Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.win32.backboot.gen found


  • This topic is locked This topic is locked
2 replies to this topic

#1 Hiriko

Hiriko

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 11 December 2011 - 02:01 AM

Annoying rootkit infection, I ran the most current TDSSKiller available; it is able to detect Rootkit.win32.backboot.gen but there is no option to "cure" it. Starts up an annoying "winrscmde" that eats up my memory. Argh I knew I should have reinstalled and fixed my AVG when I had the chance... O well I reap what I sow.

Thanks~
Hiriko

No GMER log because I'm running 64bit.




.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Hiriko at 23:44:34 on 2011-12-10
Microsoft Windows 7 Home Premium 6.1.7600.0.932.81.1033.18.4094.2409 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe
C:\Users\Hiriko\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Users\Hiriko\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Users\Hiriko\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: ATLAS Toolbar: {3c6301ed-0f78-4af2-8150-d9c052361a8e} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File
TB: ATLAS Toolbar: {3c6301ed-0f78-4af2-8150-d9c052361a8e} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL
TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [AdobeBridge]
uRun: [Google Update] "C:\Users\Hiriko\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Akamai NetSession Interface] C:\Users\Hiriko\AppData\Local\Akamai\netsession_win.exe
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
StartupFolder: C:\Users\Hiriko\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Translate with ATLAS - C:\Program Files (x86)\ATLAS V14\Atlscript.html
IE: ATLAS Translation &Editor - C:\Program Files (x86)\ATLAS V14\AtlscriptEdit.html
IE: {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files (x86)\ATLAS V14\Atlscript.html
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://www.netgame.com/mplugin/mglaunch_USAv1005.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: Interfaces\{19CF1B8A-E63E-41D3-9799-61C4A4CFBCC1} : DhcpNameServer = 205.171.3.25 205.171.2.25
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: ATLAS Toolbar: {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL
BHO-X64: ATLAS Toolbar - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO-X64: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File
BHO-X64: SMTTB2009 - No File
TB-X64: ATLAS Toolbar: {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL
TB-X64: HyperCam Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
IE-X64: {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files (x86)\ATLAS V14\Atlscript.html
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hiriko\AppData\Roaming\Mozilla\Firefox\Profiles\pht6mlov.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Hiriko\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Hiriko\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Hiriko\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Hiriko\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-8-18 7390560]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;C:\Windows\System32\drivers\libusb0.sys [2010-4-20 28672]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\system32\DRIVERS\nvoclk64.sys --> C:\Windows\system32\DRIVERS\nvoclk64.sys [?]
R3 VST64_DPV;VST64_DPV;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 VST64HWBS2;VST64HWBS2;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ProtectedStorage32;Protected Storage ;C:\Windows\system32\wiashext32.exe --> C:\Windows\system32\wiashext32.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-12-6 1025352]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-11-2 1038088]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011a\RpcAgentSrv.exe [2010-11-29 93848]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 47128]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-7-10 369688]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-12-11 06:21:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-11 06:01:57 -------- d-----w- C:\TDSSKiller_Quarantine
2011-12-11 05:53:54 -------- d-----w- C:\Users\Hiriko\AppData\Local\{A3963DA0-5D5B-497F-969C-91BB382E48B4}
2011-12-11 05:53:37 -------- d-----w- C:\Users\Hiriko\AppData\Local\{58F25F62-A1D0-421A-8915-25390222F641}
2011-12-11 05:53:20 -------- d-----w- C:\Users\Hiriko\AppData\Local\{330E015F-3259-4694-A6D9-F839EFB4C938}
2011-12-11 05:26:34 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2011-12-11 02:06:28 -------- d-----w- C:\Users\Hiriko\AppData\Local\{810E290E-3403-4AD7-A3D4-57FD91ADC055}
2011-12-11 02:06:17 -------- d-----w- C:\Users\Hiriko\AppData\Local\{6AF01BE7-4ACC-495A-AD67-40EDAEA1C1A6}
2011-12-11 02:06:06 -------- d-----w- C:\Users\Hiriko\AppData\Local\{E079BE00-2363-4350-8252-B7D1DAD8195B}
2011-12-11 02:05:44 -------- d-----w- C:\Users\Hiriko\AppData\Local\{E9E0F067-32EA-4F87-954A-646104AB9A72}
2011-12-10 14:05:18 -------- d-----w- C:\Users\Hiriko\AppData\Local\{4E54B98C-D55C-43D3-8670-9CEC67D9418F}
2011-12-10 14:05:07 -------- d-----w- C:\Users\Hiriko\AppData\Local\{A773FF67-00A1-414F-B53A-9269147B1895}
2011-12-10 14:04:56 -------- d-----w- C:\Users\Hiriko\AppData\Local\{0ED07785-CD9C-47F1-89D8-0E0D35F54846}
2011-12-10 14:04:31 -------- d-----w- C:\Users\Hiriko\AppData\Local\{CE967FB7-857C-4471-8935-3DC6AB76B800}
2011-12-09 18:23:10 -------- d-----w- C:\Users\Hiriko\AppData\Local\{4D543440-4CB4-427F-8C67-3C83D78FD28F}
2011-12-09 18:22:59 -------- d-----w- C:\Users\Hiriko\AppData\Local\{7D971737-E27E-46B2-B54A-BD2C021BB371}
2011-12-09 18:22:49 -------- d-----w- C:\Users\Hiriko\AppData\Local\{9182D3B6-B41B-4C19-97F1-5E95661A286B}
2011-12-09 18:22:27 -------- d-----w- C:\Users\Hiriko\AppData\Local\{650A9732-4442-4981-A75E-8329BBF7FC7C}
2011-12-09 06:22:01 -------- d-----w- C:\Users\Hiriko\AppData\Local\{3D1F93CD-559B-4688-9AFB-8A68EF2DC24C}
2011-12-09 06:21:50 -------- d-----w- C:\Users\Hiriko\AppData\Local\{6F57087E-EFCB-4ED5-991E-258AF9B259B2}
2011-12-09 06:21:39 -------- d-----w- C:\Users\Hiriko\AppData\Local\{285EBD91-6D8F-4564-A888-3B8FB8A90CC2}
2011-12-08 18:21:04 -------- d-----w- C:\Users\Hiriko\AppData\Local\{8FFC40C0-B5EB-4357-9F8D-7B79974540BA}
2011-12-08 18:20:54 -------- d-----w- C:\Users\Hiriko\AppData\Local\{17F8C01F-5A55-4791-8F58-2C8B3F892F6F}
2011-12-08 18:20:31 -------- d-----w- C:\Users\Hiriko\AppData\Local\{C6DF2C78-3BC3-46C2-BECF-9427E3338B84}
2011-12-08 18:20:18 -------- d-----w- C:\Users\Hiriko\AppData\Local\{A9965C01-EBBC-4D9E-AB88-86294A73F1E3}
2011-12-08 05:29:11 -------- d-----w- C:\Users\Hiriko\AppData\Local\{9581D79F-2749-4D5A-9FE4-6EBF5AFEC1D8}
2011-12-08 05:29:00 -------- d-----w- C:\Users\Hiriko\AppData\Local\{D22A7257-1AD9-43DC-908B-42697728CF7C}
2011-12-08 05:28:49 -------- d-----w- C:\Users\Hiriko\AppData\Local\{55C926E6-E7CD-4664-B504-864BCC4A6013}
2011-12-08 05:28:27 -------- d-----w- C:\Users\Hiriko\AppData\Local\{BE5FBADF-7365-4A07-8391-FA414E02AB6F}
2011-12-08 02:57:31 -------- d-----w- C:\Program Files (x86)\AIDROID
2011-12-07 17:28:00 -------- d-----w- C:\Users\Hiriko\AppData\Local\{58ECA275-CE4A-4D70-BA8B-02F46C9FADD9}
2011-12-07 17:27:49 -------- d-----w- C:\Users\Hiriko\AppData\Local\{CD5E7A7B-10B9-41AA-ADC8-D61FF3AFAACC}
2011-12-07 17:27:38 -------- d-----w- C:\Users\Hiriko\AppData\Local\{D9278EFE-6299-4A1D-AB3A-14A6C90D5ABC}
2011-12-07 17:27:16 -------- d-----w- C:\Users\Hiriko\AppData\Local\{89E586DE-B7E0-477C-A2A2-934C5177C99A}
2011-12-07 05:26:50 -------- d-----w- C:\Users\Hiriko\AppData\Local\{3CC84DBC-BB47-456F-9FB1-13B76A495329}
2011-12-07 05:26:39 -------- d-----w- C:\Users\Hiriko\AppData\Local\{EDFEE49A-5926-442E-8505-9315BBEC5892}
2011-12-07 05:26:06 -------- d-----w- C:\Users\Hiriko\AppData\Local\{CFDC0259-AA37-48F6-B4E1-93045CC24B03}
2011-12-06 17:25:41 -------- d-----w- C:\Users\Hiriko\AppData\Local\{A4B817C1-810D-4D3A-9DD7-B821E4A9B14F}
2011-12-06 17:25:30 -------- d-----w- C:\Users\Hiriko\AppData\Local\{64A36BE1-79C0-455F-B7BB-CE645A850786}
2011-12-06 17:25:19 -------- d-----w- C:\Users\Hiriko\AppData\Local\{2320D380-D27D-4CAF-B95A-BDEFB7B5D659}
2011-12-06 17:25:06 -------- d-----w- C:\Users\Hiriko\AppData\Local\{7BB9B843-B809-4C07-9BE1-1FF73F7404AE}
2011-12-06 04:36:31 -------- d-----w- C:\Users\Hiriko\AppData\Local\{3F4BBEC9-03C8-46B2-B99C-825BBA6B6AB6}
2011-12-06 04:36:20 -------- d-----w- C:\Users\Hiriko\AppData\Local\{C3207C74-892D-4AE7-9236-97FA0E90759A}
2011-12-06 04:35:47 -------- d-----w- C:\Users\Hiriko\AppData\Local\{8F5B60BB-84CC-402A-8AE4-9835A0E4F3B7}
2011-12-05 16:35:22 -------- d-----w- C:\Users\Hiriko\AppData\Local\{0E796310-3272-49CA-8EAC-2C59BCF4AD7D}
2011-12-05 16:35:11 -------- d-----w- C:\Users\Hiriko\AppData\Local\{1B07AA9C-572C-4017-8A58-34451C0142B4}
2011-12-05 16:34:59 -------- d-----w- C:\Users\Hiriko\AppData\Local\{81581498-F55E-48D0-9C41-2E8C12CC74E7}
2011-12-05 16:34:18 -------- d-----w- C:\Users\Hiriko\AppData\Local\{04B7B637-3A2C-4824-9320-9C3B3B7030AC}
2011-12-05 02:12:09 -------- d-----w- C:\Users\Hiriko\AppData\Local\{3A40D545-D95C-48B8-B106-978611309768}
2011-12-05 02:11:59 -------- d-----w- C:\Users\Hiriko\AppData\Local\{9DE6040C-11FB-4AE6-ABA4-4606CDD97652}
2011-12-05 02:11:48 -------- d-----w- C:\Users\Hiriko\AppData\Local\{EB64955F-499F-4D2D-A5F7-FA4D32509D81}
2011-12-05 02:11:26 -------- d-----w- C:\Users\Hiriko\AppData\Local\{3C372022-103A-4414-847F-6B9AC0803D8C}
2011-12-04 14:11:00 -------- d-----w- C:\Users\Hiriko\AppData\Local\{F669432D-650F-459D-80FC-12D81E765FEF}
2011-12-04 14:10:49 -------- d-----w- C:\Users\Hiriko\AppData\Local\{AEDC6D25-C020-4864-9C6D-A578130D826C}
2011-12-04 14:10:27 -------- d-----w- C:\Users\Hiriko\AppData\Local\{4E3C65FE-5DE0-4037-8AAF-9E43A2D1A944}
2011-12-04 14:10:20 -------- d-----w- C:\Users\Hiriko\AppData\Local\{01DEECE4-5472-4116-AD29-D643A156129C}
2011-12-04 02:02:24 -------- d-----w- C:\Users\Hiriko\AppData\Local\{3569B1AC-9E19-488D-89BC-39368D449118}
2011-12-04 02:02:13 -------- d-----w- C:\Users\Hiriko\AppData\Local\{17D19C97-3D6F-446F-8B2F-09395E944BC2}
2011-12-04 02:02:03 -------- d-----w- C:\Users\Hiriko\AppData\Local\{5630F6CF-10F4-48F1-8983-BC00A432D8C7}
2011-12-04 02:01:40 -------- d-----w- C:\Users\Hiriko\AppData\Local\{D12FE0DB-24DD-4F85-AAF3-D06E252F2AE0}
2011-12-03 14:01:15 -------- d-----w- C:\Users\Hiriko\AppData\Local\{68C34C25-CC95-417A-8A7B-B806306AB3B7}
2011-12-03 14:01:04 -------- d-----w- C:\Users\Hiriko\AppData\Local\{A083B255-8880-433D-A1F0-5B90417DB2A4}
2011-12-03 14:00:53 -------- d-----w- C:\Users\Hiriko\AppData\Local\{AB4292C3-F99B-46E9-B016-6553C92FC983}
2011-12-03 14:00:39 -------- d-----w- C:\Users\Hiriko\AppData\Local\{EB85EAAC-222A-41FF-826E-B9BF84AC19D5}
2011-12-03 03:48:40 -------- d-----w- C:\Users\Hiriko\jagexcache
2011-12-02 18:05:01 -------- d-----w- C:\Users\Hiriko\AppData\Local\{137EB6FF-B266-4B21-8F5E-D7A7EBDBF76A}
2011-12-02 18:04:50 -------- d-----w- C:\Users\Hiriko\AppData\Local\{4CD9D948-37B6-48C3-92E2-0DD902B199B5}
2011-12-02 18:04:39 -------- d-----w- C:\Users\Hiriko\AppData\Local\{ACB5E355-80DF-4D61-9261-975E4CE582D9}
2011-12-02 18:04:17 -------- d-----w- C:\Users\Hiriko\AppData\Local\{CC698724-D2F8-426E-AB73-B648F89A9E8A}
2011-12-02 06:03:51 -------- d-----w- C:\Users\Hiriko\AppData\Local\{60A75868-2B4F-4987-8981-A64A95D706A2}
2011-12-02 06:03:41 -------- d-----w- C:\Users\Hiriko\AppData\Local\{5E1DA377-05A9-48E9-980C-CC883CBCB2CD}
2011-12-02 06:03:08 -------- d-----w- C:\Users\Hiriko\AppData\Local\{D660591F-C691-461E-8EB3-FDD46FF492EB}
2011-12-01 18:02:55 -------- d-----w- C:\Users\Hiriko\AppData\Local\{3B7C928B-B142-4117-9E62-A40A50D8A838}
2011-12-01 18:02:44 -------- d-----w- C:\Users\Hiriko\AppData\Local\{0714E4AB-FCB9-4A78-BBFE-98BE10902EDF}
2011-12-01 18:02:33 -------- d-----w- C:\Users\Hiriko\AppData\Local\{5DCC9B6B-F104-4026-B7EE-466B1E2D0AFF}
2011-12-01 18:02:09 -------- d-----w- C:\Users\Hiriko\AppData\Local\{C9FAE70B-BB36-484F-BE34-CE8D9C48A4B7}
2011-12-01 05:57:00 -------- d-----w- C:\Users\Hiriko\AppData\Local\{1C72B06E-9079-443B-92B7-407BF2182545}
2011-12-01 05:56:48 -------- d-----w- C:\Users\Hiriko\AppData\Local\{1032CB4F-4FB7-4A87-B867-E8EB21F49A63}
2011-12-01 05:56:37 -------- d-----w- C:\Users\Hiriko\AppData\Local\{B6D2EC16-3021-4162-9532-5D27F9C73C46}
2011-12-01 05:56:14 -------- d-----w- C:\Users\Hiriko\AppData\Local\{EB963647-1EB1-4829-88ED-BEDDBB595198}
2011-12-01 03:39:40 -------- d-----w- C:\Perfect World Entertainment
2011-11-30 17:55:09 -------- d-----w- C:\Users\Hiriko\AppData\Local\{4CAEC1D1-6755-4FE7-AEFC-84B4069DA166}
2011-11-30 17:54:58 -------- d-----w- C:\Users\Hiriko\AppData\Local\{45A9E390-B038-486F-A398-EE03AFEA5B26}
2011-11-30 17:54:47 -------- d-----w- C:\Users\Hiriko\AppData\Local\{FD1D9987-0FA2-45FC-BDD3-8A19FA0FFC92}
2011-11-30 17:54:25 -------- d-----w- C:\Users\Hiriko\AppData\Local\{71482EDE-371F-48A1-94C9-AA37203893F2}
2011-11-30 05:53:59 -------- d-----w- C:\Users\Hiriko\AppData\Local\{F9814A3B-0A3F-4EA1-A782-1883B5C0DCB9}
2011-11-30 05:53:48 -------- d-----w- C:\Users\Hiriko\AppData\Local\{AA8A9D0E-98AE-4463-A5C5-8D5E8A9F278A}
2011-11-30 05:53:13 -------- d-----w- C:\Users\Hiriko\AppData\Local\{8A977297-4151-4940-A88D-DE3C97828C2E}
2011-11-29 17:52:49 -------- d-----w- C:\Users\Hiriko\AppData\Local\{41081263-38B8-4D7E-BA7D-CA02606EA6E9}
2011-11-29 17:52:38 -------- d-----w- C:\Users\Hiriko\AppData\Local\{6E835C79-A028-44C6-AE41-41AC31D70FFD}
2011-11-29 17:52:26 -------- d-----w- C:\Users\Hiriko\AppData\Local\{00D07309-735C-494E-89A6-29F9F3E1A75F}
2011-11-29 17:52:13 -------- d-----w- C:\Users\Hiriko\AppData\Local\{34D228B0-3E09-4AF3-9591-66009CB6F1C8}
2011-11-29 05:46:54 -------- d-----w- C:\Users\Hiriko\AppData\Local\{6C5042B4-9C23-48DA-87C4-B556FD26CB91}
2011-11-29 05:46:43 -------- d-----w- C:\Users\Hiriko\AppData\Local\{3D770125-3F3B-4231-8207-8E9A0D2E3C57}
2011-11-29 05:46:31 -------- d-----w- C:\Users\Hiriko\AppData\Local\{3DC4504A-687E-4995-8667-9B0BE70DFBC5}
2011-11-28 17:45:57 -------- d-----w- C:\Users\Hiriko\AppData\Local\{C37547F9-18A2-4037-BB47-88D611876B23}
2011-11-28 17:45:46 -------- d-----w- C:\Users\Hiriko\AppData\Local\{32A339EE-D759-483D-86B6-75BF7C57EF38}
2011-11-28 17:45:34 -------- d-----w- C:\Users\Hiriko\AppData\Local\{A864DE76-F662-4F35-80E3-8440066CEB2D}
2011-11-28 17:45:10 -------- d-----w- C:\Users\Hiriko\AppData\Local\{9785B580-9651-4695-9934-A141B5FC3680}
2011-11-28 02:11:36 -------- d-----w- C:\Users\Hiriko\AppData\Local\{F83078D3-C190-4492-8CD3-0B8876518FF4}
2011-11-28 02:11:25 -------- d-----w- C:\Users\Hiriko\AppData\Local\{B93E22DC-6FD5-401A-812D-43CEEA9A6B8D}
2011-11-28 02:11:14 -------- d-----w- C:\Users\Hiriko\AppData\Local\{1694B499-C994-45B0-B188-BE81254509FC}
2011-11-28 02:10:52 -------- d-----w- C:\Users\Hiriko\AppData\Local\{E8F8FA9D-D469-4ADE-8BD5-9FC6C9FA03CB}
2011-11-27 14:10:26 -------- d-----w- C:\Users\Hiriko\AppData\Local\{031BA647-2422-4B33-A3D7-4BC35A383099}
2011-11-27 14:10:15 -------- d-----w- C:\Users\Hiriko\AppData\Local\{9E447059-ECCE-4210-ADE3-9F354774FF22}
2011-11-27 14:09:58 -------- d-----w- C:\Users\Hiriko\AppData\Local\{247269B8-1CEC-4E85-97A6-5AF6F79F7423}
2011-11-26 22:57:20 -------- d-----w- C:\Users\Hiriko\AppData\Local\{6A3C2585-2FAB-43FD-B7FE-6DFCB9FEC662}
2011-11-26 22:56:56 -------- d-----w- C:\Users\Hiriko\AppData\Local\{30351BA5-34F0-46D5-80FA-269F75E05075}
2011-11-26 22:56:44 -------- d-----w- C:\Users\Hiriko\AppData\Local\{B13C8201-C387-4AA2-B188-F6A7BB5C58B1}
2011-11-26 22:56:31 -------- d-----w- C:\Users\Hiriko\AppData\Local\{080A1CF6-623D-4426-B722-8A36EAC7FCB3}
2011-11-26 05:47:45 -------- d-----w- C:\Users\Hiriko\AppData\Local\{890B284B-58FC-47F7-ACEA-E897D5630E15}
2011-11-26 05:47:34 -------- d-----w- C:\Users\Hiriko\AppData\Local\{17547523-77A9-492C-BC8B-259D2FF94F36}
2011-11-26 05:47:01 -------- d-----w- C:\Users\Hiriko\AppData\Local\{C2728D8B-EAD9-4998-A878-D870AA2DFE0E}
2011-11-25 17:46:49 -------- d-----w- C:\Users\Hiriko\AppData\Local\{823B5783-65BA-4C1B-9CDB-AE255A6BD1FC}
2011-11-25 17:46:38 -------- d-----w- C:\Users\Hiriko\AppData\Local\{79118C3D-D313-4DE7-A2D4-B407E1617994}
2011-11-25 17:46:27 -------- d-----w- C:\Users\Hiriko\AppData\Local\{1862E2BE-D5AE-4EC6-A932-30431085ECE4}
2011-11-25 17:46:05 -------- d-----w- C:\Users\Hiriko\AppData\Local\{6C7960D1-016E-4124-ABE0-C61A21092EDF}
2011-11-25 05:45:39 -------- d-----w- C:\Users\Hiriko\AppData\Local\{711DF4A9-D1A0-41A7-B352-454C19DEEC29}
2011-11-25 05:45:28 -------- d-----w- C:\Users\Hiriko\AppData\Local\{05751424-459A-442C-83E5-EF0C000EC925}
2011-11-25 05:45:18 -------- d-----w- C:\Users\Hiriko\AppData\Local\{757CDBE5-D401-465C-A25A-4C7CA1BDD3F0}
2011-11-25 05:44:56 -------- d-----w- C:\Users\Hiriko\AppData\Local\{8141DE16-9379-4D37-8263-0C076696C9A1}
2011-11-24 17:44:30 -------- d-----w- C:\Users\Hiriko\AppData\Local\{B17D611E-57AC-46FE-BB96-69EF97C39A02}
2011-11-24 17:44:19 -------- d-----w- C:\Users\Hiriko\AppData\Local\{405A3447-387D-4951-9E5A-4A0074B40172}
2011-11-24 17:44:08 -------- d-----w- C:\Users\Hiriko\AppData\Local\{15B05FCD-3F16-4B70-B703-2C766F0D7C7D}
2011-11-24 17:43:46 -------- d-----w- C:\Users\Hiriko\AppData\Local\{44744782-B7DF-4D29-A61C-BA82AB01FB85}
2011-11-24 05:43:21 -------- d-----w- C:\Users\Hiriko\AppData\Local\{D7896737-DA64-4373-BF55-D067244EDE39}
2011-11-24 05:43:10 -------- d-----w- C:\Users\Hiriko\AppData\Local\{AD3126E9-073F-4A26-B7DD-6C786E804A31}
2011-11-24 05:42:59 -------- d-----w- C:\Users\Hiriko\AppData\Local\{F1881CA1-8A6C-4067-9743-C5460D117DA9}
2011-11-24 03:34:00 685056 ----a-w- C:\Windows\SysWow64\RGSS103J.dll
2011-11-24 03:32:25 -------- d-----w- C:\Program Files\SQDT
2011-11-23 17:42:24 -------- d-----w- C:\Users\Hiriko\AppData\Local\{77C9BB21-BBDF-449B-BC99-63364EB7BE82}
2011-11-23 17:42:13 -------- d-----w- C:\Users\Hiriko\AppData\Local\{D476396D-CB28-4F2A-8468-833B5CAB8D11}
2011-11-23 17:42:02 -------- d-----w- C:\Users\Hiriko\AppData\Local\{B026F1DC-DAD1-4017-9948-5D5301A93747}
2011-11-23 17:41:50 -------- d-----w- C:\Users\Hiriko\AppData\Local\{272F2BCE-708D-4C68-A476-FF7E3D3470BA}
2011-11-23 05:20:42 -------- d-----w- C:\Users\Hiriko\AppData\Local\{43E28037-BF69-45CB-8A22-AA8A341A207C}
2011-11-23 05:20:31 -------- d-----w- C:\Users\Hiriko\AppData\Local\{70E83754-55AF-4E50-AF25-CD75400E5D3C}
2011-11-23 05:19:56 -------- d-----w- C:\Users\Hiriko\AppData\Local\{2303D1EC-43DB-4A7C-BFA4-63A4BB1BD372}
2011-11-22 17:19:44 -------- d-----w- C:\Users\Hiriko\AppData\Local\{965174A0-6F7F-45AA-A510-6FE9758E1CDD}
2011-11-22 17:19:33 -------- d-----w- C:\Users\Hiriko\AppData\Local\{74B73621-688C-40D1-846A-0D814DEA1C5A}
2011-11-22 17:19:22 -------- d-----w- C:\Users\Hiriko\AppData\Local\{9DA20DCB-D946-4DD3-A3CC-A32ACF0636F2}
2011-11-22 17:19:00 -------- d-----w- C:\Users\Hiriko\AppData\Local\{42F9D0C9-DF7E-4FEF-9388-B49C770A22A2}
2011-11-22 05:18:34 -------- d-----w- C:\Users\Hiriko\AppData\Local\{FA77BC13-F73E-4B7E-8F68-2EB144679DE7}
2011-11-22 05:18:23 -------- d-----w- C:\Users\Hiriko\AppData\Local\{70BB9F40-BE6E-4DC2-9674-3B1343588BEC}
2011-11-22 05:17:50 -------- d-----w- C:\Users\Hiriko\AppData\Local\{8C138F6A-2700-41FD-9D8A-02C7F1E2E83E}
2011-11-21 17:17:37 -------- d-----w- C:\Users\Hiriko\AppData\Local\{42624689-D675-4374-936C-CE548A2BB829}
2011-11-21 17:17:26 -------- d-----w- C:\Users\Hiriko\AppData\Local\{BE19C44F-F346-400D-8DE3-66BF86C2D8B7}
2011-11-21 17:17:01 -------- d-----w- C:\Users\Hiriko\AppData\Local\{4023AE6D-8919-4576-BACD-032EDFE7250F}
2011-11-21 17:16:46 -------- d-----w- C:\Users\Hiriko\AppData\Local\{14A8B96B-3A72-446F-8E2C-9707D498B165}
2011-11-21 02:12:22 -------- d-----w- C:\Users\Hiriko\AppData\Local\{1566D607-F92F-4AED-8FC6-EB1C417A1DA3}
2011-11-21 02:12:11 -------- d-----w- C:\Users\Hiriko\AppData\Local\{51F27F12-332D-4E28-8ABB-DA6CF328D2B7}
2011-11-21 02:12:00 -------- d-----w- C:\Users\Hiriko\AppData\Local\{1577ACA0-CB82-4A5E-AFE0-7AD3D4C751E9}
2011-11-21 02:11:45 -------- d-----w- C:\Users\Hiriko\AppData\Local\{08125704-F07E-453F-A16D-A680B0D7322D}
2011-11-20 14:11:20 -------- d-----w- C:\Users\Hiriko\AppData\Local\{0F39897E-256D-4F84-9187-742BA5283747}
2011-11-20 14:11:09 -------- d-----w- C:\Users\Hiriko\AppData\Local\{C1018DCA-79A0-4AD4-A0F5-F587F2BE9E6F}
2011-11-20 14:10:46 -------- d-----w- C:\Users\Hiriko\AppData\Local\{106AB609-A06B-42BB-9084-EFC53F4B50AE}
2011-11-20 14:10:32 -------- d-----w- C:\Users\Hiriko\AppData\Local\{0AD5C002-3603-48D0-9F2E-A016464B8FC2}
2011-11-19 22:54:19 -------- d-----w- C:\Users\Hiriko\AppData\Local\{692CB2B7-ECDF-4FC3-8471-33570A1E890A}
2011-11-19 22:53:57 -------- d-----w- C:\Users\Hiriko\AppData\Local\{C85C86FA-C88F-4E3C-B935-501554799C10}
2011-11-19 22:53:35 -------- d-----w- C:\Users\Hiriko\AppData\Local\{176108D6-62DB-497E-A15F-0D60C7AFA9E7}
2011-11-19 22:53:19 -------- d-----w- C:\Users\Hiriko\AppData\Local\{ADB32A19-0149-4C4B-9B6C-596C3A426716}
2011-11-19 05:48:18 -------- d-----w- C:\Users\Hiriko\AppData\Local\{5082D04D-349E-4E5F-A97A-EB54BAA0382E}
2011-11-18 17:47:43 -------- d-----w- C:\Users\Hiriko\AppData\Local\{38D1F077-F72F-4544-9663-24D7748DA232}
2011-11-18 17:47:32 -------- d-----w- C:\Users\Hiriko\AppData\Local\{26972CFC-A7D2-43CD-A38B-1215CA088503}
2011-11-18 17:47:09 -------- d-----w- C:\Users\Hiriko\AppData\Local\{8E708977-AD3A-42B3-875E-384C6D03019C}
2011-11-18 17:46:57 -------- d-----w- C:\Users\Hiriko\AppData\Local\{C49D4C6B-FB7D-48FF-BE00-34F23D53D9CB}
2011-11-18 05:44:08 -------- d-----w- C:\Users\Hiriko\AppData\Local\{1B88C033-3739-4B43-A062-A394E50421A6}
2011-11-18 05:43:57 -------- d-----w- C:\Users\Hiriko\AppData\Local\{B81B00BE-B2EA-4A4A-8B61-B3D374B2D14F}
2011-11-18 05:43:24 -------- d-----w- C:\Users\Hiriko\AppData\Local\{30B2B6D3-C8D9-4558-AA45-F3E74403534F}
2011-11-17 17:43:12 -------- d-----w- C:\Users\Hiriko\AppData\Local\{B8E1048A-DB5B-4866-BAA8-2EAD8BA4DC20}
2011-11-17 17:43:01 -------- d-----w- C:\Users\Hiriko\AppData\Local\{0795B9BB-C323-43E4-9F26-E7224C11A1C6}
2011-11-17 17:42:50 -------- d-----w- C:\Users\Hiriko\AppData\Local\{B6B045F3-517D-4390-B233-F613C8E84A75}
2011-11-17 17:42:28 -------- d-----w- C:\Users\Hiriko\AppData\Local\{E2B61610-4388-44D3-80FE-C7B3CAD1B354}
2011-11-17 05:42:03 -------- d-----w- C:\Users\Hiriko\AppData\Local\{1E6750D7-48C6-4034-8B38-8D9D551010F8}
2011-11-17 05:41:52 -------- d-----w- C:\Users\Hiriko\AppData\Local\{66ED3030-BDA2-4B4A-934A-0DD1B5EE551F}
2011-11-17 05:41:41 -------- d-----w- C:\Users\Hiriko\AppData\Local\{4602859D-24E9-4947-9242-C49597DAF369}
2011-11-17 05:41:18 -------- d-----w- C:\Users\Hiriko\AppData\Local\{69D025DF-1347-4CD6-8911-C84E28929D86}
2011-11-16 17:40:53 -------- d-----w- C:\Users\Hiriko\AppData\Local\{262C5E87-98A2-46A6-8D13-2FF8D7E7EC31}
2011-11-16 17:40:42 -------- d-----w- C:\Users\Hiriko\AppData\Local\{33E37054-DB18-48D9-B8EF-E8B40E1D68FB}
2011-11-16 17:40:32 -------- d-----w- C:\Users\Hiriko\AppData\Local\{B9955809-8378-4720-A7B0-BBD2F144A0D2}
2011-11-16 17:40:10 -------- d-----w- C:\Users\Hiriko\AppData\Local\{9A86AF2E-AE92-41EC-A02C-C98370532965}
2011-11-16 05:39:44 -------- d-----w- C:\Users\Hiriko\AppData\Local\{3C02367D-7BB9-4FB9-A071-1B744368B5AE}
2011-11-16 05:39:33 -------- d-----w- C:\Users\Hiriko\AppData\Local\{3571E766-CD97-47D9-82DF-7325D88E31EE}
2011-11-16 05:39:00 -------- d-----w- C:\Users\Hiriko\AppData\Local\{725EB817-377E-4135-8957-78A601E2B367}
2011-11-16 05:02:40 -------- d-----w- C:\Program Files (x86)\Will
2011-11-15 17:38:35 -------- d-----w- C:\Users\Hiriko\AppData\Local\{53CB9753-5ADB-4F3B-AA89-7D9E8C75E8D9}
2011-11-15 17:38:24 -------- d-----w- C:\Users\Hiriko\AppData\Local\{7A5D5046-F763-484E-9FCC-43BF38F35C5D}
2011-11-15 17:38:13 -------- d-----w- C:\Users\Hiriko\AppData\Local\{A1BA64C0-103C-4FCA-88AB-C3149E1F7B29}
2011-11-15 17:38:00 -------- d-----w- C:\Users\Hiriko\AppData\Local\{0F47C9AF-6AB3-42E5-B074-2D8080414286}
2011-11-15 04:11:13 -------- d-----w- C:\Users\Hiriko\AppData\Local\{4DFB1DE3-4F40-4E69-B49D-D368B84E2D6F}
2011-11-15 04:11:02 -------- d-----w- C:\Users\Hiriko\AppData\Local\{B35AD4E6-6CF6-4C5F-A3EF-C4B59E772A48}
2011-11-15 04:10:29 -------- d-----w- C:\Users\Hiriko\AppData\Local\{BC96C185-C7AB-4E2D-91AC-9ADA9D2829AC}
2011-11-14 16:28:55 49152 ----a-r- C:\Users\Hiriko\AppData\Roaming\Microsoft\Installer\{FD1E17BC-2956-4AD7-B937-D23F06F1A5E8}\NewShortcut1_FD1E17BC29564AD7B937D23F06F1A5E8.exe
2011-11-14 16:10:16 -------- d-----w- C:\Users\Hiriko\AppData\Local\{872E345D-B1FF-45A3-918D-3E69A1CB429A}
2011-11-14 16:09:52 -------- d-----w- C:\Users\Hiriko\AppData\Local\{101E0730-4428-4540-9377-729FEA03F2DE}
2011-11-14 16:09:40 -------- d-----w- C:\Users\Hiriko\AppData\Local\{3C2782B5-226F-451E-9486-B0BAD60A2188}
2011-11-14 16:09:26 -------- d-----w- C:\Users\Hiriko\AppData\Local\{8873D4D8-CA5E-4CEB-9163-EC73D2C02BEF}
2011-11-14 02:05:04 -------- d-----w- C:\Users\Hiriko\AppData\Local\{9FE59B9D-6A8C-43D4-86CD-F7ADF632942F}
2011-11-14 02:04:53 -------- d-----w- C:\Users\Hiriko\AppData\Local\{22E573BB-2D1C-40EA-86D6-5D5383C7E18C}
2011-11-14 02:04:42 -------- d-----w- C:\Users\Hiriko\AppData\Local\{BB1BBE64-E672-48F6-B5C7-F3AC15E108C1}
2011-11-14 02:04:20 -------- d-----w- C:\Users\Hiriko\AppData\Local\{C6A054A3-7ECF-4553-BCB5-58D4CA679D85}
2011-11-13 14:03:55 -------- d-----w- C:\Users\Hiriko\AppData\Local\{7978B518-27DE-47FB-9E85-F335B7E8A923}
2011-11-13 14:03:44 -------- d-----w- C:\Users\Hiriko\AppData\Local\{4124303A-ACA3-48EF-9CB1-075544336BEB}
2011-11-13 14:03:22 -------- d-----w- C:\Users\Hiriko\AppData\Local\{F1158598-7F6E-44A3-A95B-C68666CE575A}
2011-11-13 14:03:09 -------- d-----w- C:\Users\Hiriko\AppData\Local\{B562268A-4D88-46F7-A626-EDC5E6A6FF20}
2011-11-12 22:56:06 -------- d-----w- C:\Users\Hiriko\AppData\Local\{775D496A-4C16-40F3-B91E-8B5FFE14321F}
2011-11-12 22:55:42 -------- d-----w- C:\Users\Hiriko\AppData\Local\{1B2B62E2-59CF-44B4-9821-6AA25681BD49}
2011-11-12 22:55:29 -------- d-----w- C:\Users\Hiriko\AppData\Local\{E9B12CA4-3741-497F-957D-68FCFD026B87}
2011-11-12 22:55:14 -------- d-----w- C:\Users\Hiriko\AppData\Local\{31B82A67-82D1-4977-AF07-40D17D6E0980}
2011-11-12 05:27:32 -------- d-----w- C:\Users\Hiriko\AppData\Local\{BAB7B689-AC58-4D4C-AB5F-664498702079}
2011-11-12 05:27:21 -------- d-----w- C:\Users\Hiriko\AppData\Local\{207244E4-CE50-47AD-8736-B85E9032C3BB}
2011-11-12 05:26:48 -------- d-----w- C:\Users\Hiriko\AppData\Local\{38841739-9249-4294-B248-65A1F085CFEB}
2011-11-11 17:26:21 -------- d-----w- C:\Users\Hiriko\AppData\Local\{0B1CC698-2091-409C-AE01-32616B9723FD}
2011-11-11 17:26:08 -------- d-----w- C:\Users\Hiriko\AppData\Local\{C2C70070-10F9-49B2-AE6D-E0C142C97933}
2011-11-11 17:25:55 -------- d-----w- C:\Users\Hiriko\AppData\Local\{F72A8A27-6388-427A-A4E2-ABC41734E31E}
2011-11-11 17:25:40 -------- d-----w- C:\Users\Hiriko\AppData\Local\{565A3513-2340-4A6A-97DC-281D302B35EF}
.
==================== Find3M ====================
.
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:09:30 3141120 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 23:48:39.81 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Hiriko

Hiriko
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 11 December 2011 - 09:42 AM

I managed to fix it.

If anyone else is having issues you can also use the "Restore" option. Then run kaspersky's Virus Removal to get rid of anything left over.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:54 AM

Posted 11 December 2011 - 05:01 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users