Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

threat detected c:\windows\assembly\gac_64\desktop.ini


  • This topic is locked This topic is locked
25 replies to this topic

#1 Killerbob

Killerbob

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 02 June 2012 - 06:28 AM

AVG keeps saying threat detected c:\windows\assembly\gac_64\desktop.ini but when trying to move it to vault its doesn't move and asks to restart my pc so I restart my pc and the same message comes up now and again. Also when trying to use google chrome and accessing https websites like facebook its says:

The site's security certificate is signed using a weak signature algorithm!
You attempted to reach www.facebook.com, but the server presented a certificate signed using a weak signature algorithm. This means that the security credentials the server presented could have been forged and the server may not be the server you expected (you may be communicating with an attacker).
You should not proceed, especially if you have never seen this warning before for this site.

Also when using search engines on google chrome it redirects me to advertising sites. Only with googe chrome firefox and IE work fine.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Ryan at 12:16:44 on 2012-06-02
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4095.1191 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\iRacing\iRacingService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe
C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG9\avgui.exe
C:\Program Files (x86)\AVG\AVG9\avgscana.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={282B69FD-A1C5-41E0-A29E-DFC1C2C243BE}&mid=f6398e78952a47d0adea1929468c993a-c18b324d263d484c258c3d21e95012f1dd1e3e4c&lang=en&ds=od011&pr=sa&d=2012-05-21 08:36:14&v=10.2.0.3&sap=hp
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://start.facemoods.com/?a=grupo&s={searchTerms}&f=4
mWinlogon: Userinit=userinit.exe,
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [<NO NAME>]
mRun: [NPSStartup]
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{3681D3E5-7B9A-485F-BD8E-669659B3090F} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{93DE4741-C159-4585-8203-B65B589D1544} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{93DE4741-C159-4585-8203-B65B589D1544}\B4566796E6 : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{93DE4741-C159-4585-8203-B65B589D1544}\B6566796E6 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: CescrtHlpr Object: {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
BHO-X64: facemoods Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: facemoods Toolbar: {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
mRun-x64: [(Default)]
mRun-x64: [NPSStartup]
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\yqgi4h2v.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.autoDisableScopes - 14
.
.
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx64;avgrkx64.sys;C:\Windows\system32\Drivers\avgrkx64.sys --> C:\Windows\system32\Drivers\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]
R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\system32\DRIVERS\jswpslwfx.sys --> C:\Windows\system32\DRIVERS\jswpslwfx.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\system32\DRIVERS\ss_bbus.sys --> C:\Windows\system32\DRIVERS\ss_bbus.sys [?]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\system32\DRIVERS\ss_bmdfl.sys --> C:\Windows\system32\DRIVERS\ss_bmdfl.sys [?]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\system32\DRIVERS\ss_bmdm.sys --> C:\Windows\system32\DRIVERS\ss_bmdm.sys [?]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2012-4-8 16448]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-06-02 10:19:00 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Malwarebytes
2012-06-02 10:18:55 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-02 10:18:55 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-02 10:18:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-01 15:31:53 -------- d-----w- C:\Windows\SysWow64\drivers\avg
2012-06-01 09:09:30 13048 ----a-w- C:\Windows\System32\avgrssta.dll
2012-06-01 09:07:10 56008 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2012-06-01 09:07:09 317520 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-06-01 09:07:06 269904 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-06-01 09:07:03 35664 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-06-01 09:07:03 -------- d-----w- C:\Windows\System32\drivers\Avg
2012-06-01 09:06:52 -------- d-----w- C:\Program Files (x86)\AVG
2012-06-01 09:06:51 -------- d-----w- C:\ProgramData\avg9
2012-05-31 16:23:25 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Milestone
2012-05-31 16:16:13 -------- d-----w- C:\Program Files (x86)\Milestone
2012-05-31 16:04:07 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-05-31 09:03:09 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-31 09:03:08 588728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-05-31 09:03:08 43960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-05-31 09:03:08 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-31 09:03:08 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-29 15:21:00 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{66D987DB-4AB4-4A1A-B3B4-847620991E8F}\mpengine.dll
2012-05-25 22:33:41 -------- d-----w- C:\Users\Ryan\AppData\Local\FLT
2012-05-25 22:19:55 -------- d-----w- C:\Program Files (x86)\DiRT Showdown
2012-05-25 15:49:48 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2012-05-25 15:12:13 -------- d-----w- C:\Program Files (x86)\Diablo III Beta
2012-05-25 15:12:13 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-05-25 15:11:32 -------- d-----w- C:\ProgramData\Battle.net
2012-05-21 15:46:02 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6.2
2012-05-21 07:36:13 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-05-21 07:36:12 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-05-21 07:36:12 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-05-21 07:36:09 -------- d--h--w- C:\ProgramData\Common Files
2012-05-20 19:07:00 -------- d-----w- C:\Users\Ryan\AppData\Local\CrashRpt
2012-05-20 18:42:51 -------- d-----w- C:\Program Files (x86)\Atari
2012-05-20 18:40:43 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-05-20 18:40:39 -------- d-----w- C:\Users\Ryan\AppData\Roaming\DAEMON Tools Pro
2012-05-20 18:40:37 -------- d-----w- C:\Users\Ryan\AppData\Roaming\OpenCandy
2012-05-20 18:40:36 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Pro
2012-05-20 18:40:10 -------- d-----w- C:\ProgramData\DAEMON Tools Pro
2012-05-09 22:25:03 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-09 22:25:03 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-09 22:25:01 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-09 22:25:00 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-09 22:25:00 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-09 22:25:00 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-09 22:24:16 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-09 22:23:57 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-09 22:23:54 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 22:23:54 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-09 22:23:54 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-09 22:23:54 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-09 22:23:54 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-06 15:40:18 -------- d-----w- C:\Program Files (x86)\Fiddler2
2012-05-05 21:12:42 -------- d-----w- C:\ProgramData\firebird
2012-05-05 21:12:42 -------- d-----w- C:\Program Files (x86)\SpacialAudio
2012-05-05 21:12:39 548864 ----a-w- C:\Windows\SysWow64\GDS32.DLL
2012-05-05 21:12:34 462848 ----a-w- C:\Windows\SysWow64\Firebird2Control.cpl
2012-05-05 21:12:33 -------- d-----w- C:\Program Files (x86)\Firebird
2012-05-03 21:44:27 -------- d-----w- C:\ProgramData\Ableton
2012-05-03 21:44:26 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Ableton
2012-05-03 21:39:44 368640 ----a-w- C:\Windows\SysWow64\ReWire.dll
2012-05-03 21:39:44 233472 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll
2012-05-03 21:36:51 -------- d-----w- C:\Program Files (x86)\Ableton
.
==================== Find3M ====================
.
2012-05-31 16:03:50 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-31 16:03:50 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-04 20:42:18 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 18:02:27 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-05-04 18:02:27 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-04-20 08:22:27 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-09 16:54:26 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-03-09 16:54:26 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
.
============= FINISH: 12:18:39.92 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:49 PM

Posted 03 June 2012 - 12:52 PM

Hi,

Please run the following:


download Farbar Recovery Scan Tool and save it to a flash drive.

(you need the 64bit version)

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Killerbob

Killerbob
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 03 June 2012 - 03:23 PM

When I tap f8 on BIOS screen it brings up devices to boot from not advanced options

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:49 PM

Posted 03 June 2012 - 04:09 PM

system recovery is not installed on your machine then

you will need an installation disk

or make one

http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Killerbob

Killerbob
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 03 June 2012 - 04:31 PM

I created a system recovery disk like you said it booted up fine everything went tell until I had to type e:\frst.exe into command prompt and it says the file didnt exist or is corrupt so went back to computer and looked in the flash drive and frst64.exe wasnt showing up but if i boot normally it still says its on the flash drive.

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:49 PM

Posted 03 June 2012 - 05:04 PM

please try formatting the USB stick and download the file again or

you could also try saving it directly to your c:\ drive

then when you boot to the recovery environment, look for c:\frst64.exe on your c:\ drive

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Killerbob

Killerbob
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 04 June 2012 - 04:43 AM

Ok I finally got FRST to run and here is the log.

Scan result of Farbar Recovery Scan Tool Version: 03-06-2012
Ran by SYSTEM at 04-06-2012 10:38:36
Running from E:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [NPSStartup] [x]
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [982880 2012-05-20] ()
HKLM-x32\...\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe [2077536 2012-06-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Ryan\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-28] (Skype Technologies S.A.)
HKU\Ryan\...\Run: [Google Update] "C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-06-01] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
AppInit_DLLs: avgrssta.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3200 Smart Wizard.lnk
ShortcutTarget: NETGEAR WNDA3200 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe (NETGEAR)

==================== Services (Whitelisted) ======

2 avg9wd; "C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe" [308136 2012-06-01] (AVG Technologies CZ, s.r.o.)
2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [249648 2011-06-15] (Microsoft Corporation)
2 FirebirdGuardianDefaultInstance; "C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe" -s DefaultInstance [98304 2010-09-17] (Firebird Project)
3 FirebirdServerDefaultInstance; "C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe" -s DefaultInstance [3735552 2010-09-17] (Firebird Project)
2 iRacingService; C:\Program Files (x86)\iRacing\iRacingService.exe [473768 2012-02-15] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
3 jswpsapi; C:\Program Files (x86)\NETGEAR\WNDA3200\jswpsapi.exe [954368 2009-11-05] (Atheros Communications, Inc.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-02-14] ()
2 vToolbarUpdater10.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [918880 2012-05-20] ()
2 WDCS_WNDA3200; C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe [167936 2010-06-23] ()
3 wampapache; "c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe" -k runservice [x]
3 wampmysqld; c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe wampmysqld [x]

========================== Drivers (Whitelisted) =============

1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13368 2009-04-06] ()
3 athur; C:\Windows\System32\DRIVERS\athurx.sys [1924096 2010-10-11] (Atheros Communications, Inc.)
1 AvgLdx64; C:\Windows\System32\Drivers\AvgLdx64.sys [269904 2012-06-01] (AVG Technologies CZ, s.r.o.)
1 AvgMfx64; C:\Windows\System32\Drivers\AvgMfx64.sys [35664 2012-06-01] (AVG Technologies CZ, s.r.o.)
0 AvgRkx64; C:\Windows\System32\Drivers\AvgRkx64.sys [56008 2012-06-01] (AVG Technologies CZ, s.r.o.)
1 AvgTdiA; C:\Windows\System32\Drivers\AvgTdiA.sys [317520 2012-06-01] (AVG Technologies CZ, s.r.o.)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-05-20] (DT Soft Ltd)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
3 netr28ux; C:\Windows\System32\Drivers\netr28ux.sys [966144 2009-05-24] (Ralink Technology Corp.)
1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [125376 2011-11-14] (Power Software Ltd)
3 ss_bbus; C:\Windows\System32\Drivers\ss_bbus.sys [127488 2010-04-26] (MCCI)
3 ss_bmdfl; C:\Windows\System32\Drivers\ss_bmdfl.sys [18944 2010-04-26] (MCCI Corporation)
3 ss_bmdm; C:\Windows\System32\Drivers\ss_bmdm.sys [161280 2010-04-26] (MCCI Corporation)
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-04 01:33 - 2012-06-04 01:33 - 1395739 ____A C:\Users\Ryan\Downloads\FRST64.exe
2012-06-03 14:43 - 2012-06-03 14:43 - 0276586 ____A C:\Users\Ryan\Downloads\zombe's_modpack-v6.2_MC.1.2.5.zip
2012-06-03 14:13 - 2012-06-03 14:13 - 0958440 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-06-03 14:13 - 2012-06-03 14:13 - 0838120 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-06-03 14:13 - 2012-06-03 14:13 - 0287720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-03 14:13 - 2012-06-03 14:13 - 0189416 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-03 14:13 - 2012-06-03 14:13 - 0188904 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-03 14:08 - 2012-06-03 14:11 - 94375904 ____A (Oracle Corporation) C:\Users\Ryan\Downloads\jdk-7u6-ea-bin-b12-windows-x64-30_may_2012.exe
2012-06-03 13:12 - 2012-06-03 13:12 - 5453814 ____A C:\Users\Ryan\Downloads\lwjgl-2.8.4.zip
2012-06-03 13:10 - 2012-02-03 10:56 - 0195072 ____A C:\Windows\System32\OpenAL64.dll
2012-06-03 06:53 - 2012-06-03 14:12 - 0000000 ____D C:\Program Files\Java
2012-06-03 06:50 - 2012-06-03 06:50 - 0772552 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-06-03 06:49 - 2012-06-03 06:49 - 21865936 ____A (Oracle Corporation) C:\Users\Ryan\Downloads\jre-7u4-windows-x64.exe
2012-06-03 06:49 - 2012-06-03 06:49 - 21053392 ____A (Oracle Corporation) C:\Users\Ryan\Downloads\jre-7u4-windows-i586.exe
2012-06-02 07:07 - 2012-06-02 07:07 - 0000000 ____D C:\Users\Ryan\Documents\Games for Windows - LIVE Demos
2012-06-02 03:20 - 2012-06-02 03:20 - 0010052 ____A C:\Users\Ryan\Desktop\Attach.txt
2012-06-02 03:19 - 2012-06-02 03:19 - 0023791 ____A C:\Users\Ryan\Desktop\DDS.txt
2012-06-02 03:16 - 2012-06-02 03:16 - 0607260 ____R (Swearware) C:\Users\Ryan\Downloads\dds.scr
2012-06-02 03:16 - 2012-06-02 03:16 - 0000178 ____A C:\Users\Ryan\defogger_reenable
2012-06-02 03:15 - 2012-06-02 03:15 - 0050477 ____A C:\Users\Ryan\Downloads\Defogger.exe
2012-06-02 02:19 - 2012-06-02 02:19 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\Malwarebytes
2012-06-02 02:18 - 2012-06-02 02:18 - 0001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-02 02:18 - 2012-06-02 02:18 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-06-02 02:18 - 2012-06-02 02:18 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-02 02:18 - 2012-04-04 06:56 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-02 02:15 - 2012-06-04 01:28 - 0001242 ____A C:\Windows\setupact.log
2012-06-02 02:15 - 2012-06-02 02:15 - 0000000 ____A C:\Windows\setuperr.log
2012-06-02 02:11 - 2012-06-02 02:11 - 0000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-06-01 10:24 - 2011-07-08 16:43 - 1201152 ____A (ShockingSoft) C:\Users\Ryan\Desktop\AutoClicker.exe
2012-06-01 07:31 - 2012-06-01 07:31 - 0000000 ____D C:\Windows\SysWOW64\Drivers\avg
2012-06-01 01:32 - 2012-06-03 14:37 - 0000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-316443158-2896579251-2807000262-1001UA.job
2012-06-01 01:32 - 2012-06-01 01:37 - 0000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-316443158-2896579251-2807000262-1001Core.job
2012-06-01 01:09 - 2012-06-01 01:09 - 0013048 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\avgrssta.dll
2012-06-01 01:07 - 2012-06-04 01:32 - 0000000 ____D C:\Windows\System32\Drivers\Avg
2012-06-01 01:07 - 2012-06-01 07:31 - 0269904 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
2012-06-01 01:07 - 2012-06-01 01:09 - 0317520 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2012-06-01 01:07 - 2012-06-01 01:09 - 0056008 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgrkx64.sys
2012-06-01 01:07 - 2012-06-01 01:09 - 0035664 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
2012-06-01 01:07 - 2012-06-01 01:07 - 0001854 ____A C:\Users\Public\Desktop\AVG 9.0.lnk
2012-06-01 01:06 - 2012-06-03 12:44 - 0000000 ____D C:\Users\All Users\avg9
2012-06-01 01:06 - 2012-06-01 01:06 - 0000000 ____D C:\Program Files (x86)\AVG
2012-05-31 08:23 - 2012-05-31 08:23 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\Milestone
2012-05-31 08:21 - 2012-05-31 08:21 - 0001877 ____A C:\Users\Public\Desktop\Play MUD - FIM Motocross World Championship™.lnk
2012-05-31 08:16 - 2012-05-31 08:16 - 0000000 ____D C:\Program Files (x86)\Milestone
2012-05-31 08:04 - 2012-05-31 08:04 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-05-31 07:53 - 2012-05-31 08:02 - 0000000 ____D C:\Users\Ryan\Downloads\MUD.FIM.Motocross.World.Championship-RELOADED
2012-05-31 01:03 - 2012-05-31 01:03 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-31 01:03 - 2012-05-31 01:03 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-29 11:12 - 2012-05-29 11:14 - 0000000 ____D C:\Users\Ryan\Downloads\dirt showdown mp enabler
2012-05-28 13:03 - 2012-05-28 13:03 - 0042008 ____A C:\Users\Ryan\Desktop\Sony Vegas Intro.veg
2012-05-28 08:37 - 2012-05-28 08:38 - 0000000 ____D C:\Users\Ryan\Desktop\Video Intro
2012-05-27 06:26 - 2012-05-27 06:27 - 3536384 ____A C:\Users\Ryan\Downloads\Mandinga - Zaleilah (Official Single).mp3
2012-05-27 06:25 - 2012-05-27 06:25 - 3800816 ____A C:\Users\Ryan\Downloads\Labrinth - Express Yourself.mp3
2012-05-26 15:17 - 2012-05-26 15:16 - 7603766 ____A C:\Users\Ryan\Downloads\Mandinga - Zaleilah.mp3
2012-05-25 14:33 - 2012-05-25 14:33 - 0000000 ____D C:\Users\Ryan\AppData\Local\FLT
2012-05-25 14:19 - 2012-06-03 21:31 - 0000000 ____D C:\Program Files (x86)\DiRT Showdown
2012-05-25 09:00 - 2012-05-25 09:01 - 0001625 ____A C:\Users\Ryan\Desktop\Diablo III - Shortcut.lnk
2012-05-25 07:49 - 2012-05-25 07:49 - 0000000 ____D C:\Users\Ryan\Documents\Diablo III
2012-05-25 07:49 - 2012-05-25 07:49 - 0000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-05-25 07:12 - 2012-05-25 07:49 - 0000000 ____D C:\Program Files (x86)\Diablo III Beta
2012-05-25 07:11 - 2012-05-25 07:11 - 0000000 ____D C:\Users\All Users\Battle.net
2012-05-23 09:59 - 2012-05-23 10:01 - 2821102 ____A C:\Users\Ryan\Downloads\Newton Faulkner - I Need Something.mp3
2012-05-23 09:58 - 2012-05-23 10:01 - 2462079 ____A C:\Users\Ryan\Downloads\Newton Faulkner - Gone In The Morning.mp3
2012-05-23 09:56 - 2012-05-23 10:01 - 3092769 ____A C:\Users\Ryan\Downloads\Newton Faulkner - All I Got.mp3
2012-05-23 09:56 - 2012-05-23 10:01 - 2987860 ____A C:\Users\Ryan\Downloads\Newton Faulkner - Teardrop.mp3
2012-05-21 11:15 - 2012-05-23 10:01 - 3508520 ____A C:\Users\Ryan\Downloads\Martin Solveig - The Night Out (Madeon Remix) (1).mp3
2012-05-21 11:14 - 2012-05-21 11:14 - 10321145 ____A C:\Users\Ryan\Downloads\Alex Clare - Too Close.mp3
2012-05-21 07:46 - 2012-05-21 07:46 - 0001085 ____A C:\Users\Ryan\Desktop\Cheat Engine.lnk
2012-05-21 07:46 - 2012-05-21 07:46 - 0000000 ____D C:\Users\Ryan\Documents\My Cheat Tables
2012-05-21 07:46 - 2012-05-21 07:46 - 0000000 ____D C:\Program Files (x86)\Cheat Engine 6.2
2012-05-20 23:36 - 2012-05-20 23:36 - 0000000 ____D C:\Users\All Users\AVG Secure Search
2012-05-20 23:36 - 2012-05-20 23:36 - 0000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-05-20 11:12 - 2012-05-20 11:12 - 0000000 ____D C:\Users\Ryan\Documents\Eden Games
2012-05-20 11:07 - 2012-05-20 11:07 - 0000000 ____D C:\Users\Ryan\AppData\Local\CrashRpt
2012-05-20 11:02 - 2012-05-20 11:02 - 0001091 ____A C:\Users\Public\Desktop\Test Drive Unlimited 2.lnk
2012-05-20 10:42 - 2012-05-20 10:42 - 0000000 ____D C:\Program Files (x86)\Atari
2012-05-20 10:41 - 2012-05-20 10:41 - 0001932 ____A C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
2012-05-20 10:40 - 2012-06-02 02:12 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\DAEMON Tools Pro
2012-05-20 10:40 - 2012-05-20 10:42 - 0000000 ____D C:\Users\All Users\DAEMON Tools Pro
2012-05-20 10:40 - 2012-05-20 10:41 - 0283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-05-20 10:40 - 2012-05-20 10:40 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\OpenCandy
2012-05-20 10:40 - 2012-05-20 10:40 - 0000000 ____D C:\Program Files (x86)\DAEMON Tools Pro
2012-05-15 11:46 - 2012-05-15 11:46 - 0560318 ____A C:\Users\Ryan\Downloads\AutoClicker.zip
2012-05-09 14:25 - 2012-03-30 22:05 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-09 14:25 - 2012-03-30 20:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-09 14:25 - 2012-03-30 20:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-09 14:25 - 2012-03-30 19:10 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-09 14:25 - 2012-03-02 22:35 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-09 14:25 - 2012-03-02 21:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-09 14:24 - 2012-03-16 23:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-09 14:23 - 2012-03-30 03:35 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-08 13:07 - 2012-05-08 13:08 - 0000000 ____D C:\Users\Ryan\Downloads\Boys_Like_Girls-Love_Drunk-2009-SiRE
2012-05-07 09:12 - 2012-05-07 09:12 - 3686476 ____A C:\Users\Ryan\Downloads\949e5a80841dc4d437d9f16b016716b7.mp3
2012-05-07 07:19 - 2012-05-23 10:02 - 3532456 ____A C:\Users\Ryan\Downloads\Tulisa - We Are Young (Official Video _ HD).mp3
2012-05-07 07:11 - 2012-05-07 07:11 - 4107829 ____A C:\Users\Ryan\Downloads\alexclaretooclose.mp3
2012-05-07 05:01 - 2012-05-07 05:01 - 9326157 ____A C:\Users\Ryan\Downloads\punkrockchick.mp3
2012-05-06 15:32 - 2012-05-06 15:32 - 4318603 ____A C:\Users\Ryan\Downloads\neon-trees-1.mp3
2012-05-06 07:40 - 2012-05-06 07:40 - 0000000 ____D C:\Program Files (x86)\Fiddler2
2012-05-06 03:15 - 2012-05-06 03:15 - 0000000 ____D C:\Users\Ryan\Downloads\Hot Chelle Rae – Whatever (2011), 320Kbit(mp3), DMT
2012-05-06 02:51 - 2012-05-06 02:51 - 0000132 ____A C:\Users\Ryan\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2012-05-05 13:12 - 2012-05-05 15:46 - 0000000 ____D C:\Users\All Users\firebird
2012-05-05 13:12 - 2012-05-05 13:12 - 0002014 ____A C:\Users\UpdatusUser\Desktop\SAM Broadcaster.lnk
2012-05-05 13:12 - 2012-05-05 13:12 - 0002014 ____A C:\Users\Ryan\Desktop\SAM Broadcaster.lnk
2012-05-05 13:12 - 2012-05-05 13:12 - 0000000 ____D C:\Program Files (x86)\SpacialAudio
2012-05-05 13:12 - 2012-05-05 13:12 - 0000000 ____D C:\Program Files (x86)\Firebird
2012-05-05 13:12 - 2010-09-17 02:16 - 0462848 ____A (IBPhoenix) C:\Windows\SysWOW64\Firebird2Control.cpl
2012-05-05 13:12 - 2010-09-17 02:13 - 0548864 ____A (Firebird Project) C:\Windows\SysWOW64\GDS32.DLL


============ 3 Months Modified Files and Folders =============

2012-06-04 10:38 - 2012-06-04 10:38 - 0000000 ____D C:\FRST
2012-06-04 01:34 - 2009-07-13 20:45 - 0014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-04 01:34 - 2009-07-13 20:45 - 0014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-04 01:34 - 2002-01-01 13:33 - 1832499 ____A C:\Windows\WindowsUpdate.log
2012-06-04 01:33 - 2012-06-04 01:33 - 1395739 ____A C:\Users\Ryan\Downloads\FRST64.exe
2012-06-04 01:32 - 2012-06-01 01:07 - 0000000 ____D C:\Windows\System32\Drivers\Avg
2012-06-04 01:30 - 2012-04-09 07:02 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\Skype
2012-06-04 01:28 - 2012-06-02 02:15 - 0001242 ____A C:\Windows\setupact.log
2012-06-04 01:28 - 2012-01-09 08:19 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-06-04 01:28 - 2011-07-10 09:30 - 3220529152 __ASH C:\hiberfil.sys
2012-06-04 01:28 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-03 21:31 - 2012-05-25 14:19 - 0000000 ____D C:\Program Files (x86)\DiRT Showdown
2012-06-03 21:31 - 2009-07-13 23:45 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-06-03 21:31 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-06-03 21:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-06-03 14:50 - 2012-02-03 10:55 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\.minecraft
2012-06-03 14:43 - 2012-06-03 14:43 - 0276586 ____A C:\Users\Ryan\Downloads\zombe's_modpack-v6.2_MC.1.2.5.zip
2012-06-03 14:42 - 2012-04-20 00:18 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-03 14:37 - 2012-06-01 01:32 - 0000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-316443158-2896579251-2807000262-1001UA.job
2012-06-03 14:13 - 2012-06-03 14:13 - 0958440 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-06-03 14:13 - 2012-06-03 14:13 - 0838120 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-06-03 14:13 - 2012-06-03 14:13 - 0287720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-03 14:13 - 2012-06-03 14:13 - 0189416 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-03 14:13 - 2012-06-03 14:13 - 0188904 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-03 14:12 - 2012-06-03 06:53 - 0000000 ____D C:\Program Files\Java
2012-06-03 14:11 - 2012-06-03 14:08 - 94375904 ____A (Oracle Corporation) C:\Users\Ryan\Downloads\jdk-7u6-ea-bin-b12-windows-x64-30_may_2012.exe
2012-06-03 14:07 - 2012-04-13 04:35 - 0000000 ____D C:\Program Files (x86)\Java
2012-06-03 13:12 - 2012-06-03 13:12 - 5453814 ____A C:\Users\Ryan\Downloads\lwjgl-2.8.4.zip
2012-06-03 12:46 - 2012-02-21 09:03 - 0000000 ____D C:\users\UpdatusUser
2012-06-03 12:46 - 2009-07-13 21:13 - 0783310 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-03 12:44 - 2012-06-01 01:06 - 0000000 ____D C:\Users\All Users\avg9
2012-06-03 12:44 - 2002-01-01 13:52 - 0000000 ____D C:\users\Ryan
2012-06-03 12:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-06-03 06:50 - 2012-06-03 06:50 - 0772552 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-06-03 06:50 - 2012-02-03 10:54 - 0687560 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-06-03 06:49 - 2012-06-03 06:49 - 21865936 ____A (Oracle Corporation) C:\Users\Ryan\Downloads\jre-7u4-windows-x64.exe
2012-06-03 06:49 - 2012-06-03 06:49 - 21053392 ____A (Oracle Corporation) C:\Users\Ryan\Downloads\jre-7u4-windows-i586.exe
2012-06-02 07:07 - 2012-06-02 07:07 - 0000000 ____D C:\Users\Ryan\Documents\Games for Windows - LIVE Demos
2012-06-02 03:20 - 2012-06-02 03:20 - 0010052 ____A C:\Users\Ryan\Desktop\Attach.txt
2012-06-02 03:19 - 2012-06-02 03:19 - 0023791 ____A C:\Users\Ryan\Desktop\DDS.txt
2012-06-02 03:16 - 2012-06-02 03:16 - 0607260 ____R (Swearware) C:\Users\Ryan\Downloads\dds.scr
2012-06-02 03:16 - 2012-06-02 03:16 - 0000178 ____A C:\Users\Ryan\defogger_reenable
2012-06-02 03:16 - 2012-01-09 08:27 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-02 03:15 - 2012-06-02 03:15 - 0050477 ____A C:\Users\Ryan\Downloads\Defogger.exe
2012-06-02 02:34 - 2012-04-08 12:33 - 0000000 ____D C:\Users\Ryan\Desktop\Movies
2012-06-02 02:34 - 2012-04-08 12:19 - 0000000 ____D C:\Users\Ryan\Desktop\Gaming
2012-06-02 02:31 - 2012-04-08 12:34 - 0000000 ____D C:\Users\Ryan\Desktop\Software
2012-06-02 02:19 - 2012-06-02 02:19 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\Malwarebytes
2012-06-02 02:18 - 2012-06-02 02:18 - 0001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-02 02:18 - 2012-06-02 02:18 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-06-02 02:18 - 2012-06-02 02:18 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-02 02:15 - 2012-06-02 02:15 - 0000000 ____A C:\Windows\setuperr.log
2012-06-02 02:12 - 2012-05-20 10:40 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\DAEMON Tools Pro
2012-06-02 02:12 - 2012-01-09 12:30 - 0000000 ____D C:\Program Files (x86)\Steam
2012-06-02 02:12 - 2002-01-01 21:29 - 0000000 ____D C:\Windows\Panther
2012-06-02 02:12 - 2002-01-01 13:56 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\uTorrent
2012-06-02 02:11 - 2012-06-02 02:11 - 0000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-06-02 02:11 - 2012-01-12 09:44 - 0000000 ____D C:\Program Files\CCleaner
2012-06-01 07:31 - 2012-06-01 07:31 - 0000000 ____D C:\Windows\SysWOW64\Drivers\avg
2012-06-01 07:31 - 2012-06-01 01:07 - 0269904 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
2012-06-01 01:37 - 2012-06-01 01:32 - 0000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-316443158-2896579251-2807000262-1001Core.job
2012-06-01 01:32 - 2012-01-08 10:14 - 0000000 ____D C:\Users\Ryan\AppData\Local\Google
2012-06-01 01:28 - 2011-07-11 02:40 - 0000000 ___HD C:\$AVG
2012-06-01 01:09 - 2012-06-01 01:09 - 0013048 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\avgrssta.dll
2012-06-01 01:09 - 2012-06-01 01:07 - 0317520 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2012-06-01 01:09 - 2012-06-01 01:07 - 0056008 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgrkx64.sys
2012-06-01 01:09 - 2012-06-01 01:07 - 0035664 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
2012-06-01 01:07 - 2012-06-01 01:07 - 0001854 ____A C:\Users\Public\Desktop\AVG 9.0.lnk
2012-06-01 01:06 - 2012-06-01 01:06 - 0000000 ____D C:\Program Files (x86)\AVG
2012-05-31 08:23 - 2012-05-31 08:23 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\Milestone
2012-05-31 08:21 - 2012-05-31 08:21 - 0001877 ____A C:\Users\Public\Desktop\Play MUD - FIM Motocross World Championship™.lnk
2012-05-31 08:16 - 2012-05-31 08:16 - 0000000 ____D C:\Program Files (x86)\Milestone
2012-05-31 08:16 - 2012-01-09 07:38 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-05-31 08:04 - 2012-05-31 08:04 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-05-31 08:03 - 2012-04-20 00:18 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-31 08:03 - 2012-03-21 08:31 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-31 08:02 - 2012-05-31 07:53 - 0000000 ____D C:\Users\Ryan\Downloads\MUD.FIM.Motocross.World.Championship-RELOADED
2012-05-31 01:03 - 2012-05-31 01:03 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-31 01:03 - 2012-05-31 01:03 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-31 01:03 - 2012-02-23 08:56 - 0001049 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-05-29 11:14 - 2012-05-29 11:12 - 0000000 ____D C:\Users\Ryan\Downloads\dirt showdown mp enabler
2012-05-28 13:03 - 2012-05-28 13:03 - 0042008 ____A C:\Users\Ryan\Desktop\Sony Vegas Intro.veg
2012-05-28 08:38 - 2012-05-28 08:37 - 0000000 ____D C:\Users\Ryan\Desktop\Video Intro
2012-05-27 13:27 - 2012-01-20 11:00 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\Spotify
2012-05-27 06:35 - 2012-01-20 11:00 - 0000000 ____D C:\Users\Ryan\AppData\Local\Spotify
2012-05-27 06:27 - 2012-05-27 06:26 - 3536384 ____A C:\Users\Ryan\Downloads\Mandinga - Zaleilah (Official Single).mp3
2012-05-27 06:25 - 2012-05-27 06:25 - 3800816 ____A C:\Users\Ryan\Downloads\Labrinth - Express Yourself.mp3
2012-05-26 15:16 - 2012-05-26 15:17 - 7603766 ____A C:\Users\Ryan\Downloads\Mandinga - Zaleilah.mp3
2012-05-25 14:33 - 2012-05-25 14:33 - 0000000 ____D C:\Users\Ryan\AppData\Local\FLT
2012-05-25 14:33 - 2012-03-09 08:56 - 0000000 ____D C:\Users\Ryan\Documents\My Games
2012-05-25 14:33 - 2012-03-09 08:56 - 0000000 ____D C:\Users\All Users\Codemasters
2012-05-25 09:01 - 2012-05-25 09:00 - 0001625 ____A C:\Users\Ryan\Desktop\Diablo III - Shortcut.lnk
2012-05-25 07:49 - 2012-05-25 07:49 - 0000000 ____D C:\Users\Ryan\Documents\Diablo III
2012-05-25 07:49 - 2012-05-25 07:49 - 0000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-05-25 07:49 - 2012-05-25 07:12 - 0000000 ____D C:\Program Files (x86)\Diablo III Beta
2012-05-25 07:11 - 2012-05-25 07:11 - 0000000 ____D C:\Users\All Users\Battle.net
2012-05-23 10:35 - 2012-02-18 07:54 - 0000000 ___HD C:\Windows\msdownld.tmp
2012-05-23 10:35 - 2012-02-18 07:54 - 0000000 ____D C:\Windows\SysWOW64\directx
2012-05-23 10:02 - 2012-05-07 07:19 - 3532456 ____A C:\Users\Ryan\Downloads\Tulisa - We Are Young (Official Video _ HD).mp3
2012-05-23 10:01 - 2012-05-23 09:59 - 2821102 ____A C:\Users\Ryan\Downloads\Newton Faulkner - I Need Something.mp3
2012-05-23 10:01 - 2012-05-23 09:58 - 2462079 ____A C:\Users\Ryan\Downloads\Newton Faulkner - Gone In The Morning.mp3
2012-05-23 10:01 - 2012-05-23 09:56 - 3092769 ____A C:\Users\Ryan\Downloads\Newton Faulkner - All I Got.mp3
2012-05-23 10:01 - 2012-05-23 09:56 - 2987860 ____A C:\Users\Ryan\Downloads\Newton Faulkner - Teardrop.mp3
2012-05-23 10:01 - 2012-05-21 11:15 - 3508520 ____A C:\Users\Ryan\Downloads\Martin Solveig - The Night Out (Madeon Remix) (1).mp3
2012-05-23 10:00 - 2012-04-29 11:23 - 2680211 ____A C:\Users\Ryan\Downloads\Cover Drive - Sparks.mp3
2012-05-21 11:14 - 2012-05-21 11:14 - 10321145 ____A C:\Users\Ryan\Downloads\Alex Clare - Too Close.mp3
2012-05-21 07:46 - 2012-05-21 07:46 - 0001085 ____A C:\Users\Ryan\Desktop\Cheat Engine.lnk
2012-05-21 07:46 - 2012-05-21 07:46 - 0000000 ____D C:\Users\Ryan\Documents\My Cheat Tables
2012-05-21 07:46 - 2012-05-21 07:46 - 0000000 ____D C:\Program Files (x86)\Cheat Engine 6.2
2012-05-20 23:36 - 2012-05-20 23:36 - 0000000 ____D C:\Users\All Users\AVG Secure Search
2012-05-20 23:36 - 2012-05-20 23:36 - 0000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-05-20 23:36 - 2002-01-01 13:53 - 0000000 ____D C:\Users\Ryan\AppData\LocalLow
2012-05-20 11:12 - 2012-05-20 11:12 - 0000000 ____D C:\Users\Ryan\Documents\Eden Games
2012-05-20 11:07 - 2012-05-20 11:07 - 0000000 ____D C:\Users\Ryan\AppData\Local\CrashRpt
2012-05-20 11:02 - 2012-05-20 11:02 - 0001091 ____A C:\Users\Public\Desktop\Test Drive Unlimited 2.lnk
2012-05-20 10:42 - 2012-05-20 10:42 - 0000000 ____D C:\Program Files (x86)\Atari
2012-05-20 10:42 - 2012-05-20 10:40 - 0000000 ____D C:\Users\All Users\DAEMON Tools Pro
2012-05-20 10:41 - 2012-05-20 10:41 - 0001932 ____A C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
2012-05-20 10:41 - 2012-05-20 10:40 - 0283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-05-20 10:40 - 2012-05-20 10:40 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\OpenCandy
2012-05-20 10:40 - 2012-05-20 10:40 - 0000000 ____D C:\Program Files (x86)\DAEMON Tools Pro
2012-05-15 11:46 - 2012-05-15 11:46 - 0560318 ____A C:\Users\Ryan\Downloads\AutoClicker.zip
2012-05-14 09:32 - 2012-03-02 08:18 - 0000000 ____D C:\Users\Ryan\AppData\Local\ElevatedDiagnostics
2012-05-10 03:10 - 2009-07-13 20:45 - 4986792 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-09 15:57 - 2012-01-08 09:23 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-09 15:56 - 2012-01-10 11:52 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-09 15:49 - 2009-07-13 23:46 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-09 02:56 - 2012-01-08 10:13 - 0117648 ____A C:\Users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-08 13:08 - 2012-05-08 13:07 - 0000000 ____D C:\Users\Ryan\Downloads\Boys_Like_Girls-Love_Drunk-2009-SiRE
2012-05-07 09:12 - 2012-05-07 09:12 - 3686476 ____A C:\Users\Ryan\Downloads\949e5a80841dc4d437d9f16b016716b7.mp3
2012-05-07 07:11 - 2012-05-07 07:11 - 4107829 ____A C:\Users\Ryan\Downloads\alexclaretooclose.mp3
2012-05-07 05:01 - 2012-05-07 05:01 - 9326157 ____A C:\Users\Ryan\Downloads\punkrockchick.mp3
2012-05-06 15:32 - 2012-05-06 15:32 - 4318603 ____A C:\Users\Ryan\Downloads\neon-trees-1.mp3
2012-05-06 07:40 - 2012-05-06 07:40 - 0000000 ____D C:\Program Files (x86)\Fiddler2
2012-05-06 03:15 - 2012-05-06 03:15 - 0000000 ____D C:\Users\Ryan\Downloads\Hot Chelle Rae – Whatever (2011), 320Kbit(mp3), DMT
2012-05-06 02:51 - 2012-05-06 02:51 - 0000132 ____A C:\Users\Ryan\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2012-05-05 15:46 - 2012-05-05 13:12 - 0000000 ____D C:\Users\All Users\firebird
2012-05-05 13:12 - 2012-05-05 13:12 - 0002014 ____A C:\Users\UpdatusUser\Desktop\SAM Broadcaster.lnk
2012-05-05 13:12 - 2012-05-05 13:12 - 0002014 ____A C:\Users\Ryan\Desktop\SAM Broadcaster.lnk
2012-05-05 13:12 - 2012-05-05 13:12 - 0000000 ____D C:\Program Files (x86)\SpacialAudio
2012-05-05 13:12 - 2012-05-05 13:12 - 0000000 ____D C:\Program Files (x86)\Firebird
2012-05-04 12:42 - 2012-04-20 00:42 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 10:02 - 2012-03-09 08:54 - 0122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll.bak
2012-05-04 10:02 - 2012-03-09 08:54 - 0000000 ____D C:\Program Files (x86)\BRS
2012-05-04 10:02 - 2012-01-09 08:44 - 0109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-05-04 09:48 - 2012-05-04 09:48 - 0000222 ____A C:\Users\Ryan\Desktop\DiRT Showdown Demo.url
2012-05-03 13:45 - 2012-05-03 13:44 - 0000000 ____D C:\Users\Ryan\Documents\Ableton
2012-05-03 13:44 - 2012-05-03 13:44 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\Ableton
2012-05-03 13:44 - 2012-05-03 13:44 - 0000000 ____D C:\Users\All Users\Ableton
2012-05-03 13:36 - 2012-05-03 13:36 - 0000000 ____D C:\Program Files (x86)\Ableton
2012-05-02 09:56 - 2012-05-02 09:56 - 0000000 ____D C:\Users\Ryan\Downloads\Now Thats What I Call Music 81 (2012) - 2CD
2012-05-02 09:56 - 2012-05-02 09:54 - 0000000 ____D C:\Users\Ryan\Downloads\Olly Murs - In Case You Didnt Know (2011)MP3 nlt-release
2012-05-02 09:29 - 2012-01-09 08:19 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-05-02 09:29 - 2011-07-11 03:40 - 0000000 ____D C:\NVIDIA
2012-05-01 11:22 - 2012-05-01 11:22 - 10384527 ____A C:\Users\Ryan\Downloads\Redial-_Anxiety.mp3
2012-04-29 11:11 - 2012-04-29 11:11 - 9807620 ____A C:\Users\Ryan\Downloads\Rihanna - Where Havr You Been.mp3
2012-04-29 11:09 - 2012-04-29 11:09 - 3477358 ____A C:\Users\Ryan\Downloads\Lawson - When she was mine.mp3
2012-04-29 11:03 - 2012-04-29 11:03 - 8655793 ____A C:\Users\Ryan\Downloads\Cheryl Cole - Call My Name [2012] . {Mobicareg}..{HKRG}.mp3
2012-04-29 07:38 - 2012-04-29 07:38 - 0000000 ____D C:\Users\Ryan\Downloads\The Fray - How to Save a Life
2012-04-29 07:38 - 2012-04-29 07:38 - 0000000 ____D C:\Users\Ryan\Downloads\The Fray - Heartbeat
2012-04-29 02:40 - 2012-04-20 10:50 - 0000000 ____D C:\Users\All Users\Tarma Installer
2012-04-28 09:10 - 2012-04-28 09:10 - 0001141 ____A C:\Users\Public\Desktop\Angry Birds Space.lnk
2012-04-28 09:10 - 2012-04-28 09:10 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\Rovio
2012-04-28 09:10 - 2012-04-28 09:10 - 0000000 ____D C:\Program Files (x86)\Rovio
2012-04-28 05:51 - 2012-01-20 12:10 - 8905835 ____A C:\Users\Ryan\Downloads\Wolfgang Gartner ft. Will.I.Am - Forever.mp3
2012-04-28 05:50 - 2012-04-08 10:51 - 3440070 ____A C:\Users\Ryan\Downloads\Panic! At The Disco & Fun.- C'mon (AUDIO).mp3
2012-04-28 05:50 - 2012-04-08 10:41 - 4442475 ____A C:\Users\Ryan\Downloads\Some Nights by Fun-Lyrics-Clean.mp3
2012-04-28 05:49 - 2012-04-08 10:29 - 3481887 ____A C:\Users\Ryan\Downloads\fun. - I Wanna Be The One [AUDIO}.mp3
2012-04-28 05:49 - 2012-04-08 10:29 - 3435072 ____A C:\Users\Ryan\Downloads\fun. - Walking The Dog [music video].mp3
2012-04-28 05:49 - 2012-04-08 10:26 - 4138073 ____A C:\Users\Ryan\Downloads\fun. -Barlights [AUDIO].mp3
2012-04-28 05:48 - 2012-04-08 10:31 - 4049104 ____A C:\Users\Ryan\Downloads\Fun.- We Are Young ft. Janelle Monáe [OFFICIAL VIDEO].mp3
2012-04-28 05:48 - 2012-04-08 10:30 - 3444272 ____A C:\Users\Ryan\Downloads\fun. - All The Pretty Girls [music video].mp3
2012-04-28 05:39 - 2012-04-28 05:38 - 3625029 ____A C:\Users\Ryan\Downloads\6660338_Plain_White_T_s_12_Let_Me_Take_You_There.mp3
2012-04-28 05:38 - 2012-04-28 05:37 - 0000000 ____D C:\Users\Ryan\Downloads\Plain White T's - Wonders of the Younger
2012-04-27 11:17 - 2012-04-20 11:54 - 0000000 ____D C:\Users\Ryan\Downloads\Dog the Bounty Hunter
2012-04-27 09:59 - 2012-04-27 09:31 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\TeamViewer
2012-04-27 09:12 - 2012-04-27 09:12 - 0001162 ____A C:\Users\Public\Desktop\TeamViewer 7.lnk
2012-04-24 13:13 - 2012-04-24 13:13 - 4209447 ____A C:\Users\Ryan\Downloads\Madeon_-_Icarus.mp3
2012-04-23 10:10 - 2012-04-01 10:24 - 0000000 ____D C:\Users\Ryan\Downloads\The Official UK Top 40 Singles Chart 25-03-2012
2012-04-20 12:08 - 2012-04-20 12:08 - 0000000 ____D C:\Users\Ryan\AppData\Local\Skyrim
2012-04-20 12:08 - 2012-04-20 12:01 - 0000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim
2012-04-20 12:07 - 2012-04-20 12:07 - 0001189 ____A C:\Users\Ryan\Desktop\The Elder Scrolls V Skyrim.lnk
2012-04-20 10:50 - 2012-04-20 10:50 - 0000000 ____D C:\Program Files (x86)\1ClickDownload
2012-04-20 00:18 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-04-20 00:17 - 2012-04-20 00:17 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-18 13:40 - 2012-04-08 07:30 - 0768778 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-18 11:17 - 2012-04-18 11:17 - 0000000 ____D C:\Users\Ryan\Downloads\Benny Benassi - Cinema
2012-04-18 11:12 - 2012-04-18 11:11 - 8906667 ____A C:\Users\Ryan\Downloads\Cobra Starship - You Make Me Feel...(feat. Sabi).mp3
2012-04-17 12:40 - 2012-04-17 12:40 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\Notepad++
2012-04-17 12:40 - 2012-04-17 12:40 - 0000000 ____D C:\Program Files (x86)\Notepad++
2012-04-17 12:30 - 2012-04-17 12:30 - 0000000 ____D C:\Users\Ryan\AppData\Local\Macroplant
2012-04-17 12:30 - 2012-01-17 12:56 - 0000000 ____D C:\Users\Ryan\AppData\Local\Apple Computer
2012-04-17 12:29 - 2012-04-17 12:29 - 0001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-04-17 12:29 - 2012-04-17 12:29 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-04-17 12:22 - 2012-04-17 12:21 - 0000000 ____D C:\Program Files (x86)\iExplorer
2012-04-17 07:59 - 2012-04-17 07:59 - 0000000 ____D C:\Program Files (x86)\NETGEAR
2012-04-16 10:44 - 2012-04-16 10:44 - 0000000 ____D C:\Users\Ryan\Downloads\Jessie J ft. David Guetta - Laserlight (Original Mix) [Single]-Sebastian[Ub3r]
2012-04-13 09:05 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-04-13 03:19 - 2012-04-13 03:19 - 0000000 ____D C:\Users\Ryan\AppData\Local\MetaGeek,_LLC
2012-04-13 03:13 - 2012-04-13 03:13 - 0000000 ____D C:\Program Files (x86)\MetaGeek
2012-04-12 15:41 - 2009-07-13 21:08 - 0032612 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-11 15:05 - 2009-07-13 18:34 - 0000478 ____A C:\Windows\win.ini
2012-04-11 15:04 - 2012-04-11 15:04 - 0000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-04-11 15:04 - 2012-04-11 15:04 - 0000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-04-10 09:40 - 2012-04-09 13:10 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\TweetAdder3
2012-04-10 03:26 - 2009-07-13 18:34 - 0001541 ____A C:\Windows\System32\Drivers\etc\hosts
2012-04-10 02:50 - 2012-04-10 02:50 - 0000000 ____D C:\Program Files (x86)\Tweet Adder 3
2012-04-09 13:43 - 2012-01-08 08:45 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\Adobe
2012-04-09 13:26 - 2012-04-09 13:25 - 0000000 ____D C:\xampp
2012-04-09 13:19 - 2012-04-09 13:18 - 0000000 ____D C:\wamp
2012-04-09 07:01 - 2012-04-09 07:01 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-04-09 07:01 - 2012-04-09 07:01 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-04-09 07:01 - 2012-04-09 07:01 - 0000000 ____D C:\Users\All Users\Skype
2012-04-09 06:31 - 2012-04-09 06:31 - 0000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-04-08 12:41 - 2012-04-08 12:12 - 0000000 ____D C:\Users\Ryan\Desktop\Family Guy
2012-04-08 07:53 - 2012-04-08 07:27 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\Samsung
2012-04-08 07:52 - 2012-04-08 07:52 - 0000000 ____D C:\Program Files (x86)\MarkAny
2012-04-08 07:47 - 2012-04-08 07:32 - 0000000 ____D C:\Users\Ryan\Documents\NPS
2012-04-08 07:31 - 2012-04-08 07:31 - 0000000 ____D C:\Users\Ryan\Documents\My Art
2012-04-08 07:28 - 2012-04-08 07:28 - 0000000 ____D C:\Users\All Users\Samsung
2012-04-08 07:28 - 2012-04-08 07:20 - 0000000 ____D C:\Program Files (x86)\Samsung
2012-04-08 07:27 - 2012-04-08 07:27 - 0000000 ____D C:\Users\Ryan\Documents\Samsung
2012-04-08 07:27 - 2012-04-08 07:27 - 0000000 ____D C:\Users\Ryan\Documents\My NPS Files
2012-04-08 07:25 - 2012-04-08 07:25 - 0000000 ____D C:\Users\Ryan\AppData\Local\Downloaded Installations
2012-04-08 07:22 - 2012-04-08 07:20 - 0000000 ____D C:\Windows\SysWOW64\Samsung_USB_Drivers
2012-04-08 05:44 - 2012-04-08 05:37 - 9351313 ____A C:\Users\Ryan\Downloads\Labrinth_-_Last_Time_-_DOPEHOOD_COM(fans_ge).mp3
2012-04-06 15:25 - 2012-04-06 15:07 - 0000600 ____A C:\Users\Ryan\AppData\Roaming\winscp.rnd
2012-04-06 15:24 - 2012-04-06 15:24 - 0000132 ____A C:\Users\Ryan\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-04-06 15:07 - 2012-04-06 15:07 - 0000000 ____D C:\Program Files (x86)\WinSCP
2012-04-06 10:59 - 2012-01-08 08:45 - 0000000 ____D C:\Users\Ryan\AppData\Local\Adobe
2012-04-05 10:58 - 2012-04-05 10:58 - 0000000 ____D C:\Users\Ryan\Downloads\Tulisa - Young (2012@oG)
2012-04-05 10:57 - 2012-04-05 10:57 - 6255970 ____A C:\Users\Ryan\Downloads\Carly Rae Jepsen - Call Me Maybe.mp3
2012-04-04 13:50 - 2012-02-12 14:07 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\vlc
2012-04-04 06:56 - 2012-06-02 02:18 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 05:45 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2012-04-02 01:03 - 2012-01-17 12:56 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\Apple Computer
2012-04-01 02:39 - 2012-04-01 02:39 - 0001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-01 02:39 - 2012-04-01 02:39 - 0000000 ____D C:\Program Files\iTunes
2012-04-01 02:39 - 2012-04-01 02:39 - 0000000 ____D C:\Program Files\iPod
2012-04-01 02:39 - 2012-03-18 02:43 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-01 02:37 - 2012-01-17 12:53 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-03-31 04:12 - 2012-03-31 04:12 - 0000000 ____D C:\Users\Ryan\Documents\ALI213
2012-03-31 04:07 - 2012-03-31 04:04 - 0000000 ____D C:\Program Files (x86)\Ridge Racer Unbounded
2012-03-30 22:05 - 2012-05-09 14:25 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-09 14:25 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-09 14:25 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-09 14:25 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-09 14:23 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 13:01 - 2012-03-29 11:00 - 0000000 ____D C:\Users\Ryan\Downloads\Top.250.Hits.of.the.90s
2012-03-29 11:09 - 2012-03-29 11:02 - 0000000 ____D C:\Users\Ryan\Downloads\Billboard Top 100 of 2001
2012-03-17 11:52 - 2012-03-17 11:52 - 0194908 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-03-17 04:59 - 2012-03-17 04:47 - 0000000 ____D C:\Users\Ryan\Downloads\Billboard Hot 100 03-24-2012
2012-03-16 23:58 - 2012-05-09 14:24 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-15 13:53 - 2012-03-15 13:53 - 0000000 ____D C:\Windows\Sun
2012-03-12 10:39 - 2002-01-01 21:19 - 0000000 ____D C:\Windows.old
2012-03-11 13:56 - 2012-03-11 13:53 - 0000000 ____D C:\Users\Ryan\Desktop\Graphic AS
2012-03-11 08:12 - 2012-01-08 08:54 - 0000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-03-11 08:07 - 2012-01-08 08:54 - 0000000 ____D C:\Program Files\Adobe
2012-03-11 08:07 - 2012-01-08 08:51 - 0000000 ____D C:\Program Files\Common Files\Adobe
2012-03-11 08:06 - 2012-01-08 08:48 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-03-11 08:03 - 2012-03-11 08:03 - 0000000 ____D C:\Users\All Users\ALM
2012-03-11 08:02 - 2012-01-08 08:47 - 0000000 ____D C:\Users\All Users\Adobe
2012-03-11 07:57 - 2012-03-11 07:57 - 0000000 ____D C:\Users\Ryan\Adobe Flash Builder 4.5
2012-03-11 07:48 - 2012-03-11 07:48 - 0000000 ____D C:\Program Files (x86)\Adobe Story
2012-03-11 07:45 - 2012-03-11 07:45 - 0000000 ____D C:\Program Files (x86)\My Company Name
2012-03-09 11:36 - 2012-03-09 11:13 - 0000000 ____D C:\Users\Ryan\Documents\iRacing
2012-03-09 10:43 - 2012-03-09 10:40 - 0000000 ____D C:\Program Files (x86)\iRacing
2012-03-09 10:39 - 2012-03-09 10:39 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\InstallShield
2012-03-09 08:54 - 2012-03-09 08:54 - 0466520 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-03-09 08:54 - 2012-03-09 08:54 - 0000000 ____D C:\Program Files (x86)\OpenAL
2012-03-09 08:54 - 2012-01-09 08:44 - 0445016 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-03-09 08:53 - 2012-02-06 09:31 - 0000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-03-09 08:37 - 2012-03-09 08:37 - 0000000 ____D C:\Program Files (x86)\Codemasters

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4095.12 MB
Available physical RAM: 3481.51 MB
Total Pagefile: 4093.27 MB
Available Pagefile: 3465.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.75 GB) (Free:178.91 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
3 Drive e: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 9 MB
Disk 1 Online 1907 MB 0 B
Disk 2 Online 465 GB 1024 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 31 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 465 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1907 MB 64 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E FAT Removable 1907 MB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 31 KB

======================================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F RAW Partition 465 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-30 02:22

======================= End Of Log ==========================

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:49 PM

Posted 04 June 2012 - 07:12 AM

Hi,

Please do the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
C:\Windows\System32\consrv.dll
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [NPSStartup] [x]
c:\windows\assembly\gac_64\desktop.ini
c:\windows\assembly\gac_32\desktop.ini
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Killerbob

Killerbob
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 04 June 2012 - 08:14 AM

Hello everything went fine this time here is the log from the FRST fix log

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 03-06-2012
Ran by SYSTEM at 2012-06-04 13:34:33 Run:1
Running from E:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
C:\Windows\System32\consrv.dll not found.
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
HKLM-x32\\\.\.\.\\Run\\NPSStartup Value deleted successfully.
C:\windows\assembly\gac_64\desktop.ini moved successfully.
C:\windows\assembly\gac_32\desktop.ini not found.

==== End of Fixlog ====







Here is the log from combofix


ComboFix 12-06-03.05 - Ryan 04/06/2012 13:56:36.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4095.2676 [GMT 1:00]
Running from: c:\users\Ryan\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe
c:\program files (x86)\facemoods.com\sqlite3.dll
c:\program files (x86)\iexplorer
c:\program files (x86)\iexplorer\AxInterop.QTOControlLib.dll
c:\program files (x86)\iexplorer\ICSharpCode.SharpZipLib.dll
c:\program files (x86)\iexplorer\iExplorer.exe
c:\program files (x86)\iexplorer\Interop.QTOControlLib.dll
c:\program files (x86)\iexplorer\Interop.QTOLibrary.dll
c:\program files (x86)\iexplorer\isxdl.dll
c:\program files (x86)\iexplorer\MPCrashReporter.dll
c:\program files (x86)\iexplorer\MPUpdater.dll
c:\program files (x86)\iexplorer\msvcr71.dll
c:\program files (x86)\iexplorer\PodPhone2.dll
c:\program files (x86)\iexplorer\unins000.dat
c:\program files (x86)\iexplorer\unins000.exe
c:\program files (x86)\iexplorer\unins000.msg
c:\windows\SysWow64\tmpADBC.tmp
c:\windows\SysWow64\tmpADCC.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))
.
.
2012-06-04 18:38 . 2012-06-04 18:39 -------- d-----w- C:\FRST
2012-06-04 13:03 . 2012-06-04 13:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-04 13:03 . 2012-06-04 13:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-03 22:13 . 2012-06-03 22:13 958440 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-03 22:13 . 2012-06-03 22:13 838120 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-03 21:10 . 2012-02-03 18:56 195072 ----a-w- c:\windows\system32\OpenAL64.dll
2012-06-03 14:53 . 2012-06-03 22:12 -------- d-----w- c:\program files\Java
2012-06-03 14:50 . 2012-06-03 14:50 772552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-02 10:19 . 2012-06-02 10:19 -------- d-----w- c:\users\Ryan\AppData\Roaming\Malwarebytes
2012-06-02 10:18 . 2012-06-02 10:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-02 10:18 . 2012-06-02 10:18 -------- d-----w- c:\programdata\Malwarebytes
2012-06-02 10:18 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-01 15:31 . 2012-06-01 15:31 -------- d-----w- c:\windows\SysWow64\drivers\avg
2012-06-01 09:09 . 2012-06-01 09:09 13048 ----a-w- c:\windows\system32\avgrssta.dll
2012-06-01 09:07 . 2012-06-01 09:09 56008 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2012-06-01 09:07 . 2012-06-01 09:09 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-06-01 09:07 . 2012-06-01 15:31 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-06-01 09:07 . 2012-06-04 09:32 -------- d-----w- c:\windows\system32\drivers\Avg
2012-06-01 09:07 . 2012-06-01 09:09 35664 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-06-01 09:06 . 2012-06-01 09:06 -------- d-----w- c:\program files (x86)\AVG
2012-06-01 09:06 . 2012-06-03 20:44 -------- d-----w- c:\programdata\avg9
2012-05-31 16:23 . 2012-05-31 16:23 -------- d-----w- c:\users\Ryan\AppData\Roaming\Milestone
2012-05-31 16:16 . 2012-05-31 16:16 -------- d-----w- c:\program files (x86)\Milestone
2012-05-31 16:04 . 2012-05-31 16:04 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-05-31 09:03 . 2012-05-31 09:03 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-31 09:03 . 2012-04-21 01:19 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-05-31 09:03 . 2012-04-21 01:19 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-31 09:03 . 2012-04-21 01:19 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-31 09:03 . 2012-04-21 01:18 588728 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-05-25 22:33 . 2012-05-25 22:33 -------- d-----w- c:\users\Ryan\AppData\Local\FLT
2012-05-25 22:19 . 2012-06-04 05:31 -------- d-----w- c:\program files (x86)\DiRT Showdown
2012-05-25 15:49 . 2012-05-25 15:49 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-05-25 15:12 . 2012-05-25 15:49 -------- d-----w- c:\program files (x86)\Diablo III Beta
2012-05-25 15:12 . 2012-05-25 15:12 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-05-25 15:11 . 2012-05-25 15:11 -------- d-----w- c:\programdata\Battle.net
2012-05-21 15:46 . 2012-05-21 15:46 -------- d-----w- c:\program files (x86)\Cheat Engine 6.2
2012-05-21 07:36 . 2012-05-21 07:36 -------- d-----w- c:\programdata\AVG Secure Search
2012-05-21 07:36 . 2012-05-21 07:36 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-05-21 07:36 . 2012-05-21 07:36 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-05-21 07:36 . 2012-05-21 07:36 -------- d--h--w- c:\programdata\Common Files
2012-05-20 19:07 . 2012-05-20 19:07 -------- d-----w- c:\users\Ryan\AppData\Local\CrashRpt
2012-05-20 18:42 . 2012-05-20 18:42 -------- d-----w- c:\program files (x86)\Atari
2012-05-20 18:40 . 2012-05-20 18:41 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-20 18:40 . 2012-06-02 10:12 -------- d-----w- c:\users\Ryan\AppData\Roaming\DAEMON Tools Pro
2012-05-20 18:40 . 2012-05-20 18:40 -------- d-----w- c:\users\Ryan\AppData\Roaming\OpenCandy
2012-05-20 18:40 . 2012-05-20 18:40 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro
2012-05-20 18:40 . 2012-05-20 18:42 -------- d-----w- c:\programdata\DAEMON Tools Pro
2012-05-09 22:25 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-09 22:25 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-09 22:25 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 22:25 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-09 22:25 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-09 22:25 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 22:24 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 22:23 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 22:23 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 22:23 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 22:23 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 22:23 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 22:23 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-06 15:40 . 2012-05-06 15:40 -------- d-----w- c:\program files (x86)\Fiddler2
2012-05-05 21:12 . 2012-05-05 23:46 -------- d-----w- c:\programdata\firebird
2012-05-05 21:12 . 2012-05-05 21:12 -------- d-----w- c:\program files (x86)\SpacialAudio
2012-05-05 21:12 . 2010-09-17 10:13 548864 ----a-w- c:\windows\SysWow64\GDS32.DLL
2012-05-05 21:12 . 2010-09-17 10:16 462848 ----a-w- c:\windows\SysWow64\Firebird2Control.cpl
2012-05-05 21:12 . 2012-05-05 21:12 -------- d-----w- c:\program files (x86)\Firebird
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-03 14:50 . 2012-02-03 18:54 687560 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-31 16:03 . 2012-04-20 08:18 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-31 16:03 . 2012-03-21 16:31 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 17:02 . 2012-05-29 15:21 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{66D987DB-4AB4-4A1A-B3B4-847620991E8F}\mpengine.dll
2012-05-04 20:42 . 2012-04-20 08:42 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 18:02 . 2012-03-09 16:54 122904 ----a-w- c:\windows\system32\OpenAL32.dll.bak
2012-05-04 18:02 . 2012-01-09 16:44 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-03-09 16:54 . 2012-03-09 16:54 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-03-09 16:54 . 2012-01-09 16:44 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-05-21 07:36 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-05-21 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-05-21 982880]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2012-06-01 2077536]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3200 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe [2012-4-17 565248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-31 257696]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNDA3200\jswpsapi.exe [2009-11-05 954368]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [x]
S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [x]
S1 AvgTdiA;AVG Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2012-06-01 308136]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]
S2 iRacingService;iRacing helper service;c:\program files (x86)\iRacing\iRacingService.exe [2012-02-15 473768]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-05-21 918880]
S2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe [2010-06-23 167936]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 16:03]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-316443158-2896579251-2807000262-1001Core.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-01 09:32]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-316443158-2896579251-2807000262-1001UA.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-01 09:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={282B69FD-A1C5-41E0-A29E-DFC1C2C243BE}&mid=f6398e78952a47d0adea1929468c993a-c18b324d263d484c258c3d21e95012f1dd1e3e4c&lang=en&ds=od011&pr=sa&d=2012-05-21 08:36&v=10.2.0.3&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\yqgi4h2v.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe
AddRemove-{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1 - c:\program files (x86)\iExplorer\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-316443158-2896579251-2807000262-1001\Software\SecuROM\License information*]
"datasecu"=hex:30,cd,a2,11,f9,2a,ec,7b,97,08,43,2d,92,1f,f4,ca,e5,07,d5,4f,84,
2f,26,b3,b4,0c,c9,2c,65,ff,3f,3f,da,17,2c,bb,a7,e4,d6,c2,fc,4a,d9,01,a4,9b,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\AVG\AVG9\avgam.exe
c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
c:\program files (x86)\AVG\AVG9\avgtray.exe
.
**************************************************************************
.
Completion time: 2012-06-04 14:11:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-04 13:11
.
Pre-Run: 197,393,457,152 bytes free
Post-Run: 197,139,804,160 bytes free
.
- - End Of File - - E463FECBB2E078E11982EB829F4865BF

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:49 PM

Posted 04 June 2012 - 10:06 AM

Hi,

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish


NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 Killerbob

Killerbob
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 04 June 2012 - 01:42 PM

MalwareBytes AntiMalware LOG

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.04.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ryan :: RYAN-PC [administrator]

Protection: Enabled

04/06/2012 16:15:58
mbam-log-2012-06-04 (16-15-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226041
Time elapsed: 10 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{3908765d-0608-3d3a-c968-c6260944d284}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)




ESET Scan log

C:\Mirserver\DBServer\DBServer-Bak.exe Win32/Packed.Themida.E trojan
C:\Mirserver\DBServer\DBServer.exe Win32/Packed.Themida.E trojan
C:\Mirserver\GameGate\RunGate.exe Win32/Packed.Themida.E trojan
C:\Mirserver\LoginGate\LoginGate.exe Win32/Packed.Themida.E trojan
C:\Mirserver\LoginSrv\LoginSrv.exe Win32/Packed.Themida.E trojan
C:\Mirserver\LogServer\LogDataServer.exe a variant of Win32/Packed.Themida application
C:\Mirserver\LogServer\LogDataServer_AVG_RESTORED.exe a variant of Win32/Packed.Themida application
C:\Mirserver\LogServer\LogDataServer_AVG_RESTORED_1.exe a variant of Win32/Packed.Themida application
C:\Mirserver\M2Server\M2Server.exe Win32/Packed.Themida.E trojan
C:\Mirserver\M2Server\mir2.exe Win32/Packed.Themida.E trojan
C:\Mirserver\SelGate\SelGate.exe Win32/Packed.Themida.E trojan
C:\Program Files (x86)\1ClickDownload\uninstall.exe Win32/Adware.1ClickDownload application
C:\Program Files (x86)\Cheat Engine 6.2\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application
C:\Program Files (x86)\LIMBO\limbo_lang.exe a variant of Win32/Kryptik.EIF trojan
C:\Program Files (x86)\Milestone\MUD\rld.dll a variant of Win32/Packed.VMProtect.AAH trojan
C:\Users\Ryan\Desktop\Gaming\SBK.Generations-RELOADED\rld-sbkgen\rld-sbkgen.iso a variant of Win32/Packed.VMProtect.AAH trojan
C:\Users\Ryan\Downloads\AVG Anti-Virus Professional 9.0 Build 663a1706 + Keygen [RH]\AVGAV.9.0.663a1706_[RH].rar a variant of Win32/Keygen.CJ application
C:\Users\Ryan\Downloads\MUD.FIM.Motocross.World.Championship-RELOADED\rld-mfwc.iso a variant of Win32/Packed.VMProtect.AAH trojan
C:\Windows\Installer\{3908765d-0608-3d3a-c968-c6260944d284}\U\80000000.@ Win64/Sirefef.AE trojan
C:\Windows\Installer\{3908765d-0608-3d3a-c968-c6260944d284}\U\80000032.@ probably a variant of Win32/Sirefef.EU trojan
C:\Windows\Installer\{3908765d-0608-3d3a-c968-c6260944d284}\U\80000064.@ Win64/Sirefef.AE trojan






The computer hasnt reported the virus through AVG at all and I think the search engine redirecting has stopped.

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:49 PM

Posted 04 June 2012 - 01:52 PM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic455645.html/page__pid__2720066#entry2720066

Collect::
C:\Windows\Installer\{3908765d-0608-3d3a-c968-c6260944d284}\U\80000000.@ 
C:\Windows\Installer\{3908765d-0608-3d3a-c968-c6260944d284}\U\80000032.@ 
C:\Windows\Installer\{3908765d-0608-3d3a-c968-c6260944d284}\U\80000064.@ 

Folder::
C:\Windows\Installer\{3908765d-0608-3d3a-c968-c6260944d284}

File::
C:\Program Files (x86)\1ClickDownload\uninstall.exe 
C:\Program Files (x86)\LIMBO\limbo_lang.exe 
C:\Program Files (x86)\Milestone\MUD\rld.dll 
C:\Users\Ryan\Desktop\Gaming\SBK.Generations-RELOADED\rld-sbkgen\rld-sbkgen.iso 
C:\Users\Ryan\Downloads\AVG Anti-Virus Professional 9.0 Build 663a1706 + Keygen [RH]\AVGAV.9.0.663a1706_[RH].rar 
C:\Users\Ryan\Downloads\MUD.FIM.Motocross.World.Championship-RELOADED\rld-mfwc.iso 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 Killerbob

Killerbob
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 04 June 2012 - 02:18 PM

Here is the log from ComboFix


ComboFix 12-06-04.02 - Ryan 04/06/2012 19:59:54.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4095.2511 [GMT 1:00]
Running from: c:\users\Ryan\Desktop\ComboFix.exe
Command switches used :: c:\users\Ryan\Desktop\CFScript.txt
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\1ClickDownload\uninstall.exe"
"c:\program files (x86)\LIMBO\limbo_lang.exe"
"c:\program files (x86)\Milestone\MUD\rld.dll"
"c:\users\Ryan\Desktop\Gaming\SBK.Generations-RELOADED\rld-sbkgen\rld-sbkgen.iso"
"c:\users\Ryan\Downloads\AVG Anti-Virus Professional 9.0 Build 663a1706 + Keygen [RH]\AVGAV.9.0.663a1706_[RH].rar"
"c:\users\Ryan\Downloads\MUD.FIM.Motocross.World.Championship-RELOADED\rld-mfwc.iso"
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\1ClickDownload\uninstall.exe
c:\program files (x86)\LIMBO\limbo_lang.exe
c:\program files (x86)\Milestone\MUD\rld.dll
c:\users\Ryan\Desktop\Gaming\SBK.Generations-RELOADED\rld-sbkgen\rld-sbkgen.iso
c:\users\Ryan\Downloads\AVG Anti-Virus Professional 9.0 Build 663a1706 + Keygen [RH]\AVGAV.9.0.663a1706_[RH].rar
c:\users\Ryan\Downloads\MUD.FIM.Motocross.World.Championship-RELOADED\rld-mfwc.iso
c:\windows\Installer\{3908765d-0608-3d3a-c968-c6260944d284}
c:\windows\Installer\{3908765d-0608-3d3a-c968-c6260944d284}\@
c:\windows\Installer\{3908765d-0608-3d3a-c968-c6260944d284}\L\00000004.@
c:\windows\Installer\{3908765d-0608-3d3a-c968-c6260944d284}\L\1afb2d56
c:\windows\Installer\{3908765d-0608-3d3a-c968-c6260944d284}\L\201d3dde
c:\windows\Installer\{3908765d-0608-3d3a-c968-c6260944d284}\U\00000004.@
c:\windows\Installer\{3908765d-0608-3d3a-c968-c6260944d284}\U\000000cb.@
c:\windows\Installer\{3908765d-0608-3d3a-c968-c6260944d284}\U\80000000.@
c:\windows\Installer\{3908765d-0608-3d3a-c968-c6260944d284}\U\80000032.@
c:\windows\Installer\{3908765d-0608-3d3a-c968-c6260944d284}\U\80000064.@
.
.
((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))
.
.
2012-06-04 19:06 . 2012-06-04 19:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-04 19:06 . 2012-06-04 19:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-04 18:38 . 2012-06-04 18:39 -------- d-----w- C:\FRST
2012-06-04 15:33 . 2012-06-04 15:33 -------- d-----w- c:\program files (x86)\ESET
2012-06-03 22:13 . 2012-06-03 22:13 958440 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-03 22:13 . 2012-06-03 22:13 838120 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-03 21:10 . 2012-02-03 18:56 195072 ----a-w- c:\windows\system32\OpenAL64.dll
2012-06-03 14:53 . 2012-06-03 22:12 -------- d-----w- c:\program files\Java
2012-06-03 14:50 . 2012-06-03 14:50 772552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-02 10:19 . 2012-06-02 10:19 -------- d-----w- c:\users\Ryan\AppData\Roaming\Malwarebytes
2012-06-02 10:18 . 2012-06-02 10:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-02 10:18 . 2012-06-02 10:18 -------- d-----w- c:\programdata\Malwarebytes
2012-06-02 10:18 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-01 15:31 . 2012-06-01 15:31 -------- d-----w- c:\windows\SysWow64\drivers\avg
2012-06-01 09:09 . 2012-06-01 09:09 13048 ----a-w- c:\windows\system32\avgrssta.dll
2012-06-01 09:07 . 2012-06-01 09:09 56008 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2012-06-01 09:07 . 2012-06-01 09:09 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-06-01 09:07 . 2012-06-01 15:31 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-06-01 09:07 . 2012-06-04 09:32 -------- d-----w- c:\windows\system32\drivers\Avg
2012-06-01 09:07 . 2012-06-01 09:09 35664 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-06-01 09:06 . 2012-06-01 09:06 -------- d-----w- c:\program files (x86)\AVG
2012-06-01 09:06 . 2012-06-03 20:44 -------- d-----w- c:\programdata\avg9
2012-05-31 16:23 . 2012-05-31 16:23 -------- d-----w- c:\users\Ryan\AppData\Roaming\Milestone
2012-05-31 16:16 . 2012-05-31 16:16 -------- d-----w- c:\program files (x86)\Milestone
2012-05-31 16:04 . 2012-05-31 16:04 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-05-31 09:03 . 2012-05-31 09:03 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-31 09:03 . 2012-04-21 01:19 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-05-31 09:03 . 2012-04-21 01:19 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-31 09:03 . 2012-04-21 01:19 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-31 09:03 . 2012-04-21 01:18 588728 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-05-25 22:33 . 2012-05-25 22:33 -------- d-----w- c:\users\Ryan\AppData\Local\FLT
2012-05-25 22:19 . 2012-06-04 05:31 -------- d-----w- c:\program files (x86)\DiRT Showdown
2012-05-25 15:49 . 2012-05-25 15:49 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-05-25 15:12 . 2012-05-25 15:49 -------- d-----w- c:\program files (x86)\Diablo III Beta
2012-05-25 15:12 . 2012-05-25 15:12 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-05-25 15:11 . 2012-05-25 15:11 -------- d-----w- c:\programdata\Battle.net
2012-05-21 15:46 . 2012-05-21 15:46 -------- d-----w- c:\program files (x86)\Cheat Engine 6.2
2012-05-21 07:36 . 2012-05-21 07:36 -------- d-----w- c:\programdata\AVG Secure Search
2012-05-21 07:36 . 2012-05-21 07:36 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-05-21 07:36 . 2012-05-21 07:36 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-05-21 07:36 . 2012-05-21 07:36 -------- d--h--w- c:\programdata\Common Files
2012-05-20 19:07 . 2012-05-20 19:07 -------- d-----w- c:\users\Ryan\AppData\Local\CrashRpt
2012-05-20 18:42 . 2012-05-20 18:42 -------- d-----w- c:\program files (x86)\Atari
2012-05-20 18:40 . 2012-05-20 18:41 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-20 18:40 . 2012-06-02 10:12 -------- d-----w- c:\users\Ryan\AppData\Roaming\DAEMON Tools Pro
2012-05-20 18:40 . 2012-05-20 18:40 -------- d-----w- c:\users\Ryan\AppData\Roaming\OpenCandy
2012-05-20 18:40 . 2012-05-20 18:40 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro
2012-05-20 18:40 . 2012-05-20 18:42 -------- d-----w- c:\programdata\DAEMON Tools Pro
2012-05-09 22:25 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-09 22:25 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-09 22:25 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 22:25 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-09 22:25 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-09 22:25 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 22:24 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 22:23 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 22:23 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 22:23 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 22:23 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 22:23 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 22:23 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-06 15:40 . 2012-05-06 15:40 -------- d-----w- c:\program files (x86)\Fiddler2
2012-05-05 21:12 . 2012-05-05 23:46 -------- d-----w- c:\programdata\firebird
2012-05-05 21:12 . 2012-05-05 21:12 -------- d-----w- c:\program files (x86)\SpacialAudio
2012-05-05 21:12 . 2010-09-17 10:13 548864 ----a-w- c:\windows\SysWow64\GDS32.DLL
2012-05-05 21:12 . 2010-09-17 10:16 462848 ----a-w- c:\windows\SysWow64\Firebird2Control.cpl
2012-05-05 21:12 . 2012-05-05 21:12 -------- d-----w- c:\program files (x86)\Firebird
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-03 14:50 . 2012-02-03 18:54 687560 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-31 16:03 . 2012-04-20 08:18 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-31 16:03 . 2012-03-21 16:31 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 17:02 . 2012-05-29 15:21 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{66D987DB-4AB4-4A1A-B3B4-847620991E8F}\mpengine.dll
2012-05-04 20:42 . 2012-04-20 08:42 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 18:02 . 2012-03-09 16:54 122904 ----a-w- c:\windows\system32\OpenAL32.dll.bak
2012-05-04 18:02 . 2012-01-09 16:44 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-03-09 16:54 . 2012-03-09 16:54 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-03-09 16:54 . 2012-01-09 16:44 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-04_13.05.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-08 17:44 . 2012-06-04 19:09 47036 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-04 19:09 29742 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-08 16:35 . 2012-06-04 19:09 13920 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-316443158-2896579251-2807000262-1001_UserData.bin
- 2012-06-04 13:04 . 2012-06-04 13:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-04 19:07 . 2012-06-04 19:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-04 13:04 . 2012-06-04 13:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-04 19:07 . 2012-06-04 19:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-06-04 13:03 490288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-04 19:06 490288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-18 15:36 . 2012-06-04 19:06 39202248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-316443158-2896579251-2807000262-1001-12288.dat
- 2012-02-18 15:36 . 2012-06-04 13:03 39202248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-316443158-2896579251-2807000262-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-05-21 07:36 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-05-21 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-05-21 982880]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2012-06-01 2077536]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3200 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe [2012-4-17 565248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-31 257696]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNDA3200\jswpsapi.exe [2009-11-05 954368]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [x]
S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [x]
S1 AvgTdiA;AVG Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2012-06-01 308136]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]
S2 iRacingService;iRacing helper service;c:\program files (x86)\iRacing\iRacingService.exe [2012-02-15 473768]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-05-21 918880]
S2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe [2010-06-23 167936]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 16:03]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-316443158-2896579251-2807000262-1001Core.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-01 09:32]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-316443158-2896579251-2807000262-1001UA.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-01 09:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={282B69FD-A1C5-41E0-A29E-DFC1C2C243BE}&mid=f6398e78952a47d0adea1929468c993a-c18b324d263d484c258c3d21e95012f1dd1e3e4c&lang=en&ds=od011&pr=sa&d=2012-05-21 08:36&v=10.2.0.3&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\yqgi4h2v.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-1ClickDownloader - c:\program files (x86)\1ClickDownload\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-316443158-2896579251-2807000262-1001\Software\SecuROM\License information*]
"datasecu"=hex:30,cd,a2,11,f9,2a,ec,7b,97,08,43,2d,92,1f,f4,ca,e5,07,d5,4f,84,
2f,26,b3,b4,0c,c9,2c,65,ff,3f,3f,da,17,2c,bb,a7,e4,d6,c2,fc,4a,d9,01,a4,9b,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\AVG\AVG9\avgam.exe
c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
c:\program files (x86)\AVG\AVG9\avgtray.exe
.
**************************************************************************
.
Completion time: 2012-06-04 20:14:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-04 19:14
ComboFix2.txt 2012-06-04 13:11
.
Pre-Run: 195,393,167,360 bytes free
Post-Run: 195,352,477,696 bytes free
.
- - End Of File - - 08DDEC29AAFFAAD5F4AC52E519B143CE
Upload was successful

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:49 PM

Posted 04 June 2012 - 02:22 PM

Hi

Your Java is out of date, please go to Start > Control Panel > Programs and Features and remove the Java program from your system,

now download the latest Java version 7 update 4 from the following link and install it:


http://java.com/en/download/index.jsp


NEXT


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 Killerbob

Killerbob
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 04 June 2012 - 02:29 PM

Updated Java to version 7 update 4

The redirecting of search engines has stopped and I haven't had AVG say about the trojan for a while.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users