Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Already removed windows 7 repair (I hope) but Google search is redirecting


  • This topic is locked This topic is locked
17 replies to this topic

#1 Biigdaddio

Biigdaddio

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 24 July 2011 - 01:45 PM

My son's computer came down with the Windows 7 Repair virus. I used the removal guide on this site and the virus *seems* to be gone and I can see all the files. Everything seems to be running smoothly, except that Google search results in Firefox and IE are redirecting various meaningless sites.

I have three computers on this network and only the one has this issue.

Of note before I install the logs.... I went to my account on this same computer and tried to launch Chrome. I got this odd message:

"An administrator has installed Google Chrome on this system, and it is available for all users. The system-level Google Chrome will replace you user-level installation now. "

When I ran gmer, the screen did not look like the screen in the "getting started" page of this site. Many items that were shown as being checked were grayed out in my gmer and not available to check -- e.g. systems, sections, IAT/EAT, devices, modules, processes, threads, libraries. I was able to check Services, Registry and Files.

Also, the computer has a D: partition but only C: showed up. "Show All" was grayed out. There was also a thumb drive plugged in but gmer did not find that either. It did scan but when I went to save it the only option was to save as a log file, not a txt file. I saved as a log file but it shows as being 0 kb. So I have not attached it and will await any help to get the log done right. Below is the DDS info.

Many thanks for any help you can provide.

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Hotshjot at 23:28:51 on 2011-07-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4026.2910 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\PLFSetI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Registry Mechanic\RMTray.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\WUDFHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5732z&r=27360410a215l0414z165t5462x775
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5732z&r=27360410a215l0414z165t5462x775
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5732z&r=27360410a215l0414z165t5462x775
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5732z&r=27360410a215l0414z165t5462x775
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110514115149.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [RegistryMechanic] C:\Program Files (x86)\Registry Mechanic\RMTray.exe /H
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Google Update] "C:\Users\Hotshjot\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Hotshjot\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.90/WebSlingPlayer.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 10.0.1.1
TCP: Interfaces\{06E503DC-DDB9-4B61-96A7-C1EC11C6F3C8} : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{06E503DC-DDB9-4B61-96A7-C1EC11C6F3C8}\036324430373933343030313 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{06E503DC-DDB9-4B61-96A7-C1EC11C6F3C8}\036324430393136393633313 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{06E503DC-DDB9-4B61-96A7-C1EC11C6F3C8}\44B4E4544575F425B4 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{06E503DC-DDB9-4B61-96A7-C1EC11C6F3C8}\77563747027796E676F52313 : DhcpNameServer = 24.29.99.35 24.29.99.36
TCP: Interfaces\{06E503DC-DDB9-4B61-96A7-C1EC11C6F3C8}\84F64786 : DhcpNameServer = 167.206.251.130 167.206.251.129
TCP: Interfaces\{06E503DC-DDB9-4B61-96A7-C1EC11C6F3C8}\A52475E473 : DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{06E503DC-DDB9-4B61-96A7-C1EC11C6F3C8}\B4F4140294E6475627E65647 : DhcpNameServer = 192.168.0.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110514115149.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun-x64: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun-x64: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hotshjot\AppData\Roaming\Mozilla\Firefox\Profiles\ro0bktsz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cartoonnetwork.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52667
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: C:\Users\Hotshjot\AppData\Roaming\Mozilla\Firefox\Profiles\ro0bktsz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\Hotshjot\AppData\Roaming\Mozilla\Firefox\Profiles\ro0bktsz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Hotshjot\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Users\Hotshjot\AppData\Local\Roblox\Versions\version-5ce51d8367464075\NPRobloxProxy.dll
FF - plugin: C:\Users\Hotshjot\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Hotshjot\AppData\Roaming\Mozilla\Firefox\Profiles\ro0bktsz.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
FF - plugin: C:\Users\Hotshjot\AppData\Roaming\Mozilla\Firefox\Profiles\ro0bktsz.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll
FF - plugin: C:\Users\Hotshjot\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Hotshjot\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-11-6 844320]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-6 225280]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2011-07-23 16:11:45 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{0B859D20-7BEE-4B0E-BD29-9DC6C156ADCA}
2011-07-22 18:25:35 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{B4CE3232-B546-4B3A-A3F1-9750CDC15486}
2011-07-17 02:46:32 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{A8225BA2-B73D-4D89-B5D0-7D23818C4396}
2011-07-17 01:52:24 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{A046E479-8FBF-4838-9684-B791F83084C4}
2011-07-15 19:45:55 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{9399A2FE-0B1B-4550-9B19-AFDE5BE76F7B}
2011-07-14 21:35:47 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{D79F4238-8A44-4708-BCAE-3E54A07B6F52}
2011-07-14 00:14:55 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{C4E5C0F7-FFAD-4C0F-A3E8-D2A577E0CCAC}
2011-07-13 00:46:51 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-07-12 00:56:33 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{06DD0CA4-BD06-483D-A86D-ADD8AB0BF436}
2011-07-10 03:21:47 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{62F74731-72E0-4D83-ABD4-1A186585535C}
2011-07-08 21:23:56 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2011-07-08 20:56:24 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{06A3265B-2FE1-4101-B986-CE168B755D17}
2011-07-07 20:03:01 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{2E46BAD9-437C-4ADB-9341-D80BD4FAF656}
2011-07-07 00:19:10 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{76269877-F8FB-4902-937C-29F779EA8B40}
2011-07-05 22:48:31 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{58471079-1565-4FEE-AD1D-8829FFE9AE52}
2011-07-04 19:34:55 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{40DF10F6-9F97-46E9-A996-1F74D3009209}
2011-07-03 15:57:03 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{C71EE3BB-A626-4850-81AD-722F52A9EDC3}
2011-07-03 03:42:34 -------- d-----w- C:\Windows\System32\SPReview
2011-07-03 03:41:02 -------- d-----w- C:\Windows\System32\EventProviders
2011-07-03 03:34:58 3650560 ----a-w- C:\Windows\System32\MSVidCtl.dll
2011-07-03 03:33:59 285696 ----a-w- C:\Windows\System32\schtasks.exe
2011-07-03 03:32:59 94720 ----a-w- C:\Windows\System32\cabinet.dll
2011-07-03 03:31:46 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll
2011-07-03 03:31:46 257024 ----a-w- C:\Windows\SysWow64\dpx.dll
2011-07-03 03:31:37 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-07-03 03:31:37 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-07-03 03:28:58 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-07-03 03:28:58 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-07-03 03:28:58 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-07-03 03:28:40 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-07-03 03:28:30 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-07-03 03:27:39 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-07-03 03:27:37 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-07-02 20:23:50 -------- d-----w- C:\Users\Hotshjot\AppData\Roaming\Malwarebytes
2011-07-02 20:23:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-02 20:23:42 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-02 20:23:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-02 15:08:17 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{D7E5903A-3624-4162-A2A0-D5EF7767F972}
2011-07-02 15:04:04 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{094B8484-FF19-4943-8616-7854791D05EB}
2011-07-02 03:09:24 0 ----a-w- C:\Users\Hotshjot\AppData\Local\Xpuzuyihitam.bin
2011-07-02 03:09:18 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{B9F85B54-42A9-42BE-9550-8981D7830501}
2011-07-01 22:00:04 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{A1DB3F3F-6C81-408F-86A4-9C57671F8343}
.
==================== Find3M ====================
.
2011-07-03 03:52:42 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-07-03 03:52:42 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-06-19 14:28:39 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-10 12:06:08 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-05-10 12:06:08 4517664 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-05-04 08:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 23:38:34.02 ===============

Third attempt to add more information via reply.

TDSS and MBAM find no infection. And every once in a while a browser window just pops up on its own, without any browser being launched, and it displays search results when nothing like it has been searched for.

Edited by boopme, 24 July 2011 - 02:39 PM.


BC AdBot (Login to Remove)

 


#2 Biigdaddio

Biigdaddio
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 28 July 2011 - 08:19 PM

Have I done something wrong? I see many similar issues posted after mine that have received replies.

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,517 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:50 PM

Posted 03 August 2011 - 04:23 AM

Hi Biigdaddio,

Welcome and apologies for the delay.

Please update me on the current condition of your computer and the issue you are currently facing.

In case the issue is not resolved please run DDS, copy and paste DDS.txt and attach the Attach.txt, without zipping, to your reply.

#4 Biigdaddio

Biigdaddio
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 03 August 2011 - 07:05 AM

Will do. FWIW, I ran Spybot, which found nothing other than some tracking cookies it removed. Other than that, the previous log should be pretty close to what it is now as I've done nothing else and the problem has not changed.

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,517 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:50 PM

Posted 03 August 2011 - 08:04 AM

Thanks for the feedback.

Spybot is not a front runner tool any more.

Waiting for the logs.

#6 Biigdaddio

Biigdaddio
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 03 August 2011 - 07:15 PM

Here 'tis.

Thanks for your help.

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Hotshjot at 8:14:04 on 2011-08-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4026.2298 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\System32\alg.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\PLFSetI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Registry Mechanic\RMTray.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Users\Hotshjot\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SoftwareDistribution\Download\Install\mpas-d_bd1.exe
c:\1a8537a48d757051abe910\MpMiniSigStub.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\MpSigStub.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5732z&r=27360410a215l0414z165t5462x775
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5732z&r=27360410a215l0414z165t5462x775
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5732z&r=27360410a215l0414z165t5462x775
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5732z&r=27360410a215l0414z165t5462x775
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110514115149.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [RegistryMechanic] C:\Program Files (x86)\Registry Mechanic\RMTray.exe /H
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Google Update] "C:\Users\Hotshjot\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Hotshjot\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.90/WebSlingPlayer.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 10.0.1.1
TCP: Interfaces\{06E503DC-DDB9-4B61-96A7-C1EC11C6F3C8} : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{06E503DC-DDB9-4B61-96A7-C1EC11C6F3C8}\036324430373933343030313 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{06E503DC-DDB9-4B61-96A7-C1EC11C6F3C8}\036324430393136393633313 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{06E503DC-DDB9-4B61-96A7-C1EC11C6F3C8}\44B4E4544575F425B4 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{06E503DC-DDB9-4B61-96A7-C1EC11C6F3C8}\77563747027796E676F52313 : DhcpNameServer = 24.29.99.35 24.29.99.36
TCP: Interfaces\{06E503DC-DDB9-4B61-96A7-C1EC11C6F3C8}\84F64786 : DhcpNameServer = 167.206.251.130 167.206.251.129
TCP: Interfaces\{06E503DC-DDB9-4B61-96A7-C1EC11C6F3C8}\A52475E473 : DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{06E503DC-DDB9-4B61-96A7-C1EC11C6F3C8}\B4F4140294E6475627E65647 : DhcpNameServer = 192.168.0.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110514115149.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun-x64: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun-x64: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hotshjot\AppData\Roaming\Mozilla\Firefox\Profiles\ro0bktsz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cartoonnetwork.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52667
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: C:\Users\Hotshjot\AppData\Roaming\Mozilla\Firefox\Profiles\ro0bktsz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\Hotshjot\AppData\Roaming\Mozilla\Firefox\Profiles\ro0bktsz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Hotshjot\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Users\Hotshjot\AppData\Local\Roblox\Versions\version-5ce51d8367464075\NPRobloxProxy.dll
FF - plugin: C:\Users\Hotshjot\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Hotshjot\AppData\Roaming\Mozilla\Firefox\Profiles\ro0bktsz.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
FF - plugin: C:\Users\Hotshjot\AppData\Roaming\Mozilla\Firefox\Profiles\ro0bktsz.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll
FF - plugin: C:\Users\Hotshjot\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Hotshjot\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-6 225280]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2011-08-03 12:14:09 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E9E00E79-F149-4680-961E-200231298740}\mpengine.dll
2011-08-03 12:10:09 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{28D0AFBF-B11B-4232-9FE5-CF2F8BC67960}
2011-08-01 13:30:39 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{5FB84E08-2630-46BD-BECF-2B323A449973}
2011-08-01 12:07:44 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-08-01 12:07:44 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-07-31 20:32:03 -------- d-----w- C:\Program Files\iPod
2011-07-31 20:32:02 -------- d-----w- C:\Program Files\iTunes
2011-07-31 20:28:17 -------- d-----w- C:\Program Files\Bonjour
2011-07-31 20:28:17 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-07-31 20:23:22 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{CBC5DDCF-4036-4A44-A03E-EF4DDC1A2C11}
2011-07-30 16:07:44 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{C05BB9B7-8103-40F8-BA8F-7911CE8F0B1F}
2011-07-30 01:30:16 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{5E55D793-5BC9-4CB9-863A-20E714B262D0}
2011-07-28 00:13:07 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{848226B6-3D59-416A-9F0C-9DCDA2E3568D}
2011-07-24 16:16:26 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{549E0AE3-8341-4015-B607-C2D3A97F48F8}
2011-07-24 04:12:39 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{E4662FD3-291D-423B-A5E1-E3F680232105}
2011-07-23 16:11:45 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{0B859D20-7BEE-4B0E-BD29-9DC6C156ADCA}
2011-07-22 18:25:35 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{B4CE3232-B546-4B3A-A3F1-9750CDC15486}
2011-07-17 02:46:32 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{A8225BA2-B73D-4D89-B5D0-7D23818C4396}
2011-07-17 01:52:24 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{A046E479-8FBF-4838-9684-B791F83084C4}
2011-07-15 19:45:55 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{9399A2FE-0B1B-4550-9B19-AFDE5BE76F7B}
2011-07-14 21:35:47 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{D79F4238-8A44-4708-BCAE-3E54A07B6F52}
2011-07-14 00:14:55 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{C4E5C0F7-FFAD-4C0F-A3E8-D2A577E0CCAC}
2011-07-13 00:46:51 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-07-12 15:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-07-12 15:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-07-12 15:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-07-12 15:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-07-12 15:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-07-12 15:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-07-12 15:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-07-12 00:56:33 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{06DD0CA4-BD06-483D-A86D-ADD8AB0BF436}
2011-07-10 03:21:47 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{62F74731-72E0-4D83-ABD4-1A186585535C}
2011-07-08 21:23:56 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2011-07-08 20:56:24 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{06A3265B-2FE1-4101-B986-CE168B755D17}
2011-07-07 20:03:01 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{2E46BAD9-437C-4ADB-9341-D80BD4FAF656}
2011-07-07 00:19:10 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{76269877-F8FB-4902-937C-29F779EA8B40}
2011-07-05 22:48:31 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{58471079-1565-4FEE-AD1D-8829FFE9AE52}
2011-07-04 19:34:55 -------- d-----w- C:\Users\Hotshjot\AppData\Local\{40DF10F6-9F97-46E9-A996-1F74D3009209}
.
==================== Find3M ====================
.
2011-07-06 23:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-03 03:52:42 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-07-03 03:52:42 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-06-19 14:28:39 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-24 23:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-10 12:06:08 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-05-10 12:06:08 4517664 ----a-w- C:\Windows\System32\usbaaplrc.dll
.
============= FINISH: 8:24:27.65 ===============

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,517 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:50 PM

Posted 04 August 2011 - 02:49 AM

Just to let you know I'm still waiting for the other log I requested.

#8 Biigdaddio

Biigdaddio
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 04 August 2011 - 08:05 AM

Doh. Done.

Interesting new things happend while running the scan. A browser popped up unbidden and over it was a separate dialogue box that said

Are you sure you want to delete YouTube
[yes] [no]

Then, later, a dialogue with no browser popped up that said.

Please login or sign up to do this.
[ok]

I did not click the buttons but only closed the dialogue.

Attached Files



#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,517 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:50 PM

Posted 04 August 2011 - 08:28 AM

In case the issue is not resolved please run DDS, copy and paste DDS.txt and attach the Attach.txt, without zipping, to your reply.


Before proceeding I would like to request you to read the instruction before doing anything. First the Attach.txt part was missed, now "without zipping" part. The reason I ask this is that some fixes we use might destroy the system is they are not done with care.

#10 Biigdaddio

Biigdaddio
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 04 August 2011 - 09:49 AM

My apologies.... Attached. Note that the extension is txt, even if zip is in the title.

Attached Files



#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,517 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:50 PM

Posted 04 August 2011 - 10:08 AM

No problem I just wanted to be sure we do have attention for the eventual fixes.:)

Please download MBRCheck by clicking here and save it to your desktop.
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
  • A window will open on your desktop.
  • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter.
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.txt should appear on your desktop.
  • Please post the contents of that file in your next reply.


#12 Biigdaddio

Biigdaddio
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 04 August 2011 - 10:23 AM

Yup....

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Acer
System Manufacturer: Acer
System Product Name: Aspire 5732Z
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 196):
0x0304B000 \SystemRoot\system32\ntoskrnl.exe
0x03002000 \SystemRoot\system32\hal.dll
0x00B9A000 \SystemRoot\system32\kdcom.dll
0x00C52000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CA1000 \SystemRoot\system32\PSHED.dll
0x00CB5000 \SystemRoot\system32\CLFS.SYS
0x00D13000 \SystemRoot\system32\CI.dll
0x00E37000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EDB000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EEA000 \SystemRoot\system32\drivers\ACPI.sys
0x00F41000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F4A000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F54000 \SystemRoot\system32\drivers\pci.sys
0x00F87000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F94000 \SystemRoot\System32\drivers\partmgr.sys
0x00FA9000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FB2000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FBE000 \SystemRoot\system32\drivers\volmgr.sys
0x01016000 \SystemRoot\System32\drivers\volmgrx.sys
0x01072000 \SystemRoot\System32\drivers\mountmgr.sys
0x0108C000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x011A8000 \SystemRoot\system32\drivers\atapi.sys
0x011B1000 \SystemRoot\system32\drivers\ataport.SYS
0x011DB000 \SystemRoot\system32\drivers\amdxata.sys
0x00C00000 \SystemRoot\system32\drivers\fltmgr.sys
0x011E6000 \SystemRoot\system32\drivers\fileinfo.sys
0x01296000 \SystemRoot\system32\drivers\mfehidk.sys
0x01417000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01316000 \SystemRoot\System32\Drivers\msrpc.sys
0x015BA000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01374000 \SystemRoot\System32\Drivers\cng.sys
0x015D5000 \SystemRoot\System32\drivers\pcw.sys
0x015E6000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016BB000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x018D7000 \SystemRoot\System32\drivers\tcpip.sys
0x01ADB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01B25000 \SystemRoot\system32\drivers\volsnap.sys
0x01B71000 \SystemRoot\System32\Drivers\spldr.sys
0x01B79000 \SystemRoot\System32\drivers\rdyboost.sys
0x01BB3000 \SystemRoot\System32\Drivers\mup.sys
0x01BC5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01800000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0183A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01850000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x03C00000 \SystemRoot\system32\drivers\cdrom.sys
0x03C2A000 \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
0x03C33000 \SystemRoot\System32\Drivers\Null.SYS
0x03C3C000 \SystemRoot\System32\Drivers\Beep.SYS
0x03C43000 \SystemRoot\System32\drivers\vga.sys
0x03C51000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03C76000 \SystemRoot\System32\drivers\watchdog.sys
0x03C86000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03C8F000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03C98000 \SystemRoot\system32\drivers\rdprefmp.sys
0x03CA1000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03CAC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0188E000 \SystemRoot\system32\drivers\mfewfpk.sys
0x03DF1000 \SystemRoot\system32\drivers\TDI.SYS
0x01BCE000 \SystemRoot\system32\DRIVERS\tdx.sys
0x017AE000 \SystemRoot\System32\DRIVERS\netbt.sys
0x01200000 \SystemRoot\system32\drivers\afd.sys
0x01BF0000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0168B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x01400000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x013E6000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x015F0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x00FD3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x01000000 \SystemRoot\system32\drivers\termdd.sys
0x0409A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x040EB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x040F7000 \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
0x0410A000 \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
0x04112000 \SystemRoot\system32\drivers\mssmbios.sys
0x0411D000 \SystemRoot\System32\drivers\discache.sys
0x0412C000 \SystemRoot\System32\Drivers\dfsc.sys
0x0414A000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0415B000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04181000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04A1D000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x02E97000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02F8B000 \SystemRoot\System32\drivers\dxgmms1.sys
0x02FD1000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02E00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02E56000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02E67000 \SystemRoot\system32\drivers\HDAudBus.sys
0x0447F000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x0475A000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04767000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x0477C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04781000 \SystemRoot\system32\drivers\i8042prt.sys
0x0479F000 \SystemRoot\SysWOW64\Drivers\DKbFltr.sys
0x047AB000 \SystemRoot\system32\drivers\kbdclass.sys
0x047BA000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x04400000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0440F000 \??\C:\Windows\system32\drivers\UBHelper.sys
0x04417000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
0x0441F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0442C000 \SystemRoot\system32\drivers\wmiacpi.sys
0x04435000 \SystemRoot\system32\drivers\CompositeBus.sys
0x04445000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0445B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02E8B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x05125000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02FDE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x05154000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x05175000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x047FC000 \SystemRoot\system32\drivers\swenum.sys
0x0518F000 \SystemRoot\system32\drivers\ks.sys
0x051D2000 \SystemRoot\system32\drivers\umbus.sys
0x04197000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x051E4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05C1C000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04000000 \SystemRoot\system32\drivers\portcls.sys
0x0403D000 \SystemRoot\system32\drivers\drmk.sys
0x05C00000 \SystemRoot\system32\drivers\ksthunk.sys
0x0405F000 \SystemRoot\system32\drivers\mfeavfk.sys
0x05E5F000 \SystemRoot\system32\drivers\mfefirek.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x05EC9000 \SystemRoot\System32\drivers\Dxapi.sys
0x05ED5000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05EF2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05EF4000 \SystemRoot\System32\Drivers\usbvideo.sys
0x00560000 \SystemRoot\System32\TSDDD.dll
0x00670000 \SystemRoot\System32\cdd.dll
0x05F30000 \SystemRoot\system32\DRIVERS\udfs.sys
0x00800000 \SystemRoot\System32\ATMFD.DLL
0x05F85000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03CBD000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05F93000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05FA6000 \SystemRoot\system32\drivers\luafv.sys
0x05FC9000 \SystemRoot\system32\drivers\WudfPf.sys
0x05FEA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05E00000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x05C06000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x04A00000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02ABB000 \SystemRoot\system32\drivers\HTTP.sys
0x02B84000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x02B8E000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02BAC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02BC4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02A00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02A4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05618000 \SystemRoot\system32\drivers\peauth.sys
0x056BE000 \SystemRoot\System32\Drivers\secdrv.SYS
0x056C9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x056FA000 \SystemRoot\System32\drivers\tcpipreg.sys
0x05755000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06C02000 \SystemRoot\System32\DRIVERS\srv.sys
0x06C9A000 \SystemRoot\System32\drivers\ipnat.sys
0x06CC9000 \SystemRoot\system32\drivers\cfwids.sys
0x06D48000 \SystemRoot\system32\drivers\USBSTOR.SYS
0x06D63000 \SystemRoot\System32\Drivers\fastfat.SYS
0x06DB5000 \SystemRoot\system32\drivers\mfeapfk.sys
0x06DD1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x06CD7000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x77BD0000 \Windows\System32\ntdll.dll
0x47B40000 \Windows\System32\smss.exe
0xFFEF0000 \Windows\System32\apisetschema.dll
0xFF830000 \Windows\System32\autochk.exe
0xFFE40000 \Windows\System32\clbcatq.dll
0xFFDF0000 \Windows\System32\ws2_32.dll
0xFFDE0000 \Windows\System32\nsi.dll
0xFFD00000 \Windows\System32\advapi32.dll
0xFFAA0000 \Windows\System32\iertutil.dll
0x77DA0000 \Windows\System32\normaliz.dll
0xFFA70000 \Windows\System32\imm32.dll
0x77D90000 \Windows\System32\psapi.dll
0xFFA60000 \Windows\System32\lpk.dll
0xFF9E0000 \Windows\System32\difxapi.dll
0xFF860000 \Windows\System32\urlmon.dll
0xFF790000 \Windows\System32\usp10.dll
0xFF730000 \Windows\System32\Wldap32.dll
0xFF690000 \Windows\System32\msvcrt.dll
0xFF670000 \Windows\System32\imagehlp.dll
0xFF650000 \Windows\System32\sechost.dll
0xFF5D0000 \Windows\System32\shlwapi.dll
0xFF530000 \Windows\System32\comdlg32.dll
0xFF450000 \Windows\System32\oleaut32.dll
0xFF340000 \Windows\System32\msctf.dll
0xFF210000 \Windows\System32\rpcrt4.dll
0xFF1A0000 \Windows\System32\gdi32.dll
0x77AB0000 \Windows\System32\kernel32.dll
0xFF070000 \Windows\System32\wininet.dll
0xFEE90000 \Windows\System32\setupapi.dll
0xFEC80000 \Windows\System32\ole32.dll
0x779B0000 \Windows\System32\user32.dll
0xFDEF0000 \Windows\System32\shell32.dll
0xFDE80000 \Windows\System32\KernelBase.dll
0xFDE40000 \Windows\System32\cfgmgr32.dll
0xFDCD0000 \Windows\System32\crypt32.dll
0xFDC90000 \Windows\System32\wintrust.dll
0xFDBF0000 \Windows\System32\comctl32.dll
0xFDBD0000 \Windows\System32\devobj.dll
0xFDBC0000 \Windows\System32\msasn1.dll

Processes (total 105):
0 System Idle Process
4 System
324 C:\Windows\System32\smss.exe
548 csrss.exe
604 C:\Windows\System32\wininit.exe
636 csrss.exe
660 C:\Windows\System32\services.exe
684 C:\Windows\System32\lsass.exe
692 C:\Windows\System32\lsm.exe
832 C:\Windows\System32\winlogon.exe
856 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
296 C:\Windows\System32\svchost.exe
344 C:\Windows\System32\svchost.exe
464 C:\Windows\System32\svchost.exe
612 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\svchost.exe
1244 C:\Windows\System32\wlanext.exe
1252 C:\Windows\System32\conhost.exe
1404 C:\Windows\System32\spoolsv.exe
1444 C:\Windows\System32\svchost.exe
1564 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1652 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1688 C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
1728 C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
1756 C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
1808 C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
1844 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
1892 C:\Windows\System32\rundll32.exe
1900 C:\Windows\SysWOW64\rundll32.exe
1924 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
1976 C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
2036 C:\Windows\SysWOW64\PnkBstrA.exe
1304 C:\Windows\System32\svchost.exe
1672 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
1312 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2032 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2144 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2164 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2200 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2264 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2620 C:\Windows\System32\taskhost.exe
2716 C:\Windows\System32\dwm.exe
2776 C:\Windows\explorer.exe
2420 unsecapp.exe
2844 WmiPrvSE.exe
2896 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
3340 C:\Windows\System32\alg.exe
3376 C:\Windows\SysWOW64\svchost.exe
3464 C:\Windows\System32\svchost.exe
3536 C:\Windows\System32\svchost.exe
3828 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3908 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3944 C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
4008 C:\Program Files\Apoint2K\Apoint.exe
4060 C:\Windows\PLFSetI.exe
4084 C:\Windows\System32\igfxtray.exe
3752 C:\Windows\System32\hkcmd.exe
3900 C:\Windows\System32\igfxsrvc.exe
3872 C:\Windows\System32\igfxpers.exe
3728 C:\Windows\System32\igfxext.exe
500 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
1020 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2432 C:\Windows\System32\wbem\unsecapp.exe
3132 WmiPrvSE.exe
4120 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
4144 C:\Windows\System32\SearchIndexer.exe
4248 C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
4260 C:\Program Files (x86)\Registry Mechanic\RMTray.exe
4596 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
4760 C:\Program Files\Apoint2K\ApMsgFwd.exe
4808 C:\Program Files\Apoint2K\ApntEx.exe
4840 C:\Windows\System32\conhost.exe
5028 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
5040 C:\Program Files (x86)\Steam\Steam.exe
5084 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
4304 C:\Program Files (x86)\Launch Manager\LManager.exe
732 C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
4140 C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
5076 C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
4700 C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
4712 C:\Program Files\McAfee.com\Agent\mcagent.exe
1952 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
5124 C:\Program Files (x86)\iTunes\iTunesHelper.exe
5580 C:\Program Files\iPod\bin\iPodService.exe
5680 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
6092 C:\Windows\System32\svchost.exe
2672 C:\Program Files\Windows Media Player\wmpnetwk.exe
3544 C:\Windows\System32\wuauclt.exe
1328 C:\Windows\SysWOW64\notepad.exe
3032 mcupdmgr.exe
2664 C:\Windows\SysWOW64\notepad.exe
2320 C:\Windows\System32\audiodg.exe
1860 C:\Windows\SysWOW64\notepad.exe
2732 C:\Windows\SysWOW64\notepad.exe
3680 C:\Windows\System32\taskeng.exe
4696 C:\Windows\System32\taskeng.exe
4736 C:\Program Files\Internet Explorer\iexplore.exe
1932 C:\Program Files\Internet Explorer\iexplore.exe
1360 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
3840 WUDFHost.exe
4332 dllhost.exe
5160 dllhost.exe
5112 E:\MBRCheck.exe
5356 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`069e5800 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVT-22A23T0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,517 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:50 PM

Posted 04 August 2011 - 10:43 AM

Well done we have found it. :thumbup2:

We will remove the infection the next round.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#14 Biigdaddio

Biigdaddio
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 04 August 2011 - 12:17 PM

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.0
Ran by SYSTEM at 2011-08-04 13:13:05
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [822816 2009-10-29] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [x]
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [306472 2009-11-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [PLFSetI] C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [159232 2009-09-02] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [380928 2009-09-02] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [358912 2009-09-02] (Intel Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2399632 2011-04-13] (Microsoft Corporation)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1157128 2009-08-18] (Dritek System Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [199464 2009-08-03] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [419112 2009-10-29] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [181480 2009-10-21] (Acer Corp.)
HKLM-x32\...\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
HKLM-x32\...\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [104408 2010-04-08] (PC Tools)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1486392 2011-06-28] (McAfee, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-07-19] (Apple Inc.)
HKU\Biigdaddio\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-11-06] (Google Inc.)
HKU\Biigdaddio\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\Hotshjot\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-11-06] (Google Inc.)
HKU\Hotshjot\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-11-09] (Microsoft Corporation)
HKU\Hotshjot\...\Run: [RegistryMechanic] C:\Program Files (x86)\Registry Mechanic\RMTray.exe /H [292824 2010-04-08] (PC Tools )
HKU\Hotshjot\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [2969496 2010-09-21] ()
HKU\Hotshjot\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2011-08-03] (Valve Corporation)
HKU\Hotshjot\...\Run: [Google Update] "C:\Users\Hotshjot\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-10-20] (Google Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1

==================== Services (Whitelisted) ======

2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [844320 2009-10-29] (Acer Incorporated)
2 FlipShare Service; "C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe" [460144 2010-09-17] ()
3 GameConsoleService; "C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe" [250616 2009-05-22] (WildTangent, Inc.)
2 Greg_Service; C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
2 McAfee SiteAdvisor Service; "C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe" [101048 2011-02-16] (McAfee, Inc.)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [509416 2010-10-07] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [200056 2011-04-14] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [245352 2011-04-14] (McAfee, Inc.)
2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [149032 2011-04-14] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
3 NTIBackupSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [50432 2009-06-17] (NewTech InfoSystems, Inc.)
2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2009-06-17] (NewTech Infosystems, Inc.)
2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2010-04-08] (PC Tools)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160 2009-07-03] (Acer)
2 Akamai; c:\program files (x86)\common files\akamai\netsession_win_2da1ebd.dll [x]
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [x]

========================== Drivers (Whitelisted) =============

3 cfwids; C:\Windows\System32\drivers\cfwids.sys [63056 2011-04-14] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121376 2011-04-14] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [190520 2011-04-14] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [441840 2011-04-14] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [530304 2011-04-14] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75160 2011-04-14] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [94992 2011-04-14] (McAfee, Inc.)
1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283744 2011-04-14] (McAfee, Inc.)
1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [22576 2009-06-02] (Egis Technology Inc.)
1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [20016 2009-06-02] (Egis Technology Inc.)
1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [60464 2009-06-02] (Egis Technology Inc.)
3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
3 dump_wmimmc; \??\C:\gPotato\IrisOnline\GameGuard\dump_wmimmc.sys [x]
3 mfeavfk01; [x]
3 npggsvc; C:\Windows\system32\GameMon.des -service [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]

========================== NetSvcs ========================

============ One Month Created Files and Folders ==============

2011-08-04 07:17 - 2011-08-04 07:18 - 0016427 ____A C:\Users\Hotshjot\Desktop\MBRCheck_08.04.11_11.17.43.txt
2011-08-03 04:13 - 2011-07-23 19:17 - 0607017 ____R (Swearware) C:\Users\Hotshjot\Desktop\dds.scr
2011-08-03 04:10 - 2011-08-04 04:10 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{28D0AFBF-B11B-4232-9FE5-CF2F8BC67960}
2011-08-01 05:30 - 2011-08-01 05:30 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{5FB84E08-2630-46BD-BECF-2B323A449973}
2011-08-01 04:07 - 2011-08-01 04:36 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2011-08-01 04:07 - 2011-08-01 04:36 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2011-08-01 04:07 - 2011-08-01 04:07 - 0001266 ____A C:\Users\Biigdaddio\Desktop\Spybot - Search & Destroy.lnk
2011-08-01 04:07 - 2011-08-01 04:07 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2011-07-31 12:32 - 2011-07-31 12:32 - 0001787 ____A C:\Users\Public\Desktop\iTunes.lnk
2011-07-31 12:32 - 2011-07-31 12:32 - 0000000 ____D C:\Program Files\iTunes
2011-07-31 12:32 - 2011-07-31 12:32 - 0000000 ____D C:\Program Files\iPod
2011-07-31 12:28 - 2011-07-31 12:28 - 0000000 ____D C:\Program Files\Bonjour
2011-07-31 12:28 - 2011-07-31 12:28 - 0000000 ____D C:\Program Files (x86)\Bonjour
2011-07-31 12:23 - 2011-07-31 12:23 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{CBC5DDCF-4036-4A44-A03E-EF4DDC1A2C11}
2011-07-30 08:07 - 2011-07-30 08:07 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{C05BB9B7-8103-40F8-BA8F-7911CE8F0B1F}
2011-07-29 17:30 - 2011-07-29 17:30 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{5E55D793-5BC9-4CB9-863A-20E714B262D0}
2011-07-27 16:13 - 2011-07-27 16:13 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{848226B6-3D59-416A-9F0C-9DCDA2E3568D}
2011-07-24 10:56 - 2011-07-24 10:59 - 0067734 ____A C:\TDSSKiller.2.5.11.0_24.07.2011_14.56.15_log.txt
2011-07-24 08:18 - 2011-07-24 08:18 - 1383430 ____A C:\Users\Hotshjot\Downloads\tdsskiller.zip
2011-07-24 08:17 - 2011-07-24 08:17 - 0000412 ____A C:\TDSSKiller.2.5.9.0_24.07.2011_12.17.23_log.txt
2011-07-24 08:16 - 2011-07-24 08:16 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{549E0AE3-8341-4015-B607-C2D3A97F48F8}
2011-07-24 08:14 - 2011-07-24 08:14 - 0317448 ____A C:\Windows\Minidump\072411-19125-01.dmp
2011-07-23 20:38 - 2011-07-16 18:21 - 0302592 ____A C:\Users\Hotshjot\Desktop\gmer.exe
2011-07-23 20:12 - 2011-07-23 20:12 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{E4662FD3-291D-423B-A5E1-E3F680232105}
2011-07-23 08:53 - 2011-07-23 08:54 - 0067734 ____A C:\TDSSKiller.2.5.11.0_23.07.2011_12.53.23_log.txt
2011-07-23 08:52 - 2011-07-23 08:53 - 0000000 ____D C:\Users\Hotshjot\Downloads\kill.com
2011-07-23 08:51 - 2011-07-23 08:51 - 1383430 ____A C:\Users\Hotshjot\Downloads\kill.com.zip
2011-07-23 08:51 - 2011-07-23 08:51 - 0000412 ____A C:\TDSSKiller.2.5.9.0_23.07.2011_12.51.33_log.txt
2011-07-23 08:47 - 2011-07-23 08:51 - 0067732 ____A C:\TDSSKiller.2.5.9.0_23.07.2011_12.47.46_log.txt
2011-07-23 08:45 - 2011-07-23 19:40 - 0000000 ____D C:\Users\Hotshjot\Desktop\July 23 virus removal data
2011-07-23 08:11 - 2011-07-23 08:11 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{0B859D20-7BEE-4B0E-BD29-9DC6C156ADCA}
2011-07-23 08:07 - 2011-07-23 08:07 - 0276816 ____A C:\Windows\Minidump\072311-21871-01.dmp
2011-07-22 10:25 - 2011-07-22 10:25 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{B4CE3232-B546-4B3A-A3F1-9750CDC15486}
2011-07-16 19:38 - 2011-07-16 19:38 - 0024576 ____A C:\Users\Hotshjot\Documents\bleeping computer.doc
2011-07-16 18:46 - 2011-07-16 18:46 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{A8225BA2-B73D-4D89-B5D0-7D23818C4396}
2011-07-16 17:52 - 2011-07-16 17:52 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{A046E479-8FBF-4838-9684-B791F83084C4}
2011-07-15 11:45 - 2011-07-15 11:46 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{9399A2FE-0B1B-4550-9B19-AFDE5BE76F7B}
2011-07-14 13:42 - 2011-05-04 00:52 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2011-07-14 13:42 - 2011-05-04 00:52 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2011-07-14 13:42 - 2011-05-04 00:52 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2011-07-14 13:41 - 2011-07-14 13:42 - 0004388 ____A C:\Windows\SysWOW64\jupdate-1.6.0_26-b03.log
2011-07-14 13:35 - 2011-07-14 13:35 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{D79F4238-8A44-4708-BCAE-3E54A07B6F52}
2011-07-13 16:14 - 2011-07-13 16:14 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{C4E5C0F7-FFAD-4C0F-A3E8-D2A577E0CCAC}
2011-07-12 16:47 - 2011-06-02 22:56 - 0421888 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2011-07-12 16:47 - 2011-06-02 22:44 - 0006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 22:44 - 0005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 22:44 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 22:44 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 22:44 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 22:44 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 22:44 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 22:44 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 22:44 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 22:44 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 22:44 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 22:44 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 22:44 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 22:44 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 22:44 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 22:44 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 22:44 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 22:44 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 22:44 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 22:44 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 22:44 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 22:44 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 22:44 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 22:44 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 22:44 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 22:44 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 22:44 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 22:44 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 21:56 - 0272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2011-07-12 16:47 - 2011-06-02 21:47 - 0005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 21:47 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 21:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 21:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 21:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 21:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 21:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 21:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 21:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 21:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 21:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 21:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 21:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 21:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 21:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 21:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 21:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 21:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 21:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 21:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 21:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 21:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 21:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 21:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 19:48 - 0006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 19:48 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 19:48 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-12 16:47 - 2011-06-02 19:48 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-12 16:46 - 2011-06-10 19:07 - 3137536 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-07-12 16:46 - 2011-06-02 22:57 - 0362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2011-07-12 16:46 - 2011-06-02 22:57 - 0243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2011-07-12 16:46 - 2011-06-02 22:57 - 0214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2011-07-12 16:46 - 2011-06-02 22:57 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2011-07-12 16:46 - 2011-06-02 22:57 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2011-07-12 16:46 - 2011-06-02 22:53 - 0338944 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2011-07-12 16:46 - 2011-06-02 22:00 - 0014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2011-07-12 16:46 - 2011-06-02 21:57 - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2011-07-12 16:46 - 2011-06-02 21:56 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2011-07-12 16:46 - 2011-06-02 19:53 - 0007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2011-07-12 16:46 - 2011-06-02 19:53 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2011-07-12 16:46 - 2011-05-13 23:20 - 1162752 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2011-07-12 16:46 - 2011-05-13 22:22 - 0837632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2011-07-12 07:34 - 2011-07-12 07:34 - 0212840 ____A (Apple Inc.) C:\Windows\System32\dnssdX.dll
2011-07-12 07:34 - 2011-07-12 07:34 - 0096104 ____A (Apple Inc.) C:\Windows\System32\dns-sd.exe
2011-07-12 07:34 - 2011-07-12 07:34 - 0085864 ____A (Apple Inc.) C:\Windows\System32\dnssd.dll
2011-07-12 07:34 - 2011-07-12 07:34 - 0061288 ____A (Apple Inc.) C:\Windows\System32\jdns_sd.dll
2011-07-12 07:20 - 2011-07-12 07:20 - 0178536 ____A (Apple Inc.) C:\Windows\SysWOW64\dnssdX.dll
2011-07-12 07:20 - 2011-07-12 07:20 - 0083816 ____A (Apple Inc.) C:\Windows\SysWOW64\dns-sd.exe
2011-07-12 07:20 - 2011-07-12 07:20 - 0073064 ____A (Apple Inc.) C:\Windows\SysWOW64\dnssd.dll
2011-07-12 07:20 - 2011-07-12 07:20 - 0050536 ____A (Apple Inc.) C:\Windows\SysWOW64\jdns_sd.dll
2011-07-11 16:58 - 2011-07-11 16:58 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_NuidFltr_01009.Wdf
2011-07-11 16:57 - 2011-07-11 16:57 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf
2011-07-11 16:56 - 2011-07-11 16:56 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{06DD0CA4-BD06-483D-A86D-ADD8AB0BF436}
2011-07-09 19:21 - 2011-07-09 19:21 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{62F74731-72E0-4D83-ABD4-1A186585535C}
2011-07-08 13:24 - 2011-07-08 13:24 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01009.Wdf
2011-07-08 13:23 - 2011-07-08 13:24 - 0000000 ____D C:\Program Files\Microsoft IntelliPoint
2011-07-08 12:56 - 2011-07-08 12:56 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{06A3265B-2FE1-4101-B986-CE168B755D17}
2011-07-07 12:03 - 2011-07-07 12:03 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{2E46BAD9-437C-4ADB-9341-D80BD4FAF656}
2011-07-06 16:19 - 2011-07-06 16:19 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{76269877-F8FB-4902-937C-29F779EA8B40}
2011-07-05 14:48 - 2011-07-05 14:48 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{58471079-1565-4FEE-AD1D-8829FFE9AE52}
2011-07-04 16:34 - 2011-07-04 16:34 - 0079551 ____A C:\Users\Hotshjot\Downloads\search
2011-07-04 14:40 - 2011-07-04 14:41 - 0067250 ____A C:\TDSSKiller.2.5.9.0_04.07.2011_18.40.07_log.txt
2011-07-04 14:39 - 2011-07-04 14:39 - 0001956 ____A C:\Users\Hotshjot\Desktop\GooredFix.txt
2011-07-04 14:39 - 2011-07-04 14:39 - 0000000 ____D C:\Users\Hotshjot\Desktop\GooredFix Backups
2011-07-04 11:34 - 2011-07-04 11:35 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{40DF10F6-9F97-46E9-A996-1F74D3009209}


============ 3 Months Modified Files and Folders =============

2011-08-04 13:13 - 2011-08-04 13:12 - 0000000 ____D C:\FRST
2011-08-04 08:01 - 2010-02-02 20:29 - 2072142 ____A C:\Windows\WindowsUpdate.log
2011-08-04 08:01 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-08-04 08:01 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-08-04 08:00 - 2010-04-06 07:35 - 1748429 ___AH C:\Users\Hotshjot\AppData\Local\IconCache.db
2011-08-04 07:54 - 2010-11-11 17:43 - 0000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4178014720-3636027196-2920491369-1003UA.job
2011-08-04 07:19 - 2010-04-06 07:10 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-08-04 07:18 - 2011-08-04 07:17 - 0016427 ____A C:\Users\Hotshjot\Desktop\MBRCheck_08.04.11_11.17.43.txt
2011-08-04 04:16 - 2010-05-28 12:11 - 0524288 __ASH C:\Windows\System32\config\components{a73ad968-6a94-11df-809a-705ab626fc65}.TMContainer00000000000000000001.regtrans-ms
2011-08-04 04:16 - 2010-05-28 12:11 - 0065536 __ASH C:\Windows\System32\config\components{a73ad968-6a94-11df-809a-705ab626fc65}.TM.blf
2011-08-04 04:10 - 2011-08-03 04:10 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{28D0AFBF-B11B-4232-9FE5-CF2F8BC67960}
2011-08-04 04:08 - 2010-11-11 17:43 - 0000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4178014720-3636027196-2920491369-1003Core.job
2011-08-04 04:08 - 2010-04-06 07:10 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-08-03 16:09 - 2010-04-21 02:18 - 0000504 ___AH C:\Windows\Tasks\Norton Security Scan for Hotshjot.job
2011-08-03 04:39 - 2010-09-21 15:46 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\PMB Files
2011-08-03 04:12 - 2010-10-14 11:30 - 0000000 ____D C:\Program Files (x86)\Steam
2011-08-03 04:09 - 2010-06-06 13:13 - 0000000 ____D C:\Users\Hotshjot\Tracing
2011-08-03 04:08 - 2010-04-20 07:42 - 0000437 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2011-08-03 04:08 - 2010-02-02 20:24 - 3166154752 __ASH C:\hiberfil.sys
2011-08-03 04:08 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-08-03 04:08 - 2009-07-13 20:51 - 0059117 ____A C:\Windows\setupact.log
2011-08-01 05:30 - 2011-08-01 05:30 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{5FB84E08-2630-46BD-BECF-2B323A449973}
2011-08-01 04:36 - 2011-08-01 04:07 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2011-08-01 04:36 - 2011-08-01 04:07 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2011-08-01 04:07 - 2011-08-01 04:07 - 0001266 ____A C:\Users\Biigdaddio\Desktop\Spybot - Search & Destroy.lnk
2011-08-01 04:07 - 2011-08-01 04:07 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2011-08-01 04:04 - 2010-04-06 06:56 - 0000000 ____D C:\Users\Biigdaddio\AppData\Local\Google
2011-07-31 12:32 - 2011-07-31 12:32 - 0001787 ____A C:\Users\Public\Desktop\iTunes.lnk
2011-07-31 12:32 - 2011-07-31 12:32 - 0000000 ____D C:\Program Files\iTunes
2011-07-31 12:32 - 2011-07-31 12:32 - 0000000 ____D C:\Program Files\iPod
2011-07-31 12:32 - 2011-06-23 11:35 - 0000000 ____D C:\Program Files (x86)\iTunes
2011-07-31 12:28 - 2011-07-31 12:28 - 0000000 ____D C:\Program Files\Bonjour
2011-07-31 12:28 - 2011-07-31 12:28 - 0000000 ____D C:\Program Files (x86)\Bonjour
2011-07-31 12:23 - 2011-07-31 12:23 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{CBC5DDCF-4036-4A44-A03E-EF4DDC1A2C11}
2011-07-30 18:07 - 2009-07-13 21:08 - 0032646 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-07-30 12:13 - 2011-06-05 13:41 - 0000000 ____D C:\Users\Hotshjot\AppData\Roaming\skypePM
2011-07-30 12:13 - 2011-06-05 13:40 - 0000000 ____D C:\Users\Hotshjot\AppData\Roaming\Skype
2011-07-30 08:41 - 2011-06-05 13:41 - 0000000 ____D C:\Users\All Users\Skype Extras
2011-07-30 08:41 - 2011-06-05 13:41 - 0000000 ____D C:\ProgramData\Skype Extras
2011-07-30 08:29 - 2010-04-19 03:25 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\Google
2011-07-30 08:07 - 2011-07-30 08:07 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{C05BB9B7-8103-40F8-BA8F-7911CE8F0B1F}
2011-07-29 17:30 - 2011-07-29 17:30 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{5E55D793-5BC9-4CB9-863A-20E714B262D0}
2011-07-29 17:28 - 2009-11-06 19:48 - 0840620 ____A C:\Windows\PFRO.log
2011-07-27 16:13 - 2011-07-27 16:13 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{848226B6-3D59-416A-9F0C-9DCDA2E3568D}
2011-07-26 07:22 - 2010-04-06 07:19 - 1288570 ___AH C:\Users\Biigdaddio\AppData\Local\IconCache.db
2011-07-24 10:59 - 2011-07-24 10:56 - 0067734 ____A C:\TDSSKiller.2.5.11.0_24.07.2011_14.56.15_log.txt
2011-07-24 08:45 - 2010-04-06 06:54 - 0000174 ___SH C:\Users\Biigdaddio\Start Menu\Programs\Startup\desktop.ini
2011-07-24 08:45 - 2010-04-06 06:54 - 0000174 ___SH C:\Users\Biigdaddio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-07-24 08:45 - 2010-04-06 06:51 - 0086064 ____A C:\Users\Biigdaddio\AppData\Local\GDIPFONTCACHEV1.DAT
2011-07-24 08:18 - 2011-07-24 08:18 - 1383430 ____A C:\Users\Hotshjot\Downloads\tdsskiller.zip
2011-07-24 08:17 - 2011-07-24 08:17 - 0000412 ____A C:\TDSSKiller.2.5.9.0_24.07.2011_12.17.23_log.txt
2011-07-24 08:17 - 2010-12-15 15:44 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\Windows Live
2011-07-24 08:16 - 2011-07-24 08:16 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{549E0AE3-8341-4015-B607-C2D3A97F48F8}
2011-07-24 08:14 - 2011-07-24 08:14 - 0317448 ____A C:\Windows\Minidump\072411-19125-01.dmp
2011-07-24 08:14 - 2010-07-10 06:32 - 0000000 ____D C:\Windows\Minidump
2011-07-24 08:13 - 2010-07-10 06:32 - 490294203 ____A C:\Windows\MEMORY.DMP
2011-07-23 22:44 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-07-23 20:12 - 2011-07-23 20:12 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{E4662FD3-291D-423B-A5E1-E3F680232105}
2011-07-23 19:40 - 2011-07-23 08:45 - 0000000 ____D C:\Users\Hotshjot\Desktop\July 23 virus removal data
2011-07-23 19:17 - 2011-08-03 04:13 - 0607017 ____R (Swearware) C:\Users\Hotshjot\Desktop\dds.scr
2011-07-23 08:56 - 2011-07-02 12:23 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-23 08:54 - 2011-07-23 08:53 - 0067734 ____A C:\TDSSKiller.2.5.11.0_23.07.2011_12.53.23_log.txt
2011-07-23 08:53 - 2011-07-23 08:52 - 0000000 ____D C:\Users\Hotshjot\Downloads\kill.com
2011-07-23 08:51 - 2011-07-23 08:51 - 1383430 ____A C:\Users\Hotshjot\Downloads\kill.com.zip
2011-07-23 08:51 - 2011-07-23 08:51 - 0000412 ____A C:\TDSSKiller.2.5.9.0_23.07.2011_12.51.33_log.txt
2011-07-23 08:51 - 2011-07-23 08:47 - 0067732 ____A C:\TDSSKiller.2.5.9.0_23.07.2011_12.47.46_log.txt
2011-07-23 08:42 - 2011-07-02 12:11 - 0000422 ____A C:\rkill.log
2011-07-23 08:11 - 2011-07-23 08:11 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{0B859D20-7BEE-4B0E-BD29-9DC6C156ADCA}
2011-07-23 08:07 - 2011-07-23 08:07 - 0276816 ____A C:\Windows\Minidump\072311-21871-01.dmp
2011-07-22 10:25 - 2011-07-22 10:25 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{B4CE3232-B546-4B3A-A3F1-9750CDC15486}
2011-07-16 19:38 - 2011-07-16 19:38 - 0024576 ____A C:\Users\Hotshjot\Documents\bleeping computer.doc
2011-07-16 18:46 - 2011-07-16 18:46 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{A8225BA2-B73D-4D89-B5D0-7D23818C4396}
2011-07-16 18:21 - 2011-07-23 20:38 - 0302592 ____A C:\Users\Hotshjot\Desktop\gmer.exe
2011-07-16 17:52 - 2011-07-16 17:52 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{A046E479-8FBF-4838-9684-B791F83084C4}
2011-07-16 10:13 - 2010-05-18 13:37 - 0000129 ____A C:\Users\Hotshjot\jagex_runescape_preferences2.dat
2011-07-16 09:50 - 2010-05-18 13:36 - 0000046 ____A C:\Users\Hotshjot\jagex_runescape_preferences.dat
2011-07-15 11:46 - 2011-07-15 11:45 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{9399A2FE-0B1B-4550-9B19-AFDE5BE76F7B}
2011-07-14 13:42 - 2011-07-14 13:41 - 0004388 ____A C:\Windows\SysWOW64\jupdate-1.6.0_26-b03.log
2011-07-14 13:42 - 2010-05-18 13:34 - 0000000 ____D C:\Program Files (x86)\Java
2011-07-14 13:35 - 2011-07-14 13:35 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{D79F4238-8A44-4708-BCAE-3E54A07B6F52}
2011-07-14 13:31 - 2009-07-13 20:45 - 0370936 ____A C:\Windows\System32\FNTCACHE.DAT
2011-07-13 16:27 - 2010-04-24 07:38 - 50867144 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-07-13 16:14 - 2011-07-13 16:14 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{C4E5C0F7-FFAD-4C0F-A3E8-D2A577E0CCAC}
2011-07-12 07:34 - 2011-07-12 07:34 - 0212840 ____A (Apple Inc.) C:\Windows\System32\dnssdX.dll
2011-07-12 07:34 - 2011-07-12 07:34 - 0096104 ____A (Apple Inc.) C:\Windows\System32\dns-sd.exe
2011-07-12 07:34 - 2011-07-12 07:34 - 0085864 ____A (Apple Inc.) C:\Windows\System32\dnssd.dll
2011-07-12 07:34 - 2011-07-12 07:34 - 0061288 ____A (Apple Inc.) C:\Windows\System32\jdns_sd.dll
2011-07-12 07:20 - 2011-07-12 07:20 - 0178536 ____A (Apple Inc.) C:\Windows\SysWOW64\dnssdX.dll
2011-07-12 07:20 - 2011-07-12 07:20 - 0083816 ____A (Apple Inc.) C:\Windows\SysWOW64\dns-sd.exe
2011-07-12 07:20 - 2011-07-12 07:20 - 0073064 ____A (Apple Inc.) C:\Windows\SysWOW64\dnssd.dll
2011-07-12 07:20 - 2011-07-12 07:20 - 0050536 ____A (Apple Inc.) C:\Windows\SysWOW64\jdns_sd.dll
2011-07-11 16:58 - 2011-07-11 16:58 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_NuidFltr_01009.Wdf
2011-07-11 16:57 - 2011-07-11 16:57 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf
2011-07-11 16:56 - 2011-07-11 16:56 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{06DD0CA4-BD06-483D-A86D-ADD8AB0BF436}
2011-07-10 16:08 - 2010-05-28 12:11 - 0524288 __ASH C:\Windows\System32\config\components{a73ad968-6a94-11df-809a-705ab626fc65}.TMContainer00000000000000000002.regtrans-ms
2011-07-09 19:21 - 2011-07-09 19:21 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{62F74731-72E0-4D83-ABD4-1A186585535C}
2011-07-09 06:13 - 2010-04-06 07:31 - 0086064 ____A C:\Users\Hotshjot\AppData\Local\GDIPFONTCACHEV1.DAT
2011-07-08 13:24 - 2011-07-08 13:24 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01009.Wdf
2011-07-08 13:24 - 2011-07-08 13:23 - 0000000 ____D C:\Program Files\Microsoft IntelliPoint
2011-07-08 12:56 - 2011-07-08 12:56 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{06A3265B-2FE1-4101-B986-CE168B755D17}
2011-07-07 12:03 - 2011-07-07 12:03 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{2E46BAD9-437C-4ADB-9341-D80BD4FAF656}
2011-07-06 16:19 - 2011-07-06 16:19 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{76269877-F8FB-4902-937C-29F779EA8B40}
2011-07-06 15:52 - 2011-07-02 12:23 - 0041272 ____A (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2011-07-05 14:48 - 2011-07-05 14:48 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{58471079-1565-4FEE-AD1D-8829FFE9AE52}
2011-07-04 16:55 - 2010-04-06 07:31 - 0000000 ____D C:\Users\Hotshjot\AppData\Roaming\Mozilla
2011-07-04 16:34 - 2011-07-04 16:34 - 0079551 ____A C:\Users\Hotshjot\Downloads\search
2011-07-04 14:49 - 2009-07-13 21:13 - 0739790 ____A C:\Windows\System32\PerfStringBackup.INI
2011-07-04 14:41 - 2011-07-04 14:40 - 0067250 ____A C:\TDSSKiller.2.5.9.0_04.07.2011_18.40.07_log.txt
2011-07-04 14:39 - 2011-07-04 14:39 - 0001956 ____A C:\Users\Hotshjot\Desktop\GooredFix.txt
2011-07-04 14:39 - 2011-07-04 14:39 - 0000000 ____D C:\Users\Hotshjot\Desktop\GooredFix Backups
2011-07-04 11:35 - 2011-07-04 11:34 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{40DF10F6-9F97-46E9-A996-1F74D3009209}
2011-07-03 07:57 - 2011-07-03 07:57 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{C71EE3BB-A626-4850-81AD-722F52A9EDC3}
2011-07-03 07:55 - 2010-04-06 07:30 - 0000174 ___SH C:\Users\Hotshjot\Start Menu\Programs\Startup\desktop.ini
2011-07-03 07:55 - 2010-04-06 07:30 - 0000174 ___SH C:\Users\Hotshjot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-07-03 07:01 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Windows Journal
2011-07-03 07:01 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\en
2011-07-03 07:01 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2011-07-03 07:01 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Portable Devices
2011-07-03 07:01 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2011-07-03 07:01 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2011-07-03 07:01 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2011-07-03 07:01 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2011-07-03 07:01 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Portable Devices
2011-07-03 07:01 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2011-07-03 07:01 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2011-07-03 07:01 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2011-07-03 07:01 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2011-07-03 07:01 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2011-07-03 07:01 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2011-07-03 07:01 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2011-07-03 07:01 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2011-07-03 07:01 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2011-07-03 07:01 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2011-07-03 07:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2011-07-03 07:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2011-07-03 07:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sppui
2011-07-03 07:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2011-07-03 07:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2011-07-03 07:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2011-07-03 07:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\manifeststore
2011-07-03 07:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2011-07-03 07:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2011-07-03 07:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2011-07-03 07:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2011-07-03 07:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2011-07-03 07:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2011-07-03 06:56 - 2011-07-02 19:54 - 0002208 ____A C:\Windows\IE9_main.log
2011-07-02 19:54 - 2009-11-06 19:25 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2011-07-02 19:52 - 2009-07-13 18:36 - 0175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2011-07-02 19:52 - 2009-07-13 18:36 - 0152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2011-07-02 19:42 - 2011-07-02 19:42 - 0000000 ____D C:\Windows\System32\SPReview
2011-07-02 19:41 - 2011-07-02 19:41 - 0000000 ____D C:\Windows\System32\EventProviders
2011-07-02 17:13 - 2011-07-01 19:09 - 0000120 ____A C:\Users\Hotshjot\AppData\Local\Rfisatiyuwaxohes.dat
2011-07-02 12:25 - 2011-07-02 12:23 - 0001117 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2011-07-02 12:23 - 2011-07-02 12:23 - 0000000 ____D C:\Users\Hotshjot\AppData\Roaming\Malwarebytes
2011-07-02 12:23 - 2011-07-02 12:23 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-07-02 12:23 - 2011-07-02 12:23 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-07-02 12:23 - 2011-07-02 12:19 - 0067004 ____A C:\TDSSKiller.2.5.8.0_02.07.2011_16.19.10_log.txt
2011-07-02 12:11 - 2011-07-02 12:11 - 0000177 ____A C:\Users\Hotshjot\Desktop\rk-proxy.reg
2011-07-02 12:06 - 2011-07-01 19:15 - 0000040 ____A C:\Users\All Users\~38526712
2011-07-02 12:06 - 2011-07-01 19:15 - 0000040 ____A C:\ProgramData\~38526712
2011-07-02 07:08 - 2011-07-02 07:08 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{D7E5903A-3624-4162-A2A0-D5EF7767F972}
2011-07-02 07:06 - 2011-07-01 19:09 - 0000000 ____A C:\Users\Hotshjot\AppData\Local\Xpuzuyihitam.bin
2011-07-02 07:04 - 2011-07-02 07:04 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{094B8484-FF19-4943-8616-7854791D05EB}
2011-07-02 07:03 - 2011-07-01 19:03 - 0002832 ____A C:\Users\Hotshjot\AppData\Roaming\25AE.E24
2011-07-01 19:09 - 2011-07-01 19:09 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{B9F85B54-42A9-42BE-9550-8981D7830501}
2011-07-01 19:00 - 2010-04-19 03:25 - 0000000 ____D C:\Users\Hotshjot\AppData\Roaming\Adobe
2011-07-01 14:31 - 2010-10-06 15:27 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\ApplicationHistory
2011-07-01 14:04 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2011-07-01 14:00 - 2011-07-01 14:00 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{A1DB3F3F-6C81-408F-86A4-9C57671F8343}
2011-07-01 13:58 - 2011-07-02 18:36 - 0001832 ____A C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
2011-06-30 16:14 - 2011-07-02 18:35 - 0002290 ____A C:\Users\Hotshjot\Desktop\Google Chrome.lnk
2011-06-23 11:37 - 2011-06-23 11:37 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2011-06-19 06:28 - 2011-05-13 11:03 - 0404640 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-06-19 06:26 - 2011-06-19 06:26 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{758DAC85-E129-4365-AC0E-EC4406B68AEA}
2011-06-19 06:21 - 2009-11-06 19:31 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-06-17 11:19 - 2009-11-06 19:25 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-06-17 11:19 - 2009-11-06 19:25 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-06-17 11:14 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2011-06-16 13:52 - 2010-04-06 07:30 - 0000000 ____D C:\Users\Hotshjot\AppData\LocalLow
2011-06-13 12:40 - 2010-04-06 07:30 - 0000000 ____D C:\users\Hotshjot
2011-06-13 12:34 - 2011-06-13 12:34 - 0002560 __ASH C:\Users\Hotshjot\Thumbs.db
2011-06-12 11:41 - 2011-06-12 11:41 - 0553863 ___RA C:\Users\Hotshjot\Desktop\SkinEdit_alpha3_pre7_fix.zip
2011-06-11 16:18 - 2011-06-11 16:17 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{332B1171-821D-4C05-B0D8-9C93B2722219}
2011-06-10 19:07 - 2011-07-12 16:46 - 3137536 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-06-07 12:20 - 2011-06-07 11:47 - 0000000 ____D C:\Users\Hotshjot\Desktop\world
2011-06-05 16:50 - 2011-06-05 16:50 - 0672173 ____A C:\Users\Hotshjot\Desktop\Minecraft_Server.exe
2011-06-05 13:41 - 2011-06-05 13:41 - 0000056 ____A C:\Users\All Users\ezsidmv.dat
2011-06-05 13:41 - 2011-06-05 13:41 - 0000056 ____A C:\ProgramData\ezsidmv.dat
2011-06-05 13:40 - 2011-07-02 18:36 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2011-06-05 13:40 - 2011-06-05 13:40 - 0000000 ___RD C:\Program Files (x86)\Skype
2011-06-05 13:39 - 2011-06-05 13:39 - 1029000 ____A (Skype Technologies S.A.) C:\Users\Hotshjot\Downloads\SkypeSetup.exe
2011-06-05 13:39 - 2011-06-05 13:39 - 0000000 ____D C:\Users\All Users\Skype
2011-06-05 13:39 - 2011-06-05 13:39 - 0000000 ____D C:\ProgramData\Skype
2011-06-05 13:03 - 2010-10-31 12:10 - 0000000 ____D C:\Users\Hotshjot\AppData\Roaming\.minecraft
2011-06-05 07:00 - 2009-11-06 19:35 - 0000000 ____D C:\Program Files (x86)\Google
2011-06-02 22:57 - 2011-07-12 16:46 - 0362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2011-06-02 22:57 - 2011-07-12 16:46 - 0243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2011-06-02 22:57 - 2011-07-12 16:46 - 0214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2011-06-02 22:57 - 2011-07-12 16:46 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2011-06-02 22:57 - 2011-07-12 16:46 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2011-06-02 22:56 - 2011-07-12 16:47 - 0421888 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2011-06-02 22:53 - 2011-07-12 16:46 - 0338944 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2011-06-02 22:44 - 2011-07-12 16:47 - 0006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2011-06-02 22:44 - 2011-07-12 16:47 - 0005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2011-06-02 22:44 - 2011-07-12 16:47 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 22:44 - 2011-07-12 16:47 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2011-06-02 22:44 - 2011-07-12 16:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-06-02 22:44 - 2011-07-12 16:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2011-06-02 22:44 - 2011-07-12 16:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2011-06-02 22:44 - 2011-07-12 16:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2011-06-02 22:44 - 2011-07-12 16:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-06-02 22:44 - 2011-07-12 16:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-06-02 22:44 - 2011-07-12 16:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-06-02 22:44 - 2011-07-12 16:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2011-06-02 22:44 - 2011-07-12 16:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2011-06-02 22:44 - 2011-07-12 16:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-06-02 22:44 - 2011-07-12 16:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2011-06-02 22:44 - 2011-07-12 16:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 22:44 - 2011-07-12 16:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2011-06-02 22:44 - 2011-07-12 16:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2011-06-02 22:44 - 2011-07-12 16:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2011-06-02 22:44 - 2011-07-12 16:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2011-06-02 22:44 - 2011-07-12 16:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2011-06-02 22:44 - 2011-07-12 16:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2011-06-02 22:44 - 2011-07-12 16:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2011-06-02 22:44 - 2011-07-12 16:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-06-02 22:44 - 2011-07-12 16:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2011-06-02 22:44 - 2011-07-12 16:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2011-06-02 22:44 - 2011-07-12 16:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2011-06-02 22:44 - 2011-07-12 16:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2011-06-02 22:00 - 2011-07-12 16:46 - 0014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2011-06-02 21:57 - 2011-07-12 16:46 - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2011-06-02 21:56 - 2011-07-12 16:47 - 0272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2011-06-02 21:56 - 2011-07-12 16:46 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2011-06-02 21:47 - 2011-07-12 16:47 - 0005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2011-06-02 21:47 - 2011-07-12 16:47 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-06-02 21:47 - 2011-07-12 16:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-06-02 21:47 - 2011-07-12 16:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-06-02 21:47 - 2011-07-12 16:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-06-02 21:47 - 2011-07-12 16:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-06-02 21:47 - 2011-07-12 16:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-06-02 21:47 - 2011-07-12 16:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-06-02 21:47 - 2011-07-12 16:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-06-02 21:47 - 2011-07-12 16:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-06-02 21:47 - 2011-07-12 16:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-06-02 21:47 - 2011-07-12 16:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-06-02 21:47 - 2011-07-12 16:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-06-02 21:47 - 2011-07-12 16:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2011-06-02 21:47 - 2011-07-12 16:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-06-02 21:47 - 2011-07-12 16:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-06-02 21:47 - 2011-07-12 16:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2011-06-02 21:47 - 2011-07-12 16:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-06-02 21:47 - 2011-07-12 16:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-06-02 21:47 - 2011-07-12 16:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-06-02 21:47 - 2011-07-12 16:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-06-02 21:47 - 2011-07-12 16:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-06-02 21:47 - 2011-07-12 16:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-06-02 21:47 - 2011-07-12 16:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2011-06-02 19:53 - 2011-07-12 16:46 - 0007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2011-06-02 19:53 - 2011-07-12 16:46 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2011-06-02 19:48 - 2011-07-12 16:47 - 0006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2011-06-02 19:48 - 2011-07-12 16:47 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 19:48 - 2011-07-12 16:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 19:48 - 2011-07-12 16:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2011-05-30 10:01 - 2011-05-30 10:01 - 0000000 ____D C:\Users\All Users\Nexon
2011-05-30 10:01 - 2011-05-30 10:01 - 0000000 ____D C:\ProgramData\Nexon
2011-05-27 21:32 - 2011-06-16 13:41 - 9001984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-05-27 20:33 - 2011-06-16 13:41 - 5984768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-05-27 19:30 - 2011-06-16 13:41 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-05-27 18:53 - 2011-06-16 13:41 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-05-27 18:34 - 2010-08-03 17:35 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\Apple Computer
2011-05-26 17:27 - 2011-05-26 17:27 - 0276776 ____A C:\Windows\Minidump\052611-27736-01.dmp
2011-05-26 11:13 - 2011-05-26 11:13 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{64B9D6F9-44AD-4A11-9A91-BE2B48D28BF2}
2011-05-24 15:14 - 2010-09-01 19:45 - 0270720 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2011-05-24 03:42 - 2011-06-29 16:43 - 0404480 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2011-05-24 02:40 - 2011-06-29 16:43 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2011-05-24 02:40 - 2011-06-29 16:43 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2011-05-24 02:39 - 2011-06-29 16:43 - 0145920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2011-05-24 02:37 - 2011-06-29 16:43 - 0252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2011-05-22 12:14 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2011-05-20 19:02 - 2011-05-20 19:02 - 1750344 ____A C:\Users\Hotshjot\Downloads\PotC-setup.exe
2011-05-20 17:29 - 2011-05-20 17:29 - 0005652 ____A C:\Windows\SysWOW64\jupdate-1.6.0_22-b04.log
2011-05-14 07:51 - 2010-04-06 07:27 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-05-13 23:20 - 2011-07-12 16:46 - 1162752 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2011-05-13 22:22 - 2011-07-12 16:46 - 0837632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2011-05-13 16:52 - 2011-05-13 16:52 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{DC2E0254-7912-434C-87B0-11AD6A5ABC86}
2011-05-13 11:01 - 2011-05-13 11:01 - 0276776 ____A C:\Windows\Minidump\051311-31668-01.dmp
2011-05-10 04:06 - 2011-05-10 04:06 - 4517664 ____A (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll
2011-05-10 04:06 - 2011-05-10 04:06 - 0051712 ____A (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl64.sys
2011-05-07 18:32 - 2010-10-06 15:29 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\Turbine
2011-05-06 11:36 - 2011-05-06 11:36 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{97ECA260-E2B0-44F2-B94E-75CB5404168D}
2011-05-06 03:54 - 2011-05-06 03:54 - 0000000 ____D C:\Users\Hotshjot\AppData\Local\{C0407C01-E32C-49C9-8595-892A7719FA4F}
2011-05-05 14:40 - 2010-12-22 12:35 - 0000629 ____A C:\Windows\System32\mapisvc.inf
2011-05-05 14:39 - 2011-02-05 19:25 - 0000000 ____D C:\Program Files (x86)\Safari
2011-05-04 00:52 - 2011-07-14 13:42 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2011-05-04 00:52 - 2011-07-14 13:42 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2011-05-04 00:52 - 2011-07-14 13:42 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2011-05-04 00:52 - 2010-06-13 13:44 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 4025.98 MB
Available physical RAM: 3323.14 MB
Total Pagefile: 4024.13 MB
Available Pagefile: 3316.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Acer) (Fixed) (Total:220.78 GB) (Free:28.87 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:12 GB) (Free:1.5 GB) NTFS
3 Drive f: (SPONGE) (CDROM) (Total:2.1 GB) (Free:0 GB) UDF
4 Drive g: (UDISK 20X) (Removable) (Total:0.46 GB) (Free:0.43 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==========================================================

Last Boot: 2011-08-03 06:43

======================= End Of Log ==========================

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,517 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:50 PM

Posted 04 August 2011 - 12:27 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
cmd: bootrec /FixMbr
Control:
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also restart, let the computer boot normally and tell me if the redirection is stopped.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users