Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with "stdrt.exe", a constant audio advertisement.


  • This topic is locked This topic is locked
90 replies to this topic

#1 Proguerammer

Proguerammer

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tempe
  • Local time:03:37 AM

Posted 26 January 2012 - 09:21 PM

I recently downloaded a copy of FL Studio 10, a music-mixing program used by wannabe DJs. Since then, I have had an audio advertisement overlay that plays nearly constantly as soon as my system starts up, even before I log onto my account. Luckily, through the Volume Mixer, I am able to silence this audio for a quick fix, but I don't know if my system has been compromised, if there is something more underlying, or if this was just intended to annoy the hell out of its victims.
Also, my PC has been suffering from unexpected shutdowns lately. This was happening before I contracted the audio malware. Initially, I thought it was due to my laptop overheating, as it tends to get pretty hot a lot of the time. But after applying thermal paste and stopping some unnecessary processes, it doesn't seem to be due to overheating. It may be due to a problem with flash player, because it always occurs when I am streaming video (also, flash player crashes pretty often lately). Upon restarting my system after these shutdowns, Windows does not recognize it as an unexpected shutdown and reboots normally, although it does see it as unexpected in my Event Log. Still, there are no other errors in my Event Logs at that particular time, so at least that doesn't seem to be a security issue.
My main concern here is the audio malware, which I really hope can be taken care of. The unexpected shutdowns are not a big deal as long as they truly don't have to do with system security.
In an attempt to fix the malware issue, my friend deleted all my temp files in safe mode, but the problem persists. Also, my restore points have been cleared. Initially we saw the process as being labeled stdrt.exe, but after ending the process and clearing temp files, the issue continues even though the process no longer comes up.
Thanks for the the help!

Here is the DDS.txt


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by Elliott Goldman at 18:55:59 on 2012-01-26
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4063.1269 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\RtkAudioService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Protector Suite\upeksvr.exe
C:\Windows\TEMP\mrt95C9.tmp\stdrt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Protector Suite\psqltray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Sony\VAIO Media plus\VMpTtray.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMTray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe
C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe
C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [VMpTtray.exe] C:\Program Files (x86)\Sony\VAIO Media plus\VMpTtray.exe
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [Google Update] "C:\Users\Elliott Goldman\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [AML] "C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe" InitApp
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"
mRun: [SteelSeries World of Warcraft MMO Gaming Mouse] C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [<NO NAME>]
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\ELLIOT~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\Users\ELLIOT~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: corel.com
Trusted Zone: corel.com\www
Trusted Zone: intervideo.com
Trusted Zone: intervideo.com\www
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 64.189.112.42 66.112.235.200
TCP: Interfaces\{71CBA914-D6D1-43A9-83E0-DABA7FFB5D43} : DhcpNameServer = 64.189.112.42 66.112.235.200
TCP: Interfaces\{71CBA914-D6D1-43A9-83E0-DABA7FFB5D43}\163757 : DhcpNameServer = 129.219.17.200 129.219.17.5 129.219.13.81
TCP: Interfaces\{71CBA914-D6D1-43A9-83E0-DABA7FFB5D43}\2656C6B696E6E2131336 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{71CBA914-D6D1-43A9-83E0-DABA7FFB5D43}\269647E65627 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{71CBA914-D6D1-43A9-83E0-DABA7FFB5D43}\540796B6F66666 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{71CBA914-D6D1-43A9-83E0-DABA7FFB5D43}\84F4F435945425358333 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{E126FC9B-0BF3-4390-AEEC-CC3EC69FC5A8} : DhcpNameServer = 64.189.112.42 66.112.235.200
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli psqlpwd C:\Program Files\Protector Suite\psqlpwd.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [AML] "C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe" InitApp
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"
mRun-x64: [SteelSeries World of Warcraft MMO Gaming Mouse] C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [(Default)]
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Elliott Goldman\AppData\Roaming\Mozilla\Firefox\Profiles\q7n3t41c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Elliott Goldman\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Elliott Goldman\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
FF - plugin: C:\Users\Elliott Goldman\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Elliott Goldman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Elliott Goldman\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-15 2329480]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]
R2 RtkAudioService;Realtek Audio Service;C:\Windows\RTKAUDIOSERVICE.EXE [2008-11-21 134656]
R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe [2009-3-24 103712]
R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe [2009-3-24 353568]
R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe [2009-3-24 62752]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-3-24 104960]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2008-11-21 407392]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-9-3 446464]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-3-24 369952]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 AVerAVF2;AVerAVF2;C:\Windows\system32\DRIVERS\AVerAVF2.sys --> C:\Windows\system32\DRIVERS\AVerAVF2.sys [?]
R3 JMCR_CFS;JMCR_CFS;C:\Windows\system32\DRIVERS\jmcr_cfs.sys --> C:\Windows\system32\DRIVERS\jmcr_cfs.sys [?]
R3 Mo3Fltr;MMO Mouse;C:\Windows\system32\drivers\Mo3Fltr.sys --> C:\Windows\system32\drivers\Mo3Fltr.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-10-27 1429608]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 Adobe Licensing Console;Adobe Licensing Console;C:\Windows\SysWOW64\adbcnsl.exe [2012-1-18 689492]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SampleCollector;Intel® Sample Collector;"C:\Program Files\Sony\VAIO Care\collsvc.exe" "/service" "/counter=\Processor(_Total)\% Processor Time:5" "/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5" "/counter=\Network Interface(*)\Bytes Total/sec:5" "/directory=inteldata" --> C:\Program Files\Sony\VAIO Care\collsvc.exe [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-01-26 22:03:37 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F00EB0E8-D11F-428D-AD84-FC5206DA96D8}\mpengine.dll
2012-01-25 02:20:39 -------- d-----w- C:\Program Files\iTunes
2012-01-25 02:20:39 -------- d-----w- C:\Program Files\iPod
2012-01-23 07:03:34 -------- d-----w- C:\Users\Elliott Goldman\AppData\Local\Diagnostics
2012-01-23 03:05:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-20 23:40:09 -------- d-----w- C:\Users\Elliott Goldman\AppData\Local\{42176508-505B-4ABA-8529-10F457500212}
2012-01-20 23:39:48 -------- d-----w- C:\Users\Elliott Goldman\AppData\Local\{B5DCF810-1610-4E01-9516-10A52C0E0348}
2012-01-20 04:56:38 -------- d-----w- C:\Users\Elliott Goldman\AppData\Local\{D74F4531-EE4A-40FE-846E-EC10CBD26252}
2012-01-20 04:56:28 -------- d-----w- C:\Users\Elliott Goldman\AppData\Local\{3E87AFBF-02FA-4561-BA11-62EA385B1BD3}
2012-01-19 21:33:18 384 ----a-w- C:\Windows\SysWow64\checkOS.bat
2012-01-19 03:31:34 -------- d-----w- C:\Users\Elliott Goldman\AppData\Roaming\MMFApplications
2012-01-19 03:09:51 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2
2012-01-19 03:08:05 225280 ----a-w- C:\Windows\SysWow64\rewire.dll
2012-01-19 03:07:55 1554944 ----a-w- C:\Windows\SysWow64\vorbis.acm
2012-01-19 03:07:52 -------- d-----w- C:\Program Files (x86)\Outsim
2012-01-19 03:04:43 -------- d-----w- C:\Program Files (x86)\Image-Line
2012-01-19 03:00:45 689492 ----a-w- C:\Windows\SysWow64\adbcnsl.exe
2012-01-17 02:17:46 -------- d-----w- C:\Users\Elliott Goldman\AppData\Local\Trolltech
2012-01-17 02:17:41 -------- d-----w- C:\Program Files (x86)\QtSpim
2012-01-11 00:04:26 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 00:04:26 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 00:04:25 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 00:04:25 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 00:04:22 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 00:04:22 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 00:04:22 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 00:04:21 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-08 20:51:48 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-08 20:51:48 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-08 20:51:48 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-08 20:51:48 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-06 03:15:49 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2012-01-03 13:10:44 182672 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10:44 182672 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-01-10 22:05:38 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 09:26:37 279096 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-10 22:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-11-04 04:19:34 94208 ----a-w- C:\Windows\DIIUnin.exe
2011-11-04 04:19:34 2829 ----a-w- C:\Windows\DIIUnin.pif
.
============= FINISH: 18:58:46.84 ===============

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:37 AM

Posted 29 January 2012 - 08:56 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Proguerammer

Proguerammer
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tempe
  • Local time:03:37 AM

Posted 30 January 2012 - 09:47 PM

Howdy m0le, I'm here and ready to get started!

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:37 AM

Posted 31 January 2012 - 06:58 PM

It looks like rootkit symptoms though stdrt.exe is a trojan/backdoor so please run aswMBR

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 Proguerammer

Proguerammer
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tempe
  • Local time:03:37 AM

Posted 01 February 2012 - 08:08 PM

I downloaded aswMBR.exe from the link you provided, but unfortunately the program crashes after a few minutes running the scan. I'll try running it in safe mode and post the log if it completes.

#6 Proguerammer

Proguerammer
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tempe
  • Local time:03:37 AM

Posted 02 February 2012 - 06:18 PM

After attempting to run aswMBR.exe in Safe Mode, the program still terminated during the scan. It seems to "stop working" while it is scanning User/AppData/Temp files.

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:37 AM

Posted 02 February 2012 - 06:28 PM

It looks like we need to boot outside Windows to get anywhere here

Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your next reply.[/list]
Posted Image
m0le is a proud member of UNITE

#8 Proguerammer

Proguerammer
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tempe
  • Local time:03:37 AM

Posted 02 February 2012 - 07:38 PM

Scan result of Farbar Recovery Scan Tool Version: 28-01-2012
Ran by SYSTEM at 2012-02-02 17:20:10
Running from F:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1220392 2008-05-20] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] RAVCpl64.exe [x]
HKLM\...\Run: [PSQLLauncher] "C:\Program Files\Protector Suite\launcher.exe" /startup [84744 2009-06-12] (UPEK Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16334368 2009-07-18] (NVIDIA Corporation)
HKLM-x32\...\Run: [AML] "C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe" InitApp [1097728 2008-09-09] (Sony)
HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [317280 2008-04-03] (Sony Corporation)
HKLM-x32\...\Run: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [24576 2008-05-20] (Sony Electronics, Inc.)
HKLM-x32\...\Run: [SteelSeries World of Warcraft MMO Gaming Mouse] C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe [414720 2009-09-09] ()
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1955208 2011-08-15] (LogMeIn Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKU\Elliott Goldman\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [163328 2010-11-20] (Microsoft Corporation)
HKU\Elliott Goldman\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-12] (Valve Corporation)
HKU\Elliott Goldman\...\Run: [VMpTtray.exe] C:\Program Files (x86)\Sony\VAIO Media plus\VMpTtray.exe [95528 2008-10-23] (Sony Corporation)
HKU\Elliott Goldman\...\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" [495616 2007-09-02] ()
HKU\Elliott Goldman\...\Run: [Google Update] "C:\Users\Elliott Goldman\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-10-02] (Google Inc.)
Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
Tcpip\Parameters: [DhcpNameServer] 64.189.112.42 66.112.235.200
Lsa: [Notification Packages] scecli
psqlpwd
C:\Program Files\Protector Suite\psqlpwd.dll

==================== Services (Whitelisted) ======

3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 Adobe Licensing Console; C:\Windows\SysWOW64\adbcnsl.exe [689492 2012-01-18] ( )
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [832552 2008-10-14] (Broadcom Corporation.)
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2329480 2011-08-15] (LogMeIn Inc.)
3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)
2 IviRegMgr; "C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe" [110736 2010-05-20] (InterVideo)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [65888 2008-10-25] (Microsoft Corporation)
3 MSCSPTISRV; "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe" [53248 2008-05-20] (Sony Corporation)
3 PACSPTISVR; "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe" [53248 2008-05-20] (Sony Corporation)
2 PSI_SVC_2; "C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" [193824 2010-03-11] (Protexis Inc.)
2 RtkAudioService; C:\Windows\RtkAudioService.exe [134656 2008-10-16] (Realtek Semiconductor)
2 SOHCImp; "C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe" [103712 2008-10-21] (Sony Corporation)
2 SOHDms; "C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe" [353568 2008-10-21] (Sony Corporation)
2 SOHDs; "C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe" [62752 2008-10-21] (Sony Corporation)
3 SPTISRV; "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe" [77824 2008-05-20] (Sony Corporation)
2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
3 VAIO Entertainment TV Device Arbitration Service; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe" [73728 2008-09-08] (Sony Corporation)
2 VAIO Event Service; "C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe" [203624 2008-11-05] (Sony Corporation)
2 VAIO Power Management; "C:\Program Files\Sony\VAIO Power Management\SPMService.exe" [407392 2008-09-05] (Sony Corporation)
2 VCFw; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe" [446464 2008-09-03] (Sony Corporation)
2 VcmIAlzMgr; "C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [369952 2008-10-01] (Sony Corporation)
3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -RunBySCM [279848 2008-09-08] (Sony Corporation)
3 VUAgent; "C:\Program Files\Sony\VAIO Update Common\VUAgent.exe" [1429608 2011-10-27] (Sony Corporation)
2 VzCdbSvc; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe" [192512 2008-09-08] (Sony Corporation)
2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]
4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [x]
2 SampleCollector; "C:\Program Files\Sony\VAIO Care\collsvc.exe" "/service" "/counter=\Processor(_Total)\% Processor Time:5" "/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5" "/counter=\Network Interface(*)\Bytes Total/sec:5" "/directory=inteldata" [x]

========================== Drivers (Whitelisted) =============

3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2008-04-24] (ArcSoft, Inc.)
3 AVerAVF2; C:\Windows\System32\DRIVERS\AVerAVF2.sys [1027968 2008-07-12] (AVerMedia TECHNOLOGIES, Inc.)
3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 JMCR_CFS; C:\Windows\System32\DRIVERS\jmcr_cfs.sys [76688 2008-11-05] (JMicron Technology Corporation)
3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [11552 2010-09-17] (LogMeIn, Inc.)
2 LMIRfsDriver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [72216 2010-09-17] (LogMeIn, Inc.)
3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [255552 2009-02-24] (MagicISO, Inc.)
3 Mo3Fltr; C:\Windows\System32\drivers\Mo3Fltr.sys [12800 2008-09-18] ()
2 regi; \??\C:\Windows\system32\drivers\regi.sys [14112 2007-04-16] (InterVideo)
3 rimsptsk; C:\Windows\System32\DRIVERS\rimssn64.sys [85504 2008-10-22] (REDC)
2 risdptsk; C:\Windows\System32\DRIVERS\risdsn64.sys [76288 2008-10-22] (REDC)
0 speedfan; C:\Windows\SysWow64\speedfan.sys [29592 2011-03-18] (Almico Software)
3 CAXHWAZL; C:\Windows\System32\DRIVERS\CAXHWAZL.sys [x]
3 HSF_DPV; C:\Windows\System32\DRIVERS\CAX_DPV.sys [x]
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [x]
4 LMIRfsClientNP; [x]
2 mdmxsdk; C:\Windows\System32\DRIVERS\mdmxsdk.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
3 winachsf; C:\Windows\System32\DRIVERS\CAX_CNXT.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-02-02 17:20 - 2012-02-02 17:20 - 0000000 ____D C:\FRST
2012-02-02 16:09 - 2012-02-02 16:09 - 1381021 ____A C:\Users\Elliott Goldman\Downloads\FRST64.exe
2012-02-02 14:36 - 2012-02-02 14:36 - 656422830 ____A C:\Windows\MEMORY.DMP
2012-02-02 14:36 - 2012-02-02 14:36 - 0290608 ____A C:\Windows\Minidump\020212-32370-01.dmp
2012-02-01 23:56 - 2012-02-01 23:56 - 0000000 ____D C:\Users\Elliott Goldman\Desktop\m
2012-02-01 22:24 - 2012-01-30 13:07 - 0000000 ____D C:\Users\Elliott Goldman\Desktop\Citizens
2012-01-31 19:28 - 2012-01-31 19:29 - 4733440 ____A (AVAST Software) C:\Users\Elliott Goldman\Desktop\aswMBR.exe
2012-01-29 10:11 - 2012-01-29 10:11 - 0000000 ____D C:\Users\Elliott Goldman\Documents\bleep
2012-01-28 14:33 - 2012-01-28 18:59 - 0000000 ____D C:\Users\Elliott Goldman\AppData\Roaming\SSH
2012-01-28 13:14 - 2012-01-28 13:14 - 0002291 ____A C:\Users\Elliott Goldman\Documents\SSH Secure File Transfer Client.lnk
2012-01-28 13:14 - 2012-01-28 13:14 - 0001333 ____A C:\Users\Elliott Goldman\Documents\SSH Secure Shell Client.lnk
2012-01-28 13:14 - 2012-01-28 13:14 - 0000000 ____D C:\Program Files (x86)\SSH Communications Security
2012-01-28 13:11 - 2012-01-28 13:11 - 5517312 ____A (SSH Communications Security Corp) C:\Users\Elliott Goldman\Downloads\SSHSecureShellClient-3.2.9.exe
2012-01-26 17:54 - 2012-01-26 17:54 - 0000000 ____A C:\Users\Elliott Goldman\defogger_reenable
2012-01-24 18:20 - 2012-01-24 18:21 - 0000000 ____D C:\Program Files\iTunes
2012-01-24 18:20 - 2012-01-24 18:20 - 0000000 ____D C:\Program Files\iPod
2012-01-24 00:16 - 2011-11-16 22:49 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-01-24 00:16 - 2011-11-16 22:49 - 0095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-01-24 00:16 - 2011-11-16 22:44 - 0459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-01-24 00:16 - 2011-11-16 22:35 - 1447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-01-24 00:16 - 2011-11-16 22:35 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-01-24 00:16 - 2011-11-16 22:35 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-01-24 00:16 - 2011-11-16 22:35 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-01-24 00:16 - 2011-11-16 22:35 - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-01-24 00:16 - 2011-11-16 22:35 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-01-24 00:16 - 2011-11-16 22:33 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-01-24 00:16 - 2011-11-16 21:35 - 0314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-01-24 00:16 - 2011-11-16 21:34 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-01-24 00:16 - 2011-11-16 21:34 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-01-24 00:16 - 2011-11-16 21:28 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-01-22 22:40 - 2012-01-22 22:44 - 0021089 ____A C:\Windows\F-Parite.log
2012-01-22 22:23 - 2012-02-02 16:10 - 0123213 ____A C:\Windows\setupact.log
2012-01-22 22:23 - 2012-01-22 22:23 - 0000000 ____A C:\Windows\setuperr.log
2012-01-22 22:18 - 2012-01-22 22:18 - 0000017 ____A C:\Users\Elliott Goldman\AppData\Local\resmon.resmoncfg
2012-01-22 22:16 - 2012-02-02 16:10 - 1983971 ____A C:\Windows\WindowsUpdate.log
2012-01-22 22:15 - 2012-02-02 15:06 - 0493302 ____A C:\Windows\ntbtlog.txt
2012-01-22 19:05 - 2012-01-22 19:05 - 0001110 ____A C:\Users\Elliott Goldman\Documents\Malwarebytes Anti-Malware.lnk
2012-01-22 19:05 - 2012-01-22 19:05 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-20 15:40 - 2012-01-20 15:40 - 0000000 ____D C:\Users\Elliott Goldman\AppData\Local\{42176508-505B-4ABA-8529-10F457500212}
2012-01-20 15:39 - 2012-01-20 15:40 - 0000000 ____D C:\Users\Elliott Goldman\AppData\Local\{B5DCF810-1610-4E01-9516-10A52C0E0348}
2012-01-19 20:56 - 2012-01-19 20:56 - 0000000 ____D C:\Users\Elliott Goldman\AppData\Local\{D74F4531-EE4A-40FE-846E-EC10CBD26252}
2012-01-19 20:56 - 2012-01-19 20:56 - 0000000 ____D C:\Users\Elliott Goldman\AppData\Local\{3E87AFBF-02FA-4561-BA11-62EA385B1BD3}
2012-01-19 13:33 - 2012-02-02 16:11 - 0000032 ____A C:\Windows\SysWOW64\deck.ini
2012-01-19 13:33 - 2012-01-19 13:33 - 0000714 ____A C:\Windows\SysWOW64\checkOS.txt
2012-01-19 13:33 - 2012-01-19 13:33 - 0000384 ____A C:\Windows\SysWOW64\checkOS.bat
2012-01-19 13:33 - 2012-01-19 13:33 - 0000000 ____A C:\Windows\SysWOW64\x64.txt
2012-01-19 13:33 - 2012-01-19 13:33 - 0000000 ____A C:\Windows\SysWOW64\version.txt
2012-01-18 22:34 - 2012-01-22 23:09 - 0000000 ____D C:\Users\Elliott Goldman\Documents\FL Studio Mixes
2012-01-18 19:31 - 2012-01-18 19:31 - 0000000 ____D C:\Users\Elliott Goldman\AppData\Roaming\MMFApplications
2012-01-18 19:09 - 2012-01-18 19:09 - 0000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2012-01-18 19:08 - 2012-01-18 19:08 - 0000000 ____D C:\Users\Elliott Goldman\Documents\Image-Line
2012-01-18 19:08 - 2006-06-20 00:56 - 0225280 ____A (Propellerhead Software AB) C:\Windows\SysWOW64\rewire.dll
2012-01-18 19:07 - 2012-01-18 19:07 - 0000000 ____D C:\Program Files (x86)\Outsim
2012-01-18 19:07 - 2009-09-15 01:14 - 1554944 ____A (HMS http://hp.vector.co.jp/authors/VA012897/) C:\Windows\SysWOW64\vorbis.acm
2012-01-18 19:04 - 2012-01-18 19:08 - 0000000 ____D C:\Program Files (x86)\Image-Line
2012-01-18 19:00 - 2012-01-18 19:00 - 0689492 ____A ( ) C:\Windows\SysWOW64\adbcnsl.exe
2012-01-18 16:08 - 2012-01-18 16:08 - 0000000 ____D C:\Users\Elliott Goldman\Documents\My Recordings
2012-01-16 18:17 - 2012-01-16 18:17 - 0002575 ____A C:\Users\Elliott Goldman\Documents\QtSpim.exe.lnk
2012-01-16 18:17 - 2012-01-16 18:17 - 0000000 ____D C:\Users\Elliott Goldman\AppData\Local\Trolltech
2012-01-16 18:17 - 2012-01-16 18:17 - 0000000 ____D C:\Program Files (x86)\QtSpim
2012-01-10 16:04 - 2011-11-19 06:58 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-01-10 16:04 - 2011-11-19 06:01 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-01-10 16:04 - 2011-11-16 22:41 - 1731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-01-10 16:04 - 2011-11-16 21:38 - 1292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-01-10 16:04 - 2011-10-25 21:25 - 1572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-01-10 16:04 - 2011-10-25 21:25 - 0366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-01-10 16:04 - 2011-10-25 20:32 - 1328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-01-10 16:04 - 2011-10-25 20:32 - 0514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-01-10 16:04 - 2011-10-13 21:31 - 0918528 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-01-10 16:04 - 2011-10-13 20:24 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-01-08 11:34 - 2012-01-08 11:34 - 0000000 ____D C:\Users\Elliott Goldman\Documents\Jobs
2012-01-08 11:34 - 2011-07-26 18:36 - 0074436 ____A C:\Users\Elliott Goldman\Documents\Jobs.jar
2012-01-05 19:15 - 2012-01-05 19:15 - 0000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

============ 3 Months Modified Files and Folders =============

2012-02-02 17:20 - 2012-02-02 17:20 - 0000000 ____D C:\FRST
2012-02-02 16:11 - 2012-01-19 13:33 - 0000032 ____A C:\Windows\SysWOW64\deck.ini
2012-02-02 16:10 - 2012-01-22 22:23 - 0123213 ____A C:\Windows\setupact.log
2012-02-02 16:10 - 2012-01-22 22:16 - 1983971 ____A C:\Windows\WindowsUpdate.log
2012-02-02 16:09 - 2012-02-02 16:09 - 1381021 ____A C:\Users\Elliott Goldman\Downloads\FRST64.exe
2012-02-02 16:02 - 2010-10-02 12:16 - 0000948 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-487218865-3481357264-3074880829-1000UA.job
2012-02-02 15:26 - 2009-10-24 18:37 - 0010512 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-02 15:26 - 2009-10-24 18:37 - 0010512 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-02 15:14 - 2010-12-17 01:00 - 0000000 ____D C:\Users\Elliott Goldman\AppData\Local\LogMeIn Hamachi
2012-02-02 15:14 - 2009-04-12 16:36 - 0000000 ____D C:\Program Files (x86)\Steam
2012-02-02 15:11 - 2009-10-24 19:23 - 3195318272 __ASH C:\hiberfil.sys
2012-02-02 15:11 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-02 15:06 - 2012-01-22 22:15 - 0493302 ____A C:\Windows\ntbtlog.txt
2012-02-02 14:39 - 2010-05-31 11:12 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-02-02 14:36 - 2012-02-02 14:36 - 656422830 ____A C:\Windows\MEMORY.DMP
2012-02-02 14:36 - 2012-02-02 14:36 - 0290608 ____A C:\Windows\Minidump\020212-32370-01.dmp
2012-02-02 14:36 - 2010-07-28 12:14 - 0000000 ____D C:\Windows\Minidump
2012-02-01 23:56 - 2012-02-01 23:56 - 0000000 ____D C:\Users\Elliott Goldman\Desktop\m
2012-02-01 18:19 - 2010-07-26 10:04 - 0000000 ____D C:\Users\Elliott Goldman\AppData\Roaming\Skype
2012-02-01 17:16 - 2011-10-15 19:47 - 0000000 ____D C:\Users\Elliott Goldman\riotsGamesLogs
2012-02-01 17:02 - 2010-10-02 12:16 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-487218865-3481357264-3074880829-1000Core.job
2012-01-31 19:29 - 2012-01-31 19:28 - 4733440 ____A (AVAST Software) C:\Users\Elliott Goldman\Desktop\aswMBR.exe
2012-01-31 17:51 - 2010-10-17 23:28 - 0000362 _RASH C:\Users\All Users\ntuser.pol
2012-01-31 17:51 - 2010-10-17 23:28 - 0000362 _RASH C:\ProgramData\ntuser.pol
2012-01-31 04:44 - 2009-10-14 04:52 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-30 13:07 - 2012-02-01 22:24 - 0000000 ____D C:\Users\Elliott Goldman\Desktop\Citizens
2012-01-29 10:11 - 2012-01-29 10:11 - 0000000 ____D C:\Users\Elliott Goldman\Documents\bleep
2012-01-29 10:11 - 2010-12-16 20:44 - 0000000 ____D C:\Users\Elliott Goldman\Documents\xMinecraft
2012-01-29 09:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-01-28 18:59 - 2012-01-28 14:33 - 0000000 ____D C:\Users\Elliott Goldman\AppData\Roaming\SSH
2012-01-28 13:14 - 2012-01-28 13:14 - 0002291 ____A C:\Users\Elliott Goldman\Documents\SSH Secure File Transfer Client.lnk
2012-01-28 13:14 - 2012-01-28 13:14 - 0001333 ____A C:\Users\Elliott Goldman\Documents\SSH Secure Shell Client.lnk
2012-01-28 13:14 - 2012-01-28 13:14 - 0000000 ____D C:\Program Files (x86)\SSH Communications Security
2012-01-28 13:14 - 2008-11-21 20:55 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-01-28 13:11 - 2012-01-28 13:11 - 5517312 ____A (SSH Communications Security Corp) C:\Users\Elliott Goldman\Downloads\SSHSecureShellClient-3.2.9.exe
2012-01-26 17:54 - 2012-01-26 17:54 - 0000000 ____A C:\Users\Elliott Goldman\defogger_reenable
2012-01-26 17:54 - 2009-10-24 18:40 - 0000000 ____D C:\users\Elliott Goldman
2012-01-26 17:34 - 2009-03-28 10:17 - 0000000 ____D C:\Users\Elliott Goldman\Documents\Dad
2012-01-26 15:11 - 2009-07-13 21:13 - 0886088 ____A C:\Windows\System32\PerfStringBackup.INI
2012-01-24 18:21 - 2012-01-24 18:20 - 0000000 ____D C:\Program Files\iTunes
2012-01-24 18:21 - 2010-07-25 20:01 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-01-24 18:20 - 2012-01-24 18:20 - 0000000 ____D C:\Program Files\iPod
2012-01-22 23:09 - 2012-01-18 22:34 - 0000000 ____D C:\Users\Elliott Goldman\Documents\FL Studio Mixes
2012-01-22 23:09 - 2009-03-28 09:35 - 0000000 ____D C:\Users\Elliott Goldman\Documents\Azureus Downloads
2012-01-22 23:03 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-01-22 22:47 - 2006-11-02 04:34 - 0000734 ____A C:\Windows\System32\Drivers\etc\hosts
2012-01-22 22:45 - 2009-10-27 17:34 - 0000000 ____D C:\Users\Elliott Goldman\AppData\Local\ElevatedDiagnostics
2012-01-22 22:44 - 2012-01-22 22:40 - 0021089 ____A C:\Windows\F-Parite.log
2012-01-22 22:31 - 2011-01-07 13:32 - 0003072 __ASH C:\Users\Elliott Goldman\Thumbs.db
2012-01-22 22:23 - 2012-01-22 22:23 - 0000000 ____A C:\Windows\setuperr.log
2012-01-22 22:18 - 2012-01-22 22:18 - 0000017 ____A C:\Users\Elliott Goldman\AppData\Local\resmon.resmoncfg
2012-01-22 22:14 - 2011-09-22 00:15 - 0000000 ____D C:\Program Files (x86)\SpeedFan
2012-01-22 22:11 - 2009-03-28 08:24 - 0000000 ____D C:\Users\Elliott Goldman\AppData\Roaming\Azureus
2012-01-22 19:05 - 2012-01-22 19:05 - 0001110 ____A C:\Users\Elliott Goldman\Documents\Malwarebytes Anti-Malware.lnk
2012-01-22 19:05 - 2012-01-22 19:05 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-22 10:42 - 2009-11-26 18:16 - 0000366 ____A C:\Windows\Tasks\Driver Robot.job
2012-01-22 01:42 - 2010-02-01 17:06 - 0000362 ____A C:\Windows\Tasks\File Helper.job
2012-01-20 15:40 - 2012-01-20 15:40 - 0000000 ____D C:\Users\Elliott Goldman\AppData\Local\{42176508-505B-4ABA-8529-10F457500212}
2012-01-20 15:40 - 2012-01-20 15:39 - 0000000 ____D C:\Users\Elliott Goldman\AppData\Local\{B5DCF810-1610-4E01-9516-10A52C0E0348}
2012-01-20 15:40 - 2010-10-20 21:08 - 0000000 ____D C:\Users\Elliott Goldman\AppData\Local\Windows Live
2012-01-19 20:56 - 2012-01-19 20:56 - 0000000 ____D C:\Users\Elliott Goldman\AppData\Local\{D74F4531-EE4A-40FE-846E-EC10CBD26252}
2012-01-19 20:56 - 2012-01-19 20:56 - 0000000 ____D C:\Users\Elliott Goldman\AppData\Local\{3E87AFBF-02FA-4561-BA11-62EA385B1BD3}
2012-01-19 13:33 - 2012-01-19 13:33 - 0000714 ____A C:\Windows\SysWOW64\checkOS.txt
2012-01-19 13:33 - 2012-01-19 13:33 - 0000384 ____A C:\Windows\SysWOW64\checkOS.bat
2012-01-19 13:33 - 2012-01-19 13:33 - 0000000 ____A C:\Windows\SysWOW64\x64.txt
2012-01-19 13:33 - 2012-01-19 13:33 - 0000000 ____A C:\Windows\SysWOW64\version.txt
2012-01-18 19:31 - 2012-01-18 19:31 - 0000000 ____D C:\Users\Elliott Goldman\AppData\Roaming\MMFApplications
2012-01-18 19:09 - 2012-01-18 19:09 - 0000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2012-01-18 19:08 - 2012-01-18 19:08 - 0000000 ____D C:\Users\Elliott Goldman\Documents\Image-Line
2012-01-18 19:08 - 2012-01-18 19:04 - 0000000 ____D C:\Program Files (x86)\Image-Line
2012-01-18 19:08 - 2009-11-27 23:05 - 0000000 ____D C:\Program Files (x86)\VST
2012-01-18 19:07 - 2012-01-18 19:07 - 0000000 ____D C:\Program Files (x86)\Outsim
2012-01-18 19:00 - 2012-01-18 19:00 - 0689492 ____A ( ) C:\Windows\SysWOW64\adbcnsl.exe
2012-01-18 16:08 - 2012-01-18 16:08 - 0000000 ____D C:\Users\Elliott Goldman\Documents\My Recordings
2012-01-16 18:17 - 2012-01-16 18:17 - 0002575 ____A C:\Users\Elliott Goldman\Documents\QtSpim.exe.lnk
2012-01-16 18:17 - 2012-01-16 18:17 - 0000000 ____D C:\Users\Elliott Goldman\AppData\Local\Trolltech
2012-01-16 18:17 - 2012-01-16 18:17 - 0000000 ____D C:\Program Files (x86)\QtSpim
2012-01-11 00:34 - 2009-10-24 18:39 - 0880240 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-01-11 00:34 - 2009-10-14 04:51 - 54008112 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-01-11 00:30 - 2009-03-24 07:04 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-01-11 00:30 - 2009-03-24 07:04 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-01-10 14:05 - 2011-05-17 19:03 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-01-08 11:34 - 2012-01-08 11:34 - 0000000 ____D C:\Users\Elliott Goldman\Documents\Jobs
2012-01-05 19:15 - 2012-01-05 19:15 - 0000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-01-02 11:30 - 2009-07-13 21:08 - 0032654 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-12-31 10:52 - 2009-05-07 20:26 - 0000000 ____D C:\Users\Elliott Goldman\AppData\Roaming\Mozilla
2011-12-29 20:49 - 2011-09-14 19:32 - 0000000 ___RD C:\Users\Elliott Goldman\Documents\Scanned Documents
2011-12-29 20:44 - 2009-08-19 14:50 - 0000000 ____D C:\Users\All Users\Blizzard Entertainment
2011-12-29 20:44 - 2009-08-19 14:50 - 0000000 ____D C:\ProgramData\Blizzard Entertainment
2011-12-22 16:57 - 2010-05-02 17:52 - 0000000 ____D C:\Users\Elliott Goldman\AppData\Local\ApplicationHistory
2011-12-16 10:04 - 2010-08-29 01:37 - 0000000 ____D C:\Users\Elliott Goldman\AppData\Roaming\Rainmeter
2011-12-16 07:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-12-15 15:36 - 2011-06-19 00:07 - 0000000 ____D C:\Users\Elliott Goldman\Documents\The Lord of the Rings Online
2011-12-15 15:20 - 2011-06-18 23:01 - 0000000 ____D C:\Users\Elliott Goldman\AppData\Local\Turbine
2011-12-14 14:41 - 2009-07-13 20:45 - 5006208 ____A C:\Windows\System32\FNTCACHE.DAT
2011-12-11 17:45 - 2010-11-26 01:32 - 0000000 ____D C:\Users\Elliott Goldman\AppData\Roaming\.minecraft
2011-12-10 14:24 - 2009-06-26 20:39 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-07 22:43 - 2009-05-15 21:20 - 0000022 ____A C:\Windows\Model.txt
2011-12-07 22:43 - 2008-11-21 21:14 - 0000000 ____D C:\Program Files\Sony
2011-12-07 22:41 - 2011-12-07 22:41 - 0000000 ____D C:\Update
2011-12-01 13:04 - 2009-05-06 08:15 - 0000000 ____D C:\Program Files (x86)\Electronic Arts
2011-11-23 20:52 - 2011-12-13 13:34 - 3145216 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-19 06:58 - 2012-01-10 16:04 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2011-11-19 06:01 - 2012-01-10 16:04 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2011-11-16 22:49 - 2012-01-24 00:16 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2011-11-16 22:49 - 2012-01-24 00:16 - 0095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2011-11-16 22:44 - 2012-01-24 00:16 - 0459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2011-11-16 22:41 - 2012-01-10 16:04 - 1731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2011-11-16 22:35 - 2012-01-24 00:16 - 1447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2011-11-16 22:35 - 2012-01-24 00:16 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2011-11-16 22:35 - 2012-01-24 00:16 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2011-11-16 22:35 - 2012-01-24 00:16 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2011-11-16 22:35 - 2012-01-24 00:16 - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2011-11-16 22:35 - 2012-01-24 00:16 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2011-11-16 22:33 - 2012-01-24 00:16 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2011-11-16 21:38 - 2012-01-10 16:04 - 1292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2011-11-16 21:35 - 2012-01-24 00:16 - 0314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2011-11-16 21:34 - 2012-01-24 00:16 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2011-11-16 21:34 - 2012-01-24 00:16 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2011-11-16 21:28 - 2012-01-24 00:16 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2011-11-15 15:21 - 2009-03-28 08:17 - 0000000 ____D C:\Users\Elliott Goldman\AppData\Roaming\Apple Computer
2011-11-15 15:11 - 2011-11-15 15:11 - 0000000 ____D C:\Program Files (x86)\QuickTime
2011-11-13 12:11 - 2009-03-28 18:04 - 0000000 ____D C:\Users\Elliott Goldman\Documents\School
2011-11-10 22:49 - 2011-12-13 13:35 - 12261888 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-11-10 22:49 - 2011-12-13 13:35 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-11-10 21:40 - 2011-12-13 13:35 - 10991104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-11-10 21:40 - 2011-12-13 13:35 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-11-09 12:04 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2011-11-06 14:20 - 2011-11-03 19:54 - 0000000 ____D C:\Program Files (x86)\Diablo II

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4063.06 MB
Available physical RAM: 3472.56 MB
Total Pagefile: 4061.21 MB
Available Pagefile: 3459.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (7) (Fixed) (Total:287.75 GB) (Free:68.97 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (Recovery) (Fixed) (Total:10.34 GB) (Free:0.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (Sword of 1000 Truths) (Removable) (Total:3.73 GB) (Free:0.95 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 3824 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 10 GB 1024 KB
Partition 2 Primary 287 GB 10 GB

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Recovery NTFS Partition 10 GB Healthy Hidden

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C 7 NTFS Partition 287 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 16 KB

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F Sword of 10 NTFS Removable 3823 MB Healthy

==========================================================

Last Boot: 2012-02-01 22:56

======================= End Of Log ==========================

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:37 AM

Posted 02 February 2012 - 07:49 PM

I would have expected that log to turn up something but it didn't. Let's use a Linux operating system to further investigate

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Click on File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Expand your USB (sdb1)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • If succesful, the script will check all your drivers
  • After it has finished a report will be located in the USB drive as report.txt
Attach the report.txt for my review
Posted Image
m0le is a proud member of UNITE

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:37 AM

Posted 06 February 2012 - 09:20 PM

Are you okay with this step?
Posted Image
m0le is a proud member of UNITE

#11 Proguerammer

Proguerammer
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tempe
  • Local time:03:37 AM

Posted 07 February 2012 - 01:42 AM

Is using a USB stick okay for this step? It is formatted as a hard drive. Otherwise it'll take me a day or two to get my hands on a CD.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:37 AM

Posted 07 February 2012 - 08:15 PM

Yes, you can install the OS on a USB stick.

Try this please. You will need a USB drive.
  • Download UNetbootin to the desktop of your working computer.
  • Download xpud-0.9.2.iso from noahdfear.net and save it to the desktop as well.
  • Once the download(s) have completed, double click the unetbootin-xpud-windows-387.exe file to run the installer.
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file
  • Verify the correct drive letter is selected for your usb device then click OK
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface.
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive
Copy and paste the report.txt for my review
Posted Image
m0le is a proud member of UNITE

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:37 AM

Posted 10 February 2012 - 10:19 PM

How's that going?
Posted Image
m0le is a proud member of UNITE

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:37 AM

Posted 11 February 2012 - 09:48 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:37 AM

Posted 16 February 2012 - 07:43 PM

This topic has been re-opened at the request of the person who originally posted.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users