Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan (winning) versus me (losing)


  • This topic is locked This topic is locked
25 replies to this topic

#1 vox1

vox1

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 31 May 2012 - 08:24 AM

I think I seem to be having a similar situation to the guy over here - http://www.bleepingcomputer.com/forums/topic455358.html
Every few minutes Kaspersky pops up asking to disinfect 3 files located at C:\Windows\Installer\{2bbeba62-40d0-20a9-d47a-60888bcb72f6}\U (00000001.@ & 800000cb.@ & 80000000.@)
Have used spybot, malware bytes and kaspersky all in safe mode to no avail. Zipped 3 files up to virustotal - results. (in case it helps)

My DDS log below.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.4.1
Run by Admin at 23:00:32 on 2012-05-31
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.16367.11520 [GMT 10:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\ASDR.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Admin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Windows\System32\StikyNot.exe
C:\Users\Admin\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Admin\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
B:\Program Files (x86)\Evernote\EvernoteClipper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Windows\system32\SearchFilterHost.exe
\\.\globalroot\systemroot\Installer\{2bbeba62-40d0-20a9-d47a-60888bcb72f6}\U
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyServer = proxy.tpgi.com.au:3128
uInternet Settings,ProxyOverride = *commb*;*grif*;<local>;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [MusicManager] "C:\Users\Admin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [Google Update] "C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [uTorrent] "B:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Spotify Web Helper] "C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
StartupFolder: C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - B:\Program Files (x86)\Evernote\EvernoteClipper.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Add to Evernote 4.0 - B:\Program Files (x86)\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - B:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://B:\Program Files (x86)\Evernote\EvernoteIE.dll/204
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{09CADAAD-71E6-43B5-8B8A-85CC06C153ED} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3C42BFE4-C3F7-428E-B76B-FDA69CD32CA1} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{ED9BD734-51AB-43F3-B4FA-1496F5FE8EF1} : DhcpNameServer = 139.130.4.4 61.88.88.88
TCP: Interfaces\{ED9BD734-51AB-43F3-B4FA-1496F5FE8EF1}\24967607F6E64602341626C656 : DhcpNameServer = 139.130.4.4 61.88.88.88
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Notify: SDWinLogon - SDWinLogon.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
BHO-X64: link filter bho - No File
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://B:\Program Files (x86)\Evernote\EvernoteIE.dll/204
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xvulmwff.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp
FF - prefs.js: network.proxy.type - 0
FF - plugin: B:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: B:\Program Files (x86)\Adobe\Reader 10.0\Reader\browser\nppdf32.dll
FF - plugin: B:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: B:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: B:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: B:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
FF - plugin: B:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: B:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: B:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: B:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: B:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: B:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 EIO64;EIO Driver;C:\Windows\system32\DRIVERS\EIO64.sys --> C:\Windows\system32\DRIVERS\EIO64.sys [?]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-11-18 48888]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 202296]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-4-20 1262912]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-3-31 80896]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-4-3 382272]
R3 DKRtWrt;DKRtWrt;C:\Windows\system32\DRIVERS\DKRtWrt.sys --> C:\Windows\system32\DRIVERS\DKRtWrt.sys [?]
R3 IOMap;IOMap;\??\C:\Windows\system32\drivers\IOMap64.sys --> C:\Windows\system32\drivers\IOMap64.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RAMDiskVE;RAMDiskVE;C:\Windows\system32\Drivers\RAMDiskVE.sys --> C:\Windows\system32\Drivers\RAMDiskVE.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\system32\DRIVERS\vcsvad.sys --> C:\Windows\system32\DRIVERS\vcsvad.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-29 136176]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-6-17 8192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 257696]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-29 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;B:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-05-30 13:01:57 -------- d-----w- C:\Users\Admin\AppData\Roaming\Malwarebytes
2012-05-30 13:01:54 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-30 13:01:54 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-28 14:46:06 -------- d-----w- C:\ProgramData\Sony Corporation
2012-05-28 06:19:40 1830400 ----a-w- C:\Windows\SysWow64\TabSvc.dll
2012-05-27 03:14:21 -------- d-----w- C:\Users\Admin\AppData\Local\{5F5FEB92-3EFB-4D52-96F4-5E0D238DAA21}
2012-05-27 03:14:00 -------- d-----w- C:\Users\Admin\AppData\Local\{E8B02FE7-1788-4EFD-9077-5F7F76603DDE}
2012-05-26 09:44:21 -------- d-----w- C:\Users\Admin\AppData\Local\{CFBFD374-C2B0-427F-8F51-8812FEEA4514}
2012-05-26 09:44:00 -------- d-----w- C:\Users\Admin\AppData\Local\{C8380F6E-5629-4C4C-936A-5A335C098021}
2012-05-23 23:52:06 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-05-23 13:34:25 -------- d-----w- C:\Users\Admin\AppData\Local\Spotify
2012-05-23 13:33:45 -------- d-----w- C:\Users\Admin\AppData\Roaming\Spotify
2012-05-21 04:57:11 -------- d-----w- C:\Users\Admin\AppData\Local\{82F1EE31-E825-4588-B8BE-99D515986E20}
2012-05-21 04:56:50 -------- d-----w- C:\Users\Admin\AppData\Local\{17C73AF5-9103-4C21-93CA-BED3FBD9D43E}
2012-05-13 08:10:11 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-05-13 08:09:19 -------- d-----w- C:\Users\Admin\New folder
2012-05-11 06:31:30 -------- d-----w- C:\Users\Admin\AppData\Local\{A2FCDE38-DB6D-4E7A-A7BB-62B3C2D4EAA9}
2012-05-11 06:31:08 -------- d-----w- C:\Users\Admin\AppData\Local\{70C93EC1-CD51-40D6-9034-C64ED19A1125}
2012-05-10 02:45:50 -------- d-----w- C:\Users\Admin\AppData\Roaming\Binreader
2012-05-10 02:29:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-10 02:29:45 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-10 02:29:45 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-10 02:29:44 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-10 02:29:44 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-10 02:29:44 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-10 02:29:24 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-10 02:29:18 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-10 02:29:17 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 02:29:17 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 10:26:52 -------- d-----w- C:\Users\Admin\AppData\Roaming\GrabIt
2012-05-06 10:48:58 726016 ----a-w- C:\Windows\SysWow64\7z.dll
2012-05-06 10:48:54 -------- d-----w- C:\ProgramData\Xilisoft
2012-05-06 10:26:34 -------- d-----w- C:\Users\Admin\AppData\Roaming\AnvSoft
2012-05-06 01:32:52 -------- d-----w- C:\Users\Admin\AppData\Local\{ED221BA4-E953-40D1-AC55-5BE86014F299}
2012-05-06 01:32:30 -------- d-----w- C:\Users\Admin\AppData\Local\{DB2212CD-6CD8-478D-B605-FD42CF530655}
2012-05-05 04:17:29 -------- d-----w- C:\Users\Admin\AppData\Local\{7EB2712E-4E63-411B-82C2-0F4167774BC6}
2012-05-05 04:17:08 -------- d-----w- C:\Users\Admin\AppData\Local\{7D225B63-C811-4451-ADBF-4D04658EFCC1}
2012-05-04 16:16:57 -------- d-----w- C:\Users\Admin\AppData\Local\{3AD0758D-89AD-4197-BF6A-C1F9C68548AE}
2012-05-04 16:16:36 -------- d-----w- C:\Users\Admin\AppData\Local\{558E1C5F-59FB-423B-8849-49A33D6127FB}
2012-05-04 04:16:25 -------- d-----w- C:\Users\Admin\AppData\Local\{3CB6E800-9E24-4866-BF4F-AF34785B48EE}
2012-05-04 04:16:04 -------- d-----w- C:\Users\Admin\AppData\Local\{5C59A275-7460-4FB7-AD3D-70E455A1D5CA}
2012-05-04 04:05:54 -------- d-----w- C:\Program Files (x86)\Oracle
2012-05-03 16:15:53 -------- d-----w- C:\Users\Admin\AppData\Local\{81563C9F-DA41-4182-BCD3-85FAB7D3A037}
2012-05-03 16:15:31 -------- d-----w- C:\Users\Admin\AppData\Local\{6CDD800F-61B8-4256-932A-FCBC223FE818}
2012-05-03 15:35:38 -------- d-----w- C:\ProgramData\8ySeven
2012-05-02 13:10:30 -------- d-----w- C:\Users\Admin\AppData\Roaming\Torrent Episode Downloader
2012-05-02 02:03:21 -------- d-----w- C:\Users\Admin\AppData\Local\{246E1C4C-4D83-45D4-9DBE-2929F90086AF}
2012-05-02 02:03:10 -------- d-----w- C:\Users\Admin\AppData\Local\{21246022-A213-4752-90C1-E04CCEC0C0EE}
2012-05-01 16:30:44 -------- d-----w- C:\Users\Admin\AppData\Local\{6758554E-E6F2-4BEF-B587-01085E4A3644}
.
==================== Find3M ====================
.
2012-05-31 11:50:51 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-05-31 11:50:51 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-05-31 11:50:36 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-05-30 23:00:06 78848 ----a-w- C:\Windows\KMSEmulator.exe
2012-05-13 08:10:07 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-05-13 08:10:07 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-05-06 03:11:18 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 03:11:18 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-06 03:11:15 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 08:47:08 772504 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-04-04 08:47:02 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-03 13:19:14 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-04-03 13:19:13 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-04-03 13:19:12 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-04-03 13:19:12 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-04-03 13:19:12 2553991 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-04-03 13:19:00 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-04-03 13:15:00 6122816 ----a-w- C:\Windows\System32\nvcpl.dll
2012-04-02 21:16:04 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-03-08 08:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
.
============= FINISH: 23:00:50.15 ===============

BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 PM

Posted 02 June 2012 - 08:34 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until Iíve given you the ďAll clear.Ē Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registery key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 vox1

vox1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 02 June 2012 - 11:55 PM

Hi, thanks for the reply.
Unfortunately I don't think it is running correctly. When I run it, it pops up with a box saying it's extracting files then quickly closes.. no log or anything else shows up after that.

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 PM

Posted 03 June 2012 - 09:28 AM

Please try once more, but this time run it from the Safe Mode

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 vox1

vox1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 03 June 2012 - 10:52 AM

Attempted running it in safemode, still nothing. Does the same 'Extracting files' prompt, closes, then nothing happens.

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 PM

Posted 03 June 2012 - 12:10 PM

Please reboot your computer and try running ComboFix one more time as soon as it boots. If it runs, stop and post the log. If it does not run, please do this:

Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]Please include the following in your next post:
  • ComboFix log or FRST log

Edited by RPMcMurphy, 03 June 2012 - 12:13 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 vox1

vox1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 03 June 2012 - 07:47 PM

Attached the log. Couldn't paste it here..

Scan result of Farbar Recovery Scan Tool Version: 03-06-2012
Ran by SYSTEM at 04-06-2012 10:33:58
Running from H:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [202296 2011-04-24] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-16] (Sun Microsystems, Inc.)
HKU\Admin\...\Run: [MusicManager] "C:\Users\Admin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [13806080 2012-05-14] (Google Inc.)
HKU\Admin\...\Run: [Google Update] "C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-05-20] (Google Inc.)
HKU\Admin\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Admin\...\Run: [uTorrent] "B:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [x]
HKU\Admin\...\Run: [Spotify Web Helper] "C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [932528 2012-05-23] ()
HKLM-x32\...\runonceex: [Flags] 128
HKLM-x32\...\runonceex: [Title] UnHackMe Rootkit Check
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\Admin\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Admin\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> B:\Program Files (x86)\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

==================== Services (Whitelisted) ======

2 ASDR; C:\Windows\SysWOW64\ASDR.exe [61440 2009-07-26] ()
2 AVP; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" -r [202296 2011-04-24] (Kaspersky Lab ZAO)
2 Diskeeper; "C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe" [2627920 2011-03-02] (Diskeeper Corporation)
2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2011-06-16] ()
2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe /StartService [180224 2007-09-04] (NVIDIA)
3 ose64; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [174440 2010-01-09] (Microsoft Corporation)
2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-30] ()
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-02-14] ()
2 TabletInputService; C:\Windows\SysWOW64\TabSvc.dll [1830400 2012-05-27] ()
3 Microsoft SharePoint Workspace Audit Service; "B:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice [x]
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

3 AR5416; C:\Windows\System32\DRIVERS\athwx.sys [2716768 2010-11-04] (Atheros Communications, Inc.)
3 ATITool; C:\Windows\System32\DRIVERS\ATITool64.sys [35624 2007-08-08] ()
3 DKRtWrt; C:\Windows\System32\Drivers\DKRtWrt.sys [44624 2011-02-13] (Diskeeper Corporation)
1 EIO64; C:\Windows\System32\Drivers\EIO64.sys [16384 2011-09-27] (ASUSTeK Computer Inc.)
3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-01] (HTC, Corporation)
3 htcnprot; C:\Windows\System32\Drivers\htcnprot.sys [36928 2010-06-24] (Windows ® Win 7 DDK provider)
3 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-21] (ASUSTeK Computer Inc.)
0 KL1; C:\Windows\System32\Drivers\KL1.sys [460888 2011-03-03] (Kaspersky Lab ZAO)
1 kl2; C:\Windows\System32\Drivers\kl2.sys [11864 2011-03-03] (Kaspersky Lab ZAO)
1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [615728 2011-12-08] (Kaspersky Lab)
1 KLIM6; C:\Windows\System32\Drivers\KLIM6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
3 klmouflt; C:\Windows\System32\Drivers\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.sys [42776 2011-04-30] (Logitech, Inc.)
3 NVR0Dev; \??\C:\Windows\nvoclk64.sys [39968 2007-09-04] (NVidia Corp.)
3 RAMDiskVE; C:\Windows\System32\Drivers\RAMDiskVE.sys [70952 2011-09-19] (Windows ® Win 7 DDK provider)
3 Revoflt; C:\Windows\System32\Drivers\Revoflt.sys [31800 2009-12-29] (VS Revo Group)
3 ScreamBAudioSvc; C:\Windows\System32\drivers\ScreamingBAudio64.sys [29984 2006-09-26] (Screaming Bee LLC)
3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-25] (Avnex)
3 ALSysIO; \??\D:\temp\temp\ALSysIO64.sys [x]
4 bdselfpr; [x]
3 CrystalSysInfo; \??\B:\Program Files\MediaCoder\SysInfoX64.sys [x]
0 Partizan; C:\Windows\System32\drivers\Partizan.sys [x]
3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [x]

========================== NetSvcs (Whitelisted) ===========

NETSVCx32: WinDefend -> %ProgramFiles(x86)%\Windows Defender\mpsvc.dll ==> No File.
NETSVCx32: TabletInputService -> %SystemRoot%\SysWOW64\TabSvc.dll ==> No File.

============ One Month Created Files and Folders ==============

2012-06-03 08:16 - 2012-06-03 08:16 - 0000248 ____A C:\Windows\SysWOW64\PARTIZAN.TXT
2012-06-03 08:15 - 2012-06-03 08:15 - 0039184 ____A (Greatis Software) C:\Windows\System32\Partizan.exe
2012-06-03 08:14 - 2012-06-03 08:14 - 0279585 ____A C:\Users\Admin\Desktop\regrunlog.txt
2012-06-03 08:07 - 2012-06-03 08:17 - 0000000 ____D C:\Users\All Users\RegRun
2012-06-03 08:05 - 2012-06-03 08:14 - 0000000 ____D C:\Users\Admin\Documents\RegRun2
2012-06-03 08:05 - 2012-06-03 08:05 - 0000002 RASHOT C:\Windows\winstart.bat
2012-06-03 08:05 - 2012-06-03 08:05 - 0000002 RASHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2012-06-03 07:57 - 2012-06-03 07:58 - 0266580 ___AC C:\TDSSKiller.2.7.36.0_04.06.2012_01.57.26_log.txt
2012-06-03 07:45 - 2012-06-03 07:45 - 0001363 ____A C:\Users\Admin\Desktop\ComboFix.exe - Shortcut.lnk
2012-06-03 07:41 - 2012-06-03 07:41 - 0000332 ___AC C:\Start_.cmd
2012-06-02 22:03 - 2012-06-03 03:56 - 0112522 ____A C:\Users\Admin\Desktop\timetable.jpg
2012-06-02 20:48 - 2012-06-02 20:50 - 4534467 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2012-06-02 20:43 - 2012-06-02 20:43 - 0000000 ___DC C:\Qoobox
2012-06-02 08:10 - 2012-06-02 08:10 - 0000032 ____A C:\Windows\wininit.ini
2012-06-02 02:43 - 2012-06-02 02:43 - 0013824 __ASH C:\Windows\System32\config\SYSTEM.sav.LOG1
2012-06-02 02:43 - 2012-06-02 02:43 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.sav.LOG2
2012-06-02 02:43 - 2012-06-02 02:43 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.sav.LOG2
2012-06-02 02:43 - 2012-06-02 02:43 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.sav.LOG1
2012-06-02 02:43 - 2012-06-02 02:43 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.sav.LOG2
2012-06-02 02:43 - 2012-06-02 02:43 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.sav.LOG1
2012-06-02 02:42 - 2012-06-02 02:42 - 0000000 __ASH C:\Windows\System32\config\SECURITY.sav.LOG2
2012-06-02 02:42 - 2012-06-02 02:42 - 0000000 __ASH C:\Windows\System32\config\SECURITY.sav.LOG1
2012-06-02 02:42 - 2012-06-02 02:42 - 0000000 __ASH C:\Windows\System32\config\SAM.sav.LOG2
2012-06-02 02:42 - 2012-06-02 02:42 - 0000000 __ASH C:\Windows\System32\config\SAM.sav.LOG1
2012-06-01 20:10 - 2012-06-02 02:44 - 0002392 ____A C:\Windows\System32\ASOROSet.bin
2012-06-01 20:08 - 2012-06-01 20:10 - 0000000 ____D C:\Windows\System32\config\RCCBakup
2012-06-01 20:06 - 2012-06-01 20:06 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Reviversoft
2012-06-01 20:06 - 2011-01-21 21:33 - 0018240 ____A (ReviverSoft) C:\Windows\System32\roboot64.exe
2012-05-31 05:08 - 2012-05-31 05:08 - 0061737 ____A C:\Users\Admin\Desktop\trojan.jpg
2012-05-31 04:53 - 2012-05-06 02:47 - 0442849 ____A C:\Windows\System32\Drivers\etc\hosts.20120531-225320.backup
2012-05-31 04:52 - 2012-05-31 04:52 - 0025951 ____A C:\Users\Admin\Desktop\dds report.txt
2012-05-31 04:38 - 2012-05-31 04:38 - 0607260 ____R (Swearware) C:\Users\Admin\Desktop\dds.scr
2012-05-31 04:37 - 2012-05-31 04:37 - 0000000 ____A C:\Users\Admin\defogger_reenable
2012-05-31 04:32 - 2012-05-31 04:33 - 0000000 ____D C:\Users\Admin\Desktop\U
2012-05-31 04:19 - 2012-05-31 04:18 - 0607260 ____R (Swearware) C:\Users\Admin\Desktop\sfsf.scr
2012-05-30 14:59 - 2012-06-03 16:25 - 0000616 ____A C:\Windows\setupact.log
2012-05-30 05:01 - 2012-05-30 05:01 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-05-30 05:01 - 2012-05-30 05:01 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2012-05-30 05:01 - 2012-04-03 21:56 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-05-30 04:23 - 2012-05-30 04:59 - 0000000 ____D C:\Users\Admin\Desktop\New folder (2)
2012-05-30 04:21 - 2012-06-03 07:51 - 0000000 __SDC C:\32788R22FWJFW
2012-05-29 21:28 - 2012-05-29 21:28 - 0000972 ____A C:\Windows\System32\EvGr_Data{EED0054A-AA08-11E1-A4D9-806E6F6E6963}.dat
2012-05-29 21:28 - 2012-05-29 21:28 - 0000056 ____A C:\Windows\System32\RW_{EED0054A-AA08-11E1-A4D9-806E6F6E6963}.dat
2012-05-29 20:08 - 2012-05-30 04:24 - 0000000 ____D C:\Users\Admin\Desktop\statistics
2012-05-29 20:07 - 2012-05-29 20:07 - 0000000 ____D C:\Users\Admin\Desktop\New folder
2012-05-28 06:46 - 2012-05-28 06:51 - 0000000 ____D C:\Users\All Users\Sony Corporation
2012-05-27 22:19 - 2012-05-27 22:19 - 1830400 ____A C:\Windows\SysWOW64\TabSvc.dll
2012-05-27 22:19 - 2012-05-27 22:19 - 0000406 ____A C:\Windows\SysWOW64\TabSvc.ocx
2012-05-26 19:14 - 2012-05-26 19:14 - 0000000 ____D C:\Users\Admin\AppData\Local\{E8B02FE7-1788-4EFD-9077-5F7F76603DDE}
2012-05-26 19:14 - 2012-05-26 19:14 - 0000000 ____D C:\Users\Admin\AppData\Local\{5F5FEB92-3EFB-4D52-96F4-5E0D238DAA21}
2012-05-26 01:44 - 2012-05-26 01:44 - 0000000 ____D C:\Users\Admin\AppData\Local\{CFBFD374-C2B0-427F-8F51-8812FEEA4514}
2012-05-26 01:44 - 2012-05-26 01:44 - 0000000 ____D C:\Users\Admin\AppData\Local\{C8380F6E-5629-4C4C-936A-5A335C098021}
2012-05-24 08:43 - 2012-05-24 08:45 - 46999510 ____A C:\Users\Admin\Desktop\Lana Del Rey - Born To Die - YouTube.mp4
2012-05-23 15:52 - 2012-05-23 15:52 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-05-23 15:52 - 2012-05-23 15:52 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-23 05:34 - 2012-06-01 20:25 - 0000000 ____D C:\Users\Admin\AppData\Local\Spotify
2012-05-23 05:34 - 2012-05-23 05:34 - 0001807 ____A C:\Users\Admin\Desktop\Spotify.lnk
2012-05-23 05:33 - 2012-06-01 20:25 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Spotify
2012-05-20 20:57 - 2012-05-20 20:57 - 0000000 ____D C:\Users\Admin\AppData\Local\{82F1EE31-E825-4588-B8BE-99D515986E20}
2012-05-20 20:56 - 2012-05-20 20:57 - 0000000 ____D C:\Users\Admin\AppData\Local\{17C73AF5-9103-4C21-93CA-BED3FBD9D43E}
2012-05-14 09:57 - 2012-05-14 09:57 - 0001652 ____A C:\Windows\System32\EvGr_Data{40FCFF4A-9D56-11E1-A060-806E6F6E6963}.dat
2012-05-14 09:57 - 2012-05-14 09:57 - 0000056 ____A C:\Windows\System32\RW_{B4F6CD5E-915A-11E0-85C8-1078D28F8DF8}.dat
2012-05-14 09:57 - 2012-05-14 09:57 - 0000056 ____A C:\Windows\System32\RW_{40FCFF4A-9D56-11E1-A060-806E6F6E6963}.dat
2012-05-14 09:57 - 2012-05-14 09:57 - 0000012 ____A C:\Windows\System32\EvGr_Data{B4F6CD5E-915A-11E0-85C8-1078D28F8DF8}.dat
2012-05-13 00:10 - 2012-05-13 00:11 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Real
2012-05-13 00:10 - 2012-05-13 00:10 - 0006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-05-13 00:10 - 2012-05-13 00:10 - 0005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-05-13 00:10 - 2012-05-13 00:10 - 0001302 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-05-13 00:10 - 2012-05-13 00:10 - 0000000 ____D C:\Users\All Users\Real
2012-05-13 00:10 - 2012-05-13 00:10 - 0000000 ____D C:\Program Files (x86)\Real
2012-05-13 00:09 - 2012-05-13 00:09 - 0000000 ____D C:\Users\Admin\New folder
2012-05-12 06:19 - 2012-05-12 06:19 - 0000000 ____D C:\Users\Admin\Documents\My Games
2012-05-10 22:31 - 2012-05-10 22:31 - 0000000 ____D C:\Users\Admin\AppData\Local\{A2FCDE38-DB6D-4E7A-A7BB-62B3C2D4EAA9}
2012-05-10 22:31 - 2012-05-10 22:31 - 0000000 ____D C:\Users\Admin\AppData\Local\{70C93EC1-CD51-40D6-9034-C64ED19A1125}
2012-05-09 18:45 - 2012-05-27 19:18 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Binreader
2012-05-09 18:29 - 2012-03-30 22:05 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-09 18:29 - 2012-03-30 20:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-09 18:29 - 2012-03-30 20:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-09 18:29 - 2012-03-30 19:10 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-09 18:29 - 2012-03-30 03:35 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-09 18:29 - 2012-03-16 23:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-09 18:29 - 2012-03-02 22:35 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-09 18:29 - 2012-03-02 21:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-09 02:28 - 2012-05-09 02:30 - 0000000 ____D C:\Users\Admin\Documents\GrabIt Downloads
2012-05-09 02:26 - 2012-05-09 02:27 - 0000000 ____D C:\Users\Admin\AppData\Roaming\GrabIt
2012-05-08 06:11 - 2012-05-08 06:11 - 0000248 ____A C:\Users\Admin\Desktop\fs.txt
2012-05-06 06:58 - 2012-05-06 06:58 - 0000428 ____A C:\Windows\System32\EvGr_Data{8D23FB09-971E-11E1-92A9-806E6F6E6963}.dat
2012-05-06 06:58 - 2012-05-06 06:58 - 0000056 ____A C:\Windows\System32\RW_{8D23FB09-971E-11E1-92A9-806E6F6E6963}.dat
2012-05-06 02:48 - 2012-05-06 02:48 - 0726016 ____A (Igor Pavlov) C:\Windows\SysWOW64\7z.dll
2012-05-06 02:48 - 2012-05-06 02:48 - 0000947 ____A C:\Users\Public\Desktop\Xilisoft Video Converter Ultimate.lnk
2012-05-06 02:48 - 2012-05-06 02:48 - 0000000 ____D C:\Users\All Users\Xilisoft
2012-05-06 02:26 - 2012-05-06 02:28 - 0000000 ____D C:\Users\Admin\Documents\Any Video Converter Professional
2012-05-06 02:26 - 2012-05-06 02:26 - 0000000 ____D C:\Users\Admin\AppData\Roaming\AnvSoft
2012-05-06 00:08 - 2012-05-06 00:08 - 0000000 ____D C:\Users\Admin\Documents\Aiseesoft Studio
2012-05-05 17:32 - 2012-05-05 17:33 - 0000000 ____D C:\Users\Admin\AppData\Local\{ED221BA4-E953-40D1-AC55-5BE86014F299}
2012-05-05 17:32 - 2012-05-05 17:32 - 0000000 ____D C:\Users\Admin\AppData\Local\{DB2212CD-6CD8-478D-B605-FD42CF530655}


============ 3 Months Modified Files and Folders =============

2012-06-04 10:34 - 2012-06-04 10:33 - 0000000 ___DC C:\FRST
2012-06-03 16:28 - 2011-05-19 22:39 - 1454998 ____A C:\Windows\WindowsUpdate.log
2012-06-03 16:25 - 2012-05-30 14:59 - 0000616 ____A C:\Windows\setupact.log
2012-06-03 16:25 - 2011-12-16 17:41 - 0069516 ____A C:\Windows\AutoKMS.log
2012-06-03 16:25 - 2011-12-16 06:18 - 0078848 ____A C:\Windows\KMSEmulator.exe
2012-06-03 16:25 - 2011-12-16 06:18 - 0000202 ____A C:\Windows\Tasks\AutoKMSDaily.job
2012-06-03 16:25 - 2011-12-16 06:18 - 0000200 ____A C:\Windows\Tasks\AutoKMS.job
2012-06-03 16:25 - 2011-12-08 22:40 - 0000000 ____D C:\Users\All Users\Kaspersky Lab
2012-06-03 16:25 - 2011-05-20 02:17 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-06-03 16:25 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-03 16:21 - 2011-05-20 20:19 - 0000000 ____D C:\Users\Admin\AppData\Roaming\uTorrent
2012-06-03 16:13 - 2011-05-28 06:33 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-03 16:11 - 2012-04-06 05:05 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-03 15:33 - 2011-05-20 01:54 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-314909523-3652244483-1584276009-1000UA.job
2012-06-03 09:48 - 2011-05-27 21:35 - 0000000 ___HD C:\Users\Admin\Desktop\Torrent Trash
2012-06-03 08:23 - 2009-07-13 20:45 - 0025552 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-03 08:23 - 2009-07-13 20:45 - 0025552 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-03 08:17 - 2012-06-03 08:07 - 0000000 ____D C:\Users\All Users\RegRun
2012-06-03 08:17 - 2011-05-21 23:52 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Dropbox
2012-06-03 08:16 - 2012-06-03 08:16 - 0000248 ____A C:\Windows\SysWOW64\PARTIZAN.TXT
2012-06-03 08:16 - 2011-05-28 06:33 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-03 08:15 - 2012-06-03 08:15 - 0039184 ____A (Greatis Software) C:\Windows\System32\Partizan.exe
2012-06-03 08:14 - 2012-06-03 08:14 - 0279585 ____A C:\Users\Admin\Desktop\regrunlog.txt
2012-06-03 08:14 - 2012-06-03 08:05 - 0000000 ____D C:\Users\Admin\Documents\RegRun2
2012-06-03 08:05 - 2012-06-03 08:05 - 0000002 RASHOT C:\Windows\winstart.bat
2012-06-03 08:05 - 2012-06-03 08:05 - 0000002 RASHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2012-06-03 07:58 - 2012-06-03 07:57 - 0266580 ___AC C:\TDSSKiller.2.7.36.0_04.06.2012_01.57.26_log.txt
2012-06-03 07:51 - 2012-05-30 04:21 - 0000000 __SDC C:\32788R22FWJFW
2012-06-03 07:51 - 2009-07-13 21:08 - 0032616 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-03 07:45 - 2012-06-03 07:45 - 0001363 ____A C:\Users\Admin\Desktop\ComboFix.exe - Shortcut.lnk
2012-06-03 07:41 - 2012-06-03 07:41 - 0000332 ___AC C:\Start_.cmd
2012-06-03 06:04 - 2011-06-16 05:12 - 0283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-06-03 06:04 - 2011-06-15 21:23 - 0283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-06-03 06:04 - 2011-06-15 21:23 - 0280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-06-03 04:43 - 2011-09-27 04:44 - 0000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2012-06-03 03:56 - 2012-06-02 22:03 - 0112522 ____A C:\Users\Admin\Desktop\timetable.jpg
2012-06-03 03:56 - 2011-12-01 05:27 - 0411136 __ASH C:\Users\Admin\Desktop\Thumbs.db
2012-06-02 20:50 - 2012-06-02 20:48 - 4534467 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2012-06-02 20:43 - 2012-06-02 20:43 - 0000000 ___DC C:\Qoobox
2012-06-02 19:56 - 2011-12-01 05:55 - 0036448 ____A C:\Windows\PFRO.log
2012-06-02 08:10 - 2012-06-02 08:10 - 0000032 ____A C:\Windows\wininit.ini
2012-06-02 07:40 - 2012-01-11 06:09 - 0000000 __SHD C:\Users\Admin\AppData\Local\{2bbeba62-40d0-20a9-d47a-60888bcb72f6}
2012-06-02 07:22 - 2012-02-22 04:36 - 0000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2012-06-02 02:46 - 2012-04-19 23:02 - 0000000 ____D C:\users\UpdatusUser
2012-06-02 02:45 - 2011-05-19 22:42 - 0000000 ____D C:\users\Admin
2012-06-02 02:44 - 2012-06-01 20:10 - 0002392 ____A C:\Windows\System32\ASOROSet.bin
2012-06-02 02:44 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-06-02 02:44 - 2009-07-13 18:34 - 75497472 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-06-02 02:44 - 2009-07-13 18:34 - 21495808 ____A C:\Windows\System32\config\SYSTEM.bak
2012-06-02 02:44 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-06-02 02:43 - 2012-06-02 02:43 - 0013824 __ASH C:\Windows\System32\config\SYSTEM.sav.LOG1
2012-06-02 02:43 - 2012-06-02 02:43 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.sav.LOG2
2012-06-02 02:43 - 2012-06-02 02:43 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.sav.LOG2
2012-06-02 02:43 - 2012-06-02 02:43 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.sav.LOG1
2012-06-02 02:43 - 2012-06-02 02:43 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.sav.LOG2
2012-06-02 02:43 - 2012-06-02 02:43 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.sav.LOG1
2012-06-02 02:42 - 2012-06-02 02:42 - 0000000 __ASH C:\Windows\System32\config\SECURITY.sav.LOG2
2012-06-02 02:42 - 2012-06-02 02:42 - 0000000 __ASH C:\Windows\System32\config\SECURITY.sav.LOG1
2012-06-02 02:42 - 2012-06-02 02:42 - 0000000 __ASH C:\Windows\System32\config\SAM.sav.LOG2
2012-06-02 02:42 - 2012-06-02 02:42 - 0000000 __ASH C:\Windows\System32\config\SAM.sav.LOG1
2012-06-02 02:36 - 2009-07-13 18:34 - 5767168 ____A C:\Windows\System32\config\DEFAULT.bak
2012-06-02 02:36 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SAM.bak
2012-06-01 20:25 - 2012-05-23 05:34 - 0000000 ____D C:\Users\Admin\AppData\Local\Spotify
2012-06-01 20:25 - 2012-05-23 05:33 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Spotify
2012-06-01 20:10 - 2012-06-01 20:08 - 0000000 ____D C:\Windows\System32\config\RCCBakup
2012-06-01 20:08 - 2010-04-16 00:57 - 0000000 __RHD C:\Users\Admin\Desktop\quicklaunch toolbar
2012-06-01 20:06 - 2012-06-01 20:06 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Reviversoft
2012-06-01 19:59 - 2011-11-17 19:51 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-06-01 07:09 - 2011-05-20 19:37 - 0000000 ____D C:\Program Files (x86)\PS3 Media Server
2012-05-31 06:59 - 2011-11-06 18:50 - 0000000 ____D C:\Program Files (x86)\Steam
2012-05-31 05:08 - 2012-05-31 05:08 - 0061737 ____A C:\Users\Admin\Desktop\trojan.jpg
2012-05-31 04:53 - 2009-07-13 18:34 - 0442849 ____R C:\Windows\System32\Drivers\etc\hosts
2012-05-31 04:52 - 2012-05-31 04:52 - 0025951 ____A C:\Users\Admin\Desktop\dds report.txt
2012-05-31 04:52 - 2012-05-31 04:52 - 0000166 ____A C:\Users\Admin\Desktop\trojan location.txt
2012-05-31 04:43 - 2011-05-19 23:55 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-05-31 04:38 - 2012-05-31 04:38 - 0607260 ____R (Swearware) C:\Users\Admin\Desktop\dds.scr
2012-05-31 04:37 - 2012-05-31 04:37 - 0000000 ____A C:\Users\Admin\defogger_reenable
2012-05-31 04:33 - 2012-05-31 04:32 - 0000000 ____D C:\Users\Admin\Desktop\U
2012-05-31 04:18 - 2012-05-31 04:19 - 0607260 ____R (Swearware) C:\Users\Admin\Desktop\sfsf.scr
2012-05-31 03:37 - 2011-05-20 01:54 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-314909523-3652244483-1584276009-1000Core.job
2012-05-30 05:01 - 2012-05-30 05:01 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-05-30 05:01 - 2012-05-30 05:01 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2012-05-30 04:59 - 2012-05-30 04:23 - 0000000 ____D C:\Users\Admin\Desktop\New folder (2)
2012-05-30 04:59 - 2012-04-19 21:34 - 0000000 ____D C:\Program Files\Core Temp
2012-05-30 04:59 - 2011-09-23 08:26 - 0000000 ____D C:\Users\All Users\Origin
2012-05-30 04:59 - 2011-09-23 00:00 - 0000000 ____D C:\Windows\Minidump
2012-05-30 04:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-05-30 04:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-05-30 04:24 - 2012-05-29 20:08 - 0000000 ____D C:\Users\Admin\Desktop\statistics
2012-05-29 21:28 - 2012-05-29 21:28 - 0000972 ____A C:\Windows\System32\EvGr_Data{EED0054A-AA08-11E1-A4D9-806E6F6E6963}.dat
2012-05-29 21:28 - 2012-05-29 21:28 - 0000056 ____A C:\Windows\System32\RW_{EED0054A-AA08-11E1-A4D9-806E6F6E6963}.dat
2012-05-29 21:28 - 2012-02-17 09:12 - 1464350 ____A C:\Windows\System32\EvGr_Data{85182FFC-82AB-11E0-85F9-806E6F6E6963}.dat
2012-05-29 21:28 - 2012-02-17 09:12 - 0069232 ____A C:\Windows\System32\RW_FileType.dat
2012-05-29 21:28 - 2012-02-17 09:12 - 0039498 ____A C:\Windows\System32\RW_AppData.dat
2012-05-29 21:28 - 2012-02-17 09:12 - 0000878 ____A C:\Windows\System32\EvGr_Data{9FDF098D-EFC6-11E0-9058-1078D28F8DF8}.dat
2012-05-29 21:28 - 2012-02-17 09:12 - 0000576 ____A C:\Windows\System32\RW_FileFlag.dat
2012-05-29 21:28 - 2012-02-17 09:12 - 0000298 ____A C:\Windows\System32\EvGr_Data{0ECDBCAF-A585-11E0-9771-1078D28F8DF8}.dat
2012-05-29 21:28 - 2012-02-17 09:12 - 0000280 ____A C:\Windows\System32\RW_{9FDF098D-EFC6-11E0-9058-1078D28F8DF8}.dat
2012-05-29 21:28 - 2012-02-17 09:12 - 0000280 ____A C:\Windows\System32\RW_{9FDF0986-EFC6-11E0-9058-1078D28F8DF8}.dat
2012-05-29 21:28 - 2012-02-17 09:12 - 0000280 ____A C:\Windows\System32\RW_{85182FFC-82AB-11E0-85F9-806E6F6E6963}.dat
2012-05-29 21:28 - 2012-02-17 09:12 - 0000280 ____A C:\Windows\System32\RW_{85182FFB-82AB-11E0-85F9-806E6F6E6963}.dat
2012-05-29 21:28 - 2012-02-17 09:12 - 0000280 ____A C:\Windows\System32\RW_{0ECDBCB0-A585-11E0-9771-1078D28F8DF8}.dat
2012-05-29 21:28 - 2012-02-17 09:12 - 0000280 ____A C:\Windows\System32\RW_{0ECDBCAF-A585-11E0-9771-1078D28F8DF8}.dat
2012-05-29 21:28 - 2012-02-17 09:12 - 0000012 ____A C:\Windows\System32\EvGr_Data{9FDF0986-EFC6-11E0-9058-1078D28F8DF8}.dat
2012-05-29 21:28 - 2012-02-17 09:12 - 0000012 ____A C:\Windows\System32\EvGr_Data{85182FFB-82AB-11E0-85F9-806E6F6E6963}.dat
2012-05-29 21:28 - 2012-02-17 09:12 - 0000012 ____A C:\Windows\System32\EvGr_Data{0ECDBCB0-A585-11E0-9771-1078D28F8DF8}.dat
2012-05-29 21:28 - 2012-02-17 09:12 - 0000000 ____A C:\Windows\System32\AdmList.txt
2012-05-29 20:07 - 2012-05-29 20:07 - 0000000 ____D C:\Users\Admin\Desktop\New folder
2012-05-28 09:02 - 2012-01-11 06:07 - 0336314 ____N C:\Windows\Minidump\052912-11512-01.dmp
2012-05-28 06:51 - 2012-05-28 06:46 - 0000000 ____D C:\Users\All Users\Sony Corporation
2012-05-27 22:19 - 2012-05-27 22:19 - 1830400 ____A C:\Windows\SysWOW64\TabSvc.dll
2012-05-27 22:19 - 2012-05-27 22:19 - 0000406 ____A C:\Windows\SysWOW64\TabSvc.ocx
2012-05-27 19:18 - 2012-05-09 18:45 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Binreader
2012-05-27 17:05 - 2011-12-15 20:12 - 0034816 ____A C:\Users\Admin\Desktop\resume.doc
2012-05-27 01:03 - 2011-12-07 06:58 - 0000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2012-05-26 23:14 - 2012-05-26 23:14 - 0058059 ____A C:\Users\Admin\Desktop\33.jpg
2012-05-26 19:14 - 2012-05-26 19:14 - 0000000 ____D C:\Users\Admin\AppData\Local\{E8B02FE7-1788-4EFD-9077-5F7F76603DDE}
2012-05-26 19:14 - 2012-05-26 19:14 - 0000000 ____D C:\Users\Admin\AppData\Local\{5F5FEB92-3EFB-4D52-96F4-5E0D238DAA21}
2012-05-26 19:14 - 2011-05-20 23:50 - 0000000 ____D C:\Users\Admin\AppData\Local\Windows Live
2012-05-26 01:44 - 2012-05-26 01:44 - 0000000 ____D C:\Users\Admin\AppData\Local\{CFBFD374-C2B0-427F-8F51-8812FEEA4514}
2012-05-26 01:44 - 2012-05-26 01:44 - 0000000 ____D C:\Users\Admin\AppData\Local\{C8380F6E-5629-4C4C-936A-5A335C098021}
2012-05-23 15:52 - 2012-05-23 15:52 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-05-23 15:52 - 2012-05-23 15:52 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-23 15:52 - 2011-05-21 00:01 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-23 05:34 - 2012-05-23 05:34 - 0001807 ____A C:\Users\Admin\Desktop\Spotify.lnk
2012-05-20 20:57 - 2012-05-20 20:57 - 0000000 ____D C:\Users\Admin\AppData\Local\{82F1EE31-E825-4588-B8BE-99D515986E20}
2012-05-20 20:57 - 2012-05-20 20:56 - 0000000 ____D C:\Users\Admin\AppData\Local\{17C73AF5-9103-4C21-93CA-BED3FBD9D43E}
2012-05-20 03:03 - 2011-06-05 19:48 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2012-05-14 09:57 - 2012-05-14 09:57 - 0001652 ____A C:\Windows\System32\EvGr_Data{40FCFF4A-9D56-11E1-A060-806E6F6E6963}.dat
2012-05-14 09:57 - 2012-05-14 09:57 - 0000056 ____A C:\Windows\System32\RW_{B4F6CD5E-915A-11E0-85C8-1078D28F8DF8}.dat
2012-05-14 09:57 - 2012-05-14 09:57 - 0000056 ____A C:\Windows\System32\RW_{40FCFF4A-9D56-11E1-A060-806E6F6E6963}.dat
2012-05-14 09:57 - 2012-05-14 09:57 - 0000012 ____A C:\Windows\System32\EvGr_Data{B4F6CD5E-915A-11E0-85C8-1078D28F8DF8}.dat
2012-05-14 09:57 - 2012-02-17 09:12 - 0010460 ___AC C:\config.xml
2012-05-13 00:11 - 2012-05-13 00:10 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Real
2012-05-13 00:10 - 2012-05-13 00:10 - 0006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-05-13 00:10 - 2012-05-13 00:10 - 0005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-05-13 00:10 - 2012-05-13 00:10 - 0001302 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-05-13 00:10 - 2012-05-13 00:10 - 0000000 ____D C:\Users\All Users\Real
2012-05-13 00:10 - 2012-05-13 00:10 - 0000000 ____D C:\Program Files (x86)\Real
2012-05-13 00:10 - 2010-09-13 21:47 - 0198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-05-13 00:10 - 2003-03-18 04:14 - 0499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-05-13 00:10 - 2003-02-20 11:42 - 0348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-05-13 00:09 - 2012-05-13 00:09 - 0000000 ____D C:\Users\Admin\New folder
2012-05-12 06:19 - 2012-05-12 06:19 - 0000000 ____D C:\Users\Admin\Documents\My Games
2012-05-10 22:31 - 2012-05-10 22:31 - 0000000 ____D C:\Users\Admin\AppData\Local\{A2FCDE38-DB6D-4E7A-A7BB-62B3C2D4EAA9}
2012-05-10 22:31 - 2012-05-10 22:31 - 0000000 ____D C:\Users\Admin\AppData\Local\{70C93EC1-CD51-40D6-9034-C64ED19A1125}
2012-05-10 03:02 - 2009-07-13 20:45 - 2293624 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-09 22:26 - 2011-05-20 21:04 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-09 22:25 - 2011-07-13 05:30 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-09 22:25 - 2009-07-13 21:13 - 0737226 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-09 02:30 - 2012-05-09 02:28 - 0000000 ____D C:\Users\Admin\Documents\GrabIt Downloads
2012-05-09 02:27 - 2012-05-09 02:26 - 0000000 ____D C:\Users\Admin\AppData\Roaming\GrabIt
2012-05-08 06:11 - 2012-05-08 06:11 - 0000248 ____A C:\Users\Admin\Desktop\fs.txt
2012-05-07 22:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-05-06 06:58 - 2012-05-06 06:58 - 0000428 ____A C:\Windows\System32\EvGr_Data{8D23FB09-971E-11E1-92A9-806E6F6E6963}.dat
2012-05-06 06:58 - 2012-05-06 06:58 - 0000056 ____A C:\Windows\System32\RW_{8D23FB09-971E-11E1-92A9-806E6F6E6963}.dat
2012-05-06 04:21 - 2011-05-30 21:38 - 0000000 ____D C:\Users\Admin\AppData\Local\MPlayer
2012-05-06 02:48 - 2012-05-06 02:48 - 0726016 ____A (Igor Pavlov) C:\Windows\SysWOW64\7z.dll
2012-05-06 02:48 - 2012-05-06 02:48 - 0000947 ____A C:\Users\Public\Desktop\Xilisoft Video Converter Ultimate.lnk
2012-05-06 02:48 - 2012-05-06 02:48 - 0000000 ____D C:\Users\All Users\Xilisoft
2012-05-06 02:47 - 2012-05-31 04:53 - 0442849 ____A C:\Windows\System32\Drivers\etc\hosts.20120531-225320.backup
2012-05-06 02:28 - 2012-05-06 02:26 - 0000000 ____D C:\Users\Admin\Documents\Any Video Converter Professional
2012-05-06 02:26 - 2012-05-06 02:26 - 0000000 ____D C:\Users\Admin\AppData\Roaming\AnvSoft
2012-05-06 02:26 - 2011-05-20 01:42 - 0080368 ____A C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-06 00:08 - 2012-05-06 00:08 - 0000000 ____D C:\Users\Admin\Documents\Aiseesoft Studio
2012-05-05 19:11 - 2012-04-06 05:11 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-05 19:11 - 2012-04-06 05:05 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-05 19:11 - 2011-06-24 06:30 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-05 17:33 - 2012-05-05 17:32 - 0000000 ____D C:\Users\Admin\AppData\Local\{ED221BA4-E953-40D1-AC55-5BE86014F299}
2012-05-05 17:32 - 2012-05-05 17:32 - 0000000 ____D C:\Users\Admin\AppData\Local\{DB2212CD-6CD8-478D-B605-FD42CF530655}
2012-05-04 20:17 - 2012-05-04 20:17 - 0000000 ____D C:\Users\Admin\AppData\Local\{7EB2712E-4E63-411B-82C2-0F4167774BC6}
2012-05-04 20:17 - 2012-05-04 20:17 - 0000000 ____D C:\Users\Admin\AppData\Local\{7D225B63-C811-4451-ADBF-4D04658EFCC1}
2012-05-04 08:17 - 2012-05-04 08:16 - 0000000 ____D C:\Users\Admin\AppData\Local\{3AD0758D-89AD-4197-BF6A-C1F9C68548AE}
2012-05-04 08:16 - 2012-05-04 08:16 - 0000000 ____D C:\Users\Admin\AppData\Local\{558E1C5F-59FB-423B-8849-49A33D6127FB}
2012-05-04 06:14 - 2012-05-04 06:14 - 0000690 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-05-04 05:23 - 2011-12-01 22:55 - 0000000 ____D C:\Users\Admin\Documents\StarCraft II
2012-05-03 20:16 - 2012-05-03 20:16 - 0000000 ____D C:\Users\Admin\AppData\Local\{5C59A275-7460-4FB7-AD3D-70E455A1D5CA}
2012-05-03 20:16 - 2012-05-03 20:16 - 0000000 ____D C:\Users\Admin\AppData\Local\{3CB6E800-9E24-4866-BF4F-AF34785B48EE}
2012-05-03 20:05 - 2012-05-03 20:05 - 0000000 ____D C:\Program Files (x86)\Oracle
2012-05-03 20:05 - 2012-04-10 21:59 - 0174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-03 20:05 - 2012-04-10 21:59 - 0174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-03 20:05 - 2011-05-20 19:38 - 0000000 ____D C:\Program Files (x86)\Java
2012-05-03 20:05 - 2011-05-19 22:42 - 0000000 ____D C:\Users\Admin\AppData\LocalLow
2012-05-03 08:16 - 2012-05-03 08:15 - 0000000 ____D C:\Users\Admin\AppData\Local\{81563C9F-DA41-4182-BCD3-85FAB7D3A037}
2012-05-03 08:15 - 2012-05-03 08:15 - 0000000 ____D C:\Users\Admin\AppData\Local\{6CDD800F-61B8-4256-932A-FCBC223FE818}
2012-05-03 07:36 - 2012-05-03 07:36 - 0000000 ____D C:\Users\Admin\Documents\TVTrigger Downloads
2012-05-03 07:35 - 2012-05-03 07:35 - 0000762 ____A C:\Users\Public\Desktop\TVTrigger.lnk
2012-05-03 07:35 - 2012-05-03 07:35 - 0000000 ____D C:\Users\All Users\8ySeven
2012-05-02 05:16 - 2012-05-02 05:16 - 0000000 ____D C:\Users\Admin\Documents\ted
2012-05-01 18:27 - 2012-05-01 18:27 - 0000341 ____A C:\Users\Admin\Desktop\66.txt
2012-05-01 18:03 - 2012-05-01 18:03 - 0000000 ____D C:\Users\Admin\AppData\Local\{246E1C4C-4D83-45D4-9DBE-2929F90086AF}
2012-05-01 18:03 - 2012-05-01 18:03 - 0000000 ____D C:\Users\Admin\AppData\Local\{21246022-A213-4752-90C1-E04CCEC0C0EE}
2012-05-01 18:02 - 2011-12-12 21:54 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-05-01 08:31 - 2012-05-01 08:30 - 0000000 ____D C:\Users\Admin\AppData\Local\{6758554E-E6F2-4BEF-B587-01085E4A3644}
2012-04-30 07:33 - 2012-04-30 07:33 - 0000740 ____A C:\Users\Admin\Desktop\MediaCoder x64.lnk
2012-04-30 07:33 - 2012-04-30 07:33 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Broad Intelligence
2012-04-29 06:56 - 2011-12-10 20:52 - 0000000 ____D C:\Users\Admin\dwhelper
2012-04-19 23:02 - 2012-04-19 23:02 - 0000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-04-19 23:02 - 2012-04-19 23:02 - 0000000 __SHD C:\Users\UpdatusUser\Templates
2012-04-19 23:02 - 2012-04-19 23:02 - 0000000 __SHD C:\Users\UpdatusUser\Start Menu
2012-04-19 23:02 - 2012-04-19 23:02 - 0000000 __SHD C:\Users\UpdatusUser\PrintHood
2012-04-19 23:02 - 2012-04-19 23:02 - 0000000 __SHD C:\Users\UpdatusUser\NetHood
2012-04-19 23:02 - 2012-04-19 23:02 - 0000000 __SHD C:\Users\UpdatusUser\My Documents
2012-04-19 23:02 - 2012-04-19 23:02 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Videos
2012-04-19 23:02 - 2012-04-19 23:02 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Pictures
2012-04-19 23:02 - 2012-04-19 23:02 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Music
2012-04-19 23:02 - 2012-04-19 23:02 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\Temporary Internet Files
2012-04-19 23:02 - 2012-04-19 23:02 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\History
2012-04-19 23:02 - 2012-04-19 23:02 - 0000000 ____D C:\Users\UpdatusUser\AppData\LocalLow
2012-04-19 23:02 - 2011-05-20 02:17 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-04-19 23:02 - 2011-05-20 02:16 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2012-04-19 22:55 - 2012-03-14 03:59 - 0000000 ___DC C:\NVIDIA
2012-04-19 22:53 - 2012-04-19 22:53 - 0000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-04-19 21:27 - 2012-04-19 21:27 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Xilisoft
2012-04-19 20:22 - 2012-04-19 20:15 - 0000000 ____D C:\Program Files (x86)\AviSynth 2.5
2012-04-19 20:15 - 2012-04-19 20:15 - 0000000 ____D C:\Users\Admin\AppData\Local\Geckofx
2012-04-18 01:29 - 2012-01-11 06:07 - 0318482 ____N C:\Windows\Minidump\041812-11481-01.dmp
2012-04-17 22:10 - 2011-06-16 06:03 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-04-17 22:09 - 2012-04-17 22:09 - 0000000 ___DC C:\ProcAlyzer Dumps
2012-04-15 00:16 - 2012-03-04 02:26 - 0006148 __AHC C:\.DS_Store
2012-04-11 20:49 - 2012-04-11 20:48 - 0000000 ____D C:\Users\Admin\AppData\Local\{5F9A37D4-8AF5-4834-BC01-51DE55C4431C}
2012-04-09 17:38 - 2012-04-09 17:38 - 0000000 ____D C:\Users\Admin\AppData\Local\{FA250B3F-F75A-47F2-83B5-4F6B4C773EDD}
2012-04-09 17:38 - 2012-04-09 17:38 - 0000000 ____D C:\Users\Admin\AppData\Local\{56415EFA-E6F0-4DEE-BA71-8FF68AC9ACA9}
2012-04-08 09:00 - 2012-04-08 09:00 - 0000763 ____A C:\Users\Admin\Desktop\Videos - Shortcut.lnk
2012-04-07 20:57 - 2012-04-07 20:57 - 0000000 ____D C:\Users\Admin\AppData\Local\{A6C2C410-8E59-4239-B774-6B014C815BFC}
2012-04-07 19:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\ModemLogs
2012-04-07 08:36 - 2012-04-07 08:36 - 0000819 ____A C:\Users\Admin\Desktop\Dropbox - Shortcut.lnk
2012-04-07 08:24 - 2012-04-07 08:23 - 0000000 ____D C:\Users\Admin\AppData\Local\{E2EE7BBB-B473-4B84-AFCC-6A090A012CCB}
2012-04-07 08:23 - 2012-04-07 08:23 - 0001242 ____A C:\Users\Admin\Desktop\best of tumblr - Shortcut.lnk
2012-04-07 08:10 - 2012-04-07 08:10 - 0000000 __HDC C:\Users\All Users\{3FEE7452-4825-40BC-8A99-94EF27F43EE8}
2012-04-07 08:10 - 2012-04-07 08:10 - 0000000 ____D C:\Users\All Users\Stardock
2012-04-07 08:10 - 2012-04-07 08:10 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Stardock
2012-04-07 08:10 - 2012-04-07 08:10 - 0000000 ____D C:\Program Files\Stardock
2012-04-07 08:09 - 2012-04-07 08:09 - 0000000 ____D C:\Users\Admin\AppData\Local\PackageAware
2012-04-06 19:32 - 2011-08-10 00:29 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Apple Computer
2012-04-06 19:31 - 2012-04-06 19:31 - 0000000 ____D C:\Program Files\iTunes
2012-04-06 19:31 - 2012-04-06 19:31 - 0000000 ____D C:\Program Files\iPod
2012-04-06 19:31 - 2012-04-06 19:31 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-04-06 19:31 - 2012-04-06 19:31 - 0000000 ____D C:\Program Files\Bonjour
2012-04-06 19:31 - 2012-04-06 19:31 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-04-06 19:31 - 2011-08-10 00:28 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-04-06 19:31 - 2011-08-10 00:28 - 0000000 ____D C:\Users\All Users\Apple
2012-04-06 19:24 - 2012-04-06 19:23 - 0000000 ____D C:\Users\Admin\AppData\Local\{BB6717F7-EB21-4D3A-A234-765B6AC0F686}
2012-04-06 00:13 - 2012-04-06 00:13 - 0000000 ____D C:\Users\Admin\AppData\Local\{1C5924BE-5CEB-4FFE-9B8E-DE29EEA7647A}
2012-04-04 00:47 - 2012-05-03 20:05 - 0227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-04-04 00:47 - 2012-01-28 16:40 - 0772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2012-04-04 00:47 - 2011-05-20 19:39 - 0687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-04-03 21:56 - 2012-05-30 05:01 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 19:11 - 2012-04-03 19:11 - 0000000 ____D C:\Users\Admin\AppData\Local\{2DDDC05D-D248-4F06-8320-D4CFA46F51AA}
2012-04-03 09:18 - 2012-04-19 23:01 - 0068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-04-03 09:18 - 2012-04-19 23:01 - 0061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-04-03 09:18 - 2012-04-19 22:59 - 8138048 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-04-03 09:18 - 2012-04-19 22:59 - 8029504 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-04-03 09:18 - 2012-04-19 22:59 - 5981504 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-04-03 09:18 - 2012-04-19 22:59 - 2881344 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-04-03 09:18 - 2012-04-19 22:59 - 2740544 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-04-03 09:18 - 2012-04-19 22:59 - 2681152 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-04-03 09:18 - 2012-04-19 22:59 - 25720128 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-04-03 09:18 - 2012-04-19 22:59 - 2524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-04-03 09:18 - 2012-04-19 22:59 - 25246528 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-04-03 09:18 - 2012-04-19 22:59 - 2444608 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-04-03 09:18 - 2012-04-19 22:59 - 2367808 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-04-03 09:18 - 2012-04-19 22:59 - 19584320 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-04-03 09:18 - 2012-04-19 22:59 - 17984320 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-04-03 09:18 - 2012-04-19 22:59 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-04-03 09:18 - 2012-04-19 22:59 - 1738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-04-03 09:18 - 2012-04-19 22:59 - 15279424 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-04-03 09:18 - 2012-04-19 22:59 - 1466176 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-04-03 09:18 - 2012-04-19 22:59 - 14291264 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-04-03 09:18 - 2012-04-19 22:59 - 10102592 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-04-03 09:18 - 2012-04-19 22:59 - 0948544 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2012-04-03 09:18 - 2012-04-19 22:59 - 0818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-04-03 09:18 - 2012-04-19 22:59 - 0364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
2012-04-03 09:18 - 2012-04-19 22:59 - 0301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
2012-04-03 09:18 - 2012-04-19 22:59 - 0246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-04-03 09:18 - 2012-04-19 22:59 - 0202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-04-03 09:18 - 2012-04-19 22:59 - 0014252 ____A C:\Windows\System32\nvinfo.pb
2012-04-03 05:19 - 2012-04-19 23:01 - 2553991 ____A C:\Windows\System32\nvcoproc.bin
2012-04-03 05:19 - 2012-04-19 22:54 - 3149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-04-03 05:19 - 2012-04-19 22:54 - 0889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-04-03 05:19 - 2012-04-19 22:54 - 0118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-04-03 05:19 - 2012-04-19 22:54 - 0063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-04-03 05:19 - 2011-04-07 05:19 - 2561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2012-04-03 05:15 - 2012-04-19 22:54 - 6122816 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-04-03 04:46 - 2012-04-03 04:46 - 0000000 ____D C:\Users\Admin\AppData\Local\{9C1CB06F-0114-4C5C-A016-16CD52F2080A}
2012-04-03 04:46 - 2012-04-03 04:45 - 0000000 ____D C:\Users\Admin\AppData\Local\{D9759358-9C8B-4407-BF5D-FC4DA1C2F60C}
2012-04-02 16:45 - 2012-04-02 16:45 - 0000000 ____D C:\Users\Admin\AppData\Local\{17B243A4-556C-4ECE-B67D-0C05E06C6946}
2012-04-02 13:16 - 2012-04-02 13:16 - 0423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-04-02 03:22 - 2012-04-02 03:21 - 0000000 ____D C:\Users\Admin\AppData\Local\{A2008477-39A1-4D9D-BD38-CF6922A93A43}
2012-04-02 03:22 - 2012-04-01 15:21 - 0000000 ____D C:\Users\Admin\AppData\Local\{DD097435-F761-42FE-8954-8FBA17842915}
2012-04-01 15:22 - 2012-04-01 04:50 - 0000000 ____D C:\Users\Admin\AppData\Local\ESN Sonar
2012-04-01 15:21 - 2012-04-01 15:21 - 0000000 ____D C:\Users\Admin\AppData\Local\{D3B30A30-E649-4432-BC8A-2A2669C65F3C}
2012-03-31 19:29 - 2012-03-31 19:29 - 0000000 ____D C:\Users\Admin\AppData\Local\{1E512B5F-688B-4181-81BB-65A66365CC5B}
2012-03-30 22:05 - 2012-05-09 18:29 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 21:22 - 2012-03-30 21:22 - 0000000 ____D C:\Users\Admin\AppData\Local\{8D686422-5DEB-4AF3-9ACA-1F8B03340FB7}
2012-03-30 20:39 - 2012-05-09 18:29 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-09 18:29 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-09 18:29 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-09 18:29 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 23:06 - 2012-03-22 06:58 - 0000783 ____A C:\Users\Admin\AppData\Roaming\MPQEditor.ini
2012-03-29 19:59 - 2012-03-29 19:59 - 0000000 ____D C:\Users\Admin\AppData\Local\{10C36790-CCEE-42D0-8F07-631F54B96B36}
2012-03-29 07:59 - 2012-03-29 07:58 - 0000000 ____D C:\Users\Admin\AppData\Local\{2D03B77E-C248-4978-A0F7-2EFFB6AE967A}
2012-03-27 22:10 - 2011-12-05 02:21 - 0000000 ____D C:\Program Files (x86)\StarCraft II
2012-03-27 17:36 - 2012-04-20 00:09 - 2421760 ____A (www.joejoesoft.com) C:\Users\Admin\Desktop\RenameMaster.exe
2012-03-27 05:47 - 2012-01-11 06:07 - 0304882 ____N C:\Windows\Minidump\032712-10046-01.dmp
2012-03-26 21:01 - 2012-03-26 21:01 - 0000000 ____D C:\Users\Admin\AppData\Local\{3C4936C5-7315-436D-93B9-676623CAFADF}
2012-03-26 21:01 - 2012-03-26 21:00 - 0000000 ____D C:\Users\Admin\AppData\Local\{1F2BDAF0-3EBF-41EB-85F7-A193A3407CE4}
2012-03-26 08:11 - 2012-03-26 08:11 - 0000000 ____D C:\Users\Admin\AppData\Local\{DFF4DD0C-56FC-4A85-A205-ED52A6849AB9}
2012-03-26 08:11 - 2012-03-26 08:10 - 0000000 ____D C:\Users\Admin\AppData\Local\{0ED4003F-35CE-43C7-BB80-5A02E58A4ACA}
2012-03-24 18:27 - 2012-03-24 18:27 - 0000000 ____D C:\Users\Admin\AppData\Local\{EA67DAE0-DE9C-4A05-A4CD-558345A91169}
2012-03-24 18:27 - 2012-03-24 18:27 - 0000000 ____D C:\Users\Admin\AppData\Local\{9468E43D-D80E-4419-99EA-F213A6F793CB}
2012-03-23 21:20 - 2012-03-23 21:20 - 0000000 ____D C:\Users\Admin\AppData\Local\{68705B25-419E-4DB0-B48E-6208C75248F4}
2012-03-23 21:20 - 2012-03-23 21:20 - 0000000 ____D C:\Users\Admin\AppData\Local\{64DFE97C-ABB0-4000-8D09-95C0B227A0F7}
2012-03-22 20:02 - 2012-03-22 20:02 - 0000000 ____D C:\Users\Admin\AppData\Local\{9D9F18AE-7DFF-4493-9D18-CAFD93C9EDF0}
2012-03-22 20:02 - 2012-03-22 20:01 - 0000000 ____D C:\Users\Admin\AppData\Local\{C4DF7D72-32EF-4258-984A-F5321CDC7954}
2012-03-22 11:12 - 2012-03-22 11:12 - 4435968 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2012-03-21 22:47 - 2012-03-21 22:47 - 0000000 ____D C:\Users\Admin\AppData\Local\{317F98C1-5570-46DE-9B9A-29CBFBF54FEE}
2012-03-21 22:47 - 2012-03-21 22:46 - 0000000 ____D C:\Users\Admin\AppData\Local\{E9184039-37B9-4DF8-B626-72BE640BFB6F}
2012-03-21 06:51 - 2012-03-16 20:58 - 0000000 ____D C:\Users\Admin\Documents\SelfMV
2012-03-20 21:41 - 2012-01-28 16:48 - 0000000 ____D C:\Users\All Users\TVersity
2012-03-20 21:40 - 2012-01-11 06:07 - 0304690 ____N C:\Windows\Minidump\032112-12682-01.dmp
2012-03-20 16:38 - 2012-03-20 16:38 - 0000000 ____D C:\Users\Admin\AppData\Local\{92880EC1-3D4D-48A9-B4BC-47BB012A219F}
2012-03-20 16:38 - 2012-03-20 16:38 - 0000000 ____D C:\Users\Admin\AppData\Local\{22A16CA5-467C-40CA-AADC-4DA0E8C4342D}
2012-03-20 16:38 - 2012-03-20 16:37 - 0000000 ____D C:\Users\Admin\AppData\Local\{632AA4CE-CA7E-4590-9822-8E83B04B4081}
2012-03-20 16:37 - 2012-03-20 16:37 - 0000000 ____D C:\Users\Admin\AppData\Local\{CEC8C7EE-67C9-4CDB-BDAC-B7ECFBCFE4C9}
2012-03-20 05:27 - 2012-03-20 05:27 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-03-19 21:37 - 2012-03-19 21:37 - 0000000 ____D C:\Users\Admin\AppData\Local\{F319E988-2397-4F92-82EF-25D68830B091}
2012-03-19 21:37 - 2012-03-19 21:37 - 0000000 ____D C:\Users\Admin\AppData\Local\{27FBBA63-9A98-48E0-9704-FDD0CB33F4C6}
2012-03-19 21:37 - 2012-03-19 21:37 - 0000000 ____D C:\Users\Admin\AppData\Local\{23C16A65-29D1-4D6A-8370-BEF1DC29DB93}
2012-03-19 21:37 - 2012-03-19 21:36 - 0000000 ____D C:\Users\Admin\AppData\Local\{FE02260E-DB09-422C-975A-F96361AA9318}
2012-03-18 23:38 - 2012-03-18 23:37 - 0000000 ____D C:\Users\Admin\AppData\Local\{4AE55668-B027-4D9B-AFD5-773CCA9C618C}
2012-03-18 23:37 - 2012-03-18 23:37 - 0000000 ____D C:\Users\Admin\AppData\Local\{E7BD787D-9EA1-4A9D-ACBB-FA4918B8C80E}
2012-03-18 04:39 - 2012-03-18 04:39 - 0001555 ____A C:\Users\Admin\Desktop\Tributes.lnk
2012-03-17 22:01 - 2012-03-17 22:01 - 0000788 ____A C:\Windows\System32\EvGr_Data{D7515AD3-6F52-11E1-A5D2-806E6F6E6963}.dat
2012-03-17 22:01 - 2012-03-17 22:01 - 0000056 ____A C:\Windows\System32\RW_{D7515AD3-6F52-11E1-A5D2-806E6F6E6963}.dat
2012-03-17 20:43 - 2012-03-17 20:43 - 0000000 ____D C:\Users\Admin\AppData\Local\{30835EE6-7C01-4838-87B0-83966931E728}
2012-03-17 20:43 - 2012-03-17 20:43 - 0000000 ____D C:\Users\Admin\AppData\Local\{04E4CEA3-9944-4086-B48C-E14CFE965587}
2012-03-17 08:33 - 2012-03-17 08:33 - 0000000 ____D C:\Users\Admin\AppData\Local\{F8A82634-20ED-46FB-9E1C-03E97EFCDF35}
2012-03-17 08:33 - 2012-03-17 08:33 - 0000000 ____D C:\Users\Admin\AppData\Local\{C5C66B41-69D4-44EF-BB42-151F50C857A3}
2012-03-16 23:58 - 2012-05-09 18:29 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-14 04:48 - 2012-03-14 04:48 - 0000000 ____D C:\Users\Public\Documents\Shared Books
2012-03-12 04:19 - 2012-03-12 04:19 - 0000000 ____D C:\Users\Admin\AppData\Local\{4EED46AD-15AF-4991-A60D-B59D6ACE6335}
2012-03-12 04:19 - 2012-03-12 04:18 - 0000000 ____D C:\Users\Admin\AppData\Local\{C024666D-DA00-4AB1-B899-4D687BB65370}
2012-03-11 16:01 - 2012-03-11 16:01 - 0000000 ____D C:\Users\Admin\AppData\Local\{EBA404DC-2FF4-4428-96B4-543B4D0E1056}
2012-03-11 16:01 - 2012-03-11 16:00 - 0000000 ____D C:\Users\Admin\AppData\Local\{F754B1C4-8853-4C81-B232-12A47A0D9437}
2012-03-10 21:00 - 2012-03-10 21:00 - 0000000 ____D C:\Users\Admin\AppData\Local\{9F59B581-CE32-4EFE-82CD-24509476E7ED}
2012-03-10 21:00 - 2012-03-10 20:59 - 0000000 ____D C:\Users\Admin\AppData\Local\{CD68F5C7-4203-4A68-8A1A-DA92513EEECD}
2012-03-08 21:58 - 2012-03-08 21:58 - 0000000 ____D C:\Users\Admin\AppData\Local\{B3241BA2-2176-4445-8E9F-8502782EABA7}
2012-03-08 21:58 - 2012-03-08 21:58 - 0000000 ____D C:\Users\Admin\AppData\Local\{4F10C787-1BDC-4E51-BFBF-5DCEA6EC6B3C}
2012-03-08 21:58 - 2012-03-08 21:57 - 0000000 ____D C:\Users\Admin\AppData\Local\{B94400B6-C38B-48AC-9E6F-AD3E409A82AC}
2012-03-08 21:57 - 2012-03-08 21:57 - 0000000 ____D C:\Users\Admin\AppData\Local\{C47E3AA7-4627-42E2-88B4-1AA60EDA128F}
2012-03-08 00:50 - 2012-03-08 00:50 - 0049016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sirenacm.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 7%
Total physical RAM: 16366.63 MB
Available physical RAM: 15191.69 MB
Total Pagefile: 16364.78 MB
Available Pagefile: 15189.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive b: (Videos) (Fixed) (Total:488.28 GB) (Free:393.11 GB) NTFS
2 Drive c: () (Fixed) (Total:111.69 GB) (Free:44.91 GB) NTFS
3 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive e: (New Volume) (Fixed) (Total:902.21 GB) (Free:130.03 GB) NTFS
5 Drive g: (GRMCPRXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
6 Drive h: (PENDRIVE) (Removable) (Total:1.92 GB) (Free:1.91 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (New Volume) (Fixed) (Total:29.3 GB) (Free:29.21 GB) NTFS
9 Drive z: (Games & Videos) (Fixed) (Total:443.23 GB) (Free:49.78 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 1024 KB
Disk 1 Online 111 GB 0 B
Disk 2 Online 931 GB 2048 KB *
Disk 3 Online 1967 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 29 GB 1024 KB
Partition 2 Primary 902 GB 29 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 Y New Volume NTFS Partition 29 GB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E New Volume NTFS Partition 902 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 111 GB 101 MB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 D System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 C NTFS Partition 111 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Dynamic Data 931 GB 31 KB

======================================================================================================

Disk: 2
Partition 1
Type : 42
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1966 MB 16 KB

======================================================================================================

Disk: 3
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 H PENDRIVE FAT32 Removable 1966 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-28 09:42

======================= End Of Log ==========================

Attached Files

  • Attached File  FRST.txt   55.16KB   3 downloads

Edited by RPMcMurphy, 03 June 2012 - 08:31 PM.


#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 PM

Posted 03 June 2012 - 09:15 PM

Please do this next:

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

C:\Windows\Installer\{2bbeba62-40d0-20a9-d47a-60888bcb72f6}
2012-06-02 07:40 - 2012-01-11 06:09 - 0000000 __SHD C:\Users\Admin\AppData\Local\{2bbeba62-40d0-20a9-d47a-60888bcb72f6}
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options again.

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 vox1

vox1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 04 June 2012 - 12:21 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 03-06-2012
Ran by SYSTEM at 2012-06-04 15:19:20 Run:1
Running from H:\

==============================================

C:\Windows\Installer\{2bbeba62-40d0-20a9-d47a-60888bcb72f6} moved successfully.
C:\Users\Admin\AppData\Local\{2bbeba62-40d0-20a9-d47a-60888bcb72f6} moved successfully.

==== End of Fixlog ====

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 PM

Posted 04 June 2012 - 10:47 AM

Hi,

Please try running ComboFix again. Post the log when it completes, or let me know if it still doesn't run.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 vox1

vox1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 04 June 2012 - 08:47 PM

ComboFix 12-06-04.02 - Admin 05/06/2012 11:36:11.1.8 - x64
Running from: c:\users\Admin\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1305955144.bdinstall.bin
c:\programdata\1314278812.bdinstall.bin
c:\programdata\1314547842.bdinstall.bin
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-05 to 2012-06-05 )))))))))))))))))))))))))))))))
.
.
2012-06-05 01:41 . 2012-06-05 01:41 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-04 18:33 . 2012-06-04 18:34 -------- dc----w- C:\FRST
2012-06-03 16:15 . 2012-06-03 16:15 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-06-03 16:07 . 2012-06-03 16:17 -------- d-----w- c:\programdata\RegRun
2012-06-03 16:05 . 2012-06-03 16:05 2 --shatr- c:\windows\winstart.bat
2012-06-02 04:10 . 2012-06-02 10:44 2392 ----a-w- c:\windows\system32\ASOROSet.bin
2012-06-02 04:06 . 2012-06-02 04:06 -------- d-----w- c:\users\Admin\AppData\Roaming\Reviversoft
2012-06-02 04:06 . 2011-01-22 05:33 18240 ----a-w- c:\windows\system32\roboot64.exe
2012-05-30 13:01 . 2012-05-30 13:01 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2012-05-30 13:01 . 2012-05-30 13:01 -------- d-----w- c:\programdata\Malwarebytes
2012-05-30 13:01 . 2012-04-04 05:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-28 14:46 . 2012-05-28 14:51 -------- d-----w- c:\programdata\Sony Corporation
2012-05-28 06:19 . 2012-05-28 06:19 1830400 ----a-w- c:\windows\SysWow64\TabSvc.dll
2012-05-23 23:52 . 2012-05-23 23:52 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-05-23 23:52 . 2012-05-23 23:52 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-23 13:34 . 2012-06-02 04:25 -------- d-----w- c:\users\Admin\AppData\Local\Spotify
2012-05-23 13:33 . 2012-06-02 04:25 -------- d-----w- c:\users\Admin\AppData\Roaming\Spotify
2012-05-13 08:10 . 2012-05-13 08:10 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-05-13 08:10 . 2012-05-13 08:10 -------- d-----w- c:\program files (x86)\Real
2012-05-13 08:09 . 2012-05-13 08:09 -------- d-----w- c:\users\Admin\New folder
2012-05-10 02:45 . 2012-05-28 03:18 -------- d-----w- c:\users\Admin\AppData\Roaming\Binreader
2012-05-10 02:29 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 02:29 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 02:29 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 02:29 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 02:29 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 02:29 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 02:29 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 02:29 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 02:29 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 02:29 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 10:26 . 2012-05-09 10:27 -------- d-----w- c:\users\Admin\AppData\Roaming\GrabIt
2012-05-06 10:48 . 2012-05-06 10:48 726016 ----a-w- c:\windows\SysWow64\7z.dll
2012-05-06 10:48 . 2012-05-06 10:48 -------- d-----w- c:\programdata\Xilisoft
2012-05-06 10:26 . 2012-05-06 10:26 -------- d-----w- c:\users\Admin\AppData\Roaming\AnvSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-05 01:42 . 2011-12-16 14:18 78848 ----a-w- c:\windows\KMSEmulator.exe
2012-06-04 01:18 . 2011-06-16 13:12 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-06-04 01:18 . 2011-06-16 05:23 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-06-04 01:18 . 2011-06-16 05:23 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-13 08:10 . 2003-03-18 12:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-13 08:10 . 2003-02-20 19:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-05-06 03:11 . 2012-04-06 13:05 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-06 03:11 . 2011-06-24 14:30 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 03:11 . 2012-04-06 13:11 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 08:47 . 2012-01-29 00:40 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-04-04 08:47 . 2011-05-21 03:39 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-03 17:18 . 2012-04-20 07:01 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-03 17:18 . 2012-04-20 07:01 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-04-03 17:18 . 2012-04-20 06:59 948544 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-04-03 17:18 . 2012-04-20 06:59 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-04-03 17:18 . 2012-04-20 06:59 8029504 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-04-03 17:18 . 2012-04-20 06:59 25720128 ----a-w- c:\windows\system32\nvoglv64.dll
2012-04-03 17:18 . 2012-04-20 06:59 10102592 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-04-03 17:18 . 2012-04-20 06:59 8138048 ----a-w- c:\windows\system32\nvcuda.dll
2012-04-03 17:18 . 2012-04-20 06:59 5981504 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-04-03 17:18 . 2012-04-20 06:59 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-04-03 17:18 . 2012-04-20 06:59 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-04-03 17:18 . 2012-04-20 06:59 2881344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-04-03 17:18 . 2012-04-20 06:59 2740544 ----a-w- c:\windows\system32\nvapi64.dll
2012-04-03 17:18 . 2012-04-20 06:59 2681152 ----a-w- c:\windows\system32\nvcuvid.dll
2012-04-03 17:18 . 2012-04-20 06:59 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-04-03 17:18 . 2012-04-20 06:59 25246528 ----a-w- c:\windows\system32\nvcompiler.dll
2012-04-03 17:18 . 2012-04-20 06:59 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-04-03 17:18 . 2012-04-20 06:59 2444608 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-04-03 17:18 . 2012-04-20 06:59 2367808 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-04-03 17:18 . 2012-04-20 06:59 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-04-03 17:18 . 2012-04-20 06:59 19584320 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-04-03 17:18 . 2012-04-20 06:59 17984320 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-04-03 17:18 . 2012-04-20 06:59 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-04-03 17:18 . 2012-04-20 06:59 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-04-03 17:18 . 2012-04-20 06:59 15279424 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-04-03 17:18 . 2012-04-20 06:59 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-04-03 17:18 . 2012-04-20 06:59 14291264 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-04-03 13:19 . 2012-04-20 06:54 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-04-03 13:19 . 2011-04-07 13:19 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-04-03 13:19 . 2012-04-20 07:01 2553991 ----a-w- c:\windows\system32\nvcoproc.bin
2012-04-03 13:19 . 2012-04-20 06:54 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-04-03 13:19 . 2012-04-20 06:54 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-04-03 13:19 . 2012-04-20 06:54 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-04-03 13:15 . 2012-04-20 06:54 6122816 ----a-w- c:\windows\system32\nvcpl.dll
2012-04-02 21:16 . 2012-04-02 21:16 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-08 08:50 . 2012-03-08 08:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"MusicManager"="c:\users\Admin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-05-14 13806080]
"uTorrent"="b:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-12 880496]
"Spotify Web Helper"="c:\users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-23 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840]
EvernoteClipper.lnk - b:\program files (x86)\Evernote\EvernoteClipper.exe [2012-3-21 1014112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck ers
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-20 136176]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-04-03 1262912]
R2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-20 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;b:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-04-02 382272]
S3 ALSysIO;ALSysIO;d:\temp\temp\ALSysIO64.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RAMDiskVE;RAMDiskVE;c:\windows\system32\Drivers\RAMDiskVE.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
WinDefend
TabletInputService
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 03:11]
.
2012-06-05 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2011-12-16 14:18]
.
2012-06-05 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS.exe [2011-12-16 14:18]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 09:54]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 09:54]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-314909523-3652244483-1584276009-1000Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-20 09:54]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-314909523-3652244483-1584276009-1000UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-20 09:54]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2010-07-22 464744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyServer = proxy.tpgi.com.au:3128
uInternet Settings,ProxyOverride = *commbank*;*4chan*;<local>;*.local
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Add to Evernote 4.0 - b:\program files (x86)\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - b:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xvulmwff.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
AddRemove-Wubi - v:\ubuntu\uninstall-wubi.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc]
"ImagePath"="."
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ASDR.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-06-05 11:44:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-05 01:44
.
Pre-Run: 49,006,194,688 bytes free
Post-Run: 50,060,668,928 bytes free
.
- - End Of File - - CA5A78D7FCF5B6A4865F621AA985C852

Attached Files


Edited by RPMcMurphy, 05 June 2012 - 09:27 AM.


#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 PM

Posted 05 June 2012 - 09:33 AM

Hello,

Did you set up these proxies?

uInternet Settings,ProxyServer = proxy.tpgi.com.au:3128
uInternet Settings,ProxyOverride = *commbank*;*4chan*;<local>;*.local


Please do this next:

Posted Image Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Be sure that everything else is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the results.
Please include the following in your next post:
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 vox1

vox1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 06 June 2012 - 12:07 AM

Yes, I set them up ages ago.
Pretty sure it's gone now, Kaspersky isn't coming up with warnings every second anymore. :)

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.05.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Admin :: UPSTAIRSPC [administrator]

6/06/2012 2:36:02 PM
mbam-log-2012-06-06 (15-05-44).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 415841
Time elapsed: 11 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0

(end)

Edited by vox1, 06 June 2012 - 12:08 AM.


#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 PM

Posted 06 June 2012 - 02:26 PM

Are there any remaining issues that we have not resloved? Please do this next:

Posted Image Go to thisLINK to run an online scannner from ESET.
  • Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If you are using Internet Explorer, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 vox1

vox1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 08 June 2012 - 07:24 AM

Well Kaspersky isn't popping up every minute saying there's a trojan in C:\Windows\Installer...etc so I suppose that's good news.
Surprised at the logs though...bit concerned with this Kryptik.AGPF trojan and that Kaspersky isn't picking it up in system32, it picks it up in Syswow64...


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=39c97f920301f9408a2091231fb852a8
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-08 11:35:47
# local_time=2012-06-08 09:35:47 (+1000, E. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 14886645 14886645 0 0
# compatibility_mode=5893 16776574 100 94 23217058 90764547 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=348292
# found=16
# cleaned=0
# scan_time=20650
C:\FRST\Quarantine\{2bbeba62-40d0-20a9-d47a-60888bcb72f6}\n Win64/Sirefef.W trojan (unable to clean) 00000000000000000000000000000000 I
C:\FRST\Quarantine\{2bbeba62-40d0-20a9-d47a-60888bcb72f6}\{2bbeba62-40d0-20a9-d47a-60888bcb72f6}\n Win64/Sirefef.W trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\davsdmuxv.exe a variant of Win32/Kryptik.AGPF trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\lczurxkan.exe a variant of Win32/Kryptik.AGPF trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\pevroau.exe a variant of Win32/Kryptik.AGPF trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\ppjzko.exe a variant of Win32/Kryptik.AGPF trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\uvkxiugk.exe a variant of Win32/Kryptik.AGPF trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\config\systemprofile\AppData\Local\{2bbeba62-40d0-20a9-d47a-60888bcb72f6}\n Win64/Sirefef.W trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\SysWOW64\davsdmuxv.exe a variant of Win32/Kryptik.AGPF trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\SysWOW64\lczurxkan.exe a variant of Win32/Kryptik.AGPF trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\SysWOW64\pevroau.exe a variant of Win32/Kryptik.AGPF trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\SysWOW64\ppjzko.exe a variant of Win32/Kryptik.AGPF trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\SysWOW64\uvkxiugk.exe a variant of Win32/Kryptik.AGPF trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{2bbeba62-40d0-20a9-d47a-60888bcb72f6}\n Win64/Sirefef.W trojan (unable to clean) 00000000000000000000000000000000 I
D:\Libaries\Downloads\coretemp_1236.exe a variant of Win32/InstallIQ application (unable to clean) 00000000000000000000000000000000 I
D:\Libaries\Downloads\MediaCoder-x64-0.8.11.5236.zip Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users