Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan infection (zeroaccess.B)


  • This topic is locked This topic is locked
20 replies to this topic

#1 hockeymidget8

hockeymidget8

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 07 May 2012 - 01:36 PM

Hello. Recently, my Norton 360 virus protection alerted me that "trojan.zeroaccess.B" was located in consrv.dll in system32. It says that it requires manual removal.

I've run a Malwarebytes scan and a TDSSKiller scan, both of which come up with no results. However, when I run a full scan with Norton, it still finds the trojan. Is this just Norton screwing up in some way, or am I really infected with something? I haven't noticed any slow down in my computer, but I just want to be sure any threat is removed before it has the chance to do harm.

I am running a 64-bit Windows 7.

DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Owner at 14:27:57 on 2012-05-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4988.2130 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files\Soluto\soluto.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\DAP\DAP.exe
C:\Users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\JRT Studio\iSyncr\iSyncr.exe
C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files (x86)\GRLevelX\GR2Analyst\gr2analyst.exe
C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~2\SPEEDB~1\VideoAcceleratorEngine.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\tbFree.dll
mURLSearchHooks: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\tbFree.dll
mWinlogon: Userinit=userinit.exe,
BHO: MRI_DISABLED - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\tbFree.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - C:\PROGRA~2\DAP\DAPIEL~1.DLL
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\tbFree.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [DownloadAccelerator] "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP
uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge]
uRun: [MusicManager] "C:\Users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Facebook Update] "C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\iSyncr.lnk - C:\windows\Installer\{9F6C325A-F63A-4B3C-902E-0C87F074FB18}\_FBA089162E3E19B33818FC.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
IE: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{7CD64ADD-FE4F-408C-9312-877ADD705452} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{BA18E64D-6662-444B-B092-ADD0BA5D2A3C} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{BA18E64D-6662-444B-B092-ADD0BA5D2A3C}\16C65687160216279616A796723702D4163624F6F6B6020527F6 : DhcpNameServer = 10.0.2.1
TCP: Interfaces\{BA18E64D-6662-444B-B092-ADD0BA5D2A3C}\5465F402243333645444 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BA18E64D-6662-444B-B092-ADD0BA5D2A3C}\55D40275962756C656373702E4564777F627B6 : DhcpNameServer = 141.211.144.17 141.211.125.17
TCP: Interfaces\{BA18E64D-6662-444B-B092-ADD0BA5D2A3C}\74579646F6C416E6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BA18E64D-6662-444B-B092-ADD0BA5D2A3C}\D47457563747 : DhcpNameServer = 141.211.144.17 141.211.125.17
TCP: Interfaces\{BA18E64D-6662-444B-B092-ADD0BA5D2A3C}\D475962756C6563737D2341454E4 : DhcpNameServer = 141.212.2.81 141.212.2.69 141.213.73.83 141.211.125.15
TCP: Interfaces\{CA578D7B-6FE3-4489-997A-900A4C3E181E} : DhcpNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: MRI_DISABLED - No File
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\tbFree.dll
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: DAPIELoader Class: {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~2\DAP\DAPIEL~1.DLL
BHO-X64: DAPIELoader Class - No File
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB-X64: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\tbFree.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fbjof0gd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2704262&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2704262&q=
FF - component: C:\Program Files (x86)\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fbjof0gd.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fbjof0gd.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fbjof0gd.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}\plugins\npLightshot.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R0 SMR250;Symantec SMR Utility Service 2.5.0;C:\windows\system32\drivers\SMR250.SYS --> C:\windows\system32\drivers\SMR250.SYS [?]
R0 Soluto;Soluto;C:\windows\system32\DRIVERS\Soluto.sys --> C:\windows\system32\DRIVERS\Soluto.sys [?]
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS --> C:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS --> C:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-4-19 1160824]
R1 ccHP;Symantec Hash Provider;C:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys --> C:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120505.001\IDSviA64.sys [2012-5-5 488568]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS --> C:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\windows\system32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS --> C:\windows\system32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-17 654408]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccsvchst.exe [2012-1-12 126400]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-8-12 87040]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2012-4-24 584224]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-10 138360]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-1-7 54136]
R3 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-9 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 257696]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-7-10 1038088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-9 135664]
S3 HTCAND64;HTC Device Driver;C:\windows\system32\Drivers\ANDROIDUSB.sys --> C:\windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\windows\system32\DRIVERS\htcnprot.sys --> C:\windows\system32\DRIVERS\htcnprot.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-3-16 112568]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-05-06 22:28:43 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-06 22:15:29 96376 ----a-w- C:\windows\System32\drivers\SMR250.SYS
2012-05-06 22:01:27 27256 ----a-w- C:\windows\System32\drivers\FixZeroAccess.sys
2012-05-06 21:38:37 -------- d-----w- C:\Program Files (x86)\1ClickDownload
2012-04-29 23:14:15 -------- d-----w- C:\Users\Owner\AppData\Roaming\PDF Writer
2012-04-29 23:14:15 -------- d-----w- C:\Users\Owner\AppData\Local\PDF Writer
2012-04-29 23:14:15 -------- d-----w- C:\ProgramData\PDF Writer
2012-04-29 10:58:14 -------- d-----w- C:\Program Files\Soluto
2012-04-29 04:40:37 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-04-29 04:40:36 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-04-25 03:08:54 -------- d-----w- C:\Users\Owner\AppData\Local\{0295CF5D-37F9-4B6E-8DCA-9FAABB917843}
2012-04-17 17:44:47 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2012-04-17 17:44:39 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-17 17:44:38 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-04-17 17:44:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-14 22:29:27 -------- d-----w- C:\ProgramData\Martau
2012-04-14 22:29:23 -------- d-----w- C:\Program Files (x86)\Total Uninstall 5
2012-04-13 19:26:38 101376 ----a-w- C:\windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
2012-04-13 19:18:43 227840 ----a-w- C:\windows\SysWow64\bzFlRdr.dll
2012-04-13 19:18:43 135168 ----a-w- C:\windows\SysWow64\bzpdfc.dll
2012-04-13 19:18:43 103424 ----a-w- C:\windows\SysWow64\bzDCT.dll
2012-04-13 19:18:43 -------- d-----w- C:\Program Files\Common Files\Bullzip
2012-04-13 19:18:40 216064 ----a-w- C:\windows\System32\bzpdf.dll
2012-04-13 19:18:36 -------- d-----w- C:\Program Files\Bullzip
2012-04-12 19:02:09 8744608 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-12 18:16:55 419488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-04-12 14:29:23 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-04-12 14:29:22 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 14:29:21 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-04-12 14:24:47 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-04-12 14:24:46 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-04-12 14:24:46 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-04-12 14:24:45 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-04-12 14:24:45 5120 ----a-w- C:\windows\System32\wmi.dll
2012-04-12 14:24:45 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-04-12 14:24:45 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
.
==================== Find3M ====================
.
2012-05-07 17:59:13 29 ----a-w- C:\windows\SysWow64\TempWmicBatchFile.bat
2012-05-04 19:02:14 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-24 21:13:24 54728 ----a-w- C:\windows\System32\drivers\Soluto.sys
2012-02-28 06:39:37 1188864 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-23 04:52:01 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
.
============= FINISH: 14:29:08.95 ===============


Thank you.

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:51 PM

Posted 07 May 2012 - 02:40 PM

Good evening. :)

Does Norton tell you what is infected - file name(s) for example?

So long, and thanks for all the fish.

 

 


#3 hockeymidget8

hockeymidget8
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 07 May 2012 - 02:59 PM

Infected file: c:\windows\system32\consrv.dll

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:51 PM

Posted 07 May 2012 - 03:02 PM

Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix *

  • When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end.
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Should you have internet connection issues afterwards, do the following:

Click Start.
Enter cmd in the Search programs and files box.
Right click cmd.exe at the top and select Run as administrator from the context menu that appears.
When the Command Window appears enter the following and hit <ENTER:

netsh winsock reset
Repeat for the following:

ipconfig /flushdns (note the space between the "g" and the "/")

Close the Command Window and reboot the PC - all being well that should resolve your connection issue.

So long, and thanks for all the fish.

 

 


#5 hockeymidget8

hockeymidget8
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 07 May 2012 - 03:54 PM

Note: I accidentally started the exe file before I disabled Norton. However I did disable it before ComboFox actually started running the scan. I just wanted to point this out since I noticed at the top of the log it says that Norton is enabled.

Here is the log:

ComboFix 12-05-07.02 - Owner 05/07/2012 16:23:56.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4988.2709 [GMT -4:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\Documents\~WRL0003.tmp
c:\users\Owner\Documents\~WRL1492.tmp
c:\users\Owner\Documents\~WRL1559.tmp
c:\users\Owner\Documents\~WRL1746.tmp
c:\users\Owner\Documents\~WRL1860.tmp
c:\users\Owner\Documents\~WRL2699.tmp
c:\users\Owner\Documents\~WRL3986.tmp
c:\windows\~GLC0000.TMP
c:\windows\~GLH0000.TMP
c:\windows\~GLH0001.TMP
c:\windows\system32\Thumbs.db
c:\windows\SysWow64\Memman.vxd
c:\windows\SysWow64\skinboxer43.dll
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-07 to 2012-05-07 )))))))))))))))))))))))))))))))
.
.
2012-05-06 22:28 . 2012-05-06 22:28 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-06 22:15 . 2012-05-06 22:15 96376 ----a-w- c:\windows\system32\drivers\SMR250.SYS
2012-05-06 22:01 . 2012-05-06 22:01 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-05-06 21:38 . 2012-05-06 21:38 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-04-29 23:14 . 2012-04-29 23:14 -------- d-----w- c:\users\Owner\AppData\Roaming\PDF Writer
2012-04-29 23:14 . 2012-04-29 23:14 -------- d-----w- c:\users\Owner\AppData\Local\PDF Writer
2012-04-29 23:14 . 2012-04-29 23:14 -------- d-----w- c:\programdata\PDF Writer
2012-04-29 10:58 . 2012-04-29 10:58 -------- d-----w- c:\program files\Soluto
2012-04-29 04:40 . 2012-04-29 04:40 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-04-29 04:40 . 2012-04-29 04:40 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-04-17 17:44 . 2012-04-17 17:44 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2012-04-17 17:44 . 2012-04-17 17:44 -------- d-----w- c:\programdata\Malwarebytes
2012-04-17 17:44 . 2012-04-17 17:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-17 17:44 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-14 22:29 . 2012-04-14 22:29 -------- d-----w- c:\programdata\Martau
2012-04-14 22:29 . 2012-04-14 22:29 -------- d-----w- c:\program files (x86)\Total Uninstall 5
2012-04-13 19:26 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2012-04-13 19:18 . 2012-04-13 19:18 -------- d-----w- c:\program files\Common Files\Bullzip
2012-04-13 19:18 . 2010-09-27 13:29 135168 ----a-w- c:\windows\SysWow64\bzpdfc.dll
2012-04-13 19:18 . 2008-10-30 13:29 227840 ----a-w- c:\windows\SysWow64\bzFlRdr.dll
2012-04-13 19:18 . 2008-07-09 13:29 103424 ----a-w- c:\windows\SysWow64\bzDCT.dll
2012-04-13 19:18 . 2012-03-27 13:29 216064 ----a-w- c:\windows\system32\bzpdf.dll
2012-04-13 19:18 . 2012-04-13 19:18 -------- d-----w- c:\program files\Bullzip
2012-04-12 19:02 . 2012-05-04 19:02 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-12 18:16 . 2012-05-04 19:02 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-12 14:29 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 14:29 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 14:29 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 14:24 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 14:24 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 14:24 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 14:24 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 14:24 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 14:24 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 14:24 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 20:34 . 2011-08-13 20:14 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2012-05-04 19:02 . 2011-06-06 20:52 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-24 21:13 . 2011-12-08 20:46 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-02-23 04:52 . 2011-03-30 00:09 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-17 06:38 . 2012-03-14 14:52 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 14:52 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 14:52 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 14:52 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 14:52 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 14:52 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{32b29df0-2237-4370-9a29-37cebb730e9b}"= "c:\program files (x86)\FreeSoundRecorder\tbFree.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{32b29df0-2237-4370-9a29-37cebb730e9b}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{32b29df0-2237-4370-9a29-37cebb730e9b}]
2010-06-13 23:10 2734688 ----a-w- c:\program files (x86)\FreeSoundRecorder\tbFree.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{32b29df0-2237-4370-9a29-37cebb730e9b}"= "c:\program files (x86)\FreeSoundRecorder\tbFree.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{32b29df0-2237-4370-9a29-37cebb730e9b}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-13 39408]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-01-25 737656]
"DownloadAccelerator"="c:\program files (x86)\DAP\DAP.EXE" [2010-03-09 2811392]
"MusicManager"="c:\users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-03-20 13324288]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Facebook Update"="c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-01-25 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-07-13 498160]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
iSyncr.lnk - c:\windows\Installer\{9F6C325A-F63A-4B3C-902E-0C87F074FB18}\_FBA089162E3E19B33818FC.exe [2012-1-10 66339]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2009-10-5 1132472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MMCSS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
@="[6cFgE][S??d, ?de ??d g? o?tr?l?? !!! !!! !]"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea}]
@="Portable Media Devices"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-09 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 CrucialSMBusScan;CrucialSMBusScan;c:\users\Owner\AppData\Local\Temp\CrucialSMBusScan_V64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-07-11 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-09 135664]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-04 112568]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~1\VideoAcceleratorService.exe [2011-06-16 300656]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\System32\drivers\SMR250.SYS [x]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-04-02 1160824]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120505.001\IDSvia64.sys [2012-04-28 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 126400]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-04-24 584224]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-12 252272]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 19:02]
.
2012-05-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1531279801-3975569286-4168725121-1000Core.job
- c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-25 02:02]
.
2012-05-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1531279801-3975569286-4168725121-1000UA.job
- c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-25 02:02]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-09 22:59]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-09 22:59]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1531279801-3975569286-4168725121-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-19 23:10]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1531279801-3975569286-4168725121-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-19 23:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fbjof0gd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2704262&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2704262&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
SafeBoot-67497076.sys
SafeBoot-drmkaud
WebBrowser-{32B29DF0-2237-4370-9A29-37CEBB730E9B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Cain & Abel v4.9.40 - c:\progra~2\Cain\UNINSTAL.EXE
AddRemove-PolarClock3 - c:\windows\system32\PolarClock3.scr
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1531279801-3975569286-4168725121-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-1531279801-3975569286-4168725121-1000)
@Denied: (2) (LocalSystem)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-1531279801-3975569286-4168725121-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Blaze Media Pro\NMSAccess32.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
.
**************************************************************************
.
Completion time: 2012-05-07 16:44:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-07 20:44
.
Pre-Run: 148,005,761,024 bytes free
Post-Run: 147,563,212,800 bytes free
.
- - End Of File - - B07FA0C9AAEE80E2B99DFF17DC1A598D

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:51 PM

Posted 08 May 2012 - 02:20 PM

Good evening. :)

Can you tell me how the PC is behaving now.

So long, and thanks for all the fish.

 

 


#7 hockeymidget8

hockeymidget8
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 08 May 2012 - 03:10 PM

Its behaving normally, and it never really slowed down or anything in the first place. I just wanted to take a "better safe then sorry" approach.

However, when I run a Norton scan it still is detecting the trojan in the same place.

Edited by hockeymidget8, 08 May 2012 - 03:11 PM.


#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:51 PM

Posted 08 May 2012 - 03:18 PM

Do you have a flashdrive of at least 128 Mb that you can use for a scanning tool?

So long, and thanks for all the fish.

 

 


#9 hockeymidget8

hockeymidget8
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 08 May 2012 - 03:20 PM

Yes I do.

Thanks for the help btw.

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:51 PM

Posted 08 May 2012 - 03:23 PM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

So long, and thanks for all the fish.

 

 


#11 hockeymidget8

hockeymidget8
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 08 May 2012 - 03:38 PM

Scan result of Farbar Recovery Scan Tool Version: 08-05-2012
Ran by SYSTEM at 08-05-2012 16:29:33
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1482080 2009-08-11] (TOSHIBA Corporation)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-07-12] ()
HKLM-x32\...\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [136544 2009-05-19] (CANON INC.)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Owner\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-11-12] (Google Inc.)
HKU\Owner\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [737656 2012-01-24] (BitTorrent, Inc.)
HKU\Owner\...\Run: [DownloadAccelerator] "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP [2811392 2010-03-09] (SpeedBit Ltd.)
HKU\Owner\...\Run: [MusicManager] "C:\Users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [13324288 2012-03-20] (Google Inc.)
HKU\Owner\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [1305408 2011-01-20] (DT Soft Ltd)
HKU\Owner\...\Run: [Facebook Update] "C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2012-01-24] (Facebook Inc.)
HKLM\...\Winlogon: [Userinit] C:\windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit [1716784 2012-04-24] (Soluto)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

==================== Services (Whitelisted) ======

2 CronService; "C:\Prey\platform\windows\cronsvc.exe" [19968 2011-02-15] (Fork Ltd.)
3 FLEXnet Licensing Service 64; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe" [1038088 2010-07-10] (Acresso Software Inc.)
2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-09] ()
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 N360; "C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation)
2 NMSAccess; "C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe" [71096 2009-01-12] ()
3 ose64; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [174440 2010-01-09] (Microsoft Corporation)
2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2011-08-12] ()
2 SolutoService; "C:\Program Files\Soluto\SolutoService.exe" [584224 2012-04-24] (Soluto)
3 VideoAcceleratorService; C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm [300656 2011-06-16] (Speedbit Ltd.)

========================== Drivers (Whitelisted) =============

2 adfs; C:\Windows\System32\Drivers\adfs.sys [88632 2008-06-27] (Adobe Systems, Inc.)
2 adfs; C:\Windows\SysWow64\Drivers\adfs.sys [74720 2008-08-14] (Adobe Systems, Inc.)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [1160824 2012-04-02] (Symantec Corporation)
1 ccHP; C:\Windows\System32\drivers\N360x64\0404000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [254528 2011-03-27] (DT Soft Ltd)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-03] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-02-03] (Symantec Corporation)
3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-01] (HTC, Corporation)
3 htcnprot; C:\Windows\System32\Drivers\htcnprot.sys [36928 2010-06-25] (Windows ® Win 7 DDK provider)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120507.001\IDSvia64.sys [488568 2012-04-27] (Symantec Corporation)
3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [7369600 2009-08-27] (Intel Corporation)
3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120507.038\ENG64.SYS [117880 2012-03-10] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120507.038\EX64.SYS [2048632 2012-03-10] (Symantec Corporation)
0 SMR250; C:\Windows\System32\Drivers\SMR250.sys [96376 2012-05-06] (Symantec Corporation)
0 Soluto; C:\Windows\System32\Drivers\Soluto.sys [54728 2012-04-24] (Soluto LTD.)
1 SRTSP; C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\N360x64\0404000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMDS64.SYS [433200 2009-10-14] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)
3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2012-01-10] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\N360x64\0404000.00C\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)
3 WIMMount; C:\Windows\SysWow64\Drivers\WIMMount.sys [19008 2009-07-13] (Microsoft Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 cpuz135; \??\C:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
3 CrucialSMBusScan; \??\C:\Users\Owner\AppData\Local\Temp\CrucialSMBusScan_V64.sys [x]
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-08 12:24 - 2012-05-08 12:24 - 1387221 ____A C:\Users\Owner\Downloads\FRST64.exe
2012-05-07 12:44 - 2012-05-07 12:44 - 0027300 ____A C:\ComboFix.txt
2012-05-07 12:36 - 2012-05-07 12:36 - 0000000 ____D C:\$RECYCLE.BIN
2012-05-07 12:20 - 2012-05-07 12:41 - 0000000 ____D C:\Windows\ERDNT
2012-05-07 12:20 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-05-07 12:20 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-05-07 12:20 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-05-07 12:20 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-05-07 12:20 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-05-07 12:20 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-05-07 12:20 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-05-07 12:20 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-05-07 12:12 - 2012-05-07 12:44 - 0000000 ____D C:\Qoobox
2012-05-07 12:11 - 2012-05-07 12:11 - 4486979 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2012-05-07 11:27 - 2012-05-07 11:32 - 0000000 ____D C:\Users\Owner\Downloads\MythBusters.S10E07.720p.HDTV.x264-KILLERS [PublicHD]
2012-05-07 10:32 - 2012-05-07 10:32 - 0009150 ____A C:\Users\Owner\Documents\Attach.txt
2012-05-07 10:27 - 2012-05-07 10:27 - 0607260 ____R (Swearware) C:\Users\Owner\Downloads\dds.scr
2012-05-07 08:38 - 2012-05-07 08:39 - 0132360 ____A C:\TDSSKiller.2.7.34.0_07.05.2012_12.38.28_log.txt
2012-05-07 08:38 - 2012-05-07 08:38 - 2804712 ____A (Symantec Corporation) C:\Users\Owner\Downloads\NPE(4).exe
2012-05-06 20:31 - 2012-05-06 20:33 - 0132360 ____A C:\TDSSKiller.2.7.34.0_07.05.2012_00.31.09_log.txt
2012-05-06 20:30 - 2012-05-06 20:30 - 2075184 ____A (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller(2).exe
2012-05-06 20:00 - 2012-05-08 12:24 - 0074532 ____A C:\Windows\ntbtlog.txt
2012-05-06 19:59 - 2012-05-06 19:59 - 0000773 ____A C:\Users\Owner\AppData\Roaming\SMRBackup250.dat
2012-05-06 14:38 - 2012-05-06 14:38 - 2075184 ____A (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller(1).exe
2012-05-06 14:28 - 2012-05-06 14:28 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-05-06 14:24 - 2012-05-06 19:59 - 0133932 ____A C:\TDSSKiller.2.7.34.0_06.05.2012_18.24.39_log.txt
2012-05-06 14:24 - 2012-05-06 14:24 - 2075184 ____A (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller.exe
2012-05-06 14:15 - 2012-05-06 14:15 - 2804712 ____A (Symantec Corporation) C:\Users\Owner\Downloads\NPE(3).exe
2012-05-06 14:15 - 2012-05-06 14:15 - 0096376 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR250.SYS
2012-05-06 14:12 - 2012-05-06 14:12 - 1805736 ____A (Symantec Corporation) C:\Users\Owner\Downloads\FixZeroAccess(2).exe
2012-05-06 14:11 - 2012-05-06 14:12 - 1805736 ____A (Symantec Corporation) C:\Users\Owner\Downloads\FixZeroAccess(1).exe
2012-05-06 14:01 - 2012-05-06 14:01 - 1805736 ____A (Symantec Corporation) C:\Users\Owner\Downloads\FixZeroAccess.exe
2012-05-06 14:01 - 2012-05-06 14:01 - 0027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-05-06 13:38 - 2012-05-06 13:38 - 0000000 ____D C:\Program Files (x86)\1ClickDownload
2012-05-06 13:37 - 2012-05-06 13:38 - 0000000 ____D C:\Users\Owner\Downloads\GRLevel3
2012-05-06 13:37 - 2012-05-06 13:37 - 0214800 ____A C:\Users\Owner\Downloads\GRLevel3___Crack_-_.exe
2012-05-05 10:08 - 2012-05-05 10:08 - 0003033 ____A C:\Users\Owner\Downloads\19931E508A90F1A7F4C988E14042AA22FA9E2152.torrent
2012-05-05 09:59 - 2012-05-05 09:59 - 0000000 ____D C:\Users\Owner\Downloads\GRLevel3 Weather Radar
2012-05-05 09:58 - 2012-05-05 09:58 - 0002684 ____A C:\Users\Owner\Downloads\[kat.ph]grlevel3.weather.radar(1).torrent
2012-05-05 09:57 - 2012-05-05 09:57 - 0002684 ____A C:\Users\Owner\Downloads\[kat.ph]grlevel3.weather.radar.torrent
2012-05-04 09:28 - 2012-05-04 09:29 - 1326976 ____A C:\Windows\Minidump\050412-105940-01.dmp
2012-05-04 09:28 - 2012-05-04 09:28 - 648354629 ____A C:\Windows\MEMORY.DMP
2012-05-02 15:56 - 2012-05-02 16:00 - 0000000 ____D C:\Users\Owner\Downloads\Deadliest.Catch.S08E04.HDTV.XviD-AFG
2012-05-02 13:13 - 2012-05-07 12:34 - 0029056 ____A C:\Windows\PFRO.log
2012-05-02 12:31 - 2012-05-02 12:31 - 0085455 ____A C:\Users\Owner\Downloads\462765_10151582634235543_589620542_23884759_1814133287_o.jpg
2012-04-30 13:06 - 2012-05-07 12:46 - 0001970 ____A C:\Windows\setupact.log
2012-04-30 13:06 - 2012-04-30 13:06 - 0000000 ____A C:\Windows\setuperr.log
2012-04-30 09:57 - 2012-04-30 10:10 - 0000000 ____D C:\Users\Owner\Downloads\MythBusters.S10E06.Driving.in.Heels.720p.HDTV.x264-DHD [PublicHD]
2012-04-30 09:55 - 2012-04-30 09:55 - 0000000 ____D C:\Users\Owner\Downloads\BS Galaktikon - 2012 [320]
2012-04-29 15:14 - 2012-04-29 15:14 - 0000000 ____D C:\Users\Owner\AppData\Roaming\PDF Writer
2012-04-29 15:14 - 2012-04-29 15:14 - 0000000 ____D C:\Users\Owner\AppData\Local\PDF Writer
2012-04-29 15:14 - 2012-04-29 15:14 - 0000000 ____D C:\Users\All Users\PDF Writer
2012-04-29 15:14 - 2012-04-29 15:14 - 0000000 ____D C:\ProgramData\PDF Writer
2012-04-29 02:58 - 2012-04-29 02:58 - 0000000 ____D C:\Program Files\Soluto
2012-04-25 18:58 - 2012-04-25 18:57 - 0531406 ____A C:\Users\Owner\Documents\img.jpg
2012-04-25 18:57 - 2012-04-25 18:57 - 0531406 ____A C:\Users\Owner\Downloads\IMG-20120418-00025.jpg
2012-04-25 18:56 - 2012-04-25 18:56 - 0531406 ____N C:\Users\Owner\Documents\IMG-20120418-00025.jpg
2012-04-24 20:25 - 2012-04-24 20:26 - 0000000 ____D C:\Users\Owner\Downloads\Deadliest.Catch.S08E03.HDTV.XviD-AFG
2012-04-24 20:22 - 2012-04-24 22:58 - 0000000 ____D C:\Users\Owner\Downloads\[ www.Speed.Cd ] - Deadliest.Catch.S08E03.720p.HDTV.x264-KILLERS
2012-04-24 19:08 - 2012-04-24 19:08 - 0263482 ____A C:\Users\Owner\Desktop\AOSS Personal Information Form.tiff
2012-04-24 19:08 - 2012-04-24 19:08 - 0000000 ____D C:\Users\Owner\AppData\Local\{0295CF5D-37F9-4B6E-8DCA-9FAABB917843}
2012-04-23 12:39 - 2012-04-23 12:39 - 0000000 ____D C:\Users\Owner\Downloads\unchained104
2012-04-23 12:37 - 2012-04-23 12:49 - 0000000 ____D C:\Users\Owner\Downloads\[ www.TorrentDay.com ] - MythBusters.S10E05.Battle.of.the.Sexes.HDTV.XviD-AFG
2012-04-22 10:57 - 2012-04-22 11:04 - 392734101 ____A C:\Users\Owner\Downloads\Unchained.Reaction.S01E05.HDTV.x264-MOMENTUM.mp4
2012-04-22 10:52 - 2012-04-22 11:01 - 486764260 ____A C:\Users\Owner\Downloads\MythBusters.S10E04.HDTV.x264-MOMENTUM.mp4
2012-04-22 10:51 - 2012-04-22 10:59 - 0000000 ____D C:\Users\Owner\Downloads\Deadliest.Catch.S08E02.HDTV.XviD-AFG
2012-04-20 12:39 - 2012-04-20 12:36 - 46613901 ____A C:\Users\Owner\Documents\Buoy Research Poster.pdf
2012-04-20 12:35 - 2012-04-20 12:36 - 46613901 ____A C:\Users\Owner\Documents\UROP Poster.ai
2012-04-20 12:34 - 2012-04-20 12:35 - 45756225 ____A C:\Users\Owner\Downloads\UROP Poster(1).pdf
2012-04-19 09:52 - 2012-04-19 09:52 - 0057856 ____A C:\Users\Owner\Documents\ExitSurvey.docx
2012-04-19 09:52 - 2012-04-19 09:52 - 0000162 ___AH C:\Users\Owner\Documents\~$itSurvey.docx
2012-04-18 13:13 - 2012-04-18 13:13 - 0506020 ____A C:\Users\Owner\Documents\buoygroups.png
2012-04-18 09:01 - 2012-04-18 09:01 - 0026624 ____A C:\Users\Owner\Documents\SymposiumAssignment.doc
2012-04-18 09:01 - 2012-04-18 09:01 - 0000162 ___AH C:\Users\Owner\Documents\~$mposiumAssignment.doc
2012-04-17 18:52 - 2012-04-17 18:53 - 0566148 ____A C:\Users\Owner\Documents\Screenshot_16.png
2012-04-17 11:47 - 2012-04-17 11:57 - 0000700 ____A C:\Users\Owner\Documents\matlab final.txt
2012-04-17 09:47 - 2012-04-17 09:47 - 2804712 ____A (Symantec Corporation) C:\Users\Owner\Downloads\NPE(2).exe
2012-04-17 09:44 - 2012-04-17 09:44 - 0001124 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-17 09:44 - 2012-04-17 09:44 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2012-04-17 09:44 - 2012-04-17 09:44 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-17 09:44 - 2012-04-17 09:44 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-17 09:44 - 2012-04-17 09:44 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-17 09:44 - 2012-04-04 11:56 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-17 09:43 - 2012-04-17 09:43 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.61.0.1400.exe
2012-04-16 14:11 - 2012-04-16 14:12 - 0082645 ____A C:\Users\Owner\Documents\Timesheet(2).pdf
2012-04-16 14:03 - 2012-04-16 14:09 - 0082033 ____A C:\Users\Owner\Documents\Timesheet.pdf
2012-04-16 12:51 - 2012-04-16 12:51 - 0023190 ____A C:\Users\Owner\Documents\fall2012 sched.png
2012-04-15 20:51 - 2012-04-15 20:51 - 0849432 ____A C:\Users\Owner\Documents\Screenshot_15.png
2012-04-15 11:25 - 2012-04-15 11:25 - 0026624 ____A C:\Users\Owner\Documents\houseagreement.doc
2012-04-15 11:25 - 2012-04-15 11:25 - 0000162 ___AH C:\Users\Owner\Documents\~$useagreement.doc
2012-04-14 14:47 - 2012-04-14 14:47 - 3394828 ____A ( ) C:\Users\Owner\Downloads\grlevel3_update.exe
2012-04-14 14:33 - 2011-05-09 08:19 - 0000000 ____D C:\Users\Owner\Desktop\Crack
2012-04-14 14:33 - 2011-05-07 18:47 - 6369713 ____A ( ) C:\Users\Owner\Desktop\grlevel3_setup.exe
2012-04-14 14:29 - 2012-04-14 14:29 - 0000967 ____A C:\Users\Public\Desktop\Total Uninstall 5.lnk
2012-04-14 14:29 - 2012-04-14 14:29 - 0000000 ____D C:\Users\All Users\Martau
2012-04-14 14:29 - 2012-04-14 14:29 - 0000000 ____D C:\ProgramData\Martau
2012-04-14 14:29 - 2012-04-14 14:29 - 0000000 ____D C:\Program Files (x86)\Total Uninstall 5
2012-04-14 14:28 - 2012-04-14 14:29 - 0000000 ____D C:\Users\Owner\Downloads\GRLevel3 1.78.3
2012-04-14 14:27 - 2012-04-14 14:27 - 0009843 ____A C:\Users\Owner\Downloads\[kat.ph]grlevel3.1.78.3.crack.torrent
2012-04-14 10:31 - 2012-04-14 10:31 - 0103528 ____A C:\Users\Owner\Documents\oie_14202950KfDcPTVE.gif
2012-04-13 20:24 - 2012-04-13 20:37 - 494565876 ____A C:\Users\Owner\Downloads\Deadliest.Catch.S08E01.HDTV.x264-MOMENTUM.mp4
2012-04-13 19:16 - 2012-04-13 20:22 - 316775844 ____A C:\Users\Owner\Downloads\Deadliest.Catch.S08E01.HDTV.x264-MOMENTUM.mp4.part
2012-04-13 11:18 - 2012-04-13 11:18 - 0000000 ____D C:\Program Files\Common Files\Bullzip
2012-04-13 11:18 - 2012-04-13 11:18 - 0000000 ____D C:\Program Files\Bullzip
2012-04-13 11:18 - 2012-03-27 05:29 - 0216064 ____A (Bullzip) C:\Windows\System32\bzpdf.dll
2012-04-13 11:18 - 2010-09-27 05:29 - 0135168 ____A (Bullzip) C:\Windows\SysWOW64\bzpdfc.dll
2012-04-13 11:18 - 2008-10-30 05:29 - 0227840 ____A (Bullzip) C:\Windows\SysWOW64\bzFlRdr.dll
2012-04-13 11:18 - 2008-07-09 05:29 - 0103424 ____A (Bullzip) C:\Windows\SysWOW64\bzDCT.dll
2012-04-13 11:14 - 2012-04-13 11:14 - 0013242 ____A C:\Users\Owner\Downloads\about-blank.pdf
2012-04-12 11:02 - 2012-05-04 11:02 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-12 10:16 - 2012-05-08 12:02 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-12 10:16 - 2012-05-04 11:02 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-12 06:29 - 2012-03-05 22:53 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-12 06:29 - 2012-03-05 21:59 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-12 06:29 - 2012-03-05 21:59 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-12 06:24 - 2012-02-29 22:46 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-12 06:24 - 2012-02-29 22:38 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-12 06:24 - 2012-02-29 22:33 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-12 06:24 - 2012-02-29 22:28 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-12 06:24 - 2012-02-29 21:37 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-12 06:24 - 2012-02-29 21:33 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-12 06:24 - 2012-02-29 21:29 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-11 06:54 - 2012-02-27 22:39 - 1494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-11 06:54 - 2012-02-27 22:39 - 1188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-11 06:54 - 2012-02-27 22:39 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-11 06:54 - 2012-02-27 22:36 - 9020928 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-11 06:54 - 2012-02-27 22:36 - 0702464 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-11 06:54 - 2012-02-27 22:36 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-11 06:54 - 2012-02-27 22:35 - 2453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-11 06:54 - 2012-02-27 22:35 - 12264448 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-11 06:54 - 2012-02-27 22:35 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-11 06:54 - 2012-02-27 22:35 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-11 06:54 - 2012-02-27 21:38 - 1231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-11 06:54 - 2012-02-27 21:38 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-11 06:54 - 2012-02-27 21:38 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-11 06:54 - 2012-02-27 21:35 - 5998080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-11 06:54 - 2012-02-27 21:35 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-11 06:54 - 2012-02-27 21:35 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-11 06:54 - 2012-02-27 21:34 - 2073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-11 06:54 - 2012-02-27 21:34 - 10992640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-11 06:54 - 2012-02-27 21:34 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-11 06:54 - 2012-02-27 21:34 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-11 06:54 - 2012-02-27 20:31 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-11 06:54 - 2012-02-27 19:52 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb


============ 3 Months Modified Files and Folders =============

2012-05-08 16:29 - 2012-05-08 16:29 - 0000000 ____D C:\FRST
2012-05-08 12:26 - 2010-03-09 15:00 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-05-08 12:26 - 2010-03-09 11:38 - 0000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent
2012-05-08 12:25 - 2009-07-13 21:13 - 0726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-08 12:24 - 2012-05-08 12:24 - 1387221 ____A C:\Users\Owner\Downloads\FRST64.exe
2012-05-08 12:24 - 2012-05-06 20:00 - 0074532 ____A C:\Windows\ntbtlog.txt
2012-05-08 12:16 - 2011-08-13 12:14 - 0000029 ____A C:\Windows\SysWOW64\TempWmicBatchFile.bat
2012-05-08 12:02 - 2012-04-12 10:16 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-08 11:50 - 2010-03-19 12:49 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1531279801-3975569286-4168725121-1000UA.job
2012-05-08 11:08 - 2012-01-24 17:47 - 0000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1531279801-3975569286-4168725121-1000UA.job
2012-05-08 07:43 - 2010-01-06 21:26 - 1328346 ____A C:\Windows\WindowsUpdate.log
2012-05-08 06:26 - 2010-03-09 14:59 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-05-07 18:50 - 2010-03-19 12:49 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1531279801-3975569286-4168725121-1000Core.job
2012-05-07 18:14 - 2010-05-31 15:36 - 0000000 ____D C:\Users\Owner\AppData\Local\GR2Analyst
2012-05-07 17:08 - 2012-01-24 17:47 - 0000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1531279801-3975569286-4168725121-1000Core.job
2012-05-07 12:56 - 2009-07-13 20:45 - 0015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-07 12:56 - 2009-07-13 20:45 - 0015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-07 12:47 - 2011-11-27 16:02 - 0000000 ___RD C:\Users\Owner\Dropbox
2012-05-07 12:47 - 2011-11-27 16:00 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Dropbox
2012-05-07 12:46 - 2012-04-30 13:06 - 0001970 ____A C:\Windows\setupact.log
2012-05-07 12:46 - 2010-06-26 16:56 - 3922710528 __ASH C:\hiberfil.sys
2012-05-07 12:46 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-07 12:44 - 2012-05-07 12:44 - 0027300 ____A C:\ComboFix.txt
2012-05-07 12:44 - 2012-05-07 12:12 - 0000000 ____D C:\Qoobox
2012-05-07 12:44 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-05-07 12:41 - 2012-05-07 12:20 - 0000000 ____D C:\Windows\ERDNT
2012-05-07 12:36 - 2012-05-07 12:36 - 0000000 ____D C:\$RECYCLE.BIN
2012-05-07 12:36 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-05-07 12:35 - 2009-07-13 18:34 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-05-07 12:34 - 2012-05-02 13:13 - 0029056 ____A C:\Windows\PFRO.log
2012-05-07 12:19 - 2010-05-31 15:36 - 0000000 ____D C:\Users\Owner\AppData\Roaming\GR2Analyst
2012-05-07 12:11 - 2012-05-07 12:11 - 4486979 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2012-05-07 11:32 - 2012-05-07 11:27 - 0000000 ____D C:\Users\Owner\Downloads\MythBusters.S10E07.720p.HDTV.x264-KILLERS [PublicHD]
2012-05-07 10:32 - 2012-05-07 10:32 - 0009150 ____A C:\Users\Owner\Documents\Attach.txt
2012-05-07 10:27 - 2012-05-07 10:27 - 0607260 ____R (Swearware) C:\Users\Owner\Downloads\dds.scr
2012-05-07 08:39 - 2012-05-07 08:38 - 0132360 ____A C:\TDSSKiller.2.7.34.0_07.05.2012_12.38.28_log.txt
2012-05-07 08:38 - 2012-05-07 08:38 - 2804712 ____A (Symantec Corporation) C:\Users\Owner\Downloads\NPE(4).exe
2012-05-06 20:49 - 2010-03-10 12:22 - 0000000 ____D C:\Users\Owner\AppData\Roaming\GRLevel3
2012-05-06 20:33 - 2012-05-06 20:31 - 0132360 ____A C:\TDSSKiller.2.7.34.0_07.05.2012_00.31.09_log.txt
2012-05-06 20:30 - 2012-05-06 20:30 - 2075184 ____A (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller(2).exe
2012-05-06 19:59 - 2012-05-06 19:59 - 0000773 ____A C:\Users\Owner\AppData\Roaming\SMRBackup250.dat
2012-05-06 19:59 - 2012-05-06 14:24 - 0133932 ____A C:\TDSSKiller.2.7.34.0_06.05.2012_18.24.39_log.txt
2012-05-06 14:38 - 2012-05-06 14:38 - 2075184 ____A (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller(1).exe
2012-05-06 14:28 - 2012-05-06 14:28 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-05-06 14:24 - 2012-05-06 14:24 - 2075184 ____A (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller.exe
2012-05-06 14:15 - 2012-05-06 14:15 - 2804712 ____A (Symantec Corporation) C:\Users\Owner\Downloads\NPE(3).exe
2012-05-06 14:15 - 2012-05-06 14:15 - 0096376 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR250.SYS
2012-05-06 14:15 - 2012-02-10 12:42 - 0000000 ____D C:\Users\Owner\AppData\Local\NPE
2012-05-06 14:12 - 2012-05-06 14:12 - 1805736 ____A (Symantec Corporation) C:\Users\Owner\Downloads\FixZeroAccess(2).exe
2012-05-06 14:12 - 2012-05-06 14:11 - 1805736 ____A (Symantec Corporation) C:\Users\Owner\Downloads\FixZeroAccess(1).exe
2012-05-06 14:03 - 2012-03-16 14:57 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-06 14:01 - 2012-05-06 14:01 - 1805736 ____A (Symantec Corporation) C:\Users\Owner\Downloads\FixZeroAccess.exe
2012-05-06 14:01 - 2012-05-06 14:01 - 0027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-05-06 13:38 - 2012-05-06 13:38 - 0000000 ____D C:\Program Files (x86)\1ClickDownload
2012-05-06 13:38 - 2012-05-06 13:37 - 0000000 ____D C:\Users\Owner\Downloads\GRLevel3
2012-05-06 13:37 - 2012-05-06 13:37 - 0214800 ____A C:\Users\Owner\Downloads\GRLevel3___Crack_-_.exe
2012-05-06 13:34 - 2010-07-02 22:11 - 0000000 ____D C:\Users\Owner\Downloads\GRLevel2AE Complete
2012-05-05 10:08 - 2012-05-05 10:08 - 0003033 ____A C:\Users\Owner\Downloads\19931E508A90F1A7F4C988E14042AA22FA9E2152.torrent
2012-05-05 09:59 - 2012-05-05 09:59 - 0000000 ____D C:\Users\Owner\Downloads\GRLevel3 Weather Radar
2012-05-05 09:58 - 2012-05-05 09:58 - 0002684 ____A C:\Users\Owner\Downloads\[kat.ph]grlevel3.weather.radar(1).torrent
2012-05-05 09:57 - 2012-05-05 09:57 - 0002684 ____A C:\Users\Owner\Downloads\[kat.ph]grlevel3.weather.radar.torrent
2012-05-04 11:02 - 2012-04-12 11:02 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 11:02 - 2012-04-12 10:16 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-04 11:02 - 2011-06-06 12:52 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-04 09:58 - 2010-03-09 11:32 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-04 09:29 - 2012-05-04 09:28 - 1326976 ____A C:\Windows\Minidump\050412-105940-01.dmp
2012-05-04 09:28 - 2012-05-04 09:28 - 648354629 ____A C:\Windows\MEMORY.DMP
2012-05-04 09:28 - 2011-10-26 09:33 - 0000000 ____D C:\Windows\Minidump
2012-05-03 18:58 - 2010-04-23 13:00 - 0833793 ____A C:\Users\Owner\Documents\storm.png
2012-05-02 16:00 - 2012-05-02 15:56 - 0000000 ____D C:\Users\Owner\Downloads\Deadliest.Catch.S08E04.HDTV.XviD-AFG
2012-05-02 12:31 - 2012-05-02 12:31 - 0085455 ____A C:\Users\Owner\Downloads\462765_10151582634235543_589620542_23884759_1814133287_o.jpg
2012-05-01 07:51 - 2012-03-27 09:58 - 0000000 ____D C:\Program Files (x86)\PuTTY
2012-04-30 13:06 - 2012-04-30 13:06 - 0000000 ____A C:\Windows\setuperr.log
2012-04-30 10:10 - 2012-04-30 09:57 - 0000000 ____D C:\Users\Owner\Downloads\MythBusters.S10E06.Driving.in.Heels.720p.HDTV.x264-DHD [PublicHD]
2012-04-30 09:55 - 2012-04-30 09:55 - 0000000 ____D C:\Users\Owner\Downloads\BS Galaktikon - 2012 [320]
2012-04-29 15:14 - 2012-04-29 15:14 - 0000000 ____D C:\Users\Owner\AppData\Roaming\PDF Writer
2012-04-29 15:14 - 2012-04-29 15:14 - 0000000 ____D C:\Users\Owner\AppData\Local\PDF Writer
2012-04-29 15:14 - 2012-04-29 15:14 - 0000000 ____D C:\Users\All Users\PDF Writer
2012-04-29 15:14 - 2012-04-29 15:14 - 0000000 ____D C:\ProgramData\PDF Writer
2012-04-29 02:58 - 2012-04-29 02:58 - 0000000 ____D C:\Program Files\Soluto
2012-04-25 18:57 - 2012-04-25 18:58 - 0531406 ____A C:\Users\Owner\Documents\img.jpg
2012-04-25 18:57 - 2012-04-25 18:57 - 0531406 ____A C:\Users\Owner\Downloads\IMG-20120418-00025.jpg
2012-04-25 18:56 - 2012-04-25 18:56 - 0531406 ____N C:\Users\Owner\Documents\IMG-20120418-00025.jpg
2012-04-25 18:55 - 2011-10-15 13:06 - 0000000 ____D C:\Users\Owner\Documents\JRT Studio
2012-04-24 22:58 - 2012-04-24 20:22 - 0000000 ____D C:\Users\Owner\Downloads\[ www.Speed.Cd ] - Deadliest.Catch.S08E03.720p.HDTV.x264-KILLERS
2012-04-24 20:26 - 2012-04-24 20:25 - 0000000 ____D C:\Users\Owner\Downloads\Deadliest.Catch.S08E03.HDTV.XviD-AFG
2012-04-24 19:08 - 2012-04-24 19:08 - 0263482 ____A C:\Users\Owner\Desktop\AOSS Personal Information Form.tiff
2012-04-24 19:08 - 2012-04-24 19:08 - 0000000 ____D C:\Users\Owner\AppData\Local\{0295CF5D-37F9-4B6E-8DCA-9FAABB917843}
2012-04-24 18:50 - 2010-05-10 12:37 - 0000000 ____D C:\Users\All Users\CanonIJPLM
2012-04-24 18:50 - 2010-05-10 12:37 - 0000000 ____D C:\ProgramData\CanonIJPLM
2012-04-24 13:13 - 2011-12-08 12:46 - 0054728 ____A (Soluto LTD.) C:\Windows\System32\Drivers\Soluto.sys
2012-04-23 12:49 - 2012-04-23 12:37 - 0000000 ____D C:\Users\Owner\Downloads\[ www.TorrentDay.com ] - MythBusters.S10E05.Battle.of.the.Sexes.HDTV.XviD-AFG
2012-04-23 12:39 - 2012-04-23 12:39 - 0000000 ____D C:\Users\Owner\Downloads\unchained104
2012-04-22 11:04 - 2012-04-22 10:57 - 392734101 ____A C:\Users\Owner\Downloads\Unchained.Reaction.S01E05.HDTV.x264-MOMENTUM.mp4
2012-04-22 11:01 - 2012-04-22 10:52 - 486764260 ____A C:\Users\Owner\Downloads\MythBusters.S10E04.HDTV.x264-MOMENTUM.mp4
2012-04-22 10:59 - 2012-04-22 10:51 - 0000000 ____D C:\Users\Owner\Downloads\Deadliest.Catch.S08E02.HDTV.XviD-AFG
2012-04-20 12:36 - 2012-04-20 12:39 - 46613901 ____A C:\Users\Owner\Documents\Buoy Research Poster.pdf
2012-04-20 12:36 - 2012-04-20 12:35 - 46613901 ____A C:\Users\Owner\Documents\UROP Poster.ai
2012-04-20 12:35 - 2012-04-20 12:34 - 45756225 ____A C:\Users\Owner\Downloads\UROP Poster(1).pdf
2012-04-19 21:06 - 2012-02-14 18:32 - 0000600 ____A C:\Users\Owner\AppData\Local\PUTTY.RND
2012-04-19 09:52 - 2012-04-19 09:52 - 0057856 ____A C:\Users\Owner\Documents\ExitSurvey.docx
2012-04-19 09:52 - 2012-04-19 09:52 - 0000162 ___AH C:\Users\Owner\Documents\~$itSurvey.docx
2012-04-18 13:13 - 2012-04-18 13:13 - 0506020 ____A C:\Users\Owner\Documents\buoygroups.png
2012-04-18 09:01 - 2012-04-18 09:01 - 0026624 ____A C:\Users\Owner\Documents\SymposiumAssignment.doc
2012-04-18 09:01 - 2012-04-18 09:01 - 0000162 ___AH C:\Users\Owner\Documents\~$mposiumAssignment.doc
2012-04-17 18:53 - 2012-04-17 18:52 - 0566148 ____A C:\Users\Owner\Documents\Screenshot_16.png
2012-04-17 11:57 - 2012-04-17 11:47 - 0000700 ____A C:\Users\Owner\Documents\matlab final.txt
2012-04-17 09:54 - 2010-10-01 14:33 - 0000000 ___HD C:\Users\Public\Documents\Server
2012-04-17 09:47 - 2012-04-17 09:47 - 2804712 ____A (Symantec Corporation) C:\Users\Owner\Downloads\NPE(2).exe
2012-04-17 09:44 - 2012-04-17 09:44 - 0001124 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-17 09:44 - 2012-04-17 09:44 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2012-04-17 09:44 - 2012-04-17 09:44 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-17 09:44 - 2012-04-17 09:44 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-17 09:44 - 2012-04-17 09:44 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-17 09:43 - 2012-04-17 09:43 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.61.0.1400.exe
2012-04-16 14:12 - 2012-04-16 14:11 - 0082645 ____A C:\Users\Owner\Documents\Timesheet(2).pdf
2012-04-16 14:09 - 2012-04-16 14:03 - 0082033 ____A C:\Users\Owner\Documents\Timesheet.pdf
2012-04-16 12:51 - 2012-04-16 12:51 - 0023190 ____A C:\Users\Owner\Documents\fall2012 sched.png
2012-04-15 20:51 - 2012-04-15 20:51 - 0849432 ____A C:\Users\Owner\Documents\Screenshot_15.png
2012-04-15 11:25 - 2012-04-15 11:25 - 0026624 ____A C:\Users\Owner\Documents\houseagreement.doc
2012-04-15 11:25 - 2012-04-15 11:25 - 0000162 ___AH C:\Users\Owner\Documents\~$useagreement.doc
2012-04-14 14:47 - 2012-04-14 14:47 - 3394828 ____A ( ) C:\Users\Owner\Downloads\grlevel3_update.exe
2012-04-14 14:33 - 2010-03-31 15:31 - 0000000 ____D C:\Program Files (x86)\GRLevelX
2012-04-14 14:29 - 2012-04-14 14:29 - 0000967 ____A C:\Users\Public\Desktop\Total Uninstall 5.lnk
2012-04-14 14:29 - 2012-04-14 14:29 - 0000000 ____D C:\Users\All Users\Martau
2012-04-14 14:29 - 2012-04-14 14:29 - 0000000 ____D C:\ProgramData\Martau
2012-04-14 14:29 - 2012-04-14 14:29 - 0000000 ____D C:\Program Files (x86)\Total Uninstall 5
2012-04-14 14:29 - 2012-04-14 14:28 - 0000000 ____D C:\Users\Owner\Downloads\GRLevel3 1.78.3
2012-04-14 14:27 - 2012-04-14 14:27 - 0009843 ____A C:\Users\Owner\Downloads\[kat.ph]grlevel3.1.78.3.crack.torrent
2012-04-14 10:31 - 2012-04-14 10:31 - 0103528 ____A C:\Users\Owner\Documents\oie_14202950KfDcPTVE.gif
2012-04-13 20:37 - 2012-04-13 20:24 - 494565876 ____A C:\Users\Owner\Downloads\Deadliest.Catch.S08E01.HDTV.x264-MOMENTUM.mp4
2012-04-13 20:22 - 2012-04-13 19:16 - 316775844 ____A C:\Users\Owner\Downloads\Deadliest.Catch.S08E01.HDTV.x264-MOMENTUM.mp4.part
2012-04-13 11:18 - 2012-04-13 11:18 - 0000000 ____D C:\Program Files\Common Files\Bullzip
2012-04-13 11:18 - 2012-04-13 11:18 - 0000000 ____D C:\Program Files\Bullzip
2012-04-13 11:14 - 2012-04-13 11:14 - 0013242 ____A C:\Users\Owner\Downloads\about-blank.pdf
2012-04-12 07:08 - 2011-09-27 17:54 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Spotify
2012-04-12 07:06 - 2011-09-27 17:54 - 0000000 ____D C:\Users\Owner\AppData\Local\Spotify
2012-04-12 06:31 - 2010-01-06 21:34 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-12 06:31 - 2010-01-06 21:34 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-12 06:25 - 2010-02-25 04:58 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-10 18:19 - 2011-05-25 13:56 - 0019231 ____A C:\Users\Owner\Documents\resume.docx
2012-04-08 18:52 - 2012-01-26 17:52 - 0013434 ____A C:\Users\Owner\Documents\exams.docx
2012-04-07 08:27 - 2012-03-27 09:55 - 0035467 ____A C:\Users\Owner\Documents\Facebook timeline Detroit red wings-703130.jpeg
2012-04-04 11:56 - 2012-04-17 09:44 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 20:29 - 2012-04-03 20:31 - 45756225 ____A C:\Users\Owner\Documents\UROP Poster.pdf
2012-04-03 20:29 - 2012-04-03 20:27 - 45756225 ____A C:\Users\Owner\Downloads\UROP Poster.pdf
2012-04-03 20:03 - 2011-09-24 20:47 - 0000000 ____D C:\Users\Owner\Documents\Graboid
2012-04-02 15:50 - 2012-04-02 15:50 - 0943104 ____A C:\Users\Owner\Downloads\Ch15.ppt
2012-04-02 13:12 - 2012-03-19 18:46 - 0096453 ____A C:\Users\Owner\Documents\Results.docx
2012-04-01 16:18 - 2011-10-15 13:06 - 0000000 ____D C:\Users\Owner\AppData\Roaming\JRT Studio
2012-03-30 18:46 - 2010-11-09 15:34 - 0000000 ____D C:\Users\Owner\AppData\Local\Windows Live
2012-03-30 16:30 - 2011-12-08 12:45 - 0000000 ____D C:\Users\All Users\Soluto
2012-03-30 16:30 - 2011-12-08 12:45 - 0000000 ____D C:\ProgramData\Soluto
2012-03-28 17:42 - 2012-03-22 18:56 - 0013220 ____A C:\Users\Owner\Documents\THINGS TO DO.docx
2012-03-28 16:31 - 2012-03-28 16:31 - 3036128 ____A C:\Users\Owner\Downloads\LATEST-IS-3.4.0
2012-03-27 19:37 - 2012-03-27 10:00 - 0000000 ____D C:\Program Files (x86)\Xming
2012-03-27 10:07 - 2012-03-27 10:00 - 32346518 ____A (Colin Harrison ) C:\Users\Owner\Downloads\Xming-fonts-7-5-0-34-setup.exe
2012-03-27 09:59 - 2012-03-27 09:59 - 2204914 ____A (Colin Harrison ) C:\Users\Owner\Downloads\Xming-6-9-0-31-setup.exe
2012-03-27 09:57 - 2012-03-27 09:57 - 1849240 ____A (Simon Tatham ) C:\Users\Owner\Downloads\putty-0.62-installer.exe
2012-03-27 05:29 - 2012-04-13 11:18 - 0216064 ____A (Bullzip) C:\Windows\System32\bzpdf.dll
2012-03-26 17:18 - 2012-03-26 17:18 - 0000162 ___AH C:\Users\Owner\Documents\~$nclusions.docx
2012-03-26 11:12 - 2012-02-24 20:00 - 0000000 ____D C:\Users\Owner\Downloads\30 Rock Season 4
2012-03-25 01:07 - 2011-12-08 12:49 - 0000193 ____A C:\Users\All Users\Microsoft.SqlServer.Compact.351.64.bc
2012-03-25 01:07 - 2011-12-08 12:49 - 0000193 ____A C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2012-03-22 18:56 - 2012-03-22 18:56 - 0000162 ___AH C:\Users\Owner\Documents\~$INGS TO DO.docx
2012-03-22 18:50 - 2012-03-22 18:50 - 0904169 ____A C:\Users\Owner\Documents\Kyleselectserv-1.pdf
2012-03-21 11:09 - 2012-01-24 17:46 - 0000000 ____D C:\Users\Owner\AppData\Local\Facebook
2012-03-20 17:46 - 2012-03-20 17:46 - 0172759 ____A C:\Users\Owner\Documents\Unexcused Absence Assignment.pdf
2012-03-20 16:56 - 2012-03-20 16:56 - 0032374 ____A C:\Users\Owner\Documents\https___web.mail.umich.pdf
2012-03-19 18:47 - 2012-03-19 18:46 - 0000162 ___AH C:\Users\Owner\Documents\~$esults.docx
2012-03-19 18:33 - 2012-03-19 17:25 - 0013149 ____A C:\Users\Owner\Documents\Conclusions.docx
2012-03-19 17:16 - 2012-02-16 18:08 - 0176796 ____A C:\Users\Owner\Documents\Great Lakes Buoy Data and Charts.xlsx
2012-03-18 12:35 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2012-03-16 14:57 - 2012-03-16 14:57 - 0000000 ____D C:\Users\All Users\Mozilla
2012-03-16 14:57 - 2012-03-16 14:57 - 0000000 ____D C:\ProgramData\Mozilla
2012-03-15 17:16 - 2012-03-15 17:14 - 127967661 ____A C:\Users\Owner\Downloads\tosh.0.s04e07.hdtv.x264-momentum.mp4
2012-03-15 06:59 - 2011-12-08 13:06 - 0002848 ____A C:\Windows\System32\.rsp
2012-03-15 06:59 - 2011-12-08 13:06 - 0001479 ____A C:\Windows\System32\.lck
2012-03-15 06:57 - 2010-02-25 04:41 - 0099760 ____A C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-15 06:56 - 2009-07-13 20:45 - 3074288 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-14 15:19 - 2012-03-14 15:19 - 0000000 ____D C:\Program Files\Common Files\Wolfram Research
2012-03-14 15:17 - 2012-03-14 15:16 - 108145088 ____A (Wolfram Research, Inc. ) C:\Users\Owner\Downloads\CDFPlayer_8.0.4_WIN(1).exe
2012-03-14 15:10 - 2012-03-14 15:05 - 228522224 ____A C:\Users\Owner\Downloads\Spring Break Ye!.zip
2012-03-13 17:55 - 2012-03-13 17:55 - 1116969 ____A C:\Users\Owner\Downloads\TubeTV.dmg
2012-03-12 20:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-03-11 17:35 - 2012-03-11 17:35 - 0044038 ____A C:\Users\Owner\Documents\iD4s.jpeg
2012-03-11 16:20 - 2012-03-11 16:20 - 0077824 ____A C:\Users\Owner\Downloads\wheel(1).doc
2012-03-11 16:19 - 2012-03-11 16:19 - 0077824 ____A C:\Users\Owner\Downloads\wheel.doc
2012-03-11 13:32 - 2012-03-11 13:31 - 0056895 ____A C:\Users\Owner\Documents\SymposiumPayPal.png
2012-03-10 15:27 - 2012-03-10 15:27 - 1977972 ____A (Equi4 Software) C:\Users\Owner\Downloads\caenvnc2.2(1).exe
2012-03-10 14:42 - 2012-03-10 14:42 - 2140168 ____A C:\Users\Owner\Downloads\SharePod_3.98.zip
2012-03-10 14:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-03-10 14:33 - 2010-02-25 04:37 - 0000000 ____D C:\users\Owner
2012-03-10 14:30 - 2012-01-10 11:00 - 0000000 ____D C:\Users\All Users\Norton
2012-03-10 14:30 - 2012-01-10 11:00 - 0000000 ____D C:\ProgramData\Norton
2012-03-10 14:30 - 2011-12-27 21:22 - 0000000 ____D C:\Program Files\Waterfox
2012-03-10 14:30 - 2011-12-20 18:13 - 0000000 ____D C:\Users\All Users\WeCareReminder
2012-03-10 14:30 - 2011-12-20 18:13 - 0000000 ____D C:\ProgramData\WeCareReminder
2012-03-10 14:30 - 2011-12-14 16:30 - 0000000 ____D C:\Users\All Users\DivX
2012-03-10 14:30 - 2011-12-14 16:30 - 0000000 ____D C:\ProgramData\DivX
2012-03-10 14:30 - 2011-03-27 09:01 - 0000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2012-03-10 14:30 - 2010-04-10 07:44 - 0000000 ____D C:\Program Files\iTunes
2012-03-10 14:30 - 2010-04-10 07:44 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-03-10 14:30 - 2010-04-10 07:43 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-03-10 14:30 - 2010-04-10 07:41 - 0000000 ____D C:\Program Files\Bonjour
2012-03-10 14:30 - 2010-03-10 16:10 - 0000000 ____D C:\Program Files (x86)\SpeedBit Video Accelerator
2012-03-10 14:30 - 2010-03-09 15:16 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-03-10 14:30 - 2010-03-09 15:16 - 0000000 ____D C:\ProgramData\Apple Computer
2012-03-10 14:30 - 2010-03-09 15:15 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-03-10 14:30 - 2010-03-09 14:52 - 0000000 ____D C:\Program Files (x86)\DAP
2012-03-10 14:30 - 2010-03-09 11:39 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-03-10 14:30 - 2010-01-06 21:27 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2012-03-10 14:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-03-10 14:27 - 2010-02-25 04:37 - 0000000 ____D C:\Users\Owner\AppData\LocalLow
2012-03-10 14:26 - 2011-12-14 16:31 - 0000000 ____D C:\Program Files (x86)\DivX
2012-03-10 14:26 - 2010-04-10 07:44 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-10 14:26 - 2010-04-10 07:44 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-10 14:26 - 2010-04-10 07:44 - 0000000 ____D C:\Program Files\iPod
2012-03-10 14:26 - 2010-03-09 15:15 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-03-10 14:25 - 2010-01-06 21:34 - 0000000 ___RD C:\MSOCache
2012-03-10 11:46 - 2012-03-10 11:50 - 0012597 ____A C:\Users\Owner\Desktop\iTunes Music Library.xml
2012-03-10 11:27 - 2010-03-09 15:17 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Apple Computer
2012-03-10 10:44 - 2012-03-10 10:44 - 0000000 ____D C:\Users\Owner\AppData\Local\DDMSettings
2012-03-10 10:13 - 2012-03-10 10:12 - 105310208 ____A C:\Users\Owner\Downloads\Metalocalypse - S02E08 - P.R. Klok [Moonsong].avi
2012-03-09 09:19 - 2012-03-09 09:14 - 407174269 ____A C:\Users\Owner\Downloads\tosh.0.s04e06.720p.hdtv.x264-momentum.mkv
2012-03-06 19:53 - 2012-03-06 19:53 - 0000000 ____D C:\Users\Owner\AppData\Roaming\MathematicaPlayer
2012-03-06 19:53 - 2012-03-06 19:53 - 0000000 ____D C:\Users\Owner\AppData\Local\MathematicaPlayer
2012-03-06 19:53 - 2012-03-06 19:53 - 0000000 ____D C:\Users\All Users\MathematicaPlayer
2012-03-06 19:53 - 2012-03-06 19:53 - 0000000 ____D C:\ProgramData\MathematicaPlayer
2012-03-06 19:25 - 2012-03-06 19:25 - 0000000 ____D C:\Users\All Users\Mathematica
2012-03-06 19:25 - 2012-03-06 19:25 - 0000000 ____D C:\ProgramData\Mathematica
2012-03-06 19:24 - 2012-03-06 19:24 - 0000000 ____D C:\Program Files (x86)\Wolfram Research
2012-03-06 19:21 - 2012-03-06 19:17 - 108145088 ____A (Wolfram Research, Inc. ) C:\Users\Owner\Downloads\CDFPlayer_8.0.4_WIN.exe
2012-03-06 11:40 - 2012-03-06 11:40 - 0043595 ____A C:\Users\Owner\Downloads\[kat.ph]dethklok.discography.torrent
2012-03-05 22:53 - 2012-04-12 06:29 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-05 21:59 - 2012-04-12 06:29 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-05 21:59 - 2012-04-12 06:29 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-05 12:54 - 2012-02-24 20:01 - 0000000 ____D C:\Users\Owner\Downloads\30_Rock_Season_3_Complete
2012-03-04 23:04 - 2010-07-02 16:17 - 0000000 ____D C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
2012-03-03 14:35 - 2012-03-03 14:33 - 0000000 ____D C:\Users\Owner\Downloads\Dethklok - Official Tablature Books
2012-03-02 15:32 - 2012-03-02 15:32 - 0351235 ____A C:\Users\Owner\Documents\Screenshot_14.png
2012-03-02 12:10 - 2012-03-02 12:10 - 0155004 ____A C:\Users\Owner\Documents\Screenshot_13.png
2012-03-02 10:00 - 2012-03-02 10:00 - 0261411 ____A C:\Users\Owner\Documents\Screenshot_12.png
2012-03-01 11:26 - 2012-03-01 11:26 - 0104944 ____A C:\Users\Owner\Documents\EmploymentApplication2011.pdf
2012-02-29 22:46 - 2012-04-12 06:24 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:38 - 2012-04-12 06:24 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:33 - 2012-04-12 06:24 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:28 - 2012-04-12 06:24 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:37 - 2012-04-12 06:24 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:33 - 2012-04-12 06:24 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:29 - 2012-04-12 06:24 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-29 12:55 - 2012-02-10 13:24 - 0001009 ____A C:\Users\Owner\Start Menu\Programs\Startup\Dropbox.lnk
2012-02-29 12:55 - 2012-02-10 13:24 - 0001009 ____A C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-02-29 12:55 - 2011-11-27 16:02 - 0001029 ____A C:\Users\Owner\Desktop\Dropbox.lnk
2012-02-29 10:45 - 2012-02-29 10:45 - 0000000 ____D C:\Users\Owner\Downloads\Conuslarge
2012-02-27 22:39 - 2012-04-11 06:54 - 1494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:39 - 2012-04-11 06:54 - 1188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:39 - 2012-04-11 06:54 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:36 - 2012-04-11 06:54 - 9020928 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 22:36 - 2012-04-11 06:54 - 0702464 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-02-27 22:36 - 2012-04-11 06:54 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:35 - 2012-04-11 06:54 - 2453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:35 - 2012-04-11 06:54 - 12264448 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:35 - 2012-04-11 06:54 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 22:35 - 2012-04-11 06:54 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 21:38 - 2012-04-11 06:54 - 1231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 21:38 - 2012-04-11 06:54 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 21:38 - 2012-04-11 06:54 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 21:35 - 2012-04-11 06:54 - 5998080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 21:35 - 2012-04-11 06:54 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-02-27 21:35 - 2012-04-11 06:54 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 21:34 - 2012-04-11 06:54 - 2073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 21:34 - 2012-04-11 06:54 - 10992640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 21:34 - 2012-04-11 06:54 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-27 21:34 - 2012-04-11 06:54 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 21:07 - 2012-02-27 20:59 - 0000000 ____D C:\Users\Owner\Downloads\[ www.Speed.Cd ] - Tosh.0.S04E03.720p.HDTV.x264-MOMENTUM
2012-02-27 21:06 - 2012-02-27 21:01 - 194019150 ____A C:\Users\Owner\Downloads\Tosh.O S04E04.avi
2012-02-27 20:31 - 2012-04-11 06:54 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 19:52 - 2012-04-11 06:54 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-25 14:22 - 2012-02-25 14:22 - 0000000 ____D C:\Users\Owner\Downloads\[ www.TorrentDay.com ] - Tosh.0.S03E25.HDTV.XviD-aAF - Copy
2012-02-25 14:12 - 2012-02-24 19:57 - 0000000 ____D C:\Users\Owner\Downloads\Community - The Complete Season 2 [HDTV]-LOL
2012-02-25 14:07 - 2012-02-25 14:07 - 0000000 ____D C:\Users\Owner\Downloads\CreateACard_Gold_2_ND_FOROS
2012-02-25 09:52 - 2012-02-20 18:17 - 0015901 ____A C:\Users\Owner\Documents\Abstract.docx
2012-02-24 20:56 - 2012-02-24 20:56 - 0000000 ____D C:\Users\Owner\Downloads\Pendulum-In_Silico-2008-DV8
2012-02-24 20:38 - 2012-02-24 20:04 - 0000000 ____D C:\Users\Owner\Downloads\30 Rock Season 5 Complete 720p
2012-02-23 12:44 - 2012-02-23 12:44 - 0034347 ____A C:\Users\Owner\Documents\2_23_12Snow.png
2012-02-23 12:43 - 2012-02-23 12:28 - 0466328 ____A C:\Users\Owner\Documents\2_23_12Snow.psd
2012-02-22 20:52 - 2012-02-22 20:52 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-02-22 20:52 - 2012-02-22 20:52 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-02-22 20:52 - 2012-02-22 20:52 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-02-22 20:52 - 2011-03-29 16:09 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-02-21 17:36 - 2012-02-21 17:36 - 0067137 ____A C:\Users\Owner\Documents\q1.pdf
2012-02-20 21:39 - 2010-07-10 17:55 - 0000000 ____D C:\Users\Owner\AppData\Roaming\SystemRequirementsLab
2012-02-20 21:39 - 2010-07-10 17:55 - 0000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2012-02-20 19:14 - 2012-02-05 13:57 - 0016906 ____A C:\Users\Owner\Documents\methods.docx
2012-02-20 19:07 - 2012-01-23 20:46 - 0015373 ____A C:\Users\Owner\Documents\objectives.docx
2012-02-20 07:37 - 2012-02-20 07:37 - 0026380 ____A C:\Users\Owner\Documents\Screenshot_11.png
2012-02-18 21:43 - 2010-05-10 08:32 - 0145141 ____A C:\Users\Owner\Documents\Untitled.png
2012-02-17 20:02 - 2012-02-17 20:02 - 0000076 ____A C:\Users\Owner\Documents\aa.txt
2012-02-16 22:38 - 2012-03-14 06:52 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-14 06:52 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-14 06:52 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-14 06:52 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 18:06 - 2011-11-13 12:30 - 0175271 ____A C:\Users\Owner\Documents\GL_Data_Jun_July_Aug With 2011.xlsx
2012-02-16 08:16 - 2010-02-25 04:39 - 0000174 ___SH C:\Users\Owner\Start Menu\Programs\Startup\desktop.ini
2012-02-16 08:16 - 2010-02-25 04:39 - 0000174 ___SH C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-16 08:14 - 2009-11-12 18:33 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-14 20:38 - 2012-02-14 20:38 - 0000000 ____D C:\Users\Owner\Downloads\Ratatat
2012-02-14 17:19 - 2012-02-14 17:19 - 1977972 ____A (Equi4 Software) C:\Users\Owner\Downloads\caenvnc2.2.exe
2012-02-13 21:10 - 2012-02-13 21:10 - 0030828 ____A C:\Users\Owner\Documents\Screenshot_10.png
2012-02-13 21:09 - 2012-02-13 21:09 - 0030675 ____A C:\Users\Owner\Documents\Screenshot_9.png
2012-02-13 12:33 - 2012-02-13 12:33 - 0444808 ____A C:\Users\Owner\Documents\cat2.jpg
2012-02-13 11:19 - 2011-03-27 09:16 - 0000000 ____D C:\Users\Owner\AppData\Local\Microsoft Help
2012-02-10 15:42 - 2010-03-24 10:38 - 0000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2012-02-10 12:43 - 2012-02-10 12:43 - 2804808 ____A (Symantec Corporation) C:\Users\Owner\Downloads\NPE(1).exe
2012-02-10 12:42 - 2012-02-10 12:42 - 2804808 ____A (Symantec Corporation) C:\Users\Owner\Downloads\NPE.exe
2012-02-10 09:05 - 2012-02-10 09:00 - 393620704 ____A C:\Users\Owner\Downloads\tosh.0.s04e02.720p.hdtv.x264-momentum.mkv
2012-02-09 22:36 - 2012-03-14 06:52 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-14 06:52 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 4987.99 MB
Available physical RAM: 4377.33 MB
Total Pagefile: 4986.14 MB
Available Pagefile: 4363.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (TI105487W0B) (Fixed) (Total:287.55 GB) (Free:137 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (STORE'N'GO) (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 491 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 287 GB 1501 MB
Partition 3 Primary 9 GB 289 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI105487W0B NTFS Partition 287 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 490 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F STORE'N'GO FAT Removable 490 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-28 20:26

======================= End Of Log ==========================

#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:51 PM

Posted 09 May 2012 - 03:24 PM

Good evening. :)

I don't think that you have an active zeroaccess infection, so it's possible that all that is necessary is to delete the file in question - why Norton isn't able to deal with this I don't know. It may be that due to potential problems when removing this infection that Norton is programmed to avoid deleting the file to avoid any blame if things don't go according to plan.

I think the best way is to rename the file and see how the PC behaves afterwards. If there are any problems with the PC once you have done the below, repeat the steps but reverse the file renaming and that should resolve the issue and we'll look at Plan B.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please read through all the instructions BEFORE you begin and ask any questions that you may have first. Be aware that an active infection may interfere with the first part of this procedure. If it doesn't go according to instructions, you may have to use a different PC to write the software to the flash drive.

  • Download both this file and this file and save them to your Desktop.
  • Insert your USB flash drive into your PC.
  • Click Start > My Computer, right click your flash drive's icon and select Format > Quick format - this will wipe the contents of the flash drive, so make sure there is nothing of value on there!
  • Double click unetbootin-xpud-windows-version number.exe that you just downloaded and OK any Security Warning that Windows may offer.
  • Select the Diskimage radio button and then click the browse button (the one with three dots on) located on the right side of the textbox field.
  • Browse to, and select, the xpud-0.9.2.iso file you downloaded above by double clicking it.
  • Verify the correct drive letter is selected for your USB device at the bottom and then click OK.
  • The program will install a little bootable OS onto your flash drive.
  • Once the files have been written to the drive you will be prompted to reboot - this isn't necessary, so just click Exit.

The next part is somewhat tricky as it differs on different machines. If you are lucky, then the following will work - if it doesn't, let me know and we'll go for a different angle.

  • If it isn't already there, insert the flash drive into the sick PC and then reboot it.
  • You need to select the OS that is on the stick rather than let Windows take charge, so press F12 and choose to boot from the USB drive before Windows starts loading.
  • Follow the prompts and eventually a Welcome to xPUD screen will appear.
  • Click the File icon on the left.
  • Open the mnt folder by clicking it, just as you do in Windows - this is the center of operations as far as the file system is concerned.
  • You are going to identify the folder that represents your C: drive, which is probably sda1.
  • Double click on the sda1 folder and check that you can see a folder called Windows.
  • If not, try the next folder to sda1 and so on until you get the right one.
  • Once you've got the C: drive folder, navigate to the file c:\windows\system32\consrv.dll
  • Right click it, just like Windows, and Rename it to consrv.old.
  • Click the Home icon on the left and Power off the machine
  • Remove the flashdrive and reboot your system - into Windows as normal.

Let me know how you get on.

So long, and thanks for all the fish.

 

 


#13 hockeymidget8

hockeymidget8
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 09 May 2012 - 03:58 PM

All of the instructions worked well, and after renaming the file my computer is still running fine.

Edited by hockeymidget8, 09 May 2012 - 04:16 PM.


#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:51 PM

Posted 09 May 2012 - 04:52 PM

Does your AV still flag the file as undeletable, albeit with a different name, or will it remove it now?

So long, and thanks for all the fish.

 

 


#15 hockeymidget8

hockeymidget8
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 09 May 2012 - 08:28 PM

It still says that it cannot delete it and requires manual removal




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users