Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Sirefef.EZ / AB / P


  • This topic is locked This topic is locked
52 replies to this topic

#1 lambo75

lambo75

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 11 June 2012 - 01:21 AM

Hi,

And thanks in advance for your help, I will be patient during the process.

Ok, so I have been infected by Sirefef and prior to coming here have tried a few things to get rid of it, breaking some of your rules in the process, I hope you can still help me.

I got it by being duped into beliving my flash player was out of date - stupid I know, but there we go.

I have deleted the installer folder prior to coming here, and also ran combo fix twice, once in safe mode, and once in full mode. Sorry - this was advice from elsewhere and in a moment of panic, I just did it. Hope it's not screwed things - I do have the log from the second run through though should it be required.

I use windows vista ultimate 64 bit. Generally browse with Opera, although I have chrome & firefox.

I have disabled emulation software and followed the other steps prior to posting here.

ESET Smar Security 5 and MS Security essentials are popping up upon start up with the threats.

Here is the DDS Log.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Karl at 6:56:52 on 2012-06-11
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.4094.1814 [GMT 1:00]
.
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\ASTSRV.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe
C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://igoogle.co.uk/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Farkie Freecorder Toolbar: {8dec7eb8-ed3b-4d9d-a020-edbf535d23b3} - C:\Program Files (x86)\Farkie_Freecorder\prxtbFark.dll
mURLSearchHooks: Farkie Freecorder Toolbar: {8dec7eb8-ed3b-4d9d-a020-edbf535d23b3} - C:\Program Files (x86)\Farkie_Freecorder\prxtbFark.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Farkie Freecorder Toolbar: {8dec7eb8-ed3b-4d9d-a020-edbf535d23b3} - C:\Program Files (x86)\Farkie_Freecorder\prxtbFark.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Farkie Freecorder Toolbar: {8dec7eb8-ed3b-4d9d-a020-edbf535d23b3} - C:\Program Files (x86)\Farkie_Freecorder\prxtbFark.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Play Wireless USB Adapter Utility.lnk - C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe
uPolicies-explorer: TaskbarNoThumbnail = 0 (0x0)
uPolicies-explorer: HideSCABattery = 0 (0x0)
uPolicies-explorer: HideSCANetwork = 0 (0x0)
uPolicies-explorer: HideSCAVolume = 0 (0x0)
uPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
mPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: DisableStartupSound = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: &Add animation to IncrediMail Style Box - C:\Program Files (x86)\IncrediMail\bin\resources\WebMenuImg.htm
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} - hxxp://www.nero.com/doc/NeroVersionCheckerControl.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader4.cab?20081222083646
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{1DF71872-00B2-4DDD-AFB2-5C875FF5A830} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{3E926AF6-EF0B-48E2-9C21-E25858E9E789} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{52D3A328-6848-4EE2-9199-792BAA38E1A9} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{5B8C2DB9-2269-4CC6-93A8-DC231186EFCC} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{EED0CFCE-7541-4103-B92C-7DA103475DB7} : DhcpNameServer = 192.168.0.15 192.168.0.15
TCP: Interfaces\{F7A4EAA5-B9BB-427E-91F4-9BD470286EE0} : DhcpNameServer = 192.168.0.15 192.168.0.15
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\ezUPBHook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {61E3FE32-07B9-4563-A3E0-2DE2D620FE10} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Farkie Freecorder Toolbar: {8dec7eb8-ed3b-4d9d-a020-edbf535d23b3} - C:\Program Files (x86)\Farkie_Freecorder\prxtbFark.dll
BHO-X64: Farkie Freecorder - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Farkie Freecorder Toolbar: {8dec7eb8-ed3b-4d9d-a020-edbf535d23b3} - C:\Program Files (x86)\Farkie_Freecorder\prxtbFark.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE-X64: {37236812-C1A2-4529-A9CE-CFE04E3DF08A}
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\ezUPBHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\ha4yi3y3.default\
FF - prefs.js: browser.startup.homepage - hxxp://igoogle.co.uk|http://www.thisisswindontownfc.co.uk
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys --> C:\Windows\system32\DRIVERS\ehdrv.sys [?]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\system32\DRIVERS\jswpslwfx.sys --> C:\Windows\system32\DRIVERS\jswpslwfx.sys [?]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys --> C:\Windows\system32\DRIVERS\rtlprot.sys [?]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-2-5 514232]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-4-7 21504]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-25 1262400]
R2 PfFilter;PfFilter;C:\Program Files (x86)\IObit\Password Folder\pffilter.sys [2010-11-24 62024]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-2-15 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe [2012-6-2 167936]
R2 WlanWpsSvc;WlanWpsSvc;C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe [2012-6-2 167936]
R3 BCMH43XX;N+ Wireless USB Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
R3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys --> C:\Windows\system32\drivers\dadder.sys [?]
S1 cvfygvmr;cvfygvmr;\??\C:\Windows\system32\drivers\cvfygvmr.sys --> C:\Windows\system32\drivers\cvfygvmr.sys [?]
S1 gklnxgwm;gklnxgwm;\??\C:\Windows\system32\drivers\gklnxgwm.sys --> C:\Windows\system32\drivers\gklnxgwm.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24 136176]
S2 WLANBelkinService;Belkin WLAN service;C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe [2009-12-28 36864]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 257224]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 DfSdkS;Defragmentation-Service;C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [2010-7-24 544768]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-5-8 1038088]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24 136176]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2007-12-23 30528]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\NETGEAR\WNDA3200\jswpsapi.exe [2012-6-2 954368]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.271\McCHSvc.exe [2012-3-13 237272]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys --> C:\Windows\system32\drivers\ccdcmbox64.sys [?]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys --> C:\Windows\system32\drivers\ccdcmbx64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2009-4-7 19968]
S3 physX64;physX64;C:\Windows\system32\DRIVERS\physX64.sys --> C:\Windows\system32\DRIVERS\physX64.sys [?]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-18 89920]
SUnknown erxxtxht;erxxtxht; [x]
SUnknown vsmdarmy;vsmdarmy; [x]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-06-11 05:53:57 50000 ----a-w- C:\Windows\System32\drivers\cvfygvmr.sys
2012-06-11 05:52:54 50000 ----a-w- C:\Windows\System32\drivers\gklnxgwm.sys
2012-06-11 05:52:05 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C21F1369-E840-41D8-9530-135067E981D5}\offreg.dll
2012-06-11 00:33:27 -------- d-----w- C:\$RECYCLE.BIN
2012-06-10 23:10:54 98816 ----a-w- C:\Windows\sed.exe
2012-06-10 23:10:54 518144 ----a-w- C:\Windows\SWREG.exe
2012-06-10 23:10:54 256000 ----a-w- C:\Windows\PEV.exe
2012-06-10 23:10:54 208896 ----a-w- C:\Windows\MBR.exe
2012-06-10 22:34:24 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9B672C1E-22C7-48B3-98E2-440C557A8091}\gapaengine.dll
2012-06-10 22:33:56 8955792 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C21F1369-E840-41D8-9530-135067E981D5}\mpengine.dll
2012-06-10 22:23:57 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-06-10 22:23:36 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-06-10 22:23:11 345984 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-06-10 21:33:21 -------- d-----w- C:\ProgramData\McAfee Security Scan
2012-06-10 21:33:01 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2012-06-10 21:30:30 -------- d-----w- C:\Users\Karl\AppData\Roaming\QuickScan
2012-06-09 06:03:09 8955792 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B59CF43F-9881-4F0A-8BCE-5A15ABC8C550}\mpengine.dll
2012-06-06 18:11:10 -------- d-----w- C:\Users\Karl\AppData\Roaming\EAC
2012-06-02 14:43:34 26624 ----a-w- C:\Windows\System32\drivers\jswpslwfx.sys
2012-06-02 14:43:34 1724416 ----a-w- C:\Windows\System32\drivers\athurx.sys
2012-06-02 14:43:34 -------- d-----w- C:\Program Files (x86)\NETGEAR
2012-06-02 11:18:12 610816 ----a-w- C:\Windows\System32\drivers\RTL8192su.sys
2012-06-02 11:18:11 31016 ----a-w- C:\Windows\System32\drivers\RtlProt.sys
2012-06-02 11:18:11 -------- d-----w- C:\Windows\pcidevice
2012-06-02 11:18:07 -------- d-----w- C:\Program Files (x86)\D-Link
2012-05-29 21:45:23 7238699 ----a-w- C:\Windows\System32\Redemption64.dll
2012-05-29 21:45:20 -------- d-----w- C:\Program Files\VirginMedia
2012-05-25 22:20:49 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-25 22:20:49 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-25 22:20:49 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-25 22:20:49 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-25 22:20:49 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-25 22:20:39 68928 ----a-w- C:\Windows\System32\OpenCL.dll
2012-05-25 22:20:39 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-05-25 22:20:30 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-05-16 20:25:35 -------- d-----w- C:\Program Files\iPod
2012-05-16 20:25:34 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-05-16 20:25:34 -------- d-----w- C:\Program Files\iTunes
2012-05-16 20:25:34 -------- d-----w- C:\Program Files (x86)\iTunes
2012-05-16 20:23:27 -------- d-----w- C:\Program Files\Bonjour
2012-05-16 20:23:27 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-05-15 01:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
==================== Find3M ====================
.
2012-06-10 17:54:57 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-10 17:54:57 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-04 14:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-04 05:54:02 94608 ----a-w- C:\Windows\SysWow64\atl71.dll
2012-04-04 05:53:58 505232 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-04-04 05:53:58 353680 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-04-04 05:53:56 1053072 ----a-w- C:\Windows\SysWow64\mfc71u.dll
2012-04-03 08:22:15 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-02 13:59:51 2766848 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 12:45:03 1422720 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-29 14:22:51 40448 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-03-20 23:34:30 72576 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-20 19:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-20 19:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2008-02-14 13:23:12 231944 ----a-w- C:\Program Files (x86)\gwflash.exe
2007-09-21 18:42:42 19008 ----a-w- C:\Program Files (x86)\markfun.a64
2007-08-21 18:49:36 125504 ----a-w- C:\Program Files (x86)\MarkFunDrv.dll
2007-08-21 18:49:28 17912 ----a-w- C:\Program Files (x86)\markfun.w32
2007-04-04 17:35:36 207680 ----a-w- C:\Program Files (x86)\updateutility.exe
2007-03-02 03:48:50 240448 ----a-w- C:\Program Files (x86)\gwf32.exe
2006-11-23 22:47:50 207680 ----a-w- C:\Program Files (x86)\BIOS_Run.exe
2006-11-23 22:40:30 60224 ----a-w- C:\Program Files (x86)\HUADRV.DLL
2005-04-27 18:40:26 6800 ----a-w- C:\Program Files (x86)\W95_HUA.vxd
.
============= FINISH: 7:00:59.96 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:23 PM

Posted 12 June 2012 - 07:16 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 lambo75

lambo75
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 12 June 2012 - 04:12 PM

Hi Gringo,

Firstly, thank you for taking the time to help me.
This is my home PC so if I appear to be taking my time to post back to you then it's generally because I'm at work.

Log is below, currently MES on startup reports it's cleaned the pc, then reports 2 variants of the trojan - currently I do not click anything. ESET Smart Security 5 also pops up with an alert, which I ignore.

Had a nightmare trying to get the frst64 to run......mainly because I forgot that I installed vista on a raid partition and for whatever reason the drivers are not loaded with the recovery options. once i figured that out i was successful.

here is my log, I look forward to the next instalment of fixes :) thanks again.

Scan result of Farbar Recovery Scan Tool Version: 12-06-2012
Ran by SYSTEM at 12-06-2012 21:52:30
Running from H:\
Windows Vista ™ Ultimate Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet003

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IAAnotif] "C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10806816 2010-04-30] (Realtek Semiconductor)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Karl\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-19] (Microsoft Corporation)
HKU\Karl\...\Policies\system: [DisableLockWorkstation] 0
HKU\Karl\...\Policies\system: [DisableChangePassword] 0
HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Play Wireless USB Adapter Utility.lnk
ShortcutTarget: Play Wireless USB Adapter Utility.lnk -> C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe ()

==================== Services (Whitelisted) ======

4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
2 AcronisOSSReinstallSvc; "C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe" [2217416 2007-02-22] ()
3 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [828864 2009-01-20] (Acronis)
2 astcc; C:\Windows\SysWow64\ASTSRV.EXE [57344 2009-05-28] (Nalpeiron Ltd.)
3 DfSdkS; "C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe" [544768 2009-08-24] (mst software GmbH, Germany)
2 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [974944 2011-09-22] (ESET)
2 ezSharedSvc; C:\Windows\SysWow64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS)
3 FLEXnet Licensing Service 64; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe" [1038088 2009-05-08] (Acresso Software Inc.)
4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
3 jswpsapi; C:\Program Files (x86)\NETGEAR\WNDA3200\jswpsapi.exe [954368 2009-11-05] (Atheros Communications, Inc.)
4 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [160784 2009-07-20] (Logitech, Inc.)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.271\McCHSvc.exe" [237272 2012-03-13] (McAfee, Inc.)
3 MSCSPTISRV; "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe" [45056 2006-12-13] (Sony Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe /StartService [180224 2007-09-04] (NVIDIA)
4 O&O Defrag; C:\Windows\system32\oodag.exe [1967872 2009-02-25] (O&O Software GmbH)
4 OOCleverCacheAgent; "C:\Program Files\OO Software\CleverCache\ooccag.exe" [515344 2007-01-28] (O&O Software GmbH)
3 PACSPTISVR; "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe" [57344 2006-12-13] ()
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
3 ServiceLayer; "C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe" [620544 2008-11-11] (Nokia.)
3 SonicStage Back-End Service; "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe" [112184 2007-02-05] (Sony Corporation)
3 SPTISRV; "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe" [69632 2006-12-13] (Sony Corporation)
3 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
3 usprserv; C:\Windows\System32\svchost.exe -k netsvcs [27648 2008-01-19] (Microsoft Corporation)
3 usprserv; C:\Windows\SysWow64\svchost.exe -k netsvcs [21504 2008-01-18] (Microsoft Corporation)
2 WDCS_WNDA3200; C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe [167936 2010-06-23] ()
2 WLANBelkinService; C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] ()
2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe [167936 2008-06-26] ()

========================== Drivers (Whitelisted) =============

2 adfs; C:\Windows\SysWow64\Drivers\adfs.sys [86584 2010-01-16] (Adobe Systems, Inc.)
3 ATITool; C:\Windows\System32\DRIVERS\ATITool64.sys [30720 2006-11-10] ()
3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh664.sys [838136 2009-11-06] (Broadcom Corporation)
3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] ()
3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [12672 2007-08-02] (Razer (Asia-Pacific) Pte Ltd)
1 dbjdmdar; C:\Windows\System32\Drivers\dbjdmdar.sys [50000 2012-06-12] (Microsoft Corporation)
3 dgderdrv; C:\Windows\SysWow64\Drivers\dgderdrv.sys [20032 2011-10-31] (Devguru Co., Ltd)
2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
3 ElbyCDFL; C:\Windows\SysWow64\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
2 epfw; C:\Windows\System32\Drivers\epfw.sys [187632 2011-08-04] (ESET)
1 EpfwLWF; C:\Windows\System32\Drivers\EpfwLWF.sys [38288 2011-08-04] (ESET)
0 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [62496 2011-08-04] (ESET)
3 gdrv; \??\C:\Windows\gdrv.sys [25640 2010-09-02] (Windows ® Server 2003 DDK provider)
3 GVTDrv64; \??\C:\Windows\GVTDrv64.sys [30528 2007-12-23] ()
3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [31744 2009-06-10] (HTC, Corporation)
0 JGOGO; C:\Windows\System32\Drivers\JGOGO.sys [8704 2006-02-07] (JMicron )
0 JRAID; C:\Windows\System32\Drivers\JRAID.sys [115824 2009-11-23] (JMicron Technology Corp.)
3 MagicTune; C:\Windows\System32\drivers\MTiCtwl.sys [14336 2006-02-22] ()
1 NCPro; C:\Windows\system32\drivers\MTictwl.sys [14336 2006-02-22] ()
3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2008-09-14] (Nokia)
3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [18944 2008-09-14] (Nokia)
3 NVR0Dev; \??\C:\Windows\nvoclk64.sys [39968 2007-09-04] (NVidia Corp.)
2 PfFilter; \??\C:\Program Files (x86)\IObit\Password Folder\pffilter.sys [62024 2010-11-22] (IObit Information Technology)
3 physX64; C:\Windows\System32\Drivers\physX64.sys [147744 2007-09-12] (AGEIA Technologies, Inc.)
0 PxHelp20; C:\Windows\SysWow64\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions)
1 RtlProt; C:\Windows\System32\Drivers\RtlProt.sys [31016 2007-04-23] (Windows ® Codename Longhorn DDK provider)
0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [237600 2009-04-13] (Acronis)
4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2008-10-04] (Duplex Secure Ltd.)
3 tbhsd; C:\Windows\System32\Drivers\tbhsd.sys [34336 2008-02-20] (RapidSolution Software AG)
0 tdrpman174; C:\Windows\System32\DRIVERS\tdrpm174.sys [1581088 2009-04-13] (Acronis)
2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [83488 2009-04-13] (Acronis)
0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [880160 2009-04-13] (Acronis)
3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [8704 2008-09-14] (Windows ® Codename Longhorn DDK provider)
3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [8704 2008-09-14] (Windows ® Codename Longhorn DDK provider)
1 vrabunar; C:\Windows\System32\Drivers\vrabunar.sys [50000 2012-06-12] (Microsoft Corporation)
1 Beep; [x]
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 dump_wmimmc; \??\C:\Program Files (x86)\ShotOnline International\GameGuard\dump_wmimmc.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 SABProcEnum; \??\C:\Program Files (x86)\Avant Browser\SABProcEnum.sys [x]
3 X6va006; \??\C:\Users\Karl\AppData\Local\Temp\0066F09.tmp [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-12 12:45 - 2012-06-12 12:45 - 00000000 ____D C:\Users\Karl\Desktop\64Bit
2012-06-12 12:44 - 2012-06-12 12:44 - 00193551 ____A (Igor Pavlov) C:\Users\Karl\Desktop\motherboard_driver_sata_gb_sata2raid_bootdisk_64.exe
2012-06-12 12:43 - 2012-06-12 12:43 - 13739062 ____A (Igor Pavlov) C:\Users\Karl\Desktop\motherboard_driver_intel_sataraid.exe
2012-06-12 12:42 - 2012-06-12 12:42 - 04089073 ____A (Igor Pavlov) C:\Users\Karl\Desktop\motherboard_driver_sata_gb_sata2raid.exe
2012-06-12 12:42 - 2012-06-12 12:42 - 00000000 ____D C:\Users\Karl\Desktop\GSATA
2012-06-12 12:22 - 2012-06-12 12:22 - 00580929 ____A C:\Users\Karl\Desktop\64bit_nForce_IDE_998_WHQL_for_Win7Vista_x64_packed_by_Fernando.rar
2012-06-12 12:15 - 2012-06-12 12:15 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vrabunar.sys
2012-06-12 12:15 - 2012-06-12 12:15 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dbjdmdar.sys
2012-06-12 11:21 - 2008-10-30 04:59 - 00102739 ____A C:\Users\Karl\Desktop\Final.jpg
2012-06-12 11:21 - 2008-10-30 04:16 - 00000704 ____A C:\Users\Karl\Desktop\Info.txt
2012-06-12 11:20 - 2008-10-30 05:05 - 00000000 ____D C:\Users\Karl\Desktop\vista recovery disc 64bit
2012-06-10 22:05 - 2012-06-10 22:05 - 00014015 ____A C:\Users\Karl\Desktop\Attach.txt
2012-06-10 22:03 - 2012-06-10 22:03 - 00026401 ____A C:\Users\Karl\Desktop\DDS.txt
2012-06-10 21:56 - 2012-06-10 21:56 - 00607260 ____R (Swearware) C:\Users\Karl\Desktop\dds.scr
2012-06-10 21:49 - 2012-06-10 21:49 - 00000020 ____A C:\Users\Karl\defogger_reenable
2012-06-10 21:37 - 2012-06-10 21:37 - 00033732 ____A C:\Users\Karl\Desktop\combofix.txt
2012-06-10 16:44 - 2012-06-10 16:44 - 00033732 ____A C:\ComboFix.txt
2012-06-10 16:08 - 2012-06-10 16:08 - 04540367 ____R (Swearware) C:\Users\Karl\Desktop\ComboFix.exe
2012-06-10 15:50 - 2012-06-10 15:50 - 00262144 ___AH C:\Windows\System32\config\security.tmp.LOG1
2012-06-10 15:50 - 2012-06-10 15:50 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG2
2012-06-10 15:50 - 2012-06-10 15:50 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG1
2012-06-10 15:50 - 2012-06-10 15:50 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG2
2012-06-10 15:50 - 2012-06-10 15:50 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG1
2012-06-10 15:50 - 2012-06-10 15:50 - 00000000 ___AH C:\Windows\System32\config\security.tmp.LOG2
2012-06-10 15:50 - 2012-06-10 15:50 - 00000000 ___AH C:\Windows\System32\config\sam.tmp.LOG2
2012-06-10 15:50 - 2012-06-10 15:50 - 00000000 ___AH C:\Windows\System32\config\sam.tmp.LOG1
2012-06-10 15:50 - 2012-06-10 15:50 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG2
2012-06-10 15:50 - 2012-06-10 15:50 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG1
2012-06-10 15:50 - 2012-06-10 15:50 - 00000000 ___AH C:\Windows\System32\config\components.tmp.LOG2
2012-06-10 15:50 - 2012-06-10 15:50 - 00000000 ___AH C:\Windows\System32\config\components.tmp.LOG1
2012-06-10 15:10 - 2012-06-10 16:44 - 00000000 ___AD C:\Qoobox
2012-06-10 15:10 - 2012-06-10 16:33 - 00000000 ____D C:\Windows\ERDNT
2012-06-10 15:10 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-10 15:10 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-10 15:10 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-10 15:10 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-10 15:10 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-10 15:10 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-10 15:10 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-10 15:10 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-10 14:24 - 2012-06-10 14:24 - 00002154 ____A C:\Windows\epplauncher.mif
2012-06-10 14:23 - 2012-06-10 14:24 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-10 14:23 - 2012-06-10 14:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-10 14:23 - 2010-04-06 00:34 - 00345984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-06-10 13:33 - 2012-06-10 13:33 - 00000000 ____D C:\Users\All Users\McAfee Security Scan
2012-06-10 13:33 - 2012-06-10 13:33 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2012-06-10 13:30 - 2012-06-10 13:30 - 00000000 ____D C:\Users\Karl\AppData\Roaming\QuickScan
2012-06-09 23:22 - 2012-06-09 14:55 - 1563095040 ____A C:\Users\Karl\Desktop\Day After Tomorrow.avi
2012-06-09 12:20 - 2012-06-09 12:20 - 00654034 ____A C:\Users\Karl\Desktop\Our_world_2.pdf
2012-06-09 12:18 - 2012-06-09 12:18 - 01722963 ____A C:\Users\Karl\Desktop\ResligiousStudiesAnimalRightsJan2012.pdf
2012-06-09 12:07 - 2012-06-09 12:07 - 00589263 ____A C:\Users\Karl\Desktop\Animal_rights_revision1.pptx
2012-06-09 12:02 - 2012-06-09 12:02 - 00590341 ____A C:\Users\Karl\Desktop\Animal_rights_revision.pptx
2012-06-09 11:54 - 2012-06-09 11:54 - 00160768 ____A C:\Users\Karl\Desktop\Animal Rights.doc
2012-06-09 11:53 - 2012-06-09 11:53 - 01264307 ____A C:\Users\Karl\Desktop\AQA_SPec_B_Unit_2_Revision_Religion_and_Life.docx
2012-06-09 11:45 - 2012-06-09 11:45 - 00062464 ____A C:\Users\Karl\Desktop\Revision-keycard-Religion-and-Prejudice.doc
2012-06-09 11:45 - 2012-06-09 11:45 - 00046592 ____A C:\Users\Karl\Desktop\Revision-keycard-Religion-and-Early-Life.doc
2012-06-09 11:44 - 2012-06-09 11:44 - 00072704 ____A C:\Users\Karl\Desktop\Revision-keycard-Religion-and-Planet-Earth.doc
2012-06-09 11:42 - 2012-06-09 11:42 - 00059904 ____A C:\Users\Karl\Desktop\Revision-keycard-Religion-and-Animal-Rights1.doc
2012-06-09 11:38 - 2012-06-09 11:39 - 00491882 ____A C:\Users\Karl\Desktop\TCSShortCourse.zip
2012-06-06 10:11 - 2012-06-06 10:11 - 00000000 ____D C:\Users\Karl\AppData\Roaming\EAC
2012-06-06 10:10 - 2012-06-06 10:10 - 00000919 ____A C:\Users\Public\Desktop\Exact Audio Copy.lnk
2012-06-05 04:39 - 2012-06-05 04:39 - 00055058 ____A C:\Users\Karl\Desktop\51XMGNVZ19L.jpg
2012-06-04 21:50 - 2012-06-10 15:50 - 00178350 ____A C:\Windows\ntbtlog.txt
2012-06-04 09:51 - 2012-06-04 09:51 - 00016645 ____A C:\Users\Karl\Desktop\New school day.docx
2012-06-04 06:09 - 2012-06-04 06:09 - 00315392 ____A C:\Users\Karl\Desktop\Unit 2 REVGUIDE.doc
2012-06-02 06:43 - 2012-06-02 06:43 - 00000000 ____D C:\Program Files (x86)\NETGEAR
2012-06-02 06:43 - 2010-10-11 02:49 - 01724416 ____A (Atheros Communications, Inc.) C:\Windows\System32\Drivers\athurx.sys
2012-06-02 06:43 - 2008-05-14 18:28 - 00026624 ____A (Atheros Communications, Inc.) C:\Windows\System32\Drivers\jswpslwfx.sys
2012-06-02 03:18 - 2012-06-02 03:18 - 00000783 ____A C:\Users\Public\Desktop\Wireless Connection Manager.lnk
2012-06-02 03:18 - 2012-06-02 03:18 - 00000000 ____D C:\Windows\pcidevice
2012-06-02 03:18 - 2012-06-02 03:18 - 00000000 ____D C:\Users\Public\D-Link
2012-06-02 03:18 - 2012-06-02 03:18 - 00000000 ____D C:\Program Files (x86)\D-Link
2012-06-02 03:18 - 2009-08-04 05:19 - 00610816 ____A (Realtek Semiconductor Corporation ) C:\Windows\System32\Drivers\RTL8192su.sys
2012-06-02 03:18 - 2007-04-23 04:15 - 00031016 ____A (Windows ® Codename Longhorn DDK provider) C:\Windows\System32\Drivers\RtlProt.sys
2012-06-01 13:27 - 2012-06-01 13:28 - 00000000 ____D C:\Users\Karl\Desktop\VA Trance The Vocal Session 2012 (ZYX 82523 2) 2CD READ NFO 2011 eMF
2012-05-30 13:53 - 2012-05-30 13:55 - 17691384 ____A C:\Users\Karl\Desktop\7612_22_Utility.zip
2012-05-30 13:23 - 2012-06-05 14:20 - 00000000 ____D C:\Users\Karl\Desktop\Jack Savoretti
2012-05-29 14:37 - 2012-05-29 15:00 - 00000000 ____D C:\Users\Karl\Desktop\Safe House 2012 DVDRip XviD AC3 AQOS
2012-05-29 14:16 - 2012-05-29 14:38 - 00000000 ____D C:\Users\Karl\Desktop\Man On A Ledge 2012 DVDRip XviD F0RFUN
2012-05-29 13:45 - 2012-05-29 13:45 - 00001016 ____A C:\Users\Public\Desktop\Backup & Storage.lnk
2012-05-29 13:45 - 2012-05-29 13:45 - 00000000 ____D C:\Program Files\VirginMedia
2012-05-29 13:45 - 2011-05-17 08:28 - 07238699 ____A (dimastr.com) C:\Windows\System32\Redemption64.dll
2012-05-29 13:39 - 2012-05-29 14:18 - 00000000 ____D C:\Users\Karl\Desktop\Journey 2 The Mysterious Island 2012 DVDRip XviD AC3 REFiLL
2012-05-25 14:25 - 2012-05-25 14:25 - 00000000 ____D C:\Users\Karl\Desktop\lisa2
2012-05-25 14:21 - 2012-05-25 14:21 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-05-25 14:21 - 2012-05-25 14:21 - 00000000 __SHD C:\Users\UpdatusUser\Templates
2012-05-25 14:21 - 2012-05-25 14:21 - 00000000 __SHD C:\Users\UpdatusUser\Start Menu
2012-05-25 14:21 - 2012-05-25 14:21 - 00000000 __SHD C:\Users\UpdatusUser\PrintHood
2012-05-25 14:21 - 2012-05-25 14:21 - 00000000 __SHD C:\Users\UpdatusUser\NetHood
2012-05-25 14:21 - 2012-05-25 14:21 - 00000000 __SHD C:\Users\UpdatusUser\My Documents
2012-05-25 14:21 - 2012-05-25 14:21 - 00000000 __SHD C:\Users\UpdatusUser\Documents\My Videos
2012-05-25 14:21 - 2012-05-25 14:21 - 00000000 __SHD C:\Users\UpdatusUser\Documents\My Pictures
2012-05-25 14:21 - 2012-05-25 14:21 - 00000000 __SHD C:\Users\UpdatusUser\Documents\My Music
2012-05-25 14:21 - 2012-05-25 14:21 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Temporary Internet Files
2012-05-25 14:21 - 2012-05-25 14:21 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\History
2012-05-25 14:21 - 2012-05-25 14:21 - 00000000 ____D C:\users\UpdatusUser
2012-05-25 14:21 - 2009-11-28 01:56 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Macromedia
2012-05-25 14:21 - 2009-10-10 13:52 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Microsoft Help
2012-05-25 14:21 - 2006-11-02 07:06 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Media Center Programs
2012-05-25 14:20 - 2012-06-12 12:12 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-05-25 14:20 - 2012-05-25 14:20 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-05-25 14:20 - 2012-05-15 02:48 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-05-25 14:20 - 2012-05-15 02:48 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-05-25 14:20 - 2012-05-15 01:29 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-05-25 14:20 - 2012-05-15 01:29 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-05-25 14:20 - 2012-05-15 01:29 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-05-25 14:20 - 2012-05-15 01:29 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-05-25 14:20 - 2012-05-15 01:28 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-05-25 14:19 - 2012-05-15 02:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-25 14:19 - 2012-05-15 02:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-25 14:19 - 2012-05-15 02:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-25 14:19 - 2012-05-15 02:48 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-05-25 14:19 - 2012-05-15 02:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-25 14:19 - 2012-05-15 02:48 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-05-25 14:19 - 2012-05-15 02:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-25 14:19 - 2012-05-15 02:48 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-05-25 14:19 - 2012-05-15 02:48 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-25 14:19 - 2012-05-15 02:48 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-05-25 14:19 - 2012-05-15 02:48 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-25 14:19 - 2012-05-15 02:48 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-25 14:19 - 2012-05-15 02:48 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-05-25 14:19 - 2012-05-15 02:48 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-25 14:19 - 2012-05-15 02:48 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-25 14:19 - 2012-05-15 02:48 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-25 14:19 - 2012-05-15 02:48 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-05-25 14:19 - 2012-05-15 02:48 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-05-25 14:19 - 2012-05-15 02:48 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-05-25 14:19 - 2012-05-15 02:48 - 00014324 ____A C:\Windows\System32\nvinfo.pb
2012-05-20 12:33 - 2012-05-20 12:34 - 00000000 ____D C:\Users\Karl\Desktop\Morten Harket Out of my Hands
2012-05-20 12:32 - 2012-05-20 12:33 - 00000000 ____D C:\Users\Karl\Desktop\Beach House Bloom 2012
2012-05-20 03:16 - 2012-05-30 13:54 - 00000000 ____D C:\Users\Karl\Desktop\WR
2012-05-20 03:10 - 2012-05-20 03:11 - 00000000 ____D C:\Users\Karl\Desktop\Holiday Parade Tickets And Passports 2009
2012-05-20 03:05 - 2012-05-20 03:10 - 00000000 ____D C:\Users\Karl\Desktop\Mayday Parade Mayday Parade
2012-05-19 00:02 - 2012-05-19 00:02 - 05247572 ____A C:\Users\Karl\Desktop\Do_It_Anyway_1.mp3
2012-05-18 11:21 - 2012-05-18 12:02 - 00000000 ____D C:\Users\Karl\Desktop\Phone
2012-05-16 12:25 - 2012-05-16 12:25 - 00000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-05-16 12:25 - 2012-05-16 12:25 - 00000000 ____D C:\Program Files\iTunes
2012-05-16 12:25 - 2012-05-16 12:25 - 00000000 ____D C:\Program Files\iPod
2012-05-16 12:25 - 2012-05-16 12:25 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-05-16 12:24 - 2012-05-16 12:24 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-05-16 12:23 - 2012-05-16 12:23 - 00000000 ____D C:\Program Files\Bonjour
2012-05-16 12:23 - 2012-05-16 12:23 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-05-15 14:07 - 2012-05-15 14:07 - 13776529 ____A C:\Users\Karl\Desktop\Aaron Lewis -- Aaron Lewis- Red White & Blue.mp3
2012-05-14 17:21 - 2012-05-14 17:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-05-14 14:18 - 2012-05-14 14:18 - 00000000 ____D C:\Users\Karl\Desktop\Safetysuit
2012-05-14 13:58 - 2012-05-14 14:12 - 00000000 ____D C:\Users\Karl\Desktop\Jason Mraz
2012-05-14 13:53 - 2012-05-14 14:10 - 00000000 ____D C:\Users\Karl\Desktop\Garbage
2012-05-14 13:52 - 2012-05-14 14:10 - 00000000 ____D C:\Users\Karl\Desktop\Train
2012-05-14 13:51 - 2012-05-14 14:11 - 00000000 ____D C:\Users\Karl\Desktop\You Me At Six
2012-05-14 13:48 - 2012-05-14 14:09 - 00000000 ____D C:\Users\Karl\Desktop\Keane Strangeland Deluxe Edition 2012


============ 3 Months Modified Files and Folders =============

2012-06-12 21:52 - 2012-06-12 21:52 - 00000000 ____D C:\FRST
2012-06-12 12:45 - 2012-06-12 12:45 - 00000000 ____D C:\Users\Karl\Desktop\64Bit
2012-06-12 12:44 - 2012-06-12 12:44 - 00193551 ____A (Igor Pavlov) C:\Users\Karl\Desktop\motherboard_driver_sata_gb_sata2raid_bootdisk_64.exe
2012-06-12 12:43 - 2012-06-12 12:43 - 13739062 ____A (Igor Pavlov) C:\Users\Karl\Desktop\motherboard_driver_intel_sataraid.exe
2012-06-12 12:42 - 2012-06-12 12:42 - 04089073 ____A (Igor Pavlov) C:\Users\Karl\Desktop\motherboard_driver_sata_gb_sata2raid.exe
2012-06-12 12:42 - 2012-06-12 12:42 - 00000000 ____D C:\Users\Karl\Desktop\GSATA
2012-06-12 12:22 - 2012-06-12 12:22 - 00580929 ____A C:\Users\Karl\Desktop\64bit_nForce_IDE_998_WHQL_for_Win7Vista_x64_packed_by_Fernando.rar
2012-06-12 12:15 - 2012-06-12 12:15 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vrabunar.sys
2012-06-12 12:15 - 2012-06-12 12:15 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dbjdmdar.sys
2012-06-12 12:15 - 2006-11-02 07:21 - 00004640 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-12 12:15 - 2006-11-02 07:21 - 00004640 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-12 12:12 - 2012-05-25 14:20 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-06-12 12:12 - 2008-07-12 04:43 - 02527288 ____A C:\Windows\System32\oodbs.lor
2012-06-12 11:49 - 2008-12-07 13:52 - 00000012 ____A C:\Windows\bthservsdp.dat
2012-06-12 11:49 - 2006-11-02 07:26 - 01507849 ____A C:\Windows\WindowsUpdate.log
2012-06-12 11:41 - 2006-11-02 04:46 - 00772390 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-10 22:05 - 2012-06-10 22:05 - 00014015 ____A C:\Users\Karl\Desktop\Attach.txt
2012-06-10 22:03 - 2012-06-10 22:03 - 00026401 ____A C:\Users\Karl\Desktop\DDS.txt
2012-06-10 21:56 - 2012-06-10 21:56 - 00607260 ____R (Swearware) C:\Users\Karl\Desktop\dds.scr
2012-06-10 21:49 - 2012-06-10 21:49 - 00000020 ____A C:\Users\Karl\defogger_reenable
2012-06-10 21:49 - 2011-06-03 11:59 - 00000000 ____D C:\Program Files (x86)\Opera
2012-06-10 21:49 - 2007-12-23 00:29 - 00000000 ____D C:\users\Karl
2012-06-10 21:37 - 2012-06-10 21:37 - 00033732 ____A C:\Users\Karl\Desktop\combofix.txt
2012-06-10 16:44 - 2012-06-10 16:44 - 00033732 ____A C:\ComboFix.txt
2012-06-10 16:44 - 2012-06-10 15:10 - 00000000 ___AD C:\Qoobox
2012-06-10 16:33 - 2012-06-10 15:10 - 00000000 ____D C:\Windows\ERDNT
2012-06-10 16:33 - 2009-05-08 00:42 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-06-10 16:33 - 2006-11-02 04:34 - 00000215 ____A C:\Windows\system.ini
2012-06-10 16:32 - 2012-03-17 00:46 - 00001702 ____A C:\Windows\PFRO.log
2012-06-10 16:08 - 2012-06-10 16:08 - 04540367 ____R (Swearware) C:\Users\Karl\Desktop\ComboFix.exe
2012-06-10 15:50 - 2012-06-10 15:50 - 00262144 ___AH C:\Windows\System32\config\security.tmp.LOG1
2012-06-10 15:50 - 2012-06-10 15:50 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG2
2012-06-10 15:50 - 2012-06-10 15:50 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG1
2012-06-10 15:50 - 2012-06-10 15:50 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG2
2012-06-10 15:50 - 2012-06-10 15:50 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG1
2012-06-10 15:50 - 2012-06-10 15:50 - 00000000 ___AH C:\Windows\System32\config\security.tmp.LOG2
2012-06-10 15:50 - 2012-06-10 15:50 - 00000000 ___AH C:\Windows\System32\config\sam.tmp.LOG2
2012-06-10 15:50 - 2012-06-10 15:50 - 00000000 ___AH C:\Windows\System32\config\sam.tmp.LOG1
2012-06-10 15:50 - 2012-06-10 15:50 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG2
2012-06-10 15:50 - 2012-06-10 15:50 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG1
2012-06-10 15:50 - 2012-06-10 15:50 - 00000000 ___AH C:\Windows\System32\config\components.tmp.LOG2
2012-06-10 15:50 - 2012-06-10 15:50 - 00000000 ___AH C:\Windows\System32\config\components.tmp.LOG1
2012-06-10 15:50 - 2012-06-04 21:50 - 00178350 ____A C:\Windows\ntbtlog.txt
2012-06-10 15:50 - 2008-06-05 14:46 - 58720256 ____A C:\Windows\System32\config\components.bak
2012-06-10 15:50 - 2008-06-05 14:46 - 04980736 ____A C:\Windows\System32\config\default.bak
2012-06-10 15:50 - 2008-06-05 14:46 - 00065536 ____A C:\Windows\System32\config\sam.bak
2012-06-10 15:50 - 2008-06-05 14:45 - 111935488 ____A C:\Windows\System32\config\software.bak
2012-06-10 15:50 - 2006-11-02 04:33 - 90701824 ____A C:\Windows\System32\config\system.bak
2012-06-10 15:50 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\security.bak
2012-06-10 14:24 - 2012-06-10 14:24 - 00002154 ____A C:\Windows\epplauncher.mif
2012-06-10 14:24 - 2012-06-10 14:23 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-10 14:24 - 2007-12-24 03:49 - 00778616 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-10 14:23 - 2012-06-10 14:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-10 14:03 - 2007-12-24 03:49 - 00000000 ____D C:\Windows\pss
2012-06-10 13:38 - 2011-02-24 14:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-10 13:33 - 2012-06-10 13:33 - 00000000 ____D C:\Users\All Users\McAfee Security Scan
2012-06-10 13:33 - 2012-06-10 13:33 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2012-06-10 13:30 - 2012-06-10 13:30 - 00000000 ____D C:\Users\Karl\AppData\Roaming\QuickScan
2012-06-10 09:54 - 2012-04-03 09:57 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-10 09:54 - 2012-04-03 09:57 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-10 09:54 - 2011-05-19 21:58 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-10 05:12 - 2008-01-27 09:20 - 00000000 ____D C:\Users\Karl\AppData\Roaming\foobar2000
2012-06-09 23:22 - 2008-03-21 12:02 - 00000000 ____D C:\Users\Karl\AppData\Local\QuickPar
2012-06-09 14:55 - 2012-06-09 23:22 - 1563095040 ____A C:\Users\Karl\Desktop\Day After Tomorrow.avi
2012-06-09 12:20 - 2012-06-09 12:20 - 00654034 ____A C:\Users\Karl\Desktop\Our_world_2.pdf
2012-06-09 12:18 - 2012-06-09 12:18 - 01722963 ____A C:\Users\Karl\Desktop\ResligiousStudiesAnimalRightsJan2012.pdf
2012-06-09 12:07 - 2012-06-09 12:07 - 00589263 ____A C:\Users\Karl\Desktop\Animal_rights_revision1.pptx
2012-06-09 12:02 - 2012-06-09 12:02 - 00590341 ____A C:\Users\Karl\Desktop\Animal_rights_revision.pptx
2012-06-09 11:54 - 2012-06-09 11:54 - 00160768 ____A C:\Users\Karl\Desktop\Animal Rights.doc
2012-06-09 11:53 - 2012-06-09 11:53 - 01264307 ____A C:\Users\Karl\Desktop\AQA_SPec_B_Unit_2_Revision_Religion_and_Life.docx
2012-06-09 11:45 - 2012-06-09 11:45 - 00062464 ____A C:\Users\Karl\Desktop\Revision-keycard-Religion-and-Prejudice.doc
2012-06-09 11:45 - 2012-06-09 11:45 - 00046592 ____A C:\Users\Karl\Desktop\Revision-keycard-Religion-and-Early-Life.doc
2012-06-09 11:44 - 2012-06-09 11:44 - 00072704 ____A C:\Users\Karl\Desktop\Revision-keycard-Religion-and-Planet-Earth.doc
2012-06-09 11:42 - 2012-06-09 11:42 - 00059904 ____A C:\Users\Karl\Desktop\Revision-keycard-Religion-and-Animal-Rights1.doc
2012-06-09 11:39 - 2012-06-09 11:38 - 00491882 ____A C:\Users\Karl\Desktop\TCSShortCourse.zip
2012-06-06 13:40 - 2007-12-22 09:27 - 00000000 ____D C:\AlbumPlayerData
2012-06-06 10:11 - 2012-06-06 10:11 - 00000000 ____D C:\Users\Karl\AppData\Roaming\EAC
2012-06-06 10:11 - 2007-12-31 04:24 - 00000000 ____D C:\Users\Karl\AppData\Roaming\AccurateRip
2012-06-06 10:10 - 2012-06-06 10:10 - 00000919 ____A C:\Users\Public\Desktop\Exact Audio Copy.lnk
2012-06-06 10:10 - 2007-12-31 04:24 - 00000000 ____D C:\Program Files (x86)\Exact Audio Copy
2012-06-05 14:49 - 2007-12-22 08:29 - 00180224 ____A C:\Users\Karl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-05 14:21 - 2007-12-23 09:34 - 00000000 ____D C:\Users\Karl\AppData\Roaming\Mp3tag
2012-06-05 14:20 - 2012-05-30 13:23 - 00000000 ____D C:\Users\Karl\Desktop\Jack Savoretti
2012-06-05 04:39 - 2012-06-05 04:39 - 00055058 ____A C:\Users\Karl\Desktop\51XMGNVZ19L.jpg
2012-06-04 09:51 - 2012-06-04 09:51 - 00016645 ____A C:\Users\Karl\Desktop\New school day.docx
2012-06-04 06:09 - 2012-06-04 06:09 - 00315392 ____A C:\Users\Karl\Desktop\Unit 2 REVGUIDE.doc
2012-06-02 06:43 - 2012-06-02 06:43 - 00000000 ____D C:\Program Files (x86)\NETGEAR
2012-06-02 03:18 - 2012-06-02 03:18 - 00000783 ____A C:\Users\Public\Desktop\Wireless Connection Manager.lnk
2012-06-02 03:18 - 2012-06-02 03:18 - 00000000 ____D C:\Windows\pcidevice
2012-06-02 03:18 - 2012-06-02 03:18 - 00000000 ____D C:\Users\Public\D-Link
2012-06-02 03:18 - 2012-06-02 03:18 - 00000000 ____D C:\Program Files (x86)\D-Link
2012-06-02 03:18 - 2007-12-23 00:44 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-01 13:40 - 2012-04-12 12:50 - 00006483 ____A C:\Windows\setupact.log
2012-06-01 13:28 - 2012-06-01 13:27 - 00000000 ____D C:\Users\Karl\Desktop\VA Trance The Vocal Session 2012 (ZYX 82523 2) 2CD READ NFO 2011 eMF
2012-05-31 20:55 - 2009-09-12 01:30 - 00000000 ____D C:\Users\All Users\CanonIJPLM
2012-05-30 13:55 - 2012-05-30 13:53 - 17691384 ____A C:\Users\Karl\Desktop\7612_22_Utility.zip
2012-05-30 13:54 - 2012-05-20 03:16 - 00000000 ____D C:\Users\Karl\Desktop\WR
2012-05-30 09:41 - 2010-11-10 15:54 - 00000000 ____D C:\Users\Karl\AppData\Local\VirginMedia
2012-05-29 15:00 - 2012-05-29 14:37 - 00000000 ____D C:\Users\Karl\Desktop\Safe House 2012 DVDRip XviD AC3 AQOS
2012-05-29 14:38 - 2012-05-29 14:16 - 00000000 ____D C:\Users\Karl\Desktop\Man On A Ledge 2012 DVDRip XviD F0RFUN
2012-05-29 14:18 - 2012-05-29 13:39 - 00000000 ____D C:\Users\Karl\Desktop\Journey 2 The Mysterious Island 2012 DVDRip XviD AC3 REFiLL
2012-05-29 13:45 - 2012-05-29 13:45 - 00001016 ____A C:\Users\Public\Desktop\Backup & Storage.lnk
2012-05-29 13:45 - 2012-05-29 13:45 - 00000000 ____D C:\Program Files\VirginMedia
2012-05-25 14:26 - 2007-12-22 07:26 - 00000000 ____D C:\Users\Karl\Desktop\Games
2012-05-25 14:25 - 2012-05-25 14:25 - 00000000 ____D C:\Users\Karl\Desktop\lisa2
2012-05-25 14:21 - 2012-05-25 14:21 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-05-25 14:21 - 2012-05-25 14:21 - 00000000 __SHD C:\Users\UpdatusUser\Templates
2012-05-25 14:21 - 2012-05-25 14:21 - 00000000 __SHD C:\Users\UpdatusUser\Start Menu
2012-05-25 14:21 - 2012-05-25 14:21 - 00000000 __SHD C:\Users\UpdatusUser\PrintHood
2012-05-25 14:21 - 2012-05-25 14:21 - 00000000 __SHD C:\Users\UpdatusUser\NetHood
2012-05-25 14:21 - 2012-05-25 14:21 - 00000000 __SHD C:\Users\UpdatusUser\My Documents
2012-05-25 14:21 - 2012-05-25 14:21 - 00000000 __SHD C:\Users\UpdatusUser\Documents\My Videos
2012-05-25 14:21 - 2012-05-25 14:21 - 00000000 __SHD C:\Users\UpdatusUser\Documents\My Pictures
2012-05-25 14:21 - 2012-05-25 14:21 - 00000000 __SHD C:\Users\UpdatusUser\Documents\My Music
2012-05-25 14:21 - 2012-05-25 14:21 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Temporary Internet Files
2012-05-25 14:21 - 2012-05-25 14:21 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\History
2012-05-25 14:21 - 2012-05-25 14:21 - 00000000 ____D C:\users\UpdatusUser
2012-05-25 14:21 - 2010-10-02 10:18 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-05-25 14:21 - 2008-01-06 09:45 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-05-25 14:20 - 2012-05-25 14:20 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-05-20 12:34 - 2012-05-20 12:33 - 00000000 ____D C:\Users\Karl\Desktop\Morten Harket Out of my Hands
2012-05-20 12:33 - 2012-05-20 12:32 - 00000000 ____D C:\Users\Karl\Desktop\Beach House Bloom 2012
2012-05-20 03:11 - 2012-05-20 03:10 - 00000000 ____D C:\Users\Karl\Desktop\Holiday Parade Tickets And Passports 2009
2012-05-20 03:10 - 2012-05-20 03:05 - 00000000 ____D C:\Users\Karl\Desktop\Mayday Parade Mayday Parade
2012-05-20 02:52 - 2008-05-29 13:03 - 00000000 ____D C:\Users\Karl\AppData\Roaming\Apple Computer
2012-05-19 00:02 - 2012-05-19 00:02 - 05247572 ____A C:\Users\Karl\Desktop\Do_It_Anyway_1.mp3
2012-05-18 12:02 - 2012-05-18 11:21 - 00000000 ____D C:\Users\Karl\Desktop\Phone
2012-05-16 12:25 - 2012-05-16 12:25 - 00000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-05-16 12:25 - 2012-05-16 12:25 - 00000000 ____D C:\Program Files\iTunes
2012-05-16 12:25 - 2012-05-16 12:25 - 00000000 ____D C:\Program Files\iPod
2012-05-16 12:25 - 2012-05-16 12:25 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-05-16 12:24 - 2012-05-16 12:24 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-05-16 12:23 - 2012-05-16 12:23 - 00000000 ____D C:\Program Files\Bonjour
2012-05-16 12:23 - 2012-05-16 12:23 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-05-16 12:23 - 2008-05-29 13:01 - 00000000 ____D C:\Users\All Users\Apple
2012-05-15 14:07 - 2012-05-15 14:07 - 13776529 ____A C:\Users\Karl\Desktop\Aaron Lewis -- Aaron Lewis- Red White & Blue.mp3
2012-05-15 12:03 - 2008-09-16 13:13 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2012-05-15 02:48 - 2012-05-25 14:20 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-05-15 02:48 - 2012-05-25 14:20 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-05-15 02:48 - 2012-05-25 14:19 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-15 02:48 - 2012-05-25 14:19 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-15 02:48 - 2012-05-25 14:19 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-15 02:48 - 2012-05-25 14:19 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-05-15 02:48 - 2012-05-25 14:19 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-15 02:48 - 2012-05-25 14:19 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-05-15 02:48 - 2012-05-25 14:19 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-15 02:48 - 2012-05-25 14:19 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-05-15 02:48 - 2012-05-25 14:19 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-15 02:48 - 2012-05-25 14:19 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-05-15 02:48 - 2012-05-25 14:19 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-15 02:48 - 2012-05-25 14:19 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-15 02:48 - 2012-05-25 14:19 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-05-15 02:48 - 2012-05-25 14:19 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-15 02:48 - 2012-05-25 14:19 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-15 02:48 - 2012-05-25 14:19 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-15 02:48 - 2012-05-25 14:19 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-05-15 02:48 - 2012-05-25 14:19 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-05-15 02:48 - 2012-05-25 14:19 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-05-15 02:48 - 2012-05-25 14:19 - 00014324 ____A C:\Windows\System32\nvinfo.pb
2012-05-15 01:29 - 2012-05-25 14:20 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-05-15 01:29 - 2012-05-25 14:20 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-05-15 01:29 - 2012-05-25 14:20 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-05-15 01:29 - 2012-05-25 14:20 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-05-15 01:28 - 2012-05-25 14:20 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-05-14 17:21 - 2012-05-14 17:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-05-14 14:18 - 2012-05-14 14:18 - 00000000 ____D C:\Users\Karl\Desktop\Safetysuit
2012-05-14 14:13 - 2012-05-11 11:08 - 00000000 ____D C:\Users\Karl\Desktop\Two Door Cinema Club
2012-05-14 14:12 - 2012-05-14 13:58 - 00000000 ____D C:\Users\Karl\Desktop\Jason Mraz
2012-05-14 14:11 - 2012-05-14 13:51 - 00000000 ____D C:\Users\Karl\Desktop\You Me At Six
2012-05-14 14:10 - 2012-05-14 13:53 - 00000000 ____D C:\Users\Karl\Desktop\Garbage
2012-05-14 14:10 - 2012-05-14 13:52 - 00000000 ____D C:\Users\Karl\Desktop\Train
2012-05-14 14:09 - 2012-05-14 13:48 - 00000000 ____D C:\Users\Karl\Desktop\Keane Strangeland Deluxe Edition 2012
2012-05-13 01:57 - 2009-12-30 13:27 - 00000000 ____D C:\Users\Karl\AppData\Roaming\ZoomBrowser EX
2012-05-13 01:56 - 2009-12-30 13:38 - 00000000 ____D C:\Users\Karl\AppData\Roaming\CameraWindowDC
2012-05-10 22:32 - 2008-02-27 15:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-10 12:01 - 2012-05-05 13:40 - 00000000 ____D C:\Users\Karl\AppData\Local\SniperV2
2012-05-10 12:01 - 2010-01-05 14:57 - 00000000 ____D C:\Program Files (x86)\Steam
2012-05-10 10:11 - 2006-11-02 07:21 - 02994696 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-09 14:43 - 2006-11-02 07:06 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2012-05-09 14:43 - 2006-11-02 07:06 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-09 13:49 - 2009-05-07 14:46 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-09 13:49 - 2006-11-02 04:35 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-05-05 13:39 - 2012-05-05 13:39 - 00360966 ____A C:\Users\Karl\AppData\Local\dd_vcredistMSI699C.txt
2012-05-05 13:39 - 2012-05-05 13:39 - 00018435 ____A C:\Windows\DirectX.log
2012-05-05 13:39 - 2012-05-05 13:39 - 00011122 ____A C:\Users\Karl\AppData\Local\dd_vcredistUI699C.txt
2012-05-05 09:17 - 2011-03-02 14:01 - 00000580 ____A C:\Users\Karl\AppData\Local\cookies.ini
2012-05-02 13:55 - 2008-11-30 22:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-01 15:28 - 2012-05-01 15:16 - 00000000 ____D C:\Users\Karl\Desktop\Avicii Discography 2011
2012-04-30 17:33 - 2012-04-30 14:40 - 00000000 ____D C:\Users\Karl\Desktop\Harry Potter Collection DVDRIP XVID INT Voodoo
2012-04-30 14:43 - 2012-04-30 14:19 - 00000000 ____D C:\Users\Karl\Desktop\21 Jump Street 2012 R5 NEW LiNE XViD INSPiRAL
2012-04-29 11:47 - 2012-04-29 11:47 - 00000000 ____D C:\Users\Karl\Logitech
2012-04-29 11:46 - 2012-04-29 11:46 - 00005746 ____A C:\Windows\DPINST.LOG
2012-04-29 11:46 - 2007-12-29 16:52 - 00000000 ____D C:\Program Files (x86)\Logitech
2012-04-24 13:58 - 2012-04-24 12:21 - 00000000 ____D C:\Users\Karl\Desktop\Trance
2012-04-24 12:27 - 2012-04-18 10:21 - 00000000 ____D C:\Users\Karl\Desktop\New Folder
2012-04-21 08:13 - 2012-04-21 07:48 - 00000000 ____D C:\Users\Karl\Desktop\Adele Greatest Hits (2012)
2012-04-21 07:56 - 2012-04-21 07:48 - 00000000 ____D C:\Users\Karl\Desktop\Adele Complete Discografie 2008 2011
2012-04-20 23:05 - 2010-10-07 14:57 - 00000000 ____D C:\Program Files (x86)\Google
2012-04-16 22:14 - 2012-04-16 22:14 - 00026112 ____A C:\Users\Karl\Desktop\Loan Accounts.xls
2012-04-16 14:08 - 2011-12-10 02:08 - 00000000 ____D C:\Users\All Users\Freemake
2012-04-12 14:15 - 2009-05-08 00:42 - 00444625 ___RA C:\Windows\System32\Drivers\etc\hosts.20120515-210513.backup
2012-04-12 12:50 - 2012-04-12 12:50 - 00000000 ____A C:\Windows\setuperr.log
2012-04-12 12:10 - 2011-11-16 00:09 - 00000000 ____D C:\Users\Karl\AppData\Local\Samsung
2012-04-11 11:30 - 2006-11-02 07:06 - 00000000 ____D C:\Windows\System32\FxsTmp
2012-04-09 13:17 - 2008-02-28 14:55 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-04-09 11:21 - 2012-04-09 11:21 - 00000000 ____D C:\Users\Karl\AppData\Local\Chromium
2012-04-09 11:20 - 2012-04-09 11:20 - 00000000 ____D C:\Users\Karl\Documents\BrawlBusters
2012-04-09 11:18 - 2012-04-09 11:18 - 00360486 ____A C:\Users\Karl\AppData\Local\dd_vcredistMSI0E05.txt
2012-04-09 11:18 - 2012-04-09 11:18 - 00011394 ____A C:\Users\Karl\AppData\Local\dd_vcredistUI0E05.txt
2012-04-09 01:29 - 2007-12-22 09:26 - 00000000 ____D C:\Program Files (x86)\AlbumPlayer
2012-04-07 03:12 - 2010-10-07 14:57 - 00000000 ____D C:\Users\Karl\AppData\Local\Google
2012-04-04 06:56 - 2011-02-24 14:41 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 21:54 - 2012-04-03 21:54 - 00094608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\atl71.dll
2012-04-03 21:53 - 2012-04-03 21:53 - 01053072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71u.dll
2012-04-03 21:53 - 2012-04-03 21:53 - 00505232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-04-03 21:53 - 2012-04-03 21:53 - 00353680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-04-03 00:22 - 2012-05-09 13:36 - 04699520 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-02 06:33 - 2011-07-23 02:04 - 00009852 ____A C:\Users\Karl\Desktop\meal plan.xlsx
2012-04-02 05:59 - 2012-05-09 13:36 - 02766848 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 04:45 - 2012-05-09 13:36 - 01422720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 12:52 - 2012-03-29 12:52 - 00016759 ____A C:\Users\Karl\Downloads\page.php
2012-03-29 06:22 - 2012-05-09 13:36 - 00040448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-03-27 14:24 - 2009-05-08 00:42 - 00443365 ___RA C:\Windows\System32\Drivers\etc\hosts.20120412-231541.backup
2012-03-27 14:23 - 2007-12-27 13:33 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-03-26 22:07 - 2012-03-26 22:07 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd0bdfeec98dda.job
2012-03-24 13:38 - 2012-03-24 14:12 - 00173299 ____A C:\Users\Karl\Desktop\003.jpg
2012-03-24 13:38 - 2012-03-24 14:12 - 00084864 ____A C:\Users\Karl\Desktop\023.jpg
2012-03-24 13:38 - 2012-03-24 13:38 - 00127641 ____A C:\Users\Karl\Desktop\026.jpg
2012-03-22 15:57 - 2012-03-22 15:52 - 00000000 ____D C:\Users\Karl\AppData\Roaming\uTorrent
2012-03-22 15:52 - 2012-03-22 15:52 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-03-22 11:12 - 2012-03-22 11:12 - 04435968 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2012-03-20 15:34 - 2012-05-09 13:36 - 00072576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-20 11:44 - 2012-03-20 11:44 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 11:44 - 2012-03-20 11:44 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-18 15:14 - 2008-10-30 14:41 - 00000000 ____D C:\Program Files (x86)\Allway Sync
2012-03-17 16:21 - 2012-03-17 16:21 - 00060565 ____A C:\Users\Karl\Desktop\I am from a Smoke.docx
2012-03-17 14:06 - 2010-08-26 12:33 - 00000000 ____D C:\Users\All Users\Firetrust
2012-03-17 14:06 - 2007-12-22 08:52 - 00000000 ____D C:\Program Files (x86)\FireTrust
2012-03-17 09:49 - 2012-02-25 02:29 - 00179200 ____A C:\Users\Karl\Desktop\Application formmarch 2012_0 (1).doc
2012-03-17 06:59 - 2011-06-03 10:32 - 00000000 ____D C:\Program Files (x86)\EasyBits For Kids
2012-03-17 06:57 - 2011-02-05 03:15 - 00000000 ____D C:\Users\Karl\AppData\Roaming\_MDLogs
2012-03-16 16:58 - 2006-11-02 07:40 - 00032554 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-03-16 16:58 - 2006-11-02 07:40 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-16 16:34 - 2011-10-13 11:49 - 00000000 ____D C:\Users\Karl\AppData\Local\FLVService
2012-03-16 16:20 - 2011-06-07 12:54 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-230724459-1324891786-1537925696-1000UA.job
2012-03-16 16:05 - 2010-11-24 14:24 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-03-16 15:49 - 2010-01-14 13:19 - 00000000 ____D C:\Windows\Minidump
2012-03-16 15:46 - 2011-09-27 11:34 - 00000000 ____D C:\Program Files (x86)\vShare.tv plugin
2012-03-16 15:45 - 2009-10-08 13:59 - 00000000 ____D C:\Users\Karl\Desktop\Office
2012-03-16 15:42 - 2009-02-25 10:39 - 00000000 ____D C:\Users\Karl\AppData\Roaming\Nokia
2012-03-16 15:32 - 2009-02-25 10:36 - 00000000 ____D C:\Program Files (x86)\Nokia
2012-03-16 15:32 - 2008-11-30 09:19 - 00000000 ____D C:\Program Files (x86)\Easy Message
2012-03-16 15:32 - 2007-12-23 00:30 - 00110152 ____A C:\Users\Karl\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-16 15:32 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\Globalization
2012-03-16 12:53 - 2011-07-11 13:54 - 00000478 ____A C:\Windows\Tasks\SDMsgUpdate (TE).job
2012-03-15 12:20 - 2011-06-07 12:54 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-230724459-1324891786-1537925696-1000Core.job

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-18 11:54] - [2009-04-10 23:10] - 0381952 ____A (Microsoft Corporation) B8844F93D2C5F1DCDB179AAA9AF134B7

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 4093.58 MB
Available physical RAM: 3378.6 MB
Total Pagefile: 3823.5 MB
Available Pagefile: 3357.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (Main Drive) (Fixed) (Total:396.7 GB) (Free:69.25 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Fixed) (Total:298.09 GB) (Free:61.89 GB) NTFS
3 Drive e: (Backups - Images of C Drive) (Fixed) (Total:300 GB) (Free:36.11 GB) NTFS
4 Drive f: (2008.03.29_2201) (CDROM) (Total:0.15 GB) (Free:0 GB) UDF
6 Drive h: () (Removable) (Total:3.87 GB) (Free:3.84 GB) FAT32
8 Drive k: (New Volume) (Fixed) (Total:59.05 GB) (Free:58.96 GB) NTFS
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
10 Drive y: (Backups) (Fixed) (Total:631.51 GB) (Free:191.99 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 932 GB 5120 KB
Disk 1 Online 298 GB 0 B
Disk 2 Online 3967 MB 0 B
Disk 3 No Media 0 B 0 B
Disk 4 Online 466 GB 1024 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 632 GB 32 KB
Partition 0 Extended 300 GB 632 GB
Partition 2 Logical 300 GB 632 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y Backups NTFS Partition 632 GB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Backups - I NTFS Partition 300 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 298 GB 0 B

======================================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3966 MB 316 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 3966 MB Healthy

======================================================================================================

Partitions of Disk 4:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 397 GB 32 KB
Partition 0 Extended 69 GB 397 GB
Partition 2 Logical 59 GB 397 GB
Partition 3 Logical 10 GB 456 GB

======================================================================================================

Disk: 4
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 C Main Drive NTFS Partition 397 GB Healthy

======================================================================================================

Disk: 4
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K New Volume NTFS Partition 59 GB Healthy

======================================================================================================

Disk: 4
Partition 3
Type : BC
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

==========================================================

Last Boot: 2012-06-12 12:22

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:23 PM

Posted 12 June 2012 - 07:56 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 lambo75

lambo75
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 13 June 2012 - 01:38 AM

Hi,

PC appears to be running ok, slightly slow to boot up, but it is an old'ish pc now and is slowing down with age, it also has a lot of junk on it and would benefit from a spring clean.

Here is the log. Combofix did not reboot the PC.

Will post if any error message after I reboot once this message is posted.

Once again, thanks for your help.

ComboFix 12-06-12.03 - Karl 13/06/2012 7:12.3.4 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.4094.1930 [GMT 1:00]
Running from: c:\users\Karl\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
c:\windows\system32\Services.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 )))))))))))))))))))))))))))))))
.
.
2012-06-13 06:30 . 2012-06-13 06:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-13 06:02 . 2012-06-13 06:02 50000 ----a-w- c:\windows\system32\drivers\eqmfpcpq.sys
2012-06-13 06:02 . 2012-06-13 06:02 50000 ----a-w- c:\windows\system32\drivers\iewyfwtp.sys
2012-06-13 06:01 . 2012-06-13 06:01 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5FA7494B-313B-451D-8FFF-4D7F86161830}\offreg.dll
2012-06-13 05:52 . 2012-06-13 05:53 -------- d-----w- C:\FRST
2012-06-12 19:48 . 2012-05-15 00:41 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5FA7494B-313B-451D-8FFF-4D7F86161830}\mpengine.dll
2012-06-10 22:34 . 2012-02-09 12:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9B672C1E-22C7-48B3-98E2-440C557A8091}\gapaengine.dll
2012-06-10 22:33 . 2012-05-15 00:41 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-10 22:23 . 2012-06-10 22:23 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-10 22:23 . 2012-06-10 22:24 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-10 22:23 . 2010-04-06 08:34 345984 ----a-w- c:\windows\system32\drivers\netio.sys
2012-06-10 21:33 . 2012-06-10 21:33 -------- d-----w- c:\programdata\McAfee Security Scan
2012-06-10 21:33 . 2012-06-10 21:33 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-06-10 21:30 . 2012-06-10 21:30 -------- d-----w- c:\users\Karl\AppData\Roaming\QuickScan
2012-06-09 06:03 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B59CF43F-9881-4F0A-8BCE-5A15ABC8C550}\mpengine.dll
2012-06-06 18:11 . 2012-06-06 18:11 -------- d-----w- c:\users\Karl\AppData\Roaming\EAC
2012-06-02 14:43 . 2012-06-02 14:43 -------- d-----w- c:\program files (x86)\NETGEAR
2012-06-02 14:43 . 2010-10-11 10:49 1724416 ----a-w- c:\windows\system32\drivers\athurx.sys
2012-06-02 14:43 . 2008-05-15 02:28 26624 ----a-w- c:\windows\system32\drivers\jswpslwfx.sys
2012-06-02 11:18 . 2012-06-02 11:18 -------- d-----w- c:\users\Public\D-Link
2012-06-02 11:18 . 2009-08-04 13:19 610816 ----a-w- c:\windows\system32\drivers\RTL8192su.sys
2012-06-02 11:18 . 2012-06-02 11:18 -------- d-----w- c:\windows\pcidevice
2012-06-02 11:18 . 2007-04-23 12:15 31016 ----a-w- c:\windows\system32\drivers\RtlProt.sys
2012-06-02 11:18 . 2012-06-02 11:18 -------- d-----w- c:\program files (x86)\D-Link
2012-05-29 21:45 . 2011-05-17 16:28 7238699 ----a-w- c:\windows\system32\Redemption64.dll
2012-05-29 21:45 . 2012-05-29 21:45 -------- d-----w- c:\program files\VirginMedia
2012-05-25 22:21 . 2012-05-25 22:21 -------- d-----w- c:\users\UpdatusUser
2012-05-25 22:20 . 2012-06-13 06:00 -------- d-----w- c:\programdata\NVIDIA
2012-05-25 22:20 . 2012-05-15 09:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-25 22:20 . 2012-05-15 09:29 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-25 22:20 . 2012-05-15 09:29 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-25 22:20 . 2012-05-15 09:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-25 22:20 . 2012-05-15 09:28 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-25 22:20 . 2012-05-15 10:48 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-25 22:20 . 2012-05-15 10:48 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-25 22:20 . 2012-05-25 22:20 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-05-16 20:25 . 2012-05-16 20:25 -------- d-----w- c:\program files\iPod
2012-05-16 20:25 . 2012-05-16 20:25 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-05-16 20:25 . 2012-05-16 20:25 -------- d-----w- c:\program files\iTunes
2012-05-16 20:25 . 2012-05-16 20:25 -------- d-----w- c:\program files (x86)\iTunes
2012-05-16 20:24 . 2012-05-16 20:24 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-05-16 20:23 . 2012-05-16 20:23 -------- d-----w- c:\program files\Bonjour
2012-05-16 20:23 . 2012-05-16 20:23 -------- d-----w- c:\program files (x86)\Bonjour
2012-05-15 01:21 . 2012-05-15 01:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-10 17:54 . 2012-04-03 17:57 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-10 17:54 . 2011-05-20 05:58 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 14:56 . 2011-02-24 22:41 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-04 05:54 . 2012-04-04 05:54 94608 ----a-w- c:\windows\SysWow64\atl71.dll
2012-04-04 05:53 . 2012-04-04 05:53 505232 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-04-04 05:53 . 2012-04-04 05:53 353680 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-04-04 05:53 . 2012-04-04 05:53 1053072 ----a-w- c:\windows\SysWow64\mfc71u.dll
2012-04-03 08:22 . 2012-05-09 21:36 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 13:59 . 2012-05-09 21:36 2766848 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 12:45 . 2012-05-09 21:36 1422720 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 14:22 . 2012-05-09 21:36 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-20 23:34 . 2012-05-09 21:36 72576 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-03-20 19:44 . 2012-03-20 19:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 19:44 . 2012-03-20 19:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2008-02-14 13:23 . 2008-02-14 13:23 231944 ----a-w- c:\program files (x86)\gwflash.exe
2007-09-21 18:42 . 2007-09-21 18:42 19008 ----a-w- c:\program files (x86)\markfun.a64
2007-08-21 18:49 . 2007-08-21 18:49 125504 ----a-w- c:\program files (x86)\MarkFunDrv.dll
2007-08-21 18:49 . 2007-08-21 18:49 17912 ----a-w- c:\program files (x86)\markfun.w32
2007-04-04 17:35 . 2007-04-04 17:35 207680 ----a-w- c:\program files (x86)\updateutility.exe
2007-03-02 03:48 . 2007-03-02 03:48 240448 ----a-w- c:\program files (x86)\gwf32.exe
2006-11-23 22:47 . 2006-11-23 22:47 207680 ----a-w- c:\program files (x86)\BIOS_Run.exe
2006-11-23 22:40 . 2006-11-23 22:40 60224 ----a-w- c:\program files (x86)\HUADRV.DLL
2005-04-27 18:40 . 2005-04-27 18:40 6800 ----a-w- c:\program files (x86)\W95_HUA.vxd
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-04-11 . 934E0B7D77FF78C18D9F8891221B6DE3 . 384512 . . [6.0.6002.18005] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[7] 2008-01-19 . DFAC660F0F139276CC9299812DE42719 . 384512 . . [6.0.6001.18000] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[7] 2006-11-02 . 0A87F57DFC2C0EB9BBA8BE1C87BAFE1A . 389632 . . [6.0.6000.16386] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_294799ef88bb616c\services.exe
[-] 2009-04-11 . B8844F93D2C5F1DCDB179AAA9AF134B7 . 381952 . . [6.0.6000.16386] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-06-11_00.33.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-22 15:37 . 2012-06-12 19:19 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-22 15:37 . 2012-06-10 21:47 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-11 00:32 . 2012-06-11 00:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-13 06:00 . 2012-06-13 06:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-13 06:00 . 2012-06-13 06:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-11 00:32 . 2012-06-11 00:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-07 17:24 . 2012-06-12 19:19 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-04-07 17:24 . 2012-06-10 21:33 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2007-12-22 15:37 . 2012-06-12 19:19 851968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-22 15:37 . 2012-06-10 21:47 851968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-22 15:37 . 2012-06-10 21:47 278528 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-12-22 15:37 . 2012-06-12 19:19 278528 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 12:46 . 2012-06-10 22:24 655756 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-06-12 19:41 655756 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-06-12 19:41 128078 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-06-10 22:24 128078 c:\windows\system32\perfc009.dat
- 2010-11-16 22:14 . 2012-06-10 22:27 463756 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-System.dat
+ 2010-11-16 22:14 . 2012-06-12 21:29 463756 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-System.dat
- 2010-04-26 21:29 . 2012-06-11 00:30 447532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-04-26 21:29 . 2012-06-12 21:29 447532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-12 21:25 . 2012-06-12 21:25 285478 c:\windows\Installer\{DE507F73-E58C-4291-BA6B-F2E7FD386E7E}\SystemFolder_msiexec_1.exe
+ 2012-06-12 21:25 . 2012-06-12 21:25 285478 c:\windows\Installer\{DE507F73-E58C-4291-BA6B-F2E7FD386E7E}\ext.exe
- 2010-11-16 22:14 . 2012-06-10 22:27 4727492 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-S-1-5-21-230724459-1324891786-1537925696-1000-12288.dat
+ 2010-11-16 22:14 . 2012-06-12 21:29 4727492 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-S-1-5-21-230724459-1324891786-1537925696-1000-12288.dat
+ 2009-02-25 23:30 . 2012-06-12 21:29 5769960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-02-25 23:30 . 2012-06-11 00:30 5769960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-06-12 21:25 . 2012-06-12 21:25 1734144 c:\windows\Installer\1ae55f.msi
+ 2010-06-11 01:17 . 2012-06-12 21:29 51930676 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-230724459-1324891786-1537925696-1000-12288.dat
- 2010-06-11 01:17 . 2012-06-11 00:30 51930676 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-230724459-1324891786-1537925696-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8dec7eb8-ed3b-4d9d-a020-edbf535d23b3}"= "c:\program files (x86)\Farkie_Freecorder\prxtbFark.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{8dec7eb8-ed3b-4d9d-a020-edbf535d23b3}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8dec7eb8-ed3b-4d9d-a020-edbf535d23b3}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Farkie_Freecorder\prxtbFark.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8dec7eb8-ed3b-4d9d-a020-edbf535d23b3}"= "c:\program files (x86)\Farkie_Freecorder\prxtbFark.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{8dec7eb8-ed3b-4d9d-a020-edbf535d23b3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 138240]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MailWasherPro.lnk - c:\program files (x86)\FireTrust\MailWasher\MailWasherPro.exe [2012-6-11 5662536]
Play Wireless USB Adapter Utility.lnk - c:\program files (x86)\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoThumbnail"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"= "c:\windows\SysWow64\ezUPBHook.dll" [2011-02-05 52920]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 257224]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-09-16 14:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
2008-02-25 10:55 7680 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 17:54]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd0bdfeec98dda.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24 22:23]
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24 22:23]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-230724459-1324891786-1537925696-1000Core.job
- c:\users\Karl\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-07 20:54]
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-230724459-1324891786-1537925696-1000UA.job
- c:\users\Karl\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-07 20:54]
.
2012-03-13 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2006-11-02 09:45]
.
2012-03-16 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~2\SmartDraw VP\Messages\SDNotify.exe [2011-07-11 17:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SKIcoBackuped]
@="{7E5951A0-8683-432A-9483-5F43168D6A8C}"
[HKEY_CLASSES_ROOT\CLSID\{7E5951A0-8683-432A-9483-5F43168D6A8C}]
2011-09-28 09:31 4304048 ----a-w- c:\program files\VirginMedia\V Stuff Backup\AGSIconOverlay64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SKIcoSelected]
@="{15054241-49B4-4FA6-B4C7-A0071F118110}"
[HKEY_CLASSES_ROOT\CLSID\{15054241-49B4-4FA6-B4C7-A0071F118110}]
2011-09-28 09:31 4304048 ----a-w- c:\program files\VirginMedia\V Stuff Backup\AGSIconOverlay64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-30 10806816]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2009-10-02 134656]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://igoogle.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Add animation to IncrediMail Style Box - c:\program files (x86)\IncrediMail\bin\resources\WebMenuImg.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\ha4yi3y3.default\
FF - prefs.js: browser.startup.homepage - hxxp://igoogle.co.uk|http://www.thisisswindontownfc.co.uk
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8DEC7EB8-ED3B-4D9D-A020-EDBF535D23B3} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\X6va006]
"ImagePath"="\??\c:\users\Karl\AppData\Local\Temp\0066F09.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="77180D6AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CC038D530D6EB34525D575E7D6A3B98081C3A9696EB5D2DB740A0FDE10888C35DD85B60B0D82B42BC8751A4E35C5E26FDE78BA030ED35C65435C36B0A6FBA711F803C4D6A0B2F1D4D7C6E37DD061EB095C98ACC6215C24D836ABD841BD43FBB4AABD5484FC21D5472B5263BBDCBA48A4C9CCB7BB56FFEF7C08AB27E11E6AC82E074F881EE6CC98FD460157B467F22C510BA592C434D155EDEC2B837FA984B883879694D6E3BB9DA6D2B4DE3D1B379D89E073207B84366818046DAABFC9E99F5FADD5E2104A7A9A60ECA5285CE42C29B0C65C7D45A2D87439FC71900CD73C7D5A547851BFD6D0747D6F51D953E4649CCC0BD7F827CA5C0E987836479B7D6BD180A617CFABB897375C0E81BEBB39F0C0CF67DB3248A8E8E1FDB36A5841B48130F4F5A5A24B1BF46CD94E32E07D9733FE04194336E820D22728EA1382FEA1096F26EE4A41E68190BD0F029AA066DA9CAB30178BFBBF50A5F556B0B69AD2FB7C7DEB5385895FADD7EE14A015A30C06DC7D16E218F090DB45E1E0C3C7DD4828CDDD3450EE5D91B2014C966B6F8EB37B00AEC960C4CF8007A6B08E103AA2093A14332142631DE8D31F2B5611B3847CCA5909958B813511E1309B133319C30A7CD93446DC190BCA8A77435A780BCF30CC5165266ACF6FC49F76A9C971C72C5932921B26BA8D2AFD860273DFC3F20C497CD84F3C9F07E87786478AF7D9D3EC94414F08F83A4B517A07ACE257932EE35A4BBFCBFDF91A2A4B45B4FB52313884438AE3CCBF985EEF71357E02B073BAA5FFCD450DB551F52A99EA13FDB1FDE4B6782E07241E79D25F7572008EE63BA4707FBA18850AE2E6E11653F4DB4D8657584CA53342ABB42F4E5AA3EA374A21B2F0F946E600C45D7CDF7518132B70F91EA11CD75D5A537CEEEAEDD6245232BC6BF81CB4AC760C3B73B21BCFBD93FD051802BD879623770A216E853FD3349382D4809BA8AE081A9EF72F11400E4088394058FCE5416C651A0E2C986C96896D6C28EF98F46040ACB25A7735C2AA837DF51342129C0641F962EC1AF8041149F6C7FCBC689DA3DF5517E7FD4A9D4AC507383C2E7F0BCEFEF52B6911A63A1975CADDDAD8980E7CAA8362A95E72724ADBF1EA5570E480B95CC6BA9A8ABE26F0B2A265D537F5BD0A2E549D7F6A213FA1D53143C0D625F3160AC9A774C2DC771B648B3825408983FE8572F3C251EBE829E3CDE4B71D8FEF913EA6E183A0A6EB21CDA0B5537A8C99DFB0BE010169892A88A13DBDB0A8681722248478622D245826A6C31DF7A0A929D6AF12790B5F3071F6D513BFCCC27586D3866DB41A8BA52F30BE603B30F7AAE32F7E1A47DDF362BD909558140A41B04"
"OODEFRAG11.00.00.01WORKSTATION"="9A03E731BB383D0DE230B806063528D8B9592EEE9B840CC713019B68245A44C03FB00ADCCCEE7CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A6A0AC4980AC7933A6A0AC4980AC7933B664FA134369AE6360EC0D33D9CBF3AF0B8BD6451EAA87D3B52EE52CCE12DF20DA1362C44B051DAE2936C44AE674AB91FDD3DEC915C22A08B77626A1DFDCAC4C568F639431E2C16CEBAD20EF6B57D5B5DEB6EB3AD26E5BB1F438F3F4435DCAAB3A43E375BB476ACCAFDD1F3EB42B6E484800BDF849F564173DA16975B10D70BCAE5CFBBC88FBD9A71015F6B4632CE498EC3E46CFC0A4011FF7A356D33765C821EB4CF6A608CF48F7BA651238EE961D9A0FC3AC6CD14A64D71CEFBE25B3EA701F41C657D0FE9460DDF3250E0E202EF0E788A94BDCECB93172B9015AE2D99FFA201146CF3D071E411A93ED3C63953A2BB9C4C93017D4CB82C26F1214EA320E6DB2D1074AD20CC7FC95059EA146C0850BF043449E729E5BE343F3238C7E98C041090C8AE1DBCE6E9C59C6D8F8ABE75D46121A7A0DACB74AD60F0F7716C23D49E477E096E787E4F319166C032EE9A29404457095A465DC785068201A38C123BDBB7980336266363D629D9C47E3BBE003E0D403FE459FA1CFB9341753AEE7A2341AABB12D876F7FB5DB671393EE42E3036BB2A16781C66C3CF07A79B6E986664C4A514F97C4FE524ADA0D9F995A7F41F129F031C0A025F82CC4E8E0950CD46F248BCE46C63AD0146BADCE2550E1DB6234114929C29AEB5414FBCE7A0B6DE911E08EAF1BD2BD097B8F8F8F1B72F82286AE9016166920AE636CCE2386F01A45732C7921611A56AC95B1B6560C7C43023ECD865819F113E6DA2F6BFE5BE7D04612B266F4453EC02845CCC7CC97329A8EEE7EC632656189F0C6DB709D63D48434BBA3E39F05A26E483D65DFC271180D40D3B49A6D447D4F0C0677F5DF195F5EB79535F3BDF0F0823F87FE8B2CE0795CF078673C75915261DCC98902CB1073B7DD179E0D0C7297D7A400A3CF9D41657D60C1105ED9BC2EF36C9B1D1489EC4223980C1E18EB01C6F77258E1A35380AB9933E22E22CF4AA56B28D3421C67683EE0BB947373E4AC73268615CA70AC246310EE6643212DD30EE3DD220D7E545021EA032363F09E9657D4240EF3182B41677001AAD767EE05832C440A1416E606666B8B81B557E776EEAEF0F1776A7784D501B6E074F3B49D664573E0F22E567E4E4355493960B294FB0DF73F72305AAB11BB450E29BC437157E665D1C98881C35C83C56BBB3916510484A64C0724C40DBC4DC38E08A780E9BFFA7D5C3D5AE7F059F5A72B1485C99D4F5651C0D976488C4697AB0D2891F903C8217FD2734C2EBA521627A19A5AAD7F6A7C2C1B16479B27"
"OOCC06.00.00.01WSSV"="F95C7C433F48B2A62581E6083D6BEE1A91BBE0BED211178148A56595149E8C808910DE3F95CF3B6B0FA6325057698E6929A997AA88F0B42922335071967F33217A8C999B8FA1CB657394FD085340B10460FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A6A0AC4980AC7933A6A0AC4980AC7933AF2B41A2199811B0B4B98CEDEB3AB3A9B5D340B255DC98E55914ED15CFE21ABE5D5B2260AEB655D5FC9F7BB50CF90BE8E809D413490D997DCF59021C9C5FF258EDB198BF2F983E45BC164A264B89EBB0A14DCF731D74F2913890E354FD9D0D1E2801CEE355310ED68BFA7CD60579BE5FE6302D00EBE1DA25AB90A9A070480659D30F13829CAA6B380322BA73D68F55A5C22F0CFB9555E70D46A88A75B2405EA4BC9457674860606BBF53CE3BA2C5628945BFB2B8BB089876261964DBC817FCEFB4C0B06F5C62DB42E3C7A6010FC87BE500490621C6E34CDE6F163873FC17A9FE0F36D88DA1F5AFE795AF562D06F99EE68927142F610646984A492A6A5AB8126A260AAFC7A41414597D2E1539B570A90FFC2B0B74FA4231CB62CF0387302D491D5546B5B83868A0E449D9BBB50F74E0B378184014C69E18F2E73BB02414D7C1D67DE9108E7153D5B12BBDCBC54A83EA001EA5AAC7BBD66BDA0C10C3ADDCCF572C84E50A8A28EA94375958E620E04FD3701781E6DA93D700A989C67024A7E1470551201184FA7625430C1ED391103E0AD70C4935ADCFC40E531A4C901ED48B321C50F2B5654A72AF7502F4FDF65B68E1DA2B93F7B43373B2A3FC03A04587029C01F42D302D3B10C4447C39F4C5871D92F32866B8F8C370EC3AF83F41D5292B7299B09059EC3633D57641386904205BB8EF3ABE22954DF72187514A3820E3A4FE9B7ED22FC969F3B82A9AB5B3CCF2DAD0729A8C843B5E7D9855D4DF6D0C2ABDF412D99D5301469FA8CFD468CE511105406F08B4D3AD4B28013C5233ED112EF7685F438F0C5E0137C32BC1FBD952D1F5CE31C68C28462BD1E7AB1E67EB3D690CD3B6BFB9C345936E8C57380F96A8CE0026569BE23DF0D709C3660E96B93117E5141E5824072B3AAE69BE11B46DBF652AD750D2F6732EF1906C04FECC53223825EA7219C6089BF61424A32A74E7163AAAD5633AFCCD90DADE1D6D500CD25A119B7DE393101E330FEDEB9A65C8B5BF31F1F62BA39B74423A1E786266487BB5A8D2D476DA6341A50BC1D20C28A02A6274A07895E6EF34FE7DAD817628EB31A74C06DF000995903937C85034DBDF3BBA738B7863DE8A7B97511F211081547C338B236EAEB9704DC7A66EBCA5ED5B031860BCFAA9696E5F6F2939236961CF8AF2BACFB5018EB35E3FADD357C2D061C25D30F16754699318FE3D7638123C262C9271E251"
"OODI03.00.00.01PRO"="4EB0CFBDF46C1E393D385F56CDB33CDBD2170A7CE35808E9D3F8EE804B9EBDA527B07E4C91EE7A3647650056F6244B85430B27DA3A31505DD8263FE5F28F615D8C6B5BB4FAFB5941E320A2DFEA8FD87626D9A255A4152B7A2A04B72DE744B4174136043A86396EE1A1E1F47F18CD7711EE445A6BC6B030A248B50ADFA8DE6C506D3D1C142CDDB050EF792CBD8E4CFEECF8DD330E6DC8B66B14356B7FD81A043B1C7BC87006B55B7CA38BFE12038D8CD6008E17230531DC9B554E177CBFFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A6A0AC4980AC7933A6A0AC4980AC7933136C61CA23D4DBD6DD2B7FF021CC7499C46D4780FB6838A2CA835028BEC89350787A037F4D49C7CCF942B515322D79EC91D3A892AF528A97D97AC5F3B3F5CBC052173741818F7175C2854BE9C8B367766D0B289FF38DEA5D8951D2D1D5E1F3E0987501A41FA87517072DBF0EA9B1EAD19A68E37090DC300CB29D535394DE31E15A8F99245998679AA82E48836F7CA144F0852CADA387275F42BC566EB2451E97B7A06B1C3AE7CA0E1E494CB004ED9E345B4207E89ED60F38B64B1CF946F0C57CE6A896CE1BA31CA371FD6AE02AE2E92CD93EAE15491B1D19A72E9DB1BBC0AA2C316BED61ACDC4932BF907141F53EFD5BFD628F083B2778A9B90C83B750184167727279DCF22732313D0C66E4D064C8157157CB7F634F3D38ABCF2E10976072141E0873AF459CAE412F3D82437640AFCFED0B389903EF7CB1CCA92F2278039B3BB7BDCD2A4F598922703431B4F73F8725C2AFDF5AB068B82C810C4C3B2DF18C88D8672A82927DFDBBEDC69478BB529CD5D3BBFE285598EADE41AD810B449F8CCDAE9D60D0602D4096AC8D7EB177EFACC4176A084FAEEAFEA49989FAA62282D27FFBBBFC1461127660BFE67966BA906CF79AB7207ECE47D47FAB5F1F067B988DB693E13EAC9259B8EB53F2C100E533819A7AE720C99B9CBF91A9338085DB605DB0E07418E0C132962FA517484EAB58887CEB7F95284F5E88A35B4A6C66A25D564D601C335994D21243887D318217078F8EB5C94376F683EBA120B1DFCB01968292234468A381F121666191D334044798E832D41E71F305199A65B68DBF801ADEA84E1E4AB0D44EAC7A2C843FDB23281C4653F1CE3E7DE23443B0EDDCAC79745CDD9C1C1AD6ADA6158576CDB15AF9BA058619B6B4E41CA055F21AAEE7E49BBC5F2159F7514F81422A3162A32070609431AA1D7F5F4E2EC188274E137C1B69874209E6AD99371666B24CA606B34504CFF4DB0A6915CC64D4CC7D8D7A9E69397151CCBA7C54118862E8478DB3C8E3E40917629ED65012C66618BAAA0883CAB79ACC4BDD6892BF48067AB8F3B2EF39D76352AF2F6CBD"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-06-13 07:34:06
ComboFix-quarantined-files.txt 2012-06-13 06:34
ComboFix2.txt 2012-06-11 00:44
.
Pre-Run: 76,197,564,416 bytes free
Post-Run: 76,138,348,544 bytes free
.
- - End Of File - - 6CAA4BD2FE7573689BB346E602DEC81A

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:23 PM

Posted 13 June 2012 - 01:44 AM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Link 1
Link 2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
Services.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 lambo75

lambo75
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 13 June 2012 - 01:58 AM

Both MES and Eset Smart Security 5 are popping up with Alert:Threat found.

I haven't pressed anything yet to clear.

Log file as requested

SystemLook 30.07.11 by jpshortstuff
Log created at 07:47 on 13/06/2012 by Karl
Administrator - Elevation successful

========== filefind ==========

Searching for "Services.exe "
C:\Windows\System32\services.exe --a---- 381952 bytes [19:54 18/07/2009] [07:10 11/04/2009] B8844F93D2C5F1DCDB179AAA9AF134B7
C:\Windows\SysWOW64\services.exe --a---- 279552 bytes [19:53 18/07/2009] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_294799ef88bb616c\services.exe --a---- 389632 bytes [09:10 02/11/2006] [11:16 02/11/2006] 0A87F57DFC2C0EB9BBA8BE1C87BAFE1A
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe --a---- 384512 bytes [18:31 07/04/2009] [08:00 19/01/2008] DFAC660F0F139276CC9299812DE42719
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe --a---- 384512 bytes [19:54 18/07/2009] [07:10 11/04/2009] 934E0B7D77FF78C18D9F8891221B6DE3
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe --a---- 279552 bytes [12:21 02/11/2006] [09:45 02/11/2006] 329CF3C97CE4C19375C8ABCABAE258B0
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --a---- 279040 bytes [18:30 07/04/2009] [07:33 19/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --a---- 279552 bytes [19:53 18/07/2009] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B

-= EOF =-

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:23 PM

Posted 13 June 2012 - 03:17 AM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

FCopy::
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe | C:\Windows\System32\services.exe

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 lambo75

lambo75
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 13 June 2012 - 02:06 PM

Hi Gringo,

Computer was really slow to boot today, and during the first attempt at running ComboFix with the additional script I encountered a BSOD to do with the kernel.
It's not an uncommon occurance, happening of average once every 3 months or so, so I'm not overly concerned about that.

On reboot - everything was back to normal. The usual pop ups from MES and Eset SS5.

Combofix took an absolute age to run in comparison to the previous times. It asked me if i wanted to update it, I pressed no as it wasn't in your instructions to press yes.

Log is as below.

Windows is informing me of a mass of updates, when would be a good time to install them? For now I have ignored.

ComboFix 12-06-12.03 - Karl 13/06/2012 19:35:36.4.4 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.4094.2171 [GMT 1:00]
Running from: c:\users\Karl\Desktop\ComboFix.exe
Command switches used :: c:\users\Karl\Desktop\CFscript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --> c:\windows\System32\services.exe
.
((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 )))))))))))))))))))))))))))))))
.
.
2012-06-13 18:56 . 2012-06-13 18:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-13 18:31 . 2012-06-13 18:31 50000 ----a-w- c:\windows\system32\drivers\akpwpnqw.sys
2012-06-13 18:15 . 2012-06-13 18:30 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{490B197B-722B-461E-B38E-E99ACA5D22B1}\offreg.dll
2012-06-13 07:05 . 2012-05-15 00:41 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{490B197B-722B-461E-B38E-E99ACA5D22B1}\mpengine.dll
2012-06-13 05:52 . 2012-06-13 05:53 -------- d-----w- C:\FRST
2012-06-10 22:34 . 2012-02-09 12:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9B672C1E-22C7-48B3-98E2-440C557A8091}\gapaengine.dll
2012-06-10 22:33 . 2012-05-15 00:41 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-10 22:23 . 2012-06-10 22:23 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-10 22:23 . 2012-06-10 22:24 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-10 22:23 . 2010-04-06 08:34 345984 ----a-w- c:\windows\system32\drivers\netio.sys
2012-06-10 21:33 . 2012-06-10 21:33 -------- d-----w- c:\programdata\McAfee Security Scan
2012-06-10 21:33 . 2012-06-10 21:33 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-06-10 21:30 . 2012-06-10 21:30 -------- d-----w- c:\users\Karl\AppData\Roaming\QuickScan
2012-06-09 06:03 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B59CF43F-9881-4F0A-8BCE-5A15ABC8C550}\mpengine.dll
2012-06-06 18:11 . 2012-06-06 18:11 -------- d-----w- c:\users\Karl\AppData\Roaming\EAC
2012-06-02 14:43 . 2012-06-02 14:43 -------- d-----w- c:\program files (x86)\NETGEAR
2012-06-02 14:43 . 2010-10-11 10:49 1724416 ----a-w- c:\windows\system32\drivers\athurx.sys
2012-06-02 14:43 . 2008-05-15 02:28 26624 ----a-w- c:\windows\system32\drivers\jswpslwfx.sys
2012-06-02 11:18 . 2012-06-02 11:18 -------- d-----w- c:\users\Public\D-Link
2012-06-02 11:18 . 2009-08-04 13:19 610816 ----a-w- c:\windows\system32\drivers\RTL8192su.sys
2012-06-02 11:18 . 2012-06-02 11:18 -------- d-----w- c:\windows\pcidevice
2012-06-02 11:18 . 2007-04-23 12:15 31016 ----a-w- c:\windows\system32\drivers\RtlProt.sys
2012-06-02 11:18 . 2012-06-02 11:18 -------- d-----w- c:\program files (x86)\D-Link
2012-05-29 21:45 . 2011-05-17 16:28 7238699 ----a-w- c:\windows\system32\Redemption64.dll
2012-05-29 21:45 . 2012-05-29 21:45 -------- d-----w- c:\program files\VirginMedia
2012-05-25 22:21 . 2012-05-25 22:21 -------- d-----w- c:\users\UpdatusUser
2012-05-25 22:20 . 2012-06-13 18:28 -------- d-----w- c:\programdata\NVIDIA
2012-05-25 22:20 . 2012-05-15 09:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-25 22:20 . 2012-05-15 09:29 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-25 22:20 . 2012-05-15 09:29 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-25 22:20 . 2012-05-15 09:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-25 22:20 . 2012-05-15 09:28 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-25 22:20 . 2012-05-15 10:48 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-25 22:20 . 2012-05-15 10:48 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-25 22:20 . 2012-05-25 22:20 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-05-16 20:25 . 2012-05-16 20:25 -------- d-----w- c:\program files\iPod
2012-05-16 20:25 . 2012-05-16 20:25 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-05-16 20:25 . 2012-05-16 20:25 -------- d-----w- c:\program files\iTunes
2012-05-16 20:25 . 2012-05-16 20:25 -------- d-----w- c:\program files (x86)\iTunes
2012-05-16 20:24 . 2012-05-16 20:24 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-05-16 20:23 . 2012-05-16 20:23 -------- d-----w- c:\program files\Bonjour
2012-05-16 20:23 . 2012-05-16 20:23 -------- d-----w- c:\program files (x86)\Bonjour
2012-05-15 01:21 . 2012-05-15 01:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-10 17:54 . 2012-04-03 17:57 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-10 17:54 . 2011-05-20 05:58 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 14:56 . 2011-02-24 22:41 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-04 05:54 . 2012-04-04 05:54 94608 ----a-w- c:\windows\SysWow64\atl71.dll
2012-04-04 05:53 . 2012-04-04 05:53 505232 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-04-04 05:53 . 2012-04-04 05:53 353680 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-04-04 05:53 . 2012-04-04 05:53 1053072 ----a-w- c:\windows\SysWow64\mfc71u.dll
2012-04-03 08:22 . 2012-05-09 21:36 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 13:59 . 2012-05-09 21:36 2766848 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 12:45 . 2012-05-09 21:36 1422720 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 14:22 . 2012-05-09 21:36 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-20 23:34 . 2012-05-09 21:36 72576 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-03-20 19:44 . 2012-03-20 19:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 19:44 . 2012-03-20 19:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2008-02-14 13:23 . 2008-02-14 13:23 231944 ----a-w- c:\program files (x86)\gwflash.exe
2007-09-21 18:42 . 2007-09-21 18:42 19008 ----a-w- c:\program files (x86)\markfun.a64
2007-08-21 18:49 . 2007-08-21 18:49 125504 ----a-w- c:\program files (x86)\MarkFunDrv.dll
2007-08-21 18:49 . 2007-08-21 18:49 17912 ----a-w- c:\program files (x86)\markfun.w32
2007-04-04 17:35 . 2007-04-04 17:35 207680 ----a-w- c:\program files (x86)\updateutility.exe
2007-03-02 03:48 . 2007-03-02 03:48 240448 ----a-w- c:\program files (x86)\gwf32.exe
2006-11-23 22:47 . 2006-11-23 22:47 207680 ----a-w- c:\program files (x86)\BIOS_Run.exe
2006-11-23 22:40 . 2006-11-23 22:40 60224 ----a-w- c:\program files (x86)\HUADRV.DLL
2005-04-27 18:40 . 2005-04-27 18:40 6800 ----a-w- c:\program files (x86)\W95_HUA.vxd
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-11_00.33.33 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-22 15:37 . 2012-06-10 21:47 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-12-22 15:37 . 2012-06-13 18:19 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-11 00:32 . 2012-06-11 00:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-13 18:14 . 2012-06-13 18:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-13 18:14 . 2012-06-13 18:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-11 00:32 . 2012-06-11 00:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-07 17:24 . 2012-06-13 18:19 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-04-07 17:24 . 2012-06-10 21:33 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2007-12-22 15:37 . 2012-06-13 18:19 851968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-22 15:37 . 2012-06-10 21:47 851968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-22 15:37 . 2012-06-13 18:19 278528 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-12-22 15:37 . 2012-06-10 21:47 278528 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 12:46 . 2012-06-12 19:41 655756 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-06-10 22:24 655756 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-06-10 22:24 128078 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2012-06-12 19:41 128078 c:\windows\system32\perfc009.dat
+ 2010-11-16 22:14 . 2012-06-13 07:22 463756 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-System.dat
- 2010-11-16 22:14 . 2012-06-10 22:27 463756 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-System.dat
- 2010-04-26 21:29 . 2012-06-11 00:30 447532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-04-26 21:29 . 2012-06-13 07:22 447532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-12 21:25 . 2012-06-12 21:25 285478 c:\windows\Installer\{DE507F73-E58C-4291-BA6B-F2E7FD386E7E}\SystemFolder_msiexec_1.exe
+ 2012-06-12 21:25 . 2012-06-12 21:25 285478 c:\windows\Installer\{DE507F73-E58C-4291-BA6B-F2E7FD386E7E}\ext.exe
- 2010-11-16 22:14 . 2012-06-10 22:27 4727492 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-S-1-5-21-230724459-1324891786-1537925696-1000-12288.dat
+ 2010-11-16 22:14 . 2012-06-13 07:22 4727492 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-S-1-5-21-230724459-1324891786-1537925696-1000-12288.dat
- 2009-02-25 23:30 . 2012-06-11 00:30 5769960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-02-25 23:30 . 2012-06-13 07:22 5769960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-06-12 21:25 . 2012-06-12 21:25 1734144 c:\windows\Installer\1ae55f.msi
+ 2006-11-02 12:33 . 2012-06-13 18:39 11272192 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2006-11-02 12:33 . 2012-06-10 22:27 11272192 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-06-11 01:17 . 2012-06-13 07:22 51930676 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-230724459-1324891786-1537925696-1000-12288.dat
- 2010-06-11 01:17 . 2012-06-11 00:30 51930676 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-230724459-1324891786-1537925696-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8dec7eb8-ed3b-4d9d-a020-edbf535d23b3}"= "c:\program files (x86)\Farkie_Freecorder\prxtbFark.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{8dec7eb8-ed3b-4d9d-a020-edbf535d23b3}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8dec7eb8-ed3b-4d9d-a020-edbf535d23b3}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Farkie_Freecorder\prxtbFark.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8dec7eb8-ed3b-4d9d-a020-edbf535d23b3}"= "c:\program files (x86)\Farkie_Freecorder\prxtbFark.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{8dec7eb8-ed3b-4d9d-a020-edbf535d23b3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 138240]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Play Wireless USB Adapter Utility.lnk - c:\program files (x86)\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoThumbnail"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"= "c:\windows\SysWow64\ezUPBHook.dll" [2011-02-05 52920]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 257224]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-09-16 14:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
2008-02-25 10:55 7680 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 17:54]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd0bdfeec98dda.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24 22:23]
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24 22:23]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-230724459-1324891786-1537925696-1000Core.job
- c:\users\Karl\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-07 20:54]
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-230724459-1324891786-1537925696-1000UA.job
- c:\users\Karl\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-07 20:54]
.
2012-03-13 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2006-11-02 09:45]
.
2012-03-16 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~2\SmartDraw VP\Messages\SDNotify.exe [2011-07-11 17:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SKIcoBackuped]
@="{7E5951A0-8683-432A-9483-5F43168D6A8C}"
[HKEY_CLASSES_ROOT\CLSID\{7E5951A0-8683-432A-9483-5F43168D6A8C}]
2011-09-28 09:31 4304048 ----a-w- c:\program files\VirginMedia\V Stuff Backup\AGSIconOverlay64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SKIcoSelected]
@="{15054241-49B4-4FA6-B4C7-A0071F118110}"
[HKEY_CLASSES_ROOT\CLSID\{15054241-49B4-4FA6-B4C7-A0071F118110}]
2011-09-28 09:31 4304048 ----a-w- c:\program files\VirginMedia\V Stuff Backup\AGSIconOverlay64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-30 10806816]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2009-10-02 134656]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://igoogle.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Add animation to IncrediMail Style Box - c:\program files (x86)\IncrediMail\bin\resources\WebMenuImg.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\ha4yi3y3.default\
FF - prefs.js: browser.startup.homepage - hxxp://igoogle.co.uk|http://www.thisisswindontownfc.co.uk
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8DEC7EB8-ED3B-4D9D-A020-EDBF535D23B3} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\X6va006]
"ImagePath"="\??\c:\users\Karl\AppData\Local\Temp\0066F09.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="77180D6AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CC038D530D6EB34525D575E7D6A3B98081C3A9696EB5D2DB740A0FDE10888C35DD85B60B0D82B42BC8751A4E35C5E26FDE78BA030ED35C65435C36B0A6FBA711F803C4D6A0B2F1D4D7C6E37DD061EB095C98ACC6215C24D836ABD841BD43FBB4AABD5484FC21D5472B5263BBDCBA48A4C9CCB7BB56FFEF7C08AB27E11E6AC82E074F881EE6CC98FD460157B467F22C510BA592C434D155EDEC2B837FA984B883879694D6E3BB9DA6D2B4DE3D1B379D89E073207B84366818046DAABFC9E99F5FADD5E2104A7A9A60ECA5285CE42C29B0C65C7D45A2D87439FC71900CD73C7D5A547851BFD6D0747D6F51D953E4649CCC0BD7F827CA5C0E987836479B7D6BD180A617CFABB897375C0E81BEBB39F0C0CF67DB3248A8E8E1FDB36A5841B48130F4F5A5A24B1BF46CD94E32E07D9733FE04194336E820D22728EA1382FEA1096F26EE4A41E68190BD0F029AA066DA9CAB30178BFBBF50A5F556B0B69AD2FB7C7DEB5385895FADD7EE14A015A30C06DC7D16E218F090DB45E1E0C3C7DD4828CDDD3450EE5D91B2014C966B6F8EB37B00AEC960C4CF8007A6B08E103AA2093A14332142631DE8D31F2B5611B3847CCA5909958B813511E1309B133319C30A7CD93446DC190BCA8A77435A780BCF30CC5165266ACF6FC49F76A9C971C72C5932921B26BA8D2AFD860273DFC3F20C497CD84F3C9F07E87786478AF7D9D3EC94414F08F83A4B517A07ACE257932EE35A4BBFCBFDF91A2A4B45B4FB52313884438AE3CCBF985EEF71357E02B073BAA5FFCD450DB551F52A99EA13FDB1FDE4B6782E07241E79D25F7572008EE63BA4707FBA18850AE2E6E11653F4DB4D8657584CA53342ABB42F4E5AA3EA374A21B2F0F946E600C45D7CDF7518132B70F91EA11CD75D5A537CEEEAEDD6245232BC6BF81CB4AC760C3B73B21BCFBD93FD051802BD879623770A216E853FD3349382D4809BA8AE081A9EF72F11400E4088394058FCE5416C651A0E2C986C96896D6C28EF98F46040ACB25A7735C2AA837DF51342129C0641F962EC1AF8041149F6C7FCBC689DA3DF5517E7FD4A9D4AC507383C2E7F0BCEFEF52B6911A63A1975CADDDAD8980E7CAA8362A95E72724ADBF1EA5570E480B95CC6BA9A8ABE26F0B2A265D537F5BD0A2E549D7F6A213FA1D53143C0D625F3160AC9A774C2DC771B648B3825408983FE8572F3C251EBE829E3CDE4B71D8FEF913EA6E183A0A6EB21CDA0B5537A8C99DFB0BE010169892A88A13DBDB0A8681722248478622D245826A6C31DF7A0A929D6AF12790B5F3071F6D513BFCCC27586D3866DB41A8BA52F30BE603B30F7AAE32F7E1A47DDF362BD909558140A41B04"
"OODEFRAG11.00.00.01WORKSTATION"="9A03E731BB383D0DE230B806063528D8B9592EEE9B840CC713019B68245A44C03FB00ADCCCEE7CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A6A0AC4980AC7933A6A0AC4980AC7933B664FA134369AE6360EC0D33D9CBF3AF0B8BD6451EAA87D3B52EE52CCE12DF20DA1362C44B051DAE2936C44AE674AB91FDD3DEC915C22A08B77626A1DFDCAC4C568F639431E2C16CEBAD20EF6B57D5B5DEB6EB3AD26E5BB1F438F3F4435DCAAB3A43E375BB476ACCAFDD1F3EB42B6E484800BDF849F564173DA16975B10D70BCAE5CFBBC88FBD9A71015F6B4632CE498EC3E46CFC0A4011FF7A356D33765C821EB4CF6A608CF48F7BA651238EE961D9A0FC3AC6CD14A64D71CEFBE25B3EA701F41C657D0FE9460DDF3250E0E202EF0E788A94BDCECB93172B9015AE2D99FFA201146CF3D071E411A93ED3C63953A2BB9C4C93017D4CB82C26F1214EA320E6DB2D1074AD20CC7FC95059EA146C0850BF043449E729E5BE343F3238C7E98C041090C8AE1DBCE6E9C59C6D8F8ABE75D46121A7A0DACB74AD60F0F7716C23D49E477E096E787E4F319166C032EE9A29404457095A465DC785068201A38C123BDBB7980336266363D629D9C47E3BBE003E0D403FE459FA1CFB9341753AEE7A2341AABB12D876F7FB5DB671393EE42E3036BB2A16781C66C3CF07A79B6E986664C4A514F97C4FE524ADA0D9F995A7F41F129F031C0A025F82CC4E8E0950CD46F248BCE46C63AD0146BADCE2550E1DB6234114929C29AEB5414FBCE7A0B6DE911E08EAF1BD2BD097B8F8F8F1B72F82286AE9016166920AE636CCE2386F01A45732C7921611A56AC95B1B6560C7C43023ECD865819F113E6DA2F6BFE5BE7D04612B266F4453EC02845CCC7CC97329A8EEE7EC632656189F0C6DB709D63D48434BBA3E39F05A26E483D65DFC271180D40D3B49A6D447D4F0C0677F5DF195F5EB79535F3BDF0F0823F87FE8B2CE0795CF078673C75915261DCC98902CB1073B7DD179E0D0C7297D7A400A3CF9D41657D60C1105ED9BC2EF36C9B1D1489EC4223980C1E18EB01C6F77258E1A35380AB9933E22E22CF4AA56B28D3421C67683EE0BB947373E4AC73268615CA70AC246310EE6643212DD30EE3DD220D7E545021EA032363F09E9657D4240EF3182B41677001AAD767EE05832C440A1416E606666B8B81B557E776EEAEF0F1776A7784D501B6E074F3B49D664573E0F22E567E4E4355493960B294FB0DF73F72305AAB11BB450E29BC437157E665D1C98881C35C83C56BBB3916510484A64C0724C40DBC4DC38E08A780E9BFFA7D5C3D5AE7F059F5A72B1485C99D4F5651C0D976488C4697AB0D2891F903C8217FD2734C2EBA521627A19A5AAD7F6A7C2C1B16479B27"
"OOCC06.00.00.01WSSV"="F95C7C433F48B2A62581E6083D6BEE1A91BBE0BED211178148A56595149E8C808910DE3F95CF3B6B0FA6325057698E6929A997AA88F0B42922335071967F33217A8C999B8FA1CB657394FD085340B10460FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A6A0AC4980AC7933A6A0AC4980AC7933AF2B41A2199811B0B4B98CEDEB3AB3A9B5D340B255DC98E55914ED15CFE21ABE5D5B2260AEB655D5FC9F7BB50CF90BE8E809D413490D997DCF59021C9C5FF258EDB198BF2F983E45BC164A264B89EBB0A14DCF731D74F2913890E354FD9D0D1E2801CEE355310ED68BFA7CD60579BE5FE6302D00EBE1DA25AB90A9A070480659D30F13829CAA6B380322BA73D68F55A5C22F0CFB9555E70D46A88A75B2405EA4BC9457674860606BBF53CE3BA2C5628945BFB2B8BB089876261964DBC817FCEFB4C0B06F5C62DB42E3C7A6010FC87BE500490621C6E34CDE6F163873FC17A9FE0F36D88DA1F5AFE795AF562D06F99EE68927142F610646984A492A6A5AB8126A260AAFC7A41414597D2E1539B570A90FFC2B0B74FA4231CB62CF0387302D491D5546B5B83868A0E449D9BBB50F74E0B378184014C69E18F2E73BB02414D7C1D67DE9108E7153D5B12BBDCBC54A83EA001EA5AAC7BBD66BDA0C10C3ADDCCF572C84E50A8A28EA94375958E620E04FD3701781E6DA93D700A989C67024A7E1470551201184FA7625430C1ED391103E0AD70C4935ADCFC40E531A4C901ED48B321C50F2B5654A72AF7502F4FDF65B68E1DA2B93F7B43373B2A3FC03A04587029C01F42D302D3B10C4447C39F4C5871D92F32866B8F8C370EC3AF83F41D5292B7299B09059EC3633D57641386904205BB8EF3ABE22954DF72187514A3820E3A4FE9B7ED22FC969F3B82A9AB5B3CCF2DAD0729A8C843B5E7D9855D4DF6D0C2ABDF412D99D5301469FA8CFD468CE511105406F08B4D3AD4B28013C5233ED112EF7685F438F0C5E0137C32BC1FBD952D1F5CE31C68C28462BD1E7AB1E67EB3D690CD3B6BFB9C345936E8C57380F96A8CE0026569BE23DF0D709C3660E96B93117E5141E5824072B3AAE69BE11B46DBF652AD750D2F6732EF1906C04FECC53223825EA7219C6089BF61424A32A74E7163AAAD5633AFCCD90DADE1D6D500CD25A119B7DE393101E330FEDEB9A65C8B5BF31F1F62BA39B74423A1E786266487BB5A8D2D476DA6341A50BC1D20C28A02A6274A07895E6EF34FE7DAD817628EB31A74C06DF000995903937C85034DBDF3BBA738B7863DE8A7B97511F211081547C338B236EAEB9704DC7A66EBCA5ED5B031860BCFAA9696E5F6F2939236961CF8AF2BACFB5018EB35E3FADD357C2D061C25D30F16754699318FE3D7638123C262C9271E251"
"OODI03.00.00.01PRO"="4EB0CFBDF46C1E393D385F56CDB33CDBD2170A7CE35808E9D3F8EE804B9EBDA527B07E4C91EE7A3647650056F6244B85430B27DA3A31505DD8263FE5F28F615D8C6B5BB4FAFB5941E320A2DFEA8FD87626D9A255A4152B7A2A04B72DE744B4174136043A86396EE1A1E1F47F18CD7711EE445A6BC6B030A248B50ADFA8DE6C506D3D1C142CDDB050EF792CBD8E4CFEECF8DD330E6DC8B66B14356B7FD81A043B1C7BC87006B55B7CA38BFE12038D8CD6008E17230531DC9B554E177CBFFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A6A0AC4980AC7933A6A0AC4980AC7933136C61CA23D4DBD6DD2B7FF021CC7499C46D4780FB6838A2CA835028BEC89350787A037F4D49C7CCF942B515322D79EC91D3A892AF528A97D97AC5F3B3F5CBC052173741818F7175C2854BE9C8B367766D0B289FF38DEA5D8951D2D1D5E1F3E0987501A41FA87517072DBF0EA9B1EAD19A68E37090DC300CB29D535394DE31E15A8F99245998679AA82E48836F7CA144F0852CADA387275F42BC566EB2451E97B7A06B1C3AE7CA0E1E494CB004ED9E345B4207E89ED60F38B64B1CF946F0C57CE6A896CE1BA31CA371FD6AE02AE2E92CD93EAE15491B1D19A72E9DB1BBC0AA2C316BED61ACDC4932BF907141F53EFD5BFD628F083B2778A9B90C83B750184167727279DCF22732313D0C66E4D064C8157157CB7F634F3D38ABCF2E10976072141E0873AF459CAE412F3D82437640AFCFED0B389903EF7CB1CCA92F2278039B3BB7BDCD2A4F598922703431B4F73F8725C2AFDF5AB068B82C810C4C3B2DF18C88D8672A82927DFDBBEDC69478BB529CD5D3BBFE285598EADE41AD810B449F8CCDAE9D60D0602D4096AC8D7EB177EFACC4176A084FAEEAFEA49989FAA62282D27FFBBBFC1461127660BFE67966BA906CF79AB7207ECE47D47FAB5F1F067B988DB693E13EAC9259B8EB53F2C100E533819A7AE720C99B9CBF91A9338085DB605DB0E07418E0C132962FA517484EAB58887CEB7F95284F5E88A35B4A6C66A25D564D601C335994D21243887D318217078F8EB5C94376F683EBA120B1DFCB01968292234468A381F121666191D334044798E832D41E71F305199A65B68DBF801ADEA84E1E4AB0D44EAC7A2C843FDB23281C4653F1CE3E7DE23443B0EDDCAC79745CDD9C1C1AD6ADA6158576CDB15AF9BA058619B6B4E41CA055F21AAEE7E49BBC5F2159F7514F81422A3162A32070609431AA1D7F5F4E2EC188274E137C1B69874209E6AD99371666B24CA606B34504CFF4DB0A6915CC64D4CC7D8D7A9E69397151CCBA7C54118862E8478DB3C8E3E40917629ED65012C66618BAAA0883CAB79ACC4BDD6892BF48067AB8F3B2EF39D76352AF2F6CBD"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-06-13 20:00:21
ComboFix-quarantined-files.txt 2012-06-13 19:00
ComboFix2.txt 2012-06-13 06:34
ComboFix3.txt 2012-06-11 00:44
.
Pre-Run: 76,099,403,776 bytes free
Post-Run: 75,990,130,688 bytes free
.
- - End Of File - - 111D62FA7F7FAC87165812C26E2B1C15

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:23 PM

Posted 13 June 2012 - 02:17 PM

That looks good


let the updates run and then let me know how things are


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 lambo75

lambo75
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 13 June 2012 - 02:29 PM

i dont appear to be able to get back to desktop.
restarted after combofix and before trying to update windows

the green bar goes through the usual scrolling. then the screen goes black and rather than then loading the logo screen into desktop i am presented with a black screen with a mouse cursor (which responds). have tried safe mode with networking, same thing. now up to 3 reboots all with same outcome.

any ideas?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:23 PM

Posted 13 June 2012 - 02:33 PM

using the instructions in post 2 I want you to go back into the System Recovery Options menu and first try startup repair and if that does not work then try system restore



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 lambo75

lambo75
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 13 June 2012 - 02:48 PM

houston we have a problem. start up repair does not find anything. and there are no system restore points to restore to.

#14 lambo75

lambo75
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 13 June 2012 - 02:50 PM

ah....took out the flash drive. it found a problem....just seeing it will now boot

#15 lambo75

lambo75
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 13 June 2012 - 02:52 PM

nope. back to black screen with cursor




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users