Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by SIREFEF-PL


  • This topic is locked This topic is locked
16 replies to this topic

#1 kudinov

kudinov

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 09 June 2012 - 10:06 AM

Hi People,

Recently realized that I has been infected by some malware soft. Symptoms:
1. Chrome constantly redirects google
2. Slowed perfomance
3. AVG 9.0 blaming Services.exe to be 'Patched by Horse Trojan' all the time with no further clarification and option to cure
4. aswMBR found two infected SIREFEF-PL in Windows/Assembly, but then runs for hours in checking My Documents Folder
5. ComboFix run at my own risk disappears unexpectedly right after files extraction
6. Windows Firewall does not want to run (Error Code 0x80070424) - not curable by Windows FixIt
7. FixTDSS, GooredFix, tdsskiller, MBRCheck do not find anything

Seems I have got into real trouble, and count on your help. I would appreciate if Gringo_pr or someone like him will take care of me.

Thank you very much!

___
Log from DDS

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Stun at 0:47:56 on 2012-06-10
Microsoft Windows 7 Домашняя расширенная 6.1.7601.1.1251.7.1049.18.4028.2123 [GMT 10:00]
.
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\WinSplit Revolution\WinSplit.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
C:\Program Files (x86)\ABBYY Lingvo 12\Tutor.exe
C:\Program Files (x86)\JRT Studio\iSyncr\iSyncr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\WinSplit Revolution\WinSplitDrvr32.exe
C:\Program Files (x86)\WinSplit Revolution\WinSplitDrvr64.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\ABBYY Lingvo 12\LvAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\1Password\Agile1pAgent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\1Password\Agile1pService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\SysWOW64\srvany.exe
C:\Windows\system32\conhost.exe
C:\Windows\KMService.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\1810tray.53\1810Tray.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_4810t&r=273601100806l0398z185t4861b150
uSearch Bar = Preserve
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_4810t&r=273601100806l0398z185t4861b150
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: 1Password: {cb1a24da-7416-4921-a0cf-5aa1160aae2a} - C:\PROGRA~2\1PASSW~1\AGILE1~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge]
uRun: [Winsplit] C:\Program Files (x86)\WinSplit Revolution\WinSplit.exe
uRun: [Google Update] "C:\Users\Stun\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Tutor.exe] C:\Program Files (x86)\ABBYY Lingvo 12\Tutor.exe /AS
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Lingvo Launcher] "C:\Program Files (x86)\ABBYY Lingvo 12\Lvagent.exe" /STARTUP
mRun: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Agile1pAgent] C:\Program Files (x86)\1Password\Agile1pAgent.exe
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
StartupFolder: C:\Users\Stun\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Stun\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Stun\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\iSyncr.lnk - C:\Windows\Installer\{90B02E49-CFDD-405C-A508-122BB98D2471}\_6AB9B392AAC9001DFFC0EB.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE:
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google ВикиКомментарии... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201
IE: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203
IE: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204
IE: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202
IE: {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - {5D7B119E-062F-476B-A5E7-797FAF554BA2} - C:\PROGRA~2\1PASSW~1\AGILE1~1.DLL
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://extraweb-emea.ey.com/su010/iNotes6W.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1890AFAE-35E8-4EAD-929D-843496034A69} : DhcpNameServer = 139.130.4.4 203.50.2.71
TCP: Interfaces\{5A1D8838-B5EA-480A-A953-665F3BEB58C7} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5A1D8838-B5EA-480A-A953-665F3BEB58C7}\251646963737F6E6026457E6364796F6E60225D4 : DhcpNameServer = 175.103.29.138
TCP: Interfaces\{5A1D8838-B5EA-480A-A953-665F3BEB58C7}\251646963737F6E6D284F64756C6 : DhcpNameServer = 175.103.29.138
TCP: Interfaces\{5A1D8838-B5EA-480A-A953-665F3BEB58C7}\251646963737F6E6D2C4F6262697 : DhcpNameServer = 175.103.29.138
TCP: Interfaces\{5A1D8838-B5EA-480A-A953-665F3BEB58C7}\359746E656973496479775966496 : DhcpNameServer = 10.1.243.1
TCP: Interfaces\{5A1D8838-B5EA-480A-A953-665F3BEB58C7}\57E6966756273716C6E6564777F627B6 : DhcpNameServer = 202.96.209.5
TCP: Interfaces\{5A1D8838-B5EA-480A-A953-665F3BEB58C7}\761627962616C646 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5A1D8838-B5EA-480A-A953-665F3BEB58C7}\94053414D2F447865627 : DhcpNameServer = 192.168.30.14
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
mASetup: {90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB} - C:\Program Files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
{53707962-6F74-2D53-2644-206D7942484F}
{65134FDF-F8A5-4B3D-91D9-CDF273CFD578}
{6FE6A929-59D1-4763-91AD-29B61CFFB35B}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{CB1A24DA-7416-4921-A0CF-5AA1160AAE2A}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [Lingvo Launcher] "C:\Program Files (x86)\ABBYY Lingvo 12\Lvagent.exe" /STARTUP
mRun-x64: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Agile1pAgent] C:\Program Files (x86)\1Password\Agile1pAgent.exe
mRun-x64: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSErHrw7a;AVG9IDSErHr;C:\Windows\system32\Drivers\AVGIDSwa.sys --> C:\Windows\system32\Drivers\AVGIDSwa.sys [?]
R0 AvgRkx64;avgrkx64.sys;C:\Windows\system32\Drivers\avgrkx64.sys --> C:\Windows\system32\Drivers\avgrkx64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]
R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Agile1Password;1Password;C:\Program Files (x86)\1Password\Agile1pService.exe [2012-5-4 768776]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2012-6-9 308136]
R2 avgfws9;AVG Firewall;C:\Program Files (x86)\AVG\AVG9\avgfws9.exe [2012-6-9 2331544]
R2 AVGIDSAgent;AVG9IDSAgent;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-6-3 5897808]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-1-25 107016]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-1-25 786976]
R2 iPodDrv;iPodDrv;\??\C:\Windows\system32\drivers\iPodDrv.sys --> C:\Windows\system32\drivers\iPodDrv.sys [?]
R2 KMService;KMService;C:\Windows\System32\srvany.exe [2012-2-25 8192]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-8-7 311592]
R2 ODDPwrSvc;Acer ODD Power Service;C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2009-9-1 158240]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriverw7a;AVG9IDSDriver;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [2012-6-3 132688]
R3 AVGIDSFilterw7a;AVG9IDSFilter;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [2012-6-3 35920]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\1810tray.53\WinRing0x64.sys [2011-2-20 14544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-26 136176]
S2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2010-1-25 253952]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-6-9 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-26 136176]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe --> C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-9-1 240160]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Служба технологий активации Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2012-06-09 12:10:12 116016 ----a-w- C:\Windows\System32\drivers\73286590.sys
2012-06-09 04:27:01 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-06-09 04:27:01 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-09 03:50:34 -------- d-----w- C:\Users\Stun\AppData\Roaming\Malwarebytes
2012-06-09 03:50:08 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-09 03:50:07 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-09 03:50:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-09 00:25:26 -------- d--h--w- C:\$AVG
2012-06-09 00:22:37 -------- d-----w- C:\Windows\SysWow64\drivers\avg
2012-06-09 00:14:32 -------- d--h--w- C:\ProgramData\Common Files
2012-06-03 12:33:20 160163 ----a-w- C:\Windows\FontDoctor for Windows Uninstaller.exe
2012-06-03 11:59:23 -------- d-----w- C:\Users\Stun\AppData\Roaming\Thinstall
2012-06-03 11:59:23 -------- d-----w- C:\Users\Stun\AppData\Local\Thinstall
2012-06-03 11:31:02 56008 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2012-06-03 11:31:02 317520 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-06-03 11:31:02 27216 ----a-w- C:\Windows\System32\drivers\AVGIDSwa.sys
2012-06-03 11:31:02 13048 ----a-w- C:\Windows\System32\avgrssta.dll
2012-06-03 11:30:52 269904 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-06-03 11:30:44 35664 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-06-03 11:30:44 -------- d-----w- C:\Windows\System32\drivers\Avg
2012-06-03 11:29:22 29976 ----a-w- C:\Windows\System32\drivers\avgfwd6a.sys
2012-06-03 11:29:22 -------- d-----w- C:\Program Files (x86)\AVG
2012-06-03 11:29:20 -------- d-----w- C:\ProgramData\avg9
2012-06-03 11:24:18 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-03 10:20:58 99384 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2012-06-03 10:20:58 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2012-06-03 07:20:56 -------- d-----w- C:\Users\Stun\AppData\Roaming\com.FontGear.data
2012-06-03 07:20:49 -------- d-----w- C:\Program Files (x86)\FontDoctor for Windows
2012-06-03 04:37:18 -------- d-----w- C:\Plug-ins
2012-06-03 04:37:08 -------- d-----w- C:\Users\Stun\AppData\Roaming\Extensis
2012-06-03 04:37:08 -------- d-----w- C:\ProgramData\Extensis
2012-06-03 04:37:05 -------- d-----w- C:\Users\Stun\AppData\Local\Extensis
2012-06-03 04:35:54 -------- d-----w- C:\Program Files (x86)\Extensis
2012-05-11 10:02:24 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-11 10:02:23 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-11 10:02:20 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-11 10:02:18 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-11 10:02:17 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-11 10:02:16 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-11 10:01:30 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-11 10:01:14 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-11 10:01:11 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 10:01:11 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-11 10:01:11 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 10:01:10 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-11 10:01:10 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
.
==================== Find3M ====================
.
2012-05-29 07:38:50 330240 ----a-w- C:\Windows\MASetupCaller.dll
.
============= FINISH: 0:49:06.90 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 PM

Posted 09 June 2012 - 08:12 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 kudinov

kudinov
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 09 June 2012 - 10:19 PM

Hi RPMcMurphy,

First of all, thank you very much for your prompt reply. Imagine how one could be excited anticipating doing heaps of stuff on the long weekend, but finishing reading reality stories about rootkit all days long... You are my hope to be lucky to have at least the last weekend day devoting to non-virus related activity.

I was divorced from IT industry for quite a while now, and now really impressed by the complexity of modern viruses. May be for virus makers it is time to block such powerful sites like this rather than improve their pests...

Ok, enough off-topic speculations - the requested log is below made in adhering stringently to your instructions:

_______________________________________
Scan result of Farbar Recovery Scan Tool Version: 09-06-2012 01
Ran by система at 10-06-2012 12:54:37
Running from G:\
Windows 7 Home Premium (X64) OS Language: Russian
The current controlset is ControlSet001

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2009-10-01] (Acer Incorporated)
HKLM\...\Run: [ODDPwr] "C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe" [221728 2009-09-04] (Acer Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [x]
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [pdfFactory Pro Dispatcher v3] "C:\Windows\system32\spool\DRIVERS\x64\3\fppdis3a.exe" /source=HKLM [745984 2009-06-11] (FinePrint Software, LLC)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [162328 2011-03-02] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2011-03-02] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [417304 2011-03-02] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1194504 2009-08-27] (Dritek System Inc.)
HKLM-x32\...\Run: [Lingvo Launcher] "C:\Program Files (x86)\ABBYY Lingvo 12\Lvagent.exe" /STARTUP [258048 2006-12-13] (ABBYY (BIT Software))
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421160 2011-03-06] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe [37728 2011-09-13] (Mindjet)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-05-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-12] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Agile1pAgent] C:\Program Files (x86)\1Password\Agile1pAgent.exe [2204424 2012-03-30] (AgileBits)
HKLM-x32\...\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe [2077536 2012-06-08] (AVG Technologies CZ, s.r.o.)
HKU\Stun\...\Run: [AdobeBridge] [x]
HKU\Stun\...\Run: [Winsplit] C:\Program Files (x86)\WinSplit Revolution\WinSplit.exe [3951616 2011-04-12] ()
HKU\Stun\...\Run: [Google Update] "C:\Users\Stun\AppData\Local\Google\Update\GoogleUpdate.exe" /c [135664 2010-08-19] (Google Inc.)
HKU\Stun\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3521464 2012-05-29] (Samsung Electronics Co., Ltd.)
HKU\Stun\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-05-29] ()
HKU\Stun\...\Run: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe [165088 2011-11-26] (Fieldston Software)
HKU\Stun\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [x]
HKU\Stun\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17355912 2012-05-02] (Skype Technologies S.A.)
HKU\Stun\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-04] (Safer-Networking Ltd.)
HKU\Stun\...\Run: [Tutor.exe] C:\Program Files (x86)\ABBYY Lingvo 12\Tutor.exe /AS [987136 2006-12-13] (ABBYY (BIT Software))
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1082440 2012-04-03] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
AppInit_DLLs: avgrssta.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\iSyncr.lnk
ShortcutTarget: iSyncr.lnk -> C:\Windows\Installer\{90B02E49-CFDD-405C-A508-122BB98D2471}\_6AB9B392AAC9001DFFC0EB.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\Все пользователи\Start Menu\Programs\Startup\iSyncr.lnk
ShortcutTarget: iSyncr.lnk -> C:\Windows\Installer\{90B02E49-CFDD-405C-A508-122BB98D2471}\_6AB9B392AAC9001DFFC0EB.exe ()
Startup: C:\Users\Все пользователи\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

==================== Services (Whitelisted) ======

2 Agile1Password; C:\Program Files (x86)\1Password\Agile1pService.exe [768776 2012-03-30] (AgileBits)
2 avg9wd; "C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe" [308136 2012-06-08] (AVG Technologies CZ, s.r.o.)
2 avgfws9; "C:\Program Files (x86)\AVG\AVG9\avgfws9.exe" [2331544 2012-06-08] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe" AVGIDSAgent [5897808 2012-06-03] (AVG Technologies CZ, s.r.o.)
3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-13] (Корпорация Майкрософт)
2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [107016 2009-08-24] (Dritek System Inc.)
2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [786976 2009-10-01] (Acer Incorporated)
2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2012-02-25] ()
2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-07] (Egis Technology Inc.)
3 NMSAccess; C:\Windows\SysWOW64\NMSAccessU.exe [71096 2009-01-11] ()
2 ODDPwrSvc; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [158240 2009-09-04] (Acer Incorporated)
2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-09] (Acer Incorporated)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-25] (Safer Networking Ltd.)
2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe [186760 2011-05-20] ()
3 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)
3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-13] (Корпорация Майкрософт)
3 WPCSvc; C:\Windows\SysWow64\wpcsvc.dll [10752 2009-07-13] (Корпорация Майкрософт)
3 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [29976 2012-06-03] (AVG Technologies CZ, s.r.o.)
3 AVGIDSDriverw7a; \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [132688 2012-06-03] (AVG Technologies CZ, s.r.o. )
0 AVGIDSErHrw7a; C:\Windows\System32\Drivers\AVGIDSwa.sys [27216 2012-06-03] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilterw7a; \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [35920 2012-06-03] (AVG Technologies CZ, s.r.o. )
1 AvgLdx64; C:\Windows\System32\Drivers\AvgLdx64.sys [269904 2012-06-08] (AVG Technologies CZ, s.r.o.)
1 AvgMfx64; C:\Windows\System32\Drivers\AvgMfx64.sys [35664 2012-06-08] (AVG Technologies CZ, s.r.o.)
0 AvgRkx64; C:\Windows\System32\Drivers\AvgRkx64.sys [56008 2012-06-03] (AVG Technologies CZ, s.r.o.)
1 AvgTdiA; C:\Windows\System32\Drivers\AvgTdiA.sys [317520 2012-06-08] (AVG Technologies CZ, s.r.o.)
2 iPodDrv; C:\Windows\System32\Drivers\iPodDrv.sys [14952 2011-07-27] (Windows ® Codename Longhorn DDK provider)
3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.sys [74256 2009-06-17] (Logitech, Inc.)
3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.sys [13328 2009-06-17] (Logitech, Inc.)
3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.sys [40976 2009-06-17] (Logitech, Inc.)
0 mountmgr; C:\Windows\System32\Drivers\mountmgr.sys [94592 2010-11-20] (Корпорация Майкрософт)
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [216064 2009-06-04] (Realtek Semiconductor Corp.)
0 volmgrx; C:\Windows\System32\Drivers\volmgrx.sys [363392 2010-11-20] (Корпорация Майкрософт)
3 WinRing0_1_2_0; \??\C:\Program Files (x86)\1810tray.53\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [x]
3 btwavdt; C:\Windows\System32\DRIVERS\btwavdt.sys [x]
3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [x]
3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [x]
3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [x]
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [x]
3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
2 TMAgent; [x]
3 TVICPORT; \??\C:\Windows\system32\DRIVERS\TVICPORT.SYS [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]
3 WINIO; \??\C:\Users\Stun\Desktop\smartfan1173\winio.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-10 12:54 - 2012-06-10 12:55 - 00000000 ____D C:\FRST
2012-06-09 18:39 - 2012-06-09 18:40 - 01399435 ____A C:\Users\Stun\Downloads\FRST64 (1).exe
2012-06-09 18:30 - 2012-06-09 18:30 - 01399435 ____A C:\Users\Stun\Downloads\FRST64.exe
2012-06-09 17:02 - 2012-06-09 17:02 - 02322184 ____A (ESET) C:\Users\Stun\Downloads\esetsmartinstaller_enu.exe
2012-06-09 17:02 - 2012-06-09 17:02 - 00000000 ____D C:\Program Files (x86)\ESET
2012-06-09 16:59 - 2012-06-09 16:59 - 00000000 ___SD C:\32788R22FWJFW
2012-06-09 16:50 - 2012-06-09 16:50 - 00338127 ____A C:\Users\Stun\Downloads\FSS.exe
2012-06-09 16:50 - 2012-06-09 16:50 - 00000260 ____A C:\Users\Stun\Downloads\FSS.txt
2012-06-09 16:30 - 2012-06-09 16:31 - 00138120 ____A (ESET) C:\Users\Stun\Downloads\ESETSirefefRemover (1).exe
2012-06-09 16:29 - 2012-06-09 16:29 - 00138120 ____A (ESET) C:\Users\Stun\Downloads\ESETSirefefRemover.exe
2012-06-09 05:08 - 2012-06-09 05:18 - 00191374 ____A C:\Windows\ntbtlog.txt
2012-06-09 04:54 - 2012-06-09 04:54 - 04539936 ____R (Swearware) C:\Users\Stun\Desktop\ComboFix.exe
2012-06-09 04:53 - 2012-06-09 04:53 - 00000540 ____A C:\Users\Stun\Downloads\defogger_disable.log
2012-06-09 04:53 - 2012-06-09 04:53 - 00000168 ____A C:\Users\Stun\defogger_reenable
2012-06-09 04:52 - 2012-06-09 04:52 - 00050477 ____A C:\Users\Stun\Downloads\Defogger.exe
2012-06-09 04:46 - 2012-06-09 04:46 - 00302592 ____A C:\Users\Stun\Downloads\q67jjf7r.exe
2012-06-09 04:14 - 2012-06-09 04:14 - 04731392 ____A (AVAST Software) C:\Users\Stun\Downloads\aswMBR.exe
2012-06-09 04:13 - 2012-06-09 04:13 - 01932256 ____A (Symantec Corporation) C:\Users\Stun\Downloads\FixTDSS.exe
2012-06-09 04:10 - 2012-06-09 04:10 - 00116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\73286590.sys
2012-06-09 03:53 - 2012-06-09 03:53 - 02108959 ____A C:\Users\Stun\Downloads\tdsskiller.zip
2012-06-09 03:51 - 2012-06-09 03:51 - 00071398 ____A (jpshortstuff) C:\Users\Stun\Downloads\GooredFix.exe
2012-06-09 02:12 - 2012-06-09 02:12 - 00080384 ____A C:\Users\Stun\Downloads\MBRCheck.exe
2012-06-09 01:53 - 2012-06-09 01:53 - 00607260 ____R (Swearware) C:\Users\Stun\Downloads\dds.scr
2012-06-09 01:35 - 2012-06-09 01:35 - 00347424 ____A (Microsoft Corporation) C:\Users\Stun\Downloads\MicrosoftFixit.WindowsFirewall.RNP.80262665317959593.1.1.Run.exe
2012-06-08 20:33 - 2010-01-27 10:17 - 00000852 ____A C:\Windows\System32\Drivers\etc\hosts.20120609-143327.backup
2012-06-08 20:27 - 2012-06-08 21:14 - 00000000 ____D C:\Users\Все пользователи\Spybot - Search & Destroy
2012-06-08 20:27 - 2012-06-08 21:14 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-08 20:27 - 2012-06-08 20:29 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-08 20:03 - 2012-06-08 20:03 - 16409960 ____A (Safer Networking Limited ) C:\Users\Stun\Downloads\spybotsd162.exe
2012-06-08 19:50 - 2012-06-09 13:49 - 00000000 ____D C:\Users\Все пользователи\Malwarebytes
2012-06-08 19:50 - 2012-06-09 13:49 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-08 19:50 - 2012-06-08 19:50 - 00001077 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-08 19:50 - 2012-06-08 19:50 - 00000000 ____D C:\Users\Stun\AppData\Roaming\Malwarebytes
2012-06-08 19:50 - 2012-06-08 19:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-08 19:50 - 2012-04-03 21:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-08 19:49 - 2012-06-08 19:49 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Stun\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-08 19:14 - 2012-06-08 19:19 - 126866423 ____A C:\Users\Stun\Downloads\w12alla1913sh.bin
2012-06-08 19:14 - 2012-06-08 19:14 - 00782952 ____A C:\Users\Stun\Downloads\x12all1238gv.bin
2012-06-08 19:13 - 2012-06-08 19:13 - 00629478 ____A C:\Users\Stun\Downloads\u12ifw226gp.bin
2012-06-08 19:13 - 2012-06-08 19:13 - 00229797 ____A C:\Users\Stun\Downloads\u12idat286ax.bin
2012-06-08 19:13 - 2012-06-08 19:13 - 00113586 ____A C:\Users\Stun\Downloads\u12ichjw4ai.bin
2012-06-08 19:11 - 2012-06-08 19:12 - 63642053 ____A C:\Users\Stun\Downloads\u12iavi5057no.bin
2012-06-08 18:37 - 2012-06-08 18:37 - 06769863 ____A C:\Users\Stun\Downloads\w12corea2433gm.bin
2012-06-08 16:25 - 2012-06-08 16:25 - 00000000 ___HD C:\$AVG
2012-06-08 16:22 - 2012-06-08 16:22 - 00000000 ____D C:\Windows\SysWOW64\Drivers\avg
2012-06-03 04:33 - 2012-06-03 04:51 - 00000140 ____A C:\Users\Stun\AppData\Roaming\FontDoctor Prefs
2012-06-03 04:33 - 2012-06-03 04:33 - 00160163 ____A C:\Windows\FontDoctor for Windows Uninstaller.exe
2012-06-03 03:59 - 2012-06-03 03:59 - 00000000 ____D C:\Users\Stun\AppData\Roaming\Thinstall
2012-06-03 03:31 - 2012-06-08 18:53 - 00317520 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2012-06-03 03:31 - 2012-06-03 03:31 - 00056008 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgrkx64.sys
2012-06-03 03:31 - 2012-06-03 03:31 - 00027216 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\AVGIDSwa.sys
2012-06-03 03:31 - 2012-06-03 03:31 - 00013048 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\avgrssta.dll
2012-06-03 03:30 - 2012-06-09 14:44 - 00000000 ____D C:\Windows\System32\Drivers\Avg
2012-06-03 03:30 - 2012-06-08 22:46 - 00269904 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
2012-06-03 03:30 - 2012-06-08 18:53 - 00035664 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
2012-06-03 03:29 - 2012-06-09 16:13 - 00000000 ____D C:\Users\Все пользователи\avg9
2012-06-03 03:29 - 2012-06-09 16:13 - 00000000 ____D C:\Users\All Users\avg9
2012-06-03 03:29 - 2012-06-03 03:29 - 00029976 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgfwd6a.sys
2012-06-03 03:29 - 2012-06-03 03:29 - 00000000 ____D C:\Program Files (x86)\AVG
2012-06-03 03:24 - 2012-06-03 03:24 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-03 02:20 - 2012-05-20 18:09 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-06-03 02:20 - 2012-05-20 18:09 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2012-06-02 23:20 - 2012-06-03 04:33 - 00000000 ____D C:\Program Files (x86)\FontDoctor for Windows
2012-06-02 23:20 - 2012-06-03 03:43 - 00000041 ____A C:\Users\Все пользователи\fd4_sys.d
2012-06-02 23:20 - 2012-06-03 03:43 - 00000041 ____A C:\Users\All Users\fd4_sys.d
2012-06-02 23:20 - 2012-06-02 23:20 - 00000000 ____D C:\Users\Stun\AppData\Roaming\com.FontGear.data
2012-06-02 20:37 - 2012-06-09 11:17 - 00000000 ____D C:\Plug-ins
2012-06-02 20:37 - 2012-06-02 23:07 - 00000000 ____D C:\Users\Stun\AppData\Local\Extensis
2012-06-02 20:37 - 2012-06-02 20:52 - 00000000 ____D C:\Users\Все пользователи\Extensis
2012-06-02 20:37 - 2012-06-02 20:52 - 00000000 ____D C:\Users\Stun\AppData\Roaming\Extensis
2012-06-02 20:37 - 2012-06-02 20:52 - 00000000 ____D C:\Users\All Users\Extensis
2012-06-02 20:35 - 2012-06-02 20:35 - 00000000 ____D C:\Program Files (x86)\Extensis
2012-06-01 02:30 - 2012-06-01 02:30 - 00000000 ____D C:\Users\Stun\Documents\The KMPlayer
2012-05-26 15:25 - 2012-05-26 15:25 - 00000000 ____D C:\Users\Stun\Documents\samsung
2012-05-26 15:24 - 2012-05-26 15:24 - 00000000 ____D C:\Users\Stun\Documents\JRT Studio
2012-05-11 02:02 - 2012-03-30 22:05 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-11 02:02 - 2012-03-30 20:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-11 02:02 - 2012-03-30 20:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-11 02:02 - 2012-03-30 19:10 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-11 02:02 - 2012-03-02 22:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-11 02:02 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-11 02:01 - 2012-03-30 03:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-11 02:01 - 2012-03-16 23:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys

============ 3 Months Modified Files and Folders =============

2012-06-10 12:55 - 2012-06-10 12:54 - 00000000 ____D C:\FRST
2012-06-09 18:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2012-06-09 18:49 - 2010-01-24 15:57 - 01319769 ____A C:\Windows\WindowsUpdate.log
2012-06-09 18:48 - 2012-02-25 00:56 - 00000000 ____D C:\Users\Stun\AppData\Roaming\gSyncit
2012-06-09 18:46 - 2011-04-16 05:02 - 00000269 ____A C:\Windows\Brownie.ini
2012-06-09 18:45 - 2010-08-22 13:11 - 00000000 ____D C:\Users\Stun\AppData\Roaming\Skype
2012-06-09 18:44 - 2010-08-22 12:53 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3003021182-1607425790-1800358092-1000UA.job
2012-06-09 18:43 - 2010-01-25 02:45 - 00708034 ____A C:\Windows\System32\perfh019.dat
2012-06-09 18:43 - 2010-01-25 02:45 - 00142302 ____A C:\Windows\System32\perfc019.dat
2012-06-09 18:43 - 2009-07-13 21:13 - 01600264 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-09 18:40 - 2012-06-09 18:39 - 01399435 ____A C:\Users\Stun\Downloads\FRST64 (1).exe
2012-06-09 18:30 - 2012-06-09 18:30 - 01399435 ____A C:\Users\Stun\Downloads\FRST64.exe
2012-06-09 18:17 - 2011-02-25 13:27 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-09 17:02 - 2012-06-09 17:02 - 02322184 ____A (ESET) C:\Users\Stun\Downloads\esetsmartinstaller_enu.exe
2012-06-09 17:02 - 2012-06-09 17:02 - 00000000 ____D C:\Program Files (x86)\ESET
2012-06-09 17:01 - 2011-02-19 19:07 - 00000000 ____D C:\Program Files (x86)\1810tray.53
2012-06-09 17:00 - 2011-02-25 13:27 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-09 17:00 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-09 16:59 - 2012-06-09 16:59 - 00000000 ___SD C:\32788R22FWJFW
2012-06-09 16:59 - 2009-07-13 21:08 - 00032624 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-09 16:50 - 2012-06-09 16:50 - 00338127 ____A C:\Users\Stun\Downloads\FSS.exe
2012-06-09 16:50 - 2012-06-09 16:50 - 00000260 ____A C:\Users\Stun\Downloads\FSS.txt
2012-06-09 16:33 - 2010-05-10 01:55 - 00023886 ____A C:\Windows\Notepad2.ini
2012-06-09 16:31 - 2012-06-09 16:30 - 00138120 ____A (ESET) C:\Users\Stun\Downloads\ESETSirefefRemover (1).exe
2012-06-09 16:29 - 2012-06-09 16:29 - 00138120 ____A (ESET) C:\Users\Stun\Downloads\ESETSirefefRemover.exe
2012-06-09 16:21 - 2009-07-13 20:45 - 00017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-09 16:21 - 2009-07-13 20:45 - 00017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-09 16:13 - 2012-06-03 03:29 - 00000000 ____D C:\Users\Все пользователи\avg9
2012-06-09 16:13 - 2012-06-03 03:29 - 00000000 ____D C:\Users\All Users\avg9
2012-06-09 16:12 - 2012-04-04 17:12 - 00000000 ___RD C:\Users\Stun\Documents\Dropbox
2012-06-09 16:12 - 2012-04-04 17:09 - 00000000 ____D C:\Users\Stun\AppData\Roaming\Dropbox
2012-06-09 16:09 - 2011-04-16 04:55 - 00068121 ____A C:\Windows\setupact.log
2012-06-09 15:43 - 2010-08-06 12:10 - 00000000 ____D C:\Users\Stun\Documents\My Projects
2012-06-09 14:44 - 2012-06-03 03:30 - 00000000 ____D C:\Windows\System32\Drivers\Avg
2012-06-09 13:49 - 2012-06-08 19:50 - 00000000 ____D C:\Users\Все пользователи\Malwarebytes
2012-06-09 13:49 - 2012-06-08 19:50 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-09 13:47 - 2011-05-04 01:43 - 00435192 ____A C:\Windows\PFRO.log
2012-06-09 11:22 - 2012-05-04 05:17 - 00000000 ____D C:\Program Files (x86)\1Password
2012-06-09 11:22 - 2011-05-07 06:23 - 00000000 ____D C:\Users\Все пользователи\Avira
2012-06-09 11:22 - 2011-05-07 06:23 - 00000000 ____D C:\Users\All Users\Avira
2012-06-09 11:22 - 2011-05-07 06:23 - 00000000 ____D C:\Program Files (x86)\Avira
2012-06-09 11:22 - 2011-03-14 00:23 - 00000000 ____D C:\Program Files\Bonjour
2012-06-09 11:22 - 2011-03-14 00:23 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-06-09 11:22 - 2011-02-13 03:16 - 00000000 ____D C:\Program Files (x86)\TagRename
2012-06-09 11:22 - 2010-12-29 01:06 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2012-06-09 11:22 - 2010-04-03 11:18 - 00000000 ____D C:\Program Files (x86)\ABBYY Lingvo 12
2012-06-09 11:22 - 2010-04-03 04:31 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2012-06-09 11:22 - 2010-02-20 12:58 - 00000000 ____D C:\Windows\WindowsMobile
2012-06-09 11:22 - 2010-02-12 12:31 - 00000000 ____D C:\Program Files\iTunes
2012-06-09 11:22 - 2010-02-12 12:29 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-06-09 11:22 - 2010-01-24 16:19 - 00000000 ____D C:\Program Files (x86)\Launch Manager
2012-06-09 11:22 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2012-06-09 11:22 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2012-06-09 11:22 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2012-06-09 11:22 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2012-06-09 11:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2012-06-09 11:21 - 2009-08-31 12:10 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-06-09 11:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-06-09 11:18 - 2012-01-18 01:01 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2012-06-09 11:18 - 2011-04-16 04:42 - 00000000 ____D C:\Program Files\CCleaner
2012-06-09 11:18 - 2011-03-14 00:26 - 00000000 ____D C:\Program Files\iPod
2012-06-09 11:18 - 2010-08-22 12:56 - 00000000 ____D C:\Program Files\Logitech
2012-06-09 11:18 - 2010-08-22 12:56 - 00000000 ____D C:\Program Files\Common Files\Logishrd
2012-06-09 11:18 - 2010-03-27 09:38 - 00000000 ____D C:\Program Files\KLCP64
2012-06-09 11:18 - 2010-02-27 11:08 - 00000000 ____D C:\Program Files\HP
2012-06-09 11:18 - 2010-02-12 12:28 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-06-09 11:18 - 2010-01-27 11:25 - 00000000 ____D C:\Program Files\Adobe
2012-06-09 11:18 - 2010-01-27 10:30 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-06-09 11:18 - 2010-01-24 16:18 - 00000000 ____D C:\Program Files\Synaptics
2012-06-09 11:18 - 2010-01-24 16:18 - 00000000 ____D C:\Program Files\Realtek
2012-06-09 11:18 - 2010-01-24 16:13 - 00000000 ____D C:\Program Files\ATI
2012-06-09 11:18 - 2009-08-31 17:29 - 00000000 ____D C:\Program Files\Microsoft Office
2012-06-09 11:18 - 2009-08-31 12:10 - 00000000 ____D C:\Program Files\Windows Journal
2012-06-09 11:18 - 2009-08-31 11:38 - 00000000 ____D C:\Program Files\Acer
2012-06-09 11:18 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2012-06-09 11:18 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2012-06-09 11:18 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\MSBuild
2012-06-09 11:18 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Microsoft Games
2012-06-09 11:18 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2012-06-09 11:18 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Windows NT
2012-06-09 11:18 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2012-06-09 11:18 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-06-09 11:18 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-06-09 11:17 - 2012-06-02 20:37 - 00000000 ____D C:\Plug-ins
2012-06-09 11:17 - 2012-04-09 02:41 - 00000000 ____D C:\AMD
2012-06-09 11:17 - 2011-09-30 17:32 - 00000000 ____D C:\MM8_11
2012-06-09 11:17 - 2011-06-15 03:41 - 00000000 ____D C:\MYOBODBCAU8
2012-06-09 11:17 - 2011-06-15 03:41 - 00000000 ____D C:\MYOBODBC
2012-06-09 11:17 - 2011-06-15 03:36 - 00000000 ____D C:\myob18ED
2012-06-09 11:17 - 2011-04-19 02:14 - 00000000 ____D C:\PFiles
2012-06-09 11:17 - 2010-08-16 13:40 - 00000000 ____D C:\Program Files (x86)\2BrightSparks
2012-06-09 11:17 - 2010-04-09 13:16 - 00000000 ____D C:\Program Files (x86)\ABBYY FineReader 8.0 Professional Edition
2012-06-09 11:17 - 2010-02-23 04:56 - 00000000 ___HD C:\CanoScan
2012-06-09 11:17 - 2010-01-30 09:13 - 00000000 ____D C:\Program Files (x86)\ACD Systems
2012-06-09 11:17 - 2009-08-31 17:28 - 00000000 __RHD C:\MSOCache
2012-06-09 11:17 - 2009-08-31 12:05 - 00000000 ___HD C:\oem
2012-06-09 11:17 - 2009-08-31 11:38 - 00000000 ____D C:\Program Files (x86)\Acer
2012-06-09 11:17 - 2009-08-31 11:23 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-06-09 05:18 - 2012-06-09 05:08 - 00191374 ____A C:\Windows\ntbtlog.txt
2012-06-09 04:54 - 2012-06-09 04:54 - 04539936 ____R (Swearware) C:\Users\Stun\Desktop\ComboFix.exe
2012-06-09 04:53 - 2012-06-09 04:53 - 00000540 ____A C:\Users\Stun\Downloads\defogger_disable.log
2012-06-09 04:53 - 2012-06-09 04:53 - 00000168 ____A C:\Users\Stun\defogger_reenable
2012-06-09 04:53 - 2010-01-24 16:07 - 00000000 ____D C:\users\Stun
2012-06-09 04:52 - 2012-06-09 04:52 - 00050477 ____A C:\Users\Stun\Downloads\Defogger.exe
2012-06-09 04:46 - 2012-06-09 04:46 - 00302592 ____A C:\Users\Stun\Downloads\q67jjf7r.exe
2012-06-09 04:14 - 2012-06-09 04:14 - 04731392 ____A (AVAST Software) C:\Users\Stun\Downloads\aswMBR.exe
2012-06-09 04:13 - 2012-06-09 04:13 - 01932256 ____A (Symantec Corporation) C:\Users\Stun\Downloads\FixTDSS.exe
2012-06-09 04:10 - 2012-06-09 04:10 - 00116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\73286590.sys
2012-06-09 03:53 - 2012-06-09 03:53 - 02108959 ____A C:\Users\Stun\Downloads\tdsskiller.zip
2012-06-09 03:51 - 2012-06-09 03:51 - 00071398 ____A (jpshortstuff) C:\Users\Stun\Downloads\GooredFix.exe
2012-06-09 02:44 - 2010-08-22 12:53 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3003021182-1607425790-1800358092-1000Core.job
2012-06-09 02:30 - 2011-06-13 21:41 - 00000000 ____D C:\Program Files\SysinternalsSuite
2012-06-09 02:12 - 2012-06-09 02:12 - 00080384 ____A C:\Users\Stun\Downloads\MBRCheck.exe
2012-06-09 01:53 - 2012-06-09 01:53 - 00607260 ____R (Swearware) C:\Users\Stun\Downloads\dds.scr
2012-06-09 01:40 - 2010-02-20 12:46 - 00000000 ____D C:\Users\Stun\AppData\Local\ElevatedDiagnostics
2012-06-09 01:35 - 2012-06-09 01:35 - 00347424 ____A (Microsoft Corporation) C:\Users\Stun\Downloads\MicrosoftFixit.WindowsFirewall.RNP.80262665317959593.1.1.Run.exe
2012-06-09 00:00 - 2011-09-08 01:39 - 00000464 ____A C:\Windows\Tasks\ParetoLogic Registration.job
2012-06-08 22:46 - 2012-06-03 03:30 - 00269904 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
2012-06-08 21:14 - 2012-06-08 20:27 - 00000000 ____D C:\Users\Все пользователи\Spybot - Search & Destroy
2012-06-08 21:14 - 2012-06-08 20:27 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-08 20:33 - 2010-01-27 10:16 - 00442913 ____R C:\Windows\System32\Drivers\etc\hosts
2012-06-08 20:29 - 2012-06-08 20:27 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-08 20:03 - 2012-06-08 20:03 - 16409960 ____A (Safer Networking Limited ) C:\Users\Stun\Downloads\spybotsd162.exe
2012-06-08 19:50 - 2012-06-08 19:50 - 00001077 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-08 19:50 - 2012-06-08 19:50 - 00000000 ____D C:\Users\Stun\AppData\Roaming\Malwarebytes
2012-06-08 19:50 - 2012-06-08 19:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-08 19:49 - 2012-06-08 19:49 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Stun\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-08 19:42 - 2011-05-07 05:21 - 00000000 ____D C:\Program Files (x86)\WinSplit Revolution
2012-06-08 19:24 - 2010-08-20 08:25 - 00000000 ____D C:\Program Files\Unlocker
2012-06-08 19:24 - 2010-01-24 18:00 - 00000000 ____D C:\Program Files\WinRAR
2012-06-08 19:22 - 2012-03-09 02:16 - 00000000 ____D C:\Program Files\AVI MPEG RM WMV Splitter Portable 4.28
2012-06-08 19:19 - 2012-06-08 19:14 - 126866423 ____A C:\Users\Stun\Downloads\w12alla1913sh.bin
2012-06-08 19:14 - 2012-06-08 19:14 - 00782952 ____A C:\Users\Stun\Downloads\x12all1238gv.bin
2012-06-08 19:13 - 2012-06-08 19:13 - 00629478 ____A C:\Users\Stun\Downloads\u12ifw226gp.bin
2012-06-08 19:13 - 2012-06-08 19:13 - 00229797 ____A C:\Users\Stun\Downloads\u12idat286ax.bin
2012-06-08 19:13 - 2012-06-08 19:13 - 00113586 ____A C:\Users\Stun\Downloads\u12ichjw4ai.bin
2012-06-08 19:12 - 2012-06-08 19:11 - 63642053 ____A C:\Users\Stun\Downloads\u12iavi5057no.bin
2012-06-08 18:53 - 2012-06-03 03:31 - 00317520 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2012-06-08 18:53 - 2012-06-03 03:30 - 00035664 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
2012-06-08 18:37 - 2012-06-08 18:37 - 06769863 ____A C:\Users\Stun\Downloads\w12corea2433gm.bin
2012-06-08 17:25 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\config\TxR
2012-06-08 16:25 - 2012-06-08 16:25 - 00000000 ___HD C:\$AVG
2012-06-08 16:22 - 2012-06-08 16:22 - 00000000 ____D C:\Windows\SysWOW64\Drivers\avg
2012-06-03 04:51 - 2012-06-03 04:33 - 00000140 ____A C:\Users\Stun\AppData\Roaming\FontDoctor Prefs
2012-06-03 04:51 - 2010-02-27 08:51 - 00000000 ____D C:\Users\Stun\AppData\Roaming\uTorrent
2012-06-03 04:33 - 2012-06-03 04:33 - 00160163 ____A C:\Windows\FontDoctor for Windows Uninstaller.exe
2012-06-03 04:33 - 2012-06-02 23:20 - 00000000 ____D C:\Program Files (x86)\FontDoctor for Windows
2012-06-03 03:59 - 2012-06-03 03:59 - 00000000 ____D C:\Users\Stun\AppData\Roaming\Thinstall
2012-06-03 03:43 - 2012-06-02 23:20 - 00000041 ____A C:\Users\Все пользователи\fd4_sys.d
2012-06-03 03:43 - 2012-06-02 23:20 - 00000041 ____A C:\Users\All Users\fd4_sys.d
2012-06-03 03:42 - 2010-08-17 10:34 - 00000000 ____D C:\Users\Stun\Documents\My Fonts
2012-06-03 03:31 - 2012-06-03 03:31 - 00056008 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgrkx64.sys
2012-06-03 03:31 - 2012-06-03 03:31 - 00027216 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\AVGIDSwa.sys
2012-06-03 03:31 - 2012-06-03 03:31 - 00013048 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\avgrssta.dll
2012-06-03 03:29 - 2012-06-03 03:29 - 00029976 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgfwd6a.sys
2012-06-03 03:29 - 2012-06-03 03:29 - 00000000 ____D C:\Program Files (x86)\AVG
2012-06-03 03:24 - 2012-06-03 03:24 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-03 03:13 - 2009-07-13 20:45 - 05021064 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-03 03:03 - 2009-05-07 17:55 - 00000000 ____D C:\Users\Stun\Desktop\_Неотсортированное
2012-06-03 02:48 - 2012-04-04 18:52 - 00000000 ____D C:\Users\Stun\AppData\Roaming\JRT Studio
2012-06-03 01:14 - 2010-08-08 14:50 - 00000000 ____D C:\Users\Stun\Documents\My Financials
2012-06-02 23:20 - 2012-06-02 23:20 - 00000000 ____D C:\Users\Stun\AppData\Roaming\com.FontGear.data
2012-06-02 23:07 - 2012-06-02 20:37 - 00000000 ____D C:\Users\Stun\AppData\Local\Extensis
2012-06-02 20:52 - 2012-06-02 20:37 - 00000000 ____D C:\Users\Все пользователи\Extensis
2012-06-02 20:52 - 2012-06-02 20:37 - 00000000 ____D C:\Users\Stun\AppData\Roaming\Extensis
2012-06-02 20:52 - 2012-06-02 20:37 - 00000000 ____D C:\Users\All Users\Extensis
2012-06-02 20:52 - 2010-01-24 16:08 - 00125648 ____A C:\Users\Stun\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-02 20:35 - 2012-06-02 20:35 - 00000000 ____D C:\Program Files (x86)\Extensis
2012-06-01 23:04 - 2011-05-14 02:25 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-06-01 18:25 - 2011-06-16 14:00 - 00000000 ____D C:\Program Files (x86)\PDF Factory
2012-06-01 14:21 - 2011-04-25 17:54 - 00065536 _____ C:\Windows\System32\Ikeext.etl
2012-06-01 02:30 - 2012-06-01 02:30 - 00000000 ____D C:\Users\Stun\Documents\The KMPlayer
2012-05-28 23:38 - 2011-01-28 22:00 - 00330240 ____A ((?)????) C:\Windows\MASetupCaller.dll
2012-05-26 23:15 - 2011-05-21 19:06 - 00000000 ____D C:\Users\Stun\Desktop\from flash
2012-05-26 15:25 - 2012-05-26 15:25 - 00000000 ____D C:\Users\Stun\Documents\samsung
2012-05-26 15:24 - 2012-05-26 15:24 - 00000000 ____D C:\Users\Stun\Documents\JRT Studio
2012-05-20 18:09 - 2012-06-03 02:20 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-05-20 18:09 - 2012-06-03 02:20 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2012-05-20 04:36 - 2011-01-03 02:36 - 00000000 ____D C:\Users\Stun\Documents\My Goals and Achievements
2012-05-19 22:21 - 2010-09-26 17:53 - 00000000 ____D C:\Users\Stun\Documents\My Letters
2012-05-18 16:18 - 2009-08-31 11:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-18 02:29 - 2009-08-31 17:28 - 00000000 ____D C:\Users\Все пользователи\Microsoft Help
2012-05-18 02:29 - 2009-08-31 17:28 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-10 13:51 - 2010-08-09 12:35 - 00000000 ____D C:\Users\Stun\Documents\My Books
2012-05-10 00:02 - 2010-08-08 14:01 - 00000000 ____D C:\Users\Stun\Documents\My Profession
2012-05-09 14:53 - 2011-07-14 13:33 - 00000000 ___RD C:\Users\Stun\Desktop\FILMS
2012-05-08 18:46 - 2011-09-10 03:12 - 00000000 ____D C:\Users\Stun\Documents\My Investments
2012-05-08 02:53 - 2011-04-16 04:57 - 00000426 ____A C:\Windows\BRWMARK.INI
2012-05-06 00:35 - 2010-10-12 13:08 - 00000000 ____D C:\Users\Stun\Documents\My Car
2012-05-04 05:26 - 2010-02-12 12:59 - 00000000 ____D C:\Users\Stun\Documents\My System Files
2012-05-04 05:21 - 2012-05-04 05:21 - 00000000 ____D C:\Users\Stun\AppData\Roaming\Agile Web Solutions
2012-05-02 14:50 - 2010-08-22 13:10 - 00000000 ____D C:\Users\Все пользователи\Skype
2012-05-02 14:50 - 2010-08-22 13:10 - 00000000 ____D C:\Users\All Users\Skype
2012-05-01 21:09 - 2012-05-01 19:08 - 00032373 ____A C:\Users\Stun\Desktop\Sales analysis.mmap
2012-04-27 16:58 - 2010-08-08 14:05 - 00000000 ____D C:\Users\Stun\Documents\My Identity
2012-04-26 02:03 - 2010-01-24 17:14 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-18 04:37 - 2012-04-18 04:36 - 00000000 ____D C:\Windows\System32\explorer
2012-04-18 04:36 - 2012-04-18 04:36 - 00000000 ____D C:\Anoirsoft
2012-04-18 04:35 - 2012-04-18 04:35 - 00000000 ____D C:\Program Files (x86)\Anoirsoft
2012-04-14 00:17 - 2009-07-13 18:34 - 00001028 ____A C:\Windows\win.ini
2012-04-13 23:08 - 2012-04-13 23:08 - 00000989 ____A C:\Users\Public\Desktop\XviD4PSP 5.lnk
2012-04-13 23:08 - 2012-04-13 23:08 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2012-04-13 23:07 - 2011-02-19 03:43 - 00000000 ____D C:\Program Files (x86)\XviD4PSP 5
2012-04-10 03:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-04-09 04:42 - 2009-08-31 11:26 - 00000000 ____D C:\Program Files (x86)\NewTech Infosystems
2012-04-09 04:42 - 2009-08-31 11:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-04-09 02:49 - 2012-04-09 02:49 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-04-04 18:52 - 2012-04-04 18:52 - 00000000 ____D C:\Program Files (x86)\JRT Studio
2012-04-04 04:11 - 2010-12-29 04:29 - 00002631 ____A C:\Windows\FontExpert.INI
2012-04-03 21:56 - 2012-06-08 19:50 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-31 03:09 - 2010-02-27 09:05 - 00000000 ____D C:\Program Files (x86)\Sony
2012-03-30 22:05 - 2012-05-11 02:02 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-11 02:02 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-11 02:02 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-11 02:02 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-11 02:01 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-30 02:29 - 2010-08-07 17:51 - 00000375 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-03-30 00:14 - 2012-03-30 00:11 - 00000000 ____D C:\Program Files (x86)\GUM5737.tmp
2012-03-24 01:40 - 2012-03-24 01:38 - 00000000 ____D C:\Program Files (x86)\GUM701B.tmp
2012-03-18 03:28 - 2010-12-29 01:06 - 00000000 ____D C:\Users\Stun\AppData\Roaming\FileZilla
2012-03-16 23:58 - 2012-05-11 02:01 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys

ZeroAccess:
C:\Windows\Installer\{cad216fd-fba4-a113-3083-1516dfe18b59}
C:\Windows\Installer\{cad216fd-fba4-a113-3083-1516dfe18b59}\@
C:\Windows\Installer\{cad216fd-fba4-a113-3083-1516dfe18b59}\L
C:\Windows\Installer\{cad216fd-fba4-a113-3083-1516dfe18b59}\U
C:\Windows\Installer\{cad216fd-fba4-a113-3083-1516dfe18b59}\L\00000004.@
C:\Windows\Installer\{cad216fd-fba4-a113-3083-1516dfe18b59}\L\1afb2d56
C:\Windows\Installer\{cad216fd-fba4-a113-3083-1516dfe18b59}\L\201d3dde
C:\Windows\Installer\{cad216fd-fba4-a113-3083-1516dfe18b59}\U\00000004.@
C:\Windows\Installer\{cad216fd-fba4-a113-3083-1516dfe18b59}\U\00000008.@
C:\Windows\Installer\{cad216fd-fba4-a113-3083-1516dfe18b59}\U\000000cb.@
C:\Windows\Installer\{cad216fd-fba4-a113-3083-1516dfe18b59}\U\80000000.@
C:\Windows\Installer\{cad216fd-fba4-a113-3083-1516dfe18b59}\U\80000032.@
C:\Windows\Installer\{cad216fd-fba4-a113-3083-1516dfe18b59}\U\80000064.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 4027.79 MB
Available physical RAM: 3275.3 MB
Total Pagefile: 4025.94 MB
Available Pagefile: 3266.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: (Stun) (Fixed) (Total:286.27 GB) (Free:13.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (PQSERVICE) (Fixed) (Total:11.72 GB) (Free:2.22 GB) NTFS
4 Drive g: (UNTITLED) (Removable) (Total:7.52 GB) (Free:7.51 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]

(‘) Љ®аЇ®а жЁп Њ ©Єа®б®дв, 1999-2008.
Ќ  Є®¬ЇмовҐаҐ: MININT-I5GOQ3G

„ЁбЄ ### ‘®бв®п­ЁҐ ђ §¬Ґа ‘ў®Ў®¤­® „Ё­ GPT
-------- ------------- ------- ------- --- ---
„ЁбЄ 0 ‚ бҐвЁ 298 GЎ ©в 0 Ў ©в
„ЁбЄ 1 ‚ бҐвЁ 7712 MЎ ©в 0 Ў ©в

‡ ўҐа襭ЁҐ а Ў®вл DiskPart...


==========================================================

Last Boot: 2012-05-29 03:05

======================= End Of Log ==========================

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 PM

Posted 10 June 2012 - 12:10 AM

Hello,

That tool needs to be run from the Recovery Environment to function properly. Please see my last post for instructions on how to do that and run FRST again from the Recovery Environment.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 kudinov

kudinov
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 10 June 2012 - 12:34 AM

Thank again, for your promptness, RPMcMurphy.

I was also a bit surprised to see the comment about the non-recovery environment. But trust me, I just do not have anymore time and patience not to follow your instructions:) I should have pointed to you previously that I truly did run it from Recovery Console (though F8, chosing the language to US, command prompt etc.) irrespective of the comment in FSRx64 log. M.b. it is my Windows Localized system or something else which does not allow FRS identify the env. properly.

Anyway, to be double assured I run it again and got the new log for your review. As mentioned, I disbanded any type of my persopnal activity to remove the threat and right now just looking forward to your further instructions!

___
Scan result of Farbar Recovery Scan Tool Version: 09-06-2012 01
Ran by система at 10-06-2012 15:17:27
Running from G:\
Windows 7 Home Premium (X64) OS Language: Russian
The current controlset is ControlSet001

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2009-10-01] (Acer Incorporated)
HKLM\...\Run: [ODDPwr] "C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe" [221728 2009-09-04] (Acer Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [x]
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [pdfFactory Pro Dispatcher v3] "C:\Windows\system32\spool\DRIVERS\x64\3\fppdis3a.exe" /source=HKLM [745984 2009-06-11] (FinePrint Software, LLC)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [162328 2011-03-02] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2011-03-02] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [417304 2011-03-02] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1194504 2009-08-27] (Dritek System Inc.)
HKLM-x32\...\Run: [Lingvo Launcher] "C:\Program Files (x86)\ABBYY Lingvo 12\Lvagent.exe" /STARTUP [258048 2006-12-13] (ABBYY (BIT Software))
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421160 2011-03-06] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe [37728 2011-09-13] (Mindjet)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-05-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-12] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Agile1pAgent] C:\Program Files (x86)\1Password\Agile1pAgent.exe [2204424 2012-03-30] (AgileBits)
HKLM-x32\...\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe [2077536 2012-06-08] (AVG Technologies CZ, s.r.o.)
HKU\Stun\...\Run: [AdobeBridge] [x]
HKU\Stun\...\Run: [Winsplit] C:\Program Files (x86)\WinSplit Revolution\WinSplit.exe [3951616 2011-04-12] ()
HKU\Stun\...\Run: [Google Update] "C:\Users\Stun\AppData\Local\Google\Update\GoogleUpdate.exe" /c [135664 2010-08-19] (Google Inc.)
HKU\Stun\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3521464 2012-05-29] (Samsung Electronics Co., Ltd.)
HKU\Stun\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-05-29] ()
HKU\Stun\...\Run: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe [165088 2011-11-26] (Fieldston Software)
HKU\Stun\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [x]
HKU\Stun\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17355912 2012-05-02] (Skype Technologies S.A.)
HKU\Stun\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-04] (Safer-Networking Ltd.)
HKU\Stun\...\Run: [Tutor.exe] C:\Program Files (x86)\ABBYY Lingvo 12\Tutor.exe /AS [987136 2006-12-13] (ABBYY (BIT Software))
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
AppInit_DLLs: avgrssta.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\iSyncr.lnk
ShortcutTarget: iSyncr.lnk -> C:\Windows\Installer\{90B02E49-CFDD-405C-A508-122BB98D2471}\_6AB9B392AAC9001DFFC0EB.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\Все пользователи\Start Menu\Programs\Startup\iSyncr.lnk
ShortcutTarget: iSyncr.lnk -> C:\Windows\Installer\{90B02E49-CFDD-405C-A508-122BB98D2471}\_6AB9B392AAC9001DFFC0EB.exe ()
Startup: C:\Users\Все пользователи\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

==================== Services (Whitelisted) ======

2 Agile1Password; C:\Program Files (x86)\1Password\Agile1pService.exe [768776 2012-03-30] (AgileBits)
2 avg9wd; "C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe" [308136 2012-06-08] (AVG Technologies CZ, s.r.o.)
2 avgfws9; "C:\Program Files (x86)\AVG\AVG9\avgfws9.exe" [2331544 2012-06-08] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe" AVGIDSAgent [5897808 2012-06-03] (AVG Technologies CZ, s.r.o.)
3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-13] (Корпорация Майкрософт)
2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [107016 2009-08-24] (Dritek System Inc.)
2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [786976 2009-10-01] (Acer Incorporated)
2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2012-02-25] ()
2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-07] (Egis Technology Inc.)
3 NMSAccess; C:\Windows\SysWOW64\NMSAccessU.exe [71096 2009-01-11] ()
2 ODDPwrSvc; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [158240 2009-09-04] (Acer Incorporated)
2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-09] (Acer Incorporated)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-25] (Safer Networking Ltd.)
2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe [186760 2011-05-20] ()
3 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)
3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-13] (Корпорация Майкрософт)
3 WPCSvc; C:\Windows\SysWow64\wpcsvc.dll [10752 2009-07-13] (Корпорация Майкрософт)
3 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [29976 2012-06-03] (AVG Technologies CZ, s.r.o.)
3 AVGIDSDriverw7a; \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [132688 2012-06-03] (AVG Technologies CZ, s.r.o. )
0 AVGIDSErHrw7a; C:\Windows\System32\Drivers\AVGIDSwa.sys [27216 2012-06-03] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilterw7a; \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [35920 2012-06-03] (AVG Technologies CZ, s.r.o. )
1 AvgLdx64; C:\Windows\System32\Drivers\AvgLdx64.sys [269904 2012-06-08] (AVG Technologies CZ, s.r.o.)
1 AvgMfx64; C:\Windows\System32\Drivers\AvgMfx64.sys [35664 2012-06-08] (AVG Technologies CZ, s.r.o.)
0 AvgRkx64; C:\Windows\System32\Drivers\AvgRkx64.sys [56008 2012-06-03] (AVG Technologies CZ, s.r.o.)
1 AvgTdiA; C:\Windows\System32\Drivers\AvgTdiA.sys [317520 2012-06-08] (AVG Technologies CZ, s.r.o.)
2 iPodDrv; C:\Windows\System32\Drivers\iPodDrv.sys [14952 2011-07-27] (Windows ® Codename Longhorn DDK provider)
3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.sys [74256 2009-06-17] (Logitech, Inc.)
3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.sys [13328 2009-06-17] (Logitech, Inc.)
3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.sys [40976 2009-06-17] (Logitech, Inc.)
0 mountmgr; C:\Windows\System32\Drivers\mountmgr.sys [94592 2010-11-20] (Корпорация Майкрософт)
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [216064 2009-06-04] (Realtek Semiconductor Corp.)
0 volmgrx; C:\Windows\System32\Drivers\volmgrx.sys [363392 2010-11-20] (Корпорация Майкрософт)
3 WinRing0_1_2_0; \??\C:\Program Files (x86)\1810tray.53\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [x]
3 btwavdt; C:\Windows\System32\DRIVERS\btwavdt.sys [x]
3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [x]
3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [x]
3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [x]
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [x]
3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
2 TMAgent; [x]
3 TVICPORT; \??\C:\Windows\system32\DRIVERS\TVICPORT.SYS [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]
3 WINIO; \??\C:\Users\Stun\Desktop\smartfan1173\winio.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-10 12:54 - 2012-06-10 15:17 - 00000000 ____D C:\FRST
2012-06-09 20:33 - 2012-06-09 20:16 - 63087420 ____A (RePack by SPecialiST) C:\Users\Stun\Desktop\ESET Smart Security 5.2.9.12 X86+X64 RePack AIO by SPecialiST.exe
2012-06-09 19:55 - 2012-06-09 19:55 - 00020039 ____A C:\Users\Stun\Downloads\[NNM-Club.ru]_ESET Smart Security 5.2.9.12 X86+X64 RePack AIO by SPecialiST.exe (1).torrent
2012-06-09 19:50 - 2012-06-09 19:50 - 00000911 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-06-09 19:49 - 2012-06-09 19:49 - 00020039 ____A C:\Users\Stun\Downloads\[NNM-Club.ru]_ESET Smart Security 5.2.9.12 X86+X64 RePack AIO by SPecialiST.exe.torrent
2012-06-09 18:39 - 2012-06-09 18:40 - 01399435 ____A C:\Users\Stun\Downloads\FRST64 (1).exe
2012-06-09 18:30 - 2012-06-09 18:30 - 01399435 ____A C:\Users\Stun\Downloads\FRST64.exe
2012-06-09 17:02 - 2012-06-09 17:02 - 02322184 ____A (ESET) C:\Users\Stun\Downloads\esetsmartinstaller_enu.exe
2012-06-09 17:02 - 2012-06-09 17:02 - 00000000 ____D C:\Program Files (x86)\ESET
2012-06-09 16:59 - 2012-06-09 16:59 - 00000000 ___SD C:\32788R22FWJFW
2012-06-09 16:50 - 2012-06-09 16:50 - 00338127 ____A C:\Users\Stun\Downloads\FSS.exe
2012-06-09 16:50 - 2012-06-09 16:50 - 00000260 ____A C:\Users\Stun\Downloads\FSS.txt
2012-06-09 16:30 - 2012-06-09 16:31 - 00138120 ____A (ESET) C:\Users\Stun\Downloads\ESETSirefefRemover (1).exe
2012-06-09 16:29 - 2012-06-09 16:29 - 00138120 ____A (ESET) C:\Users\Stun\Downloads\ESETSirefefRemover.exe
2012-06-09 05:08 - 2012-06-09 05:18 - 00191374 ____A C:\Windows\ntbtlog.txt
2012-06-09 04:53 - 2012-06-09 04:53 - 00000540 ____A C:\Users\Stun\Downloads\defogger_disable.log
2012-06-09 04:53 - 2012-06-09 04:53 - 00000168 ____A C:\Users\Stun\defogger_reenable
2012-06-09 04:52 - 2012-06-09 04:52 - 00050477 ____A C:\Users\Stun\Downloads\Defogger.exe
2012-06-09 04:46 - 2012-06-09 04:46 - 00302592 ____A C:\Users\Stun\Downloads\q67jjf7r.exe
2012-06-09 04:14 - 2012-06-09 04:14 - 04731392 ____A (AVAST Software) C:\Users\Stun\Downloads\aswMBR.exe
2012-06-09 04:13 - 2012-06-09 04:13 - 01932256 ____A (Symantec Corporation) C:\Users\Stun\Downloads\FixTDSS.exe
2012-06-09 04:10 - 2012-06-09 04:10 - 00116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\73286590.sys
2012-06-09 03:53 - 2012-06-09 03:53 - 02108959 ____A C:\Users\Stun\Downloads\tdsskiller.zip
2012-06-09 03:51 - 2012-06-09 03:51 - 00071398 ____A (jpshortstuff) C:\Users\Stun\Downloads\GooredFix.exe
2012-06-09 02:12 - 2012-06-09 02:12 - 00080384 ____A C:\Users\Stun\Downloads\MBRCheck.exe
2012-06-09 01:53 - 2012-06-09 01:53 - 00607260 ____R (Swearware) C:\Users\Stun\Downloads\dds.scr
2012-06-09 01:35 - 2012-06-09 01:35 - 00347424 ____A (Microsoft Corporation) C:\Users\Stun\Downloads\MicrosoftFixit.WindowsFirewall.RNP.80262665317959593.1.1.Run.exe
2012-06-08 20:33 - 2010-01-27 10:17 - 00000852 ____A C:\Windows\System32\Drivers\etc\hosts.20120609-143327.backup
2012-06-08 20:27 - 2012-06-08 21:14 - 00000000 ____D C:\Users\Все пользователи\Spybot - Search & Destroy
2012-06-08 20:27 - 2012-06-08 21:14 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-08 20:27 - 2012-06-08 20:29 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-08 20:03 - 2012-06-08 20:03 - 16409960 ____A (Safer Networking Limited ) C:\Users\Stun\Downloads\spybotsd162.exe
2012-06-08 19:50 - 2012-06-09 13:49 - 00000000 ____D C:\Users\Все пользователи\Malwarebytes
2012-06-08 19:50 - 2012-06-09 13:49 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-08 19:50 - 2012-06-08 19:50 - 00001077 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-08 19:50 - 2012-06-08 19:50 - 00000000 ____D C:\Users\Stun\AppData\Roaming\Malwarebytes
2012-06-08 19:50 - 2012-06-08 19:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-08 19:50 - 2012-04-03 21:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-08 19:49 - 2012-06-08 19:49 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Stun\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-08 19:14 - 2012-06-08 19:19 - 126866423 ____A C:\Users\Stun\Downloads\w12alla1913sh.bin
2012-06-08 19:14 - 2012-06-08 19:14 - 00782952 ____A C:\Users\Stun\Downloads\x12all1238gv.bin
2012-06-08 19:13 - 2012-06-08 19:13 - 00629478 ____A C:\Users\Stun\Downloads\u12ifw226gp.bin
2012-06-08 19:13 - 2012-06-08 19:13 - 00229797 ____A C:\Users\Stun\Downloads\u12idat286ax.bin
2012-06-08 19:13 - 2012-06-08 19:13 - 00113586 ____A C:\Users\Stun\Downloads\u12ichjw4ai.bin
2012-06-08 19:11 - 2012-06-08 19:12 - 63642053 ____A C:\Users\Stun\Downloads\u12iavi5057no.bin
2012-06-08 18:37 - 2012-06-08 18:37 - 06769863 ____A C:\Users\Stun\Downloads\w12corea2433gm.bin
2012-06-08 16:25 - 2012-06-08 16:25 - 00000000 ___HD C:\$AVG
2012-06-08 16:22 - 2012-06-08 16:22 - 00000000 ____D C:\Windows\SysWOW64\Drivers\avg
2012-06-03 04:33 - 2012-06-03 04:51 - 00000140 ____A C:\Users\Stun\AppData\Roaming\FontDoctor Prefs
2012-06-03 04:33 - 2012-06-03 04:33 - 00160163 ____A C:\Windows\FontDoctor for Windows Uninstaller.exe.bak
2012-06-03 03:59 - 2012-06-03 03:59 - 00000000 ____D C:\Users\Stun\AppData\Roaming\Thinstall
2012-06-03 03:31 - 2012-06-08 18:53 - 00317520 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2012-06-03 03:31 - 2012-06-03 03:31 - 00056008 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgrkx64.sys
2012-06-03 03:31 - 2012-06-03 03:31 - 00027216 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\AVGIDSwa.sys
2012-06-03 03:31 - 2012-06-03 03:31 - 00013048 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\avgrssta.dll
2012-06-03 03:30 - 2012-06-09 14:44 - 00000000 ____D C:\Windows\System32\Drivers\Avg
2012-06-03 03:30 - 2012-06-08 22:46 - 00269904 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
2012-06-03 03:30 - 2012-06-08 18:53 - 00035664 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
2012-06-03 03:29 - 2012-06-09 16:13 - 00000000 ____D C:\Users\Все пользователи\avg9
2012-06-03 03:29 - 2012-06-09 16:13 - 00000000 ____D C:\Users\All Users\avg9
2012-06-03 03:29 - 2012-06-03 03:29 - 00029976 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgfwd6a.sys
2012-06-03 03:29 - 2012-06-03 03:29 - 00000000 ____D C:\Program Files (x86)\AVG
2012-06-03 03:24 - 2012-06-03 03:24 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-03 02:20 - 2012-05-20 18:09 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-06-03 02:20 - 2012-05-20 18:09 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2012-06-02 23:20 - 2012-06-09 19:57 - 00000000 ____D C:\Program Files (x86)\FontDoctor for Windows
2012-06-02 23:20 - 2012-06-03 03:43 - 00000041 ____A C:\Users\Все пользователи\fd4_sys.d
2012-06-02 23:20 - 2012-06-03 03:43 - 00000041 ____A C:\Users\All Users\fd4_sys.d
2012-06-02 23:20 - 2012-06-02 23:20 - 00000000 ____D C:\Users\Stun\AppData\Roaming\com.FontGear.data
2012-06-02 20:37 - 2012-06-09 11:17 - 00000000 ____D C:\Plug-ins
2012-06-02 20:37 - 2012-06-02 23:07 - 00000000 ____D C:\Users\Stun\AppData\Local\Extensis
2012-06-02 20:37 - 2012-06-02 20:52 - 00000000 ____D C:\Users\Все пользователи\Extensis
2012-06-02 20:37 - 2012-06-02 20:52 - 00000000 ____D C:\Users\Stun\AppData\Roaming\Extensis
2012-06-02 20:37 - 2012-06-02 20:52 - 00000000 ____D C:\Users\All Users\Extensis
2012-06-02 20:35 - 2012-06-02 20:35 - 00000000 ____D C:\Program Files (x86)\Extensis
2012-06-01 02:30 - 2012-06-01 02:30 - 00000000 ____D C:\Users\Stun\Documents\The KMPlayer
2012-05-26 15:25 - 2012-05-26 15:25 - 00000000 ____D C:\Users\Stun\Documents\samsung
2012-05-26 15:24 - 2012-05-26 15:24 - 00000000 ____D C:\Users\Stun\Documents\JRT Studio
2012-05-11 02:02 - 2012-03-30 22:05 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-11 02:02 - 2012-03-30 20:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-11 02:02 - 2012-03-30 20:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-11 02:02 - 2012-03-30 19:10 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-11 02:02 - 2012-03-02 22:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-11 02:02 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-11 02:01 - 2012-03-30 03:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-11 02:01 - 2012-03-16 23:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys

============ 3 Months Modified Files and Folders =============

2012-06-10 15:17 - 2012-06-10 12:54 - 00000000 ____D C:\FRST
2012-06-09 21:14 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2012-06-09 21:12 - 2010-08-22 13:11 - 00000000 ____D C:\Users\Stun\AppData\Roaming\Skype
2012-06-09 21:11 - 2010-08-17 10:34 - 00000000 ____D C:\Users\Stun\Documents\My Fonts
2012-06-09 20:59 - 2010-08-06 12:10 - 00000000 ____D C:\Users\Stun\Documents\My Projects
2012-06-09 20:52 - 2012-02-25 00:56 - 00000000 ____D C:\Users\Stun\AppData\Roaming\gSyncit
2012-06-09 20:44 - 2010-08-22 12:53 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3003021182-1607425790-1800358092-1000UA.job
2012-06-09 20:43 - 2011-02-25 13:27 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-09 20:43 - 2011-02-19 19:07 - 00000000 ____D C:\Program Files (x86)\1810tray.53
2012-06-09 20:43 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-09 20:42 - 2009-07-13 21:08 - 00032624 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-09 20:41 - 2010-02-27 08:51 - 00000000 ____D C:\Users\Stun\AppData\Roaming\uTorrent
2012-06-09 20:38 - 2010-01-24 15:57 - 01337421 ____A C:\Windows\WindowsUpdate.log
2012-06-09 20:26 - 2010-04-03 11:18 - 00000000 ____D C:\Program Files (x86)\ABBYY Lingvo 12
2012-06-09 20:17 - 2011-02-25 13:27 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-09 20:16 - 2012-06-09 20:33 - 63087420 ____A (RePack by SPecialiST) C:\Users\Stun\Desktop\ESET Smart Security 5.2.9.12 X86+X64 RePack AIO by SPecialiST.exe
2012-06-09 19:57 - 2012-06-02 23:20 - 00000000 ____D C:\Program Files (x86)\FontDoctor for Windows
2012-06-09 19:55 - 2012-06-09 19:55 - 00020039 ____A C:\Users\Stun\Downloads\[NNM-Club.ru]_ESET Smart Security 5.2.9.12 X86+X64 RePack AIO by SPecialiST.exe (1).torrent
2012-06-09 19:50 - 2012-06-09 19:50 - 00000911 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-06-09 19:50 - 2010-01-25 02:45 - 00708034 ____A C:\Windows\System32\perfh019.dat
2012-06-09 19:50 - 2010-01-25 02:45 - 00142302 ____A C:\Windows\System32\perfc019.dat
2012-06-09 19:50 - 2009-07-13 21:13 - 01600264 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-09 19:49 - 2012-06-09 19:49 - 00020039 ____A C:\Users\Stun\Downloads\[NNM-Club.ru]_ESET Smart Security 5.2.9.12 X86+X64 RePack AIO by SPecialiST.exe.torrent
2012-06-09 19:49 - 2010-02-27 08:51 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-06-09 19:12 - 2009-07-13 20:45 - 00017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-09 19:12 - 2009-07-13 20:45 - 00017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-09 19:03 - 2012-04-04 17:12 - 00000000 ___RD C:\Users\Stun\Documents\Dropbox
2012-06-09 19:03 - 2012-04-04 17:09 - 00000000 ____D C:\Users\Stun\AppData\Roaming\Dropbox
2012-06-09 19:00 - 2011-04-16 04:55 - 00068177 ____A C:\Windows\setupact.log
2012-06-09 18:46 - 2011-04-16 05:02 - 00000269 ____A C:\Windows\Brownie.ini
2012-06-09 18:40 - 2012-06-09 18:39 - 01399435 ____A C:\Users\Stun\Downloads\FRST64 (1).exe
2012-06-09 18:30 - 2012-06-09 18:30 - 01399435 ____A C:\Users\Stun\Downloads\FRST64.exe
2012-06-09 17:02 - 2012-06-09 17:02 - 02322184 ____A (ESET) C:\Users\Stun\Downloads\esetsmartinstaller_enu.exe
2012-06-09 17:02 - 2012-06-09 17:02 - 00000000 ____D C:\Program Files (x86)\ESET
2012-06-09 16:59 - 2012-06-09 16:59 - 00000000 ___SD C:\32788R22FWJFW
2012-06-09 16:50 - 2012-06-09 16:50 - 00338127 ____A C:\Users\Stun\Downloads\FSS.exe
2012-06-09 16:50 - 2012-06-09 16:50 - 00000260 ____A C:\Users\Stun\Downloads\FSS.txt
2012-06-09 16:33 - 2010-05-10 01:55 - 00023886 ____A C:\Windows\Notepad2.ini
2012-06-09 16:31 - 2012-06-09 16:30 - 00138120 ____A (ESET) C:\Users\Stun\Downloads\ESETSirefefRemover (1).exe
2012-06-09 16:29 - 2012-06-09 16:29 - 00138120 ____A (ESET) C:\Users\Stun\Downloads\ESETSirefefRemover.exe
2012-06-09 16:13 - 2012-06-03 03:29 - 00000000 ____D C:\Users\Все пользователи\avg9
2012-06-09 16:13 - 2012-06-03 03:29 - 00000000 ____D C:\Users\All Users\avg9
2012-06-09 14:44 - 2012-06-03 03:30 - 00000000 ____D C:\Windows\System32\Drivers\Avg
2012-06-09 13:49 - 2012-06-08 19:50 - 00000000 ____D C:\Users\Все пользователи\Malwarebytes
2012-06-09 13:49 - 2012-06-08 19:50 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-09 13:47 - 2011-05-04 01:43 - 00435192 ____A C:\Windows\PFRO.log
2012-06-09 11:22 - 2012-05-04 05:17 - 00000000 ____D C:\Program Files (x86)\1Password
2012-06-09 11:22 - 2011-05-07 06:23 - 00000000 ____D C:\Users\Все пользователи\Avira
2012-06-09 11:22 - 2011-05-07 06:23 - 00000000 ____D C:\Users\All Users\Avira
2012-06-09 11:22 - 2011-05-07 06:23 - 00000000 ____D C:\Program Files (x86)\Avira
2012-06-09 11:22 - 2011-03-14 00:23 - 00000000 ____D C:\Program Files\Bonjour
2012-06-09 11:22 - 2011-03-14 00:23 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-06-09 11:22 - 2011-02-13 03:16 - 00000000 ____D C:\Program Files (x86)\TagRename
2012-06-09 11:22 - 2010-12-29 01:06 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2012-06-09 11:22 - 2010-04-03 04:31 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2012-06-09 11:22 - 2010-02-20 12:58 - 00000000 ____D C:\Windows\WindowsMobile
2012-06-09 11:22 - 2010-02-12 12:31 - 00000000 ____D C:\Program Files\iTunes
2012-06-09 11:22 - 2010-02-12 12:29 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-06-09 11:22 - 2010-01-24 16:19 - 00000000 ____D C:\Program Files (x86)\Launch Manager
2012-06-09 11:22 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2012-06-09 11:22 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2012-06-09 11:22 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2012-06-09 11:22 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2012-06-09 11:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2012-06-09 11:21 - 2009-08-31 12:10 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-06-09 11:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-06-09 11:18 - 2012-01-18 01:01 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2012-06-09 11:18 - 2011-04-16 04:42 - 00000000 ____D C:\Program Files\CCleaner
2012-06-09 11:18 - 2011-03-14 00:26 - 00000000 ____D C:\Program Files\iPod
2012-06-09 11:18 - 2010-08-22 12:56 - 00000000 ____D C:\Program Files\Logitech
2012-06-09 11:18 - 2010-08-22 12:56 - 00000000 ____D C:\Program Files\Common Files\Logishrd
2012-06-09 11:18 - 2010-03-27 09:38 - 00000000 ____D C:\Program Files\KLCP64
2012-06-09 11:18 - 2010-02-27 11:08 - 00000000 ____D C:\Program Files\HP
2012-06-09 11:18 - 2010-02-12 12:28 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-06-09 11:18 - 2010-01-27 11:25 - 00000000 ____D C:\Program Files\Adobe
2012-06-09 11:18 - 2010-01-27 10:30 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-06-09 11:18 - 2010-01-24 16:18 - 00000000 ____D C:\Program Files\Synaptics
2012-06-09 11:18 - 2010-01-24 16:18 - 00000000 ____D C:\Program Files\Realtek
2012-06-09 11:18 - 2010-01-24 16:13 - 00000000 ____D C:\Program Files\ATI
2012-06-09 11:18 - 2009-08-31 17:29 - 00000000 ____D C:\Program Files\Microsoft Office
2012-06-09 11:18 - 2009-08-31 12:10 - 00000000 ____D C:\Program Files\Windows Journal
2012-06-09 11:18 - 2009-08-31 11:38 - 00000000 ____D C:\Program Files\Acer
2012-06-09 11:18 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2012-06-09 11:18 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2012-06-09 11:18 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\MSBuild
2012-06-09 11:18 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Microsoft Games
2012-06-09 11:18 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2012-06-09 11:18 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Windows NT
2012-06-09 11:18 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2012-06-09 11:18 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-06-09 11:18 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-06-09 11:17 - 2012-06-02 20:37 - 00000000 ____D C:\Plug-ins
2012-06-09 11:17 - 2012-04-09 02:41 - 00000000 ____D C:\AMD
2012-06-09 11:17 - 2011-09-30 17:32 - 00000000 ____D C:\MM8_11
2012-06-09 11:17 - 2011-06-15 03:41 - 00000000 ____D C:\MYOBODBCAU8
2012-06-09 11:17 - 2011-06-15 03:41 - 00000000 ____D C:\MYOBODBC
2012-06-09 11:17 - 2011-06-15 03:36 - 00000000 ____D C:\myob18ED
2012-06-09 11:17 - 2011-04-19 02:14 - 00000000 ____D C:\PFiles
2012-06-09 11:17 - 2010-08-16 13:40 - 00000000 ____D C:\Program Files (x86)\2BrightSparks
2012-06-09 11:17 - 2010-04-09 13:16 - 00000000 ____D C:\Program Files (x86)\ABBYY FineReader 8.0 Professional Edition
2012-06-09 11:17 - 2010-02-23 04:56 - 00000000 ___HD C:\CanoScan
2012-06-09 11:17 - 2010-01-30 09:13 - 00000000 ____D C:\Program Files (x86)\ACD Systems
2012-06-09 11:17 - 2009-08-31 17:28 - 00000000 __RHD C:\MSOCache
2012-06-09 11:17 - 2009-08-31 12:05 - 00000000 ___HD C:\oem
2012-06-09 11:17 - 2009-08-31 11:38 - 00000000 ____D C:\Program Files (x86)\Acer
2012-06-09 11:17 - 2009-08-31 11:23 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-06-09 05:18 - 2012-06-09 05:08 - 00191374 ____A C:\Windows\ntbtlog.txt
2012-06-09 04:53 - 2012-06-09 04:53 - 00000540 ____A C:\Users\Stun\Downloads\defogger_disable.log
2012-06-09 04:53 - 2012-06-09 04:53 - 00000168 ____A C:\Users\Stun\defogger_reenable
2012-06-09 04:53 - 2010-01-24 16:07 - 00000000 ____D C:\users\Stun
2012-06-09 04:52 - 2012-06-09 04:52 - 00050477 ____A C:\Users\Stun\Downloads\Defogger.exe
2012-06-09 04:46 - 2012-06-09 04:46 - 00302592 ____A C:\Users\Stun\Downloads\q67jjf7r.exe
2012-06-09 04:14 - 2012-06-09 04:14 - 04731392 ____A (AVAST Software) C:\Users\Stun\Downloads\aswMBR.exe
2012-06-09 04:13 - 2012-06-09 04:13 - 01932256 ____A (Symantec Corporation) C:\Users\Stun\Downloads\FixTDSS.exe
2012-06-09 04:10 - 2012-06-09 04:10 - 00116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\73286590.sys
2012-06-09 03:53 - 2012-06-09 03:53 - 02108959 ____A C:\Users\Stun\Downloads\tdsskiller.zip
2012-06-09 03:51 - 2012-06-09 03:51 - 00071398 ____A (jpshortstuff) C:\Users\Stun\Downloads\GooredFix.exe
2012-06-09 02:44 - 2010-08-22 12:53 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3003021182-1607425790-1800358092-1000Core.job
2012-06-09 02:30 - 2011-06-13 21:41 - 00000000 ____D C:\Program Files\SysinternalsSuite
2012-06-09 02:12 - 2012-06-09 02:12 - 00080384 ____A C:\Users\Stun\Downloads\MBRCheck.exe
2012-06-09 01:53 - 2012-06-09 01:53 - 00607260 ____R (Swearware) C:\Users\Stun\Downloads\dds.scr
2012-06-09 01:40 - 2010-02-20 12:46 - 00000000 ____D C:\Users\Stun\AppData\Local\ElevatedDiagnostics
2012-06-09 01:35 - 2012-06-09 01:35 - 00347424 ____A (Microsoft Corporation) C:\Users\Stun\Downloads\MicrosoftFixit.WindowsFirewall.RNP.80262665317959593.1.1.Run.exe
2012-06-09 00:00 - 2011-09-08 01:39 - 00000464 ____A C:\Windows\Tasks\ParetoLogic Registration.job
2012-06-08 22:46 - 2012-06-03 03:30 - 00269904 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
2012-06-08 21:14 - 2012-06-08 20:27 - 00000000 ____D C:\Users\Все пользователи\Spybot - Search & Destroy
2012-06-08 21:14 - 2012-06-08 20:27 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-08 20:33 - 2010-01-27 10:16 - 00442913 ____R C:\Windows\System32\Drivers\etc\hosts
2012-06-08 20:29 - 2012-06-08 20:27 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-08 20:03 - 2012-06-08 20:03 - 16409960 ____A (Safer Networking Limited ) C:\Users\Stun\Downloads\spybotsd162.exe
2012-06-08 19:50 - 2012-06-08 19:50 - 00001077 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-08 19:50 - 2012-06-08 19:50 - 00000000 ____D C:\Users\Stun\AppData\Roaming\Malwarebytes
2012-06-08 19:50 - 2012-06-08 19:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-08 19:49 - 2012-06-08 19:49 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Stun\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-08 19:42 - 2011-05-07 05:21 - 00000000 ____D C:\Program Files (x86)\WinSplit Revolution
2012-06-08 19:24 - 2010-08-20 08:25 - 00000000 ____D C:\Program Files\Unlocker
2012-06-08 19:24 - 2010-01-24 18:00 - 00000000 ____D C:\Program Files\WinRAR
2012-06-08 19:22 - 2012-03-09 02:16 - 00000000 ____D C:\Program Files\AVI MPEG RM WMV Splitter Portable 4.28
2012-06-08 19:19 - 2012-06-08 19:14 - 126866423 ____A C:\Users\Stun\Downloads\w12alla1913sh.bin
2012-06-08 19:14 - 2012-06-08 19:14 - 00782952 ____A C:\Users\Stun\Downloads\x12all1238gv.bin
2012-06-08 19:13 - 2012-06-08 19:13 - 00629478 ____A C:\Users\Stun\Downloads\u12ifw226gp.bin
2012-06-08 19:13 - 2012-06-08 19:13 - 00229797 ____A C:\Users\Stun\Downloads\u12idat286ax.bin
2012-06-08 19:13 - 2012-06-08 19:13 - 00113586 ____A C:\Users\Stun\Downloads\u12ichjw4ai.bin
2012-06-08 19:12 - 2012-06-08 19:11 - 63642053 ____A C:\Users\Stun\Downloads\u12iavi5057no.bin
2012-06-08 18:53 - 2012-06-03 03:31 - 00317520 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2012-06-08 18:53 - 2012-06-03 03:30 - 00035664 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
2012-06-08 18:37 - 2012-06-08 18:37 - 06769863 ____A C:\Users\Stun\Downloads\w12corea2433gm.bin
2012-06-08 17:25 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\config\TxR
2012-06-08 16:25 - 2012-06-08 16:25 - 00000000 ___HD C:\$AVG
2012-06-08 16:22 - 2012-06-08 16:22 - 00000000 ____D C:\Windows\SysWOW64\Drivers\avg
2012-06-03 04:51 - 2012-06-03 04:33 - 00000140 ____A C:\Users\Stun\AppData\Roaming\FontDoctor Prefs
2012-06-03 04:33 - 2012-06-03 04:33 - 00160163 ____A C:\Windows\FontDoctor for Windows Uninstaller.exe.bak
2012-06-03 03:59 - 2012-06-03 03:59 - 00000000 ____D C:\Users\Stun\AppData\Roaming\Thinstall
2012-06-03 03:43 - 2012-06-02 23:20 - 00000041 ____A C:\Users\Все пользователи\fd4_sys.d
2012-06-03 03:43 - 2012-06-02 23:20 - 00000041 ____A C:\Users\All Users\fd4_sys.d
2012-06-03 03:31 - 2012-06-03 03:31 - 00056008 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgrkx64.sys
2012-06-03 03:31 - 2012-06-03 03:31 - 00027216 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\AVGIDSwa.sys
2012-06-03 03:31 - 2012-06-03 03:31 - 00013048 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\avgrssta.dll
2012-06-03 03:29 - 2012-06-03 03:29 - 00029976 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgfwd6a.sys
2012-06-03 03:29 - 2012-06-03 03:29 - 00000000 ____D C:\Program Files (x86)\AVG
2012-06-03 03:24 - 2012-06-03 03:24 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-03 03:13 - 2009-07-13 20:45 - 05021064 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-03 03:03 - 2009-05-07 17:55 - 00000000 ____D C:\Users\Stun\Desktop\_Неотсортированное
2012-06-03 02:48 - 2012-04-04 18:52 - 00000000 ____D C:\Users\Stun\AppData\Roaming\JRT Studio
2012-06-03 01:14 - 2010-08-08 14:50 - 00000000 ____D C:\Users\Stun\Documents\My Financials
2012-06-02 23:20 - 2012-06-02 23:20 - 00000000 ____D C:\Users\Stun\AppData\Roaming\com.FontGear.data
2012-06-02 23:07 - 2012-06-02 20:37 - 00000000 ____D C:\Users\Stun\AppData\Local\Extensis
2012-06-02 20:52 - 2012-06-02 20:37 - 00000000 ____D C:\Users\Все пользователи\Extensis
2012-06-02 20:52 - 2012-06-02 20:37 - 00000000 ____D C:\Users\Stun\AppData\Roaming\Extensis
2012-06-02 20:52 - 2012-06-02 20:37 - 00000000 ____D C:\Users\All Users\Extensis
2012-06-02 20:52 - 2010-01-24 16:08 - 00125648 ____A C:\Users\Stun\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-02 20:35 - 2012-06-02 20:35 - 00000000 ____D C:\Program Files (x86)\Extensis
2012-06-01 23:04 - 2011-05-14 02:25 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-06-01 18:25 - 2011-06-16 14:00 - 00000000 ____D C:\Program Files (x86)\PDF Factory
2012-06-01 14:21 - 2011-04-25 17:54 - 00065536 _____ C:\Windows\System32\Ikeext.etl
2012-06-01 02:30 - 2012-06-01 02:30 - 00000000 ____D C:\Users\Stun\Documents\The KMPlayer
2012-05-28 23:38 - 2011-01-28 22:00 - 00330240 ____A ((?)????) C:\Windows\MASetupCaller.dll
2012-05-26 23:15 - 2011-05-21 19:06 - 00000000 ____D C:\Users\Stun\Desktop\from flash
2012-05-26 15:25 - 2012-05-26 15:25 - 00000000 ____D C:\Users\Stun\Documents\samsung
2012-05-26 15:24 - 2012-05-26 15:24 - 00000000 ____D C:\Users\Stun\Documents\JRT Studio
2012-05-20 18:09 - 2012-06-03 02:20 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-05-20 18:09 - 2012-06-03 02:20 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2012-05-20 04:36 - 2011-01-03 02:36 - 00000000 ____D C:\Users\Stun\Documents\My Goals and Achievements
2012-05-19 22:21 - 2010-09-26 17:53 - 00000000 ____D C:\Users\Stun\Documents\My Letters
2012-05-18 16:18 - 2009-08-31 11:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-18 02:29 - 2009-08-31 17:28 - 00000000 ____D C:\Users\Все пользователи\Microsoft Help
2012-05-18 02:29 - 2009-08-31 17:28 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-10 13:51 - 2010-08-09 12:35 - 00000000 ____D C:\Users\Stun\Documents\My Books
2012-05-10 00:02 - 2010-08-08 14:01 - 00000000 ____D C:\Users\Stun\Documents\My Profession
2012-05-09 14:53 - 2011-07-14 13:33 - 00000000 ___RD C:\Users\Stun\Desktop\FILMS
2012-05-08 18:46 - 2011-09-10 03:12 - 00000000 ____D C:\Users\Stun\Documents\My Investments
2012-05-08 02:53 - 2011-04-16 04:57 - 00000426 ____A C:\Windows\BRWMARK.INI
2012-05-06 00:35 - 2010-10-12 13:08 - 00000000 ____D C:\Users\Stun\Documents\My Car
2012-05-04 05:26 - 2010-02-12 12:59 - 00000000 ____D C:\Users\Stun\Documents\My System Files
2012-05-04 05:21 - 2012-05-04 05:21 - 00000000 ____D C:\Users\Stun\AppData\Roaming\Agile Web Solutions
2012-05-02 14:50 - 2010-08-22 13:10 - 00000000 ____D C:\Users\Все пользователи\Skype
2012-05-02 14:50 - 2010-08-22 13:10 - 00000000 ____D C:\Users\All Users\Skype
2012-05-01 21:09 - 2012-05-01 19:08 - 00032373 ____A C:\Users\Stun\Desktop\Sales analysis.mmap
2012-04-27 16:58 - 2010-08-08 14:05 - 00000000 ____D C:\Users\Stun\Documents\My Identity
2012-04-26 02:03 - 2010-01-24 17:14 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-18 04:37 - 2012-04-18 04:36 - 00000000 ____D C:\Windows\System32\explorer
2012-04-18 04:36 - 2012-04-18 04:36 - 00000000 ____D C:\Anoirsoft
2012-04-18 04:35 - 2012-04-18 04:35 - 00000000 ____D C:\Program Files (x86)\Anoirsoft
2012-04-14 00:17 - 2009-07-13 18:34 - 00001028 ____A C:\Windows\win.ini
2012-04-13 23:08 - 2012-04-13 23:08 - 00000989 ____A C:\Users\Public\Desktop\XviD4PSP 5.lnk
2012-04-13 23:08 - 2012-04-13 23:08 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2012-04-13 23:07 - 2011-02-19 03:43 - 00000000 ____D C:\Program Files (x86)\XviD4PSP 5
2012-04-10 03:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-04-09 04:42 - 2009-08-31 11:26 - 00000000 ____D C:\Program Files (x86)\NewTech Infosystems
2012-04-09 04:42 - 2009-08-31 11:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-04-09 02:49 - 2012-04-09 02:49 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-04-04 18:52 - 2012-04-04 18:52 - 00000000 ____D C:\Program Files (x86)\JRT Studio
2012-04-04 04:11 - 2010-12-29 04:29 - 00002631 ____A C:\Windows\FontExpert.INI
2012-04-03 21:56 - 2012-06-08 19:50 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-31 03:09 - 2010-02-27 09:05 - 00000000 ____D C:\Program Files (x86)\Sony
2012-03-30 22:05 - 2012-05-11 02:02 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-11 02:02 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-11 02:02 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-11 02:02 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-11 02:01 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-30 02:29 - 2010-08-07 17:51 - 00000375 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-03-30 00:14 - 2012-03-30 00:11 - 00000000 ____D C:\Program Files (x86)\GUM5737.tmp
2012-03-24 01:40 - 2012-03-24 01:38 - 00000000 ____D C:\Program Files (x86)\GUM701B.tmp
2012-03-18 03:28 - 2010-12-29 01:06 - 00000000 ____D C:\Users\Stun\AppData\Roaming\FileZilla
2012-03-16 23:58 - 2012-05-11 02:01 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys

ZeroAccess:
C:\Windows\Installer\{cad216fd-fba4-a113-3083-1516dfe18b59}
C:\Windows\Installer\{cad216fd-fba4-a113-3083-1516dfe18b59}\@
C:\Windows\Installer\{cad216fd-fba4-a113-3083-1516dfe18b59}\L
C:\Windows\Installer\{cad216fd-fba4-a113-3083-1516dfe18b59}\U
C:\Windows\Installer\{cad216fd-fba4-a113-3083-1516dfe18b59}\L\00000004.@
C:\Windows\Installer\{cad216fd-fba4-a113-3083-1516dfe18b59}\L\1afb2d56
C:\Windows\Installer\{cad216fd-fba4-a113-3083-1516dfe18b59}\L\201d3dde
C:\Windows\Installer\{cad216fd-fba4-a113-3083-1516dfe18b59}\U\00000004.@
C:\Windows\Installer\{cad216fd-fba4-a113-3083-1516dfe18b59}\U\000000cb.@
C:\Windows\Installer\{cad216fd-fba4-a113-3083-1516dfe18b59}\U\80000000.@
C:\Windows\Installer\{cad216fd-fba4-a113-3083-1516dfe18b59}\U\80000032.@
C:\Windows\Installer\{cad216fd-fba4-a113-3083-1516dfe18b59}\U\80000064.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 4027.79 MB
Available physical RAM: 3276.71 MB
Total Pagefile: 4025.94 MB
Available Pagefile: 3267.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (Stun) (Fixed) (Total:286.27 GB) (Free:11.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (PQSERVICE) (Fixed) (Total:11.72 GB) (Free:2.22 GB) NTFS
4 Drive g: (UNTITLED) (Removable) (Total:7.52 GB) (Free:7.51 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]

(‘) Љ®аЇ®а жЁп Њ ©Єа®б®дв, 1999-2008.
Ќ  Є®¬ЇмовҐаҐ: MININT-AFMQE1R

„ЁбЄ ### ‘®бв®п­ЁҐ ђ §¬Ґа ‘ў®Ў®¤­® „Ё­ GPT
-------- ------------- ------- ------- --- ---
„ЁбЄ 0 ‚ бҐвЁ 298 GЎ ©в 0 Ў ©в
„ЁбЄ 1 ‚ бҐвЁ 7712 MЎ ©в 0 Ў ©в

‡ ўҐа襭ЁҐ а Ў®вл DiskPart...


==========================================================

Last Boot: 2012-05-29 03:05

======================= End Of Log ==========================

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 PM

Posted 10 June 2012 - 08:12 AM

Thanks for the information. Please do this next:

Posted Image Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

C:\Windows\Installer\{cad216fd-fba4-a113-3083-1516dfe18b59}
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options again.
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
Posted Image Delete your existing copy of Combofix and get another from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registery key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • The contents of the FixLog.txt file from your flash drive
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 kudinov

kudinov
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 10 June 2012 - 10:42 PM

Hello!

Feels really good after your instructions. What should I do next?

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-06-2012 01
Ran by система at 2012-06-11 09:43:08 Run:1
Running from G:\

ATTENTION: THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

==============================================

C:\Windows\Installer\{cad216fd-fba4-a113-3083-1516dfe18b59} moved successfully.

==== End of Fixlog ====



ComboFix 12-06-10.01 - Stun 11/06/2012 12:47:23.1.2 - x64
Microsoft Windows 7 Домашняя расширенная 6.1.7601.1.1251.7.1049.18.4028.2111 [GMT 10:00]
Running from: c:\users\Stun\Desktop\ComboFix.exe
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\anoirsoft\Key Downloads
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\users\Stun\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\windows\PFRO.log
c:\windows\SysWow64\checkactivate.dll
c:\windows\SysWow64\checkcommon.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-11 to 2012-06-11 )))))))))))))))))))))))))))))))
.
.
2012-06-10 20:54 . 2012-06-10 23:18 -------- d-----w- C:\FRST
2012-06-10 01:02 . 2012-06-10 01:02 -------- d-----w- c:\program files (x86)\ESET
2012-06-09 12:10 . 2012-06-09 12:10 116016 ----a-w- c:\windows\system32\drivers\73286590.sys
2012-06-09 04:27 . 2012-06-09 05:14 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-09 04:27 . 2012-06-09 04:29 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-09 03:50 . 2012-06-09 03:50 -------- d-----w- c:\users\Stun\AppData\Roaming\Malwarebytes
2012-06-09 03:50 . 2012-06-09 21:49 -------- d-----w- c:\programdata\Malwarebytes
2012-06-09 03:50 . 2012-04-04 05:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-09 03:50 . 2012-06-09 03:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-09 00:25 . 2012-06-09 00:25 -------- d-----w- C:\$AVG
2012-06-09 00:22 . 2012-06-09 00:22 -------- d-----w- c:\windows\SysWow64\drivers\avg
2012-06-09 00:14 . 2012-06-09 03:00 -------- d--h--w- c:\programdata\Common Files
2012-06-03 11:59 . 2012-06-03 11:59 -------- d-----w- c:\users\Stun\AppData\Roaming\Thinstall
2012-06-03 11:31 . 2012-06-09 02:53 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-06-03 11:31 . 2012-06-03 11:31 56008 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2012-06-03 11:31 . 2012-06-03 11:31 27216 ----a-w- c:\windows\system32\drivers\AVGIDSwa.sys
2012-06-03 11:31 . 2012-06-03 11:31 13048 ----a-w- c:\windows\system32\avgrssta.dll
2012-06-03 11:30 . 2012-06-09 06:46 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-06-03 11:30 . 2012-06-10 23:34 -------- d-----w- c:\windows\system32\drivers\Avg
2012-06-03 11:30 . 2012-06-09 02:53 35664 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-06-03 11:29 . 2012-06-03 11:29 29976 ----a-w- c:\windows\system32\drivers\avgfwd6a.sys
2012-06-03 11:29 . 2012-06-03 11:29 -------- d-----w- c:\program files (x86)\AVG
2012-06-03 11:29 . 2012-06-10 00:13 -------- d-----w- c:\programdata\avg9
2012-06-03 11:24 . 2012-06-03 11:24 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-03 10:20 . 2012-05-21 02:09 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-06-03 10:20 . 2012-05-21 02:09 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-06-03 07:20 . 2012-06-03 07:20 -------- d-----w- c:\users\Stun\AppData\Roaming\com.FontGear.data
2012-06-03 07:20 . 2012-06-10 03:57 -------- d-----w- c:\program files (x86)\FontDoctor for Windows
2012-06-03 04:37 . 2012-06-09 19:17 -------- d-----w- C:\Plug-ins
2012-06-03 04:37 . 2012-06-03 04:52 -------- d-----w- c:\users\Stun\AppData\Roaming\Extensis
2012-06-03 04:37 . 2012-06-03 04:52 -------- d-----w- c:\programdata\Extensis
2012-06-03 04:37 . 2012-06-03 07:07 -------- d-----w- c:\users\Stun\AppData\Local\Extensis
2012-06-03 04:35 . 2012-06-03 04:35 -------- d-----w- c:\program files (x86)\Extensis
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-29 07:38 . 2011-01-29 06:00 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-03-31 06:05 . 2012-05-11 10:02 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-11 10:02 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-11 10:02 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-11 10:02 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-11 10:01 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-18 00:43 . 2011-10-27 10:12 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-03-17 07:58 . 2012-05-11 10:01 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Stun\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Stun\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Stun\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Stun\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Winsplit"="c:\program files (x86)\WinSplit Revolution\WinSplit.exe" [2011-04-12 3951616]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-05-30 3521464]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-30 21432]
"gSyncit"="c:\program files (x86)\Fieldston Software\gSyncit\gsyncit.exe" [2011-11-26 165088]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-02 17355912]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Tutor.exe"="c:\program files (x86)\ABBYY Lingvo 12\Tutor.exe" [2006-12-13 987136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-27 1194504]
"Lingvo Launcher"="c:\program files (x86)\ABBYY Lingvo 12\Lvagent.exe" [2006-12-13 258048]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MMReminderService"="c:\program files (x86)\Mindjet\MindManager 10\MMReminderService.exe" [2011-09-14 37728]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Agile1pAgent"="c:\program files (x86)\1Password\Agile1pAgent.exe" [2012-03-31 2204424]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2012-06-09 2077536]
.
c:\users\Stun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Stun\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
iSyncr.lnk - c:\windows\Installer\{90B02E49-CFDD-405C-A508-122BB98D2471}\_6AB9B392AAC9001DFFC0EB.exe [2012-4-5 66339]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-8-23 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-16 136176]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-02 158856]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-16 136176]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Служба технологий активации Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSErHrw7a;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSwa.sys [x]
S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\system32\Drivers\avgldx64.sys [x]
S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\system32\Drivers\avgmfx64.sys [x]
S1 AvgTdiA;AVG Network Redirector x64;c:\windows\system32\Drivers\avgtdia.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Agile1Password;1Password;c:\program files (x86)\1Password\Agile1pService.exe [2012-03-31 768776]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2012-06-09 308136]
S2 avgfws9;AVG Firewall;c:\program files (x86)\AVG\AVG9\avgfws9.exe [2012-06-09 2331544]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2009-08-24 107016]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-10-02 786976]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-07 311592]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2009-09-04 158240]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-09 253952]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriverw7a;AVG9IDSDriver;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [2012-06-03 132688]
S3 AVGIDSFilterw7a;AVG9IDSFilter;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [2012-06-03 35920]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 NETw5s64;A?aeaa? aaaioa?a Intel® Wireless WiFi Link na?ee 5000 aey Windows 7 64 Bit ;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\1810tray.53\WinRing0x64.sys [2008-07-26 14544]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WINRING0_1_2_0
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB}]
2011-09-14 02:52 1409 ----a-r- c:\program files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-25 11:08]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-25 11:08]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3003021182-1607425790-1800358092-1000Core.job
- c:\users\Stun\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-22 20:29]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3003021182-1607425790-1800358092-1000UA.job
- c:\users\Stun\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-22 20:29]
.
2012-06-10 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Stun\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Stun\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Stun\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Stun\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-10-02 496160]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2009-09-04 221728]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"pdfFactory Pro Dispatcher v3"="c:\windows\system32\spool\DRIVERS\x64\3\fppdis3a.exe" [2009-06-12 745984]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-02 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-02 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-02 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_4810t&r=273601100806l0398z185t4861b150
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_4810t&r=273601100806l0398z185t4861b150
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE:
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google ВикиКомментарии... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send Image To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201
IE: Send Link To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203
IE: Send Page To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204
IE: Send Text To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202
TCP: DhcpNameServer = 192.168.1.254
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-KiesHelper - c:\program files (x86)\Samsung\Kies\KiesHelper.exe
Notify-igfxcui - (no file)
Notify-LBTWlgn - (no file)
SafeBoot-64957569.sys
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-WinSplit Revolution - c:\program files (x86)\WinSplit Revolution\Uninstall.exe
AddRemove-XviD4PSP60 - c:\program files (x86)\Winnydows\XviD4PSP60\Uninstall.exe
AddRemove-Kies Air Discovery Service - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallTS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_ts=\"0\" />"
"Device"="yM29zbvPzMnLvrm+x8fPzce+zro="
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
c:\program files (x86)\2BrightSparks\SyncBackPro\SyncBackPro.exe
c:\program files (x86)\JRT Studio\iSyncr\iSyncr.exe
c:\program files (x86)\WinSplit Revolution\WinSplitDrvr32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AVG\AVG9\avgtray.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
c:\program files (x86)\AVG\AVG9\avgam.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
.
**************************************************************************
.
Completion time: 2012-06-11 13:21:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-11 03:21
.
Pre-Run: 12,807,806,976 байт свободно
Post-Run: 12,920,369,152 байт свободно
.
- - End Of File - - 7B540B649659CC2AAB13B4074AEDD5EA

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 PM

Posted 11 June 2012 - 07:34 AM

Please do this next:

Posted Image Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

DirLook::
c:\windows\SysWow64\%APPDATA%
Suspect::[131]
c:\windows\system32\drivers\73286590.sys
Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:\_OTL\MovedFiles or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
Please include the following in your next post:
  • ComboFix log
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 kudinov

kudinov
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 12 June 2012 - 08:43 AM

Hi RPMcMurphy,

Just writing to thank again you for the further guidance.

I will implement them and post back the logs within two days. Working commitments give too little time at home.

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 PM

Posted 12 June 2012 - 12:35 PM

Thanks for letting me know. I'll leave the thread open for you!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 kudinov

kudinov
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 13 June 2012 - 03:58 PM

Dear RPMcMurphy,

FYI, ComboFix asked me to upload smth to bleepingcomputer and I proceeded with it additionally to the posting of logs:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Версия базы данных: v2012.06.13.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Stun :: STUN-PC [администратор]

13/06/2012 11:37:49 PM
mbam-log-2012-06-13 (23-37-49).txt

Тип сканирования: Полное сканирование
Опции сканирования включены: Память | Запуск | Реестр | Файловая система | Эвристика/Дополнительно | Эвристика/Шурикен | PUP | PUM
Опции сканирования отключены: P2P
Просканированные объекты: 601835
Времени прошло: 2 часов , 4 минут , 40 секунд

Обнаруженные процессы в памяти: 0
(Вредоносных программ не обнаружено)

Обнаруженные модули в памяти: 0
(Вредоносных программ не обнаружено)

Обнаруженные ключи в реестре: 0
(Вредоносных программ не обнаружено)

Обнаруженные параметры в реестре: 0
(Вредоносных программ не обнаружено)

Объекты реестра обнаружены: 0
(Вредоносных программ не обнаружено)

Обнаруженные папки: 0
(Вредоносных программ не обнаружено)

Обнаруженные файлы: 1
C:\FRST\Quarantine\{cad216fd-fba4-a113-3083-1516dfe18b59}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Помещено в карантин и успешно удалено.
(quaranteen and deleted)

(конец)

ComboFix 12-06-13.01 - Stun 13/06/2012 23:10:06.2.2 - x64
Microsoft Windows 7 Домашняя расширенная 6.1.7601.1.1251.7.1049.18.4028.1519 [GMT 10:00]
Running from: c:\users\Stun\Desktop\ComboFix.exe
Command switches used :: c:\users\Stun\Desktop\CFScript.txt
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
.
((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 )))))))))))))))))))))))))))))))
.
.
2012-06-13 13:23 . 2012-06-13 13:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-11 04:09 . 2012-06-11 04:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-06-11 04:09 . 2012-06-11 04:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-06-11 04:09 . 2012-06-11 04:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-06-11 04:09 . 2012-06-11 04:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-06-11 04:09 . 2012-06-11 04:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-06-11 04:09 . 2012-06-11 04:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-06-11 04:09 . 2012-06-11 04:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-06-11 04:09 . 2012-06-11 04:09 -------- d-----w- c:\program files (x86)\QuickTime
2012-06-11 04:06 . 2012-06-11 04:06 -------- d-----w- c:\program files\iPod
2012-06-11 04:03 . 2012-06-11 04:03 -------- d-----w- c:\program files\Bonjour
2012-06-10 20:54 . 2012-06-10 23:18 -------- d-----w- C:\FRST
2012-06-10 01:02 . 2012-06-10 01:02 -------- d-----w- c:\program files (x86)\ESET
2012-06-09 12:10 . 2012-06-09 12:10 116016 ----a-w- c:\windows\system32\drivers\73286590.sys
2012-06-09 04:27 . 2012-06-11 10:38 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-09 04:27 . 2012-06-11 10:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-09 03:50 . 2012-06-09 03:50 -------- d-----w- c:\users\Stun\AppData\Roaming\Malwarebytes
2012-06-09 03:50 . 2012-06-09 21:49 -------- d-----w- c:\programdata\Malwarebytes
2012-06-09 03:50 . 2012-04-04 05:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-09 03:50 . 2012-06-09 03:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-09 00:25 . 2012-06-09 00:25 -------- d-----w- C:\$AVG
2012-06-09 00:22 . 2012-06-09 00:22 -------- d-----w- c:\windows\SysWow64\drivers\avg
2012-06-09 00:14 . 2012-06-09 03:00 -------- d--h--w- c:\programdata\Common Files
2012-06-03 11:59 . 2012-06-03 11:59 -------- d-----w- c:\users\Stun\AppData\Roaming\Thinstall
2012-06-03 11:31 . 2012-06-09 02:53 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-06-03 11:31 . 2012-06-03 11:31 56008 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2012-06-03 11:31 . 2012-06-03 11:31 27216 ----a-w- c:\windows\system32\drivers\AVGIDSwa.sys
2012-06-03 11:31 . 2012-06-03 11:31 13048 ----a-w- c:\windows\system32\avgrssta.dll
2012-06-03 11:30 . 2012-06-09 06:46 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-06-03 11:30 . 2012-06-13 12:40 -------- d-----w- c:\windows\system32\drivers\Avg
2012-06-03 11:30 . 2012-06-09 02:53 35664 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-06-03 11:29 . 2012-06-03 11:29 29976 ----a-w- c:\windows\system32\drivers\avgfwd6a.sys
2012-06-03 11:29 . 2012-06-03 11:29 -------- d-----w- c:\program files (x86)\AVG
2012-06-03 11:29 . 2012-06-10 00:13 -------- d-----w- c:\programdata\avg9
2012-06-03 11:24 . 2012-06-03 11:24 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-03 10:20 . 2012-05-21 02:09 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-06-03 10:20 . 2012-05-21 02:09 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-06-03 07:20 . 2012-06-03 07:20 -------- d-----w- c:\users\Stun\AppData\Roaming\com.FontGear.data
2012-06-03 07:20 . 2012-06-10 03:57 -------- d-----w- c:\program files (x86)\FontDoctor for Windows
2012-06-03 04:37 . 2012-06-09 19:17 -------- d-----w- C:\Plug-ins
2012-06-03 04:37 . 2012-06-03 04:52 -------- d-----w- c:\users\Stun\AppData\Roaming\Extensis
2012-06-03 04:37 . 2012-06-03 04:52 -------- d-----w- c:\programdata\Extensis
2012-06-03 04:37 . 2012-06-03 07:07 -------- d-----w- c:\users\Stun\AppData\Local\Extensis
2012-06-03 04:35 . 2012-06-03 04:35 -------- d-----w- c:\program files (x86)\Extensis
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-29 07:38 . 2011-01-29 06:00 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-04-18 10:56 . 2012-04-18 10:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 10:56 . 2012-04-18 10:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-03-31 06:05 . 2012-05-11 10:02 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-11 10:02 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-11 10:02 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-11 10:02 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-11 10:01 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-18 00:43 . 2011-10-27 10:12 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-03-17 07:58 . 2012-05-11 10:01 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\SysWow64\%APPDATA% ----
.
2012-06-03 11:24 . 2012-06-10 23:31 262144 --sha-w- c:\windows\SysWow64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Stun\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Stun\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Stun\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Stun\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Winsplit"="c:\program files (x86)\WinSplit Revolution\WinSplit.exe" [2011-04-12 3951616]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-05-30 3521464]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-30 21432]
"gSyncit"="c:\program files (x86)\Fieldston Software\gSyncit\gsyncit.exe" [2011-11-26 165088]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-02 17355912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-27 1194504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MMReminderService"="c:\program files (x86)\Mindjet\MindManager 10\MMReminderService.exe" [2011-09-14 37728]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Agile1pAgent"="c:\program files (x86)\1Password\Agile1pAgent.exe" [2012-03-31 2204424]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2012-06-09 2077536]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\users\Stun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Stun\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
iSyncr.lnk - c:\windows\Installer\{90B02E49-CFDD-405C-A508-122BB98D2471}\_6AB9B392AAC9001DFFC0EB.exe [2012-4-5 66339]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-8-23 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-16 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-02 158856]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-16 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Служба технологий активации Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSErHrw7a;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSwa.sys [x]
S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\system32\Drivers\avgldx64.sys [x]
S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\system32\Drivers\avgmfx64.sys [x]
S1 AvgTdiA;AVG Network Redirector x64;c:\windows\system32\Drivers\avgtdia.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Agile1Password;1Password;c:\program files (x86)\1Password\Agile1pService.exe [2012-03-31 768776]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2012-06-09 308136]
S2 avgfws9;AVG Firewall;c:\program files (x86)\AVG\AVG9\avgfws9.exe [2012-06-09 2331544]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2009-08-24 107016]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-10-02 786976]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-07 311592]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2009-09-04 158240]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-09 253952]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriverw7a;AVG9IDSDriver;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [2012-06-03 132688]
S3 AVGIDSFilterw7a;AVG9IDSFilter;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [2012-06-03 35920]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 NETw5s64;A?aeaa? aaaioa?a Intel® Wireless WiFi Link na?ee 5000 aey Windows 7 64 Bit ;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WINRING0_1_2_0
*Deregistered* - aswMBR
*Deregistered* - WinRing0_1_2_0
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB}]
2011-09-14 02:52 1409 ----a-r- c:\program files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-25 11:08]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-25 11:08]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3003021182-1607425790-1800358092-1000Core.job
- c:\users\Stun\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-22 20:29]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3003021182-1607425790-1800358092-1000UA.job
- c:\users\Stun\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-22 20:29]
.
2012-06-13 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Stun\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Stun\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Stun\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Stun\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-10-02 496160]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2009-09-04 221728]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"pdfFactory Pro Dispatcher v3"="c:\windows\system32\spool\DRIVERS\x64\3\fppdis3a.exe" [2009-06-12 745984]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-02 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-02 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-02 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_4810t&r=273601100806l0398z185t4861b150
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_4810t&r=273601100806l0398z185t4861b150
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE:
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google ВикиКомментарии... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send Image To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201
IE: Send Link To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203
IE: Send Page To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204
IE: Send Text To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Tutor.exe - c:\program files (x86)\ABBYY Lingvo 12\Tutor.exe
Notify-igfxcui - (no file)
Notify-LBTWlgn - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-WinSplit Revolution - c:\program files (x86)\WinSplit Revolution\Uninstall.exe
AddRemove-XviD4PSP60 - c:\program files (x86)\Winnydows\XviD4PSP60\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallTS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_ts=\"0\" />"
"Device"="yM29zbvPzMnLvrm+x8fPzce+zro="
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-13 23:30:37
ComboFix-quarantined-files.txt 2012-06-13 13:30
.
Pre-Run: 16,618,573,824 байт свободно
Post-Run: 16,543,596,544 байт свободно
.
- - End Of File - - 9A9F8A578DC042DB0CC901689D402207

#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 PM

Posted 13 June 2012 - 10:21 PM

I'm fairly certain that your PC is clean, but I'd like to see one more scan, please. Please do this next:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java SE 6 Update 33
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u31-windows-i586.exe to install the newest version.
Posted Image Go to thisLINK to run an online scannner from ESET.
  • Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If you are using Internet Explorer, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • How is your computer running now?
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 kudinov

kudinov
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 16 June 2012 - 01:51 AM

Hi RPMcMurphy,

1. The computer is doing well and send you its best regards!

2. It took it 17 hours to run the whole test and then I used the option to export the into the text file, as below:
C:\FRST\Quarantine\{cad216fd-fba4-a113-3083-1516dfe18b59}\U\80000000.@ Win64/Sirefef.AE trojan
C:\FRST\Quarantine\{cad216fd-fba4-a113-3083-1516dfe18b59}\U\80000032.@ probably a variant of Win32/Sirefef.EU trojan
C:\FRST\Quarantine\{cad216fd-fba4-a113-3083-1516dfe18b59}\U\80000064.@ Win64/Sirefef.AE trojan
After this it seams ESET gets automatically uninstalled and I could not see any traces in the location you advised me.

Is there is something else you recommend me to do before this topic is closed and I could send you a small token of appreciation for all your assistance?

#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 PM

Posted 16 June 2012 - 09:39 AM

Hi kudinov,

Those ESET detections are already in quarantine, so all I have left for you is another update and some very important cleanup:

Posted Image Your Adobe reader needs to be updated. Please visit Adobe's site and grab the newest version. Be sure to watch for and uncheck any boxes offering to install other software.

Posted Image Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall
Posted Image

Posted Image Delete the following tools along with any other logs you saved from our work:
  • DDS
  • GMER
  • FRST (you can also manually delete the c:\FRST folder)
Posted Image Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Please read this post for some helpful information.
Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 kudinov

kudinov
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 17 June 2012 - 05:28 AM

Hi RPMcMurphy,

All good now - read and followed all your instructions.

Thank you very much for your professionalism and patience in helping me overcome this trouble and get my learnings from this experience.

You probably should have already received a small token of my gratitude for your services. All the best in your life!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users