Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32:Sirefef-PL [Rtk]


  • This topic is locked This topic is locked
31 replies to this topic

#1 ndbleep12

ndbleep12

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 07 July 2012 - 11:08 PM

As per Boopme... not successful on step 8 of prep guide. Downloaded the file, but it was already extracted, named 8vj582mc.exe and didn't fit the instruction set. Link two resulted in no additional downloads. Am attaching files from step 7. Many thanks!!!

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:22 AM

Posted 07 July 2012 - 11:36 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ndbleep12

ndbleep12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 07 July 2012 - 11:49 PM

Results from Security Check...On to combofix...thanks for your help!!!

Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 29
Java™ SE Runtime Environment 6 Update 1
Java version out of Date!
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:22 AM

Posted 07 July 2012 - 11:51 PM

No problem and I will be waiting for the next report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ndbleep12

ndbleep12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 08 July 2012 - 12:08 AM

ComboFix initiates ok-run first 50% of status bar in 5 secs., hangs for 15 secs, runs to 90% and program disappears. Log file at c:\32788r22FWJFW shows computer icon, as it's a disk drive. Double clicking shows system resources.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:22 AM

Posted 08 July 2012 - 12:29 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ndbleep12

ndbleep12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 08 July 2012 - 01:04 AM

All went well in that procedure...here is the text...

-----------------

Scan result of Farbar Recovery Scan Tool Version: 07-07-2012 04
Ran by st at 07-07-2012 22:52:06
Running from K:\
Service Pack 2 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.


============ One Month Created Files and Folders ==============

2012-07-07 22:00 - 2012-07-07 22:01 - 00000000 ____D C:\ComboFix
2012-07-07 22:00 - 2012-07-07 22:00 - 00000332 ____A C:\Start_.cmd
2012-07-07 21:58 - 2012-07-07 21:58 - 04574136 ____R (Swearware) C:\Users\st\Desktop\ComboFix.exe
2012-07-07 21:40 - 2012-07-07 21:40 - 00881475 ____A C:\Users\st\Desktop\SecurityCheck.exe
2012-07-07 20:52 - 2012-07-07 20:52 - 00302592 ____A C:\Users\st\Desktop\8vj582mc.exe
2012-07-07 20:49 - 2012-07-07 20:49 - 00022245 ____A C:\Users\st\Desktop\DDS.txt
2012-07-07 20:49 - 2012-07-07 20:49 - 00013754 ____A C:\Users\st\Desktop\Attach.txt
2012-07-07 20:46 - 2012-07-07 20:46 - 00607260 ____R (Swearware) C:\Users\st\Desktop\dds.scr
2012-07-07 20:39 - 2012-07-07 20:40 - 00000157 ____A C:\Users\st\Desktop\steps-6thru9.txt
2012-07-07 20:37 - 2012-07-07 20:37 - 00000466 ____A C:\Users\st\Desktop\defogger_disable.log
2012-07-07 20:37 - 2012-07-07 20:37 - 00000000 ____A C:\Users\st\defogger_reenable
2012-07-07 20:36 - 2012-07-07 20:36 - 00050477 ____A C:\Users\st\Desktop\Defogger.exe
2012-07-07 20:19 - 2012-07-07 20:19 - 00002134 ____A C:\Users\st\Desktop\aswMBR2.txt
2012-07-07 18:35 - 2012-07-07 18:43 - 00009727 ____A C:\Users\st\Desktop\Result.txt
2012-07-07 18:33 - 2012-07-07 18:33 - 00403231 ____A C:\Users\st\Desktop\MiniToolBox.exe
2012-07-07 18:26 - 2012-07-07 20:19 - 00000512 ____A C:\Users\st\Desktop\MBR.dat
2012-07-07 18:26 - 2012-07-07 18:26 - 00002039 ____A C:\Users\st\Desktop\aswMBR.txt
2012-07-07 18:00 - 2012-07-07 18:00 - 809418958 ____A C:\Windows\MEMORY.DMP
2012-07-07 18:00 - 2012-07-07 18:00 - 00285864 ____A C:\Windows\Minidump\Mini070712-01.dmp
2012-07-07 17:53 - 2012-07-07 17:53 - 04731392 ____A (AVAST Software) C:\Users\st\Desktop\aswMBR.exe
2012-07-07 17:36 - 2012-07-07 17:36 - 02116179 ____A C:\Users\st\Desktop\tdsskiller.zip
2012-07-07 12:17 - 2012-07-07 12:17 - 00000000 ____D C:\Program Files (x86)\ESET
2012-07-07 11:30 - 2012-07-07 22:01 - 00000000 ___SD C:\32788R22FWJFW
2012-07-07 11:30 - 2012-07-07 22:00 - 00000000 ____D C:\Qoobox
2012-07-07 11:30 - 2012-07-07 11:32 - 00000000 ____D C:\Windows\erdnt
2012-07-07 11:06 - 2012-07-07 11:06 - 04574136 ____A (Swearware) C:\Users\st\Downloads\ComboFix.exe
2012-07-06 23:59 - 2012-07-07 10:44 - 00000486 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
2012-07-06 23:59 - 2012-07-07 10:44 - 00000458 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
2012-07-06 23:59 - 2012-07-06 23:59 - 00001032 ____A C:\Users\st\Desktop\SpeedyPC Pro.lnk
2012-07-06 23:59 - 2012-07-06 23:59 - 00000000 ____D C:\Users\st\AppData\Roaming\SpeedyPC Software
2012-07-06 23:59 - 2012-07-06 23:59 - 00000000 ____D C:\Users\st\AppData\Roaming\DriverCure
2012-07-06 23:58 - 2012-07-07 10:44 - 00000414 ____A C:\Windows\Tasks\SpeedyPC Pro.job
2012-07-06 23:58 - 2012-07-06 23:58 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-07-06 23:58 - 2012-07-06 23:58 - 00000000 ____D C:\Program Files (x86)\SpeedyPC Software
2012-07-06 15:45 - 2012-07-06 15:45 - 00000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-06 15:45 - 2012-07-06 15:45 - 00000000 ____D C:\Users\st\Desktop\Chameleon
2012-07-06 15:45 - 2012-07-06 15:45 - 00000000 ____D C:\Users\st\AppData\Roaming\Malwarebytes
2012-07-06 15:45 - 2012-07-06 15:45 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-06 15:45 - 2012-07-06 15:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-06 15:45 - 2012-04-04 15:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-06 13:37 - 2012-07-06 13:37 - 12101490 ____A C:\Users\st\Downloads\unhackme.zip
2012-07-05 08:50 - 2012-07-05 08:51 - 01599394 ____A C:\Users\st\Downloads\download.zip
2012-07-03 16:36 - 2012-07-03 16:36 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-07-03 16:36 - 2012-07-03 16:36 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-07-03 16:36 - 2012-07-03 16:36 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-03 16:36 - 2012-07-03 16:36 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-03 16:36 - 2012-07-03 16:36 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-03 16:36 - 2012-07-03 16:36 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-03 16:36 - 2012-07-03 16:36 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-07-03 16:36 - 2012-07-03 16:36 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-07-03 16:36 - 2012-07-03 16:36 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00114176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-07-03 16:36 - 2012-07-03 16:36 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-07-03 16:36 - 2012-07-03 16:36 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-07-03 16:34 - 2012-07-03 16:36 - 00002804 ____A C:\Windows\IE9_main.log
2012-07-02 20:01 - 2012-07-02 20:01 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\st\Desktop\TDSSKiller.exe
2012-06-29 12:33 - 2012-06-29 12:33 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-23 12:49 - 2012-06-02 15:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-23 12:49 - 2012-06-02 15:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-23 12:49 - 2012-06-02 15:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-23 12:49 - 2012-06-02 15:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-23 12:49 - 2012-06-02 15:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-06-22 09:51 - 2012-06-02 15:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-22 09:51 - 2012-06-02 15:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-06-22 09:51 - 2012-06-02 15:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-22 09:51 - 2012-06-02 15:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-06-22 09:51 - 2012-06-02 15:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-22 09:51 - 2012-06-02 15:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-06-22 09:51 - 2012-06-02 15:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-22 09:51 - 2012-06-02 15:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-22 09:51 - 2012-06-02 15:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2012-06-21 08:38 - 2012-06-21 08:38 - 00000000 ____D C:\Users\st\AppData\Roaming\TeamViewer
2012-06-13 18:08 - 2012-05-15 13:15 - 02767360 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 18:08 - 2012-05-01 07:29 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 18:08 - 2012-04-23 09:25 - 01267200 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 18:08 - 2012-04-23 09:25 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 18:08 - 2012-04-23 09:25 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 18:08 - 2012-04-23 09:00 - 00984064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 18:08 - 2012-04-23 09:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 18:08 - 2012-04-23 09:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-11 12:19 - 2012-06-11 12:19 - 00000000 ____D C:\Users\st\Documents\rv


============ 3 Months Modified Files ========================

2012-07-07 22:46 - 2008-09-28 04:11 - 01098137 ____A C:\Windows\WindowsUpdate.log
2012-07-07 22:46 - 2006-11-02 08:42 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-07 22:46 - 2006-11-02 08:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-07 22:46 - 2006-11-02 08:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-07 22:46 - 2006-11-02 08:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-07 22:11 - 2009-09-24 23:03 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-07 22:00 - 2012-07-07 22:00 - 00000332 ____A C:\Start_.cmd
2012-07-07 21:58 - 2012-07-07 21:58 - 04574136 ____R (Swearware) C:\Users\st\Desktop\ComboFix.exe
2012-07-07 21:40 - 2012-07-07 21:40 - 00881475 ____A C:\Users\st\Desktop\SecurityCheck.exe
2012-07-07 20:52 - 2012-07-07 20:52 - 00302592 ____A C:\Users\st\Desktop\8vj582mc.exe
2012-07-07 20:49 - 2012-07-07 20:49 - 00022245 ____A C:\Users\st\Desktop\DDS.txt
2012-07-07 20:49 - 2012-07-07 20:49 - 00013754 ____A C:\Users\st\Desktop\Attach.txt
2012-07-07 20:46 - 2012-07-07 20:46 - 00607260 ____R (Swearware) C:\Users\st\Desktop\dds.scr
2012-07-07 20:40 - 2012-07-07 20:39 - 00000157 ____A C:\Users\st\Desktop\steps-6thru9.txt
2012-07-07 20:37 - 2012-07-07 20:37 - 00000466 ____A C:\Users\st\Desktop\defogger_disable.log
2012-07-07 20:37 - 2012-07-07 20:37 - 00000000 ____A C:\Users\st\defogger_reenable
2012-07-07 20:36 - 2012-07-07 20:36 - 00050477 ____A C:\Users\st\Desktop\Defogger.exe
2012-07-07 20:19 - 2012-07-07 20:19 - 00002134 ____A C:\Users\st\Desktop\aswMBR2.txt
2012-07-07 20:19 - 2012-07-07 18:26 - 00000512 ____A C:\Users\st\Desktop\MBR.dat
2012-07-07 20:11 - 2009-09-24 23:03 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-07 18:43 - 2012-07-07 18:35 - 00009727 ____A C:\Users\st\Desktop\Result.txt
2012-07-07 18:33 - 2012-07-07 18:33 - 00403231 ____A C:\Users\st\Desktop\MiniToolBox.exe
2012-07-07 18:26 - 2012-07-07 18:26 - 00002039 ____A C:\Users\st\Desktop\aswMBR.txt
2012-07-07 18:06 - 2006-11-02 05:46 - 00793934 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-07 18:01 - 2012-06-01 09:25 - 00000466 ____A C:\Windows\Tasks\SDMsgUpdate (TE).job
2012-07-07 18:00 - 2012-07-07 18:00 - 809418958 ____A C:\Windows\MEMORY.DMP
2012-07-07 18:00 - 2012-07-07 18:00 - 00285864 ____A C:\Windows\Minidump\Mini070712-01.dmp
2012-07-07 17:53 - 2012-07-07 17:53 - 04731392 ____A (AVAST Software) C:\Users\st\Desktop\aswMBR.exe
2012-07-07 17:36 - 2012-07-07 17:36 - 02116179 ____A C:\Users\st\Desktop\tdsskiller.zip
2012-07-07 15:10 - 2008-01-20 20:26 - 00222428 ____A C:\Windows\PFRO.log
2012-07-07 11:06 - 2012-07-07 11:06 - 04574136 ____A (Swearware) C:\Users\st\Downloads\ComboFix.exe
2012-07-07 10:44 - 2012-07-06 23:59 - 00000486 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
2012-07-07 10:44 - 2012-07-06 23:59 - 00000458 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
2012-07-07 10:44 - 2012-07-06 23:58 - 00000414 ____A C:\Windows\Tasks\SpeedyPC Pro.job
2012-07-07 01:18 - 2009-01-20 09:24 - 00007916 ____A C:\Users\st\AppData\Local\d3d9caps.dat
2012-07-07 00:00 - 2009-11-08 14:50 - 00001948 ____A C:\Users\Public\Desktop\Microsoft Mouse.lnk
2012-07-06 23:59 - 2012-07-06 23:59 - 00001032 ____A C:\Users\st\Desktop\SpeedyPC Pro.lnk
2012-07-06 15:45 - 2012-07-06 15:45 - 00000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-06 13:37 - 2012-07-06 13:37 - 12101490 ____A C:\Users\st\Downloads\unhackme.zip
2012-07-06 09:55 - 2012-01-12 10:49 - 00000874 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-05 08:51 - 2012-07-05 08:50 - 01599394 ____A C:\Users\st\Downloads\download.zip
2012-07-03 17:00 - 2006-11-02 08:21 - 00447728 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-03 16:36 - 2012-07-03 16:36 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-07-03 16:36 - 2012-07-03 16:36 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-07-03 16:36 - 2012-07-03 16:36 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-03 16:36 - 2012-07-03 16:36 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-03 16:36 - 2012-07-03 16:36 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-03 16:36 - 2012-07-03 16:36 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-03 16:36 - 2012-07-03 16:36 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-07-03 16:36 - 2012-07-03 16:36 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-07-03 16:36 - 2012-07-03 16:36 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00114176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-07-03 16:36 - 2012-07-03 16:36 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-07-03 16:36 - 2012-07-03 16:36 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-07-03 16:36 - 2012-07-03 16:36 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-07-03 16:36 - 2012-07-03 16:36 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-07-03 16:36 - 2012-07-03 16:34 - 00002804 ____A C:\Windows\IE9_main.log
2012-07-03 16:36 - 2006-11-02 05:16 - 00008798 ____A C:\Windows\SysWOW64\icrav03.rat
2012-07-03 16:36 - 2006-11-02 05:16 - 00001988 ____A C:\Windows\SysWOW64\ticrf.rat
2012-07-03 16:36 - 2006-11-01 23:36 - 00008798 ____A C:\Windows\System32\icrav03.rat
2012-07-03 16:36 - 2006-11-01 23:36 - 00001988 ____A C:\Windows\System32\ticrf.rat
2012-07-02 20:01 - 2012-07-02 20:01 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\st\Desktop\TDSSKiller.exe
2012-06-30 00:22 - 2009-01-04 21:05 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-06-29 12:22 - 2012-05-06 22:50 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-29 12:22 - 2011-08-12 10:59 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-12 11:30 - 2009-01-30 12:53 - 00002188 ____A C:\Users\st\AppData\Local\d3d9caps64.dat
2012-06-03 23:28 - 2006-11-02 05:35 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-06-02 15:19 - 2012-06-23 12:49 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 15:19 - 2012-06-23 12:49 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 15:19 - 2012-06-23 12:49 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 15:19 - 2012-06-22 09:51 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 15:19 - 2012-06-22 09:51 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-06-02 15:19 - 2012-06-22 09:51 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:19 - 2012-06-22 09:51 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-06-02 15:19 - 2012-06-22 09:51 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 15:19 - 2012-06-22 09:51 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-06-02 15:15 - 2012-06-23 12:49 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 15:15 - 2012-06-22 09:51 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 15:15 - 2012-06-22 09:51 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 15:12 - 2012-06-23 12:49 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-06-02 15:12 - 2012-06-22 09:51 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2012-06-01 09:25 - 2012-06-01 09:25 - 00000849 ____A C:\Users\st\Desktop\SmartDraw 2012.lnk
2012-06-01 09:25 - 2012-06-01 09:25 - 00000819 ____A C:\Users\Public\Desktop\SmartDraw 2012.lnk
2012-05-15 13:15 - 2012-06-13 18:08 - 02767360 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-11 16:17 - 2012-05-11 16:17 - 00001924 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-05-11 14:29 - 2012-05-11 14:29 - 00034274 ____A C:\Users\st\Documents\client_supply_list.xlsx
2012-05-06 18:38 - 2006-11-02 05:34 - 00001063 ____A C:\Windows\win.ini
2012-05-01 07:29 - 2012-06-13 18:08 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-30 18:40 - 2011-08-17 10:09 - 00001890 ____A C:\Users\Public\Desktop\Skype.lnk
2012-04-23 09:25 - 2012-06-13 18:08 - 01267200 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 09:25 - 2012-06-13 18:08 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 09:25 - 2012-06-13 18:08 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 09:00 - 2012-06-13 18:08 - 00984064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 09:00 - 2012-06-13 18:08 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 09:00 - 2012-06-13 18:08 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-19 04:50 - 2012-04-19 04:50 - 00028480 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys

ZeroAccess:
C:\Windows\Installer\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}
C:\Windows\Installer\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\@
C:\Windows\Installer\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\L
C:\Windows\Installer\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\U
C:\Windows\Installer\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\L\00000004.@
C:\Windows\Installer\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\L\1afb2d56
C:\Windows\Installer\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\L\201d3dde
C:\Windows\Installer\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\U\00000004.@
C:\Windows\Installer\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\U\00000008.@
C:\Windows\Installer\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\U\000000cb.@
C:\Windows\Installer\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\U\80000000.@
C:\Windows\Installer\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\U\80000032.@
C:\Windows\Installer\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\U\80000064.@

ZeroAccess:
C:\Users\st\AppData\Local\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}
C:\Users\st\AppData\Local\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\@
C:\Users\st\AppData\Local\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\L
C:\Users\st\AppData\Local\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe BC81150939BD52DBC7A08C245F1FB229 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 6142.33 MB
Available physical RAM: 5386.57 MB
Total Pagefile: 12395.69 MB
Available Pagefile: 11818.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (HP) (Fixed) (Total:453.43 GB) (Free:268.92 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.33 GB) (Free:1.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (HP2) (Fixed) (Total:465.76 GB) (Free:459.63 GB) NTFS
9 Drive k: (LEXAR) (Removable) (Total:1.87 GB) (Free:0.28 GB) FAT

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B
Disk 1 Online 466 GB 0 B
Disk 2 Online 1912 MB 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 453 GB 32 KB
Partition 2 Primary 12 GB 453 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C HP NTFS Partition 453 GB Healthy System (partition with boot components)

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D FACTORY_IMA NTFS Partition 12 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 466 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E HP2 NTFS Partition 466 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1912 MB 16 KB

==================================================================================

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 K LEXAR FAT Removable 1912 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-07 18:06

======================= End Of Log ==========================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:22 AM

Posted 08 July 2012 - 02:47 AM

Greetings


that does not look like it ran from the recovery environment - need you to read the instructions very carefully and see if you can enter the recovery environment

Ok lets see if we can find a replacement for the infected file

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ndbleep12

ndbleep12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 08 July 2012 - 12:24 PM

Hi, ok, was able to run FRST in the recovery environment. Ran it twice, one scan, one search for services.exe. Results below...

---------------- Scan

Scan result of Farbar Recovery Scan Tool Version: 07-07-2012 04
Ran by SYSTEM at 08-07-2012 10:08:29
Running from G:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [178712 2008-06-11] (Intel Corporation)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1659816 2007-08-31] (Microsoft Corporation)
HKLM-x32\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-02] (Hewlett-Packard)
HKLM-x32\...\Run: [MDShell] "C:\Program Files (x86)\Mediafour\MacDrive\MDShell.exe" /S [77824 2000-04-19] (Mediafour Corporation)
HKLM-x32\...\Run: [Omnipage] "C:\Program Files (x86)\ScanSoft\OmniPageSE\opware32.exe" [49152 2002-06-03] (ScanSoft, Inc)
HKLM-x32\...\Run: [PDF Maker Pilot (demo) printing agent] "C:\Program Files (x86)\PDF Maker Pilot Demo\pmpagentd.exe" [90112 2007-06-18] ()
HKLM-x32\...\Run: [SoundMan] SOUNDMAN.EXE [x]
HKLM-x32\...\Run: [MsmqIntCert] regsvr32 /s mqrt.dll [x]
HKLM-x32\...\Run: [IgfxTray] C:\Windows\SysWOW64\igfxtray.exe [155648 2002-10-15] (Intel Corporation)
HKLM-x32\...\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Professional 5\pdfpro5hook.exe [795936 2008-07-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Professional 5\RegistryController.exe [58656 2008-07-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2007-03-26] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Nuance PDF Professional 5-reminder] "C:\Program Files (x86)\Nuance\PDF Professional 5\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Professional 5\Ereg\Ereg.ini" [373 2012-07-08] ()
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [81920 2008-06-01] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [ArcSoft MediaImpression Monitor] "C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [80384 2010-07-20] (ArcSoft, Inc.)
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [316864 2010-04-09] (Cyber Power Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Carbonite Backup] "C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [1059984 2012-03-16] (Carbonite, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)
HKU\Administrator\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Administrator\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-07-03] (Hewlett-Packard)
HKU\Administrator\...\Run: [StartUp This] "C:\Program Files (x86)\Laplink\PCmover\LaunchSt.exe" [251184 2008-10-07] (Laplink Software, Inc.)
HKU\Administrator\...\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [221184 2005-02-16] (InstallShield Software Corporation)
HKU\Administrator\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Administrator\...\Run: [googletalk] C:\Users\Administrator\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [x]
HKU\Administrator\...\Run: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer [2195160 2009-11-02] (TiVo Inc.)
HKU\Administrator\...\Run: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe [604888 2009-11-02] (TiVo Inc.)
HKU\Administrator\...\Run: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify [430808 2009-11-02] (TiVo Inc.)
HKU\Administrator\...\Run: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe [856280 2009-11-02] (TiVo Inc.)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-07-03] (Hewlett-Packard)
HKU\Guest\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-07-03] (Hewlett-Packard)
HKU\Guest\...\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [221184 2005-02-16] (InstallShield Software Corporation)
HKU\Guest\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Guest\...\Run: [googletalk] C:\Users\Guest\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [x]
HKU\Guest\...\Run: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer [2195160 2009-11-02] (TiVo Inc.)
HKU\Guest\...\Run: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe [604888 2009-11-02] (TiVo Inc.)
HKU\Guest\...\Run: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify [430808 2009-11-02] (TiVo Inc.)
HKU\Guest\...\Run: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe [856280 2009-11-02] (TiVo Inc.)
HKU\st\...\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [221184 2005-02-16] (InstallShield Software Corporation)
HKU\st\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\st\...\Run: [googletalk] C:\Users\st\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)
HKU\st\...\Run: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry [2195160 2009-11-02] (TiVo Inc.)
HKU\st\...\Run: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe [604888 2009-11-02] (TiVo Inc.)
HKU\st\...\Run: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify [430808 2009-11-02] (TiVo Inc.)
HKU\st\...\Run: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe [856280 2009-11-02] (TiVo Inc.)
HKU\st\...\Run: [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe /background [2561320 2010-06-27] (RayV)
HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-07-03] (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 68.116.46.115 24.205.192.61 24.205.224.36
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Button Manager.lnk
ShortcutTarget: HP Button Manager.lnk -> C:\Program Files (x86)\HP\Button Manager\BM.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Magic-i.lnk
ShortcutTarget: Magic-i.lnk -> C:\Program Files (x86)\ArcSoft\Magic-i 3\Magic-i.exe (ArcSoft, Inc.)

==================== Services (Whitelisted) ======

2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
3 ALG; C:\Windows\SysWow64\alg.exe [44544 2008-04-13] (Microsoft Corporation)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2004-07-15] (Microsoft Corporation)
2 AudioEndpointBuilder; C:\Windows\SysWow64\Audiosrv.dll [42496 2008-04-13] (Microsoft Corporation)
2 AudioSrv; C:\Windows\SysWow64\Audiosrv.dll [42496 2008-04-13] (Microsoft Corporation)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 BBSvc; C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe [193816 2012-02-13] (Microsoft Corporation.)
3 BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe [240408 2012-02-13] (Microsoft Corporation.)
2 BITS; C:\Windows\SysWow64\qmgr.dll [409088 2008-04-13] (Microsoft Corporation)
3 BlueSoleil Hid Service; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe [110592 2005-04-06] ()
2 Browser; C:\Windows\SysWow64\browser.dll [77824 2008-04-13] (Microsoft Corporation)
2 BthServ; C:\Windows\SysWow64\bthserv.dll [30208 2008-04-13] (Microsoft Corporation)
2 CarboniteService; "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe" [6684304 2012-03-16] (Carbonite, Inc. (www.carbonite.com))
2 DcomLaunch; C:\Windows\SysWow64\rpcss.dll [399360 2008-04-13] (Microsoft Corporation)
2 Dnscache; C:\Windows\SysWow64\dnsrslvr.dll [45568 2008-04-13] (Microsoft Corporation)
3 dot3svc; C:\Windows\SysWow64\dot3svc.dll [132096 2008-04-13] (Microsoft Corporation)
3 EapHost; C:\Windows\SysWow64\eapsvc.dll [33792 2008-04-13] (Microsoft Corporation)
3 GameConsoleService; "C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe" [165416 2008-03-28] (WildTangent, Inc.)
2 gupdate1ca3da46f8580; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [133104 2009-09-24] (Google Inc.)
3 hkmsvc; C:\Windows\SysWow64\kmsvc.dll [61440 2008-04-13] (Microsoft Corporation)
2 HPBtnSrv; C:\hp\HPEZBTN\HPBtnSrv.exe [198240 2007-05-29] ()
3 KeyIso; C:\Windows\SysWow64\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
2 LanmanServer; C:\Windows\SysWow64\srvsvc.dll [96768 2008-04-13] (Microsoft Corporation)
2 LanmanWorkstation; C:\Windows\SysWow64\wkssvc.dll [132096 2008-04-13] (Microsoft Corporation)
2 lmhosts; C:\Windows\SysWow64\lmhsvc.dll [13824 2008-04-13] (Microsoft Corporation)
2 MgiSvr; C:\Program Files (x86)\ArcSoft\Magic-i 3\uMgiSvr.exe [76544 2006-11-13] (ArcSoft, Inc.)
3 MSDTC; C:\Windows\SysWow64\msdtc.exe [6144 2008-04-13] (Microsoft Corporation)
3 napagent; C:\Windows\SysWow64\qagentRT.dll [291328 2008-04-13] (Microsoft Corporation)
2 NBDUpdate; "C:\Program Files\yaTimer\Updates\AutoUpdateService.exe" [6144 2012-04-03] ()
3 Netlogon; C:\Windows\SysWow64\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
3 Netman; C:\Windows\SysWow64\netman.dll [198144 2008-04-13] (Microsoft Corporation)
2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 5\PDFProFiltSrv.exe [144672 2008-07-31] (Nuance Communications, Inc.)
2 PlugPlay; C:\Windows\SysWow64\umpnpmgr.dll [123392 2008-04-13] (Microsoft Corporation)
2 PolicyAgent; C:\Windows\SysWow64\ipsecsvc.dll [183808 2008-04-13] (Microsoft Corporation)
2 ppped; "C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe" [918976 2010-04-16] (Cyber Power Systems, Inc.)
3 ProtectedStorage; C:\Windows\SysWow64\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
3 RasAuto; C:\Windows\SysWow64\rasauto.dll [88576 2008-04-13] (Microsoft Corporation)
3 RasMan; C:\Windows\SysWow64\rasmans.dll [186368 2008-04-13] (Microsoft Corporation)
3 RemoteRegistry; C:\Windows\SysWow64\regsvc.dll [59904 2008-04-13] (Microsoft Corporation)
2 RetroLauncher; C:\Program Files (x86)\Dantz\Retrospect\retrorun.exe [49152 2003-11-12] (Dantz Development Corporation)
2 RetroWDSvc; C:\PROGRA~2\Dantz\RETROS~1\wdsvc.exe [46592 2003-12-10] (Dantz Development Corporation)
3 RpcLocator; C:\Windows\SysWow64\locator.exe [75264 2008-04-13] (Microsoft Corporation)
2 RpcSs; C:\Windows\SysWow64\rpcss.dll [399360 2008-04-13] (Microsoft Corporation)
2 SamSs; C:\Windows\SysWow64\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 Schedule; C:\Windows\SysWow64\schedsvc.dll [192512 2008-04-13] (Microsoft Corporation)
2 seclogon; C:\Windows\SysWow64\seclogon.dll [18944 2008-04-13] (Microsoft Corporation)
3 SNMPTRAP; C:\Windows\SysWow64\snmptrap.exe [8704 2008-04-13] (Microsoft Corporation)
2 Spooler; C:\Windows\SysWow64\spoolsv.exe [57856 2008-04-13] (Microsoft Corporation)
3 SSDPSRV; C:\Windows\SysWow64\ssdpsrv.dll [71680 2008-04-13] (Microsoft Corporation)
2 stisvc; C:\Windows\SysWow64\wiaservc.dll [333824 2008-04-13] (Microsoft Corporation)
3 swprv; C:\Windows\SysWow64\swprv.dll [138752 2002-08-29] (Microsoft Corporation)
2 TermService; C:\Windows\SysWow64\termsrv.dll [295424 2008-04-13] (Microsoft Corporation)
4 TivoBeacon2; "C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe" /service [1098968 2009-11-02] (TiVo Inc.)
2 TrkWks; C:\Windows\SysWow64\trkwks.dll [90112 2008-04-13] (Microsoft Corporation)
3 vds; C:\Windows\System32\vds.exe [454656 2009-04-10] (Microsoft Corporation)
3 VSS; C:\Windows\SysWow64\vssvc.exe [289792 2008-04-13] (Microsoft Corporation)
2 W32Time; C:\Windows\SysWow64\w32time.dll [175104 2008-04-13] (Microsoft Corporation)
2 wscsvc; C:\Windows\SysWow64\wscsvc.dll [80896 2008-04-13] (Microsoft Corporation)
2 wuauserv; C:\Windows\SysWow64\wuaueng.dll [1809944 2008-10-16] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

3 61883; C:\Windows\System32\Drivers\61883.sys [58496 2008-01-20] (Microsoft Corporation)
3 ARCSOFTVIRTUALCAPTURE; C:\Windows\System32\Drivers\ARCSOFTVIRTUALCAPTURE.sys [18304 2007-07-02] (ArcSoft, Inc.)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
2 CDRPDACC; \??\C:\Program Files (x86)\Quintessential Player\cdrpdacc.sys [5273 2005-12-05] (Arrowkey)
0 MacDrive; C:\Windows\SysWow64\Drivers\MacDrive.sys [213664 2000-04-26] (Mediafour Corporation)
2 MySQL; "C:\Program Files (x86)\MySQL\MySQL Server 4.1\bin\mysqld-nt" --defaults-file="C:\Program Files (x86)\MySQL\MySQL Server 4.1\my.ini" MySQL [9111 2005-03-18] ()
3 Ps2; C:\Windows\System32\Drivers\Ps2.sys [21504 2006-09-07] ()
3 VcommMgr; C:\Windows\SysWow64\Drivers\VcommMgr.sys [82148 2005-03-25] (IVT Corporation)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-07 21:51 - 2012-07-07 21:52 - 00000000 ____D C:\FRST
2012-07-07 21:00 - 2012-07-07 21:01 - 00000000 ____D C:\ComboFix
2012-07-07 21:00 - 2012-07-07 21:00 - 00000332 ____A C:\Start_.cmd
2012-07-07 20:58 - 2012-07-07 20:58 - 04574136 ____R (Swearware) C:\Users\st\Desktop\ComboFix.exe
2012-07-07 20:40 - 2012-07-07 20:40 - 00881475 ____A C:\Users\st\Desktop\SecurityCheck.exe
2012-07-07 19:52 - 2012-07-07 19:52 - 00302592 ____A C:\Users\st\Desktop\8vj582mc.exe
2012-07-07 19:49 - 2012-07-07 19:49 - 00022245 ____A C:\Users\st\Desktop\DDS.txt
2012-07-07 19:49 - 2012-07-07 19:49 - 00013754 ____A C:\Users\st\Desktop\Attach.txt
2012-07-07 19:46 - 2012-07-07 19:46 - 00607260 ____R (Swearware) C:\Users\st\Desktop\dds.scr
2012-07-07 19:39 - 2012-07-07 19:40 - 00000157 ____A C:\Users\st\Desktop\steps-6thru9.txt
2012-07-07 19:37 - 2012-07-07 19:37 - 00000466 ____A C:\Users\st\Desktop\defogger_disable.log
2012-07-07 19:37 - 2012-07-07 19:37 - 00000000 ____A C:\Users\st\defogger_reenable
2012-07-07 19:36 - 2012-07-07 19:36 - 00050477 ____A C:\Users\st\Desktop\Defogger.exe
2012-07-07 19:19 - 2012-07-07 19:19 - 00002134 ____A C:\Users\st\Desktop\aswMBR2.txt
2012-07-07 17:35 - 2012-07-07 17:43 - 00009727 ____A C:\Users\st\Desktop\Result.txt
2012-07-07 17:33 - 2012-07-07 17:33 - 00403231 ____A C:\Users\st\Desktop\MiniToolBox.exe
2012-07-07 17:26 - 2012-07-07 19:19 - 00000512 ____A C:\Users\st\Desktop\MBR.dat
2012-07-07 17:26 - 2012-07-07 17:26 - 00002039 ____A C:\Users\st\Desktop\aswMBR.txt
2012-07-07 17:00 - 2012-07-07 17:00 - 809418958 ____A C:\Windows\MEMORY.DMP
2012-07-07 17:00 - 2012-07-07 17:00 - 00285864 ____A C:\Windows\Minidump\Mini070712-01.dmp
2012-07-07 16:53 - 2012-07-07 16:53 - 04731392 ____A (AVAST Software) C:\Users\st\Desktop\aswMBR.exe
2012-07-07 16:36 - 2012-07-07 16:36 - 02116179 ____A C:\Users\st\Desktop\tdsskiller.zip
2012-07-07 11:17 - 2012-07-07 11:17 - 00000000 ____D C:\Program Files (x86)\ESET
2012-07-07 10:30 - 2012-07-07 21:01 - 00000000 ___SD C:\32788R22FWJFW
2012-07-07 10:30 - 2012-07-07 21:00 - 00000000 ____D C:\Qoobox
2012-07-07 10:30 - 2012-07-07 10:32 - 00000000 ____D C:\Windows\erdnt
2012-07-07 10:06 - 2012-07-07 10:06 - 04574136 ____A (Swearware) C:\Users\st\Downloads\ComboFix.exe
2012-07-06 22:59 - 2012-07-07 23:55 - 00000458 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
2012-07-06 22:59 - 2012-07-07 09:44 - 00000486 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
2012-07-06 22:59 - 2012-07-06 22:59 - 00001032 ____A C:\Users\st\Desktop\SpeedyPC Pro.lnk
2012-07-06 22:59 - 2012-07-06 22:59 - 00000000 ____D C:\Users\st\AppData\Roaming\SpeedyPC Software
2012-07-06 22:59 - 2012-07-06 22:59 - 00000000 ____D C:\Users\st\AppData\Roaming\DriverCure
2012-07-06 22:58 - 2012-07-08 06:54 - 00000414 ____A C:\Windows\Tasks\SpeedyPC Pro.job
2012-07-06 22:58 - 2012-07-06 22:58 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-07-06 22:58 - 2012-07-06 22:58 - 00000000 ____D C:\Users\All Users\Application Data\SpeedyPC Software
2012-07-06 22:58 - 2012-07-06 22:58 - 00000000 ____D C:\Program Files (x86)\SpeedyPC Software
2012-07-06 14:45 - 2012-07-06 14:45 - 00000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-06 14:45 - 2012-07-06 14:45 - 00000950 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-06 14:45 - 2012-07-06 14:45 - 00000000 ____D C:\Users\st\Desktop\Chameleon
2012-07-06 14:45 - 2012-07-06 14:45 - 00000000 ____D C:\Users\st\AppData\Roaming\Malwarebytes
2012-07-06 14:45 - 2012-07-06 14:45 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-06 14:45 - 2012-07-06 14:45 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-07-06 14:45 - 2012-07-06 14:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-06 14:45 - 2012-04-04 14:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-06 12:37 - 2012-07-06 12:37 - 12101490 ____A C:\Users\st\Downloads\unhackme.zip
2012-07-05 07:50 - 2012-07-05 07:51 - 01599394 ____A C:\Users\st\Downloads\download.zip
2012-07-03 15:36 - 2012-07-03 15:36 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-07-03 15:36 - 2012-07-03 15:36 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-07-03 15:36 - 2012-07-03 15:36 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-03 15:36 - 2012-07-03 15:36 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-03 15:36 - 2012-07-03 15:36 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-03 15:36 - 2012-07-03 15:36 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-03 15:36 - 2012-07-03 15:36 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-07-03 15:36 - 2012-07-03 15:36 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-07-03 15:36 - 2012-07-03 15:36 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00114176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-07-03 15:36 - 2012-07-03 15:36 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-07-03 15:36 - 2012-07-03 15:36 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-07-03 15:34 - 2012-07-03 15:36 - 00002804 ____A C:\Windows\IE9_main.log
2012-07-02 19:01 - 2012-07-02 19:01 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\st\Desktop\TDSSKiller.exe
2012-06-29 11:33 - 2012-06-29 11:33 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-23 11:49 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-23 11:49 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-23 11:49 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-23 11:49 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-23 11:49 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-06-22 08:51 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-22 08:51 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-06-22 08:51 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-22 08:51 - 2012-06-02 14:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-06-22 08:51 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-22 08:51 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-06-22 08:51 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-22 08:51 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-22 08:51 - 2012-06-02 14:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2012-06-21 07:38 - 2012-06-21 07:38 - 00000000 ____D C:\Users\st\AppData\Roaming\TeamViewer
2012-06-13 17:08 - 2012-05-15 12:15 - 02767360 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 17:08 - 2012-05-01 06:29 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 17:08 - 2012-04-23 08:25 - 01267200 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 17:08 - 2012-04-23 08:25 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 17:08 - 2012-04-23 08:25 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 17:08 - 2012-04-23 08:00 - 00984064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 17:08 - 2012-04-23 08:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 17:08 - 2012-04-23 08:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-11 11:19 - 2012-06-11 11:19 - 00000000 ____D C:\Users\st\Documents\rv


============ 3 Months Modified Files ========================

2012-07-08 08:57 - 2008-09-28 03:11 - 01113186 ____A C:\Windows\WindowsUpdate.log
2012-07-08 08:57 - 2006-11-02 07:42 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-08 08:57 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-08 08:57 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-08 08:57 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-08 08:48 - 2006-11-02 04:46 - 00793934 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-08 08:42 - 2012-06-01 08:25 - 00000466 ____A C:\Windows\Tasks\SDMsgUpdate (TE).job
2012-07-08 08:42 - 2009-09-24 22:03 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-08 06:54 - 2012-07-06 22:58 - 00000414 ____A C:\Windows\Tasks\SpeedyPC Pro.job
2012-07-08 06:11 - 2009-09-24 22:03 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-07 23:55 - 2012-07-06 22:59 - 00000458 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
2012-07-07 21:00 - 2012-07-07 21:00 - 00000332 ____A C:\Start_.cmd
2012-07-07 20:58 - 2012-07-07 20:58 - 04574136 ____R (Swearware) C:\Users\st\Desktop\ComboFix.exe
2012-07-07 20:40 - 2012-07-07 20:40 - 00881475 ____A C:\Users\st\Desktop\SecurityCheck.exe
2012-07-07 19:52 - 2012-07-07 19:52 - 00302592 ____A C:\Users\st\Desktop\8vj582mc.exe
2012-07-07 19:49 - 2012-07-07 19:49 - 00022245 ____A C:\Users\st\Desktop\DDS.txt
2012-07-07 19:49 - 2012-07-07 19:49 - 00013754 ____A C:\Users\st\Desktop\Attach.txt
2012-07-07 19:46 - 2012-07-07 19:46 - 00607260 ____R (Swearware) C:\Users\st\Desktop\dds.scr
2012-07-07 19:40 - 2012-07-07 19:39 - 00000157 ____A C:\Users\st\Desktop\steps-6thru9.txt
2012-07-07 19:37 - 2012-07-07 19:37 - 00000466 ____A C:\Users\st\Desktop\defogger_disable.log
2012-07-07 19:37 - 2012-07-07 19:37 - 00000000 ____A C:\Users\st\defogger_reenable
2012-07-07 19:36 - 2012-07-07 19:36 - 00050477 ____A C:\Users\st\Desktop\Defogger.exe
2012-07-07 19:19 - 2012-07-07 19:19 - 00002134 ____A C:\Users\st\Desktop\aswMBR2.txt
2012-07-07 19:19 - 2012-07-07 17:26 - 00000512 ____A C:\Users\st\Desktop\MBR.dat
2012-07-07 17:43 - 2012-07-07 17:35 - 00009727 ____A C:\Users\st\Desktop\Result.txt
2012-07-07 17:33 - 2012-07-07 17:33 - 00403231 ____A C:\Users\st\Desktop\MiniToolBox.exe
2012-07-07 17:26 - 2012-07-07 17:26 - 00002039 ____A C:\Users\st\Desktop\aswMBR.txt
2012-07-07 17:00 - 2012-07-07 17:00 - 809418958 ____A C:\Windows\MEMORY.DMP
2012-07-07 17:00 - 2012-07-07 17:00 - 00285864 ____A C:\Windows\Minidump\Mini070712-01.dmp
2012-07-07 16:53 - 2012-07-07 16:53 - 04731392 ____A (AVAST Software) C:\Users\st\Desktop\aswMBR.exe
2012-07-07 16:36 - 2012-07-07 16:36 - 02116179 ____A C:\Users\st\Desktop\tdsskiller.zip
2012-07-07 14:10 - 2008-01-20 19:26 - 00222428 ____A C:\Windows\PFRO.log
2012-07-07 10:06 - 2012-07-07 10:06 - 04574136 ____A (Swearware) C:\Users\st\Downloads\ComboFix.exe
2012-07-07 09:44 - 2012-07-06 22:59 - 00000486 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
2012-07-07 00:18 - 2009-01-20 08:24 - 00007916 ____A C:\Users\st\AppData\Local\d3d9caps.dat
2012-07-06 23:00 - 2009-11-08 13:50 - 00001948 ____A C:\Users\Public\Desktop\Microsoft Mouse.lnk
2012-07-06 23:00 - 2009-11-08 13:50 - 00001948 ____A C:\Users\All Users\Desktop\Microsoft Mouse.lnk
2012-07-06 22:59 - 2012-07-06 22:59 - 00001032 ____A C:\Users\st\Desktop\SpeedyPC Pro.lnk
2012-07-06 14:45 - 2012-07-06 14:45 - 00000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-06 14:45 - 2012-07-06 14:45 - 00000950 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-06 12:37 - 2012-07-06 12:37 - 12101490 ____A C:\Users\st\Downloads\unhackme.zip
2012-07-06 08:55 - 2012-01-12 09:49 - 00000874 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-06 08:55 - 2012-01-12 09:49 - 00000874 ____A C:\Users\All Users\Desktop\AVG 2012.lnk
2012-07-05 07:51 - 2012-07-05 07:50 - 01599394 ____A C:\Users\st\Downloads\download.zip
2012-07-03 16:00 - 2006-11-02 07:21 - 00447728 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-03 15:36 - 2012-07-03 15:36 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-07-03 15:36 - 2012-07-03 15:36 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-07-03 15:36 - 2012-07-03 15:36 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-03 15:36 - 2012-07-03 15:36 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-03 15:36 - 2012-07-03 15:36 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-03 15:36 - 2012-07-03 15:36 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-03 15:36 - 2012-07-03 15:36 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-07-03 15:36 - 2012-07-03 15:36 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-07-03 15:36 - 2012-07-03 15:36 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00114176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-07-03 15:36 - 2012-07-03 15:36 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-07-03 15:36 - 2012-07-03 15:36 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-07-03 15:36 - 2012-07-03 15:36 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-07-03 15:36 - 2012-07-03 15:36 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-07-03 15:36 - 2012-07-03 15:34 - 00002804 ____A C:\Windows\IE9_main.log
2012-07-03 15:36 - 2006-11-02 04:16 - 00008798 ____A C:\Windows\SysWOW64\icrav03.rat
2012-07-03 15:36 - 2006-11-02 04:16 - 00001988 ____A C:\Windows\SysWOW64\ticrf.rat
2012-07-03 15:36 - 2006-11-01 22:36 - 00008798 ____A C:\Windows\System32\icrav03.rat
2012-07-03 15:36 - 2006-11-01 22:36 - 00001988 ____A C:\Windows\System32\ticrf.rat
2012-07-02 19:01 - 2012-07-02 19:01 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\st\Desktop\TDSSKiller.exe
2012-06-29 23:22 - 2009-01-04 20:05 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-06-29 11:22 - 2012-05-06 21:50 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-29 11:22 - 2011-08-12 09:59 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-12 10:30 - 2009-01-30 11:53 - 00002188 ____A C:\Users\st\AppData\Local\d3d9caps64.dat
2012-06-03 22:28 - 2006-11-02 04:35 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-06-02 14:19 - 2012-06-23 11:49 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-23 11:49 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-23 11:49 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 08:51 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 08:51 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-06-02 14:19 - 2012-06-22 08:51 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-22 08:51 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-06-02 14:19 - 2012-06-22 08:51 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-22 08:51 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-06-02 14:15 - 2012-06-23 11:49 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-22 08:51 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-22 08:51 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 14:12 - 2012-06-23 11:49 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-06-02 14:12 - 2012-06-22 08:51 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2012-06-01 08:25 - 2012-06-01 08:25 - 00000849 ____A C:\Users\st\Desktop\SmartDraw 2012.lnk
2012-06-01 08:25 - 2012-06-01 08:25 - 00000819 ____A C:\Users\Public\Desktop\SmartDraw 2012.lnk
2012-06-01 08:25 - 2012-06-01 08:25 - 00000819 ____A C:\Users\All Users\Desktop\SmartDraw 2012.lnk
2012-05-15 12:15 - 2012-06-13 17:08 - 02767360 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-11 15:17 - 2012-05-11 15:17 - 00001924 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-05-11 15:17 - 2012-05-11 15:17 - 00001924 ____A C:\Users\All Users\Desktop\Adobe Reader X.lnk
2012-05-11 13:29 - 2012-05-11 13:29 - 00034274 ____A C:\Users\st\Documents\client_supply_list.xlsx
2012-05-06 17:38 - 2006-11-02 04:34 - 00001063 ____A C:\Windows\win.ini
2012-05-01 06:29 - 2012-06-13 17:08 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-30 17:40 - 2011-08-17 09:09 - 00001890 ____A C:\Users\Public\Desktop\Skype.lnk
2012-04-30 17:40 - 2011-08-17 09:09 - 00001890 ____A C:\Users\All Users\Desktop\Skype.lnk
2012-04-23 08:25 - 2012-06-13 17:08 - 01267200 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 08:25 - 2012-06-13 17:08 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 08:25 - 2012-06-13 17:08 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 08:00 - 2012-06-13 17:08 - 00984064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 08:00 - 2012-06-13 17:08 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 08:00 - 2012-06-13 17:08 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-19 03:50 - 2012-04-19 03:50 - 00028480 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys

ZeroAccess:
C:\Windows\Installer\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}
C:\Windows\Installer\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\@
C:\Windows\Installer\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\L
C:\Windows\Installer\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\U
C:\Windows\Installer\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\L\00000004.@
C:\Windows\Installer\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\L\1afb2d56
C:\Windows\Installer\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\L\201d3dde
C:\Windows\Installer\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\U\00000004.@
C:\Windows\Installer\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\U\00000008.@
C:\Windows\Installer\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\U\000000cb.@
C:\Windows\Installer\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\U\80000000.@
C:\Windows\Installer\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\U\80000032.@
C:\Windows\Installer\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\U\80000064.@

ZeroAccess:
C:\Users\st\AppData\Local\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}
C:\Users\st\AppData\Local\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\@
C:\Users\st\AppData\Local\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\L
C:\Users\st\AppData\Local\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe BC81150939BD52DBC7A08C245F1FB229 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 6142.33 MB
Available physical RAM: 5305.94 MB
Total Pagefile: 5721.73 MB
Available Pagefile: 5285.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (HP) (Fixed) (Total:453.43 GB) (Free:262.95 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.33 GB) (Free:1.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (HP2) (Fixed) (Total:465.76 GB) (Free:459.63 GB) NTFS
5 Drive g: (LEXAR) (Removable) (Total:1.87 GB) (Free:0.28 GB) FAT
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B
Disk 1 Online 466 GB 0 B
Disk 2 Online 1912 MB 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 453 GB 32 KB
Partition 2 Primary 12 GB 453 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C HP NTFS Partition 453 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D FACTORY_IMA NTFS Partition 12 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 466 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E HP2 NTFS Partition 466 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1912 MB 16 KB

==================================================================================

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G LEXAR FAT Removable 1912 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-08 08:49

======================= End Of Log ==========================




---------------------- Search

Farbar Recovery Scan Tool Version: 07-07-2012 04
Ran by SYSTEM at 2012-07-08 10:10:43
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-09-23 14:34] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009-09-23 14:34] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719

C:\Windows\SysWOW64\services.exe
[2009-09-23 14:34] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\System32\services.exe
[2009-09-23 14:34] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) BC81150939BD52DBC7A08C245F1FB229

====== End Of Search ======

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:22 AM

Posted 08 July 2012 - 03:18 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Users\st\AppData\Local\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}
C:\Windows\Installer\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ndbleep12

ndbleep12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 08 July 2012 - 05:28 PM

Hi, Frst seemed to run successfully. Results of the log below...

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 07-07-2012 04
Ran by SYSTEM at 2012-07-08 15:24:39 Run:1
Running from G:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Users\st\AppData\Local\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c} moved successfully.
C:\Windows\Installer\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c} moved successfully.

==== End of Fixlog ====

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:22 AM

Posted 08 July 2012 - 09:48 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ndbleep12

ndbleep12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 08 July 2012 - 11:33 PM

Hi Gringo,

ComboFix ran unobstructed, restarted machine, ComboFix report window appeared, waited for extensions to load. AVG detected C:\ComboFix\Regxxxx, which I allowed. Report was then produced (included below). Launched IE and browsed 15 links, NO REDIRECTIONS...Genius!!

---------------

ComboFix 12-07-08.01 - st 07/08/2012 20:51:45.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6142.4150 [GMT -7:00]
Running from: c:\users\st\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\st\Documents\~WRL1492.tmp
c:\users\st\Documents\~WRL1879.tmp
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\dbxesellerate.exe
c:\windows\system\GZkrm79731.drv
c:\windows\system\GZkrm81120.drv
c:\windows\system\GZkrm81138.drv
c:\windows\system\GZkrm81591.drv
c:\windows\system\GZkrm85721.drv
c:\windows\SysWow64\dbxDgrevCheck.dll
c:\windows\SysWow64\dllcache\wmpvis.dll
c:\windows\SysWow64\jucheck.exe
c:\windows\SysWow64\jusched.exe
c:\windows\SysWow64\SET5D5D.tmp
c:\windows\SysWow64\SETCC.tmp
c:\windows\SysWow64\SETDE.tmp
c:\windows\SysWow64\sfcfiles.dll
c:\windows\SysWow64\SOCKETX.DLL
c:\windows\SysWow64\uninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))
.
.
2012-07-09 04:05 . 2012-07-09 04:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-09 04:05 . 2012-07-09 04:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-09 04:04 . 2012-07-09 04:06 -------- d-----w- c:\windows\ServiceProfiles\LocalService\AppData\Local\temp
2012-07-09 04:04 . 2012-07-09 04:04 -------- d-----w- c:\windows\ServiceProfiles\NetworkService\AppData\Local\temp
2012-07-09 04:04 . 2012-07-09 04:04 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-09 04:04 . 2012-07-09 04:04 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-08 05:51 . 2012-07-08 05:52 -------- d-----w- C:\FRST
2012-07-07 19:17 . 2012-07-07 19:17 -------- d-----w- c:\program files (x86)\ESET
2012-07-07 06:59 . 2012-07-07 06:59 -------- d-----w- c:\users\st\AppData\Roaming\DriverCure
2012-07-07 06:59 . 2012-07-07 06:59 -------- d-----w- c:\users\st\AppData\Roaming\SpeedyPC Software
2012-07-07 06:58 . 2012-07-07 06:58 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
2012-07-07 06:58 . 2012-07-07 06:58 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-07 06:58 . 2012-07-07 06:58 -------- d-----w- c:\program files (x86)\SpeedyPC Software
2012-07-06 22:45 . 2012-07-06 22:45 -------- d-----w- c:\users\st\AppData\Roaming\Malwarebytes
2012-07-06 22:45 . 2012-07-06 22:45 -------- d-----w- c:\programdata\Malwarebytes
2012-07-06 22:45 . 2012-07-06 22:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-06 22:45 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 19:33 . 2012-06-29 19:33 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-26 17:34 . 2012-06-26 17:34 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-26 17:34 . 2012-06-26 17:34 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-23 19:49 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 19:49 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 19:49 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 19:49 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 16:51 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 16:51 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 16:51 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 16:51 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 16:51 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 15:38 . 2012-06-21 15:38 -------- d-----w- c:\users\st\AppData\Roaming\TeamViewer
2012-06-14 01:08 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 01:08 . 2012-05-15 20:15 2767360 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 01:08 . 2012-04-23 16:25 1267200 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 01:08 . 2012-04-23 16:00 984064 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 01:08 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 01:08 . 2012-04-23 16:25 132096 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 01:08 . 2012-04-23 16:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-14 01:08 . 2012-04-23 16:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 23:36 . 2012-07-03 23:36 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-07-03 23:36 . 2012-07-03 23:36 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-07-03 23:36 . 2012-07-03 23:36 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-07-03 23:36 . 2012-07-03 23:36 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-07-03 23:36 . 2012-07-03 23:36 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-07-03 23:36 . 2012-07-03 23:36 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-06-29 19:22 . 2012-05-07 05:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-29 19:22 . 2011-08-12 17:59 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-22 16:51 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 22:19 . 2012-06-22 16:51 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-22 16:51 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:12 . 2012-06-22 16:51 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-02 22:12 . 2012-06-23 19:49 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-04-19 11:50 . 2012-04-19 11:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
.
.
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] .. c:\windows\SysWOW64\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] .. c:\windows\SysWOW64\dllcache\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] .. c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2qfe\ntkrnlpa.exe
[-] 2006-12-19 . 1D659BFB788ED2BA45075624B748D249 . 2057600 . . [5.1.2600.3051] .. c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2gdr\ntkrnlpa.exe
.
[-] 2008-04-14 01:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] .. c:\windows\SysWOW64\ntmssvc.dll
.
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] .. c:\windows\SysWOW64\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] .. c:\windows\SysWOW64\dllcache\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] .. c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2qfe\ntoskrnl.exe
[-] 2006-12-19 . 8F0DEAB1F81FB83F9C5995853CE48B9F . 2180352 . . [5.1.2600.3051] .. c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2gdr\ntoskrnl.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] .. c:\windows\SysWOW64\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] .. c:\windows\SysWOW64\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] .. c:\windows\SysWOW64\wiaservc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-03-17 04:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-03-17 04:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-03-17 04:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"googletalk"="c:\users\st\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"TivoServer"="c:\program files (x86)\TiVo\Desktop\TiVoServer.exe" [2009-11-02 2195160]
"TivoTransfer"="c:\program files (x86)\TiVo\Desktop\TiVoTransfer.exe" [2009-11-02 604888]
"TivoNotify"="c:\program files (x86)\TiVo\Desktop\TiVoNotify.exe" [2009-11-02 430808]
"TranscodingService"="c:\program files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe" [2009-11-02 856280]
"RayV"="c:\program files (x86)\RayV\RayV\RayV.exe" [2010-06-28 2561320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
"MDShell"="c:\program files (x86)\Mediafour\MacDrive\MDShell.exe" [2000-04-19 77824]
"Omnipage"="c:\program files (x86)\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"PDF Maker Pilot (demo) printing agent"="c:\program files (x86)\PDF Maker Pilot Demo\pmpagentd.exe" [2007-06-19 90112]
"SoundMan"="SOUNDMAN.EXE" [2002-10-28 47104]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"IgfxTray"="c:\windows\SysWOW64\igfxtray.exe" [2002-10-16 155648]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"PDFHook"="c:\program files (x86)\Nuance\PDF Professional 5\pdfpro5hook.exe" [2008-07-31 795936]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Professional 5\RegistryController.exe" [2008-07-31 58656]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2007-03-26 210472]
"Nuance PDF Professional 5-reminder"="c:\program files (x86)\Nuance\PDF Professional 5\Ereg\Ereg.exe" [2007-08-31 328992]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"ArcSoft MediaImpression Monitor"="c:\program files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [2010-07-20 80384]
"PowerPanel Personal Edition User Interaction"="c:\program files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2010-04-10 316864]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-03-17 1059984]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\users\st\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smartsync.lnk - c:\program files (x86)\Smartsync WM100\Smartsync.exe [2006-5-26 2031616]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2009-12-17 1795488]
HP Button Manager.lnk - c:\program files (x86)\HP\Button Manager\BM.exe [2009-9-24 249856]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Magic-i.lnk - c:\program files (x86)\ArcSoft\Magic-i 3\Magic-i.exe [2009-9-24 530944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-25 05:49]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-25 05:49]
.
2012-07-09 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2012-06-01 18:22]
.
2012-07-08 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]
.
2012-07-07 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2006-11-02 09:45]
.
2012-07-08 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-03-17 03:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-03-17 03:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-03-17 03:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-11 178712]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1659816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append the content of the link to existing PDF file - c:\program files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Download with Xilisoft YouTube to iPod Converter - c:\program files (x86)\Xilisoft\YouTube to iPod Converter\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 5.11 - c:\program files (x86)\Nuance\PDF Professional 5\cnvres_eng.dll /100
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: providence.org\email
Trusted Zone: providence.org\vendoraccess
Trusted Zone: providence.org\vendors
Trusted Zone: providence.org\www
TCP: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab
DPF: {55E515F7-0FA2-4610-874E-028107E766A3} - hxxp://www.providence.org/eprsup/eWebEditPro2/ewebeditpro3.cab
DPF: {7B1A430D-F9B9-11D3-A435-0050DA5D9D44} - hxxp://www.providence.org/eprsup/eWebEditPro/eWebEditPro.CAB
DPF: {E43DF60D-D6FA-42AB-921C-FE0A023C5BE1} - hxxp://www.ektron.com/ewebeditpro2/ewebeditpro.cab
DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} - hxxp://store.valueweb.com/storeadmin/utilities/pssbedit.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\st\AppData\Roaming\Mozilla\Firefox\Profiles\7sc0d3zs.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-ActiveTouchMeetingClient - c:\windows\DOWNLO~1\atcliun.exe
AddRemove-SLABCOMM - c:\windows\SysWOW64\uninstall.exe
AddRemove-Windows Media Format Runtime - c:\program files (x86)\Windows Media Player\wmsetsdk.exe
AddRemove-TiVo Photos 2.0 - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files (x86)\MySQL\MySQL Server 4.1\bin\mysqld-nt\" --defaults-file=\"c:\program files (x86)\MySQL\MySQL Server 4.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1528118550-3384070800-3959885862-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CB61FE6-A140-AB00-5A02-EF0F7FD4F4AC}*]
@Allowed: (Read) (RestrictedCode)
"iaaacfnkpnacijolje"=hex:6a,61,65,62,67,6b,63,6e,6e,69,62,68,62,70,64,64,6f,64,
6c,69,00,02
"hagpmfagdgedjkln"=hex:6a,61,65,62,6f,66,6b,6f,6c,65,70,64,6f,6d,69,66,70,6a,
70,6c,00,00
.
[HKEY_USERS\S-1-5-21-1528118550-3384070800-3959885862-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A3622A7C-DD09-5519-6FEF-252C177D087B}*]
@Allowed: (Read) (RestrictedCode)
"oaeilhfeiijonkpplkiifoijemkban"=hex:6b,61,61,6e,6e,63,6a,62,62,6e,64,63,68,6b,
66,6c,69,67,68,6d,6b,68,00,e6
"nakgjbeodnlbjbnhhmfjbpmochoc"=hex:6b,61,61,6e,6e,63,6a,62,62,6e,64,63,68,6b,
66,6c,69,67,68,6d,6b,68,00,e6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3DA165B6-CC41-11d2-BDC6-00C04F79EC6B}\ProgID]
@Denied: (A) (Everyone)
@="{E3C0C89F-CF5D-4100-8E0E-1881E7E2FF00}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3DA165B6-CC41-11d2-BDC6-00C04F79EC6B}\Version]
@Denied: (A) (Everyone)
@="{E3C0C89F-CF5D-4100-8E0E-1881E7E2FF00}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8D8763AB-E93B-4812-964E-F04E0008FD50}\Version]
@Denied: (A) (Everyone)
@="{8D8763AB-E93B-4812-964E-F04E0008FD50}"
"{21701DD0-9D7E-43f7-A1B2-E92ED6E90A51}"=hex:7c,0a,c1,fe,56,62,a6,c8,7a,7e,9a,
75,cd,7b,16,9e,42,29,2c,b3,40,64,47,57,b5,07,c7,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
c:\program files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe
c:\hp\HPEZBTN\HPBtnSrv.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\ArcSoft\Magic-i 3\uMgiSvr.exe
c:\program files (x86)\Nuance\PDF Professional 5\PDFProFiltSrv.exe
c:\program files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
c:\program files (x86)\Dantz\Retrospect\retrorun.exe
c:\progra~2\Dantz\RETROS~1\wdsvc.exe
c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe
c:\windows\SOUNDMAN.EXE
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\program files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe
.
**************************************************************************
.
Completion time: 2012-07-08 21:23:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-09 04:23
.
Pre-Run: 282,194,931,712 bytes free
Post-Run: 282,426,658,816 bytes free
.
- - End Of File - - 00D6D531418B827AB7940CB6ABD6427A

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:22 AM

Posted 09 July 2012 - 12:07 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 ndbleep12

ndbleep12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 09 July 2012 - 12:12 AM

I already have these on my desktop from previous procedures. Should I delete and redownload, or run from current desktop versions?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users