Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 will not boot. Receiving error "STOP: C0000135 The program can't start because %hs is missing"


  • This topic is locked This topic is locked
17 replies to this topic

#1 PeteyMac

PeteyMac

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 02 April 2012 - 07:52 PM

Hello,

I am having problems booting my Windows 7 64 bit PC and am receiving a blue screen with an error message "STOP: C0000135 The program can't start because %hs is missing". Before I received this message I had contracted a virus and was attempting to clean the PC by using Malwarbytes, then SuperAntivirus, TDSSKiller and Rkill. It was also necessary to run Unhide as all of my programs and Icons were not viewable. Unfortunately, I was still infected and decided to use ESET's online scan. After the scan and fix, I rebooted to the blue screen and error message above. I did search around the forum and found another instance of this problem happening. If it helps, here is the link: http://www.bleepingcomputer.com/forums/topic444580.html. I did try to fix the problem in Windows Recovery Console, but had no luck.

Any help would be greatly appreciated as my only alternative at this point is to reinstall.

Thanks again,

BC AdBot (Login to Remove)

 


#2 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:10:16 AM

Posted 02 April 2012 - 08:04 PM

Hello and :welcome: to the BC forums.

Please sit tight and be patient.

I have requested that an experienced helper who specialises in malware-related un-bootable computers respond to your topic.

Thank you.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#3 PeteyMac

PeteyMac
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 02 April 2012 - 08:17 PM

That would be great...thank you.

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:16 PM

Posted 02 April 2012 - 11:20 PM

:welcome:

Lets give it a try. You will need a USB Flash drive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 PeteyMac

PeteyMac
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 03 April 2012 - 06:12 AM

Sorry for the late response. Here is the log.

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 02-04-2012 20:32:28
Running from G:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet003

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1609296 2010-05-18] (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-09-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()
HKLM-x32\...\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2010-06-16] (Avid Technology, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKU\Pete\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4785536 2012-03-09] (SUPERAntiSpyware.com)
HKU\Pete\...\Run: [aecfbfeacdct] "C:\ProgramData\aecfbfeacdct.exe" [86016 2012-03-31] ()
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: C:\Windows\System32\acaptuser64.dll
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253600 2012-03-30] (Adobe Systems Incorporated)
2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-10-27] (Atheros Commnucations)
2 AxiomAudioDevMon; "C:\Program Files (x86)\M-Audio\Axiom\AudioDevMon.exe" [1636872 2010-03-11] (M-Audio)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -s [77824 2010-06-16] (Avid Technology, Inc.)
3 digiSPTIService; "C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe" [159744 2010-06-15] (Avid Technology, Inc.)
3 FLEXnet Licensing Service 64; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe" [1038088 2011-02-10] (Acresso Software Inc.)
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [13336 2010-09-13] (Intel Corporation)
2 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [133800 2010-08-12] (Intel Corporation)
3 LBTServ; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [357456 2010-05-06] (Logitech, Inc.)
2 MboxAudioDevMon; "C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe" [1919504 2010-10-07] (Avid)
2 MboxMiniAudioDevMon; "C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe" [1919504 2010-05-06] (Avid)
2 MboxProAudioDevMon; "C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe" [1919504 2010-06-11] (Avid)
2 FastUserSwitchingCompatibility; C:\Windows\system32\FastUserSwitchingCompatibilityex.dll [x]
3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [x]

========================== Drivers (Whitelisted) =============

2 adfs; C:\Windows\System32\Drivers\adfs.sys [88632 2008-06-27] (Adobe Systems, Inc.)
2 adfs; C:\Windows\SysWow64\Drivers\adfs.sys [74720 2008-08-14] (Adobe Systems, Inc.)
3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [38248 2010-10-27] (Atheros)
3 ATHDFU; C:\Windows\System32\Drivers\ATHDFU.sys [55336 2010-10-27] (Windows ® Win 7 DDK provider)
3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [116240 2010-08-16] (ATI Technologies, Inc.)
3 AXIOM; C:\Windows\System32\DRIVERS\MAudioAxiom.sys [137736 2010-03-11] (M-Audio)
3 BlackBox; C:\Windows\SysWow64\Drivers\BlackBox.sys [35712 2011-11-26] ()
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 BTATH_A2DP; C:\Windows\System32\Drivers\BTATH_A2DP.sys [301680 2010-10-27] (Atheros)
3 BTATH_BUS; C:\Windows\System32\Drivers\BTATH_BUS.sys [31080 2010-10-27] (Atheros)
3 BTATH_HCRP; C:\Windows\System32\Drivers\BTATH_HCRP.sys [203624 2010-10-27] (Atheros)
3 BTATH_LWFLT; C:\Windows\System32\Drivers\BTATH_LWFLT.sys [58992 2010-10-27] (Atheros)
3 BTATH_RCP; C:\Windows\System32\Drivers\BTATH_RCP.sys [156520 2010-10-27] (Atheros)
3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [279152 2010-10-27] (Atheros)
2 cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x64.sys [21480 2010-07-09] (Windows ® Win 7 DDK provider)
2 DigiNet; C:\Windows\System32\Drivers\DigiNet.sys [21520 2010-06-16] (Avid Technology, Inc.)
3 e1cexpress; C:\Windows\System32\DRIVERS\e1c62x64.sys [313520 2010-09-20] (Intel Corporation)
3 FTDIBUS; C:\Windows\System32\Drivers\FTDIBUS.sys [69320 2009-10-22] (FTDI Ltd.)
3 FTSER2K; C:\Windows\System32\Drivers\FTSER2K.sys [84808 2009-10-22] (FTDI Ltd.)
2 iPodDrv; C:\Windows\System32\Drivers\iPodDrv.sys [14952 2011-03-09] (Windows ® Codename Longhorn DDK provider)
0 JRAID; C:\Windows\System32\Drivers\JRAID.sys [120920 2010-08-10] (JMicron Technology Corp.)
3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.sys [74320 2010-03-18] (Logitech, Inc.)
3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.sys [13392 2010-03-18] (Logitech, Inc.)
3 LHidFilt; C:\Windows\System32\Drivers\LHidFilt.sys [63568 2010-03-18] (Logitech, Inc.)
3 LMouFilt; C:\Windows\System32\Drivers\LMouFilt.sys [57936 2010-03-18] (Logitech, Inc.)
3 MBOX; C:\Windows\System32\DRIVERS\AvidMbox.sys [421392 2010-10-07] (Avid)
3 MBOXDFU; C:\Windows\System32\DRIVERS\AvidMbox_DFU.sys [28688 2010-10-07] (Avid)
0 mv91xx; C:\Windows\System32\Drivers\mv91xx.sys [297000 2010-08-27] (Marvell Semiconductor, Inc.)
3 NAL; \??\C:\Windows\system32\Drivers\iqvw64e.sys [32936 2010-09-01] (Intel Corporation )
2 NPF; C:\Windows\System32\Drivers\NPF.sys [47632 2009-10-20] (CACE Technologies, Inc.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SWDUMon; C:\Windows\System32\Drivers\SWDUMon.sys [13920 2011-01-28] ()
0 Tpkd; C:\Windows\System32\Drivers\Tpkd.sys [105592 2009-12-23] (PACE Anti-Piracy, Inc.)
3 NDISKIO; \??\C:\Users\Pete\AppData\Local\Temp\ef17db49.nmc\nse\bin\ndiskio.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: ZDPNDIS5
NETSVC: SIODRV
NETSVC: XilinxPC4Driver
NETSVC: cwafnotesservice
NETSVC: comhost
NETSVC: kerbkey
NETSVC: bthidmgr
NETSVC: vpnva
NETSVC: symids
NETSVC: raysat3_4_6_18server
NETSVC: {6080a529-897e-4629-a488-aba0c29b635e}
NETSVC: pdlnacom

============ One Month Created Files and Folders ==============

2012-03-31 17:57 - 2012-03-31 17:57 - 0110232 ____A C:\Windows\ntbtlog.txt
2012-03-31 17:55 - 2012-03-31 17:55 - 0000506 ____A C:\Windows\PFRO.log
2012-03-31 11:31 - 2012-03-31 11:30 - 4452445 ____A (Swearware) C:\Users\Pete\Desktop\ComboFix(1).exe
2012-03-31 11:30 - 2012-03-31 11:30 - 4452445 ____A (Swearware) C:\Users\Pete\Downloads\ComboFix(1).exe
2012-03-31 11:23 - 2012-03-31 11:22 - 2322184 ____A (ESET) C:\Users\Pete\Downloads\esetsmartinstaller_enu(2).exe
2012-03-31 10:47 - 2012-03-31 10:47 - 0593920 ____A (OldTimer Tools) C:\Users\Pete\Downloads\OTL.exe
2012-03-31 10:45 - 2012-03-31 10:45 - 0879714 ____A C:\Users\Pete\Downloads\SecurityCheck.exe
2012-03-31 10:45 - 2012-03-31 10:45 - 0879714 ____A C:\Users\Pete\Desktop\SecurityCheck.exe
2012-03-31 10:19 - 2012-03-31 10:19 - 0000056 ____A C:\Windows\setupact.log
2012-03-31 10:19 - 2012-03-31 10:19 - 0000000 ____A C:\Windows\setuperr.log
2012-03-31 10:14 - 2012-03-31 10:14 - 0001520 ____A C:\Users\Pete\Documents\cc_20120331_131402.reg
2012-03-31 09:32 - 2012-03-17 05:23 - 0000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-03-31 09:32 - 2012-03-11 10:20 - 0001273 ____A C:\Users\Public\Desktop\Media Player Classic.lnk
2012-03-31 09:32 - 2012-03-11 10:12 - 0001066 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-03-31 09:32 - 2012-03-11 10:06 - 0002116 ____A C:\Users\Public\Desktop\DivX Plus Converter.lnk
2012-03-31 09:32 - 2012-03-11 10:05 - 0001112 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
2012-03-31 09:32 - 2012-03-06 19:38 - 0000930 ____A C:\Users\Public\Desktop\EPSON Scan.lnk
2012-03-31 09:32 - 2012-02-19 14:08 - 0001174 ____A C:\Users\Public\Desktop\MATLAB R2009b.lnk
2012-03-31 09:32 - 2012-02-02 18:28 - 0001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-03-31 09:32 - 2012-01-14 15:15 - 0001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-03-31 09:32 - 2011-11-26 22:16 - 0001027 ____A C:\Users\Public\Desktop\MozBackup.lnk
2012-03-31 09:32 - 2009-07-13 21:54 - 0000174 __ASH C:\Users\All Users\Start Menu\Programs\Startup\desktop.ini
2012-03-31 09:16 - 2012-03-31 09:16 - 0389024 ____A (Bleeping Computer, LLC) C:\Users\Pete\Downloads\unhide.exe
2012-03-31 08:17 - 2012-03-31 08:17 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\Pete\Downloads\mbam--setup-1.60.1.1000.exe
2012-03-31 08:17 - 2012-02-07 15:57 - 0001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-03-31 08:05 - 2012-03-31 08:05 - 0000647 ____A C:\Users\Pete\Desktop\SMART_HDD.lnk
2012-03-31 08:05 - 2012-03-31 08:05 - 0000256 ____A C:\Users\All Users\xUZV8LeTytAZtD
2012-03-31 08:05 - 2012-03-31 08:05 - 0000256 ____A C:\ProgramData\xUZV8LeTytAZtD
2012-03-31 08:05 - 2012-03-31 08:05 - 0000208 ____A C:\Users\All Users\-xUZV8LeTytAZtDr
2012-03-31 08:05 - 2012-03-31 08:05 - 0000208 ____A C:\ProgramData\-xUZV8LeTytAZtDr
2012-03-31 08:05 - 2012-03-31 08:05 - 0000000 ____A C:\Users\All Users\-xUZV8LeTytAZtD
2012-03-31 08:05 - 2012-03-31 08:05 - 0000000 ____A C:\ProgramData\-xUZV8LeTytAZtD
2012-03-31 07:59 - 2012-03-31 17:54 - 0086016 ____A C:\Users\All Users\aecfbfeacdct.exe
2012-03-31 07:59 - 2012-03-31 17:54 - 0086016 ____A C:\ProgramData\aecfbfeacdct.exe
2012-03-30 17:57 - 2012-03-30 17:57 - 8767136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-03-30 17:14 - 2012-03-31 17:16 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-03-30 17:14 - 2012-03-30 17:57 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-25 08:46 - 2012-03-25 08:45 - 0302592 ____A C:\Users\Pete\Desktop\9byithvs.exe
2012-03-25 08:45 - 2012-03-25 08:45 - 0302592 ____A C:\Users\Pete\Downloads\9byithvs.exe
2012-03-25 08:36 - 2012-03-25 08:36 - 0147456 ____A C:\Users\Pete\Downloads\catchme(1).exe
2012-03-25 08:36 - 2012-03-25 08:36 - 0147456 ____A C:\Users\Pete\Desktop\music.exe
2012-03-25 07:08 - 2012-03-25 07:08 - 10165440 ____A (Microsoft Corporation) C:\Users\Pete\Downloads\mseinstall(1).exe
2012-03-25 07:06 - 2012-03-25 07:06 - 0159144 ____A (Microsoft Corporation) C:\Users\Pete\Downloads\WindowsActivationUpdate.exe
2012-03-24 19:31 - 2012-03-31 10:26 - 0017360 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-24 19:31 - 2012-03-31 10:26 - 0017360 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-24 19:16 - 2012-03-24 19:16 - 0024064 ____A C:\Users\Pete\Documents\virus.doc
2012-03-24 18:47 - 2012-03-24 18:47 - 0000000 ____D C:\Windows\System32\MpEngineStore
2012-03-24 14:00 - 2012-03-25 09:40 - 0000000 ____D C:\Users\All Users\Norton
2012-03-24 14:00 - 2012-03-25 09:40 - 0000000 ____D C:\ProgramData\Norton
2012-03-24 14:00 - 2012-03-24 14:07 - 0000000 ____D C:\Users\Pete\AppData\Local\NPE
2012-03-24 06:14 - 2012-03-31 17:54 - 0236700 ____A C:\Windows\WindowsUpdate.log
2012-03-24 06:14 - 2012-03-24 06:15 - 0001074 ____A C:\Users\Pete\Documents\cc_20120324_091455.reg
2012-03-22 16:37 - 2012-03-22 16:37 - 0000000 ____D C:\Users\Pete\AppData\Roaming\Curiolab
2012-03-22 16:36 - 2012-03-22 16:37 - 122969312 ____A (CURIOLAB S.M.B.A.) C:\Users\Pete\Downloads\ExterminateItSetup.exe
2012-03-18 18:39 - 2012-03-18 18:39 - 0000000 ____D C:\Users\Pete\Documents\Bluetooth Folder
2012-03-17 05:39 - 2012-04-01 11:16 - 0000000 ____D C:\Users\Pete\Desktop\Pro Tools 8 Know It All!
2012-03-17 05:22 - 2012-03-17 05:22 - 3628016 ____A (Piriform Ltd) C:\Users\Pete\Downloads\ccsetup316.exe
2012-03-15 15:59 - 2012-03-15 15:59 - 0050477 ____A C:\Users\Pete\Downloads\Defogger(1).exe
2012-03-15 15:52 - 2012-03-15 15:52 - 0607260 ____A (Swearware) C:\Users\Pete\Downloads\dds.scr
2012-03-15 15:52 - 2012-03-15 15:52 - 0607260 ____A (Swearware) C:\Users\Pete\Downloads\dds(1).scr
2012-03-15 15:50 - 2012-03-15 15:50 - 0050477 ____A C:\Users\Pete\Downloads\Defogger.exe
2012-03-14 00:01 - 2011-11-19 07:20 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-14 00:01 - 2011-11-19 06:50 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-14 00:01 - 2011-11-19 06:50 - 3913584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-13 21:38 - 2012-02-16 22:38 - 1112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-03-13 21:38 - 2012-02-16 22:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-13 21:38 - 2012-02-16 21:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-13 21:38 - 2012-02-16 20:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-13 21:38 - 2012-02-16 20:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-13 21:38 - 2012-02-09 22:36 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-13 21:38 - 2012-02-09 21:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-13 21:38 - 2012-02-02 20:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-13 21:38 - 2012-01-24 22:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-13 21:38 - 2012-01-24 22:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-13 21:38 - 2012-01-24 22:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-12 16:10 - 2010-12-31 22:14 - 0002254 ____A C:\Users\Pete\Desktop\eula.txt
2012-03-11 10:22 - 2012-03-31 10:13 - 0000000 ____D C:\Users\Pete\AppData\Roaming\Media Player Classic
2012-03-11 10:20 - 2012-04-01 11:17 - 0000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2012-03-11 10:20 - 2012-02-15 10:00 - 0079360 ____A C:\Windows\SysWOW64\ff_vfw.dll
2012-03-11 10:20 - 2011-12-21 10:14 - 0151552 ____A (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2012-03-11 10:20 - 2011-06-24 07:44 - 0243200 ____A C:\Windows\SysWOW64\xvidvfw.dll
2012-03-11 10:20 - 2011-06-24 07:28 - 0650752 ____A C:\Windows\SysWOW64\xvidcore.dll
2012-03-11 10:20 - 2011-03-02 03:43 - 0175616 ____A C:\Windows\SysWOW64\unrar.dll
2012-03-11 10:20 - 2008-10-03 05:30 - 0000414 ____A C:\Windows\SysWOW64\lame_acm.xml
2012-03-11 10:20 - 2008-09-24 11:41 - 0839680 ____A (http://www.mp3dev.org/) C:\Windows\SysWOW64\lameACM.acm
2012-03-11 10:15 - 2012-03-11 10:16 - 23096468 ____A ( ) C:\Users\Pete\Downloads\K-Lite_Codec_Pack_840_Mega.exe
2012-03-11 10:12 - 2012-03-11 10:12 - 0000050 ____A C:\user.js
2012-03-11 10:12 - 2012-03-11 10:12 - 0000000 ____D C:\Users\Default\AppData\Roaming\Mozilla
2012-03-11 10:12 - 2012-03-11 10:12 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Mozilla
2012-03-11 10:12 - 2012-03-11 10:12 - 0000000 ____D C:\Program Files (x86)\VideoLAN
2012-03-11 10:06 - 2012-03-11 10:06 - 0001607 ____A C:\Users\Pete\Desktop\DivX Movies.lnk
2012-03-11 10:06 - 2012-03-11 10:06 - 0000000 ____D C:\Users\Pete\AppData\Local\DDMSettings
2012-03-11 10:05 - 2012-04-01 11:16 - 0000000 ____D C:\Program Files\DivX
2012-03-11 10:05 - 2012-03-11 10:22 - 0000000 ____D C:\Users\Pete\AppData\Roaming\DivX
2012-03-11 10:04 - 2012-04-01 11:17 - 0000000 ____D C:\Program Files (x86)\DivX
2012-03-11 10:04 - 2012-04-01 11:16 - 0000000 ____D C:\Users\All Users\DivX
2012-03-11 10:04 - 2012-04-01 11:16 - 0000000 ____D C:\ProgramData\DivX
2012-03-11 10:04 - 2012-03-11 10:04 - 0912736 ____A (DivX, LLC) C:\Users\Pete\Downloads\DivXInstaller.exe
2012-03-07 21:25 - 2012-03-25 07:41 - 0000227 ____A C:\Users\Pete\Desktop\mbr.log
2012-03-07 21:19 - 2012-03-31 10:44 - 0007419 ____A C:\Users\Pete\Desktop\catchme.log
2012-03-06 20:44 - 2012-03-06 20:44 - 0036199 ____A C:\Users\Pete\Desktop\loewenherz-1-SEreworked10g.png
2012-03-06 20:42 - 2012-03-06 20:42 - 0036056 ____A C:\Users\Pete\Desktop\loewenherz-1-SEreworked10fdivider.png
2012-03-04 16:42 - 2012-03-31 17:16 - 0000354 ____A C:\Windows\Tasks\At42.job
2012-03-04 16:42 - 2012-03-31 17:16 - 0000354 ____A C:\Windows\Tasks\At40.job
2012-03-04 16:42 - 2012-03-31 17:16 - 0000354 ____A C:\Windows\Tasks\At38.job
2012-03-04 16:42 - 2012-03-31 17:16 - 0000354 ____A C:\Windows\Tasks\At36.job
2012-03-04 16:42 - 2012-03-31 17:16 - 0000354 ____A C:\Windows\Tasks\At34.job
2012-03-04 16:42 - 2012-03-31 17:16 - 0000352 ____A C:\Windows\Tasks\At41.job
2012-03-04 16:42 - 2012-03-31 17:16 - 0000352 ____A C:\Windows\Tasks\At39.job
2012-03-04 16:42 - 2012-03-31 17:16 - 0000352 ____A C:\Windows\Tasks\At37.job
2012-03-04 16:42 - 2012-03-31 17:16 - 0000352 ____A C:\Windows\Tasks\At35.job
2012-03-04 16:42 - 2012-03-31 17:16 - 0000352 ____A C:\Windows\Tasks\At33.job
2012-03-04 16:42 - 2012-03-31 12:08 - 0000354 ____A C:\Windows\Tasks\At32.job
2012-03-04 16:42 - 2012-03-31 12:08 - 0000352 ____A C:\Windows\Tasks\At31.job
2012-03-04 16:42 - 2012-03-31 11:08 - 0000354 ____A C:\Windows\Tasks\At30.job
2012-03-04 16:42 - 2012-03-31 11:08 - 0000352 ____A C:\Windows\Tasks\At29.job
2012-03-04 16:42 - 2012-03-31 10:08 - 0000354 ____A C:\Windows\Tasks\At28.job
2012-03-04 16:42 - 2012-03-31 10:08 - 0000352 ____A C:\Windows\Tasks\At27.job
2012-03-04 16:42 - 2012-03-31 07:08 - 0000354 ____A C:\Windows\Tasks\At22.job
2012-03-04 16:42 - 2012-03-31 07:08 - 0000352 ____A C:\Windows\Tasks\At21.job
2012-03-04 16:42 - 2012-03-31 06:08 - 0000354 ____A C:\Windows\Tasks\At20.job
2012-03-04 16:42 - 2012-03-31 06:08 - 0000352 ____A C:\Windows\Tasks\At19.job
2012-03-04 16:42 - 2012-03-31 05:19 - 0000354 ____A C:\Windows\Tasks\At8.job
2012-03-04 16:42 - 2012-03-31 05:19 - 0000354 ____A C:\Windows\Tasks\At6.job
2012-03-04 16:42 - 2012-03-31 05:19 - 0000354 ____A C:\Windows\Tasks\At48.job
2012-03-04 16:42 - 2012-03-31 05:19 - 0000354 ____A C:\Windows\Tasks\At46.job
2012-03-04 16:42 - 2012-03-31 05:19 - 0000354 ____A C:\Windows\Tasks\At4.job
2012-03-04 16:42 - 2012-03-31 05:19 - 0000354 ____A C:\Windows\Tasks\At2.job
2012-03-04 16:42 - 2012-03-31 05:19 - 0000354 ____A C:\Windows\Tasks\At18.job
2012-03-04 16:42 - 2012-03-31 05:19 - 0000354 ____A C:\Windows\Tasks\At16.job
2012-03-04 16:42 - 2012-03-31 05:19 - 0000354 ____A C:\Windows\Tasks\At14.job
2012-03-04 16:42 - 2012-03-31 05:19 - 0000354 ____A C:\Windows\Tasks\At12.job
2012-03-04 16:42 - 2012-03-31 05:19 - 0000354 ____A C:\Windows\Tasks\At10.job
2012-03-04 16:42 - 2012-03-31 05:19 - 0000352 ____A C:\Windows\Tasks\At9.job
2012-03-04 16:42 - 2012-03-31 05:19 - 0000352 ____A C:\Windows\Tasks\At7.job
2012-03-04 16:42 - 2012-03-31 05:19 - 0000352 ____A C:\Windows\Tasks\At5.job
2012-03-04 16:42 - 2012-03-31 05:19 - 0000352 ____A C:\Windows\Tasks\At47.job
2012-03-04 16:42 - 2012-03-31 05:19 - 0000352 ____A C:\Windows\Tasks\At45.job
2012-03-04 16:42 - 2012-03-31 05:19 - 0000352 ____A C:\Windows\Tasks\At3.job
2012-03-04 16:42 - 2012-03-31 05:19 - 0000352 ____A C:\Windows\Tasks\At17.job
2012-03-04 16:42 - 2012-03-31 05:19 - 0000352 ____A C:\Windows\Tasks\At15.job
2012-03-04 16:42 - 2012-03-31 05:19 - 0000352 ____A C:\Windows\Tasks\At13.job
2012-03-04 16:42 - 2012-03-31 05:19 - 0000352 ____A C:\Windows\Tasks\At11.job
2012-03-04 16:42 - 2012-03-31 05:19 - 0000352 ____A C:\Windows\Tasks\At1.job
2012-03-04 16:42 - 2012-03-30 18:08 - 0000354 ____A C:\Windows\Tasks\At44.job
2012-03-04 16:42 - 2012-03-30 18:08 - 0000352 ____A C:\Windows\Tasks\At43.job
2012-03-04 16:42 - 2012-03-30 09:08 - 0000354 ____A C:\Windows\Tasks\At26.job
2012-03-04 16:42 - 2012-03-30 09:08 - 0000352 ____A C:\Windows\Tasks\At25.job
2012-03-04 16:42 - 2012-03-30 08:08 - 0000354 ____A C:\Windows\Tasks\At24.job
2012-03-04 16:42 - 2012-03-30 08:08 - 0000352 ____A C:\Windows\Tasks\At23.job
2012-03-04 16:42 - 2012-03-04 16:45 - 0000112 ____A C:\Users\All Users\b4K70FV2g.dat
2012-03-04 16:42 - 2012-03-04 16:45 - 0000112 ____A C:\ProgramData\b4K70FV2g.dat
2012-03-04 08:22 - 2012-03-25 20:06 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-04 08:21 - 2012-03-04 08:21 - 0000000 ____D C:\Windows\system64
2012-03-04 08:19 - 2012-04-01 11:16 - 0000000 ____D C:\Users\Pete\Downloads\AMPLITUBE
2012-03-04 08:16 - 2012-01-18 04:34 - 0000029 ____N C:\Users\Pete\Downloads\FILE_ID.DIZ
2012-03-04 08:16 - 2012-01-17 18:37 - 0010736 ____N C:\Users\Pete\Downloads\CORE.nfo
2012-03-04 07:17 - 2012-03-04 07:17 - 24252300 ____A C:\Users\Pete\Desktop\B52_AT100_MIX - Copy.mp4
2012-03-04 07:16 - 2012-03-04 07:17 - 24252300 ____A C:\Users\Pete\Desktop\B52_AT100_MIX.mp4
2012-03-03 08:47 - 2012-03-17 05:35 - 0000000 ____D C:\Program Files (x86)\IK Multimedia


============ 3 Months Modified Files and Folders =============

2012-04-02 20:32 - 2012-04-02 20:32 - 0000000 ____D C:\FRST
2012-04-01 17:05 - 2011-01-24 10:59 - 2132017152 __ASH C:\hiberfil.sys
2012-04-01 11:17 - 2012-03-11 10:20 - 0000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2012-04-01 11:17 - 2012-03-11 10:04 - 0000000 ____D C:\Program Files (x86)\DivX
2012-04-01 11:17 - 2012-02-02 18:28 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-01 11:17 - 2011-12-28 07:57 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-04-01 11:17 - 2011-11-26 22:38 - 0000000 ____D C:\Program Files (x86)\PDFReader
2012-04-01 11:17 - 2011-11-26 22:16 - 0000000 ____D C:\Program Files (x86)\MozBackup
2012-04-01 11:17 - 2011-11-26 20:44 - 0000000 ____D C:\Program Files (x86)\Resource Tuner
2012-04-01 11:17 - 2011-11-26 16:22 - 0000000 ____D C:\Program Files (x86)\Trend Micro
2012-04-01 11:17 - 2011-11-26 10:16 - 0000000 ____D C:\Program Files (x86)\GridinSoft Trojan Killer
2012-04-01 11:17 - 2011-11-21 20:41 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-01 11:17 - 2011-10-29 06:15 - 0000000 ____D C:\Program Files (x86)\Waves
2012-04-01 11:17 - 2011-09-14 20:27 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-04-01 11:17 - 2011-09-05 07:53 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-04-01 11:17 - 2011-09-02 19:05 - 0000000 ____D C:\Program Files (x86)\MixMeister BPM Analyzer
2012-04-01 11:17 - 2011-08-21 11:45 - 0000000 ____D C:\Program Files (x86)\Unzbin
2012-04-01 11:17 - 2011-04-09 13:18 - 0000000 ____D C:\Program Files (x86)\BWStyler
2012-04-01 11:17 - 2011-04-09 10:39 - 0000000 ____D C:\Program Files (x86)\Adobe Media Player
2012-04-01 11:17 - 2011-04-05 16:48 - 0000000 ____D C:\Program Files (x86)\AnswerWorks 4.0
2012-04-01 11:17 - 2011-03-12 09:33 - 0000000 ____D C:\Program Files (x86)\Transcribe!
2012-04-01 11:17 - 2011-02-12 09:39 - 0000000 ____D C:\Program Files (x86)\ffdshow
2012-04-01 11:17 - 2011-02-12 09:38 - 0000000 ____D C:\Program Files (x86)\doubleTwist 2.0
2012-04-01 11:17 - 2011-02-09 16:26 - 0000000 ____D C:\Program Files (x86)\jZip
2012-04-01 11:17 - 2011-02-06 09:50 - 0000000 ____D C:\Program Files (x86)\PowerISO
2012-04-01 11:17 - 2011-02-05 18:58 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-04-01 11:17 - 2011-02-01 20:50 - 0000000 ____D C:\Program Files (x86)\Microsoft ActiveSync
2012-04-01 11:17 - 2011-01-29 16:42 - 0000000 ____D C:\Program Files (x86)\VstPlugins
2012-04-01 11:17 - 2011-01-27 18:08 - 0000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2012-04-01 11:17 - 2011-01-25 18:26 - 0000000 ____D C:\Program Files (x86)\tixati
2012-04-01 11:17 - 2011-01-25 18:17 - 0000000 ____D C:\Program Files (x86)\DAMN NFO Viewer
2012-04-01 11:17 - 2011-01-25 17:46 - 0000000 ____D C:\Program Files (x86)\M-Audio
2012-04-01 11:17 - 2011-01-25 17:21 - 0000000 ____D C:\Program Files (x86)\Avid
2012-04-01 11:17 - 2011-01-25 17:19 - 0000000 ____D C:\Program Files (x86)\Digidesign
2012-04-01 11:17 - 2011-01-24 21:24 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-01 11:17 - 2011-01-24 19:43 - 0000000 ____D C:\Program Files (x86)\Bluetooth Suite
2012-04-01 11:17 - 2011-01-24 19:39 - 0000000 ____D C:\Program Files (x86)\Marvell
2012-04-01 11:17 - 2011-01-24 19:38 - 0000000 ____D C:\Program Files (x86)\Renesas Electronics
2012-04-01 11:17 - 2011-01-24 19:37 - 0000000 ____D C:\Program Files (x86)\Realtek
2012-04-01 11:17 - 2011-01-24 19:36 - 0000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2012-04-01 11:17 - 2011-01-24 19:27 - 0000000 ____D C:\Program Files (x86)\ATI Technologies
2012-04-01 11:17 - 2011-01-23 20:25 - 0000000 ____D C:\Program Files (x86)\Quicken
2012-04-01 11:16 - 2012-03-17 05:39 - 0000000 ____D C:\Users\Pete\Desktop\Pro Tools 8 Know It All!
2012-04-01 11:16 - 2012-03-11 10:05 - 0000000 ____D C:\Program Files\DivX
2012-04-01 11:16 - 2012-03-11 10:04 - 0000000 ____D C:\Users\All Users\DivX
2012-04-01 11:16 - 2012-03-11 10:04 - 0000000 ____D C:\ProgramData\DivX
2012-04-01 11:16 - 2012-03-04 08:19 - 0000000 ____D C:\Users\Pete\Downloads\AMPLITUBE
2012-04-01 11:16 - 2012-02-26 16:23 - 0000000 ____D C:\Users\Pete\AppData\Local\Solid State Networks
2012-04-01 11:16 - 2012-02-20 20:39 - 0000000 ____D C:\Program Files (x86)\WebSite Downloader for Windows
2012-04-01 11:16 - 2012-02-02 18:28 - 0000000 ____D C:\Program Files\iTunes
2012-04-01 11:16 - 2012-02-02 18:28 - 0000000 ____D C:\Program Files\iPod
2012-04-01 11:16 - 2012-01-14 16:29 - 0000000 ____D C:\Users\All Users\MFAData
2012-04-01 11:16 - 2012-01-14 16:29 - 0000000 ____D C:\ProgramData\MFAData
2012-04-01 11:16 - 2012-01-14 15:15 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-04-01 11:16 - 2011-12-30 09:56 - 0000000 ____D C:\Windows\pss
2012-04-01 11:16 - 2011-12-28 12:49 - 0000000 ____D C:\Windows\ERDNT
2012-04-01 11:16 - 2011-12-28 07:57 - 0000000 ____D C:\Program Files\Bonjour
2012-04-01 11:16 - 2011-12-17 16:40 - 0000000 ____D C:\Users\Pete\Downloads\Zbotkiller
2012-04-01 11:16 - 2011-11-21 18:36 - 0000000 ____D C:\Users\All Users\PC Tools
2012-04-01 11:16 - 2011-11-21 18:36 - 0000000 ____D C:\ProgramData\PC Tools
2012-04-01 11:16 - 2011-11-18 11:31 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-01 11:16 - 2011-11-08 19:34 - 0000000 ____D C:\Program Files (x86)\Wise PC Engineer
2012-04-01 11:16 - 2011-10-22 14:33 - 0000000 ____D C:\Users\Pete\Desktop\Sessions
2012-04-01 11:16 - 2011-09-26 06:54 - 0000000 ____D C:\Users\All Users\Immunet
2012-04-01 11:16 - 2011-09-26 06:54 - 0000000 ____D C:\ProgramData\Immunet
2012-04-01 11:16 - 2011-08-24 18:29 - 0000000 ____D C:\Users\Pete\Desktop\Draft Buddy
2012-04-01 11:16 - 2011-08-21 11:45 - 0000000 ____D C:\Users\Pete\AppData\Local\Unzbin.com
2012-04-01 11:16 - 2011-08-06 07:24 - 0000000 ____D C:\Windows\System32\SPReview
2012-04-01 11:16 - 2011-08-06 07:24 - 0000000 ____D C:\Windows\System32\EventProviders
2012-04-01 11:16 - 2011-07-09 08:31 - 0000000 ____D C:\Program Files\CCleaner
2012-04-01 11:16 - 2011-06-05 09:52 - 0000000 ____D C:\Users\Pete\AppData\Local\RetailGalleryIII
2012-04-01 11:16 - 2011-06-04 11:00 - 0000000 ____D C:\Program Files\DIFX
2012-04-01 11:16 - 2011-04-22 09:24 - 0000000 ____D C:\Users\Pete\Desktop\Backing Tracks
2012-04-01 11:16 - 2011-04-05 16:48 - 0000000 ____D C:\Windows\SysWOW64\1033
2012-04-01 11:16 - 2011-02-10 20:23 - 0000000 ___DC C:\Users\All Users\{580B8E22-2CB8-4C43-AE50-9338E581C6FA}
2012-04-01 11:16 - 2011-02-10 20:23 - 0000000 ___DC C:\ProgramData\{580B8E22-2CB8-4C43-AE50-9338E581C6FA}
2012-04-01 11:16 - 2011-02-10 18:48 - 0000000 ____D C:\Program Files\Native Instruments
2012-04-01 11:16 - 2011-02-10 18:48 - 0000000 ____D C:\Program Files\Common Files\Native Instruments
2012-04-01 11:16 - 2011-02-06 08:21 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-04-01 11:16 - 2011-01-29 16:13 - 0000000 ____D C:\Program Files (x86)\WinRAR
2012-04-01 11:16 - 2011-01-29 10:05 - 0000000 ____D C:\Users\Pete\Downloads\runasdate-x64
2012-04-01 11:16 - 2011-01-28 16:24 - 0000000 ____D C:\Users\Pete\AppData\Local\Avid
2012-04-01 11:16 - 2011-01-27 20:45 - 0000000 ____D C:\Users\Pete\Downloads\Mbox_Drivers_v1019_69347
2012-04-01 11:16 - 2011-01-27 20:20 - 0000000 ____D C:\Users\Pete\Downloads\NEC_USB_3_V2040_WindowsXP_Vista_7
2012-04-01 11:16 - 2011-01-27 18:08 - 0000000 ____D C:\Users\Pete\AppData\Roaming\Thunderbird
2012-04-01 11:16 - 2011-01-25 21:16 - 0000000 ____D C:\Users\Pete\Downloads\p64v264
2012-04-01 11:16 - 2011-01-25 18:58 - 0000000 ____D C:\Users\Pete\AppData\Roaming\Digidesign
2012-04-01 11:16 - 2011-01-25 18:50 - 0000000 ____D C:\Users\All Users\FLEXnet
2012-04-01 11:16 - 2011-01-25 18:50 - 0000000 ____D C:\ProgramData\FLEXnet
2012-04-01 11:16 - 2011-01-25 18:21 - 0000000 ____D C:\Program Files (x86)\WinPcap
2012-04-01 11:16 - 2011-01-25 18:20 - 0000000 ____D C:\Users\Pete\AppData\Roaming\Song Surgeon 3
2012-04-01 11:16 - 2011-01-25 17:38 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-04-01 11:16 - 2011-01-25 17:38 - 0000000 ____D C:\Users\All Users\Apple
2012-04-01 11:16 - 2011-01-25 17:38 - 0000000 ____D C:\ProgramData\Apple Computer
2012-04-01 11:16 - 2011-01-25 17:38 - 0000000 ____D C:\ProgramData\Apple
2012-04-01 11:16 - 2011-01-24 19:42 - 0000000 ____D C:\Windows\RaidTool
2012-04-01 11:16 - 2011-01-24 19:41 - 0000000 ____D C:\Program Files\Intel
2012-04-01 11:16 - 2011-01-24 19:37 - 0000000 ____D C:\Program Files\Realtek
2012-04-01 11:16 - 2011-01-24 19:28 - 0000000 ____D C:\Program Files\Common Files\ATI Technologies
2012-04-01 11:16 - 2011-01-24 19:08 - 0000000 ____D C:\users\Pete
2012-04-01 11:16 - 2011-01-23 20:12 - 0000000 ____D C:\Users\Pete\AppData\Roaming\Logishrd
2012-04-01 11:16 - 2011-01-23 20:12 - 0000000 ____D C:\Program Files\Common Files\LogiShrd
2012-04-01 11:16 - 2009-07-13 23:46 - 0000000 ____D C:\Windows\ShellNew
2012-04-01 11:16 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-04-01 11:16 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-04-01 11:16 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Microsoft Games
2012-04-01 11:16 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-04-01 11:16 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\Setup
2012-04-01 11:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-04-01 11:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Msdtc
2012-04-01 11:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\GroupPolicy
2012-04-01 11:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\security
2012-04-01 11:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2012-04-01 11:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-04-01 11:16 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-04-01 11:15 - 2011-02-10 16:53 - 0000000 ____D C:\Windows\SysWOW64\spool
2012-04-01 11:15 - 2011-01-24 21:29 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-04-01 11:15 - 2011-01-24 19:37 - 0000000 ____D C:\Windows\SysWOW64\RTCOM
2012-04-01 11:15 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\sysprep
2012-04-01 11:15 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\TAPI
2012-04-01 11:15 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Recovery
2012-03-31 17:57 - 2012-03-31 17:57 - 0110232 ____A C:\Windows\ntbtlog.txt
2012-03-31 17:55 - 2012-03-31 17:55 - 0000506 ____A C:\Windows\PFRO.log
2012-03-31 17:54 - 2012-03-31 07:59 - 0086016 ____A C:\Users\All Users\aecfbfeacdct.exe
2012-03-31 17:54 - 2012-03-31 07:59 - 0086016 ____A C:\ProgramData\aecfbfeacdct.exe
2012-03-31 17:54 - 2012-03-24 06:14 - 0236700 ____A C:\Windows\WindowsUpdate.log
2012-03-31 17:16 - 2012-03-30 17:14 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-03-31 17:16 - 2012-03-04 16:42 - 0000354 ____A C:\Windows\Tasks\At42.job
2012-03-31 17:16 - 2012-03-04 16:42 - 0000354 ____A C:\Windows\Tasks\At40.job
2012-03-31 17:16 - 2012-03-04 16:42 - 0000354 ____A C:\Windows\Tasks\At38.job
2012-03-31 17:16 - 2012-03-04 16:42 - 0000354 ____A C:\Windows\Tasks\At36.job
2012-03-31 17:16 - 2012-03-04 16:42 - 0000354 ____A C:\Windows\Tasks\At34.job
2012-03-31 17:16 - 2012-03-04 16:42 - 0000352 ____A C:\Windows\Tasks\At41.job
2012-03-31 17:16 - 2012-03-04 16:42 - 0000352 ____A C:\Windows\Tasks\At39.job
2012-03-31 17:16 - 2012-03-04 16:42 - 0000352 ____A C:\Windows\Tasks\At37.job
2012-03-31 17:16 - 2012-03-04 16:42 - 0000352 ____A C:\Windows\Tasks\At35.job
2012-03-31 17:16 - 2012-03-04 16:42 - 0000352 ____A C:\Windows\Tasks\At33.job
2012-03-31 12:08 - 2012-03-04 16:42 - 0000354 ____A C:\Windows\Tasks\At32.job
2012-03-31 12:08 - 2012-03-04 16:42 - 0000352 ____A C:\Windows\Tasks\At31.job
2012-03-31 11:30 - 2012-03-31 11:31 - 4452445 ____A (Swearware) C:\Users\Pete\Desktop\ComboFix(1).exe
2012-03-31 11:30 - 2012-03-31 11:30 - 4452445 ____A (Swearware) C:\Users\Pete\Downloads\ComboFix(1).exe
2012-03-31 11:22 - 2012-03-31 11:23 - 2322184 ____A (ESET) C:\Users\Pete\Downloads\esetsmartinstaller_enu(2).exe
2012-03-31 11:08 - 2012-03-04 16:42 - 0000354 ____A C:\Windows\Tasks\At30.job
2012-03-31 11:08 - 2012-03-04 16:42 - 0000352 ____A C:\Windows\Tasks\At29.job
2012-03-31 10:47 - 2012-03-31 10:47 - 0593920 ____A (OldTimer Tools) C:\Users\Pete\Downloads\OTL.exe
2012-03-31 10:45 - 2012-03-31 10:45 - 0879714 ____A C:\Users\Pete\Downloads\SecurityCheck.exe
2012-03-31 10:45 - 2012-03-31 10:45 - 0879714 ____A C:\Users\Pete\Desktop\SecurityCheck.exe
2012-03-31 10:44 - 2012-03-07 21:19 - 0007419 ____A C:\Users\Pete\Desktop\catchme.log
2012-03-31 10:32 - 2011-11-24 21:16 - 0000446 ____A C:\rkill.log
2012-03-31 10:26 - 2012-03-24 19:31 - 0017360 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-31 10:26 - 2012-03-24 19:31 - 0017360 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-31 10:23 - 2009-07-13 21:13 - 0779306 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-31 10:20 - 2012-01-16 13:05 - 0000000 ___RD C:\Users\Pete\Dropbox
2012-03-31 10:20 - 2012-01-16 13:03 - 0000000 ____D C:\Users\Pete\AppData\Roaming\Dropbox
2012-03-31 10:19 - 2012-03-31 10:19 - 0000056 ____A C:\Windows\setupact.log
2012-03-31 10:19 - 2012-03-31 10:19 - 0000000 ____A C:\Windows\setuperr.log
2012-03-31 10:19 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-31 10:14 - 2012-03-31 10:14 - 0001520 ____A C:\Users\Pete\Documents\cc_20120331_131402.reg
2012-03-31 10:13 - 2012-03-11 10:22 - 0000000 ____D C:\Users\Pete\AppData\Roaming\Media Player Classic
2012-03-31 10:08 - 2012-03-04 16:42 - 0000354 ____A C:\Windows\Tasks\At28.job
2012-03-31 10:08 - 2012-03-04 16:42 - 0000352 ____A C:\Windows\Tasks\At27.job
2012-03-31 09:16 - 2012-03-31 09:16 - 0389024 ____A (Bleeping Computer, LLC) C:\Users\Pete\Downloads\unhide.exe
2012-03-31 08:17 - 2012-03-31 08:17 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\Pete\Downloads\mbam--setup-1.60.1.1000.exe
2012-03-31 08:07 - 2012-01-10 19:48 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-03-31 08:05 - 2012-03-31 08:05 - 0000647 ____A C:\Users\Pete\Desktop\SMART_HDD.lnk
2012-03-31 08:05 - 2012-03-31 08:05 - 0000256 ____A C:\Users\All Users\xUZV8LeTytAZtD
2012-03-31 08:05 - 2012-03-31 08:05 - 0000256 ____A C:\ProgramData\xUZV8LeTytAZtD
2012-03-31 08:05 - 2012-03-31 08:05 - 0000208 ____A C:\Users\All Users\-xUZV8LeTytAZtDr
2012-03-31 08:05 - 2012-03-31 08:05 - 0000208 ____A C:\ProgramData\-xUZV8LeTytAZtDr
2012-03-31 08:05 - 2012-03-31 08:05 - 0000000 ____A C:\Users\All Users\-xUZV8LeTytAZtD
2012-03-31 08:05 - 2012-03-31 08:05 - 0000000 ____A C:\ProgramData\-xUZV8LeTytAZtD
2012-03-31 07:08 - 2012-03-04 16:42 - 0000354 ____A C:\Windows\Tasks\At22.job
2012-03-31 07:08 - 2012-03-04 16:42 - 0000352 ____A C:\Windows\Tasks\At21.job
2012-03-31 06:08 - 2012-03-04 16:42 - 0000354 ____A C:\Windows\Tasks\At20.job
2012-03-31 06:08 - 2012-03-04 16:42 - 0000352 ____A C:\Windows\Tasks\At19.job
2012-03-31 05:19 - 2012-03-04 16:42 - 0000354 ____A C:\Windows\Tasks\At8.job
2012-03-31 05:19 - 2012-03-04 16:42 - 0000354 ____A C:\Windows\Tasks\At6.job
2012-03-31 05:19 - 2012-03-04 16:42 - 0000354 ____A C:\Windows\Tasks\At48.job
2012-03-31 05:19 - 2012-03-04 16:42 - 0000354 ____A C:\Windows\Tasks\At46.job
2012-03-31 05:19 - 2012-03-04 16:42 - 0000354 ____A C:\Windows\Tasks\At4.job
2012-03-31 05:19 - 2012-03-04 16:42 - 0000354 ____A C:\Windows\Tasks\At2.job
2012-03-31 05:19 - 2012-03-04 16:42 - 0000354 ____A C:\Windows\Tasks\At18.job
2012-03-31 05:19 - 2012-03-04 16:42 - 0000354 ____A C:\Windows\Tasks\At16.job
2012-03-31 05:19 - 2012-03-04 16:42 - 0000354 ____A C:\Windows\Tasks\At14.job
2012-03-31 05:19 - 2012-03-04 16:42 - 0000354 ____A C:\Windows\Tasks\At12.job
2012-03-31 05:19 - 2012-03-04 16:42 - 0000354 ____A C:\Windows\Tasks\At10.job
2012-03-31 05:19 - 2012-03-04 16:42 - 0000352 ____A C:\Windows\Tasks\At9.job
2012-03-31 05:19 - 2012-03-04 16:42 - 0000352 ____A C:\Windows\Tasks\At7.job
2012-03-31 05:19 - 2012-03-04 16:42 - 0000352 ____A C:\Windows\Tasks\At5.job
2012-03-31 05:19 - 2012-03-04 16:42 - 0000352 ____A C:\Windows\Tasks\At47.job
2012-03-31 05:19 - 2012-03-04 16:42 - 0000352 ____A C:\Windows\Tasks\At45.job
2012-03-31 05:19 - 2012-03-04 16:42 - 0000352 ____A C:\Windows\Tasks\At3.job
2012-03-31 05:19 - 2012-03-04 16:42 - 0000352 ____A C:\Windows\Tasks\At17.job
2012-03-31 05:19 - 2012-03-04 16:42 - 0000352 ____A C:\Windows\Tasks\At15.job
2012-03-31 05:19 - 2012-03-04 16:42 - 0000352 ____A C:\Windows\Tasks\At13.job
2012-03-31 05:19 - 2012-03-04 16:42 - 0000352 ____A C:\Windows\Tasks\At11.job
2012-03-31 05:19 - 2012-03-04 16:42 - 0000352 ____A C:\Windows\Tasks\At1.job
2012-03-30 18:08 - 2012-03-04 16:42 - 0000354 ____A C:\Windows\Tasks\At44.job
2012-03-30 18:08 - 2012-03-04 16:42 - 0000352 ____A C:\Windows\Tasks\At43.job
2012-03-30 17:57 - 2012-03-30 17:57 - 8767136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-03-30 17:57 - 2012-03-30 17:14 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-30 17:57 - 2011-11-27 18:46 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-03-30 09:08 - 2012-03-04 16:42 - 0000354 ____A C:\Windows\Tasks\At26.job
2012-03-30 09:08 - 2012-03-04 16:42 - 0000352 ____A C:\Windows\Tasks\At25.job
2012-03-30 08:08 - 2012-03-04 16:42 - 0000354 ____A C:\Windows\Tasks\At24.job
2012-03-30 08:08 - 2012-03-04 16:42 - 0000352 ____A C:\Windows\Tasks\At23.job
2012-03-29 03:23 - 2011-01-28 16:04 - 0000000 ____D C:\Users\Pete\AppData\Local\CrashDumps
2012-03-26 00:03 - 2011-01-26 18:18 - 0773030 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-03-26 00:03 - 2009-07-13 21:08 - 0032610 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-03-25 20:06 - 2012-03-04 08:22 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-25 09:40 - 2012-03-24 14:00 - 0000000 ____D C:\Users\All Users\Norton
2012-03-25 09:40 - 2012-03-24 14:00 - 0000000 ____D C:\ProgramData\Norton
2012-03-25 09:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-03-25 08:45 - 2012-03-25 08:46 - 0302592 ____A C:\Users\Pete\Desktop\9byithvs.exe
2012-03-25 08:45 - 2012-03-25 08:45 - 0302592 ____A C:\Users\Pete\Downloads\9byithvs.exe
2012-03-25 08:36 - 2012-03-25 08:36 - 0147456 ____A C:\Users\Pete\Downloads\catchme(1).exe
2012-03-25 08:36 - 2012-03-25 08:36 - 0147456 ____A C:\Users\Pete\Desktop\music.exe
2012-03-25 07:41 - 2012-03-07 21:25 - 0000227 ____A C:\Users\Pete\Desktop\mbr.log
2012-03-25 07:09 - 2011-01-26 18:24 - 0002052 ____A C:\Windows\epplauncher.mif
2012-03-25 07:08 - 2012-03-25 07:08 - 10165440 ____A (Microsoft Corporation) C:\Users\Pete\Downloads\mseinstall(1).exe
2012-03-25 07:06 - 2012-03-25 07:06 - 0159144 ____A (Microsoft Corporation) C:\Users\Pete\Downloads\WindowsActivationUpdate.exe
2012-03-25 06:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-03-24 19:16 - 2012-03-24 19:16 - 0024064 ____A C:\Users\Pete\Documents\virus.doc
2012-03-24 18:47 - 2012-03-24 18:47 - 0000000 ____D C:\Windows\System32\MpEngineStore
2012-03-24 14:07 - 2012-03-24 14:00 - 0000000 ____D C:\Users\Pete\AppData\Local\NPE
2012-03-24 06:15 - 2012-03-24 06:14 - 0001074 ____A C:\Users\Pete\Documents\cc_20120324_091455.reg
2012-03-22 16:37 - 2012-03-22 16:37 - 0000000 ____D C:\Users\Pete\AppData\Roaming\Curiolab
2012-03-22 16:37 - 2012-03-22 16:36 - 122969312 ____A (CURIOLAB S.M.B.A.) C:\Users\Pete\Downloads\ExterminateItSetup.exe
2012-03-20 15:48 - 2011-01-24 19:48 - 0000035 ____A C:\Users\Public\Documents\AtherosServiceConfig.ini
2012-03-19 16:39 - 2011-09-20 09:04 - 0000000 ____D C:\Users\Pete\Amp Stuff
2012-03-18 18:39 - 2012-03-18 18:39 - 0000000 ____D C:\Users\Pete\Documents\Bluetooth Folder
2012-03-17 05:35 - 2012-03-03 08:47 - 0000000 ____D C:\Program Files (x86)\IK Multimedia
2012-03-17 05:23 - 2012-03-31 09:32 - 0000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-03-17 05:22 - 2012-03-17 05:22 - 3628016 ____A (Piriform Ltd) C:\Users\Pete\Downloads\ccsetup316.exe
2012-03-15 15:59 - 2012-03-15 15:59 - 0050477 ____A C:\Users\Pete\Downloads\Defogger(1).exe
2012-03-15 15:52 - 2012-03-15 15:52 - 0607260 ____A (Swearware) C:\Users\Pete\Downloads\dds.scr
2012-03-15 15:52 - 2012-03-15 15:52 - 0607260 ____A (Swearware) C:\Users\Pete\Downloads\dds(1).scr
2012-03-15 15:50 - 2012-03-15 15:50 - 0050477 ____A C:\Users\Pete\Downloads\Defogger.exe
2012-03-14 00:18 - 2009-07-13 20:45 - 2983040 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-14 00:00 - 2011-02-02 19:03 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-11 10:22 - 2012-03-11 10:05 - 0000000 ____D C:\Users\Pete\AppData\Roaming\DivX
2012-03-11 10:20 - 2012-03-31 09:32 - 0001273 ____A C:\Users\Public\Desktop\Media Player Classic.lnk
2012-03-11 10:16 - 2012-03-11 10:15 - 23096468 ____A ( ) C:\Users\Pete\Downloads\K-Lite_Codec_Pack_840_Mega.exe
2012-03-11 10:12 - 2012-03-31 09:32 - 0001066 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-03-11 10:12 - 2012-03-11 10:12 - 0000050 ____A C:\user.js
2012-03-11 10:12 - 2012-03-11 10:12 - 0000000 ____D C:\Users\Default\AppData\Roaming\Mozilla
2012-03-11 10:12 - 2012-03-11 10:12 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Mozilla
2012-03-11 10:12 - 2012-03-11 10:12 - 0000000 ____D C:\Program Files (x86)\VideoLAN
2012-03-11 10:10 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Resources
2012-03-11 10:06 - 2012-03-31 09:32 - 0002116 ____A C:\Users\Public\Desktop\DivX Plus Converter.lnk
2012-03-11 10:06 - 2012-03-11 10:06 - 0001607 ____A C:\Users\Pete\Desktop\DivX Movies.lnk
2012-03-11 10:06 - 2012-03-11 10:06 - 0000000 ____D C:\Users\Pete\AppData\Local\DDMSettings
2012-03-11 10:06 - 2011-01-24 19:08 - 0000000 ____D C:\Users\Pete\AppData\LocalLow
2012-03-11 10:05 - 2012-03-31 09:32 - 0001112 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
2012-03-11 10:04 - 2012-03-11 10:04 - 0912736 ____A (DivX, LLC) C:\Users\Pete\Downloads\DivXInstaller.exe
2012-03-10 21:57 - 2011-01-25 18:26 - 0000000 ____D C:\Users\Pete\AppData\Roaming\tixati
2012-03-06 20:44 - 2012-03-06 20:44 - 0036199 ____A C:\Users\Pete\Desktop\loewenherz-1-SEreworked10g.png
2012-03-06 20:42 - 2012-03-06 20:42 - 0036056 ____A C:\Users\Pete\Desktop\loewenherz-1-SEreworked10fdivider.png
2012-03-06 19:38 - 2012-03-31 09:32 - 0000930 ____A C:\Users\Public\Desktop\EPSON Scan.lnk
2012-03-04 18:08 - 2011-02-19 14:08 - 0000000 ____D C:\Windows\Minidump
2012-03-04 16:45 - 2012-03-04 16:42 - 0000112 ____A C:\Users\All Users\b4K70FV2g.dat
2012-03-04 16:45 - 2012-03-04 16:42 - 0000112 ____A C:\ProgramData\b4K70FV2g.dat
2012-03-04 08:21 - 2012-03-04 08:21 - 0000000 ____D C:\Windows\system64
2012-03-04 07:17 - 2012-03-04 07:17 - 24252300 ____A C:\Users\Pete\Desktop\B52_AT100_MIX - Copy.mp4
2012-03-04 07:17 - 2012-03-04 07:16 - 24252300 ____A C:\Users\Pete\Desktop\B52_AT100_MIX.mp4
2012-02-27 19:08 - 2012-02-27 19:08 - 0018432 ____A C:\Users\Pete\Desktop\load.xls
2012-02-27 19:04 - 2012-02-27 19:04 - 0000127 ____A C:\Users\Pete\Downloads\doubler.psu
2012-02-27 18:59 - 2012-01-14 16:04 - 0796672 ____A (Qsc) C:\Windows\GPInstall.exe
2012-02-27 18:52 - 2012-02-27 18:52 - 1083123 ____A (Qsc) C:\Users\Pete\Downloads\psud2_setup(1).exe
2012-02-27 17:55 - 2012-01-16 13:05 - 0001013 ____A C:\Users\Pete\Desktop\Dropbox.lnk
2012-02-27 17:55 - 2012-01-16 13:03 - 0000993 ____A C:\Users\Pete\Start Menu\Programs\Startup\Dropbox.lnk
2012-02-27 17:55 - 2012-01-16 13:03 - 0000993 ____A C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-02-20 20:39 - 2012-02-20 20:39 - 0001149 ____A C:\Users\Pete\Desktop\WebSite Downloader for Windows.lnk
2012-02-20 20:38 - 2012-02-20 20:38 - 2958093 ____A (Attila Keszi) C:\Users\Pete\Downloads\winwsd-1.1f.exe
2012-02-19 14:20 - 2012-02-19 14:20 - 0000000 ____D C:\Users\Pete\Downloads\tube
2012-02-19 14:09 - 2012-02-19 14:09 - 0000000 ____D C:\Users\Pete\AppData\Roaming\MathWorks
2012-02-19 14:08 - 2012-03-31 09:32 - 0001174 ____A C:\Users\Public\Desktop\MATLAB R2009b.lnk
2012-02-19 13:54 - 2012-01-24 17:50 - 0000000 ____D C:\Program Files\MATLAB
2012-02-19 13:12 - 2011-01-28 16:24 - 0000000 ____D C:\Users\All Users\Avid
2012-02-19 13:12 - 2011-01-28 16:24 - 0000000 ____D C:\ProgramData\Avid
2012-02-16 22:38 - 2012-03-13 21:38 - 1112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-02-16 22:38 - 2012-03-13 21:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-13 21:38 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-13 21:38 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-13 21:38 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 04:15 - 2011-01-24 19:08 - 0000174 ___SH C:\Users\Pete\Start Menu\Programs\Startup\desktop.ini
2012-02-16 04:15 - 2011-01-24 19:08 - 0000174 ___SH C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-15 10:00 - 2012-03-11 10:20 - 0079360 ____A C:\Windows\SysWOW64\ff_vfw.dll
2012-02-12 18:42 - 2012-02-12 18:42 - 0001799 ____A C:\Users\Pete\Desktop\human nature.xsc
2012-02-11 10:43 - 2012-02-11 10:43 - 15302007 ____A C:\Users\Pete\Desktop\Kristian_s_Carvin_Legacy..._Not_your_Momma_s_Amp.mp4
2012-02-09 22:36 - 2012-03-13 21:38 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-13 21:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-07 15:57 - 2012-03-31 08:17 - 0001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-02-04 12:29 - 2012-02-04 12:29 - 0000000 ____D C:\Users\Pete\hob
2012-02-02 20:34 - 2012-03-13 21:38 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-02 20:08 - 2012-02-02 20:08 - 0025241 ____A C:\Users\Pete\Desktop\50552_290718127653710_1008920853_n.jpg
2012-02-02 18:28 - 2012-03-31 09:32 - 0001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-02-01 22:16 - 2012-02-01 22:16 - 0012082 ____A C:\Users\Pete\Downloads\Edge
2012-02-01 22:15 - 2012-02-01 22:16 - 0012076 ____A C:\Users\Pete\Downloads\Shim+Trem.Prs
2012-01-24 22:38 - 2012-03-13 21:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:38 - 2012-03-13 21:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:33 - 2012-03-13 21:38 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-24 19:26 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-01-24 18:04 - 2012-01-24 18:04 - 0889416 ____A (Microsoft Corporation) C:\Users\Pete\Downloads\dotNetFx40_Full_setup.exe
2012-01-24 18:00 - 2012-01-24 18:00 - 0509264 ____A (Microsoft Corporation) C:\Users\Pete\Downloads\winsdk_web(1).exe
2012-01-24 17:59 - 2012-01-24 17:59 - 0509264 ____A (Microsoft Corporation) C:\Users\Pete\Downloads\winsdk_web.exe
2012-01-21 18:30 - 2012-01-21 18:30 - 1704613 ____A C:\Users\Pete\Desktop\math.pdf
2012-01-18 21:00 - 2012-01-18 21:00 - 0003193 ____A C:\Users\Pete\Desktop\TDSL Personal Edition 1.1.lnk
2012-01-18 21:00 - 2012-01-14 16:04 - 0000000 ____D C:\Program Files (x86)\Duncan Amplification
2012-01-18 20:59 - 2012-01-18 20:59 - 1391104 ____A C:\Users\Pete\Downloads\TDSL Personal Edition 1.1.msi
2012-01-18 04:34 - 2012-03-04 08:16 - 0000029 ____N C:\Users\Pete\Downloads\FILE_ID.DIZ
2012-01-17 18:37 - 2012-03-04 08:16 - 0010736 ____N C:\Users\Pete\Downloads\CORE.nfo
2012-01-16 21:28 - 2012-01-16 21:28 - 0146131 ____A C:\Users\Pete\Downloads\tube.zip
2012-01-16 21:28 - 2012-01-16 21:28 - 0000000 ____D C:\Users\Pete\Desktop\tube
2012-01-16 21:25 - 2012-01-16 21:25 - 0134656 ____A C:\Users\Pete\Downloads\triodecalc.xls
2012-01-16 21:10 - 2012-01-16 21:10 - 0107365 ____A C:\Users\Pete\Desktop\800px-TriodeECC83Characteristic1.png
2012-01-16 16:39 - 2012-01-16 16:39 - 0947526 ____A C:\Users\Pete\Downloads\Econo.mp3
2012-01-16 13:03 - 2012-01-16 13:03 - 15033280 ____A (Dropbox, Inc.) C:\Users\Pete\Downloads\Dropbox 1.2.49.exe
2012-01-16 10:28 - 2012-01-16 10:28 - 0246432 ____A C:\Users\Pete\Desktop\AX84_1x12_Cab_09.08.03.pdf
2012-01-16 10:12 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-01-16 10:12 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Default
2012-01-16 10:08 - 2012-01-16 10:08 - 0000000 __SHD C:\$RECYCLE.BIN
2012-01-16 10:07 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-01-16 10:06 - 2012-01-16 10:06 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-01-16 10:06 - 2012-01-16 10:06 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-01-16 10:06 - 2012-01-16 10:06 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-01-16 10:06 - 2012-01-16 10:06 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-01-16 10:06 - 2012-01-16 10:06 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-01-16 10:06 - 2012-01-16 10:06 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-01-16 10:06 - 2012-01-16 10:06 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-01-16 10:06 - 2012-01-16 10:06 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-01-16 10:06 - 2012-01-16 10:06 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-01-16 10:06 - 2012-01-16 10:06 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-01-16 10:06 - 2009-07-13 18:34 - 75759616 ____A C:\Windows\System32\config\software.bak
2012-01-16 10:06 - 2009-07-13 18:34 - 27525120 ____A C:\Windows\System32\config\system.bak
2012-01-16 10:06 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\security.bak
2012-01-16 10:06 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\sam.bak
2012-01-16 10:06 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\default.bak
2012-01-16 08:47 - 2011-11-26 17:31 - 4385658 ____R (Swearware) C:\Users\Pete\Downloads\ComboFix.exe
2012-01-15 09:08 - 2012-01-14 16:35 - 0000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-01-15 09:08 - 2012-01-14 16:34 - 0000000 ____D C:\Users\All Users\AVG2012
2012-01-15 09:08 - 2012-01-14 16:34 - 0000000 ____D C:\ProgramData\AVG2012
2012-01-15 09:07 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\winrm
2012-01-15 09:07 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\WCN
2012-01-15 09:07 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2012-01-15 09:07 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-01-15 09:07 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2012-01-15 09:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Web
2012-01-15 09:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Vss
2012-01-15 09:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\spp
2012-01-15 09:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-01-15 09:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\NetworkList
2012-01-15 09:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2012-01-15 09:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Msdtc
2012-01-15 09:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-01-15 09:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-01-15 09:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\IME
2012-01-15 09:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-01-15 09:06 - 2012-01-14 16:34 - 0000000 ____D C:\Program Files (x86)\garbage
2012-01-15 09:06 - 2012-01-14 15:16 - 0000000 ____D C:\Users\Pete\AppData\Roaming\SUPERAntiSpyware.com
2012-01-15 09:06 - 2011-12-21 16:32 - 0000000 ____D C:\Program Files (x86)\MSECache
2012-01-15 09:06 - 2011-12-09 22:32 - 0000000 ____D C:\Program Files (x86)\Sophos
2012-01-15 09:06 - 2011-11-25 15:26 - 0000000 ____D C:\Program Files (x86)\ESET
2012-01-15 09:06 - 2011-11-21 20:42 - 0000000 ____D C:\Users\Pete\AppData\Roaming\Malwarebytes
2012-01-15 09:06 - 2011-11-21 20:42 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-01-15 09:06 - 2011-11-21 20:42 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-01-15 09:06 - 2011-06-23 17:15 - 0000000 ____D C:\Users\All Users\Psicraft
2012-01-15 09:06 - 2011-06-23 17:15 - 0000000 ____D C:\ProgramData\Psicraft
2012-01-15 09:06 - 2011-06-23 17:15 - 0000000 ____D C:\Program Files\Psicraft
2012-01-15 09:06 - 2011-06-23 17:15 - 0000000 ____D C:\Program Files (x86)\Psicraft
2012-01-15 09:06 - 2011-06-04 11:00 - 0000000 ____D C:\Program Files (x86)\Fishman
2012-01-15 09:06 - 2011-04-11 18:00 - 0000000 ____D C:\Users\All Users\CanonBJ
2012-01-15 09:06 - 2011-04-11 18:00 - 0000000 ____D C:\ProgramData\CanonBJ
2012-01-15 09:06 - 2011-04-09 14:36 - 0000000 ____D C:\Program Files (x86)\onOne Software
2012-01-15 09:06 - 2011-04-09 14:19 - 0000000 ____D C:\Program Files (x86)\Imagenomic
2012-01-15 09:06 - 2011-04-09 10:38 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-01-15 09:06 - 2011-04-09 10:38 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-01-15 09:06 - 2011-04-09 10:32 - 0000000 ____D C:\Program Files (x86)\epson
2012-01-15 09:06 - 2011-04-05 16:50 - 0000000 ____D C:\Users\Pete\AppData\Local\Autodesk
2012-01-15 09:06 - 2011-04-05 16:47 - 0000000 ____D C:\Users\Pete\AppData\Roaming\Autodesk
2012-01-15 09:06 - 2011-03-28 05:16 - 0000000 ____D C:\Program Files\Java
2012-01-15 09:06 - 2011-02-12 09:39 - 0000000 ____D C:\Users\Pete\AppData\Local\doubleTwist Corporation
2012-01-15 09:06 - 2011-02-10 20:32 - 0000000 ____D C:\Users\Pete\AppData\Local\Native Instruments
2012-01-15 09:06 - 2011-02-10 16:55 - 0000000 ____D C:\Program Files\Adobe
2012-01-15 09:06 - 2011-02-10 16:52 - 0000000 ____D C:\Program Files\Common Files\Macrovision Shared
2012-01-15 09:06 - 2011-02-10 16:52 - 0000000 ____D C:\Program Files\Common Files\Adobe
2012-01-15 09:06 - 2011-02-06 08:21 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-01-15 09:06 - 2011-02-06 08:21 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-01-15 09:06 - 2011-02-01 20:49 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-01-15 09:06 - 2011-01-29 16:42 - 0000000 ____D C:\Program Files (x86)\Toontrack
2012-01-15 09:06 - 2011-01-29 16:34 - 0000000 ____D C:\Program Files (x86)\Nero
2012-01-15 09:06 - 2011-01-27 20:25 - 0000000 ____D C:\Users\Pete\Downloads\Intel_LAN_V15600_XpVistaWin7
2012-01-15 09:06 - 2011-01-27 20:17 - 0000000 ____D C:\Users\Pete\Downloads\Intel_Chipset_V9201015_XPVistaWin7
2012-01-15 09:06 - 2011-01-27 20:01 - 0000000 ____D C:\Users\Pete\AppData\Local\SlimWare Utilities Inc
2012-01-15 09:06 - 2011-01-25 21:18 - 0000000 ____D C:\Users\Pete\Downloads\RealTempBeta
2012-01-15 09:06 - 2011-01-25 20:50 - 0000000 ____D C:\Program Files\CPUID
2012-01-15 09:06 - 2011-01-25 18:58 - 0000000 ____D C:\Users\Pete\AppData\Roaming\M-Audio
2012-01-15 09:06 - 2011-01-25 18:46 - 0000000 ____D C:\Users\All Users\Adobe
2012-01-15 09:06 - 2011-01-25 18:46 - 0000000 ____D C:\ProgramData\Adobe
2012-01-15 09:06 - 2011-01-25 17:54 - 0000000 ____D C:\Program Files\M-Audio
2012-01-15 09:06 - 2011-01-25 17:45 - 0000000 ____D C:\Program Files (x86)\Celemony
2012-01-15 09:06 - 2011-01-25 17:31 - 0000000 ____D C:\Users\All Users\Digidesign
2012-01-15 09:06 - 2011-01-25 17:31 - 0000000 ____D C:\ProgramData\Digidesign
2012-01-15 09:06 - 2011-01-25 17:21 - 0000000 ____D C:\Program Files\Avid
2012-01-15 09:06 - 2011-01-25 17:19 - 0000000 ____D C:\Program Files\Digidesign
2012-01-15 09:06 - 2011-01-24 21:30 - 0000000 ____D C:\Users\Pete\AppData\Roaming\Macromedia
2012-01-15 09:06 - 2011-01-24 21:30 - 0000000 ____D C:\Users\Pete\AppData\Roaming\Adobe
2012-01-15 09:06 - 2011-01-24 21:24 - 0000000 ____D C:\Users\Pete\AppData\Roaming\Mozilla
2012-01-15 09:06 - 2011-01-24 21:24 - 0000000 ____D C:\Users\Pete\AppData\Local\Mozilla
2012-01-15 09:06 - 2011-01-24 19:33 - 0000000 ____D C:\Program Files (x86)\Intel
2012-01-15 09:06 - 2011-01-24 19:27 - 0000000 ____D C:\Program Files\ATI
2012-01-15 09:06 - 2011-01-24 19:08 - 0000000 ____D C:\Users\Pete\AppData\Local\VirtualStore
2012-01-15 09:06 - 2011-01-23 20:25 - 0000000 ____D C:\Users\Pete\AppData\Roaming\Intuit
2012-01-15 09:06 - 2011-01-23 20:24 - 0000000 ____D C:\Users\All Users\Intuit
2012-01-15 09:06 - 2011-01-23 20:24 - 0000000 ____D C:\ProgramData\Intuit
2012-01-15 09:06 - 2011-01-23 20:13 - 0000000 ____D C:\Users\All Users\Logishrd
2012-01-15 09:06 - 2011-01-23 20:13 - 0000000 ____D C:\ProgramData\Logishrd
2012-01-15 09:06 - 2011-01-23 20:13 - 0000000 ____D C:\Program Files\Logitech
2012-01-15 09:06 - 2009-07-13 23:46 - 0000000 ____D C:\Program Files\Windows Journal
2012-01-15 09:06 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\winrm
2012-01-15 09:06 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\WCN
2012-01-15 09:06 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\slmgr
2012-01-15 09:06 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2012-01-15 09:06 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WindowsPowerShell
2012-01-15 09:06 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2012-01-15 09:06 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Performance
2012-01-15 09:06 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-01-15 09:06 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-01-15 09:06 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Reference Assemblies
2012-01-15 09:06 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\MSBuild
2012-01-15 09:06 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-01-15 09:06 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-01-15 09:06 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-01-15 09:06 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Reference Assemblies
2012-01-15 09:06 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\ServiceProfiles
2012-01-15 09:06 - 2009-07-13 19:20 - 0000000 __RSD C:\Windows\Media
2012-01-15 09:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-01-15 09:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spp
2012-01-15 09:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spool
2012-01-15 09:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Speech
2012-01-15 09:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\SMI
2012-01-15 09:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-01-15 09:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NetworkList
2012-01-15 09:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\MUI
2012-01-15 09:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-01-15 09:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\IME
2012-01-15 09:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-01-15 09:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com
2012-01-15 09:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Speech
2012-01-15 09:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2012-01-15 09:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\schemas
2012-01-15 09:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-01-15 09:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-01-15 09:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PLA
2012-01-15 09:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2012-01-15 09:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Globalization
2012-01-15 09:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Branding
2012-01-15 09:06 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Windows NT
2012-01-15 09:06 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-01-15 09:06 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-01-15 09:06 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files (x86)\Windows NT
2012-01-15 09:05 - 2011-04-05 16:47 - 0000000 ____D C:\Program Files (x86)\Autodesk
2012-01-15 09:05 - 2011-01-25 18:46 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-01-15 07:58 - 2012-01-15 07:59 - 1008141 ____A C:\Users\Pete\Desktop\rkill.com
2012-01-15 07:58 - 2012-01-15 07:58 - 1008141 ____A C:\Users\Pete\Downloads\rkill.com
2012-01-15 07:57 - 2012-01-15 07:57 - 1008141 ____A C:\Users\Pete\Downloads\rkill.scr
2012-01-15 07:40 - 2012-01-15 07:40 - 0004561 ____A C:\Windows\SysWOW64\jupdate-1.6.0_30-b12.log
2012-01-15 07:40 - 2011-06-01 13:18 - 0000000 ____D C:\Program Files (x86)\Java
2012-01-14 18:18 - 2012-01-14 18:18 - 0000000 ____D C:\$AVG
2012-01-14 16:35 - 2012-01-14 16:35 - 0000000 ____D C:\Users\All Users\AVG Secure Search
2012-01-14 16:35 - 2012-01-14 16:35 - 0000000 ____D C:\ProgramData\AVG Secure Search
2012-01-14 16:29 - 2012-01-14 16:29 - 3968544 ____A (AVG Technologies) C:\Users\Pete\Downloads\avg_free_stb_all_2012_1901_cnet.exe
2012-01-14 16:04 - 2012-01-14 16:04 - 1083123 ____A (Qsc) C:\Users\Pete\Downloads\psud2_setup.exe
2012-01-14 15:15 - 2012-03-31 09:32 - 0001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-01-14 15:15 - 2012-01-14 15:15 - 14054768 ____A (SUPERAntiSpyware.com) C:\Users\Pete\Downloads\SUPERAntiSpyware.exe
2012-01-14 15:15 - 2012-01-14 15:15 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-01-14 15:15 - 2012-01-14 15:15 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-01-14 14:23 - 2012-01-14 14:23 - 0000824 ____A C:\Users\Pete\Downloads\hosts
2012-01-14 14:07 - 2012-01-14 14:07 - 2580315 ____A ( ) C:\Users\Pete\Downloads\RegUtility_Setup.exe
2012-01-10 17:44 - 2011-01-24 10:58 - 0000000 ____D C:\Windows\Panther
2012-01-10 17:40 - 2012-01-10 17:40 - 3562624 ____A (Piriform Ltd) C:\Users\Pete\Downloads\ccsetup314.exe
2012-01-10 17:30 - 2012-01-08 20:53 - 0009412 __ASH C:\Users\All Users\488o5v2e4050
2012-01-10 17:30 - 2012-01-08 20:53 - 0009412 __ASH C:\ProgramData\488o5v2e4050
2012-01-10 17:29 - 2012-01-10 17:29 - 1953091 ____A C:\Users\Pete\Downloads\tdsskiller(5).zip
2012-01-04 02:44 - 2012-02-15 02:01 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 02:44 - 2012-02-15 02:01 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-04 00:59 - 2012-02-15 02:01 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-04 00:58 - 2012-02-15 02:01 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8172.34 MB
Available physical RAM: 7337.01 MB
Total Pagefile: 8170.48 MB
Available Pagefile: 7328.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:664.91 GB) NTFS
2 Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:815.88 GB) NTFS
4 Drive g: () (Removable) (Total:0.24 GB) (Free:0.13 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 931 GB 0 B
Disk 2 Online 250 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 931 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 1024 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D New Volume NTFS Partition 931 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 249 MB 31 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 249 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-29 21:15

======================= End Of Log ==========================

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:16 PM

Posted 03 April 2012 - 08:49 AM

Please open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the quote box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Name the file as fixlist.txt. Change the Save as Type to All Files , and Save it in the Flashdrive next to FRST.

Start
HKU\Pete\...\Run: [aecfbfeacdct] "C:\ProgramData\aecfbfeacdct.exe" [86016 2012-03-31] ()
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
SubSystems: [Windows] ==> ZeroAccess
C:\Users\Pete\Desktop\ComboFix(1).exe
C:\Users\Pete\Downloads\ComboFix(1).exe
C:\Users\Pete\Downloads\esetsmartinstaller_enu(2).exe
C:\Users\All Users\xUZV8LeTytAZtD
C:\ProgramData\xUZV8LeTytAZtD
C:\Users\All Users\-xUZV8LeTytAZtDr
C:\ProgramData\-xUZV8LeTytAZtDr
C:\Users\All Users\-xUZV8LeTytAZtD
C:\ProgramData\-xUZV8LeTytAZtD
C:\Users\All Users\aecfbfeacdct.exe
C:\ProgramData\aecfbfeacdct.exe
C:\Users\Pete\Desktop\9byithvs.exe
C:\Users\Pete\Downloads\9byithvs.exe
C:\Users\Pete\Downloads\catchme(1).exe
C:\Users\All Users\b4K70FV2g.dat
C:\ProgramData\b4K70FV2g.dat
C:\Windows\system64
CMD: Del /q C:\Windows\Tasks\At*.job
End

Run FRST as you did before, except that this time around click on the Fix button and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Boot in Normal Mode. If able to do so, please run Combofix as follows:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:16 PM

Posted 03 April 2012 - 11:09 AM

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.

Please remember to click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies now that you were moved.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 PeteyMac

PeteyMac
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 03 April 2012 - 07:23 PM

Hi...sorry for the delay. Below is the FRST64 fixlog. Once I ran "Fix", I was able to boot to Windows 7 (Thank you!) I ran Combofix as instructed and the results are below the FRST64 log.

Thanks again for all you help,


Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-04-03 18:26:18 R:1
Running from G:\

==============================================

HKEY_USERS\Pete\Software\Microsoft\Windows\CurrentVersion\Run\\aecfbfeacdct Value deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore Value deleted successfully.
HKEY_LOCAL_MACHINE\System\ControlSet003\Control\Session Manager\SubSystems\\Windows Value was restored.
C:\Users\Pete\Desktop\ComboFix(1).exe moved successfully.
C:\Users\Pete\Downloads\ComboFix(1).exe moved successfully.
C:\Users\Pete\Downloads\esetsmartinstaller_enu(2).exe moved successfully.
C:\Users\All Users\xUZV8LeTytAZtD moved successfully.
C:\ProgramData\xUZV8LeTytAZtD not found.
C:\Users\All Users\-xUZV8LeTytAZtDr moved successfully.
C:\ProgramData\-xUZV8LeTytAZtDr not found.
C:\Users\All Users\-xUZV8LeTytAZtD moved successfully.
C:\ProgramData\-xUZV8LeTytAZtD not found.
C:\Users\All Users\aecfbfeacdct.exe moved successfully.
C:\ProgramData\aecfbfeacdct.exe not found.
C:\Users\Pete\Desktop\9byithvs.exe moved successfully.
C:\Users\Pete\Downloads\9byithvs.exe moved successfully.
C:\Users\Pete\Downloads\catchme(1).exe moved successfully.
C:\Users\All Users\b4K70FV2g.dat moved successfully.
C:\ProgramData\b4K70FV2g.dat not found.
C:\Windows\system64 moved successfully.

========= Del /q C:\Windows\Tasks\At*.job =========


========= End of CMD: =========


==== End of Fixlog ====


Here is the Combofix log:

ComboFix 12-04-03.02 - Pete 04/03/2012 18:49:09.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8172.6575 [GMT -5:00]
Running from: c:\users\Pete\Desktop\ComboFix.exe
AV: Immunet 3.0 *Enabled/Updated* {065276D9-6EBF-968C-B5ED-7B8B1DCF4059}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-03 23:53 . 2012-04-03 23:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-03 23:53 . 2012-04-03 23:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-03 04:32 . 2012-04-03 04:33 -------- d-----w- C:\FRST
2012-03-31 01:57 . 2012-03-31 01:57 8767136 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-31 01:14 . 2012-03-31 01:57 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-25 02:47 . 2012-03-25 02:47 -------- d-----w- c:\windows\system32\MpEngineStore
2012-03-24 22:00 . 2012-03-24 22:07 -------- d-----w- c:\users\Pete\AppData\Local\NPE
2012-03-24 22:00 . 2012-03-25 17:40 -------- d-----w- c:\programdata\Norton
2012-03-23 00:37 . 2012-03-23 00:37 -------- d-----w- c:\users\Pete\AppData\Roaming\Curiolab
2012-03-17 12:33 . 2012-03-17 12:33 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 12:33 . 2012-03-17 12:33 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 08:01 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 08:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 08:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 05:38 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 05:38 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 05:38 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 05:38 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 05:38 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 05:38 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 05:38 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 05:38 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 05:38 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 05:38 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 05:38 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-11 18:05 . 2012-04-01 19:17 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-03-11 18:05 . 2012-04-01 19:16 -------- d-----w- c:\program files\DivX
2012-03-11 18:05 . 2012-04-01 19:17 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-03-11 18:04 . 2012-04-01 19:17 -------- d-----w- c:\program files (x86)\DivX
2012-03-11 18:04 . 2012-04-01 19:16 -------- d-----w- c:\programdata\DivX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-31 01:57 . 2011-11-28 02:46 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-28 02:59 . 2012-01-15 00:04 796672 ----a-w- c:\windows\GPInstall.exe
2012-01-19 05:00 . 2012-01-19 05:00 28672 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{01F55A66-8B73-4277-BFA0-F8331FE4687B}\_CB544FDD4B5D_43C6_913A_11BB235D5765.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-10 4785536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-01 98304]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2010-06-16 77824]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Pete\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"LocalAccountTokenFilterPolicy"= 0100000000000000
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 253600]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 BlackBox;BlackBox SR2; [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-02-11 1038088]
R3 NDISKIO;NDISKIO;c:\users\Pete\AppData\Local\Temp\ef17db49.nmc\nse\bin\ndiskio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 AxiomAudioDevMon;Axiom Audio Device Monitor;c:\program files (x86)\M-Audio\Axiom\AudioDevMon.exe [2010-03-11 1636872]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
S2 MboxAudioDevMon;Mbox Audio Device Monitor;c:\program files (x86)\Avid\Mbox\AudioDevMon.exe [2010-10-07 1919504]
S2 MboxMiniAudioDevMon;Mbox Mini Audio Device Monitor;c:\program files (x86)\Avid\Mbox Mini\AudioDevMon.exe [2010-05-06 1919504]
S2 MboxProAudioDevMon;Mbox Pro Audio Device Monitor;c:\program files (x86)\Avid\Mbox Pro\AudioDevMon.exe [2010-06-11 1919504]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AXIOM;Service for M-Audio Axiom;c:\windows\system32\DRIVERS\MAudioAxiom.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 MBOX;Service for Avid Mbox;c:\windows\system32\DRIVERS\AvidMbox.sys [x]
S3 MBOXDFU;Service for Avid Mbox DFU;c:\windows\system32\DRIVERS\AvidMbox_DFU.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 01:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-05-18 1609296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ZDPNDIS5
SIODRV
XilinxPC4Driver
cwafnotesservice
comhost
kerbkey
bthidmgr
vpnva
symids
raysat3_4_6_18server
{6080a529-897e-4629-a488-aba0c29b635e}
pdlnacom
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\wezkq8om.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - prefs.js: keyword.URL - hxxp://klit.startnow.com/s/?src=addrbar&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=US&install_date=20120311&user_guid=E04B5D6C4F664FBAA04215E0D6ED7881&machine_id=0f3e8923aad7b3bcafaff18cdf0bf28c&browser=FF&os=win&os_version=6.1-x64-SP1&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=axl&q=
FF - user.js: extensions.funmoods_i.id - 6adc1bdb000000000000002683103d1b
FF - user.js: extensions.funmoods_i.instlDay - 15410
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1613:12
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-18401211.sys
SafeBoot-37251181.sys
SafeBoot-48571431.sys
SafeBoot-58404460.sys
SafeBoot-61957039.sys
SafeBoot-89604313.sys
SafeBoot-92524333.sys
SafeBoot-99461832.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,17,b2,22,0b,5e,c4,4a,a6,b7,4b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,17,b2,22,0b,5e,c4,4a,a6,b7,4b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-04-03 19:08:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-04 00:08
.
Pre-Run: 715,305,308,160 bytes free
Post-Run: 715,584,577,536 bytes free
.
- - End Of File - - 35C25BB9C7D9CEBAA017565F4FBB93C5

#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:16 PM

Posted 03 April 2012 - 07:32 PM

Lets scan for remnants:

Posted Image Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

ESET online scannner


Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner.
  • Select the option YES, I accept the Terms of Use then click on Start.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    Scan for potentially unwanted applications
    Scan for potentially unsafe applications
    Enable Anti-Stealth Technology

  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 PeteyMac

PeteyMac
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 03 April 2012 - 07:44 PM

Hi again,

Here is the Malwarebytes log...I'll scan with ESET and send that one next.

Thanks!

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.03.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Pete :: PETE-PC [administrator]

4/3/2012 7:39:51 PM
mbam-log-2012-04-03 (19-39-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198122
Time elapsed: 2 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:16 PM

Posted 03 April 2012 - 07:45 PM

:thumbup2:

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 PeteyMac

PeteyMac
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 04 April 2012 - 06:31 PM

Hi,

Sorry for the delay. The ESET scan took hours and ended up letting it run overnight...then I didn't copy the results to notepad...I ran it again this morning and here are the results.

Thanks

C:\FRST\Quarantine\aecfbfeacdct.exe Win32/Agent.TJO trojan
C:\Program Files (x86)\Wise PC Engineer\Backup\08-11-2011 21-45-11.zip a variant of Java/Exploit.CVE-2011-3544.B trojan
C:\Program Files (x86)\Wise PC Engineer\Backup\17-11-2011 06-25-25.zip a variant of Java/Exploit.CVE-2011-3544.A trojan
C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\51f35d81-7811c429 a variant of Java/TrojanDownloader.Agent.NDN trojan
C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\456472d2-69aa79b8 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\32193d13-521ddeb0 Java/Agent.EI trojan
C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\5b11fe15-21caf1f6 multiple threats
C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\5ac6aa97-7c6edea0 multiple threats
C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\7077c917-11bf51c6 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1673e6a4-68f9beec a variant of Java/Exploit.CVE-2012-0507.F trojan
C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\405565ab-3563b22d a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\77ea302d-79298fe8 Java/Exploit.CVE-2012-0507.E trojan
C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-148f778d a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\288ffbf2-39a7d0a3 a variant of Java/Exploit.Blacole.AN trojan
C:\Users\Pete\Downloads\Immunet Protect Removal Tool 1.0.3.00.exe probably a variant of Win32/Agent.JHGMKRS trojan

#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:16 PM

Posted 04 April 2012 - 09:38 PM

Download the enclosed file. [attachment=121708:CFScript.txt]

Save it next to Combofix.

Posted Image

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

Lets empty the temp folders.

Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Security check

Download and run Security Check by screen317 and post its report.

How is the computer doing?

Edited by JSntgRvr, 04 April 2012 - 09:39 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 PeteyMac

PeteyMac
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 05 April 2012 - 12:24 AM

Hi,

Here is the result of the combofix script log.

ComboFix 12-04-03.02 - Pete 04/05/2012 0:10.3.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8172.6222 [GMT -5:00]
Running from: c:\users\Pete\Desktop\ComboFix.exe
Command switches used :: c:\users\Pete\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\Wise PC Engineer\Backup\08-11-2011 21-45-11.zip"
"c:\program files (x86)\Wise PC Engineer\Backup\17-11-2011 06-25-25.zip"
"c:\users\Pete\Downloads\Immunet Protect Removal Tool 1.0.3.00.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Wise PC Engineer\Backup\08-11-2011 21-45-11.zip
c:\program files (x86)\Wise PC Engineer\Backup\17-11-2011 06-25-25.zip
c:\users\Pete\Downloads\Immunet Protect Removal Tool 1.0.3.00.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 )))))))))))))))))))))))))))))))
.
.
2012-04-05 05:13 . 2012-04-05 05:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-05 05:13 . 2012-04-05 05:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-04 23:42 . 2012-04-04 23:42 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A74F02C-066A-4F78-9B9B-0311AF1F890C}\offreg.dll
2012-04-04 21:03 . 2012-03-20 08:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A74F02C-066A-4F78-9B9B-0311AF1F890C}\mpengine.dll
2012-04-03 04:32 . 2012-04-03 04:33 -------- d-----w- C:\FRST
2012-03-31 01:57 . 2012-03-31 01:57 8767136 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-31 01:14 . 2012-03-31 01:57 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-25 02:47 . 2012-03-25 02:47 -------- d-----w- c:\windows\system32\MpEngineStore
2012-03-24 22:00 . 2012-03-24 22:07 -------- d-----w- c:\users\Pete\AppData\Local\NPE
2012-03-24 22:00 . 2012-03-25 17:40 -------- d-----w- c:\programdata\Norton
2012-03-23 00:37 . 2012-03-23 00:37 -------- d-----w- c:\users\Pete\AppData\Roaming\Curiolab
2012-03-17 12:33 . 2012-03-17 12:33 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 12:33 . 2012-03-17 12:33 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 08:01 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 08:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 08:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 05:38 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 05:38 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 05:38 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 05:38 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 05:38 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 05:38 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 05:38 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 05:38 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 05:38 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 05:38 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 05:38 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-11 18:05 . 2012-04-01 19:17 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-03-11 18:05 . 2012-04-01 19:16 -------- d-----w- c:\program files\DivX
2012-03-11 18:05 . 2012-04-01 19:17 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-03-11 18:04 . 2012-04-01 19:17 -------- d-----w- c:\program files (x86)\DivX
2012-03-11 18:04 . 2012-04-01 19:16 -------- d-----w- c:\programdata\DivX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-31 01:57 . 2011-11-28 02:46 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-28 02:59 . 2012-01-15 00:04 796672 ----a-w- c:\windows\GPInstall.exe
2012-02-23 14:18 . 2011-01-25 05:14 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-19 05:00 . 2012-01-19 05:00 28672 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{01F55A66-8B73-4277-BFA0-F8331FE4687B}\_CB544FDD4B5D_43C6_913A_11BB235D5765.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-04_00.05.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-25 03:32 . 2012-04-04 00:26 52054 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-04 00:26 39216 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-04-03 23:30 39216 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-25 03:18 . 2012-04-04 00:26 16152 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1868163348-266230226-2890954228-1000_UserData.bin
- 2011-01-25 05:12 . 2012-04-03 23:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-25 05:12 . 2012-04-04 00:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-25 05:12 . 2012-04-03 23:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-25 05:12 . 2012-04-04 00:18 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-25 05:12 . 2012-04-04 00:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-25 05:12 . 2012-04-03 23:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-25 03:21 . 2012-04-03 23:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-25 03:21 . 2012-04-05 05:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-25 03:21 . 2012-04-03 23:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-25 03:21 . 2012-04-05 05:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-25 02:48 . 2012-04-04 00:15 1700 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-04-03 23:54 . 2012-04-03 23:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-04 00:16 . 2012-04-04 00:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-04 00:16 . 2012-04-04 00:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-03 23:54 . 2012-04-03 23:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-03 23:58 660296 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-04 00:20 660296 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-04 00:20 121224 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-03 23:58 121224 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-03 23:53 385484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-04 00:15 385484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-10 4785536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-01 98304]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2010-06-16 77824]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Pete\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"LocalAccountTokenFilterPolicy"= 0100000000000000
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 253600]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 BlackBox;BlackBox SR2; [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-02-11 1038088]
R3 NDISKIO;NDISKIO;c:\users\Pete\AppData\Local\Temp\ef17db49.nmc\nse\bin\ndiskio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 AxiomAudioDevMon;Axiom Audio Device Monitor;c:\program files (x86)\M-Audio\Axiom\AudioDevMon.exe [2010-03-11 1636872]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
S2 MboxAudioDevMon;Mbox Audio Device Monitor;c:\program files (x86)\Avid\Mbox\AudioDevMon.exe [2010-10-07 1919504]
S2 MboxMiniAudioDevMon;Mbox Mini Audio Device Monitor;c:\program files (x86)\Avid\Mbox Mini\AudioDevMon.exe [2010-05-06 1919504]
S2 MboxProAudioDevMon;Mbox Pro Audio Device Monitor;c:\program files (x86)\Avid\Mbox Pro\AudioDevMon.exe [2010-06-11 1919504]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AXIOM;Service for M-Audio Axiom;c:\windows\system32\DRIVERS\MAudioAxiom.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 MBOX;Service for Avid Mbox;c:\windows\system32\DRIVERS\AvidMbox.sys [x]
S3 MBOXDFU;Service for Avid Mbox DFU;c:\windows\system32\DRIVERS\AvidMbox_DFU.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 01:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-05-18 1609296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ZDPNDIS5
SIODRV
XilinxPC4Driver
cwafnotesservice
comhost
kerbkey
bthidmgr
vpnva
symids
raysat3_4_6_18server
{6080a529-897e-4629-a488-aba0c29b635e}
pdlnacom
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\wezkq8om.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - prefs.js: keyword.URL - hxxp://klit.startnow.com/s/?src=addrbar&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=US&install_date=20120311&user_guid=E04B5D6C4F664FBAA04215E0D6ED7881&machine_id=0f3e8923aad7b3bcafaff18cdf0bf28c&browser=FF&os=win&os_version=6.1-x64-SP1&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=axl&q=
FF - user.js: extensions.funmoods_i.id - 6adc1bdb000000000000002683103d1b
FF - user.js: extensions.funmoods_i.instlDay - 15410
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1613:12
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,17,b2,22,0b,5e,c4,4a,a6,b7,4b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,17,b2,22,0b,5e,c4,4a,a6,b7,4b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-05 00:14:47
ComboFix-quarantined-files.txt 2012-04-05 05:14
ComboFix2.txt 2012-04-04 00:08
.
Pre-Run: 715,148,869,632 bytes free
Post-Run: 714,714,963,968 bytes free
.
- - End Of File - - FC3C9E25FB59E17259EE3A86320B5CEF


And here is the Security Check log:

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Sophos Anti-Rootkit 1.5.20
Java™ 6 Update 30
Java version out of date!
Mozilla Firefox (11.0.)
Mozilla Thunderbird (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````



Everything seems pretty good now...you ARE good! Thank you so much.

#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:16 PM

Posted 05 April 2012 - 10:22 AM

Congratulations.

Lets empty the temp folders:

Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Update JAVA.

You need an antivirus. I would recommend AVAST.

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Follow these steps to uninstall Combofix.

  • Rename Combofix to Uninstall and click on it. That should remove the application.

Delete the C:\FRST folder.

Manually remove any tool left.

The following is a list of tools and utilities that I like to suggest to people.

  • Always keep your JAVA updated. Older versions will make your computer vulnerable.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Best wishes! Posted Image

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users