Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirect, Audio Commercial, Multiple IE Running


  • This topic is locked This topic is locked
9 replies to this topic

#1 TQN

TQN

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 26 June 2012 - 01:09 AM

My Windows 7 x64 recently got infected with a malware. I've tried Malwarebyte, MS Security Essential, Spybot S&D to look and erradicate the malware without any success in normal and safe mode. I've also tried TDSSKiller but it did not work. The malware is draining my computer resource untill BSOD appears. I desparately need help. Thanks

I do have Symantec, and MS Security Essential running in the background

Edited by TQN, 26 June 2012 - 01:10 AM.


BC AdBot (Login to Remove)

 


#2 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:10:07 PM

Posted 26 June 2012 - 03:28 AM

Hi TQN,

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.
Regards,
M-K-D-B

#3 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:10:07 PM

Posted 26 June 2012 - 05:53 AM

Hi TQN,


:welcome: to BleepingComputer.

My name is M-K-D-B and I'll help you with the cleanup of your computer.

Please be aware of the following:
  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 3 days, I am assuming that you don't need help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all malware. Formatting is usually faster and always the safest way.
  • If you decide to clean your PC, work with us until a team member tells you that you are clean.
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.





Step 1
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Symantec or MS Security Essential.





Step 2
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]




What you should post with your next answer:
  • the logfile from FRST.

Regards,
M-K-D-B

#4 TQN

TQN
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 26 June 2012 - 08:42 PM

I've removed Symantec from the system and only running MS Security Essential as my primary anti-virus protection. Below is the requested log:

Scan result of Farbar Recovery Scan Tool Version: 25-06-2012
Ran by SYSTEM at 26-06-2012 18:30:35
Running from K:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

ATTENTION!:=====> THE OPERATING SYSTEM IS A X86 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X64 SYSTEM DISK.
========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [CTHelper] CTHELPER.EXE [x]
HKLM\...\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [1793808 2009-08-14] (COMODO)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [31072 2008-10-25] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [292128 2009-07-13] (Apple Inc.)
HKLM\...\Run: [OODefragTray] C:\Windows\system32\oodtray.exe [2524416 2008-09-04] (O&O Software GmbH)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [413696 2009-05-26] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [148888 2009-06-21] (Sun Microsystems, Inc.)
HKLM\...\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [81000 2009-11-24] (ALWIL Software)
HKLM\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2780432 2009-05-08] ()
HKLM\...\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5048488 2009-09-12] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [357384 2009-09-12] (Acronis)
HKU\Evista\...\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" [323392 2009-11-06] (BitTorrent, Inc.)
HKU\Evista\...\Run: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray [1300480 2009-04-26] (KSE - Korndörfer Software Engineering)
HKU\Evista\...\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode [5451536 2009-06-02] (Logitech Inc.)
HKU\XBMC\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [413696 2009-05-26] (Apple Inc.)
HKLM-x32\...\Winlogon: [Userinit] [x]
HKLM-x32\...\Winlogon: [Shell] [x ] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: C:\Windows\system32\guard32.dll

==================== Services (Whitelisted) ======

2 AcronisOSSReinstallSvc; "C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe" [2217416 2007-02-22] ()
2 AcrSch2Svc; "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" [660520 2009-09-12] (Acronis)
2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2326920 2009-12-28] (Acronis)
2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [144712 2009-07-09] (Apple Inc.)
2 aswUpdSv; "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" [18752 2009-11-24] (ALWIL Software)
2 avast! Antivirus; "C:\Program Files\Alwil Software\Avast4\ashServ.exe" [138680 2009-11-24] (ALWIL Software)
3 avast! Mail Scanner; "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service [254040 2009-11-24] (ALWIL Software)
3 avast! Web Scanner; "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service [352920 2009-11-24] (ALWIL Software)
2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [707152 2009-08-14] (COMODO)
3 Code Composer Studio Platinum Edition v3.3; "C:\Program Files\Common Files\Texas Instruments Shared\Service\ccstudio33FET.exe" [72704 2009-09-03] (Texas Instruments)
2 Crypkey License; crypserv.exe [69632 2006-02-28] (CrypKey (Canada) Ltd.)
3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [867080 2009-09-19] (Acresso Software Inc.)
3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [42856 2009-06-10] (Microsoft Corporation)
4 Genesys; C:\Program Files\GENESYS2007.03\License\lmgrd.exe [295936 2004-02-13] (Globetrotter Software Inc)
2 gusvc; "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [183280 2009-03-24] (Google)
3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" [73728 2004-10-22] (Macrovision Corporation)
3 idsvc; "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [878416 2009-06-10] (Microsoft Corporation)
2 LVPrcSrv; "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe" [154136 2009-04-30] (Logitech Inc.)
2 Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-06-08] (Nero AG)
4 NetTcpPortSharing; "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [128848 2009-06-10] (Microsoft Corporation)
2 nHancer; "C:\Program Files\nHancer\nHancerService.exe" [39936 2009-04-26] (KSE - Korndörfer Software Engineering)
3 NMIndexingService; "C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe" [537896 2008-06-24] (Nero AG)
2 O&O Defrag; C:\Windows\system32\oodag.exe [1295616 2008-09-04] (O&O Software GmbH)
3 odserv; "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [441712 2008-11-04] (Microsoft Corporation)
2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.)
2 Stereo Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [239648 2009-07-14] (NVIDIA Corporation)
3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]

========================== Drivers (Whitelisted) =============

3 afcdp; C:\Windows\System32\Drivers\afcdp.sys [159168 2009-12-28] (Acronis)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [20560 2009-11-24] (ALWIL Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [53328 2009-11-24] (ALWIL Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [23120 2009-11-24] (ALWIL Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [114768 2009-11-24] (ALWIL Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [48560 2009-11-24] (ALWIL Software)
3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbdx.sys [430080 2009-07-13] (Broadcom Corporation)
3 b57nd60x; C:\Windows\System32\Drivers\b57nd60x.sys [229888 2009-07-13] (Broadcom Corporation)
1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [128888 2009-08-14] (COMODO)
1 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [29520 2009-08-14] (COMODO)
3 COMMONFX; C:\Windows\System32\Drivers\COMMONFX.sys [99352 2008-06-27] (Creative Technology Ltd)
3 COMMONFX.SYS; C:\Windows\System32\drivers\COMMONFX.SYS [99352 2008-06-27] (Creative Technology Ltd)
3 CTAUDFX; C:\Windows\System32\Drivers\CTAUDFX.sys [555032 2008-06-27] (Creative Technology Ltd)
3 CTAUDFX.SYS; C:\Windows\System32\drivers\CTAUDFX.SYS [555032 2008-06-27] (Creative Technology Ltd)
3 ctdvda2k; C:\Windows\System32\Drivers\ctdvda2k.sys [347080 2008-07-07] (Creative Technology Ltd)
3 CTERFXFX; C:\Windows\System32\Drivers\CTERFXFX.sys [100888 2008-06-27] (Creative Technology Ltd)
3 CTERFXFX.SYS; C:\Windows\System32\drivers\CTERFXFX.SYS [100888 2008-06-27] (Creative Technology Ltd)
3 ctgame; C:\Windows\System32\Drivers\ctgame.sys [18840 2008-07-07] (Creative Technology Ltd.)
3 CTSBLFX; C:\Windows\System32\Drivers\CTSBLFX.sys [566296 2008-06-27] (Creative Technology Ltd)
3 CTSBLFX.SYS; C:\Windows\System32\drivers\CTSBLFX.SYS [566296 2008-06-27] (Creative Technology Ltd)
2 DgiVecp; C:\Windows\System32\Drivers\DgiVecp.sys [41984 2007-01-16] (Samsung Electronics Co., Ltd.)
3 ebdrv; C:\Windows\system32\DRIVERS\evbdx.sys [3100160 2009-07-13] (Broadcom Corporation)
3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-13] (VIA Technologies, Inc. )
0 giveio; C:\Windows\System32\Drivers\giveio.sys [5248 1996-04-03] ()
3 ha10kx2k; C:\Windows\System32\Drivers\ha10kx2k.sys [797720 2008-07-07] (Creative Technology Ltd)
3 hap16v2k; C:\Windows\System32\Drivers\hap16v2k.sys [162840 2008-07-07] (Creative Technology Ltd)
3 hap17v2k; C:\Windows\System32\Drivers\hap17v2k.sys [189464 2008-07-07] (Creative Technology Ltd)
1 inspect; C:\Windows\System32\Drivers\inspect.sys [74328 2009-08-14] (COMODO)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHDA.sys [2158432 2008-07-24] (Realtek Semiconductor Corp.)
3 lvpopflt; C:\Windows\System32\Drivers\lvpopflt.sys [114712 2008-12-16] (Logitech Inc.)
3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25624 2009-04-30] ()
3 LVRS; C:\Windows\System32\Drivers\LVRS.sys [768024 2008-12-16] (Logitech Inc.)
3 LVUSBSta; C:\Windows\System32\Drivers\LVUSBSta.sys [41752 2008-12-16] (Logitech Inc.)
3 LVUVC; C:\Windows\System32\Drivers\LVUVC.sys [6364440 2008-12-16] (Logitech Inc.)
1 NetworkX; C:\Windows\system32\ckldrv.sys [31846 2006-01-09] ()
2 NPF; C:\Windows\System32\Drivers\NPF.sys [50704 2009-10-20] (CACE Technologies, Inc.)
3 pfc; C:\Windows\System32\Drivers\pfc.sys [10368 2008-10-05] (Padus, Inc.)
3 portio32; C:\Windows\System32\Drivers\portio32.sys [2048 2004-07-14] ()
0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [43872 2008-11-20] (Sonic Solutions)
0 snapman; C:\Windows\System32\Drivers\snapman.sys [157248 2009-12-28] (Acronis)
0 speedfan; C:\Windows\System32\speedfan.sys [5248 2006-09-24] (Windows ® 2000 DDK provider)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2008-09-30] (Duplex Secure Ltd.)
0 symsnap; C:\Windows\System32\Drivers\symsnap.sys [136416 2007-12-20] (StorageCraft)
0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [902432 2009-12-28] (Acronis)
0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [570016 2009-12-28] (Acronis)
3 USBAAPL; C:\Windows\System32\Drivers\USBAAPL.sys [39424 2009-07-09] (Apple, Inc.)
3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [166912 2007-03-27] (Jungo)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [311296 2009-07-13] (Marvell)
3 XDS560; C:\Windows\System32\DRIVERS\xds560.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============



============ 3 Months Modified Files and Folders =============



========================= Known DLLs (Whitelisted) ============

C:\Windows\SysWOW64\clbcatq.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\ole32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\advapi32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\COMDLG32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\gdi32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\IERTUTIL.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\IMAGEHLP.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\IMM32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\kernel32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\LPK.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\MSCTF.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\MSVCRT.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\NORMALIZ.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\NSI.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\OLEAUT32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\PSAPI.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\rpcrt4.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\sechost.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\Setupapi.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\SHELL32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\SHLWAPI.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\URLMON.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\user32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\USP10.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\WININET.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\WLDAP32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\WS2_32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\DifxApi.dll IS MISSING <==== ATTENTION!

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe
[2009-07-13 15:37] - [2009-07-13 17:14] - 0285696 ____A (Microsoft Corporation) 8EC6A4AB12B8F3759E21F8E3A388F2CF

C:\Windows\System32\wininit.exe
[2009-07-13 15:36] - [2009-07-13 17:14] - 0096256 ____A (Microsoft Corporation) B5C5DCAD3899512020D135600129D665

C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe
[2009-07-13 15:41] - [2009-07-13 17:14] - 2613248 ____A (Microsoft Corporation) 15BC38A7492BEFE831966ADB477CF76F

C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe
[2009-07-13 15:19] - [2009-07-13 17:14] - 0020992 ____A (Microsoft Corporation) 54A47F6B5E09A77E61649109C6A08866

C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\User32.dll
[2009-07-13 15:24] - [2009-07-13 17:16] - 0811520 ____A (Microsoft Corporation) 34B7E222E81FAFA885F0C5F2CFA56861

C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe
[2009-07-13 15:34] - [2009-07-13 17:14] - 0026112 ____A (Microsoft Corporation) 6DE80F60D7DE9CE6B8C2DDFDF79EF175

C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys
[2009-07-13 15:11] - [2009-07-13 17:19] - 0245328 ____A (Microsoft Corporation) 58DF9D2481A56EDDE167E51B334D44FD


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 6135.18 MB
Available physical RAM: 5424.6 MB
Total Pagefile: 6133.33 MB
Available Pagefile: 5412.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:142.87 GB) (Free:32.13 GB) NTFS
2 Drive d: (New Volume) (Fixed) (Total:1863.01 GB) (Free:1776.8 GB) NTFS
3 Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (Flight Sim) (Fixed) (Total:151.25 GB) (Free:39.3 GB) NTFS
5 Drive g: () (Fixed) (Total:90.02 GB) (Free:33.62 GB) NTFS
6 Drive h: () (Fixed) (Total:314.41 GB) (Free:46.74 GB) NTFS
7 Drive i: (GRMCPRXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
9 Drive k: (KINGSTON) (Removable) (Total:14.53 GB) (Free:14.53 GB) FAT32
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 1863 GB 0 B
Disk 2 Online 465 GB 1024 KB
Disk 3 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 142 GB 31 KB
Partition 2 Primary 90 GB 142 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 142 GB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 G NTFS Partition 90 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D New Volume NTFS Partition 1863 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 314 GB 101 MB
Partition 0 Extended 151 GB 314 GB
Partition 3 Logical 151 GB 314 GB

======================================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 E System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 2
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 H NTFS Partition 314 GB Healthy

======================================================================================================

Disk: 2
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 F Flight Sim NTFS Partition 151 GB Healthy

======================================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 4032 KB

======================================================================================================

Disk: 3
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K KINGSTON FAT32 Removable 14 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2009-12-22 17:39

======================= End Of Log ==========================

#5 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:10:07 PM

Posted 27 June 2012 - 01:04 PM

Hi TQN,



unfortunately, you have at least two drives with Windows 7 (64 bit). FRST gave us a logfile of a clean drive.
Do you have a multiboot running machine? If so, can you please tell us how many operating systems and how many hard drives are installed on your computer?

To get the correct logfile of the infected drive, you either have to remove the clean hard drive (Avast Antivirus is installed there) first or at least choose the correct operating system as FRST can normally detect multiboot systems. Are you presented by such an option from FRST?

Following the above information, I would like you to post a new FRST logfile:




Step 1
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]




What you should post with your next answer:
  • an answer to my questions,
  • the new logfile from FRST.

Regards,
M-K-D-B

#6 TQN

TQN
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 28 June 2012 - 08:06 PM

I've removed the clean Windows 7 partition from the HD and ran FRST on the suspected partition. Please see below

Scan result of Farbar Recovery Scan Tool Version: 25-06-2012
Ran by SYSTEM at 28-06-2012 17:50:15
Running from K:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9996320 2010-01-19] (Realtek Semiconductor)
HKLM\...\Run: [OODefragTray] C:\Windows\system32\oodtray.exe [3828992 2008-09-04] (O&O Software GmbH)
HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190472 2009-09-16] (Logitech Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [390712 2010-08-21] (Acronis)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [497648 2010-09-16] (Adobe Systems Incorporated)
HKLM\...\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [357888 2009-06-03] (Saitek)
HKLM\...\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [194560 2009-06-03] (Saitek)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe [2536752 2010-08-20] (Acronis)
HKLM-x32\...\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [5459136 2010-08-21] (Acronis)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NI Background Service] C:\Program Files (x86)\National Instruments\Shared\Update Service\niupdate.exe [77824 2010-05-27] (National Instruments)
HKLM-x32\...\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun [614400 2009-09-25] ()
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2903448 2011-06-06] (Adobe Systems Inc.)
HKLM-x32\...\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart [1493288 2011-09-20] (Nero AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" [103536 2012-04-30] (VMware, Inc.)
HKU\Whitewater\...\Run: [Google Update] "C:\Users\Whitewater\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-05-21] (Google Inc.)
HKU\Whitewater\...\Run: [NIRegistrationWizard] C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1033 [846520 2010-06-21] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\CardMinder Viewer.lnk
ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk
ShortcutTarget: Conversion to PDF with ScanSnap Organizer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\UltraMon.lnk
ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico ()
Startup: C:\Users\Whitewater\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

2 AcronisOSSReinstallSvc; "C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe" [2217416 2007-02-22] ()
2 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [779944 2010-08-21] (Acronis)
2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3975088 2010-12-27] (Acronis)
3 BrYNSvc; "C:\Program Files (x86)\Browny02\BrYNSvc.exe" [245760 2010-01-25] (Brother Industries, Ltd.)
2 Cadence License Manager; C:\Cadence\LicenseManager\lmgrd.exe [1370752 2007-10-12] (Macrovision Corporation)
2 D-Link SharePort Helper; "C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe" /service [49152 2009-12-10] ()
2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-03-05] (National Instruments, Inc.)
2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [45168 2010-06-16] (National Instruments Corporation)
2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [55416 2010-06-16] (National Instruments Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 MSSQL$INFLOWSQL; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sINFLOWSQL [29293408 2010-12-10] (Microsoft Corporation)
4 MSSQLServerADHelper; "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [44384 2010-12-10] (Microsoft Corporation)
2 mxssvr; "C:\Program Files (x86)\National Instruments\MAX\nimxs.exe" [12696 2010-06-18] (National Instruments Corporation)
2 NIApplicationWebServer; "C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user [47776 2010-06-22] (National Instruments Corporation)
4 NIApplicationWebServer64; "C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user [63648 2010-06-22] (National Instruments Corporation)
4 NILM License Manager; "C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe" [1007616 2010-05-17] (Macrovision Corporation)
2 nimDNSResponder; "C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe" [193712 2010-06-23] (National Instruments Corporation)
2 niSvcLoc; "C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe" -system [47768 2010-06-22] (National Instruments Corporation)
2 NITaggerService; "C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe" [752304 2010-06-17] (National Instruments Corporation)
2 O&O Defrag; C:\Windows\system32\oodag.exe [1884928 2008-09-04] (O&O Software GmbH)
3 OpcEnum; C:\Windows\SysWOW64\OpcEnum.exe [98304 2009-06-03] (OPC Foundation)
2 SaiDOutput; "C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe" [241152 2008-04-04] (Saitek)
2 VMwareHostd; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe" -u "C:\ProgramData\VMware\hostd\config.xml" [31995 2012-06-02] ()
2 WinVNC4; "C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service [2360048 2011-02-04] (RealVNC Ltd)

========================== Drivers (Whitelisted) =============

3 afcdp; C:\Windows\System32\Drivers\afcdp.sys [279136 2010-12-27] (Acronis)
3 AirDisplay; C:\Windows\System32\DRIVERS\AVVideoCard.sys [15768 2011-12-20] (Windows ® Win 7 DDK provider)
3 AirDisplayMirror; C:\Windows\System32\DRIVERS\AVVideoCardMirror.sys [15768 2011-12-20] (Windows ® Win 7 DDK provider)
2 cpuz133; \??\C:\Windows\system32\drivers\cpuz133_x64.sys [20968 2010-05-11] (Windows ® Win 7 DDK provider)
0 NBVol; C:\Windows\System32\Drivers\NBVol.sys [72240 2011-07-13] (Nero AG)
0 NBVolUp; C:\Windows\System32\Drivers\NBVolUp.sys [15920 2011-07-13] (Nero AG)
3 npusbio; C:\Windows\System32\Drivers\npusbio_x64.sys [45600 2009-12-17] ()
3 PSSDK42; C:\Windows\System32\Drivers\PSSDK42.sys [53312 2011-07-22] (microOLAP Technologies LTD)
3 SaiH0762; C:\Windows\System32\Drivers\SaiH0762.sys [178560 2008-04-04] (Saitek)
3 SaiMini; C:\Windows\System32\Drivers\SaiMini.sys [16000 2009-06-10] (Saitek)
3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [43264 2009-06-10] (Saitek)
0 snapman; C:\Windows\System32\Drivers\snapman.sys [277088 2010-12-27] (Acronis)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [828912 2010-05-23] (Duplex Secure Ltd.)
2 sxuptp; C:\Windows\System32\Drivers\sxuptp.sys [297032 2010-08-25] (silex technology, Inc.)
0 tdrpman273; C:\Windows\System32\DRIVERS\tdrpm273.sys [1263200 2010-12-27] (Acronis)
0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [970336 2010-12-27] (Acronis)
3 vncmirror; C:\Windows\System32\Drivers\vncmirror.sys [4608 2011-02-04] (RealVNC Ltd.)
3 ALSysIO; \??\C:\Users\WHITEW~1\AppData\Local\Temp\ALSysIO64.sys [x]
2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-28 17:50 - 2012-06-28 17:50 - 00000000 ____D C:\FRST
2012-06-28 16:17 - 2012-06-28 16:17 - 00000000 ____D C:\Users\Whitewater\Documents\Susu academic
2012-06-28 16:16 - 2012-06-28 16:16 - 00000000 ____D C:\Users\Whitewater\Documents\K1 Application
2012-06-28 16:15 - 2012-06-28 16:15 - 00000000 ____D C:\Users\Whitewater\Documents\CSUN SPR09
2012-06-28 16:15 - 2012-06-28 16:15 - 00000000 ____D C:\Users\Whitewater\Documents\CSUN SPR08
2012-06-28 16:15 - 2012-06-28 16:15 - 00000000 ____D C:\Users\Whitewater\Documents\CSUN F09
2012-06-28 16:15 - 2012-06-28 16:15 - 00000000 ____D C:\Users\Whitewater\Documents\CSUN F08
2012-06-28 16:15 - 2012-06-28 16:15 - 00000000 ____D C:\Users\Whitewater\Documents\Bao Lanh Ong Ba Ngoai
2012-06-28 00:23 - 2010-11-20 04:40 - 00383786 _RASH C:\bootmgr
2012-06-26 21:53 - 2012-06-26 21:53 - 02135368 ____A C:\Users\Whitewater\Desktop\rmbamit.exe
2012-06-26 18:40 - 2012-06-26 18:40 - 02322184 ____A (ESET) C:\Users\Whitewater\Downloads\esetsmartinstaller_enu.exe
2012-06-26 18:40 - 2012-06-26 18:40 - 00000000 ____D C:\Program Files (x86)\ESET
2012-06-26 17:08 - 2012-06-26 17:08 - 00000690 ____A C:\Users\All Users\umpxaaa.tmp
2012-06-26 17:05 - 2012-06-26 17:05 - 00000911 ____A C:\Users\All Users\vmpxaaa.tmp
2012-06-26 16:49 - 2012-06-26 16:49 - 00000679 ____A C:\Users\All Users\rgrwaaa.tmp
2012-06-25 21:44 - 2012-06-25 21:44 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-06-25 21:43 - 2012-06-25 21:44 - 08834304 ____A (SurfRight B.V.) C:\Users\Whitewater\Downloads\HitmanPro36_x64.exe
2012-06-25 19:46 - 2012-06-25 21:26 - 00000000 ___SD C:\ComboFix
2012-06-25 19:46 - 2012-06-25 19:46 - 00000000 ____D C:\Qoobox
2012-06-25 19:46 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-25 19:46 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-25 19:46 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-25 19:46 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-25 19:46 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-25 19:46 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-25 19:46 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-25 19:46 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-25 19:43 - 2012-06-25 19:46 - 00000000 ___SD C:\32788R22FWJFW
2012-06-25 19:43 - 2012-06-25 19:43 - 00000000 ____D C:\Windows\erdnt
2012-06-25 19:22 - 2012-06-25 19:22 - 04569239 ____R (Swearware) C:\Users\Whitewater\Desktop\ComboFix.exe
2012-06-25 17:23 - 2012-02-29 22:46 - 00023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-06-25 17:23 - 2012-02-29 22:38 - 00220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-06-25 17:23 - 2012-02-29 22:33 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-06-25 17:23 - 2012-02-29 22:28 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-06-25 17:23 - 2012-02-29 21:37 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-06-25 17:23 - 2012-02-29 21:33 - 00159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-06-25 17:23 - 2012-02-29 21:29 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-06-25 17:21 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-25 17:21 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-25 17:21 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-25 17:21 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-25 17:21 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-25 17:21 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-25 17:21 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-25 17:21 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-25 17:21 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-25 17:21 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-25 17:21 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-25 17:21 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-25 17:21 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-25 17:21 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-25 17:21 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-25 17:21 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-25 17:21 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-25 17:21 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-25 17:21 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-25 17:21 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-25 17:21 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-25 17:21 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-25 17:21 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-25 17:21 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-25 17:21 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-25 17:21 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-25 17:21 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-25 17:21 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-25 17:17 - 2012-03-30 03:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-06-25 17:17 - 2011-12-16 00:46 - 00634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-06-25 17:17 - 2011-12-15 23:52 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-06-25 17:17 - 2011-11-04 21:32 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-06-25 17:17 - 2011-11-04 20:26 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-06-25 17:17 - 2011-08-16 21:26 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2012-06-25 17:17 - 2011-08-16 21:25 - 00108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2012-06-25 17:17 - 2011-08-16 20:24 - 00465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2012-06-25 17:17 - 2011-08-16 20:19 - 00075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2012-06-25 17:16 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-25 17:16 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-25 17:16 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-25 17:16 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-25 17:16 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-25 17:16 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-25 17:16 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-25 17:16 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-25 17:16 - 2012-03-16 23:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-06-25 17:16 - 2012-03-02 22:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-06-25 17:16 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-06-25 17:16 - 2012-02-16 22:38 - 01031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-06-25 17:16 - 2012-02-16 21:34 - 00826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-06-25 17:16 - 2012-02-16 20:57 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-06-25 17:16 - 2011-12-27 19:59 - 00498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-06-25 17:16 - 2011-11-16 22:49 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-25 17:16 - 2011-11-16 22:49 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-25 17:16 - 2011-11-16 22:44 - 00459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-25 17:16 - 2011-11-16 22:41 - 01731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-06-25 17:16 - 2011-11-16 22:35 - 01447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-06-25 17:16 - 2011-11-16 22:35 - 00395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-06-25 17:16 - 2011-11-16 22:35 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-25 17:16 - 2011-11-16 22:35 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-06-25 17:16 - 2011-11-16 22:35 - 00029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-06-25 17:16 - 2011-11-16 22:35 - 00028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-06-25 17:16 - 2011-11-16 22:33 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-06-25 17:16 - 2011-11-16 21:38 - 01292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-06-25 17:16 - 2011-11-16 21:35 - 00314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-06-25 17:16 - 2011-11-16 21:34 - 00224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-25 17:16 - 2011-11-16 21:34 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-25 17:16 - 2011-11-16 21:28 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-25 17:16 - 2011-10-25 21:25 - 01572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-06-25 17:16 - 2011-10-25 21:25 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-06-25 17:16 - 2011-10-25 21:21 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2012-06-25 17:16 - 2011-10-25 20:32 - 01328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-06-25 17:16 - 2011-10-25 20:32 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-06-25 17:16 - 2011-10-14 22:31 - 00723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2012-06-25 17:16 - 2011-10-14 21:38 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2012-06-25 17:16 - 2011-08-26 21:37 - 00861696 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2012-06-25 17:16 - 2011-08-26 21:37 - 00331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2012-06-25 17:16 - 2011-08-26 20:26 - 00571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2012-06-25 17:16 - 2011-08-26 20:26 - 00233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2012-06-25 17:11 - 2011-11-19 06:58 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-06-25 17:11 - 2011-11-19 06:01 - 00067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-06-24 22:28 - 2012-06-24 22:28 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-24 22:26 - 2012-06-25 20:19 - 02128984 ____A (Kaspersky Lab ZAO) C:\Users\Whitewater\Desktop\TDSSKiller.exe
2012-06-24 22:26 - 2012-06-25 19:41 - 00000000 ____D C:\Users\Whitewater\Desktop\tdsskiller
2012-06-24 22:25 - 2012-06-24 22:26 - 02109806 ____A C:\Users\Whitewater\Downloads\tdsskiller.zip
2012-06-24 20:44 - 2012-06-24 20:51 - 00000900 ____A C:\Users\All Users\nsmwaaa.tmp
2012-06-24 20:44 - 2012-06-24 20:50 - 00000921 ____A C:\Users\All Users\msmwaaa.tmp
2012-06-24 09:00 - 2012-06-24 09:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-23 23:36 - 2012-06-23 23:36 - 00000907 ____A C:\Users\All Users\kpawaaa.tmp
2012-06-23 23:30 - 2012-06-23 23:30 - 00290704 ____A C:\Windows\Minidump\062412-74896-01.dmp
2012-06-23 23:29 - 2012-06-23 23:29 - 775559607 ____A C:\Windows\MEMORY.DMP
2012-06-23 23:21 - 2012-06-23 23:21 - 00000910 ____A C:\Users\All Users\earxaaa.tmp
2012-06-23 23:21 - 2012-06-23 23:21 - 00000892 ____A C:\Users\All Users\farxaaa.tmp
2012-06-23 22:01 - 2012-06-23 22:01 - 00002999 ____A C:\Users\Whitewater\Desktop\HiJackThis.lnk
2012-06-23 21:52 - 2012-06-23 21:52 - 01402880 ____A C:\Users\Whitewater\Downloads\HiJackThis.msi
2012-06-23 21:16 - 2012-06-23 21:17 - 71063072 ____A (Microsoft Corporation) C:\Users\Whitewater\Downloads\msert.exe
2012-06-23 13:40 - 2012-06-23 13:40 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Whitewater\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-23 13:40 - 2012-06-23 13:40 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-23 11:29 - 2012-06-28 09:29 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-23 11:29 - 2012-06-26 19:33 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-23 11:28 - 2012-06-23 11:28 - 16409960 ____A (Safer Networking Limited ) C:\Users\Whitewater\Downloads\spybotsd162.exe
2012-06-23 10:25 - 2012-06-23 10:25 - 00000675 ____A C:\Users\All Users\cxexaaa.tmp
2012-06-21 21:19 - 2012-06-21 21:19 - 00000000 ____D C:\Users\Whitewater\AppData\Local\PhotoChannel
2012-06-20 21:34 - 2012-06-20 21:34 - 00032528 ____A C:\Users\Whitewater\Downloads\PlaneFinderTour-DAL629.kml
2012-06-20 19:53 - 2012-06-20 19:53 - 00000090 ____A C:\Users\Whitewater\Downloads\klax2 (1).pls
2012-06-20 19:50 - 2012-06-20 19:50 - 00000226 ____A C:\Users\Whitewater\Downloads\get_asx_feed.m3u
2012-06-20 19:50 - 2012-06-20 19:50 - 00000090 ____A C:\Users\Whitewater\Downloads\klax2.pls
2012-06-19 20:04 - 2012-06-19 20:04 - 00308032 ____A C:\Users\Whitewater\Downloads\PlaneFinderTour-N5956B.kml
2012-06-18 20:32 - 2012-06-18 20:32 - 00000000 ____D C:\Program Files\Common Files\Intuit
2012-06-18 20:21 - 2012-06-19 16:14 - 00000000 ____D C:\Users\Whitewater\AppData\Local\Intuit
2012-06-18 20:14 - 2012-06-23 15:00 - 00000090 ____A C:\Windows\QBChanUtil_Trigger.ini
2012-06-18 20:14 - 2012-06-18 20:31 - 00000000 ____D C:\Users\All Users\SQL Anywhere 11
2012-06-18 20:14 - 2012-06-18 20:14 - 00000000 ____D C:\Users\Public\Documents\Intuit
2012-06-18 20:14 - 2012-06-18 20:14 - 00000000 ____D C:\Program Files (x86)\Intuit
2012-06-18 19:47 - 2012-06-18 19:47 - 00000000 ____D C:\Windows\Intuit
2012-06-15 20:05 - 2012-06-15 20:05 - 00344311 ____A C:\Users\Whitewater\Downloads\A Thousand Words 2012 BRRip XviD KAZAN.nzb
2012-06-15 19:53 - 2012-06-15 19:53 - 00870589 ____A C:\Users\Whitewater\Downloads\Wrath of The Titans 2012 720p BDRip AC3 x264 MacGuffin.nzb
2012-06-14 17:28 - 2012-06-14 17:28 - 00000000 ____D C:\Users\Whitewater\AppData\Local\Downloaded Installations
2012-06-14 17:28 - 2012-06-14 17:28 - 00000000 ____D C:\Program Files (x86)\Jolly Technologies
2012-06-14 17:26 - 2012-06-14 17:26 - 00000000 ____D C:\Users\Whitewater\Downloads\Label Flow 3.4.0
2012-06-14 17:25 - 2012-06-14 17:25 - 00006616 ____A C:\Users\Whitewater\Downloads\[rutracker.org].t2493208.torrent
2012-06-13 20:19 - 2012-06-13 20:19 - 00002968 ____A C:\Users\Whitewater\Downloads\[kat.ph]label.flow.label.maker.software.3.2.0.cracked.torrent
2012-06-13 20:04 - 2012-06-13 20:04 - 00000917 ____A C:\Users\Whitewater\AppData\Roaming\Easy Barcode Creator.xml
2012-06-13 20:02 - 2012-06-13 20:02 - 00000000 ____D C:\Users\Whitewater\AppData\Roaming\Barcode Producer
2012-06-13 20:00 - 2012-06-13 20:00 - 02834426 ____A ( ) C:\Users\Whitewater\Downloads\ebc.exe
2012-06-12 18:33 - 2012-06-12 18:33 - 00368983 ____A C:\Users\Whitewater\Downloads\Wrath of the Titans 2012 BDRIP XviD AC3 WDR.nzb
2012-06-10 21:04 - 2012-06-10 21:06 - 21021056 ____A (AirNav Systems, LLC ) C:\Users\Whitewater\Downloads\anlv810setup.exe
2012-06-10 15:34 - 2012-06-10 21:08 - 00018382 ____A C:\Users\Whitewater\Desktop\Book1.xlsx
2012-06-10 14:51 - 2012-06-10 15:20 - 393413310 ____A (AirNav Systems, LLC ) C:\Users\Whitewater\Desktop\ANRB403Setup.exe
2012-06-08 16:48 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-08 16:48 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-08 16:48 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-08 16:48 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-08 16:47 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-08 16:47 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-08 16:47 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-08 16:47 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-08 16:47 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-05 21:19 - 2012-06-14 18:36 - 00112640 ____A C:\Users\Whitewater\Desktop\FINLIST_NEW.xls
2012-06-03 18:43 - 2012-06-03 18:44 - 00000000 ____D C:\Users\Whitewater\Downloads\__Instalous_5__
2012-06-03 18:38 - 2012-06-03 18:38 - 03147344 ____A (Macroplant, LLC ) C:\Users\Whitewater\Downloads\iExplorer_Setup.exe
2012-06-03 18:36 - 2012-06-03 18:36 - 05341658 ____A C:\Users\Whitewater\Downloads\__Instalous_5__.rar
2012-06-03 16:12 - 2012-06-03 18:35 - 00000000 ____D C:\Users\Whitewater\Desktop\sn0wbreeze-v2.9.5
2012-06-03 09:04 - 2012-06-03 09:04 - 16608828 ____A C:\Users\Whitewater\Downloads\Form_React_Wallpaper_by_filipe_ps.rar
2012-06-02 19:54 - 2012-06-02 22:20 - 00000000 ____D C:\Users\Whitewater\Documents\Virtual Machines
2012-06-02 19:51 - 2012-04-30 19:56 - 00063088 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmx86.sys
2012-06-02 19:50 - 2012-06-02 19:50 - 00002135 ____A C:\Users\Public\Desktop\VMware Workstation.lnk
2012-06-02 19:50 - 2012-04-30 19:56 - 00942192 ____A (VMware, Inc.) C:\Windows\System32\vnetlib64.dll
2012-06-02 19:50 - 2012-04-30 19:56 - 00433264 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2012-06-02 19:50 - 2012-04-30 19:56 - 00354416 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2012-06-02 19:50 - 2012-04-30 19:54 - 00030320 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnetuserif.sys
2012-06-02 19:50 - 2011-08-29 22:11 - 00039024 ____A (VMware, Inc.) C:\Windows\System32\Drivers\hcmon.sys
2012-06-02 19:49 - 2012-06-02 19:49 - 00000000 ____D C:\Program Files\Common Files\VMware
2012-06-02 17:43 - 2012-06-02 19:49 - 00000000 ____D C:\Program Files (x86)\VMware
2012-06-01 16:40 - 2012-06-01 16:40 - 00811472 ____A C:\Users\Whitewater\Downloads\Project X 2012 720p EXTENDED BRRip AC3 x264 MacGuffin.nzb
2012-05-31 20:23 - 2012-05-31 20:23 - 00333596 ____A C:\Users\Whitewater\Downloads\Journey 2 The Mysterious Island 2012 BRRip XviD KAZAN.nzb

============ 3 Months Modified Files and Folders =============

2012-06-28 17:50 - 2012-06-28 17:50 - 00000000 ____D C:\FRST
2012-06-28 16:44 - 2010-09-19 20:24 - 00000000 ___RD C:\Users\Whitewater\Documents\My Dropbox
2012-06-28 16:44 - 2010-09-19 20:23 - 00000000 ____D C:\Users\Whitewater\AppData\Roaming\Dropbox
2012-06-28 16:43 - 2011-09-19 20:22 - 00000000 ____D C:\Users\All Users\VMware
2012-06-28 16:42 - 2010-06-13 15:02 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-06-28 16:42 - 2010-06-12 17:07 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-28 16:42 - 2010-05-22 13:08 - 01864420 ____A C:\Windows\System32\oodbs.lor
2012-06-28 16:42 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-28 16:42 - 2009-07-13 20:51 - 00138787 ____A C:\Windows\setupact.log
2012-06-28 16:40 - 2010-05-21 03:18 - 01861780 ____A C:\Windows\WindowsUpdate.log
2012-06-28 16:40 - 2009-07-13 20:45 - 00014976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-28 16:40 - 2009-07-13 20:45 - 00014976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-28 16:17 - 2012-06-28 16:17 - 00000000 ____D C:\Users\Whitewater\Documents\Susu academic
2012-06-28 16:16 - 2012-06-28 16:16 - 00000000 ____D C:\Users\Whitewater\Documents\K1 Application
2012-06-28 16:15 - 2012-06-28 16:15 - 00000000 ____D C:\Users\Whitewater\Documents\CSUN SPR09
2012-06-28 16:15 - 2012-06-28 16:15 - 00000000 ____D C:\Users\Whitewater\Documents\CSUN SPR08
2012-06-28 16:15 - 2012-06-28 16:15 - 00000000 ____D C:\Users\Whitewater\Documents\CSUN F09
2012-06-28 16:15 - 2012-06-28 16:15 - 00000000 ____D C:\Users\Whitewater\Documents\CSUN F08
2012-06-28 16:15 - 2012-06-28 16:15 - 00000000 ____D C:\Users\Whitewater\Documents\Bao Lanh Ong Ba Ngoai
2012-06-28 16:05 - 2011-09-24 08:45 - 00000928 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3369249229-1897891444-2642341107-1000UA1cc7ad95a9b3ea0.job
2012-06-28 15:53 - 2010-06-12 17:07 - 00000906 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-28 10:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-28 09:29 - 2012-06-23 11:29 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-28 09:29 - 2010-05-21 17:09 - 00225110 ____A C:\Windows\PFRO.log
2012-06-26 21:53 - 2012-06-26 21:53 - 02135368 ____A C:\Users\Whitewater\Desktop\rmbamit.exe
2012-06-26 21:37 - 2010-07-09 20:22 - 00000000 ____D C:\Users\Whitewater\Documents\KeePass Password Safe
2012-06-26 21:27 - 2011-06-05 09:54 - 00000000 ____D C:\Users\Whitewater\Downloads\JDownloader
2012-06-26 19:33 - 2012-06-23 11:29 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-26 19:05 - 2011-08-07 09:05 - 00000876 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3369249229-1897891444-2642341107-1000Core1cc55243b3ad571.job
2012-06-26 18:40 - 2012-06-26 18:40 - 02322184 ____A (ESET) C:\Users\Whitewater\Downloads\esetsmartinstaller_enu.exe
2012-06-26 18:40 - 2012-06-26 18:40 - 00000000 ____D C:\Program Files (x86)\ESET
2012-06-26 18:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-06-26 17:46 - 2012-05-15 19:34 - 00000000 ____D C:\Program Files (x86)\Diablo III
2012-06-26 17:08 - 2012-06-26 17:08 - 00000690 ____A C:\Users\All Users\umpxaaa.tmp
2012-06-26 17:05 - 2012-06-26 17:05 - 00000911 ____A C:\Users\All Users\vmpxaaa.tmp
2012-06-26 16:49 - 2012-06-26 16:49 - 00000679 ____A C:\Users\All Users\rgrwaaa.tmp
2012-06-25 21:44 - 2012-06-25 21:44 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-06-25 21:44 - 2012-06-25 21:43 - 08834304 ____A (SurfRight B.V.) C:\Users\Whitewater\Downloads\HitmanPro36_x64.exe
2012-06-25 21:35 - 2011-06-19 10:17 - 00000000 ____D C:\Program Files (x86)\PC Tools Security
2012-06-25 21:26 - 2012-06-25 19:46 - 00000000 ___SD C:\ComboFix
2012-06-25 20:19 - 2012-06-24 22:26 - 02128984 ____A (Kaspersky Lab ZAO) C:\Users\Whitewater\Desktop\TDSSKiller.exe
2012-06-25 19:46 - 2012-06-25 19:46 - 00000000 ____D C:\Qoobox
2012-06-25 19:46 - 2012-06-25 19:43 - 00000000 ___SD C:\32788R22FWJFW
2012-06-25 19:43 - 2012-06-25 19:43 - 00000000 ____D C:\Windows\erdnt
2012-06-25 19:41 - 2012-06-24 22:26 - 00000000 ____D C:\Users\Whitewater\Desktop\tdsskiller
2012-06-25 19:22 - 2012-06-25 19:22 - 04569239 ____R (Swearware) C:\Users\Whitewater\Desktop\ComboFix.exe
2012-06-25 19:04 - 2010-06-13 12:13 - 00000000 ____D C:\Windows\System32\appmgmt
2012-06-25 18:02 - 2009-07-13 20:45 - 04994792 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-25 17:59 - 2010-10-24 17:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-06-25 17:57 - 2009-07-13 23:47 - 00000000 ____D C:\Program Files\Windows Journal
2012-06-25 17:57 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2012-06-25 17:55 - 2010-05-21 17:14 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-25 17:54 - 2011-06-19 10:17 - 01838488 ____A C:\Windows\System32\Drivers\Cat.DB
2012-06-25 17:48 - 2012-04-29 21:28 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2012-06-25 17:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Registration
2012-06-25 17:25 - 2011-02-16 22:02 - 00000039 ____A C:\Windows\vbaddin.ini
2012-06-24 22:28 - 2012-06-24 22:28 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-24 22:26 - 2012-06-24 22:25 - 02109806 ____A C:\Users\Whitewater\Downloads\tdsskiller.zip
2012-06-24 20:51 - 2012-06-24 20:44 - 00000900 ____A C:\Users\All Users\nsmwaaa.tmp
2012-06-24 20:50 - 2012-06-24 20:44 - 00000921 ____A C:\Users\All Users\msmwaaa.tmp
2012-06-24 09:00 - 2012-06-24 09:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-24 09:00 - 2011-07-22 20:44 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-24 09:00 - 2011-07-22 20:43 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-24 09:00 - 2010-05-22 14:34 - 00007042 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-24 08:58 - 2011-08-21 16:57 - 00000000 ____D C:\Program Files (x86)\DjVuZone
2012-06-24 08:54 - 2009-07-13 21:13 - 00007140 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-23 23:36 - 2012-06-23 23:36 - 00000907 ____A C:\Users\All Users\kpawaaa.tmp
2012-06-23 23:30 - 2012-06-23 23:30 - 00290704 ____A C:\Windows\Minidump\062412-74896-01.dmp
2012-06-23 23:30 - 2010-05-21 22:16 - 00000000 ____D C:\Windows\Minidump
2012-06-23 23:29 - 2012-06-23 23:29 - 775559607 ____A C:\Windows\MEMORY.DMP
2012-06-23 23:21 - 2012-06-23 23:21 - 00000910 ____A C:\Users\All Users\earxaaa.tmp
2012-06-23 23:21 - 2012-06-23 23:21 - 00000892 ____A C:\Users\All Users\farxaaa.tmp
2012-06-23 22:01 - 2012-06-23 22:01 - 00002999 ____A C:\Users\Whitewater\Desktop\HiJackThis.lnk
2012-06-23 21:52 - 2012-06-23 21:52 - 01402880 ____A C:\Users\Whitewater\Downloads\HiJackThis.msi
2012-06-23 21:17 - 2012-06-23 21:16 - 71063072 ____A (Microsoft Corporation) C:\Users\Whitewater\Downloads\msert.exe
2012-06-23 15:15 - 2010-05-21 17:19 - 00113576 ____A C:\Users\Whitewater\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-23 15:00 - 2012-06-18 20:14 - 00000090 ____A C:\Windows\QBChanUtil_Trigger.ini
2012-06-23 14:54 - 2011-06-05 16:42 - 00000031 ____A C:\Windows\QUICKEN.INI
2012-06-23 13:40 - 2012-06-23 13:40 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Whitewater\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-23 13:40 - 2012-06-23 13:40 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-23 13:40 - 2011-07-23 10:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-23 11:28 - 2012-06-23 11:28 - 16409960 ____A (Safer Networking Limited ) C:\Users\Whitewater\Downloads\spybotsd162.exe
2012-06-23 10:41 - 2010-06-06 13:28 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2012-06-23 10:35 - 2010-06-06 13:21 - 00000000 ____D C:\Users\All Users\Autodesk
2012-06-23 10:25 - 2012-06-23 10:25 - 00000675 ____A C:\Users\All Users\cxexaaa.tmp
2012-06-21 21:19 - 2012-06-21 21:19 - 00000000 ____D C:\Users\Whitewater\AppData\Local\PhotoChannel
2012-06-20 21:47 - 2012-05-02 16:49 - 00000000 ____D C:\Users\Whitewater\AppData\Local\inFlow Inventory
2012-06-20 21:47 - 2012-04-29 21:33 - 00000000 ____D C:\Users\Whitewater\AppData\Roaming\inFlow Inventory
2012-06-20 21:34 - 2012-06-20 21:34 - 00032528 ____A C:\Users\Whitewater\Downloads\PlaneFinderTour-DAL629.kml
2012-06-20 19:53 - 2012-06-20 19:53 - 00000090 ____A C:\Users\Whitewater\Downloads\klax2 (1).pls
2012-06-20 19:50 - 2012-06-20 19:50 - 00000226 ____A C:\Users\Whitewater\Downloads\get_asx_feed.m3u
2012-06-20 19:50 - 2012-06-20 19:50 - 00000090 ____A C:\Users\Whitewater\Downloads\klax2.pls
2012-06-19 20:04 - 2012-06-19 20:04 - 00308032 ____A C:\Users\Whitewater\Downloads\PlaneFinderTour-N5956B.kml
2012-06-19 16:14 - 2012-06-18 20:21 - 00000000 ____D C:\Users\Whitewater\AppData\Local\Intuit
2012-06-19 16:14 - 2011-06-05 16:42 - 00000000 ____D C:\Users\All Users\Intuit
2012-06-18 20:32 - 2012-06-18 20:32 - 00000000 ____D C:\Program Files\Common Files\Intuit
2012-06-18 20:31 - 2012-06-18 20:14 - 00000000 ____D C:\Users\All Users\SQL Anywhere 11
2012-06-18 20:14 - 2012-06-18 20:14 - 00000000 ____D C:\Users\Public\Documents\Intuit
2012-06-18 20:14 - 2012-06-18 20:14 - 00000000 ____D C:\Program Files (x86)\Intuit
2012-06-18 19:47 - 2012-06-18 19:47 - 00000000 ____D C:\Windows\Intuit
2012-06-16 09:16 - 2011-02-17 20:03 - 00000000 ____D C:\Users\All Users\Syscon
2012-06-16 09:16 - 2011-02-17 19:54 - 00000000 ____D C:\Users\Whitewater\Documents\ScanSnap
2012-06-16 08:37 - 2011-07-18 18:45 - 00000000 ____D C:\Users\Whitewater\AppData\Local\QuickPar
2012-06-15 23:03 - 2011-07-17 13:23 - 00000000 ____D C:\Users\Whitewater\AppData\Local\NewsBin
2012-06-15 20:35 - 2011-11-28 17:32 - 00000000 ____D C:\found.000
2012-06-15 20:05 - 2012-06-15 20:05 - 00344311 ____A C:\Users\Whitewater\Downloads\A Thousand Words 2012 BRRip XviD KAZAN.nzb
2012-06-15 19:53 - 2012-06-15 19:53 - 00870589 ____A C:\Users\Whitewater\Downloads\Wrath of The Titans 2012 720p BDRip AC3 x264 MacGuffin.nzb
2012-06-14 21:50 - 2010-12-03 22:25 - 00000000 ____D C:\Users\Whitewater\AppData\Roaming\uTorrent
2012-06-14 18:36 - 2012-06-05 21:19 - 00112640 ____A C:\Users\Whitewater\Desktop\FINLIST_NEW.xls
2012-06-14 17:28 - 2012-06-14 17:28 - 00000000 ____D C:\Users\Whitewater\AppData\Local\Downloaded Installations
2012-06-14 17:28 - 2012-06-14 17:28 - 00000000 ____D C:\Program Files (x86)\Jolly Technologies
2012-06-14 17:26 - 2012-06-14 17:26 - 00000000 ____D C:\Users\Whitewater\Downloads\Label Flow 3.4.0
2012-06-14 17:25 - 2012-06-14 17:25 - 00006616 ____A C:\Users\Whitewater\Downloads\[rutracker.org].t2493208.torrent
2012-06-14 17:02 - 2010-12-03 22:26 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-06-13 20:19 - 2012-06-13 20:19 - 00002968 ____A C:\Users\Whitewater\Downloads\[kat.ph]label.flow.label.maker.software.3.2.0.cracked.torrent
2012-06-13 20:04 - 2012-06-13 20:04 - 00000917 ____A C:\Users\Whitewater\AppData\Roaming\Easy Barcode Creator.xml
2012-06-13 20:02 - 2012-06-13 20:02 - 00000000 ____D C:\Users\Whitewater\AppData\Roaming\Barcode Producer
2012-06-13 20:00 - 2012-06-13 20:00 - 02834426 ____A ( ) C:\Users\Whitewater\Downloads\ebc.exe
2012-06-12 18:33 - 2012-06-12 18:33 - 00368983 ____A C:\Users\Whitewater\Downloads\Wrath of the Titans 2012 BDRIP XviD AC3 WDR.nzb
2012-06-10 21:08 - 2012-06-10 15:34 - 00018382 ____A C:\Users\Whitewater\Desktop\Book1.xlsx
2012-06-10 21:07 - 2012-01-02 17:03 - 00000000 ____D C:\Program Files (x86)\AirNav Systems
2012-06-10 21:06 - 2012-06-10 21:04 - 21021056 ____A (AirNav Systems, LLC ) C:\Users\Whitewater\Downloads\anlv810setup.exe
2012-06-10 19:33 - 2012-03-18 09:18 - 00012993 ____A C:\Users\Whitewater\Documents\Personal Finance.xlsx
2012-06-10 15:20 - 2012-06-10 14:51 - 393413310 ____A (AirNav Systems, LLC ) C:\Users\Whitewater\Desktop\ANRB403Setup.exe
2012-06-08 20:49 - 2009-07-13 21:08 - 00032562 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-05 21:40 - 2012-05-07 23:17 - 00077312 ____A C:\Users\Whitewater\Documents\Nail Salon Addresses.pub
2012-06-03 22:28 - 2010-05-21 17:42 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-03 21:26 - 2011-09-19 20:27 - 00000000 ____D C:\Users\Whitewater\AppData\Roaming\VMware
2012-06-03 21:26 - 2011-09-19 20:27 - 00000000 ____D C:\Users\Whitewater\AppData\Local\VMware
2012-06-03 21:07 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2012-06-03 21:00 - 2011-02-17 19:44 - 00007800 ____A C:\Users\Whitewater\Sti_Trace.log
2012-06-03 18:44 - 2012-06-03 18:43 - 00000000 ____D C:\Users\Whitewater\Downloads\__Instalous_5__
2012-06-03 18:39 - 2011-07-03 14:18 - 00000000 ____D C:\Users\Whitewater\AppData\Local\Macroplant
2012-06-03 18:39 - 2011-07-03 11:53 - 00000000 ____D C:\Program Files (x86)\iPhone Explorer
2012-06-03 18:38 - 2012-06-03 18:38 - 03147344 ____A (Macroplant, LLC ) C:\Users\Whitewater\Downloads\iExplorer_Setup.exe
2012-06-03 18:36 - 2012-06-03 18:36 - 05341658 ____A C:\Users\Whitewater\Downloads\__Instalous_5__.rar
2012-06-03 18:35 - 2012-06-03 16:12 - 00000000 ____D C:\Users\Whitewater\Desktop\sn0wbreeze-v2.9.5
2012-06-03 09:04 - 2012-06-03 09:04 - 16608828 ____A C:\Users\Whitewater\Downloads\Form_React_Wallpaper_by_filipe_ps.rar
2012-06-02 22:20 - 2012-06-02 19:54 - 00000000 ____D C:\Users\Whitewater\Documents\Virtual Machines
2012-06-02 19:50 - 2012-06-02 19:50 - 00002135 ____A C:\Users\Public\Desktop\VMware Workstation.lnk
2012-06-02 19:49 - 2012-06-02 19:49 - 00000000 ____D C:\Program Files\Common Files\VMware
2012-06-02 19:49 - 2012-06-02 17:43 - 00000000 ____D C:\Program Files (x86)\VMware
2012-06-02 14:19 - 2012-06-08 16:48 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-08 16:48 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-08 16:48 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-08 16:47 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-08 16:47 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-08 16:47 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-08 16:48 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-08 16:47 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-08 16:47 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 07:13 - 2010-09-19 20:24 - 00001037 ____A C:\Users\Whitewater\Desktop\Dropbox.lnk
2012-06-01 16:40 - 2012-06-01 16:40 - 00811472 ____A C:\Users\Whitewater\Downloads\Project X 2012 720p EXTENDED BRRip AC3 x264 MacGuffin.nzb
2012-05-31 20:23 - 2012-05-31 20:23 - 00333596 ____A C:\Users\Whitewater\Downloads\Journey 2 The Mysterious Island 2012 BRRip XviD KAZAN.nzb
2012-05-28 13:28 - 2012-05-28 13:28 - 00483866 ____A C:\Users\Whitewater\Downloads\Iron Sky (2012) RETAIL DD5 1 1 5GB XVID EXTERNE NL SUBS.nzb
2012-05-26 23:16 - 2012-05-26 22:25 - 391618425 ____A C:\Users\Whitewater\Desktop\Sky Gamblers Air Supremacy-v1.1.2-most_uniQue.ipa
2012-05-26 20:12 - 2012-05-26 20:12 - 15422534 ____A C:\Users\Whitewater\Desktop\redsn0w_win_0.9.11b4.zip
2012-05-26 20:12 - 2011-12-27 18:31 - 00000000 ____D C:\Users\Whitewater\AppData\Roaming\redsn0w
2012-05-26 17:07 - 2012-05-26 17:07 - 00000000 ____D C:\Users\Whitewater\AppData\Local\libimobiledevice
2012-05-26 17:01 - 2011-09-25 18:16 - 00000000 ____D C:\Users\Whitewater\AppData\Roaming\NVIDIA
2012-05-26 16:57 - 2012-05-26 16:57 - 00000000 ____D C:\Users\Whitewater\Desktop\absinthe-win-2.0.1
2012-05-26 16:54 - 2012-05-26 16:54 - 05359780 ____A C:\Users\Whitewater\Desktop\absinthe-win-2.0.1.zip
2012-05-26 12:28 - 2012-05-26 12:28 - 00209777 ____A C:\Users\Whitewater\Downloads\Ip Man 2 2010 BRRip XviD AC3 SANTi.nzb
2012-05-26 12:25 - 2012-05-26 12:25 - 00393210 ____A C:\Users\Whitewater\Downloads\Ip Man 2 2010 720p BRRip XviD AC3 ViSiON (1).nzb
2012-05-26 08:30 - 2012-05-26 08:30 - 00393210 ____A C:\Users\Whitewater\Downloads\Ip Man 2 2010 720p BRRip XviD AC3 ViSiON.nzb
2012-05-25 19:19 - 2012-05-25 19:19 - 00897206 ____A C:\Users\Whitewater\Downloads\Safe House 2012 720p BRRip AC3 x264 MacGuffin.nzb
2012-05-24 21:31 - 2012-05-24 21:30 - 53784984 ____A (Adobe Systems Incorporated) C:\Users\Whitewater\Downloads\AdbeRdr1012_en_US.exe
2012-05-23 23:48 - 2012-04-28 11:15 - 00000000 ____D C:\Users\Whitewater\Documents\Ong Dia Nail Supply Web
2012-05-23 19:48 - 2012-05-23 19:48 - 00010715 ____A C:\Users\Whitewater\Documents\Greystone Evaluation.xlsx
2012-05-21 22:40 - 2012-05-21 22:11 - 00205312 ____A C:\Users\Whitewater\Desktop\FINLIST.xls
2012-05-21 22:20 - 2012-05-21 22:20 - 00000000 ____D C:\Users\Whitewater\Desktop\Nail Address List
2012-05-19 13:19 - 2012-05-19 13:19 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-05-19 13:19 - 2010-06-13 15:01 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-05-19 13:19 - 2010-05-21 17:05 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-05-19 13:18 - 2010-06-13 15:01 - 00000000 ____D C:\NVIDIA
2012-05-19 13:17 - 2012-05-19 13:10 - 166448312 ____A (NVIDIA Corporation) C:\Users\Whitewater\Downloads\296.10-desktop-win7-winvista-64bit-english-whql.exe
2012-05-18 16:36 - 2012-05-18 16:36 - 00298119 ____A C:\Users\Whitewater\Downloads\John Carter 2012 BRRip XviD AC3 SANTi.nzb
2012-05-17 18:47 - 2012-06-25 17:21 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-25 17:21 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-25 17:21 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-25 17:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-25 17:21 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-25 17:21 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-25 17:21 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-25 17:21 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-25 17:21 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-25 17:21 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-25 17:21 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-25 17:21 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-25 17:21 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-25 17:21 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-25 17:21 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-25 17:21 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-25 17:21 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-25 17:21 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-25 17:21 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-25 17:21 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-25 17:21 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-25 17:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-25 17:21 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-25 17:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-25 17:21 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-25 17:21 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-25 17:21 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-25 17:21 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-15 19:48 - 2012-05-15 19:34 - 00001193 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-05-15 19:48 - 2012-05-15 19:34 - 00000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-05-15 19:34 - 2012-05-15 19:34 - 00000000 ____D C:\Users\All Users\Battle.net
2012-05-15 19:33 - 2012-05-15 19:23 - 00000000 ____D C:\Users\Whitewater\Desktop\New folder (3)
2012-05-15 18:15 - 2010-05-21 17:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-14 17:32 - 2012-06-25 17:16 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-13 23:12 - 2012-05-26 20:12 - 00000000 ____D C:\Users\Whitewater\Desktop\redsn0w_win_0.9.11b4
2012-05-13 21:15 - 2012-05-13 21:16 - 00212992 ____A C:\Users\Whitewater\Desktop\final_nailshop_list.xls
2012-05-13 08:32 - 2010-05-23 15:26 - 00000000 ____D C:\Windows\System32\oodag
2012-05-09 20:54 - 2012-05-09 20:53 - 00000000 ____D C:\Users\Whitewater\Desktop\New Folder (2)
2012-05-09 20:52 - 2012-05-09 20:46 - 68410683 ____A C:\Users\Whitewater\Downloads\glass_cup_of_tea.rar
2012-05-07 22:59 - 2012-05-07 22:58 - 00044653 ____A C:\Users\Whitewater\Desktop\New Microsoft Excel Worksheet.xlsx
2012-05-07 22:56 - 2012-05-07 22:53 - 00090717 ____A C:\Users\Whitewater\Desktop\Nail Salon RENEWdatabase.xlsx
2012-05-07 22:36 - 2012-05-07 22:24 - 73208021 ____A C:\Users\Whitewater\Downloads\talCommunicationsFundamentalsAndApplications-Sklar.rar
2012-05-07 21:42 - 2010-08-03 22:36 - 00000000 ____D C:\Users\Whitewater\AppData\Roaming\PrimoPDF
2012-05-07 21:28 - 2012-05-07 21:28 - 00001874 ____A C:\Users\Whitewater\Downloads\Digital Comms - Funds and Appls 2nd ed., [solution manual - handwritten] - B. Sklar WW.pdf.nzb
2012-05-07 20:53 - 2011-12-14 20:22 - 00000000 ____D C:\Users\Whitewater\Documents\Outlook Files
2012-05-06 21:35 - 2012-05-06 21:35 - 00009659 ____A C:\Users\Whitewater\Downloads\Bloomberg Businessweek Magazine April 30 2012 pdf.nzb
2012-05-06 19:23 - 2012-05-06 19:23 - 00000640 ____A C:\Users\Whitewater\Downloads\Rich Dad, Poor Dad Kiyosaki Robert epub.nzb
2012-05-06 19:15 - 2012-05-06 19:15 - 00000000 ____D C:\Users\Whitewater\Downloads\The Intelligent Investor [GeneGeter.com]
2012-05-06 19:10 - 2012-05-06 19:10 - 00001722 ____A C:\Users\Whitewater\Downloads\o-Demonoid.me-o_Benjamin_Graham_The_Intelligent_Investor_(EPUB_LIT_DOC).torrent
2012-05-06 19:04 - 2012-05-06 19:04 - 00002167 ____A C:\Users\Whitewater\Downloads\Realtime Soft UltraMon v3 1 0 x86 CRD.nzb
2012-05-04 03:06 - 2012-06-25 17:16 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-25 17:16 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-25 17:16 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 19:56 - 2012-06-02 19:51 - 00063088 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmx86.sys
2012-04-30 19:56 - 2012-06-02 19:50 - 00942192 ____A (VMware, Inc.) C:\Windows\System32\vnetlib64.dll
2012-04-30 19:56 - 2012-06-02 19:50 - 00433264 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2012-04-30 19:56 - 2012-06-02 19:50 - 00354416 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2012-04-30 19:54 - 2012-06-02 19:50 - 00030320 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnetuserif.sys
2012-04-30 17:26 - 2012-04-30 17:26 - 00252016 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnc.dll
2012-04-30 16:22 - 2012-04-30 16:22 - 00062064 ____A (VMware, Inc.) C:\Windows\System32\vmnetbridge.dll
2012-04-30 16:22 - 2012-04-30 16:22 - 00048752 ____A (VMware, Inc.) C:\Windows\System32\vnetinst.dll
2012-04-30 16:22 - 2012-04-30 16:22 - 00045680 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnetbridge.sys
2012-04-30 16:22 - 2012-04-30 16:22 - 00024176 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnet.sys
2012-04-30 16:22 - 2012-04-30 16:22 - 00020080 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnetadapter.sys
2012-04-29 22:01 - 2012-04-29 21:26 - 00000000 ____D C:\Program Files (x86)\inFlow Inventory
2012-04-29 21:42 - 2012-04-01 13:24 - 00000000 ___AD C:\Users\Whitewater\Documents\SuSu Citizenship App
2012-04-29 21:41 - 2010-11-30 20:56 - 00000000 ____D C:\Users\Whitewater\Documents\Access 2007 Guide
2012-04-29 21:40 - 2012-04-29 21:40 - 00000000 ____D C:\Users\Whitewater\Downloads\Synology Firmware
2012-04-29 21:39 - 2012-04-29 21:38 - 00000000 ____D C:\Users\Whitewater\Documents\PIERCE SPRING 12
2012-04-29 21:37 - 2012-04-29 21:37 - 00000000 ____D C:\Users\Whitewater\Documents\CSUN SPRING 2012
2012-04-29 21:35 - 2012-04-29 21:34 - 00000000 ____D C:\Users\Whitewater\Documents\New York New York International
2012-04-29 21:33 - 2012-04-29 21:33 - 00001945 ____A C:\Users\Public\Desktop\inFlow Inventory.lnk
2012-04-29 21:33 - 2012-04-29 21:26 - 00000000 ____D C:\Users\All Users\inFlow Inventory
2012-04-29 21:29 - 2012-04-29 21:28 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2012-04-29 21:27 - 2012-04-29 21:27 - 00000000 ____D C:\Program Files\Business Objects
2012-04-29 21:25 - 2012-04-29 21:25 - 00000000 ____D C:\Users\Whitewater\Downloads\inFlow_Inventory_Premium_2.3.2.1
2012-04-29 12:00 - 2012-04-29 12:00 - 00053205 ____A C:\Users\Whitewater\Downloads\National Geographic The Truth Behind Zombies HDTV x264 TASTETV.nzb
2012-04-29 11:53 - 2012-04-29 11:53 - 00179007 ____A C:\Users\Whitewater\Downloads\National Geographic Megastructures Breakdown Phantom Jet CONVERT 720p HDTV x264 TASTETV.nzb
2012-04-29 11:53 - 2012-04-22 08:52 - 00000000 ____D C:\Users\Whitewater\Documents\Newsbin Download
2012-04-28 16:42 - 2011-01-16 23:04 - 00000000 ____D C:\Users\Whitewater\AppData\Roaming\FileZilla
2012-04-28 16:16 - 2011-01-18 18:16 - 00000132 ____A C:\Users\Whitewater\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-04-28 14:18 - 2012-04-28 14:18 - 00000000 ____D C:\Users\Whitewater\Downloads\ScrwUMadman
2012-04-28 08:28 - 2012-04-28 08:26 - 00000000 ____D C:\Users\Whitewater\Downloads\NewsBin.Professional.5.51.(Build.9378).cracked-SND
2012-04-27 19:55 - 2012-06-25 17:16 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 17:47 - 2010-05-22 13:40 - 00000000 ____D C:\Users\Whitewater\Documents\Flight Simulator X Files
2012-04-25 21:41 - 2012-06-25 17:16 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-25 17:16 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-25 17:16 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 20:45 - 2012-05-09 20:52 - 00000000 ____D C:\Users\Whitewater\Desktop\glass_cup_of_tea
2012-04-22 08:51 - 2012-04-22 08:51 - 00000000 ____D C:\Program Files (x86)\NewsBin
2012-04-21 09:48 - 2012-04-21 09:48 - 00000000 ____D C:\Users\Whitewater\Documents\Diablo III
2012-04-18 21:45 - 2012-04-18 21:45 - 00010244 ____A C:\Users\Whitewater\Documents\NameClarification.xlsx
2012-04-17 20:45 - 2012-04-17 19:27 - 00000000 ____D C:\Users\Whitewater\Downloads\Wiley The Little Book of Common Sense Investing [h33t] [mkrandow]
2012-04-08 19:50 - 2012-04-01 13:25 - 00000000 ___AD C:\Users\Whitewater\Documents\Job Hunt
2012-04-08 19:47 - 2012-04-08 19:47 - 00000000 ____D C:\Users\Whitewater\Downloads\Imagine_ How Creativity Works - Jonah Lehrer
2012-04-08 19:39 - 2012-03-28 19:43 - 00000000 ____D C:\Users\Whitewater\Downloads\Imagine - How Creativity Works[EPUB+PDF+MOBI][Team Nanban][TPB]
2012-04-08 17:56 - 2012-04-08 17:56 - 00000000 ____D C:\Users\Whitewater\Downloads\Carnegie, Dale - How to Win Friends and Influence People
2012-04-08 17:28 - 2012-04-08 17:28 - 00086016 ____A C:\Users\Whitewater\Documents\Business.fmp12
2012-04-08 17:28 - 2012-04-08 16:29 - 00000000 ____D C:\Users\Whitewater\AppData\Local\FileMaker
2012-04-08 17:21 - 2012-04-08 17:21 - 00000000 ____D C:\Users\Whitewater\AppData\Roaming\FileMaker Pro Advanced
2012-04-08 16:01 - 2012-04-08 16:01 - 00001444 ____A C:\Users\Public\Desktop\FileMaker Pro Advanced.lnk
2012-04-08 16:01 - 2012-04-08 16:01 - 00000000 ____D C:\Users\All Users\FileMaker
2012-04-08 16:00 - 2012-04-08 16:00 - 00000000 ____D C:\Users\Whitewater\AppData\Roaming\FileMaker
2012-04-08 16:00 - 2012-04-08 16:00 - 00000000 ____D C:\Program Files (x86)\FileMaker
2012-04-08 12:10 - 2012-04-08 12:10 - 00000000 ____D C:\Users\Whitewater\Downloads\Self Improvement Collection
2012-04-04 14:56 - 2011-07-23 10:32 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-01 13:03 - 2012-04-01 13:03 - 00000000 ____D C:\Users\Whitewater\Downloads\The Millionaire Next Door [E-BOOK] -MANTESH
2012-03-31 15:56 - 2012-03-31 15:56 - 00000000 ____D C:\Users\Whitewater\AppData\Local\Nero_AG
2012-03-31 15:56 - 2011-11-09 22:40 - 00000000 ____D C:\Users\Whitewater\AppData\Local\Nero

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 6135.18 MB
Available physical RAM: 5325.49 MB
Total Pagefile: 6133.33 MB
Available Pagefile: 5318.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:314.41 GB) (Free:92.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive e: (New Volume) (Fixed) (Total:1863.01 GB) (Free:1776.8 GB) NTFS
3 Drive f: (Flight Sim) (Fixed) (Total:151.25 GB) (Free:39.3 GB) NTFS
4 Drive g: () (Fixed) (Total:90.02 GB) (Free:33.62 GB) NTFS
5 Drive h: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
6 Drive i: (GRMCPRXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
8 Drive k: (KINGSTON) (Removable) (Total:14.53 GB) (Free:14.53 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
10 Drive y: (Support) (Fixed) (Total:142.87 GB) (Free:142.77 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 465 GB 1024 KB
Disk 2 Online 1863 GB 0 B
Disk 3 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 142 GB 31 KB
Partition 2 Primary 90 GB 142 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y Support NTFS Partition 142 GB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 G NTFS Partition 90 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 314 GB 101 MB
Partition 0 Extended 151 GB 314 GB
Partition 3 Logical 151 GB 314 GB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 H System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 C NTFS Partition 314 GB Healthy

======================================================================================================

Disk: 1
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 F Flight Sim NTFS Partition 151 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB

======================================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 E New Volume NTFS Partition 1863 GB Healthy

======================================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 4032 KB

======================================================================================================

Disk: 3
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K KINGSTON FAT32 Removable 14 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-28 10:01

======================= End Of Log ==========================

#7 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:10:07 PM

Posted 29 June 2012 - 12:39 PM

Hi TQN,


Backdoor Warning!
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still try to clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.





I would like you to answer the following questions as exactly and detailed as you can:
  • What can you tell me about this torrent file?

    C:\Users\Whitewater\Downloads\[kat.ph]label.flow.label.maker.software.3.2.0.cracked.torrent

    To be honest, it looks like illegal/cracked software to me.
  • Why did you run ComboFix without telling me or posting a logfile?
    You can find the logfile at C:\ComobFix.txt.
  • You have already run or at least tried to run TDSS-Killer by Kaspersky.
    A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.07.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
    Please have a look into the root directory. Is there such a txt file? If so, I would like you to post the contents of this logfile.





What you should post with your next answer:
  • if you still want to clean your computer,
  • an answer to my questions,
  • the logfile from ComboFix,
  • the logfile from TDSS Killer.

Regards,
M-K-D-B

#8 TQN

TQN
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 30 June 2012 - 04:02 PM

I'm going to re format my drive, thanks for helping me

#9 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:10:07 PM

Posted 01 July 2012 - 06:42 AM

Hi TQN,

do you have any further questions?
Regards,
M-K-D-B

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:07 PM

Posted 04 July 2012 - 10:50 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users