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-07 21:22 - 2012-03-07 21:22 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-07 21:22 - 2012-03-07 21:22 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-03-07 21:22 - 2012-03-07 21:22 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-03-07 21:22 - 2012-03-07 21:22 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-03-07 21:22 - 2012-03-07 21:22 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-03-07 21:22 - 2012-03-07 21:22 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-07 21:22 - 2012-03-07 21:22 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-07 21:22 - 2012-03-07 21:22 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-07 21:22 - 2012-03-07 21:22 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-03-07 21:22 - 2012-03-07 21:22 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-07 21:22 - 2012-03-07 21:22 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-07 21:22 - 2012-03-07 21:22 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-07 21:21 - 2012-03-07 21:21 - 4068864 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 3181568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 1888256 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2012-03-07 21:21 - 2012-03-07 21:21 - 1863680 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 1619456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2012-03-07 21:21 - 2012-03-07 21:21 - 1495040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 1133568 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0982912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-03-07 21:21 - 2012-03-07 21:21 - 0662528 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0470016 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0283648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0265088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2012-03-07 21:21 - 2012-03-07 21:21 - 0257024 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0229888 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0206848 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0135168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2012-03-07 21:20 - 2012-03-07 21:22 - 0003797 ____A C:\Windows\IE9_main.log

============ 3 Months Modified Files and Folders =============

2015-07-24 18:24 - 2011-08-14 13:06 - 0000000 ___AD C:\Users\Brianne\Downloads\Guru3D.com
2012-04-01 13:55 - 2012-04-01 13:55 - 0000000 ____D C:\FRST
2012-04-01 09:48 - 2011-08-13 07:54 - 2134499328 __ASH C:\hiberfil.sys
2012-03-29 19:46 - 2011-08-13 04:59 - 1178408 ____A C:\Windows\WindowsUpdate.log
2012-03-29 19:45 - 2012-03-28 19:28 - 0000112 ____A C:\Users\All Users\1K4J0Mno.dat
2012-03-29 19:45 - 2012-03-28 19:28 - 0000112 ____A C:\ProgramData\1K4J0Mno.dat
2012-03-29 19:43 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At95.job
2012-03-29 19:43 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At94.job
2012-03-29 19:43 - 2012-03-28 19:28 - 0000348 ____A C:\Windows\Tasks\At48.job
2012-03-29 18:50 - 2012-03-28 19:28 - 0099328 ____A C:\Windows\SysWOW64\RYEs0q.com_
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At93.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At91.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At89.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At87.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At85.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At83.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At81.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At79.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At77.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At75.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At73.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At71.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At69.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At67.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At65.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At63.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At61.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At59.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At57.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At55.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At53.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At51.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000348 ____A C:\Windows\Tasks\At49.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At92.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At90.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At88.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At86.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At84.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At82.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At80.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At78.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At76.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At74.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At72.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At70.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At68.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At66.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At64.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At62.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At60.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At58.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At56.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At54.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At52.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At50.job
2012-03-29 18:49 - 2012-03-29 18:49 - 0000346 ____A C:\Windows\Tasks\At1.job
2012-03-29 18:47 - 2011-10-30 12:32 - 0000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-495017168-2397965103-3085937276-1000UA.job
2012-03-29 18:43 - 2012-03-28 19:28 - 0000348 ____A C:\Windows\Tasks\At46.job
2012-03-29 17:43 - 2012-03-28 19:28 - 0000348 ____A C:\Windows\Tasks\At44.job
2012-03-29 17:13 - 2012-03-29 16:56 - 0000000 ____D C:\Windows\ERDNT
2012-03-29 17:13 - 2012-03-29 16:56 - 0000000 ____D C:\Qoobox
2012-03-29 17:13 - 2009-07-13 20:45 - 0014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-29 17:13 - 2009-07-13 20:45 - 0014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-29 17:10 - 2012-03-29 17:10 - 0016865 ____A C:\ComboFix.txt
2012-03-29 17:10 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-03-29 17:10 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-03-29 17:08 - 2009-07-13 21:13 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-29 17:04 - 2012-03-29 17:04 - 0000000 ____D C:\$RECYCLE.BIN
2012-03-29 17:04 - 2011-08-14 12:50 - 0000000 ____D C:\Program Files (x86)\Steam
2012-03-29 17:04 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-03-29 17:03 - 2011-08-13 05:22 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-03-29 17:03 - 2011-08-13 05:22 - 0000000 ____D C:\ProgramData\NVIDIA
2012-03-29 17:03 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-29 17:03 - 2009-07-13 20:51 - 0060032 ____A C:\Windows\setupact.log
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-03-29 17:02 - 2011-08-14 13:21 - 0002936 ____A C:\Windows\PFRO.log
2012-03-29 17:02 - 2009-07-13 18:34 - 53215232 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-03-29 17:02 - 2009-07-13 18:34 - 20185088 ____A C:\Windows\System32\config\SYSTEM.bak
2012-03-29 17:02 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-03-29 17:02 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SAM.bak
2012-03-29 17:02 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\DEFAULT.bak
2012-03-29 16:43 - 2012-03-28 19:28 - 0000348 ____A C:\Windows\Tasks\At42.job
2012-03-29 09:43 - 2012-03-28 19:28 - 0000348 ____A C:\Windows\Tasks\At28.job
2012-03-29 07:43 - 2012-03-28 19:28 - 0000348 ____A C:\Windows\Tasks\At24.job
2012-03-29 06:43 - 2012-03-28 19:28 - 0000348 ____A C:\Windows\Tasks\At22.job
2012-03-29 05:47 - 2011-10-30 12:32 - 0000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-495017168-2397965103-3085937276-1000Core.job
2012-03-29 05:43 - 2012-03-28 19:28 - 0000348 ____A C:\Windows\Tasks\At20.job
2012-03-28 20:51 - 2012-03-28 19:28 - 0000348 ____A C:\Windows\Tasks\At8.job
2012-03-28 20:51 - 2012-03-28 19:28 - 0000348 ____A C:\Windows\Tasks\At6.job
2012-03-28 20:51 - 2012-03-28 19:28 - 0000348 ____A C:\Windows\Tasks\At40.job
2012-03-28 20:51 - 2012-03-28 19:28 - 0000348 ____A C:\Windows\Tasks\At4.job
2012-03-28 20:51 - 2012-03-28 19:28 - 0000348 ____A C:\Windows\Tasks\At38.job
2012-03-28 20:51 - 2012-03-28 19:28 - 0000348 ____A C:\Windows\Tasks\At36.job
2012-03-28 20:51 - 2012-03-28 19:28 - 0000348 ____A C:\Windows\Tasks\At34.job
2012-03-28 20:51 - 2012-03-28 19:28 - 0000348 ____A C:\Windows\Tasks\At32.job
2012-03-28 20:51 - 2012-03-28 19:28 - 0000348 ____A C:\Windows\Tasks\At30.job
2012-03-28 20:51 - 2012-03-28 19:28 - 0000348 ____A C:\Windows\Tasks\At26.job
2012-03-28 20:51 - 2012-03-28 19:28 - 0000348 ____A C:\Windows\Tasks\At18.job
2012-03-28 20:51 - 2012-03-28 19:28 - 0000348 ____A C:\Windows\Tasks\At16.job
2012-03-28 20:51 - 2012-03-28 19:28 - 0000348 ____A C:\Windows\Tasks\At14.job
2012-03-28 20:51 - 2012-03-28 19:28 - 0000348 ____A C:\Windows\Tasks\At12.job
2012-03-28 20:51 - 2012-03-28 19:28 - 0000348 ____A C:\Windows\Tasks\At10.job
2012-03-28 20:43 - 2012-03-28 19:28 - 0000348 ____A C:\Windows\Tasks\At2.job
2012-03-28 18:17 - 2012-03-28 18:17 - 0000012 ____A C:\Windows\sruna.log
2012-03-26 07:01 - 2011-08-14 14:06 - 0000000 ____D C:\Users\Brianne\AppData\Roaming\uTorrent
2012-03-25 18:32 - 2011-08-15 18:45 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-25 06:48 - 2012-03-25 06:48 - 0000000 ____D C:\Program Files (x86)\fbphotozoom
2012-03-25 06:48 - 2012-03-25 06:47 - 0000000 ____D C:\Program Files (x86)\1ClickDownload
2012-03-25 06:42 - 2011-11-28 11:10 - 0000000 ____D C:\Users\Brianne\AppData\Roaming\DAEMON Tools Lite
2012-03-23 16:48 - 2011-08-13 05:17 - 0000000 ____D C:\Users\Brianne\AppData\Roaming\Mozilla
2012-03-23 08:18 - 2011-08-14 18:49 - 0000000 ____D C:\Users\Brianne\Documents\Jobs
2012-03-23 08:04 - 2012-03-23 08:04 - 0100572 ____A C:\Users\Brianne\Desktop\T2202A-999365761-2011.pdf
2012-03-22 18:42 - 2011-10-30 12:33 - 0002406 ____A C:\Users\Brianne\Desktop\Google Chrome.lnk
2012-03-21 18:14 - 2012-03-21 18:14 - 18199459 ____A C:\Users\Brianne\Downloads\BADBADNOTGOOD - ROTTEN DECAY.zip
2012-03-21 18:09 - 2012-03-21 18:08 - 94953116 ____A C:\Users\Brianne\Downloads\BADBADNOTGOOD - BBNG1.zip
2012-03-19 18:56 - 2012-03-18 19:10 - 0000000 ____D C:\Windows\SysWOW64\Adobe
2012-03-19 05:15 - 2012-03-19 05:15 - 0170481 ____A C:\Users\Brianne\Documents\Recipes.txt
2012-03-18 19:09 - 2012-03-18 19:09 - 6674008 ____A (Adobe Systems Inc.) C:\Users\Brianne\Downloads\Shockwave_Installer_Slim.exe
2012-03-18 05:20 - 2011-08-13 05:17 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-03-14 08:58 - 2009-07-13 20:45 - 4908696 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-12 07:07 - 2012-03-12 07:07 - 0019175 ____A C:\Users\Brianne\Desktop\HumberAppPayment.pdf
2012-03-08 14:46 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-03-08 14:45 - 2011-08-31 10:27 - 0000000 ____D C:\Users\Brianne\AppData\Local\ElevatedDiagnostics
2012-03-08 07:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-03-07 21:22 - 2012-03-07 21:22 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-07 21:22 - 2012-03-07 21:22 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-07 21:22 - 2012-03-07 21:22 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-03-07 21:22 - 2012-03-07 21:22 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-03-07 21:22 - 2012-03-07 21:22 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-03-07 21:22 - 2012-03-07 21:22 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-03-07 21:22 - 2012-03-07 21:22 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-07 21:22 - 2012-03-07 21:22 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-07 21:22 - 2012-03-07 21:22 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-07 21:22 - 2012-03-07 21:22 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-03-07 21:22 - 2012-03-07 21:22 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-07 21:22 - 2012-03-07 21:22 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-07 21:22 - 2012-03-07 21:22 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-07 21:22 - 2012-03-07 21:20 - 0003797 ____A C:\Windows\IE9_main.log
2012-03-07 21:21 - 2012-03-07 21:21 - 4068864 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 3181568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 1888256 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2012-03-07 21:21 - 2012-03-07 21:21 - 1863680 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 1619456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2012-03-07 21:21 - 2012-03-07 21:21 - 1495040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 1133568 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0982912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-03-07 21:21 - 2012-03-07 21:21 - 0662528 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0470016 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0283648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0265088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2012-03-07 21:21 - 2012-03-07 21:21 - 0257024 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0229888 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0206848 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0135168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2012-03-04 08:25 - 2011-12-24 08:34 - 0000000 ____D C:\Users\Brianne\Desktop\Fallout.New.Vegas-SKIDROW
2012-02-29 22:04 - 2012-02-29 22:04 - 0014008 ____A C:\Users\Brianne\Desktop\print.aspx.htm
2012-02-29 22:04 - 2012-02-29 22:04 - 0000000 ____D C:\Users\Brianne\Desktop\print.aspx_files
2012-02-29 18:14 - 2009-07-13 21:08 - 0032578 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-24 05:39 - 2011-08-14 14:06 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-02-23 05:18 - 2011-08-14 12:46 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-14 22:27 - 2012-03-14 01:29 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-14 21:44 - 2012-03-14 01:29 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-14 20:47 - 2012-03-14 01:29 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-14 20:46 - 2012-03-14 01:29 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-14 16:32 - 2011-08-14 13:18 - 0000000 ____D C:\Users\Brianne\AppData\Roaming\Adobe
2012-02-14 16:32 - 2011-08-14 11:35 - 0000000 ____D C:\Users\Brianne\AppData\Local\Adobe
2012-02-12 18:03 - 2011-08-14 17:03 - 0280736 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-02-12 18:03 - 2011-08-14 17:02 - 0280736 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-02-12 17:56 - 2011-08-14 17:02 - 0215128 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-02-09 22:18 - 2012-03-14 01:29 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 22:17 - 2012-03-14 01:29 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-09 22:17 - 2012-03-14 01:29 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-09 22:17 - 2012-03-14 01:29 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-09 22:17 - 2012-03-14 01:29 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-09 21:41 - 2012-03-14 01:29 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-02-09 21:41 - 2012-03-14 01:29 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 21:41 - 2012-03-14 01:29 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-02-09 21:41 - 2012-03-14 01:29 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-02-09 21:41 - 2012-03-14 01:29 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-02-02 20:16 - 2012-03-14 01:29 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-31 17:04 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-01-29 21:30 - 2012-01-29 21:30 - 0504220 ____A C:\Users\Brianne\Downloads\Hunger Games, The - Suzanne Collins.epub
2012-01-25 14:21 - 2012-01-25 14:21 - 0000000 ____D C:\Users\Brianne\AppData\Roaming\WindSolutions
2012-01-25 14:20 - 2012-01-25 14:20 - 7515345 ____A C:\Users\Brianne\Downloads\CopyTransv4.821_DLC.zip
2012-01-25 14:20 - 2012-01-25 14:20 - 0000000 ____D C:\Users\Brianne\Downloads\CopyTransv4.821_DLC
2012-01-25 14:20 - 2012-01-25 14:20 - 0000000 ____D C:\Users\All Users\WindSolutions
2012-01-25 14:20 - 2012-01-25 14:20 - 0000000 ____D C:\ProgramData\WindSolutions
2012-01-24 22:27 - 2012-03-14 01:29 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:27 - 2012-03-14 01:29 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:20 - 2012-03-14 01:29 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-19 20:37 - 2012-01-19 20:37 - 0000344 ____A C:\Users\Brianne\Desktop\webtv.txt
2012-01-15 14:37 - 2009-07-13 23:45 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-01-11 19:10 - 2012-01-11 19:10 - 0000000 ____D C:\Users\Brianne\AppData\Local\FalloutNV
2012-01-11 19:10 - 2011-08-21 14:04 - 0000000 ____D C:\Users\Brianne\Documents\My Games

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8175.49 MB
Available physical RAM: 7393.48 MB
Total Pagefile: 8173.64 MB
Available Pagefile: 7378.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:775.16 GB) NTFS
2 Drive e: (GRMCULXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
3 Drive f: (BRI) (Removable) (Total:14.9 GB) (Free:14.89 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 931 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 4032 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F BRI FAT32 Removable 14 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-20 09:15

======================= End Of Log ==========================

BC Ads
BleepingComputer.com

#2 narenxp

Forum Addict

BC Advisor
16,365 posts

Gender:Male
Location:India

Posted 01 April 2012 - 01:57 PM

SubSystems: [Windows] ==> ZeroAccess

This can be easily fixed.Let me ask someone to assist you

good luck

#3 JSntgRvr

Master Surgeon General

Malware Response Team
7,134 posts

Gender:Male
Location:Puerto Rico

Posted 01 April 2012 - 09:05 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the quote box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Name the file as fixlist.txt. Change the Save as Type to All Files , and Save it in the Flashdrive next to FRST.

Start
C:\Users\All Users\1K4J0Mno.dat
C:\ProgramData\1K4J0Mno.dat
CMD: Del /q C:\Windows\Tasks\At*.job
SubSystems: [Windows] ==> ZeroAccess
End

Run FRST as you did before, except that this time around click on the Fix button and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Boot in Normal Mode. If able to, run Combofix as follows:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  
  -----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on combofix.exe & follow the prompts.
Install the Recovery Console if prompted.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" .

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!

#4 boopme

To Insanity and Beyond

Global Moderator
54,895 posts

Gender:Male
Location:NJ USA

Posted 01 April 2012 - 09:36 PM

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.

Please remember to click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies now that you were moved.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#5 AnBrine

New Member

Members
13 posts

Posted 01 April 2012 - 10:14 PM

Hi there! First off, thank you for your help!! I really appreciate it!

Here's my Fixlog:

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-04-01 22:44:31 R:1
Running from F:\

==============================================

C:\Users\All Users\1K4J0Mno.dat moved successfully.
C:\ProgramData\1K4J0Mno.dat not found.

========= Del /q C:\Windows\Tasks\At*.job =========

========= End of CMD: =========

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.

==== End of Fixlog ====

And the Combofix log:

ComboFix 12-04-01.01 - Brianne 04/01/2012 22:54:28.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8175.6483 [GMT -4:00]
Running from: c:\users\Brianne\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-04-01 21:55 . 2012-04-01 21:56 -------- d-----w- C:\FRST
2012-03-29 03:28 . 2012-03-30 02:50 99328 ----a-w- c:\windows\SysWow64\RYEs0q.com_
2012-03-27 13:33 . 2012-03-14 03:27 8669240 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4DE5E744-9712-47E6-91DA-B9FF7A0E4730}\mpengine.dll
2012-03-25 14:48 . 2012-03-25 14:48 -------- d-----w- c:\program files (x86)\fbphotozoom
2012-03-25 14:47 . 2012-03-25 14:48 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-03-19 03:10 . 2012-03-20 02:56 -------- d-----w- c:\windows\SysWow64\Adobe
2012-03-18 13:19 . 2012-03-18 13:19 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 13:19 . 2012-03-18 13:19 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-08 05:21 . 2012-03-08 05:21 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 13:18 . 2011-08-14 20:46 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-13 02:03 . 2011-08-15 01:03 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-02-13 02:03 . 2011-08-15 01:02 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-13 01:56 . 2011-08-15 01:02 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-14 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Brianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
R3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [2010-09-15 34304]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 XTUService;Intel® Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-11-24 21768]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]
S3 ICTDrv;ICTDrv;c:\windows\system32\DRIVERS\ICTDrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-495017168-2397965103-3085937276-1000Core.job
- c:\users\Brianne\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-30 20:32]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-495017168-2397965103-3085937276-1000UA.job
- c:\users\Brianne\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-30 20:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"combofix"="c:\combofix\CF30857.3XE" [2009-07-14 344576]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
symtdi
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{86394A72-7F3E-4DB8-8BEF-6F6137E1C6DD}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Brianne\AppData\Roaming\Mozilla\Firefox\Profiles\3pgdvqe9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-npawmp - c:\users\Brianne\AppData\Local\Temp\npawmp.dll
AddRemove-553E35CD-0415-41bc-B39A-410375E88534 - c:\program files (x86)\Intel\ACPI Driver Installer\Uninstall\setup.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:62,ca,a0,67,5c,0d,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,04,25,f4,0b,b3,e9,f2,49,95,ee,b6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,04,25,f4,0b,b3,e9,f2,49,95,ee,b6,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-04-01 23:06:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-02 03:06
ComboFix2.txt 2012-03-30 01:10
.
Pre-Run: 831,604,744,192 bytes free
Post-Run: 831,368,585,216 bytes free
.
- - End Of File - - DF3D4BF889E2626D38BC76CF4D9B5A3A

#6 AnBrine

New Member

Members
13 posts

Posted 02 April 2012 - 09:02 AM

Just a little update - last night I was able to boot up my system normally to run combofix , but this morning it blue screened with the same error.

#7 JSntgRvr

Master Surgeon General

Malware Response Team
7,134 posts

Gender:Male
Location:Puerto Rico

Posted 02 April 2012 - 09:27 AM

Run FSRT again. Click on the scan button and post its report.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!

#8 AnBrine

New Member

Members
13 posts

Posted 02 April 2012 - 09:51 AM

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 02-04-2012 10:46:46
Running from F:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11860072 2011-06-08] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [npawmp] rundll32.exe "C:\Users\Brianne\AppData\Local\Temp\npawmp.dll",QuaternionNormalize [x]
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-07-19] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)
HKU\Brianne\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2011-08-14] (Valve Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{86394A72-7F3E-4DB8-8BEF-6F6137E1C6DD}: [NameServer]8.8.8.8,8.8.4.4
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe" [130976 2011-03-01] (Futuremark Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-08-14] ()
2 symtdi; C:\Windows\System32\CoolerXPDriver.dll [6656 2009-07-13] (Oak Technology Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2655768 2010-10-05] (Intel Corporation)
2 XTUService; "C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe" [21768 2010-11-24] (Intel Corporation)

========================== Drivers (Whitelisted) =============

3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2010-11-09] (CPUID)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [279616 2011-11-28] (DT Soft Ltd)
3 ICCWDT; C:\Windows\System32\Drivers\ICCWDT.sys [26136 2010-08-17] (Intel Corporation)
3 ICTDrv; C:\Windows\System32\Drivers\ICTDrv.sys [21504 2010-09-15] (Intel Corporation)
2 IOCBIOS; \??\C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [34304 2010-09-15] (Intel Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
3 smbusp; C:\Windows\System32\DRIVERS\intelsmb.sys [28544 2010-06-09] (Intel Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 gdrv; \??\C:\Windows\gdrv.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: symtdi

============ One Month Created Files and Folders ==============

2012-04-01 19:06 - 2012-04-01 19:06 - 0014440 ____A C:\ComboFix.txt
2012-04-01 19:01 - 2012-04-01 19:01 - 0000000 ____D C:\$RECYCLE.BIN
2012-04-01 18:59 - 2012-04-01 18:59 - 0000000 __ASH C:\Windows\System32\config\COMPONENTS.tmp.LOG2
2012-04-01 18:59 - 2012-04-01 18:59 - 0000000 __ASH C:\Windows\System32\config\COMPONENTS.tmp.LOG1
2012-04-01 18:53 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-04-01 18:53 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-04-01 18:53 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-04-01 18:53 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-04-01 18:53 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-04-01 18:53 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-04-01 18:53 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-04-01 18:53 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-04-01 18:51 - 2012-04-01 06:28 - 4453008 ____R (Swearware) C:\Users\Brianne\Desktop\ComboFix.exe
2012-04-01 13:55 - 2012-04-02 10:46 - 0000000 ____D C:\FRST
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-03-29 16:56 - 2012-04-01 19:06 - 0000000 ____D C:\Qoobox
2012-03-29 16:56 - 2012-04-01 18:59 - 0000000 ____D C:\Windows\ERDNT
2012-03-28 19:28 - 2012-03-29 18:50 - 0099328 ____A C:\Windows\SysWOW64\RYEs0q.com_
2012-03-28 18:17 - 2012-03-28 18:17 - 0000012 ____A C:\Windows\sruna.log
2012-03-25 06:48 - 2012-03-25 06:48 - 0000000 ____D C:\Program Files (x86)\fbphotozoom
2012-03-25 06:47 - 2012-03-25 06:48 - 0000000 ____D C:\Program Files (x86)\1ClickDownload
2012-03-23 08:04 - 2012-03-23 08:04 - 0100572 ____A C:\Users\Brianne\Desktop\T2202A-999365761-2011.pdf
2012-03-21 18:14 - 2012-03-21 18:14 - 18199459 ____A C:\Users\Brianne\Downloads\BADBADNOTGOOD - ROTTEN DECAY.zip
2012-03-21 18:08 - 2012-03-21 18:09 - 94953116 ____A C:\Users\Brianne\Downloads\BADBADNOTGOOD - BBNG1.zip
2012-03-19 05:15 - 2012-03-19 05:15 - 0170481 ____A C:\Users\Brianne\Documents\Recipes.txt
2012-03-18 19:10 - 2012-03-19 18:56 - 0000000 ____D C:\Windows\SysWOW64\Adobe
2012-03-18 19:09 - 2012-03-18 19:09 - 6674008 ____A (Adobe Systems Inc.) C:\Users\Brianne\Downloads\Shockwave_Installer_Slim.exe
2012-03-14 01:29 - 2012-02-14 22:27 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-14 01:29 - 2012-02-14 21:44 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-14 01:29 - 2012-02-14 20:47 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-14 01:29 - 2012-02-14 20:46 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-14 01:29 - 2012-02-09 22:18 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-14 01:29 - 2012-02-09 22:17 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-03-14 01:29 - 2012-02-09 22:17 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-03-14 01:29 - 2012-02-09 22:17 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-03-14 01:29 - 2012-02-09 22:17 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-03-14 01:29 - 2012-02-09 21:41 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-03-14 01:29 - 2012-02-09 21:41 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-14 01:29 - 2012-02-09 21:41 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-03-14 01:29 - 2012-02-09 21:41 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-03-14 01:29 - 2012-02-09 21:41 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-03-14 01:29 - 2012-02-02 20:16 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-14 01:29 - 2012-01-24 22:27 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-14 01:29 - 2012-01-24 22:27 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-14 01:29 - 2012-01-24 22:20 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-12 07:07 - 2012-03-12 07:07 - 0019175 ____A C:\Users\Brianne\Desktop\HumberAppPayment.pdf
2012-03-07 21:22 - 2012-03-07 21:22 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-07 21:22 - 2012-03-07 21:22 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-07 21:22 - 2012-03-07 21:22 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-03-07 21:22 - 2012-03-07 21:22 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-03-07 21:22 - 2012-03-07 21:22 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-03-07 21:22 - 2012-03-07 21:22 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-03-07 21:22 - 2012-03-07 21:22 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-07 21:22 - 2012-03-07 21:22 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-07 21:22 - 2012-03-07 21:22 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-07 21:22 - 2012-03-07 21:22 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-03-07 21:22 - 2012-03-07 21:22 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-07 21:22 - 2012-03-07 21:22 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-07 21:22 - 2012-03-07 21:22 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-07 21:21 - 2012-03-07 21:21 - 4068864 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 3181568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 1888256 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2012-03-07 21:21 - 2012-03-07 21:21 - 1863680 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 1619456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2012-03-07 21:21 - 2012-03-07 21:21 - 1495040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 1133568 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0982912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-03-07 21:21 - 2012-03-07 21:21 - 0662528 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0470016 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0283648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0265088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2012-03-07 21:21 - 2012-03-07 21:21 - 0257024 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0229888 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0206848 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0135168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2012-03-07 21:20 - 2012-03-07 21:22 - 0003797 ____A C:\Windows\IE9_main.log

============ 3 Months Modified Files and Folders =============

2015-07-24 18:24 - 2011-08-14 13:06 - 0000000 ___AD C:\Users\Brianne\Downloads\Guru3D.com
2012-04-02 10:46 - 2012-04-01 13:55 - 0000000 ____D C:\FRST
2012-04-02 05:36 - 2011-08-13 07:54 - 2134499328 __ASH C:\hiberfil.sys
2012-04-01 21:03 - 2011-08-13 04:59 - 1226327 ____A C:\Windows\WindowsUpdate.log
2012-04-01 20:47 - 2011-10-30 12:32 - 0000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-495017168-2397965103-3085937276-1000UA.job
2012-04-01 20:33 - 2009-07-13 20:51 - 0060368 ____A C:\Windows\setupact.log
2012-04-01 19:47 - 2011-10-30 12:33 - 0002406 ____A C:\Users\Brianne\Desktop\Google Chrome.lnk
2012-04-01 19:23 - 2011-08-31 10:27 - 0000000 ____D C:\Users\Brianne\AppData\Local\ElevatedDiagnostics
2012-04-01 19:10 - 2009-07-13 20:45 - 0014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-01 19:10 - 2009-07-13 20:45 - 0014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-01 19:06 - 2012-04-01 19:06 - 0014440 ____A C:\ComboFix.txt
2012-04-01 19:06 - 2012-03-29 16:56 - 0000000 ____D C:\Qoobox
2012-04-01 19:06 - 2009-07-13 21:13 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-01 19:01 - 2012-04-01 19:01 - 0000000 ____D C:\$RECYCLE.BIN
2012-04-01 19:01 - 2011-08-14 12:50 - 0000000 ____D C:\Program Files (x86)\Steam
2012-04-01 19:01 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-04-01 19:00 - 2011-08-14 13:21 - 0003476 ____A C:\Windows\PFRO.log
2012-04-01 19:00 - 2011-08-13 05:22 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-04-01 19:00 - 2011-08-13 05:22 - 0000000 ____D C:\ProgramData\NVIDIA
2012-04-01 19:00 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-01 18:59 - 2012-04-01 18:59 - 0000000 __ASH C:\Windows\System32\config\COMPONENTS.tmp.LOG2
2012-04-01 18:59 - 2012-04-01 18:59 - 0000000 __ASH C:\Windows\System32\config\COMPONENTS.tmp.LOG1
2012-04-01 18:59 - 2012-03-29 16:56 - 0000000 ____D C:\Windows\ERDNT
2012-04-01 18:59 - 2009-07-13 18:34 - 53014528 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-04-01 18:59 - 2009-07-13 18:34 - 41418752 ____A C:\Windows\System32\config\COMPONENTS.bak
2012-04-01 18:59 - 2009-07-13 18:34 - 20185088 ____A C:\Windows\System32\config\SYSTEM.bak
2012-04-01 18:59 - 2009-07-13 18:34 - 0208896 ____A C:\Windows\System32\config\DEFAULT.bak
2012-04-01 18:59 - 2009-07-13 18:34 - 0028672 ____A C:\Windows\System32\config\SECURITY.bak
2012-04-01 18:59 - 2009-07-13 18:34 - 0028672 ____A C:\Windows\System32\config\SAM.bak
2012-04-01 06:28 - 2012-04-01 18:51 - 4453008 ____R (Swearware) C:\Users\Brianne\Desktop\ComboFix.exe
2012-03-29 18:50 - 2012-03-28 19:28 - 0099328 ____A C:\Windows\SysWOW64\RYEs0q.com_
2012-03-29 17:10 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-03-29 17:10 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-03-29 17:02 - 2012-03-29 17:02 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-03-29 05:47 - 2011-10-30 12:32 - 0000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-495017168-2397965103-3085937276-1000Core.job
2012-03-28 18:17 - 2012-03-28 18:17 - 0000012 ____A C:\Windows\sruna.log
2012-03-26 07:01 - 2011-08-14 14:06 - 0000000 ____D C:\Users\Brianne\AppData\Roaming\uTorrent
2012-03-25 18:32 - 2011-08-15 18:45 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-25 06:48 - 2012-03-25 06:48 - 0000000 ____D C:\Program Files (x86)\fbphotozoom
2012-03-25 06:48 - 2012-03-25 06:47 - 0000000 ____D C:\Program Files (x86)\1ClickDownload
2012-03-25 06:42 - 2011-11-28 11:10 - 0000000 ____D C:\Users\Brianne\AppData\Roaming\DAEMON Tools Lite
2012-03-23 16:48 - 2011-08-13 05:17 - 0000000 ____D C:\Users\Brianne\AppData\Roaming\Mozilla
2012-03-23 08:18 - 2011-08-14 18:49 - 0000000 ____D C:\Users\Brianne\Documents\Jobs
2012-03-23 08:04 - 2012-03-23 08:04 - 0100572 ____A C:\Users\Brianne\Desktop\T2202A-999365761-2011.pdf
2012-03-21 18:14 - 2012-03-21 18:14 - 18199459 ____A C:\Users\Brianne\Downloads\BADBADNOTGOOD - ROTTEN DECAY.zip
2012-03-21 18:09 - 2012-03-21 18:08 - 94953116 ____A C:\Users\Brianne\Downloads\BADBADNOTGOOD - BBNG1.zip
2012-03-19 18:56 - 2012-03-18 19:10 - 0000000 ____D C:\Windows\SysWOW64\Adobe
2012-03-19 05:15 - 2012-03-19 05:15 - 0170481 ____A C:\Users\Brianne\Documents\Recipes.txt
2012-03-18 19:09 - 2012-03-18 19:09 - 6674008 ____A (Adobe Systems Inc.) C:\Users\Brianne\Downloads\Shockwave_Installer_Slim.exe
2012-03-18 05:20 - 2011-08-13 05:17 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-03-14 08:58 - 2009-07-13 20:45 - 4908696 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-12 07:07 - 2012-03-12 07:07 - 0019175 ____A C:\Users\Brianne\Desktop\HumberAppPayment.pdf
2012-03-08 14:46 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-03-08 07:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-03-07 21:22 - 2012-03-07 21:22 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-07 21:22 - 2012-03-07 21:22 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-07 21:22 - 2012-03-07 21:22 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-03-07 21:22 - 2012-03-07 21:22 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-03-07 21:22 - 2012-03-07 21:22 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-03-07 21:22 - 2012-03-07 21:22 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-03-07 21:22 - 2012-03-07 21:22 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-07 21:22 - 2012-03-07 21:22 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-07 21:22 - 2012-03-07 21:22 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-07 21:22 - 2012-03-07 21:22 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-03-07 21:22 - 2012-03-07 21:22 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-07 21:22 - 2012-03-07 21:22 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-07 21:22 - 2012-03-07 21:22 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-07 21:22 - 2012-03-07 21:22 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-07 21:22 - 2012-03-07 21:22 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-07 21:22 - 2012-03-07 21:20 - 0003797 ____A C:\Windows\IE9_main.log
2012-03-07 21:21 - 2012-03-07 21:21 - 4068864 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 3181568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 1888256 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2012-03-07 21:21 - 2012-03-07 21:21 - 1863680 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 1619456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2012-03-07 21:21 - 2012-03-07 21:21 - 1495040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 1133568 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0982912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-03-07 21:21 - 2012-03-07 21:21 - 0662528 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0470016 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0283648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0265088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2012-03-07 21:21 - 2012-03-07 21:21 - 0257024 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0229888 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0206848 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-03-07 21:21 - 2012-03-07 21:21 - 0135168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2012-03-04 08:25 - 2011-12-24 08:34 - 0000000 ____D C:\Users\Brianne\Desktop\Fallout.New.Vegas-SKIDROW
2012-02-29 22:04 - 2012-02-29 22:04 - 0014008 ____A C:\Users\Brianne\Desktop\print.aspx.htm
2012-02-29 22:04 - 2012-02-29 22:04 - 0000000 ____D C:\Users\Brianne\Desktop\print.aspx_files
2012-02-29 18:14 - 2009-07-13 21:08 - 0032578 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-24 05:39 - 2011-08-14 14:06 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-02-23 05:18 - 2011-08-14 12:46 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-14 22:27 - 2012-03-14 01:29 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-14 21:44 - 2012-03-14 01:29 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-14 20:47 - 2012-03-14 01:29 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-14 20:46 - 2012-03-14 01:29 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-14 16:32 - 2011-08-14 13:18 - 0000000 ____D C:\Users\Brianne\AppData\Roaming\Adobe
2012-02-14 16:32 - 2011-08-14 11:35 - 0000000 ____D C:\Users\Brianne\AppData\Local\Adobe
2012-02-12 18:03 - 2011-08-14 17:03 - 0280736 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-02-12 18:03 - 2011-08-14 17:02 - 0280736 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-02-12 17:56 - 2011-08-14 17:02 - 0215128 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-02-09 22:18 - 2012-03-14 01:29 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 22:17 - 2012-03-14 01:29 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-09 22:17 - 2012-03-14 01:29 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-09 22:17 - 2012-03-14 01:29 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-09 22:17 - 2012-03-14 01:29 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-09 21:41 - 2012-03-14 01:29 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-02-09 21:41 - 2012-03-14 01:29 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 21:41 - 2012-03-14 01:29 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-02-09 21:41 - 2012-03-14 01:29 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-02-09 21:41 - 2012-03-14 01:29 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-02-02 20:16 - 2012-03-14 01:29 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-31 17:04 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-01-29 21:30 - 2012-01-29 21:30 - 0504220 ____A C:\Users\Brianne\Downloads\Hunger Games, The - Suzanne Collins.epub
2012-01-25 14:21 - 2012-01-25 14:21 - 0000000 ____D C:\Users\Brianne\AppData\Roaming\WindSolutions
2012-01-25 14:20 - 2012-01-25 14:20 - 7515345 ____A C:\Users\Brianne\Downloads\CopyTransv4.821_DLC.zip
2012-01-25 14:20 - 2012-01-25 14:20 - 0000000 ____D C:\Users\Brianne\Downloads\CopyTransv4.821_DLC
2012-01-25 14:20 - 2012-01-25 14:20 - 0000000 ____D C:\Users\All Users\WindSolutions
2012-01-25 14:20 - 2012-01-25 14:20 - 0000000 ____D C:\ProgramData\WindSolutions
2012-01-24 22:27 - 2012-03-14 01:29 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:27 - 2012-03-14 01:29 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:20 - 2012-03-14 01:29 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-19 20:37 - 2012-01-19 20:37 - 0000344 ____A C:\Users\Brianne\Desktop\webtv.txt
2012-01-15 14:37 - 2009-07-13 23:45 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-01-11 19:10 - 2012-01-11 19:10 - 0000000 ____D C:\Users\Brianne\AppData\Local\FalloutNV
2012-01-11 19:10 - 2011-08-21 14:04 - 0000000 ____D C:\Users\Brianne\Documents\My Games

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8175.49 MB
Available physical RAM: 7388.81 MB
Total Pagefile: 8173.64 MB
Available Pagefile: 7371.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:773.63 GB) NTFS
2 Drive e: (GRMCULXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
3 Drive f: (BRI) (Removable) (Total:14.9 GB) (Free:14.89 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 931 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 4032 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F BRI FAT32 Removable 14 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-20 09:15

======================= End Of Log ==========================

#9 JSntgRvr

Master Surgeon General

Malware Response Team
7,134 posts

Gender:Male
Location:Puerto Rico

Posted 02 April 2012 - 12:17 PM

Start
SubSystems: [Windows] ==> ZeroAccess
2 symtdi; C:\Windows\System32\CoolerXPDriver.dll [6656 2009-07-13] (Oak Technology Inc.)
C:\Windows\System32\CoolerXPDriver.dll
NETSVC: symtdi
End

Lunch and update Update Malwarebytes' Anti-Malware.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

First please Disable any Antivirus you have active, as shown in This topic.
Note: Don't forget to re-enable it after the scan.
Next hold down Control then click on the following link to open a new window to ESET online scannner.
Select the option YES, I accept the Terms of Use then click on Start.

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on Start.
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on Finish.
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Edited by JSntgRvr, 02 April 2012 - 12:18 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!

#10 AnBrine

New Member

Members
13 posts

Posted 02 April 2012 - 01:04 PM

Fixlog:

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-04-02 14:03:17 R:2
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
symtdi service deleted successfully.
C:\Windows\System32\CoolerXPDriver.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs symtdi Deleted successfully.

==== End of Fixlog ====

#11 AnBrine

New Member

Members
13 posts

Posted 02 April 2012 - 02:48 PM

Combofix Log

ComboFix 12-04-01.01 - Brianne 04/02/2012 14:14:21.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8175.6761 [GMT -4:00]
Running from: c:\users\Brianne\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\cfg.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-04-02 18:18 . 2012-04-02 18:18 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-02 18:18 . 2012-04-02 18:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-02 18:06 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{88E4ECC3-753C-48A0-9345-23C28BA8B8F4}\mpengine.dll
2012-04-01 21:55 . 2012-04-02 18:47 -------- d-----w- C:\FRST
2012-03-29 03:28 . 2012-03-30 02:50 99328 ----a-w- c:\windows\SysWow64\RYEs0q.com_
2012-03-25 14:48 . 2012-03-25 14:48 -------- d-----w- c:\program files (x86)\fbphotozoom
2012-03-25 14:47 . 2012-03-25 14:48 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-03-19 03:10 . 2012-03-20 02:56 -------- d-----w- c:\windows\SysWow64\Adobe
2012-03-18 13:19 . 2012-03-18 13:19 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 13:19 . 2012-03-18 13:19 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-08 05:21 . 2012-03-08 05:21 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 13:18 . 2011-08-14 20:46 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-13 02:03 . 2011-08-15 01:03 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-02-13 02:03 . 2011-08-15 01:02 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-13 01:56 . 2011-08-15 01:02 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-02_03.01.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-03-29 13:48 . 2012-03-30 00:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-03-29 13:48 . 2012-04-02 04:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-04-02 03:26 . 2012-04-02 03:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040120120402\index.dat
- 2012-03-29 03:31 . 2012-03-30 00:51 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-03-29 03:31 . 2012-04-02 04:56 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2009-07-14 05:10 . 2012-04-02 18:07 26984 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-13 13:09 . 2012-04-02 18:07 13296 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-495017168-2397965103-3085937276-1000_UserData.bin
- 2012-03-30 17:44 . 2012-03-30 13:24 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2012-03-30 17:44 . 2012-04-02 13:37 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2011-08-13 15:58 . 2012-04-02 02:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-13 15:58 . 2012-04-02 03:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-13 15:58 . 2012-04-02 02:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-13 15:58 . 2012-04-02 03:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-02 02:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-02 03:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-02 18:05 . 2012-04-02 18:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-02 03:00 . 2012-04-02 03:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-02 18:05 . 2012-04-02 18:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-02 03:00 . 2012-04-02 03:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-04-02 05:00 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-02 02:58 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 02:36 . 2012-04-02 02:53 623940 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-02 18:10 623940 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-02 18:10 106316 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-02 02:53 106316 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-02 02:59 380304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-02 05:03 380304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-04-02 02:58 5095424 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-02 05:00 5095424 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-02 02:58 2965504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-02 05:00 2965504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-29 04:50 . 2012-04-02 05:03 9644536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 02:34 . 2012-04-02 18:45 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-03-30 17:44 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2011-08-13 13:40 . 2012-04-02 02:59 11761456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-495017168-2397965103-3085937276-1000-12288.dat
+ 2011-08-13 13:40 . 2012-04-02 05:03 11761456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-495017168-2397965103-3085937276-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-14 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Brianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
R3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [2010-09-15 34304]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 XTUService;Intel® Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-11-24 21768]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]
S3 ICTDrv;ICTDrv;c:\windows\system32\DRIVERS\ICTDrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-495017168-2397965103-3085937276-1000Core.job
- c:\users\Brianne\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-30 20:32]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-495017168-2397965103-3085937276-1000UA.job
- c:\users\Brianne\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-30 20:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"npawmp"="c:\users\Brianne\AppData\Local\Temp\npawmp.dll" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{86394A72-7F3E-4DB8-8BEF-6F6137E1C6DD}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Brianne\AppData\Roaming\Mozilla\Firefox\Profiles\3pgdvqe9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:62,ca,a0,67,5c,0d,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,04,25,f4,0b,b3,e9,f2,49,95,ee,b6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,04,25,f4,0b,b3,e9,f2,49,95,ee,b6,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-02 14:19:25
ComboFix-quarantined-files.txt 2012-04-02 18:19
ComboFix2.txt 2012-04-02 03:06
ComboFix3.txt 2012-03-30 01:10
.
Pre-Run: 830,662,418,432 bytes free
Post-Run: 830,605,381,632 bytes free
.
- - End Of File - - FC54533460AA2DB7BE8ED69BF7A8276E

#12 AnBrine

New Member

Members
13 posts

Posted 02 April 2012 - 02:49 PM

Malwarebytes Log

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.02.08

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Brianne :: WELP-PC [administrator]

Protection: Enabled

4/2/2012 2:23:24 PM
mbam-log-2012-04-02 (14-23-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210820
Time elapsed: 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESET Log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8c685e68cfe774488408708e80e4c68b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-02 07:43:36
# local_time=2012-04-02 03:43:36 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 0 84934961 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=295656
# found=8
# cleaned=0
# scan_time=4305
C:\Program Files (x86)\1ClickDownload\uninst.exe Win32/Adware.1ClickDownload application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.DN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.G trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.G trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Brianne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\5038d262-1bc9de95 a variant of Java/Exploit.Blacole.AN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\assembly\temp\U\80000032.@ a variant of Win32/Sirefef.EU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\RYEs0q.com_ a variant of Win32/Kryptik.ADJF trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\SysWOW64\RYEs0q.com_ a variant of Win32/Kryptik.ADJF trojan (unable to clean) 00000000000000000000000000000000 I

#13 JSntgRvr

Master Surgeon General

Malware Response Team
7,134 posts

Gender:Male
Location:Puerto Rico

Posted 02 April 2012 - 05:10 PM

Download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Download the enclosed file.

CFScript.txt 102bytes 2 downloads

Save it next to Combofix.

Posted Image

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

Security check

Download and run Security Check by screen317 and post its report.

How is the computer doing?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!

#14 AnBrine

New Member

Members
13 posts

Posted 02 April 2012 - 06:09 PM

Combofix Log

ComboFix 12-04-01.01 - Brianne 04/02/2012 18:56:41.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8175.6986 [GMT -4:00]
Running from: c:\users\Brianne\Desktop\ComboFix.exe
Command switches used :: c:\users\Brianne\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\U
c:\windows\assembly\temp\U\00000001.@
c:\windows\assembly\temp\U\00000002.@
c:\windows\assembly\temp\U\00000004.@
c:\windows\assembly\temp\U\000000c0.@
c:\windows\assembly\temp\U\000000cb.@
c:\windows\assembly\temp\U\000000cf.@
c:\windows\assembly\temp\U\80000000.@
c:\windows\assembly\temp\U\80000004.@
c:\windows\assembly\temp\U\80000032.@
c:\windows\assembly\temp\U\80000064.@
c:\windows\assembly\temp\U\800000c0.@
c:\windows\assembly\temp\U\800000cb.@
c:\windows\assembly\temp\U\800000cf.@
.
.
((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-04-02 23:02 . 2012-04-02 23:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-02 23:02 . 2012-04-02 23:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-02 18:06 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{88E4ECC3-753C-48A0-9345-23C28BA8B8F4}\mpengine.dll
2012-04-01 21:55 . 2012-04-02 18:47 -------- d-----w- C:\FRST
2012-03-29 03:28 . 2012-03-30 02:50 99328 ----a-w- c:\windows\SysWow64\RYEs0q.com_
2012-03-25 14:48 . 2012-03-25 14:48 -------- d-----w- c:\program files (x86)\fbphotozoom
2012-03-25 14:47 . 2012-03-25 14:48 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-03-19 03:10 . 2012-03-20 02:56 -------- d-----w- c:\windows\SysWow64\Adobe
2012-03-18 13:19 . 2012-03-18 13:19 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 13:19 . 2012-03-18 13:19 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-08 05:21 . 2012-03-08 05:21 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 13:18 . 2011-08-14 20:46 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-13 02:03 . 2011-08-15 01:03 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-02-13 02:03 . 2011-08-15 01:02 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-13 01:56 . 2011-08-15 01:02 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-02_03.01.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-29 13:48 . 2012-04-02 04:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-03-29 13:48 . 2012-03-30 00:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-04-02 03:26 . 2012-04-02 03:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040120120402\index.dat
+ 2012-03-29 03:31 . 2012-04-02 04:56 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-03-29 03:31 . 2012-03-30 00:51 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2009-07-14 05:10 . 2012-04-02 22:56 27000 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-13 13:09 . 2012-04-02 22:56 13452 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-495017168-2397965103-3085937276-1000_UserData.bin
- 2012-03-30 17:44 . 2012-03-30 13:24 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2012-03-30 17:44 . 2012-04-02 13:37 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2011-08-13 15:58 . 2012-04-02 03:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-13 15:58 . 2012-04-02 02:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-02 02:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-02 03:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-02 22:54 . 2012-04-02 22:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-02 03:00 . 2012-04-02 03:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-02 22:54 . 2012-04-02 22:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-02 03:00 . 2012-04-02 03:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-04-02 05:00 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-02 02:58 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-15 17:45 . 2012-04-02 22:50 245986 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-04-02 02:53 623940 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-02 22:59 623940 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-02 02:53 106316 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-02 22:59 106316 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-02 02:59 380304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-02 22:53 380304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-04-02 05:00 5095424 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-02 02:58 5095424 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-02 05:00 2965504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-02 02:58 2965504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-29 04:50 . 2012-04-02 05:03 9644536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2009-07-14 02:34 . 2012-03-30 17:44 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-04-02 18:45 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-08-13 13:40 . 2012-04-02 22:53 12155156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-495017168-2397965103-3085937276-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-14 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Brianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
R3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [2010-09-15 34304]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 XTUService;Intel® Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-11-24 21768]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]
S3 ICTDrv;ICTDrv;c:\windows\system32\DRIVERS\ICTDrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-495017168-2397965103-3085937276-1000Core.job
- c:\users\Brianne\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-30 20:32]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-495017168-2397965103-3085937276-1000UA.job
- c:\users\Brianne\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-30 20:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"npawmp"="c:\users\Brianne\AppData\Local\Temp\npawmp.dll" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{86394A72-7F3E-4DB8-8BEF-6F6137E1C6DD}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Brianne\AppData\Roaming\Mozilla\Firefox\Profiles\3pgdvqe9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:62,ca,a0,67,5c,0d,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,04,25,f4,0b,b3,e9,f2,49,95,ee,b6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,04,25,f4,0b,b3,e9,f2,49,95,ee,b6,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-02 19:03:45
ComboFix-quarantined-files.txt 2012-04-02 23:03
ComboFix2.txt 2012-04-02 18:19
ComboFix3.txt 2012-04-02 03:06
ComboFix4.txt 2012-03-30 01:10
.
Pre-Run: 830,999,814,144 bytes free
Post-Run: 830,910,869,504 bytes free
.
- - End Of File - - 29BC868D6632393C0D9433E24E60ABDA

Security Check

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java™ 6 Update 22
Java version out of date!
Adobe Flash Player 10.3.183.5 Flash Player out of Date!
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````

#15 AnBrine

New Member

Members
13 posts

Posted 02 April 2012 - 06:19 PM

My computer seems to be running fine right now. I'm no longer getting the blue screen on start-up. However, when loading the desktop the following error appears "There was a problem starting C:\Users\Brianne\AppData\Temp\npawmp.dll The specified module could not be found". Other then that, everything is running normally.